An Out-of-the-Box Business Case
Novell Identity Manager 4 Advanced Edition Ships with an Airtight Built-In Business Case
Written by Bill Tobey
As a regular Connection reader you’re probably well aware that Novell Identity Manager 4 begins shipping this month. You may have seen a demo at BrainShare, or read some of the press coverage. Hopefully you’re already thinking about a business case to justify the upgrade to your management.
The good news is the Identity Manager product team has done most of that work for you. The development of Identity Manager 4 was fundamentally driven and directed by the concerns and priorities of business and executive management. This release is a software love letter to C-level management, with an airtight business case baked into the initial requirements.
Why should identity management and user provisioning matter to management? Because they directly affect the organization's operational efficiency, compliance and security. Consider just a few statistics:
- New users often wait up to three weeks for full access to the systems and services they need to fulfill their work roles. That’s a serious productivity hit.
- Password resets account for up to 35 percent of help desk calls, and cost up to $40 per call. It adds up quickly.
- Up to 60 percent of all user accounts are invalid, because users aren’t de-provisioned promptly. Or ever.
- Access control accounts for 30 percent of enterprise development costs.
- Compliance consumes up to 25 percent of the typical IT budget.
Let’s take a look at some of the new technical features that directly address these important business issues. To be clear, we’re talking primarily about Identity Manager 4 Advanced Edition, the enterprise-class member of the Identity Manager 4 product family.
Advanced Reporting and Metrics
If there’s anything that warms the managerial heart it’s quantifiable evidence of improved performance, especially when that improvement is documented in auditable, black and white, bound and collated detail. Business-side stakeholders will swoon when they see the comprehensive suite of reporting capabilities that have been tightly integrated into the Identity Manager 4 product core.
What it is – To prime the analytical pumps, Novell is providing a variety of widely informative reports, with out-of-the-box templates that are easily customized with the included packaging tool. The new Identity Reporting Tool leverages event-driven data collection and a dedicated reporting warehouse to provide consolidated visibility into users' provisioning status changes and compliance events across physical, virtual and cloud-based resources. It effectively breaks down the walls of security silos across the enterprise. It’s also easy to import third-party reports from sources like iReport. You’ll see not only current status, but also the historical trending and forensic views—who has access to what and who authorized it—that auditors are increasingly demanding. Robust automation minimizes IT support requirements and costs with features that include graphical run scheduling, policy-based data collection, completed report distribution and storage.
The user interface provides simple, intuitive access to an overview of existing reports, their current status, and the systems under management. (See Figure 1.) A scheduling interface provides a configuration menu for defining run time, frequency and other settings. (See Figure 2.) A repository displays definitions and schedules for all existing reports. (See Figure 3.) And a calendar display shows all scheduled report runs. (See Figure 4.) Completed reports document many views of user activity, resource provisioning, access and policy events, such as a per-user record of separation of duties policy violations. (See Figure 5.)
Why it’s important to management – The new reporting functionality in Novell Identity Manager 4 Advanced Edition provides meaningful insight into your organization’s user provisioning operations. It lets you compare actual and desired access states for individuals, groups, roles or resources. It gives you the insight to increase productivity, tighten security, measure performance and reliably document provisioning events for compliance.
Policy Mapping and Integration
Defining a job role for role-based provisioning is a simple enough task, but finding and associating all the resources and permissions that ought to go with it is something else entirely. That piece of the provisioning automation puzzle retains more than enough complexity to require significant, ongoing support from the IT organization. But now there’s Novell Identity Manager 4 with Role Mapping Administrator.
