IBM Identity and Access Management: Assembly Required

By Baselinemag  |  Posted 2005-02-01 Print this article Print

IBM offers mature and stable software, but some have found its products very tough to deploy.

Customers say IBM's identity and access management software can check the credentials of thousands of users without breaking a sweat—though some add that installing Tivoli Identity Manager left them drenched with perspiration.

United Parcel Service began deploying Identity Manager at the end of 2002, as a way to automatically distribute information about which systems each of its 350,000 employees is allowed to access. Paul Abels, manager of security policy and strategy at UPS, says getting the system into production required more work than the company anticipated. "It's not a trivial thing to bring in," he says. "A product like this takes a significant effort to implement and integrate."View the PDF -- Turn off pop-up blockers!

The main challenge for UPS: establishing the required Identity Manager agents on hundreds of servers, distributed around the world, on a variety of operating systems, including Windows, three kinds of Unix and IBM's OS/400.

In 2002, the State of Michigan also struggled to roll out Identity Manager. Girish Salpekar, manager of technical support in the state's information-technology department, says the product requires several components, including IBM's directory server, WebSphere application server and DB2 database, each a complex piece of software in its own right. After several weeks without success, Salpekar's group enlisted IBM Global Services to finish the job. "We couldn't have done it ourselves," he says. "We told IBM they need to make it easier to install."

IBM says it's worked to improve Identity Manager, which it obtained with the acquisition of privately held Access360 in September 2002. The installation process "is not as clean as we'd like it to be today," says Joe Anthony, program director for integrated identity management at IBM.

Once installed, both Identity Manager and Access Manager have been extremely stable, says Jaime Sguerra, chief architect at Guardian Life Insurance Company of America: "We feel very comfortable with the security and performance of the products."

Still, Big Blue has a bit of work to do, Sguerra says. For one thing, customizing the "generic" interface of Identity Manager requires some extra Web programming. "It's not a showstopper," he says. "It's a 'nice-to-have' feature." Anthony says IBM is considering adding the ability to modify pages directly within Identity Manager in future releases.

Identity and Access Management

New Orchard Rd.,
Armonk, NY 10504
(914) 499-1900
Ticker: IBM (NYSE)
Employees: 319,273

Al Zollar
General Manager, Tivoli
Named head of Tivoli software group in July 2004. Previously general manager of IBM's iSeries server line and its Lotus collaborative software group. He joined IBM in 1977 as a systems engineer trainee.

Arvind Krishna
VP, Provisioning and Security Development, Tivoli
Responsible for setting the technical strategy for IBM's security and identity management products. Previously was director of Internet infrastructure and computing utilities research at IBM's Thomas J. Watson Research Center.

Tivoli Access Manager allows only authorized users to access Web applications, server operating systems or middleware. Tivoli Identity Manager stores information about user access rights and distributes it to control points (such as Access Manager); the program also allows users to reset their own passwords.

Reference Checks

Blue Cross and Blue Shield of Minnesota
Dané Smiley
Dir., Enterprise Security
(651) 662-8000
Project: Health-insurance carrier stores information on its 4,500 employees in Identity Manager.

Knights of Columbus
George Dobbs
Chief Architect
Project: Fraternal society and insurance carrier uses Access Manager to provide authentication for its portal, based on IBM WebSphere, for 1,400 agents.

State of Michigan
Girish Salpekar
Mgr., Technical Support
Project: The Michigan Child Immunization Registry provides access to 20 separate applications with a single sign-on through Access Manager.

Guardian Life Insurance
Jaime Sguerra
Chief Architect
Project: Access Manager and Identity Manager protect the insurance company's intranet, accessed by 5,000 employees, and a portal for customers to check claims and other information.

Michael R. Murphy
Senior Technical Analyst
Project: Home appliances maker stores information on 30,000 employees in Identity Manager.

United Parcel Service
Paul Abels
Mgr., Security Policy and Strategy
(201) 828-3602
Project: Package-delivery company uses Identity Manager to provide a single point to manage access rights for 350,000 employees.

Executives listed here are all users of IBM's products. Their willingness to talk has been confirmed by Baseline.

IBM operating results*

Gross margin37.3%37.0%37.3%
Operating income$12.03B$10.87B$7.52B
Net income$8.43B$7.58B$3.58B
Net margin8.7%8.5%4.4%
Earnings per share$4.93$4.32$2.06
R&D expenditure$5.67B$5.08B$4.75B

* Fiscal year ends Dec. 31
Source: company reports

Other Financials**

Total assets - $109.18B
Stockholders' equity - $29.75B
Cash and equivalents‡ - $10.57B
Long-term debt - $14.83B
Shares outstanding - 1.69B
Market value, 1/31 - $154.63B

** As of dec. 31, 2004, except as noted
‡ Includes short-term investments


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.