Home
Interests
Photos
Favorites

Network World's Identity Management Newsletter, 05/01/06

Avatier takes a phased approach to identity management rollouts

By Dave Kearns

I had the opportunity to sit down with Avatier CEO Nelson Cicchitto last week, always a pleasant task. Pleasant, because Cicchitto is one of the right thinking people among identity management vendors. In other words, he agrees with me! [That's a joke, folks. Please laugh.]

Nelson's mantra is that the promise of identity management is fourfold:

1. Reduced IT cost.
2. Enhanced security.
3. Achieved compliance.
4. Improved efficiency through automation.

He points out that most so-called identity management "solutions" from the biggest players in the software business are often monolithic conglomerations of many disparate products that require extensive manpower, time and infrastructure to implement. His company also offers a fairly all-encompassing identity management software bundle - the Avatier Identity Management Server (AIMS) and its various modules. The difference is that Avatier almost insists on a phased rollout of the various parts of the suite.

Cicchitto claims that by rolling out the easiest pieces first, you can essentially finance later deployments with the ROI and savings from the earlier ones. Now wouldn't your CFO love to hear that!

In fact, the company's stated philosophy is: "Delivering comprehensive identity management is primarily a process, not a product, that relies heavily on unique business driven workflow rules. Successful organizations avoid trying to deploy all aspects of identity management at once, but instead deploy a proven phased and measurable approach from many vendors who only specialize in their product space."

Avatier's architecture of a rollout makes fascinating reading, but it boils down to a 10-phase approach:

* Self-service password reset.
* Password policy enforcement and synchronization.
* User deprovisioning.
* User provisioning and role definition.
* Self-service role matrix and rights management.
* Meta-directory.
* Enterprise reduced sign-on.
* Multifactor strong authentication.
* Web/enterprise access management.
* Federated identity management.

Note, in particular, that user deprovisioning is implemented before provisioning. Your security officer will love that.

There's certainly a lot to like about Avatier's approach to identity management implementation. You should investigate.

Copyright Network World, Inc., 2006

Questions or problems regarding this web site should be directed to abeckman@outdoorssite.com.

Copyright 2008 Art Beckman. All rights reserved.

Last Modified: March 9, 2008