The new version of Tivoli Identity Manager just launched by IBM has features that improve role management and which combined with separation of duties should improve the effectiveness of enterprise ID management schemes.
The enhancements made for Tivoli Identity Manager 5.1 gives “organisations unprecedented visibility and control over data and the people who have access to it,” IBM said.
The new features allow security administrators to more easily implement definitions for access control policies. This ensures entitlements are defined at the right level in the role hierarchy.
One major reason organisations have had to focus on roles in recent years has been the need for compliance with legislation such as the US Sarbanes-Oxley Act (SOX).
SOX requires, for one thing, that users’ access rights should be validated to prevent access to information or resources that are inappropriate for their individual job. This has become known as enforcing separation of duties.
Using roles as the basis for identity-driven access rights can allow managers to check the rights of those employees for which they are responsible, and spot anomalies.
This is especially likely to arise during a downturn when employees are more likely to change roles, and the organisation neglects to disable access rights that were only appropriate to the former role.
“What our clients need – and what IBM is intent on delivering – is security technology that manages which people have access to certain information in a way that clearly follows defined roles and responsibilities within an organisation’s policies,” said Venkat Raghavan, director of security, risk and compliance for IBM Tivoli.
The new software includes some improved access rights recertification that provides more granular, auditor-friendly details for compliance and policies can be easily configured using wizards and templates.
With this new version, IBM claims to be distinguishing itself from competitors that require the purchase of separate products to deliver equivalent capabilities.