What it is – Role Mapping Administrator is a new role-and-policy integration tool that automatically discovers the authorizations that can be granted on systems and services throughout your IT environment. It provides a single-pane view of all defined roles and resource authorizations. (See Figure 6.) More importantly, it lets business users—not just IT administrators, consultants or developers—map and associate roles to entitlements through a simple drag-and-drop interface. It’s a breakthrough innovation in the way identity systems are programmed, and it works across all the major IT systems that integrate with Novell Identity Manager—which now include SAP,Microsoft SharePoint and SaaS applications like SalesForce.com
Why it’s important to management – Automated, role-based provisioning is a critical element in keeping people productive as their roles and responsibilities change, keeping the environment secure in the process, and controlling the costs of compliance. Role Mapping Administrator puts access control responsibility in the hands of the business managers who understand roles and resource entitlements the best. It streamlines and accelerates the provisioning process, making an order-of-magnitude reduction in administrative time, labor and cost.
Policy Management for an Agile Organization
Whether anyone stops to think about it, today’s business organizations inevitably own and maintain a sizable investment in access control policies. But the many different systems where that policy is created and controlled all share one unstated assumption—that the organization and its resource allocation requirements won’t change significantly, or frequently. In reality, of course, large-scale change is virtually continuous, and the inflexibility of existing access controls is one of the persistent sources of friction, high cost, and slow response. Novell Identity Manager 4 Advanced Edition provides a game-changing alternative: the first systematic solution for managing distributed access control policies as high-value intellectual property.
What it is – Package Manager is a modular policy framework that contains and manages loosely connected building blocks of resource access policy, which can be developed internally or delivered as out-of-the-box content modules from Novell or other third-party providers. Package Manager makes it simple to add, modify, update or eliminate policies for any connected system. It automatically detects, notifies and resolves dependencies to eliminate unintended impacts, and tracks state changes for trouble-shooting and compliance reporting.
Why it’s important to management – Modular policy management makes it vastly easier to deploy, visualize and manage resource access policy across a large and diverse organization. More importantly, it enables swift, secure and efficient adaptation to dynamic business and regulatory environments.
Cloud-Ready Identity Management
Hosted applications and cloud-based services aren’t novelties anymore; they’re becoming essential extensions of the enterprise IT environment. Business operations are increasingly dependent on them, but until recently there’s been an inescapable and unenviable trade off. You could have applications in the cloud that were economical and instantly scalable, or applications behind the firewall that were secure, manageable and predictable—not both. Now, however, Novell Identity Manager 4 extends identity-based security and access control equally to on-site and hosted applications.
What it is – Identity Manager 4 features a cloud-ready architecture that extends identity and access control transparently across physical and virtual resources, whether located in the data center or in the cloud. New drivers offer seamless integration with SaaS and hosted solutions such as SalesForce.com and Google Apps, enabling a full complement of identity-based services—automated provisioning and de-provisioning, request and approval workflows, password changes, profile updates and detailed reporting.
Why it’s important to management – Developing the capability to securely integrate cloud-based resources into the enterprise environment isn’t just an IT strategy, it’s a business strategy—one that will be indispensable as organizations continue their adaptation to a business environment that is increasingly dynamic, global and competitive.
A Role-Sensitive User Dashboard
You can’t shift resource provisioning responsibility from IT to the business organization without giving business users the information they need in a format that supports swift, accurate decision making.
What it is – Novell Identity Manager 4 includes a new role-sensitive work dashboard that gives every business user a single, consolidated view of upcoming tasks, resource and role assignments, and the status of outstanding requests. (See Figure 7.) It provides an easily understood view of who has access to what, and eliminates the jargon gap for non-technical users tasked with resource access decisions. Built-in single sign-on support includes out-of-the-box integration with Active Directory / Kerberos ticket systems, SAML assertions and SAP logon ticket systems, eliminating the need for an external SSO tool when accessing Identity Manager 4.
Why it’s important to management – Personalized, role-sensitive work dashboards put resource access control in the hands of business users, giving them the real-time information they need to enhance productivity.
A Business Case that Practically Writes Itself
Novell Identity Manager 4 is an IT infrastructure software product that will make your enterprise and business operations demonstrably more intelligent, secure, cost-efficient, compliant and ready for the cloud. It’s a business proposition that makes bottom-line and strategic sense, straight out of the box. For more information visit www.novell.com/idm4.