Identity Automation

Company Overview from Identity Automation.

This video demonstrates how Role-Based Provisioning can be accomplished with ARMS & DSS.

ARMS Sponsorship - Demo from Identity Automation.

This video demonstrates the ARMS Sponsorship Module.

ARMS Sponsorship - Demo from Identity Automation.

Identity Automation is pleased to announce the release of its DSS systems integration adapter for Microsoft Live@EDU.

This adapter allows a connection to a Live@EDU Institution for the purpose of querying, creating, updating and deleting user mailboxes, distribution groups, and contacts.

This capability makes it possible to automatically populate your Live@EDU Institution with your staff and student information thus saving countless man-hours and eliminating errors caused by manual record creations.  The adapter supports automatic record updates into Live@EDU which handles new employee, student and contractor additions, removals and profile updates based on information from your authoritative systems such as your HR system, Student Information system, etc.

In addition to automatic account creations, the adapter also supports full lifecycle management of accounts and groups including terminations, memberships changes, password resets, etc.

For more information on DSS systems integration adapter for Live@EDU, please submit your contact information and one of our sales representatives we will contact you.

Delegated account management and sponsorship responsibilities provided by an effective Identity Management(IDM) solution give technology staffs the flexibility to oversee multiple locations from a single office, while still allowing each location day to day management and control of local IT resources.

White Paper

This brochure describes using our Data Synchronization System (DSS) to cleanse and manage your data assets.

Product Brochure

This video demonstrates the ARMS Account Management Module.

ARMS Account Management - Demo from Identity Automation.

Identity Automation is pleased to announce the release of its ARMS Group Management Module.

The ARMS Group Management Module is part of the Identity Automation suite of tools called Access Request Management System (ARMS).  ARMS Group Management allows for full delegation of group management in Active Directory and eDirectory environments.  This capability removes the burden of managing access groups and distribution lists and shifts the responsibility to group / function owners who are better equipped to make decisions regarding membership and access.

To learn more, check out the ARMS Group Management Product Page.

For more information on the ARMS Group Management Module, please submit your contact information and one of our sales representatives we will contact you.

This brochure describes our Access Request Management System (ARMS) Account Management Module.

Product Brochure

Identity Automation is featured on Today in America, a television series that informs viewers on a variety of topics, trends and relevant issues impacting the United States and the world.

View Program

When we did a review of ARMS/DSS, we were impressed with the flexibility of the system, the speed of implementation, the easy to use management interface, and the amount of delegated administration it supported.

Identity Automation is featured in Today in America, a television series that informs viewers on a variety of topics, trends and relevant issues impacting our nation and the world. The show airs on Fox, CNN, ION and other cable channels.

Today in America from Identity Automation.

I have been around Information Technology for 20 years and managing Privileged User Access has always been a challenge.

Different organizations handle this issue in different ways.  Some choose to share the password for super user accounts (root / administrator) with folks across the IT department so work can be done without hindrance.  The problem with this approach is you can’t tell who did what since the logs don’t actually reveal who the account user was.  There is also the issue around password changes for these accounts which oftentimes never occurs because communication of those changes is too painful.  Other organizations come at the problem from another perspective.  Rather than sharing the password for the super user account, they instead, perpetually elevate certain users to a super user status.  This approach is better since activity is now logged at the user level but having too many users with such highly elevated privileges is not a best practice and depending on your organizations account management process could leave the organization at risk if one of these users is terminated.

A far better approach is to grant access to super user privileges only when it’s required and for a limited period of time.  Identity Automation’s ARMS Workflow system provides a way of doing exactly that.  Implementation can be as unique as the organization; following are some examples.

• Create a workflow request that allows members of a certain group to be automatically granted super user status for a limited duration of time upon initiating their request.  After the prescribed amount of time has elapsed, super user access will automatically be revoked.
• Create a workflow that allows members of IT to request super user access but require approval from an IT manager or Director before access is granted. After a certain amount of time, the access would be automatically revoked.
• Create a workflow that allows certain members of IT to “check out” the Administrator account so they can perform certain administrative functions.  After a prescribed period of time the Administrator account password is automatically changed and the Administrator “assignment status” is reset.

The possible implementation scenarios are endless but the important thing is to have a viable solution in-place that ACTUALLY works and limits risk to the organization, is scalable and is fully auditable.

For more information on how you can use ARMS Workflow to manage Privileged User Access, please submit your contact information and one of our sales representatives will contact you.

BELO Corp.‘s (NYSE:BLC) implementation of Identity Automation’s ARMS and DSS solutions for identity management has allowed their IT staff to manage a nationwide network efficiently and effectively by distributing system responsibilities, while maintaining central oversight.

Success Story

This brochure describes using our Data Synchronization System (DSS) to drive an Identity Management Solution.

Product Brochure

The ARMS Account Management Module is part of the Identity Automation suite of tools called Access Request Management System (ARMS).

The Account Management module focuses on user identities by providing self-service and delegated administration functionality that allows end users to view and edit their profile, change their password and reset their forgotten password. We also provides a mobile accessible interface that works with Blackberry, Android, iPhone and Windows Mobile.

Administrators can use the module to reset passwords, reset challenge questions and unlock accounts. The ARMS Account Management module also provides a custom delegation definition capability as well. Administrators define custom delegations to allow a specified group of users to take actions upon a specified target group of users. One popular use case is to delegate password reset privileges to teachers so they can reset passwords for students at the same campus where they teach. Another common example is to set up managers to reset passwords for their direct reports.

Account Dashboard	Change Password
Edit Profile	Challenge Response
Mobile Launch	Mobile Authentication
Mobile ARMS	Mobile Acct Mgmt

Click on images above to view full size.

Download the Product Brochure.

If you would like to be contacted by a Sales Representative, please submit your contact information and we will contact you as quickly as possible.

Why a unified web information portal is becoming a requirement for educators who desire to keep parents connected, informed and involved in the education of their children.

White Paper

This brochure describes using our Data Synchronization System (DSS) to drive an Enterprise Application Integration (EAI) Solution.

Product Brochure

Identity Automation is pleased to announce the release of its DSS systems integration adapter for Google Apps.

This adapter allows a connection to a Google Apps Organization for the purpose of querying, creating, updating and deleting user accounts and groups.

This capability makes it possible to automatically populate your Google Apps Organization with your staff and student information thus saving countless man-hours and eliminating errors caused by manual record creations.  The adapter supports automatic record updates into Google Apps which handles new employee, student and contractor additions, removals and profile updates based on information from your authoritative systems such as your HR system, Student Information system, etc.

In addition to automatic account creations, the adapter also supports full lifecycle management of accounts and groups including terminations, memberships changes, password resets, etc.

For more information on DSS systems integration adapter for Google Apps, please submit your contact information and one of our sales representatives we will contact you.

Identity Automation is pleased to announce the release of its DSS systems integration adapter for KeepnTrack.

This adapter allows a connection to the KeepnTrack application for the purpose of querying, creating, updating and deleting person and facility records. 

The capability makes it possible to automatically populate the KeepnTrack system with your staff and student information thus saving countless man-hours and eliminating errors caused by manual record creations.  The adapter supports automatic record updates into KeepnTrack which handles new employee, student and contractor additions, removals and profile updates based on information from your authoritative systems such as your HR system, Student Information system, etc.

The adapter also supports the movement of data from KeepnTrack into other systems.  A good example of this is using KeepnTrack to automatically and instantly provision visitor accounts (for network access or any other system access) for vendors, volunteers, temporary staff, etc.  This reduces burden on the IT staff, increases services-levels, reduces risk and ensures auditability of access.

These are just a few examples of the capability that the new Identity Automation DSS Adapter for KeepnTrack provides.

For more information on DSS systems integration adapter for KeepnTrack, please submit your contact information and one of our sales representatives we will contact you.

Identity Automation is pleased to announce the release of its DSS systems integration adapter for Zendesk.

This adapter facilitates fully automated identity lifecycle management and access control for your users within Zendesk from the authoritative system(s) of your choice. 

This capability makes it possible to automatically create Zendesk accounts for your staff and customers based on a feed from an HR system, Active Directory group membership, Identity Automation ARMS Sponsorship Module or any other system that provides a means for external data exchange. 

Leveraging the Identity Automation Zendesk DSS Adapter eliminates the need to manually create and manage Zendesk accounts and ensures that accounts are created and deleted in a timely manner. This reduces burden on the IT staff, increases services-levels, reduces risk and ensures auditability of access.

These are just a few examples of the capability that the new Identity Automation DSS Adapter for Zendesk provides.

For more information on DSS systems integration adapter for Zendesk, please submit your contact information and one of our sales representatives we will contact you.

This brochure describes our Access Request Management System (ARMS) Sponsorship Module.

Product Brochure

Looking to move to a current, stable, and supported identity management (IDM) environment, a major research University in Kansas, recently leveraged Identity Automation’s RAPiDiDENTiTY methodology to implement a complete IDM solution.

Success Story

Cypress-Fairbanks Independent School District (ISD) understands that the biggest aid to the success of their students, outside of the skilled and dedicated district faculty, is the close involvement of parents in the education of their children.

Success Story

This brochure describes our Access Request Management System (ARMS) Workflow Module.

Product Brochure

This brochure describes using our Data Synchronization System (DSS) to drive an Extract, Transform, Load (ETL) Solution.

