Menu
IBM champions identity management

IBM champions identity management

IBM has introduced services aimed at helping companies build and maintain systems for securing both physical premises and virtual information repositories.

Big Blue designed the services to consolidate the physical security systems companies use to control and monitor access to buildings, for example, with the virtual systems they use to safeguard IT resources such as networks, business applications and PCs.

The two areas are traditionally managed separately, but the time has come to change that, director of safety and security services at IBM, Kent Blossom, said.

"Enterprises want to take a look at what they're already doing in both aspects of security and determine where they could get dual use out of the security components they've invested in," he said.

IBM Global Services' new offering is called Integrated Identity and Access Management Services. It combines traditional consulting services with hardware and software products - from IBM and its partners - that have been optimised to work together.

For example, the bundle includes smart cards from ActivCard, fingerprint-based biometric verification technology from Bioscrypt and public key infrastructure software from VeriSign.

General Electric is supplying components for facility security, and ImageWare Solutions is supplying identification products for managing and issuing access-control credentials.

Tying it all together was IBM's Tivoli Identity Manager software, "the administrative hub", Blossom said.

By doing a lot of the architectural design and integration work up front, IBM could simplify what were typically complicated, labour-intensive business processes, Blossom said.

IBM Global Services would have it all architected so it's ready to be pulled together much more quickly and cost-effectively than starting from scratch, he said.

To promote the effort, IBM corralled a handful of its partners in the security business and staged an event in Washington, DC, where the parties demonstrated their combined system.

A highlight was one-step user provisioning, Blossom said.

In a single step companies can populate a user's smart card with multiple credentials for accessing physical and virtual resources - from employee badges, door locks and security cameras to data, computers and networks. IT staff can modify those credentials as a company's access control policies change or a user's role changes, which was critical, Blossom said.

"Smart cards a few years ago used to be a one-time proposition. Once you issued the credential you could never change it," he said.

With on-board operating systems and the ability to run Java scripts, today's smart cards could be re-provisioned as access requirements change.

The cards also support one-step de-provisioning so companies can quickly deny access to corporate sources if an employee leaves the company, for example.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments