Management system five years ago, it did so for a simple reason: The governor wanted a new e-mail address.
“He was tired of spelling out Michael dot Leavitt at state dot UT dot US,” said Phillip Windley, then CIO for the state, now a computer science professor at the University of Utah. “We owned the domain Utah.gov, so we decided to give him and every other state employee a Utah.gov address.”
However, making the change was anything but simple. Utah had to upgrade network directories at nearly every agency and create a metadirectory to synchronize their data. It also had to get consensus on a naming schema (i.e., first name, last name, etc).
“Getting everyone in a decentralized organization to agree on anything can be a challenge,” Windley said.
Today, when government agencies implement identity management systems, security is more likely their primary concern. Homeland Security Presidential Directive-12 of August 2004 requires the federal government to adopt standard ways of securing physical access to buildings and logical access to information systems. Although not bound by HSPD-12, many state and local governments also are implementing an IDMS for added security and efficiencies.
“Our first reason for adopting identity management was to tighten up security,” said Norman Jacknis, CIO for New York’s Westchester County, which is rolling out IBM Tivoli’s identity management suite to more than 6,000 county employees. “We also realized we’re wasting enormous resources by having every software developer build their own ID structure.”
An IDMS can reduce the number of passwords an employee must remember, and automate password recovery, slashing help-desk costs. It also can simplify provisioning for new hires or terminations, letting IT or human resources departments control access to network resources with a few keystrokes.
Rules FirstBefore rolling out an IDMS, you must define roles and set policies for every contractor and employee in an agency. This lets people access some systems but not others, depending on their roles.
Some IDMS are more flexible than others, said Ellen Libenson, vice president of product management for Symark, an enterprise IDMS vendor in Agoura Hills, Calif. Ensure that an IDMS lets the agency define roles based on factors such as an employee’s title, department and security clearance, and manage resources at a level granular enough to, for example, deny access to certain databases after normal working hours.
The ability to manage many roles is also important for large agencies. The United Kingdom’s Ministry of Defence has 400,000 employees but more than 600,000 roles, said Torgeir Pedersen, senior architect for Trondheim, Norway-based MaXware.
A basic IDMS authenticates users, manages access to resources and helps users better manage password security. A better IDMS provides a “three-strikes” capability, locking users out after a specified number of failed login attempts, Symark’s Libenson said. It also would capture users’ keystrokes during login to help spot potential break-ins.
Another key driver for this IDMS capability is the Sarbanes-Oxley Act, which requires some agencies to maintain audit trails of employee access to information systems. But most identity management solutions stop logging the moment you gain access, said Toby Weir-Jones, director of product management for Counterpane Internet Security in Chantilly, Va.
“The system will know when and where you logged in and that you logged out seven minutes later, but it won’t know what you did in between,” he said. Because most identity management systems aren’t designed to track user activity inside applications, they should be able to integrate with third-party tools that do, Weir-Jones said.
For sensitive data and strong authentication, Libenson said, “you’ll need a system that integrates easily with tokens, smart cards or biometrics.”
For federal agencies, an IDMS must integrate with smart cards based on Federal Information Processing Standard 201 for personal identity verification. FIPS-201-compliant cards store digital fingerprint data and support public-key infrastructure credentials for user authentication.
Integration ChallengesBecause IDMS touch every major system in an organization, they are a challenging integration project. It may take months, even years, to roll out an IDMS at large agencies with diverse platforms.
Nearly all core enterprise applications, from e-mail to human resources to accounting, have their own user directories. An enterprisewide IDMS must be able to communicate with directories in each application and synchronize the data, even if the account is listed as “George W. Bush” in the accounting application, “Bush, George W” in human resources, and “potus@white house.gov” in e-mail.
“A key requirement of any identity management system is how effectively it can connect to and use data held by multiple systems,” said Chris Zannetos, CEO of Framingham, Mass.-based Courion Corp.
It’s necessary to inventory all systems that hold identity data to evaluate whether an IDMS gives an interface to each one, Counterpane’s Weir-Jones said. “If they don’t, you’ll have to build them yourself, which can be expensive. And when the tool changes, you have to upgrade the interface,” he said.
Some IDMS packages offer tools to build connectors between applications, but they may need tweaking to work with some apps.
“One of the biggest stumbling blocks is interoperability with other agencies,” Weir-Jones said. A “federated” identity management scheme lets employees use the same log in and password on any federal network. But as federation standards are still in flux, an IDMS must support multiple standards from the Liberty Alliance, IBM and Microsoft’s Web Services architecture, and the open-source Security Assertion Markup Language 2.0.
Chart the processesThe biggest challenges to building an IDMS may not be technological.
“This isn’t a solution you’re going to buy from someone as much as it is a cultural change in your organization,” said the University of Utah’s Windley. “How do you assess risk for the various components of your information infrastructure? What authentication guarantees can you pass on to the underlying system? The risk assessment has to be driven by business leaders, not IT security professionals.”
Look at the problem from a business or organizational point of view, said Jon Wall, principal technology specialist for Microsoft Federal.
“Figure out what triggers what,” he said. “Walk through two scenarios from beginning to end: hiring an employee and terminating one. Chart every system that process will touch and in what order, and do it from an internal agency perspective, not a technology perspective. We can bend software to do a lot of stuff for you, but identity management is really driven by business practices.”
Successfully implementing an IDMS requires a slow, steady rollout and lots of patience, Westchester County’s Jacknis said.
“We’ve had so many surprises with identity management products,” he said, “I can only say that I hope to be done [with our rollout] by the end of 2006.”
Identity Management Systems
Vendor
Product(s)
Notes
CA Inc. Islandia, N.Y. (800) 225-5224 www.ca.com
eTrust Identity and Access Management Suite
This suite of five products offers soup-to-nuts protection across several flavors of Unix, Linux and Windows.
Courion Corp. Framingham, Mass. (866) 268-7466 www.courion.com
Enterprise Provisioning Suite
IDM specialists offer a full suite of password, provisioning and access modules; works with any directory, e-mail server or SQL relational database but may require a fair amount of programming expertise.
Hewlett-Packard Co. Palo Alto, Calif. (650) 857-1501 www.hp.com
HP OpenView Identity Management(s)
HP offers sophisticated IDM tools as part of its OpenView management platform, adding to its suite of federation products with the acquisition of Trustgenix last November.
IBM Corp. Armonk, N.Y. (800) 426-4968 www.ibm.com
Tivoli Identity Manager, Tivoli Access Manager
Full suite of identity, directory, access and federation products works with directories based on Microsoft Active Directory, Sun ONE and its own LDAP-based Tivoli Directory Server.
MaXware AS Trondheim, Norway (732) 409-5000 www.maxware.com
MaXware Identity Center
This vendor boasts 280 clients in 30 countries, with strong ties to military and governmental agencies.
Microsoft Corp. Redmond, Wash. (425) 882-8080 www.microsoft.com
Microsoft Identity Integration Server 2003, Enterprise Edition
MIIS 2003 works with a number of non-Microsoft directories (including LDAP, Novell eDirectory, IBM and Sun/iPlanet) and e-mail servers, provided they run on a Windows platform
Novell Inc. Waltham, Mass. (800) 529-3400 www.novell.com
Novell Identity Manager 2
Built around its widely used eDirectory structure, Novell's suite supports a wide range of operating systems and offers some good (though optional) tools for designing identity management schemes and running what-if scenarios.
Oracle Corp. Redwood Shores, Calif. (650) 506-7000 www.oracle.com
Oracle Identity Management
Recent acquisitions of top-tier IDM vendor Thor Technologies and OctetString strengthen Oracle's offerings, which include a full range of application-centric middleware products.
Sun Microsystems Inc. Santa Clara, Calif. (800) 232-4671 www.sun.com
Java System Identity Manager
One of the oldest players in IDM software offers a full suite of access, auditing and federation products across diverse operating systems (AIX, HP OpenVMS, Solaris, Windows) using a Web-based management console.
Symark Software Inc. Agoura Hills, Calif. (800) 234-9072 www.symark.com
PowerBroker, PowerPassword User Management Edition, PowerKeeper
Longtime Unix/Linux enterprise software vendor added support for Windows last year with its PowerKeeper identity management appliance.
Technology journalist Dan Tynan is author of “Computer Privacy Annoyances” (O’Reilly Media, 2005).
Monday, January 30, 2006
Making information systems better
Technology is no silver bullet, says John Hill, principal, Esync (419-842-2210). Adding automated data collection, a warehouse management system or automated equipment to a poorly designed warehouse or a flawed process won’t solve problems. It will only bring those problems to light.
But once a company has done the hard work of benchmarking its performance and streamlining its processes, automated systems, like warehouse management systems (WMS) and automated data collection (ADC), can drive even higher gains in productivity.
Despite that, Hill adds, “I’m still amazed at the number of people who aren’t using a WMS or bar code scanning, even when they have the wherewithal to implement them,” says Hill. “There’s still a subset of the warehouse community that is put off by technology, and comfortable with they way they do things, although it may be flawed.”
