IBM Identity and Access Management: Assembly RequiredBy Baselinemag | Posted 2005-02-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
IBM offers mature and stable software, but some have found its products very tough to deploy.
Customers say IBM's identity and access management software can check the credentials of thousands of users without breaking a sweatthough some add that installing Tivoli Identity Manager left them drenched with perspiration.
United Parcel Service began deploying Identity Manager at the end of 2002, as a way to automatically distribute information about which systems each of its 350,000 employees is allowed to access. Paul Abels, manager of security policy and strategy at UPS, says getting the system into production required more work than the company anticipated. "It's not a trivial thing to bring in," he says. "A product like this takes a significant effort to implement and integrate."
The main challenge for UPS: establishing the required Identity Manager agents on hundreds of servers, distributed around the world, on a variety of operating systems, including Windows, three kinds of Unix and IBM's OS/400.
In 2002, the State of Michigan also struggled to roll out Identity Manager. Girish Salpekar, manager of technical support in the state's information-technology department, says the product requires several components, including IBM's directory server, WebSphere application server and DB2 database, each a complex piece of software in its own right. After several weeks without success, Salpekar's group enlisted IBM Global Services to finish the job. "We couldn't have done it ourselves," he says. "We told IBM they need to make it easier to install."
IBM says it's worked to improve Identity Manager, which it obtained with the acquisition of privately held Access360 in September 2002. The installation process "is not as clean as we'd like it to be today," says Joe Anthony, program director for integrated identity management at IBM.
Once installed, both Identity Manager and Access Manager have been extremely stable, says Jaime Sguerra, chief architect at Guardian Life Insurance Company of America: "We feel very comfortable with the security and performance of the products."
Still, Big Blue has a bit of work to do, Sguerra says. For one thing, customizing the "generic" interface of Identity Manager requires some extra Web programming. "It's not a showstopper," he says. "It's a 'nice-to-have' feature." Anthony says IBM is considering adding the ability to modify pages directly within Identity Manager in future releases.
IBM operating results*
* Fiscal year ends Dec. 31
Source: company reports
Total assets - $109.18B
Stockholders' equity - $29.75B
Cash and equivalents - $10.57B
Long-term debt - $14.83B
Shares outstanding - 1.69B
Market value, 1/31 - $154.63B
** As of dec. 31, 2004, except as noted
Includes short-term investments