I remember what I was doing on January 31st, 1999. I'm sure a lot of people do but I bet not many were doing what I was doing because I was being sick!
I was supposed to be working that night. Sitting patiently waiting for the world to end as the Y2K bug bit hard. I was a mainframe developer back in those days but I worked on a fantastic banking platform that had been Y2K compliant since its inception in the early 1980s. I was supposed to sit in work as an insurance policy. As it turned out, there were no issues. Not one. Nothing. Nada. Zero. Zilch. But I missed even that because I was driven home by my manager because of my illness.
I was reminded of this event because my O2 Connection Manager software for mobile broadband stopped working this week. On attempting to start it up, it would immediately die with no real explanation as to why it was being so fussy about doing some work on my behalf.
Of course, this week is the first week of 2010. Setting my system clock back to some date/time in 2009 enabled the O2 Connection Manager software to initialise successfully. In effect, this is the same as the Y2K bug, except it is ten years late!
Clearing out all files under "Documents and Settings/All Users/Applicatoin Data/O2CM-CE/O2 Connection Manager" resolved the issue (after I had reset my system date, of course).
So it would seem that back in the 1980s, we had a clearer idea of how to build software fit for purpose and with a view that it would still be around 20 years later. These days, code is hacked into existence and wobbles at the first sign of any kind of change. How depressing.
In a world where technology is supposed to make things simpler, why is it that the world seems to be more complicated? This blog is made up of the ramblings of an IT Security Consultant specialising in IBM Security software with a heavy focus on IGI, ITIM/ISIM, ITAM/ISAM and ITDI/ISDI. All opinions expressed are my own and have nothing to do with any employer past or present. I hope you find them useful.
Thursday, January 07, 2010
Monday, January 04, 2010
Identity & Access Management Predictions For 2010
I should point out that I am not psychic. I haven't found a way to see into the future just yet. (If I had managed to do that, I'm quite sure I wouldn't be writing this article!)
Identity and Access Management has promised much in recent years and in the case of Identity Management, the promise has yet to be realised in a lot of deployments. I hear potential customers making claims that there has never been a successful identity management project and any organisation intent on attempting to realise the benefits of such a project are doomed.
Thankfully, I have been involved in many successful deployments that have realised some, if not all, of the anticipated benefits. The problems I've seen have typically been political issues rather than technical issues. Does that sound familiar?
It would seem to me that there is a disconnect between what technology can offer, what businesses can afford and the political will-power to ensure that an IAM programme will succeed. Which brings me on to my predictions...
1. Ding-Ding - Round 2
The early adopters of IDM technology went through the pain and heartache of spending big on new technology in an effort to leverage their legacy technology in the "always connected" world. Their 18 month programmes a number of years ago are probably starting to provide some benefit around about now and the political collateral required to leverage their infrastructure will be in place because it has become too darn expensive to rip out all that kit that was deployed all those years ago. In other words, the initial hype surrounding the technology that was followed by disillusionment is now starting to pay for itself.
The rotation of staff around the various enterprises that exist will ensure that every enterprise now has "someone" in their team who has been involved in a successful IDM deployment. These people will become crucial in pushing their new employers down the path of embracing IDM as a workable solution.
2. Risk
I'm on thin ice with this one but the days of locking down everything because a manual said it could be locked down are disappearing. We used to live in a world which had adopted the 80/20 rule. An 80% delivery rate on a project was usually enough to get businesses working effectively and the remaining 20% was usually too expensive and made a mockery of the original business case. I see those days returning. For example, a two-factor authentication system for high-net worth banking users or treasury departments may be a great idea bearing in mind the risk of a security breach for either user but such a system may not be necessary for the thousands of people who only have a few coppers in their deposit account.
The same rule can be applied within the enterprise as well. Do we want to lock-down our enterprise systems to the point where they become difficult to use? Do we want our users fed-up with the tedium of trying to do their job with a system that seems hell-bent on preventing them to do so?
IT Security professionals will finally find the word pragmatism in their dictionary and understand that they are there to help rather than hinder.
3. Personal Ownership
For many, the notion of an Identity Management System may seem crazy. Surely it is up to the individual to manage their identity properly rather than delegate such responsibility to a "system". 2010 will see IT users taking ownership of their identities (and not just those binary-speaking geeks we all like to poke fun at). Real people performing real duties in the real world will start to take more care of their online persona. Facebook and Twitter have become vital tools - they are no longer being used to merely jabber on about what was on television the previous night!
Most people are sensitive about how others perceive them. Now is the time to protect our online personae. It is time to manage our own identities.
4. Compliance
Enterprises need to demonstrate that they have control over their processes. In a nutshell, that seems to be what Sarbanes Oxley is all about. How an enterprise demonstrates their control, however, is up to the enterprise. Quill and Parchment record keeping may actually suffice.
There are tools available which can help an enterprise keep control over its systems. Identity Management systems typically look after the provisioning aspect of a system and can certainly be beneficial in achieving compliance. But what about those systems that aren't managed by such a clever tool? Log file scraping and database dumps can provide an auditor with the necessary data to determine how an application is being managed but unless she is super-human, she will need an analysis tool to help her make sense of the information.
