In April, C/D/H presented on identity management, specifically comparing Microsoft, Novell, Courion, Oracle/Sun, and IBM. Download the slide deck for an overview of the solutions and their strengths and weaknesses. You'll also find out more about out-of-the-box vs. add-on functionality, integration capabilities, and rough cost comparisons. And last but not least, the factors in determining the solution that's right for you.

1. CDH
CDH Identity Management
April 21, 2010

2. CDH Quick Facts
About Us Approach Partnerships
• 20th Year • Vendor Agnostic • Microsoft Gold
• Grand Rapids & • Non-reseller • VMware Enterprise
Royal Oak • Professional • Cisco Premier
• 25 Staff Services Only • Novell Platinum
• Citrix Silver

3. CDH Expertise
Project Management Infrastructure P
I
C
A
Collaboration Access & Identity Management
3

4. CDH Overview
• Specific focus on enterprise identity
management
– SMB session to be offered later
• Discussion about what identity
management is and what it involves
• Project Approach and Planning
• Market Capabilities and Trends
• Vendor Comparisons and Overviews

5. CDH What is Identity Management?
• User account creation, management, and
cleanup
• Attribute synchronization
• Password synchronization
• Password self-service
• Delegated Management
• Role Management
• Single Sign On
• Privileged User Management…..

6. CDH What Identity Management Is Not
• Not a replacement for application/system
management tools (though it can minimize
the need to use them)
• Not a primary security enforcement tool
(though it can help)
• Not simple
• Not cheap
• Not able to solve world hunger

7. CDH Approaches
• Rule based account sync
– Very common first initiative
– Actions based on established rules
• Roles based provisioning
– Role mining/analysis
– Enterprise role modeling
• Workflow system
– Electronic forms and processes
– Doesn’t require systems to be connected

8. CDH Balanced Approach

9. CDH Services Infrastructure

10. CDH Initial Approach
• Get management buy in
• Analyze systems, applications, and
processes across business units
• Determine the pain points
• Determine the points of greatest risk
• Determine compliance requirements
• Determine desired process improvements
• Review current skill sets

11. CDH Vendor Selection
• Determine most suitable vendors
– Previous analysis as basis
– License agreements/Pricing
– Granular yet scalable
• Demo/POC environment
– Get the vendors/partners (wink-wink) to help
– Most can be completely virtual

12. CDH Vendor Selection Continued
• Exercise/test/play
– Feed it samples of current data
– Build representative roles
– Involve other business units
• Helpdesk, HR, others
• Workflow interaction
• Role management and assignment

13. CDH Common Mistakes
• Taking on too much at once
– Important to take it slow at first
• Failure to get upper management buy-in
– Business processes will change
• Scope creep
– “Let’s add this one simple application”
• Allowing requirements to go unchecked
– Contributes to complexity and scope creep
• Not taking the exceptions into account

14. CDH More Common Mistakes
• Not changing business processes
– Too many implementations just automate bad
processes
– Use the opportunity to revise processes
• Expectation of immediate ROI
– Initially many processes may be duplicated for
a time
• Failure to establish full testing plans
– Automated testing preferred

15. CDH More Common Mistakes
• Using the existing NOS directory as the
central ID repository
– AD/eDir is a file, print, and workstation
management directory
– It should be treated like all other connected
apps/systems
• Collapsing too much to a single directory
– Allow apps to have their own directory
– IDM allows easy management of separate
directories

16. CDH
CDH Market

17. CDH Market Trends
• User provisioning almost becoming a
commodity – everyone does it
• More emphasis is being placed on Roles
and Governance, Risk, and Compliance
(GRC) management
• Data Leak Prevention (DLP) integration
becoming more commonplace
• Organizations tending to more look at IDM
holistically

18. CDH Market Trends
• Wizards, web GUIs, business process
mapping tools, and “codeless” capabilities
are reducing implementation times
– Time to take a 2nd look
• Greater integration with partnering
technologies from other vendors
– Role management products
– SSO products
• Many acquisitions changing the landscape

19. CDH Roles
• Typically have multiple levels
– Business roles
– Permission roles
• Entitlements/resources typically assigned
to roles
• Some can be 100% based on attribute
values
• Most should allow manual assignment with
approvals

