IdM Journal

HOME EVENTS RESOURCES NEWSLETTERS IDENTORATI ABOUT

A Journal of
Identity Management

Departments

Home
Events
Resources
Identorati
Newsletters

Dave Kearns'
IdM Newsletter
from Network World

Hitachi may take Larry Ellison approach to identity management - buy, buy, buy

My phone rang at 8:30 a.m. one day last week, which isn't that strange an occurrence. East coast PR people sometimes seem to think that, since Network World publishes my stuff I must live in Massachusetts. But this call was from someone in the Mountain Time zone who happened to be in California that day. It was Idan Shoham, M-Tech Technology's CTO, and he wanted to make sure I was OK since I wasn't on the list for his press conference that morning. The event would be "interesting" was all that he would say about it. And it sure was. The conference was to announce that Hitachi had bought a majority interest in M-Tech which will henceforth be known as Hitachi-ID. An interesting announcement on many levels.

When a mega-corporation (and Hitachi is one of the “mega-est”) buys a small vendor, frequently the shining lights of the smaller player will soon look for greener pastures to satisfy their entrepreneurial drive. But by not buying 100% of M-Tech, and agreeing to leave the current management lineup in place with the freedom to continue to innovate, Hitachi gets many of the benefits of an acquisition while avoiding a lot of the headaches. This isn’t something everyone could do - it’s very infrequent in the tech industries. I couldn’t imagine IBM, Microsoft or Oracle doing something like this. It might prove difficult in the long run if Hitachi hopes to assemble a number of ready-made applications and solutions into a cohesive identity management suite, but it's something to keep an eye on.

Hitachi has been, really, a non-starter in the identity management space. It has some sort of biometric thingy that Japanese banks use, but otherwise the only time I think of the company is when I’m looking for entertainment electronics. So why is Hitachi doing this? And why M-Tech? That company’s major successes has been with Canadian government offices and agencies. If Hitachi wanted to make a splash, why not go for a higher profile company?

My opinion (I know you didn’t ask for it, but you’re going to get it anyway) is that this is just the first move by Hitachi. It recognizes that all of the parts of identity management from password management to regulatory compliance affect most of its customers. It's tired of having to recommend someone else’s stuff to get the job done. It also recognizes that Idan and M-Tech CEO Gideon Shoham are really knowledgeable about this identity stuff. I think that Hitachi is going to go all Larry Ellison here, and start acquiring pieces of identity management in the same way Oracle has done over the past few years. And it's going to let these two crazy Israelis (they moved from the land of milk and honey to the land of ice and snow, didn’t they?) put it together for them. Remind me in a year and we’ll see how right - or wrong - I was.

Subscribe to this and other newsletters.

Oracle centralizes security processes into Service-Oriented Security

Last week I told you about RSA's (that's RSA, The Security Division of EMC, of course) announcements at the RSA 2008 Conference. Today we’ll cover a few more and try to get to the rest in the next issue. Next week we’ll begin coverage of the 2nd European Identity Conference which begins on April 22. But let's start off by looking at what Oracle did, and didn’t, announce at RSA.

The biggest announcement signaled a change in philosophy for Larry Ellison’s company. In essence, Oracle will decouple the hard-coded security features from enterprise applications. Well, there is more to it than that! Instead, it will re-institute those features in a fashion Oracle's calling Service-Oriented Security (SOS), which should enable organizations to simplify and centralize critical security processes including authentication, authorization, user administration, role management, identity virtualization and governance, and entitlement management, as well as audit and control using reusable, standards-based security services and protocols which any application can consume.

SOS is sorted into four IT processes – development, deployment, administration and governance. Development is represented by the company's ongoing effort to grow the Identity Governance Framework (IGF) as an open standard. Governance is covered by Oracle Application Access Controls Governor (currently Version 8.0). Administration is handled by Oracle Fine Grained Authorization (currently in controlled beta release with a planned public release later this year). The deployment process will be handled by Oracle Role Manager, which got an announcement all its own.

With immediate availability, Oracle Role Manager is the first shipment of the product Oracle acquired when it purchased Bridgestream last fall. According to Oracle, the package enables customers to "define and manage organizational relationships, roles, and associated privileges for improved security and regulatory compliance. Business users are empowered to manage business roles accurately and efficiently by utilizing advanced statistical analysis, administrative automation tools and a highly flexible design interface.” There doesn’t appear to be any new functionality in this release except for some tighter integration into the middleware Oracle Fusion stack. Still, someone’s been working long hours to get this out this quickly, just six months after the acquisition closed.

The biggest announcement at RSA didn’t come from a traditional identity management vendor but from an appliance maker. Kitchen appliances, that is. And I don’t mean Siemens. Check back next time for more on that.

PRESS RELEASES
NEWS OPINION

Latest Headlines
Tuesday, Jan 6

Gemalto and McAfee, Inc. Introduce Simple Two-Factor Authentication for Full Disk Encryption
PRNewswire
...a new integrated solution that enables PC and laptop users secure and convenient access to fully encrypted disks through strong, secure, hardware-based, two factor authentication. more

You are Never Alone
Kerrie Smith
It is obvious from the points that Stephen raises that there are some huge issues to be considered. He talks at length about the metadata that makes up what we are about, and where it is stored. How do we go about pulling all the metadata about us, personal metadata, resource metadata, and information metadata together? Stephen talks about creating various windows or profiles from our collected metadata. There cannot be a single ultimate storage. more

