Atlassian is an Aussie company more famous for the Confluence Wiki and Jira bug tracking software than Crowd – their IdM product suite (if being generous) / stack of identity stuff (more on target).
Crowd includes an .NET SSO application framework (think raw web access management), some basic provisioning and OpenID integration. I heard about this great news last week and promptly forgot until I read the latest Slattery’s Watch email (company here, subscribe here)a few minutes ago. Since I’m lazy, here is their take verbatim (where’s the RT button??):
Atlassian has received a USD $60M investment from venture capital firm, Accel Partners for a minority equity position. Rich Wong, Partner at Accel Partners, will join Atlassian’s board. On the Atlassian blog, Mike Cannon-Brookes said that after being courted for years by many investors, Accel stood out because they understood Atlassian’s culture and values. Atlassian was co-founded in 2002 by Mike Cannon-Brookes and Scott Farquhar in Sydney, has been profitable since its inception, and until this round has received no outside financing. Mike and Scott will continue as co-CEOs of Atlassian. Atlassian has 225 employees based in Australia, North America and Europe. The funds from Accel will help expansion plans into Europe and Asia and to facilitate liquidity for employees.
And hopefully some more home grown idm.
News
accel partners, crowd, slatterys watch, SSO, WAM
Just saw an article over on Network World that Quest Software just bought ActiveEntry from Volcker Informatik AG. From a brief skim of the website, ActiveEntry looks like a heavily MS centric provisioning / workflow system – which sounds quite similar to Quest’s existing Active Roles server product. I haven’t had the chance to play with either technology, but I’ve come across a few companies in Australia running Active Roles server. I imagine Volcker is more active in Germany and Europe, hence a lower profile in Aus.
Dave Kearns’ original article on Network World also mentions they’re a player in the Gartner Magic Quadrant – in the visionaries quadrant which is quite good. I double checked the 2010 user provisioning quadrant thanks to Oracle here. Some of the comments on Volcker to save you a search were:
In the Visionaries quadrant, Volcker Informatik demonstrated noticeable improvement, partly due to:
- Significant innovation in its vision and approach to provisioning
- Improved servicing of its clients (predeployment and post-deployment)
- Its expanded partner base and expanded reach outside Germany
and
German-based company Volcker Informatik has made notable movement in the area of completeness of vision. It consistently provides a combination of innovative architectures and features, as well as a high-touch customer model, to deliver in a number of quality, low-maintenance solutions.
Given the overlap between the products, I’ll be keen to see if / how they’re integrated. On my superficial read of both product sites (emphasis on superficial) I’d say ActiveEntry provides ActiveRoles a shot in the arm for connectors, SPML capability and a virtual directory. There doesn’t seem to be anything around identity analytics.
Regardless, its good to see some investment in the identity space.
Identity and Access Management
microsoft identity, quest, SPML, takeover, virtual directory, Volcker
A little askew of idm, but of industry relevance, Japanese telco NTT has made a $3.6 billion offer for global IT services firm Dimension Data. What’s the relevance you may ask? Well in 2007 Verizon made a similar move and bought Cybertrust for its security consulting, assessment and managed security services starting the transformation to a services company (ala IBM?). DiData also provides similar security services, though possibly not as many or as much (feel free to correct me if required guys). Disclosure: I work for the integrated Cybertrust at Verizon Business in Hong Kong.
What Dimension Data (aka DD or DiData) does have is a far more extensive IT systems integration capability than the old Cybertrust, which might make a more natural transition for a Telco. Its probably going to be easier for the NTT sales guys, used to selling pipes and telco kit, to understand how to sell IT kit / boxes/ networking thingies than perhaps managed security services and ‘x’ days of vulnerability assessment.
However, if NTT are thinking of doing another Telstra and buying an integrator (Kaz) to work on internal projects, this could go pear-shaped very quickly.
And linking it back to Idm, DD deploys Microsoft Forefront Identity Manager, Quest ActiveRoles, Imprivata SSO and others.
More coverage -> Ovum not so sure on the takeover
This will definitely be interesting!
News
didata, ntt, telco
Microsoft announced at the RSA conference that they’re shipping (finally!) the GA version of Microsoft Forefront Identity Manager (FIM) 2010.
We recently deployed an early adopter release of FIM here to synchronise accounts between the various Active Directories in different parts of the organisation and our Lotus Notes infrastructure. That project was kind enough to invite me to sit in on their FIM training course and I was pretty impressed with the product overall.
To get some basic syncronisation happening between a SQL database and an AD in the lab tutorial was actually a very straight forward and easy process – which seemed to be a lot more straight forward to me compared with the older Tivoli Identity Manager and CA Identity Manager products I’ve worked with in the past. This isn’t really a fair comparison though as I’m comparing those older versions which have probably moved on to Microsoft’s brand spanking new version.
There aren’t as many connectors available with FIM compared to other products on the market, which you sort of expect from a Microsoft centric product (duh, its written by Microsoft). However, it does have very nice, slick out of the box connectors and integration into Microsoft datastores (AD, ADAM, SQL) which you’d expect.
The other main differentiator I feel for FIM would be the GINA extension for Q&A type forgotten password reset. Historically, GINA extensions have been a cross your fingers and hope it doesn’t break affair. With FIM, I would have a higher expectation that this is no longer the case. At least you’d have 1 throat to choke if an MS patch doesn’t play nice with the GINA.
