市場調査レポート

ID/アクセス管理(IAM)市場の動向:2011-12年

Identity and Access Management 2011-12 (Technology Evaluation and Comparison Report)

発行 Ovum, Ltd. 商品コード 178453
出版日 ページ情報 英文 272 Pages
納期: 即日から翌営業日
価格
本日の銀行送金レート: 1USD=105.69円で換算しております。
Back to Top
ID/アクセス管理(IAM)市場の動向:2011-12年 Identity and Access Management 2011-12 (Technology Evaluation and Comparison Report)
出版日: 2011年02月24日 ページ情報: 英文 272 Pages
概要

ID/アクセス管理はビジネスの問題としてアプローチし、ビジネスプロセスに沿った設計をすべきです。ID/アクセス管理は基本的には組織と組織に属する人、他の組織とどのように関わっていくかに関する問題であり、IAM計画は包括的かつ長期的なビジョンを持って取り組むべきです。

当レポートでは、ID/アクセス管理市場について調査分析を行い考察してまとめ、概略下記の構成でお届けいたします。

エグゼクティブサマリー

第1章 IAMにおけるビジネスと技術の課題

  • サマリー
  • ID/アクセス管理は大規模な投資計画
  • ビジネスプロセスを見直す必要がある
  • クラウドサービスにより組織間でIDを連携する必要が急務に
  • ベンダーは集約されている
  • 提案

第2章 ID/アクセス管理とコンプライアンス

  • サマリー
  • IAMはビジネスの向上、連続性、保護、コンプライアンスに関するサービスを提供
  • 規制へのコンプライアンスは多くの組織で需要が多い
  • 監査のためにより良いIAMインフラが急務
  • ID管理における連続性とライフサイクルのアプローチはビジネスバリューを促進する
  • 全員が責任を負う必要がある
  • コンプライアンスの達成と証明は主要なビジネスの目的
  • 提案

第3章 クラウドにおけるIDサービス

  • サマリー
  • インターネットIDの必要が認識されてきている
  • 何段階かのIDチェックが必要
  • 法律と商業の問題が最重要
  • インターネットID向けの技術が開発されている
  • 提案

第4章 フェデレーテッドID

  • サマリー
  • フェデレーテッドID管理の利用は組織に利益をもたらす可能性
  • 明確なルールの制定が重要
  • 標準の使用が今後重要
  • 提案

第5章 技術比較

  • サマリー
  • IAMの機能マトリクス
  • IAMの決定マトリクス
  • ベンダー分析

第6章 技術評価

  • CAのIdentity and Access Management Suite
  • EntrustのIdentityGuard、GetAccess、TransactionGuard
  • EvidianのIAM Suite (バージョン8)
  • HitachiのID Portfolio
  • IBMのTivoli Identity and Access Management製品
  • MicrosoftのForefront Identity Manager 2010と関連製品
  • NovellのIdentity Manager 4 Advanced Edition
  • OracleのIdentity and Access Management Suite-Release 11g
  • RSA (EMCのセキュリティ部門)のIdentity & Access Management

第7章 ベンダーのプロファイル

  • ActivIdentity
  • Aladdin (SafeNet)Company
  • Avatier
  • Aveksa
  • Beta Systems
  • BMC
  • Courion
  • Cyber-Ark
  • Fox Technologies
  • Imprivata
  • Passlogix
  • Ping Identity
  • Pirean
  • Red Hat
  • SailPoint Technologies
  • SAP
  • Sentillion
  • Siemens
  • WSO2

用語集

付録

目次
Product Code: OI00030-001

Abstract

Introduction

Identity and acess management must be approached as a business issue and designed around business processes. It is fundamentally about how the organization works with its people and with other organizations. IAM projects must be approached with a comprehensive and long-term vision, but it is best to implement it incrementally in phases, each with a clearly defined business benefit.

Features and benefits

• IAM projects require upfront and continuous high-level business sponsorship.
• IAM is an essential tool in delivering compliance and protecting information.
• Federation of identities between collaborating organizations has been enabled by the acceptance of standards including the WS-
• family and SAML.

Highlights

IAM is a key issue for the business. Implementing a system represents a major investment and its deployment will require changes in business processes to capitalize on its benefits. However, successful projects provide a high return on investment and a payback period of less than two years is frequently achieved.
IAM is a means of implementing business strategy insofar as it relates to information processing. The issues of who the business needs to work with, the level of automation that is required in these interactions, and the depth of trust between organizations, are represented in the IAM configuration and deployment.

Your key questions answered

• The business benefits of IAM come in two main categories: productivity/ease of use, and security.
• IAM projects are neither quick nor cheap. It is essential that they have the support of senior management and that this support is sustainable.
• IAM projects are mainly about integration. The largest part of the work is in configuring the system to reflect business requirements.
• Single sign-on requires the IAM system to be integrated with each platform and application that it is required to support.
• The foundation of every IAM system is one or more corporate directories, and most support Active Directory and any LDAP compatible directory.