Product Brochure

Taking on a new solution, even one designed to lower costs, manage growing complexities, and mitigate ongoing risks, always carries a cost of ownership.  This is seen in software maintenance costs, often times an increased server footprint, and even in continued staff training and keeping their skill sets current on the technology.  More and more, we have to look beyond the benefit of the solution to the organization, and weigh carefully the total costs of owning the solution.

We consider all information technology assets and solutions moving in the direction of “the cloud.”  Organizations want to capitalize IT, and remove it from their overhead as much as possible. To do this organizations are looking more and more at hosted solutions, software-as-a-service vendors, and outsourced IT.

A couple of years ago, there was no strategy to deliver Identity Management Solutions in any way other than a significant server footprint on-site, typically occupying multiple servers (physical and VM) with high availability and fail-over.  This data center growth to accommodate the solution impinged on any immediate ROI, and made the solution more costly to manage in the long term. 

With our shift in strategy we fully embrace the new hosted and service oriented delivery of identity management, giving our customers a turn-key identity management solution without the need to parse out data center space, or to keep their staff resources concerned with new technology.  Identity management for our customers is now a service that is out of the day to day concern, and provides automated provisioning and workflow management through a simple web-UI that is both intuitive and clean.  As customer needs shift, or changes are required to the solution to accommodate internal policy, we manage the solution to bring it into alignment.

This strategy is proven to lower TCO, and allows our customers to achieve a real ROI in a fraction of the time of a traditional IDM deployment.

For more information on how our solutions can help lower your TCO, please submit your contact information and one of our sales representatives will contact you.

Identity Automation’s CEO, James Litton, was quoted in an article entitled “Improving User Passwords - Create An Uncrackable Password To Keep Intruders Off Your System” in the July 2, 2010 Issue (Vol 32 Nbr 14) of Processor Magazine.

VB/Research, who covers, the “Global Security (IT & Homeland) sector” has just published an article about Identity Automation.

Identity Automation was instrumental in helping our organization implement a “best practice” approach to managing our data.  Using their DSS we now have a centralized way to manage data extraction form our systems.  We are also using the product to consolidate data into a data warehouse that we use for all internal reporting.

Their staff was knowledgeable and professional and very easy to work with.

The strength of user passwords sets the bar for the strength of an organization’s defenses against “bad guys” gaining access to valuable organizational resources.  For that reason alone, it is of paramount importance that a best practice password policy is implemented and enforced.

Following are a few guidelines to consider when thinking about password and access policy for your organization:

• Require STRONG passwords and enforce their use with technology.  Educate your users so they understand that strong doesn’t have to mean difficult.  Encourage them to use words that mean something to them (but not the names of family or pets) and use a technique of replacing certain letters with symbols or numbers so the user can, more easily, remember the password.  Mixing case is also important.  The key is to find a technique and always use that technique.  An example might be to always capitalize the first letter and last letter of the word, use “@” instead of “a” and “0” instead of “o”  (e.g. P@ssw0rD)
• Treat your passwords like you treat your underwear; change them often and don’t leave them lying around.  REQUIRE regular change.  There is plenty of debate around the effectiveness of requiring regular password changes but requiring changes every 90 to 120 days, in theory, should result in a more secure environment.  The best example of why this might be effective is that a change thwarts the “bad guy” in a situation where an account has been compromised and is being used to snoop and steal data.
• Bigger IS better.  The longer the password, the likelihood that it can be cracked is significantly reduced.  A minimum of eight characters is best practice but if you can get away with it push for strings in excess of 10 characters.
• Implement a synchronization system so that a password change in one place (e.g. Active Directory) is captured and pushed to all other systems within the organization.  This improves user satisfaction and increases security by ensuring that passwords are changed on a regular basis in all systems, even if some of those systems are infrequently logged into by their users.
• Require two-factor authentication when accessing very sensitive data or when accessing data from off-site.  Two-factor does NOT have to equal expensive.  There are USB solutions, for example, that can be implemented and are just as effective as more expensive options.  This combined with an effective password strategy can greatly increase security because now it’s more than what you know, what you have becomes just as important.
• Educate, Educate, Educate!  Make sure your user community understands that their passwords are the organization’s primary defense against valuable data loss.  Passwords should never be written down nor should the password ever be a word that can be found in the dictionary (see bullet one). Users should be trained to notify the IT department (or the security team, if one exists) if they suspect that their account has been compromised.  Don’t forget the help-desk team either.  Help-desk staff should be educated to avoid social-engineering techniques that are used every single day to acquire passwords by “tricking” support staff into resetting an account’s password and sharing that password with someone other than the account owner.

For more information on implementing effective password and access policies and automated mechanisms to manage them, please submit your contact information and one of our sales representatives will contact you.

Join Identity Automation for a discussion on Total Data Management using Data Synchronization System (DSS) and Access Request Management System (ARMS).

This session will review details regarding school district implementations across the US and how those districts are using DSS and ARMS to effectively and affordably manage their internal data assets to improve business processes while lowering risk.

When: June 10, 2010 - 11am PT/1pm CT/2pm ET

Where: Online via GoToMeeting

Who: Identity Automation will present

Register: Call 281-220-0021

Identity Automation releases its Account Management module for ARMS.

HOUSTON—(BUSINESS WIRE)—Identity Automation, LP announces the release of the Account Management module for its Access Request Management System (ARMS).  ARMS is part of the company’s world class data management solution.

The Account Management module focuses on user identities by providing self-service and delegated administration functionality that allows end users to view and edit their profile, change their password and reset their forgotten password.  The company also provides a mobile accessible interface that works with Blackberry, Android , iPhone and Windows Mobile.

Administrators can use the module to reset passwords, reset challenge questions and unlock accounts.  The ARMS Account Management module also provides a custom delegation definition capability as well.  Administrators define custom delegations to allow a specified group of users to take actions upon a specified target group of users.  One popular use case is to delegate password reset privileges to teachers so they can reset password for students at the same campus where they teach.  Another common example is to set up managers to reset passwords for their direct reports.

The ARMS Account Management module is in addition to the already available Sponsorship (lifecycle management of contingent workers) and Workflow (resource request and approval) modules.  The Access Request Management System is supported in Microsoft Active Directory and Novell eDirectory environments.

Identity Automation, LP delivers identity management, application integration and data integration solutions that address the problems of cost and complexity associated with manual account lifecycle management processes and with connecting on-premise and cloud based applications and data.

Privately held, Identity Automation is headquartered in Houston, Texas. To learn more about Identity Automation’s identity management, application integration and data integration solutions, visit www.identityautomation.com.

While working with our customers, we are regularly surprised to find so little continuity in the way that many organizations handle their data integration. 

Usually these conversations arise because a customer needs a way to feed existing data into another system.  As you can imagine, this is a very common scenario.  What’s surprising, however, is how often the movement of this data is done in an ad-hoc fashion.  This ad-hoc approach results in all types of uncontrolled data extractions with equally uncontrolled data hand-offs. 

By “uncontrolled” I mean that these scripts that are used to extract data are rarely managed in a centralized fashion.  As time goes on administrators leave the organization and relationships with partner organizations (with whom you were sharing data) are terminated, yet the scripts are forgotten and continue to run.

An approach that we take with our customers is to centralize all data management using our Data Synchronization System.  This allows all data extraction, data transformation and data insertion functions to reside in a central location so they can be properly managed. With this approach, administrators can see all the scripts that touch their data sources and regularly validate their place in the environment.  This is a much better model and one that can significantly lower risk to the organization.

In this world of ever increasing risk of being in violation of a compliance requirement or an embarrassing incident due to uncontrolled data access, it is of paramount importance to take all necessary steps to control data extracts.

If you are unsure of your risk, call Identity Automation today to learn more about our Data Security Assessments.

If you would like to be contacted by a Sales Representative, please submit your contact information and will contact you as quickly as possible.

Higher education’s high user turnover and user complexity demands an efficient solution for generation, upkeep, and deprovisioning of identities within its IT infrastructure.

White Paper

Identity Automation’s DSS now supports two-way password synchronization with Active Directory

HOUSTON—(BUSINESS WIRE)—Identity Automation, LP a leading provider of Identity and Access Management (IAM) , application integration and data integration solutions is pleased to announce the release of its Active Directory Password Filter for its Data Synchronization System (DSS).

With the addition of the Active Directory Password Filter, DSS now supports two-way password synchronization.  This allows customers in an Active Directory environment to change their passwords using the built-in Windows tools.  Once changed, DSS can then securely synchronize those changes to other systems.

This new functionality adds to the already existing two-way password synchronization for Novell eDirectory.  Now passwords can be changed on either platform, using any tool, and then be synchronized to other applications and platforms.

Identity Automation, LP delivers identity management, application integration and data integration solutions that address the problems of cost and complexity associated with manual account lifecycle management processes and with connecting on-premise and cloud based applications and data.

Privately held, Identity Automation is headquartered in Houston, Texas. To learn more about Identity Automation’s identity management, application integration and data integration solutions, visit www.identityautomation.com.

Every organization running more than one system has a need to synchronize data. For different systems the type of data may be different but it is still just data. In all cases you have a “source” system and a “target” system. Wikipedia defines data synchronization as “the process of establishing consistency among data from a source to a target data storage and vice versa and the continuous harmonization of the data over time.”

The reasons for synchronizing data are infinite. We typically synchronize data based on one of three broad categorizations: application integration, business intelligence and identity provisioning.