The cost of technology can also be an impediment. But even companies that can afford the systems are sometimes leery about implementing automated systems. “We have been working for over a year with a client that has nearly $200 million in annual revenue, but doesn’t want to spend $30,000 for a study to develop the value proposition for a WMS,” says Hill. “Yes, that is an investment. But wouldn’t it be nice to know that there’s quantifiable value in moving ahead with a system?”
Even companies without the financial resources to purchase a WMS and ADC system can benefit from the technology by implementing manual processes that impose the same discipline as software and automated data capture. Hill calls this “the fine art of making do.”
He recalls a client that doubled productivity simply by widening aisles so that workers weren’t bumping into one another, investing about $20,000 in additional shelving units, and re-slotting and relocating the forward pick area based on historical inventory profiles. “This was a project that had nothing to do with RFID, bar codes or WMS,” says Hill. “But with some simple steps, they eliminated redundant processes, improved the manual collection of information, and went from 30 to nearly 70 picks per hour per person.”
But once a company has done the hard work of benchmarking its performance and streamlining its processes, automated systems, like warehouse management systems (WMS) and automated data collection (ADC), can drive even higher gains in productivity.
Despite that, Hill adds, “I’m still amazed at the number of people who aren’t using a WMS or bar code scanning, even when they have the wherewithal to implement them,” says Hill. “There’s still a subset of the warehouse community that is put off by technology, and comfortable with they way they do things, although it may be flawed.”
The cost of technology can also be an impediment. But even companies that can afford the systems are sometimes leery about implementing automated systems. “We have been working for over a year with a client that has nearly $200 million in annual revenue, but doesn’t want to spend $30,000 for a study to develop the value proposition for a WMS,” says Hill. “Yes, that is an investment. But wouldn’t it be nice to know that there’s quantifiable value in moving ahead with a system?”
Even companies without the financial resources to purchase a WMS and ADC system can benefit from the technology by implementing manual processes that impose the same discipline as software and automated data capture. Hill calls this “the fine art of making do.”
He recalls a client that doubled productivity simply by widening aisles so that workers weren’t bumping into one another, investing about $20,000 in additional shelving units, and re-slotting and relocating the forward pick area based on historical inventory profiles. “This was a project that had nothing to do with RFID, bar codes or WMS,” says Hill. “But with some simple steps, they eliminated redundant processes, improved the manual collection of information, and went from 30 to nearly 70 picks per hour per person.”
TCS on Winning Team With NCI Information Systems, Inc. for $4.1 Million Task Order With the U.S. Army for Information Technology Support
Award for IT Training and Support Services
ANNAPOLIS, MD -- (MARKET WIRE) -- 01/30/2006 -- TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS), a provider of mission critical wireless communications, today announced it has teamed with NCI Information Systems, Inc., a wholly owned subsidiary of NCI, Inc. (NASDAQ: NCIT) (http://www.nciinc.com/), prime contractor on a four-year task order worth approximately $4.1 million through the Army Information Technology Enterprise Solutions (ITES) contract.
Under this task order, NCI and its team member, TCS, will support the Program Executive Office, Enterprise Information Systems' (PEO EIS) Product Management Office for the Reserve Component Automation System (RCAS) located at the National Guard Bureau in Arlington, Virginia. The team will provide Information Technology (IT) infrastructure services to include network, systems administration, and user support for PEO EIS RCAS personnel. TCS will provide IT infrastructure services, to include network, system administration and user support.
"Becoming a member of the NCI ITES team provides TCS with an excellent vehicle to deliver solutions to our Army customers. We see this alliance with NCI as a 'win-win.' Our recent selection by the Army PEO EIS to provide expanded training and technical support services under this new task order affirms the value of working with NCI," said Mike Bristol, Vice President of the Network Solutions Group for TCS.
ABOUT NCI
NCI, Inc., a Delaware holding company, through its subsidiary NCI Information Systems, Inc., is a leading provider of information technology services and solutions to U.S. government agencies. As an ISO 9001 certified company, NCI's award-winning expertise encompasses areas critical to its customers' mission objectives including enterprise systems management, information assurance, network engineering, and systems development and integration. Headquartered in Reston, Virginia, NCI has approximately 50 locations and over 1,450 employees worldwide. For more information, visit our web site at http://www.nciinc.com/.
ABOUT TELECOMMUNICATION SYSTEMS, INC.
TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS) is a leading provider of mission critical wireless communications to carriers, enterprise and government customers. TCS' wireless data offerings include location-based Enhanced 9-1-1 services, and messaging and location service infrastructure for wireless operators, real-time market data and alerts to financial institutions, mobile asset management and mobile office solutions for enterprises, and encrypted satellite communications to government customers.
TCS offers mission-critical networking and professional services solutions to government agencies and the military, as well as to public and private corporations. More information on TCS' product and service offerings can be found by visiting http://www.telecomsys.com/.
