Novell Adds More Self-Service To ID-Management Software

Dec. 8, 2005
Novell system appeals to needs of Sarbanes-Oxley, data systems controls

The ability to track and report on who's using your IT systems and how those systems are being used is crucial for companies that need to comply with new rules and laws governing data security. While the increased use of heterogeneous systems and directories has complicated identity management, big changes are taking place in the market to help companies get a grip on important information that defines employee access and user privileges.

Novell this week will introduce a new version of its Identity Manager software that automates user provisioning and makes the application easier to use, as other software companies have expanded their ID-management portfolios through a frenzy of acquisitions. These changes mean businesses will be able to get more of their directory, authentication, Web-access management, and provisioning capabilities from the same vendor, but it doesn't mean that identity-management technology is progressing into new areas, such as managing biometric data.

In a move to make its ID-management offering easier to use for nontechnical users, Novell later this month will begin shipping Identity Manager Version 3, which lets IT departments delegate more responsibility to business managers and users by adding an intuitive user interface and automatically routing self-service provisioning requests. A manager also can use new workflow capabilities to specify a co-worker as a proxy when that manager is out of the office or unable to approve a request in a timely manner. Another feature lets IT departments simulate how new provisioning policies will affect users before those policies are implemented.

Novell's additions appeal to Georgia State's Jeffrey Johnson.

Novell has offered self-service capabilities related to passwords before, but "system-access self-service is a whole new ball game," says Jeffrey Johnson, software systems engineer lead for Georgia State University's computing and communications services. The school is testing version 3 but has been using version 2 for the past year to provision new users and synchronize user data among different systems and directories.

Novell's moves come on the heels of several ID-management acquisitions, including Hewlett-Packard's planned buy of Trustgenix Inc. for an undisclosed amount, unveiled last week. The acquisition is expected to take place by year's end. It will let HP integrate Trustgenix's federated identity-management software, which supports Security Assertion Markup Language and Liberty Alliance Project standards, into HP OpenView so users can securely access data residing on different systems.

HP looks to expand its position in the identity-management market through acquisition, just as Oracle did last month when it bought Thor Technologies Inc., a developer of cross-platform provisioning tools, and OctetString Inc., a supplier of virtual-directory software. These came a few months after Oracle's March acquisition of ID-management software vendor Oblix Inc. Meanwhile, CA last month introduced CA Identity Manager, which is largely the product of CA's November 2004 acquisition of Netegrity. Identity Manager is part of CA's eTrust Identity and Access Management Suite, which includes Web access control, enterprise single sign-on, identity administration, user provisioning, user directory, identity federation, and Web-services security. Cryptographic hardware and software maker nCipher plc also jumped into the market last month, buying Abridean Inc., a user-management and provisioning software company. "The need for businesses to meet regulatory requirements is the motivating factor for a lot of investment in identity-management technology," says Gerry Gebel, a senior analyst with consulting firm the Burton Group.

Despite all of the advancements in identity management made recently, Georgia State's Johnson would also like to see better support for biometric security devices. "You can get biometrics on a lot of systems today," he says, "but I don't see any way to synchronize data from different biometric devices the way you can synchronize a user's different passwords."