Application integration fills the need of directly synchronizing business data directly between otherwise disparate systems. In a corporate environment this might mean synchronizing inventory data from an inventory tracking system to an ordering system. In an education environment data synchronization is used for cases like synchronizing “free and reduced lunch” status from a child nutrition system to a student information system. In all cases, there lies the basic need to extract data from the source, perform data transformation, implement logic and then load the resulting data into the target system.

Business intelligence requirements are slightly different. Instead of synchronizing data between systems, the focus here is to pull data from many sources to populate a central data warehouse. The primary purpose of the data warehouse is to provide a single target for defining reports that help the business operate and make decisions based on the data that it has in its various systems. For education we use that same architecture to build a student data warehouse that combines student data from systems like the student information system, child nutrition, transportation, grade book, library, etc., to provide parents with an aggregated view of their child data. In the case of business intelligence, data synchronization is key; however, we are still abiding by the same basic principle that we are simply moving data from source to target, with some intelligent logic in between.

Finally there is the matter of identity provisioning. Identity provisioning is a wonderful example of data synchronization. For this purpose you can automate account creation and lifecycle management by synchronizing identity information from your authoritative systems such as your HR or Payroll application. In those systems you track hires, job assignments, manager relationships, transfers, terminations, etc. By extracting and transforming this data, you can create accounts, manage group memberships, move accounts, disabled accounts, etc, without any human intervention. Even though these solutions can be extremely complex, one thing remains true: we pull data from a source system, we transform and perform logic operations on the data, and we push that data to a target system.

In case you feel like none of these scenarios are applicable to your organization, ask yourself this: Do we export text files and send them off to some person or organization? Do you receive files from elsewhere and import them into your systems (after perhaps some manually data cleansing). Do you get a spreadsheet of events and then use that information to manually make changes in your systems? If you answer yes to any of these, then this is very applicable to you. File import/export/transfer, etc. is definitely included in the application integration category. Same with manual entry BASED on data from another system. Notice above I did not specify the means of synchronizing the data, just that data from a source was synchronized to a target system.

So, why does this matter? Why am I so interested in the topic of data synchronization? Well, the reason is simple and, for me, very exciting. Let me explain. I’ve been in the IT industry since 1991 when I joined the USMC as a computer programmer. Since that time I have dealt with every data synchronization method possible. Since 1998 my job has strictly focused on this very subject. It’s been called many things but really I’ve specialized in data synchronization solutions. One thing I’ve learned to be certain is that the technology that is available on the market today is too complicated and too resource intensive! Customers are required to spend significant dollars to implement these solutions and then can’t support them once implemented. Projects can take months, sometimes years, to deploy. Today I came across a quote by Albert Einstein. It is now my favorite quote of all time: ” Any intelligent fool can make things bigger and more complex… It takes a touch of genius and a lot of courage to move in the opposite direction.” I couldn’t have said it any better myself, Albert!

I’m proud to say that Identity Automation is building software that is all about getting back to the data basics. Our data synchronization tool, the Data Synchronization System (DSS), was designed to be easy to learn, easy to use yet still have the capability to handle any data synchronization need. How did we do this? How did we achieve the unachievable? Simple. We focused on the basics: we are synchronizing data from one bucket to another. It doesn’t have to be any more complicated than that. Of course, the design of the user interface has a lot to do with it too. Instead of developing a tool with a lot of wiz-bang crazy cool features, we stuck to the basics. First of all, you define your projects from any flash-compatible browser running on any platform. Secondly, there is no new language to learn. All capabilities of DSS are defined as actions. These actions are listed in your browser session. To use them you drag them into your “Action Set Desktop”, click on them and fill out the appropriate property values for that action. Simple, right?

Of course, reading about it can only give you so much of an appreciation of such a tool. Please visit our product page on DSS and definitely give us a call so we can demonstrate some of those capabilities.

If you would like to be contacted by a Sales Representative, please submit your contact information and will contact you as quickly as possible.

Identity Automation’s Identity Provisioning and Application Integration Tool Hits the Streets and Delivers Integration for On-Premise and SaaS Systems

HOUSTON—(BUSINESS WIRE)—Identity Automation, LP a leading provider of Identity and Access Management (IAM), application integration and data integration solutions is pleased to announce the release of its Data Synchronization System (DSS) product. The company has targeted the product to the SMB, Education and State and Local Government markets as an Identity Management and Application Integration tool.

Technology departments are under increasing pressure to lower costs without compromising service levels. With DSS it is possible to build comprehensive data synchronization solutions that result in improved service levels, reduced risk to the organization and improved usability of data.

All organizations require the ability to move data between disparate systems. A specialized example of this is an identity management provisioning system. An identity management solution pulls from authoritative systems, transforms that data, and writes it to specialized targets such as Active Directory or an LDAP directory.

Another example is consolidating data from various sources such as a financial system, student information system, gradebook system, library system, or any other type of system and storing it in a central data warehouse which can then be used for reporting or other business intelligence purposes.

Yet another example is moving data from a specific application such as an HR system, and pushing it directly to another application,   such as a hosted people management system, to auto-populate employees, their reporting relationships, and other relevant attributes.

Identity Automation’s DSS is designed to connect any combination of on-premise and cloud based applications and can be delivered to customers as an appliance or as a Software as a Service (SaaS) offering.

Identity Automation, LP delivers identity management, application integration and data integration solutions that address the problems of cost and complexity associated with manual account lifecycle management processes and with connecting on-premise and cloud based applications and data.

Privately held, Identity Automation is headquartered in Houston, Texas. To learn more about Identity Automation’s identity management, application integration and data integration solutions, visit www.identityautomation.com.

Looking to move to a current, stable, and supported identity management (IDM) environment, a major research University in Kansas, recently leveraged Identity Automation’s RAPiDiDENTiTY methodology to implement a complete IDM solution.

Success Story

Identity Automation makes the Educause IAM Vendors list for Software and Services.

Identity Automation is pleased to announce the release of its SiMPLE Identity Solution which is a low cost, quick implementation Identity Provisioning solution for both Microsoft and Novell environments.

Visit the Identity Automation SiMPLE Identity Solution page for more information.

Those of us that work in the Identity and Access Management space, recognize that there are going to be significant changes in the IAM arena over the next few years.  One particular change will be the movement of Identity related services to the cloud thus lowering the entry cost for such services to both smaller and budget/resource challenged organizations.

This position is also held by research groups such as Gartner.  Ant Allan, Research VP for the company, said the following at an Identity & Access Management Summit in London in 2009:

“There is a continuing need in this time of economic uncertainty and budgetary constraint for cost-effective, risk-appropriate IAM methods”.

“This includes growing demand for identity-aware networking, host-based and service-based IAM offerings ... “

Well before we started to see a down-turn in the economy, the whole concept of SaaS had become very palatable to businesses.  Just as a business relies on electricity that they do not produce, so too can they consume critical infrastructure services that they do not build and manage themselves.  This particular position is being further driven by the ever increasing need to comply with both internal and external mandates which makes building such an infrastructure and developing a staff of experts to maintain it more and more difficult.

Identity and Access Management, while vitally important, are not a core competency of most organizations. The complexity of such solutions makes the idea purchasing these capabilities from a third party very desirable. 

Identity automation now has offerings that play to this specific need.  With our hosted and/or managed provisioning solution, sponsorship / attestation solution and workflow solution it is now more affordable than ever to implement an automated system that will provide full identity lifecycle management, storage provisioning and more.

If you would like to learn more about our Identity Management solutions or any other Identity Automation offering please contact us  today.

Identity Automation has produced a calculator to help organizations quantify the savings that are possible to achieve by implementing a system for automated account provisioning and password self service.

The calculator has been populated with reasonable defaults but is completely customizable so it can reflect the details of your specific organization.  Give the calculator a try by visiting the Identity Automation Knowledgebase.

Use the Identity Automation ROI Calculator to determine how much money can realistically be saved by implementing a provisioning and/or password self-service solution.

This tool can help you understand the true value of implementing any one of our ARMS, DSS or RAPiD solution sets.

Identity Automation architects were professional, creative and flexible in helping the University of Houston-Downtown implement Single Sign On.

In addition to helping us design and implement the right architecture, they worked with our systems administrators and developers as a team to achieve our the desired goal. I can truly say that they are easy to work with.

Identity Automation were the technical resource and support for our Identity Manager rollout.

Spring ISD was one of the first school districts to deploy an identity management system and we relied on their expertise throughout the project. Identity Automation also developed a custom state-of-the-art personnel assessment tool for our district, based on our specific needs. It has transformed our personnel evaluation process.

As its company name indicates, Identity Automation recognizes the power of identity-based solutions as the ultimate means of automating network processes. Identity Automation’s storage management services are built with identity-based software developed by Condrey Corporation and automate the full lifecycle management of user and collaborative storage. As file-based storage continues to grow at an exponential rate, Condrey Corporation will continue to work with exceptional partners such as Identity Automation in addressing the challenges that come through this growth.

I highly recommend Identity Automation for any IT needs. They have been reliable, experienced and trustworthy. We used their services for support and highly visible outage scenarios and they have exceeded our expectations each and every time.

I have partnered with Identity Automation on several high profile projects over the past five years and they always bring the best technical skills, proven methods and professional follow through to each engagement.

I consider Identity Automation to be a trusted partner and our go to partner for our customers’ identity management and Linux initiatives.

The Texas Office of the Attorney General engaged Identity Automation to implement an identity management solution for over 4,000 employees across several heterogeneous information systems.

