IBM Identity and Access Management: Assembly Required

Customers say IBM’s identity and access management software can check the credentials of thousands of users without breaking a sweat—though some add that installing Tivoli Identity Manager left them drenched with perspiration.

United Parcel Service began deploying Identity Manager at the end of 2002, as a way to automatically distribute information about which systems each of its 350,000 employees is allowed to access. Paul Abels, manager of security policy and strategy at UPS, says getting the system into production required more work than the company anticipated. “It’s not a trivial thing to bring in,” he says. “A product like this takes a significant effort to implement and integrate.”

View the PDF — Turn off pop-up blockers!

The main challenge for UPS: establishing the required Identity Manager agents on hundreds of servers, distributed around the world, on a variety of operating systems, including Windows, three kinds of Unix and IBM’s OS/400.

In 2002, the State of Michigan also struggled to roll out Identity Manager. Girish Salpekar, manager of technical support in the state’s information-technology department, says the product requires several components, including IBM’s directory server, WebSphere application server and DB2 database, each a complex piece of software in its own right. After several weeks without success, Salpekar’s group enlisted IBM Global Services to finish the job. “We couldn’t have done it ourselves,” he says. “We told IBM they need to make it easier to install.”

IBM says it’s worked to improve Identity Manager, which it obtained with the acquisition of privately held Access360 in September 2002. The installation process “is not as clean as we’d like it to be today,” says Joe Anthony, program director for integrated identity management at IBM.

Once installed, both Identity Manager and Access Manager have been extremely stable, says Jaime Sguerra, chief architect at Guardian Life Insurance Company of America: “We feel very comfortable with the security and performance of the products.”

Still, Big Blue has a bit of work to do, Sguerra says. For one thing, customizing the “generic” interface of Identity Manager requires some extra Web programming. “It’s not a showstopper,” he says. “It’s a ‘nice-to-have’ feature.” Anthony says IBM is considering adding the ability to modify pages directly within Identity Manager in future releases.

Identity and Access Management

IBM
New Orchard Rd.,
Armonk, NY 10504
(914) 499-1900
www.tivoli.com
Ticker: IBM (NYSE)
Employees: 319,273

Al Zollar
General Manager, Tivoli
Named head of Tivoli software group in July 2004. Previously general manager of IBM’s iSeries server line and its Lotus collaborative software group. He joined IBM in 1977 as a systems engineer trainee.

Arvind Krishna
VP, Provisioning and Security Development, Tivoli
Responsible for setting the technical strategy for IBM’s security and identity management products. Previously was director of Internet infrastructure and computing utilities research at IBM’s Thomas J. Watson Research Center.

Products
Tivoli Access Manager allows only authorized users to access Web applications, server operating systems or middleware. Tivoli Identity Manager stores information about user access rights and distributes it to control points (such as Access Manager); the program also allows users to reset their own passwords.

Reference Checks

Blue Cross and Blue Shield of Minnesota
Dané Smiley
Dir., Enterprise Security
(651) 662-8000
Project: Health-insurance carrier stores information on its 4,500 employees in Identity Manager.

Knights of Columbus
George Dobbs
Chief Architect
[email protected]
Project: Fraternal society and insurance carrier uses Access Manager to provide authentication for its portal, based on IBM WebSphere, for 1,400 agents.

State of Michigan
Girish Salpekar
Mgr., Technical Support
[email protected]
Project: The Michigan Child Immunization Registry provides access to 20 separate applications with a single sign-on through Access Manager.

Guardian Life Insurance
Jaime Sguerra
Chief Architect
[email protected]
Project: Access Manager and Identity Manager protect the insurance company’s intranet, accessed by 5,000 employees, and a portal for customers to check claims and other information.

Whirlpool
Michael R. Murphy
Senior Technical Analyst
[email protected]
Project: Home appliances maker stores information on 30,000 employees in Identity Manager.

United Parcel Service
Paul Abels
Mgr., Security Policy and Strategy
(201) 828-3602
Project: Package-delivery company uses Identity Manager to provide a single point to manage access rights for 350,000 employees.

Executives listed here are all users of IBM’s products. Their willingness to talk has been confirmed by Baseline.

IBM operating results*

200420032002
Revenue$96.50B$89.13B$81.19B
Gross margin37.3%37.0%37.3%
Operating income$12.03B$10.87B$7.52B
Net income$8.43B$7.58B$3.58B
Net margin8.7%8.5%4.4%
Earnings per share$4.93$4.32$2.06
R&D expenditure$5.67B$5.08B$4.75B

* Fiscal year ends Dec. 31
Source: company reports

Other Financials**

Total assets – $109.18B
Stockholders’ equity – $29.75B
Cash and equivalents‡ – $10.57B
Long-term debt – $14.83B
Shares outstanding – 1.69B
Market value, 1/31 – $154.63B

** As of dec. 31, 2004, except as noted
‡ Includes short-term investments