My personal feeling is that we’re approaching a time where large organisations have multiple provisioning solutions catering for different systems. We’re moving away from wanting to pay large $ to integrate and retro-fit identity solutions into business apps. Why not have a Microsoft platform to seamlessly provision into Microsoft apps and an Oracle platform to do the same for Oracle apps? Of course there’s an operational impact but you buy time to market and reduced complexity (within those integrated apps – probably not when the provisioning engines need to talk to each other). Anyone got some thoughts on this?
Identity and Access Management
FIM, forefront, idm, microsoft, provisioning
I’ll have to look into this further, but it looks like Novell are providing some toolkits to embed identity and access management into internally developed web apps and for those companies building cloud computing apps.
http://www.arnnet.com.au/article/328877/novell_vows_first_identity_management_cloud_virtualized_apps?eid=-100
The upcoming Novell Identity Manager 4 will add the new ability for IT managers embed identity management and other security features into both Web-hosted and virtualized apps, Novell CEO Ron Hovsepian said in an interview last week.
Novell Identity Manager 4 will arrive by the middle of next year. That will work closely with Novell Cloud Security Service, also due in 2010, in order to extend identity and security policies onto apps and data hosted in the cloud.
Not sure if they can really be considered the first to provide these products since Microsoft has had Geneva (now Windows Identity Foundation – WIF) for a while, as well as the multitude of open source IdM toolkits available.
Network world has some good coverage of Microsoft’s WIF announcement.
Cloud Computing, Identity and Access Management
So, Westpac and CBA have introduced SMS One Time Passwords (OTP) to provide second factor authentication (2FA).
I bank with CBA (email address on my About link, phishers) and its good to see them finally introduce additional security measures – especially after reading articles for the past 12 months describing how CBA customer credentials are the most trafficked of any Australian bank.
I’ve registered for netcode. Please look into it if you bank with CBA.
Uncategorized
Not bad, 3000ft view, approach to getting IdM initiatives off the ground posted over on cio.com.
Four steps to self-funding identity management
Plagiarising Chris with my own 2c, here are the major steps:
1. Education: Identify the key business problems you need to solve.
[AB] In large organisations, there are always people feeling the pain from poor identity life-cycle management practices. You should go and find them – they might even have money. At least you then have ‘real evidence’ of the problem which is good for the business case.
2. Discovery: Identify the business and technical context where labor is being expended and where automation will yield significant returns. For example, are you divesting or growing your staff? Are you retiring infrastructure?
[AB] This is interesting as many organisations don’t seem to worry too much about soft costs such as efficiency if your help desks and access processes are fulfilled internally. However, you might be able to get some big wins if there is a ‘hard cost’ such as where your help desk is managed by a 3rd party and there is a cost per call.
3. Planning: Outline the following:
a. Financial Policies and Constraints: What does it mean when the CFO says “no new projects”? Does he mean no improvements, or no incremental expense or cash funding is available? What are the policies for capitalization? When do you need to attain efficiencies to offset expense without impacting different types of budget cycles?
Read the full article at http://advice.cio.com/chris_sullivan/four_steps_to_self_funding_identity_management
Identity and Access Management
Wow. CA has made some major cuts to its local research and development workforce.
There’s surely going to be some impact to their IAM products as a few notable pieces are developed out of Melbourne such as Identity Manager (parts of it anyway), Directory and SOA Security Manager (did this used to be transaction minder?).
Being ex-ca I know a few of the people affected, so good luck guys and I hope you land on your feet.
Uncategorized
For those of us or with clients running Sun Identity Manager, there are 9 vulnerabilities addressed in the latest patch. The affected product versions include:
- Sun Java System Identity Manager 7.0
- Sun Java System Identity Manager 7.1
- Sun Java System Identity Manager 7.1.1
- Sun Java System Identity Manager 8.0
Check the IT News article here and the original Sun Alert here for more information. Happy Patching!
Uncategorized
We’re living in interesting times. With share prices at an all time low for many tech giants, its a great time to go company shopping if you’re big and cashed up. I remember the days when Sun IM was the beez neez of provisioning and identity life-cycle management and IBM Tivoli IM still shipped with “broken equals on” (not my quote).
Nowadays, the world of IAM and their vendors is a very different place. If you read reports published by Gartner, Forrester, et al there isn’t a great deal of difference between the different product suites. In fact, having worked with IBM, CA and Sun suites in the past, I’d confirm this from my own experience. IAM is becoming commodity technology.
Just in case you don’t believe me and still believe “<insert product choice here> is the best” the 2008 IAM reports from Gartner show IBM’s Tivoli Access Manager products are only mildly ahead in the Web Access Management Magic Quadrant, while they’re almost neck and neck in the User Provisioning Magic Quadrant.
So if IBM buys Sun, what will they do with the competing product stacks? IBM will have a few options I bet you would never guess:
- Merge the product suites
- Kill some off
- Keep both
Number 3 is the least likely to me (obviously). Could you imagine the cost of supporting multiple code based? This will be even more interesting as the Sun suite is almost entirely open source now as IBM will never be able to truly remove a competing technology. However, owning (at least in principle) both technology suites would make IBM the un-disputed leader in installed IAM technology worldwide. But will that be enough to stop the rise of Oracle?
Anyway, I hope the Sun kit still works after they “blue wash” it. 
Identity and Access Management, Uncategorized
IBM, sun