Getting a grip on user access issues

by David Essex
Be the first to comment | I like it!
More »
on this topic
March 12, 2001, 12:24 PM —  Computerworld — 

Temporary workers are critical to the Omaha Public Power District (OPPD) during power outages, but they pose special problems for Ron Workman, OPPD's supervisor of information protection.

Workman must provide temporary passwords and user names for as many as 200 contractors, as he did last month during a cleanup and maintenance check of the Fort Calhoun Station nuclear power plant in Nebraska. And users must be set up quickly. OPPD pays $500,000 per day for replacement power during downtime, and it loses thousands more if contractors are kept waiting.

Until three years ago, Workman used homegrown software for managing user-access accounts for OPDD's temporary workers and 2,400 employees. Then OPDD moved to enRole software from Technologic Software Concepts Inc., a consulting firm in Irvine, California. Workman says enRole squeezed turnaround time down from a week to about six minutes, freeing staff to spend more time monitoring security.

"It's meeting our requirements, and it's meeting them very well," Workman says, naming occasional and very minor bugs as the software's only faults. "It runs and runs and runs."

What EnRole Does

EnRole's developers left in January 1999 to form what's now Access360, also in Irvine. Today, flush with more than $70 million in venture capital funding, the company sells enRole to a growing list of major customers like BP Amoco PLC in London and ETrade Group Inc. in Menlo Park, Calif.

EnRole lets administrators rapidly respond to changing employee roles or add and remove rights for temporary workers or extranet partners, all from a single management console. EnRole unifies each user's profile and access privileges in a central repository so administrators don't have to track scattered accounts for different applications and operating systems. Then it automatically performs the tasks each application requires to sign up or remove users.

"Every large or medium or fast-growing business has a number of computing platforms that are in place, as well as many, many people trying to access those applications," says Access360 President and CEO Yuri Pikover. "Somebody, somewhere, somehow needs to keep track of it all."

Besides the repository, the two other main components of enRole are a workflow engine, which contains rules that decide who has rights to which applications, and "software agents," which let enRole work with more than 55 major operating systems, databases, e-mail platforms and enterprise applications.

"The [enRole] app server is essentially a workflow engine," Pikover says. "When it detects a change, it will then issue a command to an agent to provision that user appropriately."

Well Positioned

Access360 seems well positioned to exploit two growth areas: application service providers (ASP) and companies building what Pikover calls "virtual enterprises" using business-to-business systems. Both must quickly and efficiently define who has rights to use particular applications.

"People just become part of a B2B trading community, but no one is solving the provisioning problem," Pikover says. "You end up defaulting to the lowest common denominator." With enRole, he says, companies can provide finely tuned access.

To serve both markets, Access360 is working on a more scalable, distributed version of enRole for shipment later this year. Also in the works is an ASP-based service called Access360.net that the company will pilot this quarter and launch by midyear. "We're also branching out to extend the provisioning to noncomputing entities such as credit cards and cell phones," says Jeff Drake, Access360's founder and executive vice president.

Access360 won't likely fail from a lack of demand. "[Managing user access is] a problem that everybody has," says Chris Christiansen, an analyst at IDC in Framingham, Massachusetts.

Neil Goldman, director of Internet computing strategies at The Yankee Group in Boston, describes Access360 as a strong player in a small but important niche. "[Managing user access] is a big problem for companies," Goldman says. "The question is whether the pain is bigger than other pains companies have right now."

Direct Assault

Access360 faces competitive assaults from a small group of vendors of centralized security administration software, say analysts. Most of these companies also compete with players in mainframe access management.

BMC Software Inc.

Houston

www.bmc.com

BMC claims to have 150 customers that use its Control-SA software to manage provisioning, sometimes for more than 100,000 employees.

Like Access360's enRole, Control-SA uses a centralized data repository to allow administrators to manage users' access rights according to their roles. It also has password-management and workflow modules.

The differences between Control-SA and enRole are in their architectures and "technical robustness," claims Gary Leibowitz, director of BMC Software's InControl business unit.

Courion Corp.

Framingham, Massachusetts.

www.courion.com

Courion focuses on password proliferation. The company's PasswordCourier is a self-service application that lets employees perform tasks that normally take 30 percent of a help desk's time, such as resetting passwords. A second product, ProfileBuilder, lets a company's employees, business partners and customers manage their own profiles, which provide personalization data and are used to authenticate their identities.

"The other vendors are really focused on accounts," says Courion Vice President Tony Rose. "For true self-service, you need user authentication."

Systor Security Solutions Inc.

Greenbelt, Maryland.

www.systorsecurity.com

Keith Girt, managing director at Systor, says the company takes a mainframe-oriented approach while supporting multiplatform client systems. Systor's customers include large firms in both the U.S. and Europe.

Its main product, Security Administration Manager (SAM), uses an OS/390-based central repository, which Girt says gives it a scalability advantage over competitors. SAM also manages passwords and has a workflow engine for automating requests to change a user's status, two other key functions of enRole and Control-SA.


Access360

Location: 15440 Laguna Canyon Road, Irvine, Calif. 92618

Telephone: (949) 255-3100

Web: www.access360.com

Niche: Resource-provisioning management

Why it's worth watching: Turnover, the complexity of enterprise software and the growth of Web networks are fueling demand for access management.

Company officers:

» posted by ITworld staff

Computerworld

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Related content
Resources
White Paper
Top 10 Reasons to Upgrade

Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.

Click here to find out more »
Webcast
Best Practices for Backup and Recovery Webcast

Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.

Click here to find out more »
White Paper
Delivering Integrated Security, Recovery, and Archive Protection with Symantec Backup Exec

Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.

Click here to find out more »
Free stuff

VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter

Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
More Resources