Enterprise Architecture, IT Strategy & Others

recent posts

about

Just curious

  • IT Strategist Job

    Predicting monotonic events are trivial, whereas,  preciously predicting the continuous non-monotonic events are impossible. For instance, , it is possible to predict that the Sun is to arise on east the next day. Well, assuming that our star, the Sun, is not sucked by an external moving black hole (Yes, black holes can move!! and it was recently proved). The probability for a black hole to swallow the Sun on next day is almost zero.  Like wise, preciously predicting continuous non-monotonic events like weather,stock market for next ‘n’ days are impossible.

    Any profit organization events are non-monotonic and preciously predicting the organization future is impossible. but, strategist can define it or approximate it.

    A strategist or chief architect can shape up a small state and make it as an empire. Strategist lays a strong foundation for growth and road map to flourish. He (or she) uses abstract and vertical thinking skills to study the past, analyse the current, and approximate the future.  Chanakya, was an strategist, who lived 2500 years ago,provided thought provoking ideas to Maurya Emperor Chandragupta and defined strategy to transform the entire kingdom.

    Strategy in an organization starts with people. A strategy can be made successful only if the strategy has an exemplary communication management plan.  In communication plan the following questions must be answered..

    • Why do we have the new strategy?
    • What are the expected results of the new strategy?
    • Will we be successful?

  • Identity Management – Vendor solution Vs OpenSource

    Identity management provides holistic solution for compliance, security requirements, and improve  overall IT operation. Following are major vendors and their products providing IDM solutions in the market

    – IBM/Tivoli Identity Management
    – Oracle Identity Management (or Oblix/COREid/Thor)
    – Computer Associates Identity Management (or Netegrity)
    – MIIS (Microsoft Identity Integration Server or MMS (Microsoft Management Server) or Zoomit)
    – SunOne Identity Management
    – Novell Identity Manager
    – BMC Identity Management (or Passlogix)

    Before any organization implements IDM, it is best practice from program management office standpoint to develop a business case and return on investment.

    How to create a measurable ROI for IDM investment?

    If help desk operation is expensive in an organization, measurable ROI development is possible whereas if help desk operation is already lean, it is challenging to develop a TRUE ROI for IDM investment.

    IDM solution provides holistic solution for compliance and security requirements. Even when there is no TRUE ROI for IDM investment, still it is worth considering IDM for  its elegant user provisioning, user de-provisioning, user management, access management, password management, work flow, single sign on solutions.

    The open source products OpenSSO, OpenDS (directory server) supported by SUN provides most cost ( total cost of ownership) effective solution among the solution landscape. Identity managers supported by SUN, which eventually will become an open source product provides all connectors to integrate various directory services and build work flow for custom provisioning and de-provisioning.

    Message: If there is no TRUE ROI for IDM, consider OpenSSO/DS/Identity Manager solution before dropping IDM from your technology road map.

    Note: This page is used for google’s page rank emprical analysis. The links will be created based on the random graph created.  This is node #4 which has the key word:  xysivabodzinyx , xysivabodzinxy . As per the graph, it links to page 3, page 5

  • IDentity Managment Strategy

    Before we seek Identify Management solution for an organization, the organization must define its business strategy in context to IDM. There are organization which requires to have multiple credential to login to multiple system in the landscape. Most of the federal government organization believes that the system landscape is much more secure when each system in the landscape has its own authentication scheme. To amplify that point, each user of the system in the landscape will have 5-6 credentials. One login credential for desktop, one for email, one for using internet, one for using the systems, one for using HR systems and etc. The idea behind this is, if a system security is compromised then it will not impact other system. At the same time, each users are asked to remember 5-6 user name and password. Users tend to forget the user name/password and require more help desk personnel which increases over all support cost.

    On the other hand, when organization require to provide ease of use for its systems in landscape, it moves towards single sign on (SSO) and security architecture principle is one user, one identification. The risk with this approach is, if a system is compromised, the entire systems in the landscape will be compromised.

    For each scenario, there is entirely a different identity management solution. IDM includes

    • User provisioning
    • User management
      • Role Management
      • Audit Control
    • Access Management
      • Authentication
      • Authorization
    • Directory services
    • Work flow
    • Federation
    • User de-provisioning

    The components of IDM aligns to the process steps I laid out for IDM few months ago.

    Identity Management solution can be simplified when the existing and must have directory service is extended to use for other areas. That is, when an organization uses active directory services as a authentication scheme for a desktop/laptop/pc and there is no plan to change it, the recommendation is to study how the active directory service can be made available for other areas like authentication of web application, email and etc.

    Take aways:

    1. Must define the identify management direction based on business strategy (in the context of IDM)
    2. Leverage existing and must have directory service
    3. Select a product (for instance Sun Identity Management) which integrates with directory service, user management, and open standards for work flow , provisioning and de-provisioning
    4. Based on IDM direction, synchronize  the credentials (like email, desktop login, unix server login, mainframe login, HR system login, benefits system login)
    5. Manage user entry and exit process in a cohesive manner and automate the creation and deletion of credentials in all areas.

    Note: This page is used for google’s page rank emprical analysis. The links will be created based on the random graph created.  This is node #5 which has the key word:  xysivabodzinyx , xysivabodzinxy