Archive for the ‘Virtual Directory’ Category

Putting the Practical Back in IAM

Wednesday, June 16th, 2010

2353470227_cf37943a16-1Let’s face it: explaining Identity & Access Management to a layperson isn’t easy. How often do those of us who work in the space respond to the simple question “so what do you do?” at a cocktail party or a family event, only to see that familiar glazed-over expression less than 30 seconds into our reply? IAM is a space that’s prone to acronyms and cryptic concepts: SSO, virtual directory, WAM, federation, SAML, LDAP, etc. Of course, the issue here is not so much that these concepts are over your grandmother’s head. The problem comes when your grandmother is a high-level executive trying to figure out how IAM is going to provide significant ROI for her company. As product and service providers in this space, we’re the ones responsible for making the practical case for Identity & Access Management. My belief is we could all be doing a better job of this.

The inspiration for this post was a recent interview conducted with Dieter Schuller, VP of Business Development for our partner Radiant Logic. The interview covers its own fair share of acronyms and concepts, most of which are at the core of what this blog’s readership does for a living. But eventually it shifts into a practical (and very powerful) example of what identity correlation can do for a business, courtesy of Dieter:

For example, we just worked with a major electronics company, where they started with access management, single sign-on, delegated administration, but they wanted to make their portal a much better experience so when the user logged in, rather than just serving up products, the idea is you know enough about me because you have an order entry system that tracks what I bought online, you have a product registration system that tracks what I bought offline, you have a product database so you know that I bought a camera and now you should try to sell me a camera case.

They actually took it a step further and actually integrated it to their partner systems as well. They have a relationship with Facebook, for example, and, for that particular identity, started to look at what their movie and music preferences are and serving up content based on that.

Take a step back and think of what this interview would have meant to a non-IAM professional had it not included this real-life scenario. I think it would have led to multiple Google searches to define MDM, CDI, virtual directory, etc, if the reader had the time. Instead the reader comes away thinking about what this technology meant to an electronics company and how this might help his/her own business. In the real world this can mean the difference between a company becoming a prospect, and a prospect becoming a client or a customer.

“For example” can be powerful words in the context of security technology. We need more for examples in this space, not less. Have you seen examples of IAM companies providing practical real-world descriptions of how their products and services are being leveraged? If so, please share in the comments!

Tags: , , , , , , , , , , , , , , ,
Posted in Identity and Access Management, Virtual Directory | No Comments »

3 Building Blocks for Managing Cloud Applications

Monday, March 29th, 2010

header

Now that my webinar with Mike Donaldson and Lisa Grady is over I wanted to post up some additional information and also a video of the working demo. Thanks to Ping Identity and Radiant Logic for working with us on this demo.

Overview:

As a recap of the demo scenario, our theoretical company, MyComany, is looking to leverage cloud-based services and their strategy is to continue to migrate a significant amout of infrastructure to the cloud. The first application they have migrated is Salesforce CRM for Sales management. After that, they plan on expanding into Google Apps, a hosted provider for time and expense submission, HR, etc. The company has an internal Enterprise Directory (LDAP) which stores Employee profile information and the sales region and list of accounts for a Sales Rep is stored in Salesforce CRM. Since not all employees have access to Salesforce, there is also an internal portal that employees use to find Sales Rep and customer information.

Since they started using Salesforce, they are noticing these main problems:

  1. Managing the provisioning/de-provisioning of internal users in Salesforce is a time consuming manual process and in one case an terminated employee was not de-provisioned correctly and wound up getting access to information they should not have been able to access as a non-employee.
  2. They have a high number of password management issues since users have a separate account in Salesforce.
  3. Certain pieces of information are managed about salespeople and accounts in Salesforce and are not visible through the portal. This limited access to information required for the distribution of new leads and to contact the correct Sales Rep in case of a customer issue.