Compliance has always been a tricky topic because there are legacy bespoke systems which contain data that nobody else on Earth could possibly understand. How do you build a tool capable of analysing information from every possible application without major customisation and significant up-front consultancy fee hell. How can "SOX IN A BOX" be achieved?
This year should see the major vendors of IDM solutions attempt to address this area.
5. The Cloud
I've written about "The Cloud" before and 2009 has already seen a quickening in pace of Cloud Services and IDM solutions specifically for The Cloud. I can see one or two niche players operating in the "IDM proxy" world being gobbled up by the big boys.
Until now, enterprises have attempted to manage access to The Cloud from within their perimeter. 2010 will see the start of a mirror-imaging of this approach, ie The Cloud will start to manage access within the enterprise.
Conclusion
The above five predictions are safe bets, to be honest. All of these things are already happening so I guess my predictions aren't really predictions. Maybe they are "realisations"? This year will be the year that the IT user base will become more aware of the above.
Identity and Access Management has promised much in recent years and in the case of Identity Management, the promise has yet to be realised in a lot of deployments. I hear potential customers making claims that there has never been a successful identity management project and any organisation intent on attempting to realise the benefits of such a project are doomed.
Thankfully, I have been involved in many successful deployments that have realised some, if not all, of the anticipated benefits. The problems I've seen have typically been political issues rather than technical issues. Does that sound familiar?
It would seem to me that there is a disconnect between what technology can offer, what businesses can afford and the political will-power to ensure that an IAM programme will succeed. Which brings me on to my predictions...
1. Ding-Ding - Round 2
The early adopters of IDM technology went through the pain and heartache of spending big on new technology in an effort to leverage their legacy technology in the "always connected" world. Their 18 month programmes a number of years ago are probably starting to provide some benefit around about now and the political collateral required to leverage their infrastructure will be in place because it has become too darn expensive to rip out all that kit that was deployed all those years ago. In other words, the initial hype surrounding the technology that was followed by disillusionment is now starting to pay for itself.
The rotation of staff around the various enterprises that exist will ensure that every enterprise now has "someone" in their team who has been involved in a successful IDM deployment. These people will become crucial in pushing their new employers down the path of embracing IDM as a workable solution.
2. Risk
I'm on thin ice with this one but the days of locking down everything because a manual said it could be locked down are disappearing. We used to live in a world which had adopted the 80/20 rule. An 80% delivery rate on a project was usually enough to get businesses working effectively and the remaining 20% was usually too expensive and made a mockery of the original business case. I see those days returning. For example, a two-factor authentication system for high-net worth banking users or treasury departments may be a great idea bearing in mind the risk of a security breach for either user but such a system may not be necessary for the thousands of people who only have a few coppers in their deposit account.
The same rule can be applied within the enterprise as well. Do we want to lock-down our enterprise systems to the point where they become difficult to use? Do we want our users fed-up with the tedium of trying to do their job with a system that seems hell-bent on preventing them to do so?
IT Security professionals will finally find the word pragmatism in their dictionary and understand that they are there to help rather than hinder.
3. Personal Ownership
For many, the notion of an Identity Management System may seem crazy. Surely it is up to the individual to manage their identity properly rather than delegate such responsibility to a "system". 2010 will see IT users taking ownership of their identities (and not just those binary-speaking geeks we all like to poke fun at). Real people performing real duties in the real world will start to take more care of their online persona. Facebook and Twitter have become vital tools - they are no longer being used to merely jabber on about what was on television the previous night!
Most people are sensitive about how others perceive them. Now is the time to protect our online personae. It is time to manage our own identities.
4. Compliance
Enterprises need to demonstrate that they have control over their processes. In a nutshell, that seems to be what Sarbanes Oxley is all about. How an enterprise demonstrates their control, however, is up to the enterprise. Quill and Parchment record keeping may actually suffice.
There are tools available which can help an enterprise keep control over its systems. Identity Management systems typically look after the provisioning aspect of a system and can certainly be beneficial in achieving compliance. But what about those systems that aren't managed by such a clever tool? Log file scraping and database dumps can provide an auditor with the necessary data to determine how an application is being managed but unless she is super-human, she will need an analysis tool to help her make sense of the information.
Compliance has always been a tricky topic because there are legacy bespoke systems which contain data that nobody else on Earth could possibly understand. How do you build a tool capable of analysing information from every possible application without major customisation and significant up-front consultancy fee hell. How can "SOX IN A BOX" be achieved?
This year should see the major vendors of IDM solutions attempt to address this area.
5. The Cloud
I've written about "The Cloud" before and 2009 has already seen a quickening in pace of Cloud Services and IDM solutions specifically for The Cloud. I can see one or two niche players operating in the "IDM proxy" world being gobbled up by the big boys.
Until now, enterprises have attempted to manage access to The Cloud from within their perimeter. 2010 will see the start of a mirror-imaging of this approach, ie The Cloud will start to manage access within the enterprise.
Conclusion
The above five predictions are safe bets, to be honest. All of these things are already happening so I guess my predictions aren't really predictions. Maybe they are "realisations"? This year will be the year that the IT user base will become more aware of the above.
Subscribe to:
Posts (Atom)