Troy and his staff helped us custom tailor a solution that fit our specific needs. We couldn’t have been more satisfied with the quality of their work or the relationships we built in the process. Identity Automation stands out as a knowledgeable, personal, and trustworthy choice.

With identity management becoming an ever increasing challenge, especially in a K-12 school system, we chose Novell’s Identity Manager to meet this need. We selected Identity Automation as the vendor of choice to plan, and implement Identity Manager in our environment.

Their level of professionalism and care given to our project exceeded our expectations. Every phase of the project was well planned, and implementation went extremely well for such a large scale deployment. I would highly recommend the team at Identity Automation for your identity management needs.

CFISD has partnered with Identity Automation for the development and implementation of the district’s identity infrastructure as well as for auto-provisioning of network services for students and employees.

Using the skills and staffing of Identity Automation, the district’s IT team has been able to extend its capability and decrease the amount of time necessary to deploy complex, identity-based technology.

Identity Automation is pleased to announce the release of its ARMS Sponsorship Module.  ARMS Sponsorship is part of the Identity Automation suite of tools called Access Request Management System (ARMS) and provides a way for organizations to manage the lifecycle of “external” user accounts.

Learn more by visiting the ARMS Sponsorship product page.

Customer service is a part of the Identity Automation culture and we constantly remind ourselves by following our core values:

• We must earn our customer’s trust, every day!
• We must always strive to exceed expectations!
• We must treat our customer relationships like a partnership!
• We must always work to be better!

We take our values seriously and prove it day in and day out. Let us prove it to you while implementing the best identity solution available for your organization.

Condrey Corporation

As its company name indicates, Identity Automation recognizes the power of identity-based solutions as the ultimate means of automating network processes. Identity Automation’s storage management services are built with identity-based software developed by Condrey Corporation and automate the full lifecycle management of user and collaborative storage. As file-based storage continues to grow at an exponential rate, Condrey Corporation will continue to work with exceptional partners such as Identity Automation in addressing the challenges that come through this growth.

Harold Rowe, Associate Superintendent

CFISD has partnered with Identity Automation for the development and implementation of the district’s identity infrastructure as well as for auto-provisioning of network services for students and employees.

Using the skills and staffing of Identity Automation, the district’s IT team has been able to extend its capability and decrease the amount of time necessary to deploy complex, identity-based technology.

Brandon Srebalus, IT Director

I highly recommend Identity Automation for any IT needs.  They have been reliable, experienced and trustworthy.  We used their services for support and highly visible outage scenarios and they have exceeded our expectations each and every time.

Tim Barto, Vice President

I have partnered with Identity Automation on several high profile projects over the past five years and they always bring the best technical skills, proven methods and professional follow through to each engagement.

I consider Identity Automation to be a trusted partner and our go to partner for our customers’ identity management and Linux initiatives.

Ted Koubiar, IT Director

Identity Automation architects were professional, creative and flexible in helping University of Houston-Downtown implement Single Sign On.

In addition to helping us design and implement the right architecture, they worked with our systems administrators and developers as a team to achieve our the desired goal. I can truly say that they are easy to work with.

James Watson, IT Manager

Identity Automation were the technical resource and support for our Identity Manager rollout.

Spring ISD was one of the first school districts to deploy an identity management system and we relied on their expertise throughout the project. Identity Automation also developed a custom state-of-the-art personnel assessment tool for our district, based on our specific needs. It has transformed our personnel evaluation process.

Sean Peterson, IT Manager

The Texas Office of the Attorney General engaged Identity Automation to implement an identity management solution for over 4,000 employees across several heterogeneous information systems.

Troy and his staff helped us custom tailor a solution that fit our specific needs. We couldn’t have been more satisfied with the quality of their work or the relationships we built in the process. Identity Automation stands out as a knowledgeable, personal, and trustworthy choice.

Rustly Silvey, IT Manager

With identity management becoming an ever increasing challenge, especially in a K-12 school system, we chose Novell’s Identity Manager to meet this need. We selected Identity Automation as the vendor of choice to plan, and implement Identity Manager in our environment.

Their level of professionalism and care given to our project exceeded our expectations. Every phase of the project was well planned, and implementation went extremely well for such a large scale deployment. I would highly recommend the team at Identity Automation for your identity management needs.

Practice Overview

Having access to capable and competent development resources can give you a significant edge in creating products or solutions that set you apart from your competition and giving you that edge that you need to stand out from the crowd.

At Identity Automation, our engineering staff can develop custom applications on a variety of platforms to meet any need. We have developed applications and enhancements using:

• PHP
• Perl
• Java
• .NET (mono)
• UNIX/Linux and Windows Shell Scripting

In addition to our custom development skills, we also have resident graphic artists that can help us create a site that goes beyond function, but is also a piece of art.

Benefits

• Solution that meets your exact need
• Control of form and function
• Control of platform

If you would like to be contacted by a Sales Representative, please submit your contact information and we will contact you as quickly as possible.

Identity Automation is featured in the January 15-21, 2010 Houston Business Journal.

At Identity Automation, we’re passionate about security and have the opportunity to work with our customers on such issues each and every day.

We all know how important it is to ensure that proper controls are in place to minimize data security risks to the enterprise yet mishaps still occur all too frequently.  A good example of what not to do can be found in this Network World article.  The piece describes how data for 1.2 million customers of a New England financial services company was compromised because usernames and passwords were shared amongst the company’s support staff.

Had this organization implemented automated password and account management policies this disaster could have been avoided altogether.

If you don’t have an effective Identity Management solution today, you should seriously consider exploring options to minimize potential breaches that could cost your organization money and credibility.

If you would like to learn more about our Identity Management solutions or any other Identity Automation offering please contact us  today.

Identity Automation will participate as a vendor sponsor and presenter at Novell Brainshare 2010 in Salt Lake City on March 21 - 25, 2010.

Be sure to visit the Identity Automation booth to learn about the Company’s latest solution and product offerings and for a chance to win great prizes.

You can learn more about the conference here.

Identity Automation is opening a new Beta Program. The first product to be included in this program is the Access Request Management System (ARMS) Sponsorship Module.

The Sponsorship Module is a system that provides full identity lifecycle management for user accounts of any type that are not otherwise included in an authoritative system of record (e.g. Human Resource Management System, Student Management System).

A very common use case scenario is the on-boarding of contractors. Since many organizations do not manage contractors within their employee management systems, the account management process for contractors is generally manual and loosely defined. The ARMS Sponsorship Module provides structure and automation to this process as well as delegation to business managers. Using a cross-platform web client, a designated sponsor can create accounts for these contractors or guests. The ARMS Sponsorship Module has a built-in re-attestation engine which requires accounts to be re-validated after a designated period of time; otherwise, accounts are automatically disabled. This ensures that your organization stays compliant and helps mitigate security breaches from leftover accounts.

To see a video demo of the system, please click here.

The objective of our Beta Program is to gather broad customer feedback before a product is released. The betas are available to anyone who is interested in testing our enterprise software and providing feedback to our engineering teams.

If you would like to participate in the on-site beta program please contact the Identity Automation sales staff to organize an installation date.

This video introduces our Beta Program invitees to our soon-to-be-released Sponsorship Module, a part of our Access Request Management System (ARMS).  The Sponsorship Module allows organizations to manage the identity lifecycle of accounts that don’t reside in authoritative system such as their HRMS.  The common use case is for managing contractors and other temporary workers.

Sponsorship Module Beta Program Introduction from Identity Automation.

This video demonstrates our newly released RAPiD Education Portal solution.  This solution features the Stoneware webNetwork product.  With RAPiD Education Portal, school districts can offer a full-featured parent portal in a very short time period.  Features of RAPiD Education Portal include:

• News and alerts
• District calendar
• Secure links to internal applications
• Teacher pages
• Parent self registration
• Parent password self service
• Parent/Child association management
• Student datawarehouse
• Student information reports
• Student data change requests

RAPiD Education Portal Demonstration from Identity Automation.

Identity Automation was chosen to lead the Identity Management track at the “Changing the Face of IT” event in Austin, Texas on November 18, 2009.

Participation in the event was excellent with attendees from public, educational and commercial organizations.

During the event, the Company presented numerous sessions on how organizations can rapidly implement an Identity Management solution to lower risks, ensure compliance and improve efficiencies.

Back in the good old days of NetWare, if you wanted to see all registered services in SLP, you would simply type: display slp services and the full list would appear on your screen.

Fast forward to Linux and OpenSLP and you can’t do that very easily. Using a combination of slptool switches, you can eventually get all the same information, but it is cumbersome and time consuming.

The following script was written to make that job simple and quick. It will write all the services to your screen and allow you to scroll up and down the list at will. It will also write the results to a file in the /tmp directory so you can look at it again without having to run the script. This also allows you to quickly grab the results from multiple computers for comparison.

Just copy your script to each server you’d like to run it on. I recommend putting it somewhere in the path, such as /usr/local/bin. Then, you make the script executable (chmod +x ./slpshowall.sh) and you are ready to run it.

If you would like to learn more about our support services or any other Identity Automation offering please contact us today.

Identity Automation is pleased to announce the release of its CLI Driver for Novell Identity Manager.

The CLI Driver for Novell Identity Manager is a connector designed to run local system commands and scripts based on metadirectory events.

This driver can run commands on any platform supported by Novell’s Identity Manager including, but not necessarily limited to, Windows, Red Hat, SuSE, Solaris and zOS.

For more information on this new release please contact the Identity Automation Sales Team today.