So, they want a solution that provides the following benefits:

  1. Automates the provisioning and de-provision of users in Salesforce based upon membership in a group in LDAP
  2. Centralized view of internal user information with attributes coming from LDAP and Salesforce that can be surfaced through the portal
  3. Centralized view of customer information that shows both the information coming from Salesforce but also includes the information from the accounts payable database for the complete view of the customer
  4. Single Sign-on into Salesforce from the MyCompany Portal

Solution:

  • Ping Identity PingFederate for provisioning and de-provisioning of users based upon group membership in the salesforce group in VDS
  • Ping Identity PingFederate for Internet SSO using VDS as the LDAP directory for the Identity Provider (IdP) and Salesforce as the Service Provider (SP) using SAML

Salesforce-Provisioning

  • Radiant Logic VDS Context Edition to create a single view of the employee information with cached attributes coming from LDAP and Salesforce
  • Radiant Logic VDS Context Edition to create a single view of the customer with cached attributes coming from the Salesforce Users and Accounts tables

Virtual-Directory-Entry

For larger images, please see the slides from the presentation included below.

Results:

Once implemented, this simplified their environment and provided greater flexibility as they looked to expand into the other cloud services, minimized trouble tickets for Salesforce password resets and improved internal access to information.

Demonstration:

The following video shows the working demo which addresses the requirements above. This is just the starting point of what will eventually become a centralized hub for access to critical user and contextual data across repositories both internal to your company and also across cloud services outside of your firewall.

3 Building Blocks for Managing Cloud Applications – Video Demo

Webinar Recording:

A recording of the webinar is available on Ping Identity website. Note that registration is required.

View the Replay

I have also uploaded the slides to SlideShare so that you can more easily see the larger images:

I would love to hear what you have to say about this concept. Special thanks to Ian Barnett (Ping Identity) and Prashanth Godey (Radiant Logic) for helping to get this demo set up.

Thanks,
Todd

Tags: , , , , , , , , , , ,
Posted in Federation, Identity and Access Management, Virtual Directory | No Comments »

Webinar Recording: Identity Virtualization: Untangle Your Integration, Upgrade Your Portal, and Supercharge Your SiteMinder

Tuesday, March 23rd, 2010

Last month, Todd was part of a webinar with Dieter Schuller (from Radiant Logic) and Andras Cser (from Forrester Research) where the topic was how to simplify your CA SiteMinder implementation using Radiant Logic’s Virtual Directory Server.  Here is the video of the webinar.  As always, feedback is welcomed or contact us with any questions.

-Dave

Tags: , , , , , ,
Posted in Identity and Access Management, Virtual Directory | No Comments »

Managing Cloud Applications – Upcoming Webinar

Tuesday, March 16th, 2010

3131005845_96c65d68e2Next Thursday, March 25th at 11am EDT (UTC/GMT-5), be sure to tune in as our own Todd Clayton joins Mike Donaldson of Ping Identity & Dieter Schuller of Radiant Logic for a webinar that will focus on strategies for making your Cloud deployment successful. The webinar will focus on practical approaches for streamlining user provisioning, password management, and user management. You’ll also learn about strategies for establishing a centralized identity hub across all of your Cloud-based applications.

Cloud computing offers virtually limitless business opportunities and continues to grow at a rapid pace. In the U.S. government sector alone, Market Research Media anticipates Cloud demand to grow at an annual rate of 40% per year between 2010-2015, with expenditures exceeding $7 billion annually at the end of that cycle. But as Gartner warns, “cloud computing is fraught with security risks” which must be avoided or mitigated by organizations that choose to take this approach. This webinar will provide advice from seasoned industry veterans as you begin your planning.

Please register here: http://marketing.pingidentity.com/?elqPURLPage=27. We look forward to having you join us next Thursday!

http://www.flickr.com/photos/galego/ / CC BY 2.0

Tags: , , , , , , , , , , , ,
Posted in Identity and Access Management, Virtual Directory, events | No Comments »

SiteMinder Experts List

Wednesday, February 10th, 2010

2310866391_eef389df61_mOver the past year we’ve seen a definite rise in the number of SiteMinder conversations on social networks. Whether it’s job opportunitiestechnical issues, or SiteMinder tips, the social universe is talking about the enterprise security application we’ve all come to know and love (always love, right? ;-) ).

