why should it be important to an enterprise it department to have full control and certainty over the state of identity and access related data in the company? what kind of data analysis do you need to gain control and certainty over the state of your company's data? is this all a big hype to warm up the market or are we facing a real problem here? what - by the way - is "compliance"?i think i stated earlier in this blog that i spend my first five years at novell in consulting and delivered tens of identity management projects. one thing that always amazed me was how quickly user experience was put over security. i guess everybody has realized by now that security has its price and it usually does not only come in the national currency for software licenses and service fees but also in the form of opportunity costs from more complicated user interfaces, processes and hardware.
i also found that larger corporations were more security sensitive than smaller corporations and the same is for richer versus less rich corporations. i got the impression that security is a luxury good that not all companies could or wanted to afford. an article in the costco connection made it very clear where this can lead to: universities very often don't have the same budget as larger corporations and therefore have become a - or i should say THE - preferred target for hackers around the globe. identity theft starts with any kind of identity information being stolen. it's not just your records at your bank that have to be protected. hackers get what they need from numerous sources.
ok, that was a lot of blabla you heard a hundred times already. if you heard it already for a hundred times, i would like to pick your brain and learn from you what actions you have taken to secure your data and you monitor that your actions are effective. i leave it up to you to hope it was only a hype or to believe it is a trend.
usually people associate the word compliance with government regulations like Sarbanes Oxley, HIPAA or 508. but compliance starts long before that. compliance starts where you want it to start. you define rules and strategies how your data should look like to serve its purpose (security related or other). monitoring your data and detecting rule violations is what allows you to find out whether your data is in compliance with your own regulations. if your data and processes can't follow your own rules, how can it be expected to follow the rules of a complex regulation?
last year at brainshare we showed you a new tool to gain control over your data. six months later, the develpment team releases milestone 0 of a new product called enforcer for novell identity manager. read more about enforcer 1.0m0. m0 is only the first step in enforcers developmen cycle. help us identify whether we are on track and give us your feedback.