There was a time when user expectations were simple. Give them some text, maybe a button or two and they were content. White and black were perfectly good colors. Why would you want pictures cluttering up your 640 x 480 workspace anyway?

Times have changed and life as an application developer has changed with it. The client market is diverse. Do you develop for Windows, Mac OS/X, Linux? Firefox, Chrome, Internet Explorer (6, 7, 8)? Users don’t really care as long as your application works on whatever platform they happen to be on at that time. They also don’t care about CSS, DOCTYPEs, or JavaScript frameworks. This is where Adobe Flex comes in.

Flex is an open source framework that allows application developers to create applications that run on virtually any platform in any environment. It also allows developers that do not list Photoshop on their resume to create tools that look like they were created by a graphic designer. Flex has the ability to use MXML tags for development which feels like writing HTML or you can dive down a level and use ActionScript 3.0 to accomplish more low-level manipulation. Another perk of Flex is the ability to export your applications as a Flash .swf file for embedding in a website or as an AIR stand-alone application. Both of these methods require the client to have the Flash or AIR player, but will otherwise look and run the same on any platform. This saves countless hours of development time testing on each browser on each platform.

The web services model of application development is now nearly ubiquitous across the development space. Flex serves as a great tool for this as well. It allows you to have a powerful back-end service that leverages a language of your choice, such as Java. Your engine can then expose its web services to a Flex front end. This provides a clear separation between the engine and the user interface allowing disparate development teams to easily work on the parts best suited for their skills.

Leveraging Adobe Flex for rich client applications allows Identity Automation to rapidly develop applications that are fully featured and run in nearly any environment.

If you would like to learn more about our custom application development practice, our Flex based solutions, or other Identity Automation offerings please contact us today.

Identity Automation believes in giving back to the community and has, for the past three years, participated in efforts to raise money for the Spring ISD Education Foundation whose mission it is to “...generate and distribute resources to the Spring Independent School District to enhance the quality of education.”

This year the company donated $7,500 to the foundation and was honored to be a sponsor of the Nike Golf Store at this year’s Foundation “Tee Up for Education” Golf Tournament.

CEO, James Litton, presenting a check to the foundation leadership

Identity Automation will be hosting a seminar on Application Virtualization and Systems Resource Management.

Discussion points:

• Reduce the cost of application testing, packaging and support by 60%
• Minimize application conflicts and “.dll hell”
• Have Applications and user data running 100% contained

Additional Discussion points:

• Preserve your existing environment and maintain desktop security
• Have a clear vision of your IT Asset Life cycles

If you would like to be able to bring one or more of the above capabilities to your organization, come join Identity Automation and Novell for a live seminar on Systems and Resource Management Strategies for the Enterprise. Learn about Application Virtualization, Asset Life Cycle Management and the pitfalls of a non-secured Endpoint Assets.

Register Today Space is Limited!

WHEN: November 5th, 2009
8:30 am Registration
9 am-12 pm CST Event Time
Breakfast and Snacks Provided

WHERE:
West Loop Marriott Hotel
1750 West Loop, South
Houston, TX 77046

REGISTER AND WIN!!
Simply register below and be entered to win one of 2 8GB IPOD NANOS!!!

Register Today Space is Limited!

It’s free and only takes a minute to get complete access to the event schedule, location details and to be registered for the prize drawings !!(must be present to win)

Questions? - Contact
Carmen Means
.(JavaScript must be enabled to view this email address)
847-832-9166

Many of our customers have found that as the number of critical applications and services increases in their environment, so does the need to deliver them to their users continuously.  Additionally, users are demanding more out of the applications, wanting customized views, dynamic data, and ad-hoc reporting.  These requirements are putting additional stress on the web servers and application infrastructure.  Often, web or application servers become overly taxed, and appear non-responsive to the users.

To address this problem, many IT organizations have implemented DNS round robin.  This is an inexpensive and quick method of distributing the user connections among two or more web or application servers.  This method is very basic, in that two or more DNS entries are made for the web server or application, one for each server that will answer requests.  For example, myapplication.identityautomation.com may have two entries, one that points to server1.identityautomation.com and one that points to server2.identityautomation.com.  However, as simple as this may be, there are drawbacks to using this method to spread the load among the infrastructure.  DNS round robin might be more appropriately named DNS random robin, as DNS servers cannot tell if a server is available before they respond with the server name to the requestor, nor can they help in the case of cached DNS entries on a user’s computer.  DNS round robin will simply hand out server1 then server2, and then repeat this.  Hypothetically, the DNS server could hand out server1 several times in a row.  Furthermore, the session state will be opened with the server that DNS returns to the user, and in the event that something happens to the server, that conversation is broken and dropped.

An alternative to DNS round robin is to use a load balancing appliance that can load balance at different layers of the Open Systems Interconnect (OSI) model.  A load balancing appliance, such as a Citrix Netscaler MPX series device, uses algorithms that can be customized to first check to see if a server is available to service a request, and also determine how many connections that server already has.  Some of these devices can dig further into the application infrastructure to determine if the server has enough memory, cpu, etc. to service the request.  Load Balancing appliances can even use a geographic algorithm to determine which server is closer to the user and will be better suited to service the request.  These appliances make these determinations at an extremely high rate, and often handle 100,000 or more simultaneous requests.  They can also maintain session state, ensuring that access to the server or application is continuous and not dropped.  One Netscaler model, the MPX 17000, can handle a throughput speed of 18gbps, and handle 1.5 Million HTTP requests per second.

The main drawback to the load balancing appliances is that they are not free.  However, managing them is not difficult, and the performance that they offer can help keep the path for the user to access web servers and applications open and available.  This allows IT organizations to deliver complex applications to their user community without sacrificing performance, increasing availability, and without relying on randomization.

If you would like to learn more about about load balancing appliances or other Identity Automation offerings please contact us  today.

Identity Automation has signed a services agreement with Round Rock, Texas based Dell, Inc. 

This agreement paves the way for Identity Automation and Dell to work together on services implementations of all types including Identity Management, Stoneware WebNetwork, Linux, Storage and much more.

Identity Automation has established a partnership with Citrix Systems, Inc.

Identity Automation will offer Citrix solutions as a way expanding the scalability of the company’s Total Identity Management System (TiMS) and other Identity Automation solutions for its customers.

As technology evolves we are finding that the methods for application delivery are also evolving.  While there are a number of varying technologies such as application streaming and terminal services, the most exciting is the movement of applications into the cloud.  Moving applications and services to the cloud allows them to be consumed via a browser which completely changes the landscape in terms of end-user platform requirements, licensing management and so much more.

There are a number of significant market forces driving the move to the cloud.

The first factor is the growing number of web applications entering the market each day. Eight out of ten enterprise applications purchased or developed by organizations are based on web technologies. The reason is simple, web applications are centralized, scalable, and have little or no client-side dependencies.

The second market factor is what we call “decoupling”. When the desktop is decoupled from the operating system it gains the freedom to move from device to device. This factor is significant due to the fact there are many new products entering the sub-notebook market such as netbooks, thin clients, and smartphones. With the desktop decoupled, users are fee to access their desktop from a wide variety of devices.

Last, but not least, is a significant shift away from a client-centric computing model.  While many organizations work well in the traditional application delivery model, some organizations are looking for creative ways to store and deliver applications from a centralized location.

Over the past couple of years, Identity Automation has been working with products such as Stoneware’s webNetwork which allows organizations to build their own private cloud where users can access their web, Windows, and hosted applications from anywhere using any device whether they are at home, on the road, or inside the office.

These changes are exciting to see and are undoubtedly the foundations of what will be a lasting paradigm shift for application and desktop delivery into the future.

If you would like to learn more about cloud computing, the webNetwork product or other Identity Automation offerings please contact us  today.

Identity Automation’s CEO, James Litton, will participate in a Novell Webcast entitled Upgrade to Novell ZENworks 10 Configuration Management: A Customer Success Story.

Description Spring Independent School District (Spring ISD) needed to protect their endpoints. Sound familiar? Like Spring Independent, no doubt you’re worried about the impact of vital information walking out of your doors. Join us to find out how one real-world enterprise put a stop to data hemorrhage with one easy upgrade.

Topics covered

• Why Spring ISD needed to manage their endpoints
• Why the school chose Novell ZENworks 10 Configuration Management to solve their problem
• How easy it was to get there, with a deep dive on deployment processes
• What the school gained Spring ISD upgraded from ZENworks 7 to ZENworks Configuration Management easily and quickly.

Participants

• James Watson, Network Manager, Spring Independent School District
• James Litton, CEO, Identity Automation (a Novell Platinum partner)
• Grant Ho, Senior Solutions Manager, Endpoint Management, Novell

Schedule
  Thursday, September 17, 2009
  12PM EST

Identity Automation is pleased to announce its Total Identity Management System (TiMS) solution architecture.

The TiMS architecture combines the company’s Identity Lifecycle Management, Workflow & Self Service, Data Warehouse and Secure Application Portal solutions which they have been implementing for commercial, government and educational customers for many years.  Together, these solutions help form the most complete Identity Management solution available on the market today.

TiMS Components:

• Identity Lifecycle Management is a solution for automating the end-to-end lifecycle of user identities across the enterprise including on-boarding, off-boarding, role modifications and any other changes that would affect a user throughout their tenure with the organization such as transfers, promotions, project membership and more.
 