This announcement contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities and Exchange Act of 1934, as amended.
These statements are based upon TCS' current expectations and assumptions that are subject to a number of risks and uncertainties that would cause actual results to differ materially from those anticipated.
The actual results realized by the Company could differ materially from the statements made herein, depending in particular upon the risks and uncertainties described in the Company's filings with the Securities and Exchange Commission (SEC). These include without limitation risks and uncertainties relating to the Company's financial results and the ability of the Company to (i) reach and sustain profitability as early as anticipated, (ii) continue to rely on its customers and other third parties to provide additional products and services that create a demand its products and services, (iii) conduct its business in foreign countries, (iv) adapt and integrate new technologies into its products, (v) expand its business offerings in the new wireless data industry, (vi) develop software and provide services without any errors or defects, (vii) protect its intellectual property rights, and (viii) implement its sales and marketing strategy.
Existing and prospective investors are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof. The Company undertakes no obligation to update or revise the information in this press release, whether as a result of new information, future events or circumstances, or otherwise.
Media Contacts:
Rita Thompson
TeleCommunication Systems
(410) 295-1865
Email Contact
ANNAPOLIS, MD -- (MARKET WIRE) -- 01/30/2006 -- TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS), a provider of mission critical wireless communications, today announced it has teamed with NCI Information Systems, Inc., a wholly owned subsidiary of NCI, Inc. (NASDAQ: NCIT) (http://www.nciinc.com/), prime contractor on a four-year task order worth approximately $4.1 million through the Army Information Technology Enterprise Solutions (ITES) contract.
Under this task order, NCI and its team member, TCS, will support the Program Executive Office, Enterprise Information Systems' (PEO EIS) Product Management Office for the Reserve Component Automation System (RCAS) located at the National Guard Bureau in Arlington, Virginia. The team will provide Information Technology (IT) infrastructure services to include network, systems administration, and user support for PEO EIS RCAS personnel. TCS will provide IT infrastructure services, to include network, system administration and user support.
"Becoming a member of the NCI ITES team provides TCS with an excellent vehicle to deliver solutions to our Army customers. We see this alliance with NCI as a 'win-win.' Our recent selection by the Army PEO EIS to provide expanded training and technical support services under this new task order affirms the value of working with NCI," said Mike Bristol, Vice President of the Network Solutions Group for TCS.
ABOUT NCI
NCI, Inc., a Delaware holding company, through its subsidiary NCI Information Systems, Inc., is a leading provider of information technology services and solutions to U.S. government agencies. As an ISO 9001 certified company, NCI's award-winning expertise encompasses areas critical to its customers' mission objectives including enterprise systems management, information assurance, network engineering, and systems development and integration. Headquartered in Reston, Virginia, NCI has approximately 50 locations and over 1,450 employees worldwide. For more information, visit our web site at http://www.nciinc.com/.
ABOUT TELECOMMUNICATION SYSTEMS, INC.
TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS) is a leading provider of mission critical wireless communications to carriers, enterprise and government customers. TCS' wireless data offerings include location-based Enhanced 9-1-1 services, and messaging and location service infrastructure for wireless operators, real-time market data and alerts to financial institutions, mobile asset management and mobile office solutions for enterprises, and encrypted satellite communications to government customers.
TCS offers mission-critical networking and professional services solutions to government agencies and the military, as well as to public and private corporations. More information on TCS' product and service offerings can be found by visiting http://www.telecomsys.com/.
This announcement contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities and Exchange Act of 1934, as amended.
These statements are based upon TCS' current expectations and assumptions that are subject to a number of risks and uncertainties that would cause actual results to differ materially from those anticipated.
The actual results realized by the Company could differ materially from the statements made herein, depending in particular upon the risks and uncertainties described in the Company's filings with the Securities and Exchange Commission (SEC). These include without limitation risks and uncertainties relating to the Company's financial results and the ability of the Company to (i) reach and sustain profitability as early as anticipated, (ii) continue to rely on its customers and other third parties to provide additional products and services that create a demand its products and services, (iii) conduct its business in foreign countries, (iv) adapt and integrate new technologies into its products, (v) expand its business offerings in the new wireless data industry, (vi) develop software and provide services without any errors or defects, (vii) protect its intellectual property rights, and (viii) implement its sales and marketing strategy.
Existing and prospective investors are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof. The Company undertakes no obligation to update or revise the information in this press release, whether as a result of new information, future events or circumstances, or otherwise.
Media Contacts:
Rita Thompson
TeleCommunication Systems
(410) 295-1865
Email Contact
Subscribe to:
Posts (Atom)