Will Smartphone apps improve our relationships?  Herman thinks so …

Do you lapse into the “Audit Eye” trance when facing a tough audit?

Oracle Identity Analytics can help … really!

During the past three weeks, I have interacted with three major customers, in industries as diverse as transportation, apparel and entertainment, that had one thing clearly in common – each saw Identity and Access Management as a fundamental, critical enabler for new business models each company is pursuing.  It is all about knowing who your customers are individually, and interacting with them in a highly personalized, tailored way, in the context of their choosing.

Today I sat through a presentation that depicted IAM in the traditional context, as something that would improve compliance, increase operational efficiency and enhance security.  While these drivers are still valid, I couldn’t help but contrast those two views.

On one hand, IAM is considered to be very defensive in nature, necessary but burdensome.  On the other hand is an innovative vision that IAM is first and foremost a proactive, offensive weapon and business enabler, secondarily a protective shield.

Can you tell where I’d rather play?

A friend from an Oracle system integrator partner shared this video with me today – a bit of humorous, unabashed promotion for the Oracle Enterprise Single Sign-On product.

So, please learn your password … or try out Oracle ESSO!

Sometimes I’m tempted to ditch my mobile phone, but frankly, I would feel naked without one. What will Ziggy do?

In the past few days, I became aware of innovations at Amazon Web Services that show how AWS continues to lead the industry in cloud computing.

The first product offering is the addition of Identity Federation to AWS Identity and Access Management Services, which gives customers:

the ability for you to use your existing corporate identities to grant secure and direct access to AWS resources without creating a new AWS identity for those users. This capability enables you to programmatically request security credentials, with configurable expiration and permissions, that grant your corporate identities access to AWS APIs and resources controlled by your business.

The second offering, “AWS GovCloud,” offers:

a new AWS Region designed to allow U.S. government agencies and contractors to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.

I find it intriguing that the same company that pioneered the industries of online book retailing and ebooks, is so innovative in cloud services and Identity Management.  Plus, I was able to order an new cordless drill from the comfort of my hotel room in San Mateo last night!  Thanks to Amazon and UPS, I think the drill will arrive Arizona before I do this week.

In the Book of Revelation in the Bible, we learn that the Sign of the Beast, or Number of the Beast, is the number 666 – “Six Hundred Threescore and Six” (Revelations 13:16-18).  I don’t pretend to be an expert on the subject, but over the years, spotting references to this number has been intriguing to me.

When I checked in online for my flight yesterday, up popped the number 666 – the number of photos in my iPhone camera roll.  Interesting coincidence? Bad omen?  Should I be worried?

No … just a coincidence, I’m sure.  I flew to Burbank and back safely.  No beastly danger this time.

But I learned something new this morning.  According to Wikipedia:

Some people take the Satanic associations of 666 so seriously that they actively avoid things related to 666 or the digits 6-6-6. This is known as hexakosioihexekontahexaphobia … A prominent example is Nancy and Ronald Reagan who, in 1989, when moving to their home in the Bel-Air section of Los Angeles, had its address – 666 St. Cloud Road – changed to 668 St. Cloud Road.

Well, that’s taking the whole 666 thing a bit far.  It makes my irrational fear of dentists (odontophobia) seem a bit prosaic.

Back on July 20th, Oracle officially announced Oracle Unified Directory 11g, although it had “unofficially” been available for download for quite some time before that date.  I was part of the Oracle Security Sales Consulting team who received training on this new product the week of July 11th, the week before the official launch.

As a former Sun Microsystems employee, it is gratifying to see Oracle leverage the excellent innovation in the OpenDS project into a full-fledged strategic product. Now, from its humble origins OUD has emerged as the “Next-Generation Unified Directory Solution that Integrates Storage, Synchronization and Proxy.”  Some key highlights include:

• Next Generation: builds on the success and wide adoption of Oracle’s existing directory services solutions with five years of continuous and innovative development to address the increasing demands on modern directory servers;
• High Volume Writes: utilizes social and location-based services to increase the frequency of changes to identity data, as well as expanding the contents to include more details, including location, images, and relationships;
• Elastic Scalability and Extreme Performance: provides a global index and data distribution capabilities to deliver unmatched elastic horizontal scalability and offers high-scale authentication performance to serve an unparalleled billions of users, subscribers and devices;
• On-premise and Cloud Computing Capabilities: controls the synchronization and virtualization of the data to make data available to cloud-based applications and systems while protecting data privacy and data jurisdiction across organizational and state boundaries;
• Smaller footprint: makes Oracle Unified Directory simple to embed and easy to deploy and manage;
• Integrated: interoperates with all components of Oracle Fusion Middleware 11g and Oracle Directory Services Plus Suite, while still providing standards support for application integration and scalable data management in heterogeneous environments. Additionally, it also integrates with Oracle Enterprise Manager for monitoring and Oracle Directory Services Manager for configuration.

By the way, I couldn’t find an OUG-specific graphic to use in this post.  Sun Microsystems was a bit more fun in that regard!

I always enjoy learning about a new Identity Management blog. Today, please joining me in welcoming Chad Russell, an Oracle colleague and good friend who hails from the great state of Arkansas, into the blogsphere.  He recently launched a new Identity Management blog, “Brave New Identity – Identity Happenings from the Field.”  His last four posts are both relevant and interesting:

• 3 Hot Trends in IDM (Part 1 of 3)
• Why Provisioning Is Really An Authorization Problem
• Auditing the Cloud
• Amazon boosts IdM offering for cloud

I’m particularly looking forward to learning what Hot Trends 2 and 3 are.

You can also follow Chad on Twitter at @chadrussell_idm.

By the way, the young man up in the corner is Chad’s son, proclaiming, “Love the site, Pops!“

One of the big questions in modern Identity and Access Management continues to be: “Is it better to choose individual point solutions and integrate them in my enterprise, or should I choose a complete IAM platform?

I recently learned of an intriguing Research Brief published by the Aberdeen Group, entitled, “IAM Integrated: Analyzing the ‘Platform’ versus ‘Point Solution’ Approach.” Aberdeen’s conclusion:

Based on more than 160 respondents from its Managing Identities and Access study (February 2011), Aberdeen’s analysis of 32 enterprises which have adopted the vendor-integrated (Platform) approach to identity and access management, and 39 organizations which have adopted the enterprise- integrated (Point Solution) approach, showed that the vendor-integrated approach correlates with the realization of significant advantages.

The most significant advantages realized by organizations adopting the Platform approach to Identity and Access Management, as compared to those adopting the Point Solution approach, include:

• Increased end-user productivity
• Reduced risk
• Increased agility
• Enhanced security and compliance
• Reduced total cost

Aberdeen’s research also confirmed the merits of a pragmatic “Crawl, Walk, Run” approach as the basic template for successful enterprise-wide initiatives involving Identity and Access Management, similar to what I have been recommending for years.

• Adopt a primary strategic focus.
• Put someone in charge.
• Prioritize security control objectives as a function of requirements for risk, audit and compliance.
• Establish consistent policies for end-user identities and end-user access to enterprise resources.
• Standardize the workflow for the IAM lifecycle, including workflow-based approval for exceptions.
• Standardize audit, analysis and reporting for IAM projects.
• Evaluate and select IAM solutions.