• Workflow and Self Service are end-user facing components of the Identity Management system to support resource requests and approvals, profile management, forgotten password self service, white page lookups and dynamic, online org charts.
• The Data Warehouse component is a data integration layer that links applications to allow data synchronization and aggregation, custom action triggers and provides a platform for building robust enterprise-wide reporting.
• The Secure Application Portal provides a single URL, SSL encrypted landing page for end users to gain access to their internal and externally hosted applications while providing SSO capabilities to those applications.  This component provides a simple, secure interface for staff, students, customers, partners, parents, or anyone else that may require access to your systems.

The TiMS architecture is cross-platform and is capable of integrating with virtually any platform, system, device or application that your organization currently supports.  In addition to expert implementation, Identity Automation also provides options for fully managing your TiMS solution to alleviate the need for customers to provide additional resources and/or training to support their Identity Management infrastructure.

In today’s compliance driven workplace no organization should be without a well architected Identity Management solution.  For more information please contact the Identity Automation Sales Team.

One of the questions that I regularly answer for potential customers is—what does Identity Automation do?  The best answer to that question is we help organizations of all types and sizes to solve their real world, every day business problems.

Following are descriptions of the types of solutions that Identity Automation regularly architects and implements for its customers.

• Automate the process of creating and deleting user accounts across all systems.
• Grant and revoke systems and data access based on a user’s role within the organization.
• Implement an exception based workflow system that automates the workflow process and is fully auditable.
• Log, mine and report on all of the events around user access that occur across the organization so the information can be used for audit processes.
• Fully monitor the systems and processes within the organization so issues can be dealt with before users and customers become aware of them.
• Implement processes and procedures that improve internal and external service level compliance.
• Reduce ongoing software licensing costs.
• Automatically manage data lifecycle process in a way that keeps the organization in compliance and minimizes risk to the company.
• Reduce help-desk support costs.
• Implement a portal system with an aggregated view of data for the user.
• Build custom tools and products to fit specific customer needs when off-the-shelf products are lacking desired functionality.

If you would like to learn more about our offerings please contact us  today.

During an identity management project, we frequently have discussions with our customers about provisioning via workflow.  Some customers expect that they will have to deploy workflow to perform any type of provisioning while others hope to fully automate the entire process.

The decision on whether or not to implement workflow can be based on technology requirements or based on political or other environment requirements.  Some identity management products are architected around workflow and therefore it becomes a necessary component to your provisioning solution.  Some organizations feel the need to maintain control of their solution and want a human to intervene before any access is granted.  Any approach taken is fine so long as it meets your requirements.

Typically our customers want to know what we’ve seen and what we recommend based on our experiences.  Specific technology capabilities aside, we feel it is best to fully-automate the entire identity lifecycle (provision, change, de-provision) wherever possible and only use workflow to fill the gaps.  These gaps come in two parts, lack of data or regulatory compliance requirements.  In order to fully automate the entire provisioning process, your authoritative systems (e.g. HRMS) must provide the data necessary to make that happen.  Typically we have enough data about users to know how to create them, where to place them and what access to assign them.  However, HR doesn’t always track at the granular level required for assigning low level access.  This is especially true with regards to provisioning the IT department staff.  An IT department is made up of support, development, engineering, security and other personnel types but they are all typically assigned to the “IT Department” in the HRMS.  To assign granular permissions, like “Domain Administrators” membership in Active Directory, you need to employ a workflow solution.  In some cases, access could be automated but regulatory compliance requires an audit trail of who approved the access and when.  Again, in this case we recommend implementing workflow so that “human touch” can approve access and those actions can be stored in an audit repository.  Even with human intervention for approvals, the actual provisioning in the systems will hopefully be fully automated.

Identity Automation is also building a solution that takes de-provisioning via workflow to the next level.  Typically organizations will provision access and that access will remain for that user until they leave the organization.  In some cases where we are fully automating the user lifecycle, we will strip old access and apply new access when users transfer to a new department or location.  However, if access was granted via workflow, that access usually doesn’t go away when someone changes their organizational role.  Using our workflow solution, application owners can re-attest access to their resources on a scheduled basis.  We apply a maximum TTL (time-to-live) to a resource and any access to that resource must be re-attested within that time period.  For example, if you are grant access to the Accounts Payable resource, recipients would lose that access if the owner of that resource doesn’t re-attest their access within 6 months.  This is another fine example of when workflow is useful, if not mandatory.

If you would like to learn more about our identity management solutions please contact us  today.

Back in March I gave Five Reason Why You Need An IDM Solution.  We regularly talk with customers that would like to implement some sort of Identity Management (IDM) or Data Integration (DI) solution but are challenged with implementation costs, licensing costs, skills capability for infrastructure management and skills capability to manage and maintain the “drivers” that facilitate the movement of data between systems.

As Information Technology becomes increasingly complex, organizations are recognizing that it oftentimes makes more sense to consume software from the cloud in the form of Software as a Service (SaaS).  To date, there have not been options available for customers to consume IDM and DI services in this way.  With the release of Identity Automation’s new Hosted Identity Management and Hosted Data Integration Platforms, this is no longer the case.  Gartner predicts that the SaaS trend will result in 20 percent of Identity and Access Management services being consumed in this form by 2011.

Regulation trends over the past decade indicate that compliance requirements for public and private organizations will continue to increase.  How your organization responds to this will directly affect cost, risk, and technology / process complexities within the organization.

With our first-to-market Software as a Service Identity Management solution you can be up and running with full identity life-cycle management and data synchronization services in a very short period of time resulting in :

• Zero Data Center Build Out
• Zero Licensing
• Zero Software Maintenance
• Zero Internal Management
• Zero Need for IDM Skills
• Single Annual Payment
• Reduced Security Risk
• Reduced Ramp-Up Time
• Instant ROI

If you would like to learn more about our low-cost hosted Identity Management and Data Integration solutions please contact us  today.

Businesses around the world are increasing performance, reliability and agility by deploying Linux into their datacenters.  These deployments carry a variety of workloads such as Web and network services as well as mission-critical applications and databases.

One of the primary drivers for an organization in considering a Linux solution is its ability to run on less hardware and the lower software ownership / usage costs that come with the platform.  Another great benefit is that Linux provides its users with freedom from vendor lock-in.

Most of Identity Automation’s current solution sets are built upon Novell’s SUSE Linux.  Choosing Linux as our backend systems platform has increased our solution portability as well as our ability to manage and maintain our solutions after deployment. 

Another benefit in using SUSE Linux is that it is the only Linux platform endorsed by both Microsoft and SAP.  These endorsements ensure complete interoperability with Windows and maximum support for SAP applications.

For organizations that need high-availability without the extra costs that come with other solutions, Linux can be a great choice.  Linux provides clustering capabilities that include automated fail-over, a clustered file system, clustered logical volume management and data replication.  Put all of this together and it is possible to implement a complete HA solution for a fraction of the cost you might expect.

If you are looking for creative, low-cost solutions to your platform needs then feel free to contact us and we can help design and implement a solution just for you.

In every identity project the topic of user account naming conventions comes up.  We have seen just about every convention possible.  More often than not, environments have more than one convention because over time they changed the convention but grandfathered in the existing accounts.  Inevitably I’m asked, “What is the best user account naming convention for us to use?”

There is no such thing as an absolute right answer to this question.  However, based on the needs of your organization, there is a best practice approach.

When choosing the convention for user accounts, you should take into account these drivers:

• Usability
• Security
• Administration
• Audit

Each organization must prioritize these drivers.  For some organizations the IT department can set the priority whereas other organizations have the priority set by the business or by external drivers such as compliance laws.  First, let me explain the drivers so we are on the same page.

Usability:  Usability is concerned about the end user.  An organization most concerned with keeping their customers happy will set usability as the top priority.  The typical account naming convention in this scenario is your name-based convention such as “tmoreland” or “troym”.

Security:  Security is concerned about unauthorized access.  The concern is the ability of user’s to guess login names and therefore knowing half of the authentication credential.  The typical account naming convention in this scenario is a system generated account name that is not directly linked to identity data in any way.

Administration:  Administration is concerned about ease of administration.  The concern is the ability for “Help Desk” users to quickly and easily find user accounts.  The typical account naming convention in this scenario is one based on full name such as “Moreland, Troy B.” or “Troy Moreland”.

Audit:  Audit is concerned about auditing and reporting system and application access.  The concern is the ability to run reports to show the history of access for specific users.  This requires a naming convention that doesn’t change (such as a primary key in a database) since access logs normally only store user account names and not a GUID.  The typical account naming convention in this scenario would be using a unique identifier from an authoritative data source such as employee ID for staff or student ID for students.

**RECOMMENDATION:**  Since there is no right or wrong answer, here is our recommendation.  The convention you use should NOT allow for user accounts to be renamed.  Regardless of what convention you choose you must be able to enforce a policy to restrict account name changes.

There are two primary reasons that make up the basis of this recommendation.  For one, we strongly agree with the “audit” driver.  Whether or not your organization is required to report on access due to compliance laws or not, you should always give yourself the ability to research access based on account names.  If account names change during the lifecycle of an account, building access reports becomes nearly impossible because you have to know ALL user account names that person ever used, not just the current account name.  The second reason is a concern when implementing an identity synchronization solution.  If you are tying together your disparate directories such as Active Directory, eDirectory, OID, SUN Directory, etc., account name changes can cause synchronization issues because this operation is not your typical “modify” event.  Account links could be lost and subsequent modify operations could fail.