One thing we’ve noticed that the SiteMinder community can do a better job of is helping people to understand where to look for help with their SiteMinder needs. On the Twitter side, we’ve created a list of SiteMinder professionals who frequent that network. These are folks we’ve interacted with or accounts that tend to generate interesting links related to SSO and enterprise security.

Of course, you can also sign up and participate in our SSOhelp community.

By the way, good news for those of you who are interested in Radiant Logic VDS: there’s a list for you too! Follow our list of Radiant Logic professionals.

We’ll continue to grow both lists over time, and if you feel you should be added then feel free to drop us a line @coreblox.

http://www.flickr.com/photos/fboyd/ / CC BY-SA 2.0

Tags: , , , , , , , , , , ,
Posted in Identity and Access Management, SSOhelp.com, Social Networking, Virtual Directory | 1 Comment »

RSA Conference 2010 (a.k.a. Information Security Heaven)

Tuesday, February 9th, 2010

If you’re in the market for a security conference over the next couple of months, look no further than the big one that’s happening in San Francisco! On March 1-5 the granddaddy of all enterprise security conferences will be taking place at the Moscone Center when RSA Conference comes to town. Todd & I had the chance to visit the Moscone Center a few years back for salesforce.com’s DreamForce event, and it was a gorgeous venue. The speaker list for this year’s event looks impressive:

– Scott Charney, Corporate Vice President for Trustworthy Computing, Microsoft Corp.

– Art Coviello, Executive Vice President of EMC Corp. and President of RSA, The Security Division of EMC

– Enrique Salem, President and CEO, Symantec Corp.

– Dave Hansen, Corporate Senior Vice President and General Manager, Security Business Unit, CA Inc.

– Al Zollar, General Manager, IBM Tivoli Software

– David DeWalt, President and CEO, McAfee Inc.

– Phil Dunkelberger, President and CEO, PGP Corp.

– Philippe Courtot, Chairman and CEO, Qualys Inc.

– Herbert (Hugh) Thompson, Ph.D., Chief Security Strategist, People Security and Program Committee Chair, RSA Conference 2010

– James Bidzos, Executive Chairman, VeriSign Inc.

How’s that for a list of heavy hitters? :-)

The CoreBlox team is excited to follow the conference and hear what the future holds for some of the key technologies we service such as SiteMinder, Radiant Logic VDS, and CA Identity Manager. These gatherings are a great way to break free of the day-to-day and engage with your peers in a social setting. For more information, check out the RSA Conference 2010 registration form.

Photo courtesy of adactio on Flickr.

Tags: , , , , , , , , , , , , , , , ,
Posted in Identity and Access Management, Virtual Directory, events | No Comments »

CoreBlox.com Changes

Tuesday, January 19th, 2010

If you’re paying close attention to the CoreBlox web site (and I know you are!), you might have noticed some recent changes we’ve made to better answer that age-old question: what the heck do you guys do?? The truth is that most of our consulting work centers on some specialized enterprise security concepts and technologies that our visitors have never heard of. So to offer a little more guidance, we’ve added a new CoreBlox Technologies section. The sub-pages in this section include:

Keep watching for more changes we’ll be deploying in the coming weeks. In the meantime, we’re here to help. Please don’t hesitate to contact us if you’re in the midst of planning new initiatives, or even if you just want to bounce some ideas around. Also check out our SSOhelp community where some of the brightest minds in the security space are exchanging ideas and helping each other through tough challenges.

Tags: , , , , , , , , , , , , , , ,
Posted in CoreBlox News, Identity and Access Management, SSOhelp.com, Virtual Directory | No Comments »