Novell Security Updates Focus on Flexibility, Integration

Versions offers more management, more integration, and more compliance

At BrainShare 2007 in Salt Lake City recently, Novell unveiled new versions of its security products. Identity Manager 3.5 offers better provisioning tools for faster deployment, and Sentential 6 supports more platforms and better enterprise-wide compliance analysis. But it is flexibility and integration within the Novell security framework that makes the products more compelling.

Promised for delivery this month, Identity Manager 3.5 is an enterprise salve for user provisioning, including passwords maintenance, single-password coordination with all major systems, and logging of all user access for compliance auditing. New to this release are tools for better handling the rigors associated with dynamic groups, such as task forces, virtual workgroups, and ad hoc teams, and more tools to model and test configurations before deployment.

You don’t need to think NDS to find these products attractive. Actually, those letters (and term "eDirectory") can be completely missing from your infrastructure—the product supports directory systems from Critical Path, IBM, iPlanet, MS, Netscape, Oracle, Sun, and the ubiquitous LDAP, as well as boxes ranging from Windows to Unix/Linux to RACF/ACF2 mainframes with many major applications, databases, mail systems, and even a couple of PBXs covered.

Even more interesting was Novell’s reporting implementations moving identity management "across the counter." In other words, some Novell users were moving beyond identity management for employees, contractors, and supply-chain partners by unifying management for their customers.

I doubt any IS department will add their complete customer list to their Active Directory, but most customer-related systems, from sales tracking, financial transactions, customer relations management software, even patient management systems have their own independent identity management system. When you consider the IT connection into our customers, from providing externally-facing help desks to Web-based self-help services, unifying all identity management into a single enterprise-wide system that provides better management, faster response, better security, and higher compliance just makes sense.

Therein lies the difficulty in implementing identity management. The technical aspects are easy; it’s navigating the treacherous politics of the data silos that’s tough. Identity management systems can be up and limping in a week, being more than 80 percent functional in less than 30 days. Cleaning the data detris, such as phone numbers with dashes instead of parentheses, can take weeks, gut getting agreement from data owners across the enterprise and resolving which business operation practices should change usually involves high-level negotiations, executive-suite blessings, and arbitration that can last weeks.

Jonathan Penn, a research director at Forrester, thinks Identity Manager’s flexibility and other changes add to the product’s implementation and operation, but that the new release is more of refinement and, "is evolutionary rather than revolutionary. The improvements are basic but needed steps on the road to maturity," he states.

Sentinel: The Sibling

Sentinel 6, scheduled for May 2007, provides security information management (SIM) or security event manager (SEM), depending on your acronym of choice. The new version, the first major release since eSecure was acquired by Novell in April 2000, takes strides in integrating into Novell’s security framework to become a full sibling to Identity Manager and Access Manager.

A couple of improvements concern the broader view: more correlation analysis for security and compliance assurance. Some improvements relate to streamlining event management and providing more real-time analysis and support for nested, sequenced, and cause-and-effect rules. Sentinel also improves its own iTRAC incident manager by offering more automated and customizable workflows and improved worklist handling to ensure incidents are remediated and then closed.

Sentinel keeps current by supporting more platforms, such as 64-bit AMD and Intel processors and Oracle 10g and Oracle real-time application clusters (RAC). Multinationals or enterprises involved in international commerce can appreciate the internal database support of double-byte characters which expands localized support for Chinese and Japanese languages.

The product infrastructure runs on SUSE Enterprise 9 and 10, Red Hat Enterprise 3, Solaris 9 and 10, Windows 2000/2003, and stored to Oracle 9i or SQL Server 2000/2005. The product has a good breadth of systems, applications, and devices it can monitor, but SIM/SEM products have a broader reach.

Novell estimates typical acquisition costs for Sentinel ranging from $75K to $150K. That’s on par with the $25-per-user or $75,000-per-instance cost of Identity Manager 3.5.

Some Novell comments I found fascinating concerned an enterprise’s motivation for products such as Sentinel. Just a couple of years ago, SIM/SEMS were used 90 percent of the time for threat management and ten percent for auditing. Now the usage is reversed. Additionally, compliance is providing about 70 percent of the funding for their tool, an acknowledgement that the myriad three- to five-letter acronyms (such as SOX, GLB, PCI, and HIPAA) are impacting corporate decisions.

Paul Stamp, an analyst from Forrester who covers the SIM/SEM market, notes that security and compliance have always been "happy" bedfellows and marks a shift in enterprise security. "The newer attacks are more targeted and manifest themselves in policy violations. More security threats are not worms but changing data or downloading data. Those are caught in compliance monitoring." He adds, "If you think about it, identity management is sticking the policy in on one end and compliance is what you get out of the other."

With that BrainShare announcement, Novell caps both ends.

Must Read Articles