In short, we recommend the “audit” approach.  If this absolutely won’t work in your organization, you could attempt a hybrid that perhaps includes initials (e.g. TM123456).  Just do what you can to enforce a policy that does NOT allow renames.

For more information on identity synchronization, please Contact us today.

In today’s highly regulated enterprise, the importance of ensuring and maintaining compliance to mandated requirements is well understood.  Failure to abide by these requirements can be very costly in terms of fines and in securing the technology resources needed to resolve the issues.  In some extreme cases failure to comply can result in the suspension of business operations while the identified gaps are remediated.

In order to keep these risks and their associated costs in check while, at the same time, ensuring compliance one needs to:

• Keep up with the numerous user account and access changes that occur each and every day
• Eliminate the audit “surprises” that frequently pop-up during internal and external audits
• Reduce the risk of compliance violations caused by human error
• Provide a way to ensure that the systems that are put into place are being enforced (i.e. “Trust, but Verify”)
• Minimize costs associated with compliance activities

The best way to tackle this challenge is to implement a platform that enforces the right access to the right resources and detects, reports and remediates inappropriate and suspicious activities as they occur.  These systems can:

• Automate and enforce access requests and changes
• Monitor network activity in real time
• Eliminate security gaps in compliance audits
• Improve productivity

It is vital that the solution that is chosen for implementation has the breadth of capability to support the enterprise’s databases, homegrown applications, authorization systems, Windows systems, ERP / CRM Applications, directories and mainframe systems thus ensuring long term viability.

Once in place, your organizations’ technology audits should be a much smoother and less issue prone process.

For more information on compliance automation and validation, please Contact us today.

Identity Automation is pleased to announce a formal partnership arrangement with the Cupertino, California based software company Symantec.

Symantec provides security, storage and systems management solutions to help customers from consumers and small businesses to the largest global organizations secure and manage their information-driven world.

Identity Automation plans to offer Symantec software to its customers as part of our comprehensive approach to meeting all of our customer security software needs.

Most of us are intimately familiar with the concept of virtualizing operating systems.  In fact, running virtual machines on our desktops has become so ubiquitous that average, non-technical, computer users are even in on the game.

There is another virtualization technology that has been around for some time called application virtualization that truly takes the virtualization concept to the next level.

Imagine being able to run software applications in an isolated environment that’s immune to conflicts with other software. This is accomplished by packaging each application with all of its files, settings, runtimes, and components into a single executable. Once packaged, the applications act just like they would if they were natively installed, but your operating system, registry and run-time environments remain unchanged.

This opens up some amazing possibilities such as being able to run multiple versions of the same application on the same machine at the same time.  A good example of this might be for a developer who needs to see how a site she is developing will look and behave in IE6 and IE7.  Leveraging the capabilities of application virtualization our developer could run both browsers without any issues and immediately see the results of her ongoing development work.

This approach also has the capability of significantly lowering the deployment costs associated with rolling applications out across the enterprise thus saving budget dollars and freeing up IT resources.

If you are interested in seeing application virtualization in action, contact Identity Automation today to schedule a demo.

Contact us for more information.

We have all heard the stories about businesses struggling to stay viable as we deal with the current economic slump. A topic that has been of particular interest to many of our existing and prospective customers in recent months has therefore been _cost reduction_.  While the Identity Management space covers a lot of ground, one particular area that can have a big impact on cost is Password Self Service.

The challenge for today’s user is that they have too many passwords to remember which means that users forget those passwords (or use insecure passwords - a topic for another post). This leads to increased costs and decreased productivity as users have to take the time to call the help desk to gain access to the systems they require to perform their duties.  Add to this Forrester’s estimate that the average help desk cost to a business is $70 per call, and one can quickly see that this can be very costly indeed.

The way to solve this problem is to implement a mechanism for Password Self Service that puts the onus of responsibility for changing forgotten passwords on the user thus allowing for fewer IT staff to manage the environment.  There are numerous approaches to this challenge such as web based kiosks, telephone interactive voice response systems, and modified client systems on the user’s PC that can facilitate the changes without ever having to involve IT in the password reset process.

Implementation of a Password Self Service system alone can save an organization hundreds or even thousands of calls per month thus saving substantial dollars in operating costs.  Combine this solution with other identity related solutions and the savings can grow substantially higher.

If you have been contemplating the implementation of a Password Self Service system or perhaps need to extend an already existing solution, call Identity Automation today and we can help you find a cost effective, right sized solution to meet your needs.

Contact us for more information.

Today’s enterprise is more complex than ever before.  The pressure on Information Technology departments to manage their technology resources to meet the current organizational needs all the while scaling to meet its future needs is tremendous.

Following are five areas that most businesses are challenged with today that would be significantly impacted in a positive way by implementing an Identity Management solution.

(1) Increased insider threats - Corporate crime and espionage cost businesses around the globe a total of $1.5 trillion each and every year.  A cornerstone in this battle is ensuring that employees and other staff only have the access that they need when they need it.  Ensuring that this is the case through automated means can significantly reduce the risks posed by these types of threats.

(2) Increased compliance mandates - SOX, HIPPA, Basel II and a litany of other regulatory requirements mean businesses must conform or run the risk of fines or even having their doors closed if they fail to comply.  Access control, separation of duties, zero-day termination and many other identity related factors are key to ensuring that these regulations are met.

(3) Increased Security mandates - Internal security departments are very aware of the risks that today’s enterprise faces and are taking ever greater steps to protect their data.  This means ensuring frequent password changes, implementing strong password policies, regular account and access attestation requirements and much much more.

(4) Downward pressure on staffing budgets - Enterprise information technology gets more complex with each passing year, yet IT staffing budgets never seem to keep up with the need for additional staff to manage the systems that run the business.  That means IT departments have to find ways to automate complex policies, processes and procedures so their staff can focus on more strategic needs.

(5) Increased pressure for resource productivity - Zero-day start has been the dream of IT departments for many years, yet it is rarely a reality.  Implementing role based provisioning and access systems can greatly reduce the time it takes to grant staff access to the systems they need on the day they need them, thus ensuring maximum productivity.

Identity Management is a complex area, but one that no organization should be without.  Whether your need is password synchronization, automated provisioning, workflow based provisioning and/or attestation, user password self service or any other identity related need, Identity Automation can help you find a cost effective, right sized solution.

Contact us for more information.

Identity Automation is a huge proponent of open source software and we use a lot of it in our internal operations, in our solutions and in custom consulting work for our customers.

That said, open source is not always the way to go.  While it oftentimes has the capability one needs to accomplish a particular function, it sometimes lacks the management tools, user interface and other elements that make commercial options more appealing.

We have been using Xen, an open source virtualization tool, to virtualize our servers for quite some time.  We also use Xen as a component of our managed platforms solution but have found that many customers prefer VMWare’s products because they have an interface that makes management much easier.

This week, Citrix has announced a new enterprise-class version of Citrix XenServer is available for FREE!  That means that XenServer is the first (and only) free virtualization offering to include live migration of virtual machines, and it is the first to provide free, centralized multi-server management.

If you are interested in virtualizing servers in your datacenter and don’t have the budget to buy licensing for the traditional commercial offering then consider XenServer as an alternative; I think you’ll be pleased.

Contact us for more information.

Identity Lifecycle Management is a function that occurs in all organizations but is usually a manual process at best.  Many organizations are being driven to implement processes to automatically curtail user access based on their role within the organization and to automatically revoke that access upon termination.

A great use-case for understanding the power of this technology is to consider what happens when Judy, a finance assistant, gets a new job in the sales department.  To perform her new job correctly Judy will need different access to some of the systems for which she is already a user.  She will also need to be added to some systems for which she is not currently a user.  In a traditional environment we find that Judy is granted the additional access that she requires to do her new job but seldom is the unneeded access taken away.  This creates a situation, over time, where users have too much access and is oftentimes the cause of failed audits.

Another scenario to consider is what happens when an employee is terminated.  Typically HR will notify IT that a person is no longer employed and IT will then take the necessary steps to manually remove users from their systems.  The problem with this approach is that users are inevitably missed.  There are many reasons for this such as inconsistent names, inconsistent user IDs, IT is too busy and the list goes on and on.  What this means in the real world is that the business is at increased risk because the account is still active and accessible.  With the account still active, that means the company will be hurt or even fail its audits because user accounts exist in an orphaned state.

So what does all of this mean to you?  If you are a person responsible for ensuring that your company is compliant with security and legislative requirements and you are looking for solutions to control and curtail access then contact us and we can help you design and implement a solution that will meet your needs.

At the root of most regulatory mandates is the basic requirement to protect information,
ensuring its privacy and accuracy. In other words, regulations specify that organizations
create an environment of effective overall information security practices. There are many
different areas of security, but from a business perspective organizations simply want to
prevent misuse of information in order to protect their customers, shareholders, and
employees. Building trust and reducing risk can bolster confidence while also helping an
organization to meet its compliance obligations.

When most people think of security they think about firewalls and encryption, but one of
the most common areas of risk is in an area often taken for granted: the proper
management of user and password information. Identity Management is a solution that
streamlines, secures, and governs this fundamental business process. This paper
discusses the inner-workings of an Identity Management solution and how it relates to
these mandates: Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard
(PCI), and the Health Insurance Portability and Accountability Act (HIPAA).

PDF: IDM for Compliance

Hedgehog Lab has released a case study for their Fixx product based on Identity Automation’s implementation and use.