Bandit, Higgins, Open Source, Profit and Novell
joe andrieu
I’ve been following the user-centric Identity movement ever since Doc Searls talked me into attending IIW2006b, an unconference. EIC is a classic Enterprise technology sales conference on identity management. The two events couldn’t be more different, even though both have excellent content and are focused on Identity. EIC was all about big business selling to each other, while IIW is all about engineers making user-centric Identity work. more

Access Agents
P.T. Ong
Access agents, which are a form of personal directories, are required to solve multiple problems in digital identity. more

Online Identity - Your Doing it Wrong
Craig Overend
The problem however with the current identity space, is that to do this requires reliably storing *any* entities transaction history - which requires silo-free persistence, redundancy and management on all sides of the transaction in ... more

Why Information Rights Management is mandatory…
Martin Kuppinger
If you use IRM for any type of information there is no necessity anymore for the classical access control approaches. The best way to protect information is to do it directly at the level of the information... more

LDAP as the COBOL of Identity?
Clayton Donley
There's no pressing need to get rid of LDAP in existing applications. None at all. It works. The applications support it and will continue to support it indefinitely. more

Managing your identity
Alwyn Van Niekerk
People through the ages have always had a requirement to prove in a credible and trustworthy manner that they are indeed who they say they are. more

Improved Security on the Identity Infrastructure
Matt Flynn
What it doesn't do, however, is protect the connected data stores against direct access. For example, the DBA still has direct access to the database and the Directory Administrator still has direct access to the directory. more

Liberty Alliance Announces Call for Nominations for the 2008 IDDY Awards
PRNewswire
Third Annual Event Features Deployment, Emerging and Multi-Protocol Application Categories more

Siemens bundles identity management and biometrics
The FINANCIAL
This will make Siemens the only provider to offer solutions from a single source and help it meet its goal of growing faster than average in this dynamic market. The newly formed unit combines the Siemens IT Solutions and Services biometrics center in Graz, Austria and the solutions for identity and access management from the Siemens Healthcare Sector. more

Exostar Launches Federated Identity-as-a-service Offering
Editorial Staff
Aims to help organizations secure e-mail, control information access and verify digital signatures for employees, partners and suppliers; securing the supply chain with digital certificates more

Cyber-Ark ''Clear Choice'' Winner for Privileged Account Management Solutions
Business Wire
Enterprise Password Vault™ (EPV) has been named the winner of Network World magazine's first ever "Clear Choice Test" for Privileged Account Management (PAM) products. more

Oy vay Oracle!!!
Jackson Shaw
Fear, uncertainty and doubt aka FUD. You thought only Microsoft used it? Think again, because here comes Oracle. more

Tools4ever, Inc Releases New Case Study Showing the Versatility of its Software in a New Market
PRWEB
Providence Hospital needed a quick, easy and secure method for resetting Active Directory passwords, which immediately led them to Tools4ever's SSRPM solution. During the discovery phase for the implementation it was quickly determined that a dual implementation with UMRA would allow them to easily create individual accounts for their nurses and move away from the shared accounts they had used for years. more

Centrify Expands Engineering Management to Lead Centrify Technology Innovations
PRNewswire
Maxine Erlund, former director of engineering at Sun for Java Compatibility, joins Centrify as vice president of product development more

Exostar Launches Federated Identity-as-a-Service Offering
PRNewswire
...today launched its Federated Identity Service (FIS) for medium level of assurance software credentials. It gives organizations the ability to issue digital credentials to employees, suppliers and partners faster, with less risk and lower costs. more

IdM Key to Safeguarding Sensitive Data
Nikita Virdi
It has become the basic need for banks as they are facing problems on all fronts -- fraud, identity theft, and account violation, to name just a few. Banks are investing on IdM across the enterprise so that the users can have a Single Sign-On (SSO) across all product systems, channels, and locations. more

Novell Delivers Broadest and Most Integrated Portfolio of Identity and Security Management Solutions in Support of SAP Enterprise Software Applications
PRNewswire
Six solutions highlight integration of Novell's identity and security products with SAP solution-based environments... more

VeriSign Wins SC Magazine Europe Award for Best Identity Management
VRISign
VeriSign was chosen for the award by a panel of judges comprised of industry IT leaders in financial services, telecoms and technology. The awards highlight and showcase the best solutions, services and professionals while recognising achievement and technical excellence in the information security industry. more

ID Conference coverage
Vikram
Had a look around to see the media coverage sparked off by the Identity Conference in Wellington. Given the wide range of things covered, I thought it would provide a good indicator for what the media thinks is news-worthy about identity. more

Visual Identity
Paul Madsen
Just came across Vittorio's notation for visually representing web services security keys, signatures, and encryption. Very nice. more

Identity Management Software Market to Reach $4.9 Billion by 2012
PRWEB
United States market for identity management software, the largest market worldwide, is estimated at $1.45 billion, as stated by Global Industry Analysts, Inc. more

Informatica boosts identity management
Stuart Lauchlan, news and analysis editor
Informatica also agreed to buy Identity Systems, a subsidiary of Nokia, for about $85 million in cash in order to be able to offer its customers more identity search and resolution capabilities. Identity Systems has over 500 customers, including the Internal Revenue Service, AT&T and Equifax. Informatica expects the purchase will be finalized by the end of May. more

Exostar Set to Launch Federated Identity Service for Aerospace
Tim Wilson, Dark Reading
Exostar will launch a new capability, the Federated Identity Service, that does the process of "credentialing" on behalf of Exostar's members, ensuring that individuals that attempt to use the systems of the community or its members are who they say they are -- and are authorized to use the systems they are trying to access. more