In my last post, I talked about Jeff Bardin’s excellent session about the reality of successfully deploying an enterprise IAM infrastructure. During his session, he touched upon one of the more interesting problems that we see in enterprises today – the “Model-As” problem. Jeff was referring to a practice that is very common in a
I attended a session titled “Delivering Security Integration with Compliance” by IBM’s Stuart McIrvine. During the session, he laid out the various governance frameworks for IdM (SOX, COSO and COBIT among others) and detailed how IBM’s Tivoli family of IdM products could be used to implement them as part of an IdM practice. As he
One of the philosophies at Thor (that we have proudly carried over to Oracle) is our commitment to building products that deal with the dirty realities of our customer’s deployment needs, instead of living on some idealized plane. Getting there requires a lot of input from our customers. This week, our Product Management team is doing a customer
Attestation (aka Re-certification aka Periodic Review) is one of the latest must-have’s in the world of compliance-driven IdM (if you know of another name it goes by, please share). It essentially refers to the management practice of periodically checking and certifying that only the individuals who need certain access privileges have those access privileges. Here