Following is a copy of the case study as it appears on the Hedgehog Lab website.

James Litton tells us how his company uses fixx…
iDENTiTY AUTOMATiON is a multi-practice information technology consulting and services company based in Houston, Texas. Since our inception in 2004 our core competency has always been in providing identity management solutions to all sectors. At a high level this is the process of harmonizing user identities and profiles across disjointed IT systems, in order to promote ubiquitous computing. From the beginning our goal was “to be the most trusted brand in identity solution providers”, whilst also differentiating ourselves with best in class customer service.

What workflows and tools did you utilize before and why did you switch?
Before fixx, we tried various systems such as SugarCRM and Basecamp, however we weren’t happy with the restrictions these services provided, specifically the number of projects and storage available.

When we tried fixx we felt that it was very Basecamp like without any of the drawbacks. As a result fixx is both a cost conscious decision for us, as it meant we weren’t tied down to a hosting plan and also because it provides unlimited projects and storage.

We also liked that we could host fixx ourselves, however this was not the make or break decision for us. It just meant that we were able to have complete control over everything to do with our installation.

Tell us a story about a situation where fixx helped you out?
We use fixx every single day for managing product feature requests, tracking time and interacting with customers; all of which are crucial to the efficacy of our business. We couldn’t operate at the same level of efficiency without it!

Tell us how fixx has helped your business?
Fixx helps us track issues for both our internal projects and products, including any client work we do. We also like the fact that we give all our clients access to their project within our installation of fixx, as this means they can see an aggregated view of the current issues we’re working on and also how long it has taken to complete past issues.

What do you like about fixx?
The interface and usability are both huge factors for us. fixx is so simple and intuitive, but also so powerful. This won us over when it came to deciding which issue tracking tool to purchase. Our productivity has went through the roof since we started using fixx as a repository for managing client issues, feature requests and as an all round project management tool.

What feature do you use most?
Other than managing and tracking project related issues, time tracking is the killer feature for us. It allows us to manage the time spent on each individual issue for consulting and client projects, ultimately providing high levels of customer service by being able to accurately bill customers for the work we do.

When we meet with a customer, we first like to build a common ground with regards to nomenclature.  In the identity management field this is especially true because terms are used differently by different people/organizations.  We find this to be especially true with discussions around the topic of SSO (Single Sign-On).

What does SSO mean to you?  Does it mean you log in one time and never get challenged with an ID/Password again?  Does it mean you are always challenged for an ID/Password but they are the same across systems?  Or, does it mean you never need an ID/Password and instead you use physical or biometric authentication?  The reality is that there is no right or wrong answer to “What is SSO?”.  However, we do put our own terms to use and I thought I would share those.  Identity Automation sticks with two terms with regards to SSO: SSO (Single Sign-On) and RSO (Reduced Sign-On). 

The SSO term, for us, defines a euphoria where the end user logs in once to access their workstation.  This initial authentication could be an ID/Password challenge or some passwordless challenge such as using physical or biometric means of authentication.  Subsequent application access will not challenge the user for further authentication.  The challenge still exists but it is handled by some type of software layer that knows the user’s credentials and is populating them on behalf of the user.

The term RSO is significantly different.  The concept of RSO is that the number of ID/Password combinations an end user will need to remember is “reduced”.  In other words, the end user will need to authenticate to their workstation AND to each application; however, the ID/Password will be guaranteed to be the same on each challenge.  This scenario is also a euphoria in its own respect depending on the number of applications in the environment that require authentication.

Now, neither term or approach is considered “best practice” or the right answer.  There are use cases that make sense for both.  In fact, it is more common to see both SSO and RSO used in an organization than just one or the other.

There are many factors when determining which method(s) to use.  Just to name a few there are security, cost, and usability concerns.  To implement SSO, you must deploy an SSO product and “train” that product how to authenticate to each system in the environment.  For RSO, you must implement a combination of password synchronization and centralized authentication (e.g. LDAP) solutions.  Neither of these are “quick wins” but both have significant long term affects for the organization.

Currently, Identity Automation is working on a passwordless SSO solution through our partnerships with key technology providers.  The end result will be a solution that greatly simplifies the end user experience and provides the utmost security.  The solution will utilize biometric authentication to the workstation and then a combination of products to provide the SSO to the remaining systems that end users would access during that session.  The use of biometric authentication means no more remembering passwords, no sharing passwords and no password guessing.  Although hardware costs are significant, the ROI to the organization is typically realized in short order, especially when you take into account the intangible savings provided by the enhanced security.

For more information, please submit your contact information and one of our sales representatives will contact you.

Identity Automation’s virtual classroom deployment at the Spring Independent School District in Houston, Texas is mentioned in a Connections Magazine article.

I don’t know about you but I am a thinker in the car.  Perhaps that’s because with traffic there is really nothing else to do BUT think.

I now am using a totally free service to allow me to put those thoughts into the place I need them most, my email inbox!

Before my wonderful solution, which I will get into soon enough, my problem was that I can’t write while driving (especially as a Lefty) and I don’t like the process of calling and leaving a voicemail at the office.  So, a lot of my brilliant ideas have not been realized for lack of a simple way to track them.  I’m sure the same is true for you as well.

My accidental discovery was the website Dial2Do.com.  Now, this discovery wasn’t “life changing”, but it was pretty darn close!  So, “What is Dial2Do.com and what will it do for me?”, you ask.  Let me summarize…

Once setup, Dial2Do.com provides you a number to call with your cell phone.  You call the number, a pleasant voice says, “What would you like to do?”.  You use a quick command such as “REMINDER”, or “TEXT” or “EMAIL”.  Then the pleasant voice responds with “What would you like to remember?” or “Who would you like to text?”.  For me, the REMINDER functionality is the favorite tool.  I simply say what it is I want to remember the next time I get to my computer.  It can be anything you want.  Then, you simply hang up (or you could wait and do more commands).  At this point, a miracle occurs!  You will receive a text message AND an email of the message you just left, typed out!  The email will also include an audio attachment of your actual message as well.  I’ve found that the speech to text recognition is excellent (the term “LDAP” is not well understood) but the audio backup is very helpful.

There are so many other commands available to use via Dial2Do such as getting weather, calendar, twitter and many others.  You can use your online account to setup contacts, groups and all sorts of fun things.  This is helpful if you want to send out a broadcast email or text message to a lot of people at one time.

Great tool and great price!!

For more information on our products and services, please submit your contact information and one of our sales representatives will contact you.

Identity Automation has teamed up with Novell to present on “Understanding Identity Management Solutions for K-12 Institutions” at the TCEA 2009 conference in Austin, Texas.

Be sure to stop by the Novell booth for our presentations at 10AM and 2PM on Wednesday, February 4.

Identity Automation will sponsor Novell Brainshare 2009 in Salt Lake City March 8 - 13, 2009.

You can learn more about the conference here.

Identity Automation has released a comprehensive White Paper entitled Lowering the cost of computing in K-12 schools without compromising access.

This paper proposes strategies that will allow districts to improve student to computer ratios, significantly decrease hardware costs, decrease hardware refresh cycles and virtually eliminate baseline software costs resulting in as much as an 80% hardware and software budget savings.

You can read the paper here

Identity Automation has established a formal partnership with NComputing.

NComputing produces a virtualization solution that taps the unused capacity of a PC so that it can be simultaneously shared by multiple users.

This partnership adds another ingredient to Identity Automation’s mix of offerings providing for comprehensive solutions to customer needs.

Identity Automation’s CEO, James Litton, has been published in the September 2008 issue of Linux Format. The article is a full-length feature covering Linux in business.

The Magazine is currently on newsstands in Europe and should be available in the United States, Australia and other countries in the coming weeks.

Identity Automation will team up with Novell at the 2008 National Educational Computing Conference in San Antonio, Texas from June 30th - July 3rd, 2008.

This year marks the 29th anniversary for the conference and is expected to have more than 18,000+ participants.

Drop by the Novell booth to learn more about Novell’s products and Identity Automation’s solutions and services.

Identity Automation completed its first CoSN event and views the participation in the event as a tremendous value add to the organization.

CEO, James Litton, had the opportunity to assist in the development of a presentation on “Open Technologies for K-12 Schools” and to co-present on the topic with Spring ISD.

James also had the unique privilege to address the full conference audience before the final keynote and introduce three Texas Representatives (Rep. Rob Eissler, Rep. Scott Hochberg, and Rep. Mark Strama) who spoke on the topic of “A Vision for Education Technology in Texas: Legislative Landscape”.

A newly signed agreement with the Texas Department of Information Resources grants Identity Automation the ability to deliver staff augmentation services to state and local government agencies and school districts throughout the state of Texas.

The Texas Department of Information Resources (DIR) promotes a shared vision for Texas that maximizes the value of the State’s technology investment by identifying common areas of interest, using technology to advance agency missions, and preserving flexibility to innovate. Visit DIR at www.dir.state.tx.us for additional information.

Identity Automation has been leveraging Stoneware’s reporting tools in its RAPiDiDENTiTY Identity Management solution set since its initial release in 2007.

Due to their successful collaboration to-date, effective May 7th, 2008 Identity Automation and Stoneware, Inc. have entered into a formal partnership agreement.

Both companies will work closely on the sale, implementation and support of Stoneware’s webOS / webNetwork products as well as helping customers to meet their identity and security management needs.

Identity Automation will present at Novell’s Best of Brainshare 2008 Houston event on June 24th.

You can learn more about the event here.