20. CDH GRC
• What is it?
• Governance
– Establishing role and entitlement policies
• Risk
– Assigning risk factors to roles and entitlements
• Compliance
– Preventing unjustified access and proving it

21. CDH GRC Example
• Risk levels are assigned to roles and
entitlements
• Increased scrutiny and monitoring applied
to higher risk roles and entitlements
• The risk levels of the roles and
entitlements assigned to a person add up
to a threat level
• Increased scrutiny and monitoring of the
user result from the increased threat level

22. CDH
CDH Vendor Comparisons

23. CDH Vendor Grid

24. Enterprise Role Management
CDH Market (Forrester)
Forrester Enterprise Role Mgmt - Feb 09

25. Enterprise Role Management
CDH Market (Forrester)
Forrester Enterprise Role Mgmt - Feb 09

26. CDH User Provisioning

27. CDH
CDH Vendor Overviews

28. CDH Microsoft
• New release – FIM
• Still way behind in the market, FIM won’t
significantly change this
• Still may be an easy choice for MS shops
with limited needs
• Can be cheaper than other solutions, but
not on an apples-to-apples comparison
• MS has stated that they want to become a
leader in the market – will take much work

29. CDH Sentillion
• Acquired by Microsoft
– Still trying to figure out how to best integrate
the technologies
– Some of the technologies directly compete
with FIM – what’s going to win?
• Healthcare focused
– Almost exclusively

30. CDH Novell
• Continues to fight the “bad” reputation of
their name
• No concern over Novell’s viability
• Extraordinary capabilities with limited
coding requirements
• Offers unparalleled platform flexibility
• IDM 4 brings strong new capabilities to the
mix – “game changers”

31. CDH Courion
• A strong suite of powerful products
• Focused specifically in identity
management technologies
• One of the earliest to offer SharePoint
integration & management
• Establishes partnerships and provides
tight integration
• Excellent rogue account management

32. CDH Oracle/Sun
• Much FUD about what the merger actually
means, not all is undeserved
• Some integration has already occurred
– Sun products being rename to Oracle xx
• Highly capable solutions
• Deep development requirements
– Do you have dedicate Java developers?
– You’ll need more

33. CDH IBM
• Shares top tier rating
• Part of the Tivoli suite of products
• XPRESS for simpler implementation
– XML based
• Like Oracle/Sun, requires pretty deep
development for more complex
functionality
• Aggressive product pricing in IBM shops

34. CDH CA
• Recently acquired Eurekify, an excellent
role mining and management vendor
• Uses Policy Xpress (sound familiar?) to
simplify policy “development”
• GUI workflow designer tool
• Also fights a bad rep at times
• Tends to ignore smaller engagements

35. CDH Other Vendors
• Too many to list!
• A number build on Microsoft solution
• Some show much promise
– EmpowerID from The Dot Net Factory

36. CDH
CDH Solution Similarities

37. CDH Commonalities
• Centralized identity repository
– Identity Vault
– Metaverse
– ID Store
– LDAP
• XML
– Config and settings files
– Transaction documents
– Rules and policies

38. CDH Common Claims
• Agent-less
– Usually means limited (AD API vs LDAP)
– MUST have an agent (client or server) for
password sync from an app/system
• GUI Builders and Wizards
– Meant to simplify development
– Provide for basic functionality
– Sometimes don’t go far enough (how do you
extend?)

39. CDH
CDH C/D/H IDM Perspective

40. CDH C/D/H Experience
• We help determine what IDM solution set
and vendor is best based on the
organization
– Sync, SSO, reporting, monitoring
– Existing relationships, budget, scope, skills
• Clients from 250 to 250,000 users
• Medium-large focus
– Most clients in the 3,000-8,000 user range

41. CDH C/D/H Experience
• Few in-house developers
– Well established developer relationships
utilized when needed
– Focus more on business process planning
• We like solutions requiring minimal
development
– Microsoft
– Novell
– Courion

42. CDH C/D/H Experience

43. CDH C/D/H Experience

44. CDH Thank You
Royal Oak Grand Rapids
306 S. Washington Ave. 15 Ionia SW
Suite 212 Suite 270
Royal Oak, MI 48067 Grand Rapids, MI 49503
p: (248) 546-1800 p: (616) 776-1600
www.cdh.com
(c) C/D/H 2007. All rights reserved