Table of Contents

Executive Summary
1.1 Executive summary
Catalyst
Ovum view
Key findings
The role of IAM
Business issues
Organizational issues
Technology issues
Market issues
Recommendations
The Ovum IAM Decision Matrix
1.2 Report objectives and structure
Report Guide
Chapter 2: Business and technology issues in IAM
Chapter 3: Identity and access management and compliance
Chapter 4: Identity services in the cloud
Chapter 5: Federated identity
Chapter 6: Technology comparison
Chapter 7: Technology Audits
Chapter 8: Vendor profiles
Chapter 9: Glossary

BUSINESS AND TECHNOLOGY ISSUES IN IAM
2.1 Summary
Catalyst
Ovum view
Key messages
2.2 Identity and access management projects are large-scale investments
Business strategy must drive technological decisions
The benefits of IAM
IAM is an essential element of corporate compliance and security
How to run a successful IAM project
2.3 Business processes need to be overhauled
Managing non-employees in the workforce
Leavers
Mergers and acquisitions
2.4 Cloud services add urgency to the need to federate identities between organizations
Use of cloud services requires corporate identity to be externalized
Federation delivering benefits
Technology issues
2.5 The vendor landscape has been rationalized
The vendor landscape has consolidated around big IT suppliers
Sun' s demise has provided the latest crumbs
2.6 Recommendations
Recommendations for enterprises
Recommendations for vendors

IDENTITY AND ACCESS MANAGEMENT AND COMPLIANCE
3.1 Summary
Catalyst
Ovum view
Key messages
3.2 IAM delivers services that are relevant to business improvement, continuity, protection, and compliance
IAM provides vital business services
IAM can be used to improve service delivery - but beware
Controlling identity and user access is vital
Business improvement and compliance objectives need to be addressed
3.3 Regulatory compliance has a demanding impact on most organizations
Organizations need to deal with compliance as part of their operational infrastructure
Addressing the compliance challenges and drivers
Addressing specific compliance issues with IAM
Compliance demands are driven by common themes
3.4 Audit adds urgency to the need for a better IAM infrastructure
Audit helps organizations to prove compliance
Continuous compliance assists with audit processes
Good IAM practice provides business benefits
3.5 Continuity and the lifecycle approach to managing identity delivers business value
Continuity drives the need for IAM
Outsourcing and the use of managed services adds complexity
The effective management of identity is a precursor to successful data loss prevention (DLP)
3.6 Everyone needs to be accountable
IAM provides organizations with well defined access management tools
Compliance demands that users play their part
Role management helps to align many people-to-process issues
3.7 Achieving and proving compliance is a key business objective
The difficulties of achieving compliance need to be overcome
Make use of technology and processes that validate compliance
3.8 Recommendations
Recommendations for enterprises
Recommendations for vendors

IDENTITY SERVICES IN THE CLOUD
4.1 Summary
Catalyst
Ovum view
Key messages
4.2 The need for an internet identity is now recognized
The Internet identity ecosystem
The business imperative
The challenges
Where the need lies
Internet identity is gaining momentum
Privacy and security concerns
The high-assurance identity market needs to move out of the public sector
4.3 Several levels of identity assurance are needed
Online identity needs to follow successful models from the physical world
Online identity requirements
OpenID shows the opportunities and the challenges
Leveraging government standards
The PIV standards
EU OpenID trust profile project
4.4 Legal and commercial issues are still of paramount importance
Business case development
Commercial models
Assurance versus privacy
Banking regulations
Identity brokers
4.5 Technology is being developed for internet identity
Open Identity Trust Framework
OASIS ID Trust
U-Prove
National ID cards and mobile phone SIM cards
Combining PKI and IAM
Orange ID selector
4.6 Recommendations
Recommendations for enterprises
Recommendations for vendors

FEDERATED IDENTITY
5.1 Summary
Catalyst
Ovum view
Key messages
5.2 Organizations can benefit from using a federated approach to identity management
Federation offers advantages and convenience to enterprises and users
Sharing information resources is not a new concept
For federated identity management to be effective, partners must share a sense of mutual trust
Authentication data can be passed across secure domains to business partners, enabling SSO to extend beyond organizational boundaries
Security should not hold back the sharing of inter-company information flows
5.3 Drawing up clear rules of engagement is important
Trust is a vital component of successful federated relationships
FIM supports loosely coupled through to legally binding relationships
Federation brings B2B relationships up to date
Governing entity approach - the collaborative model
Founder approach - the consortium modelA fixed number of founders (the consortium) form an association using an agreed multi-party contract that sets the rules that govern the relationship. Control stays with the founding members. As shown in Figure 3, this is a form of FIM that operates effectively in closed environments. However, the approach appears to have restricted flexibility when looking at break-up requirements or the addition of new members.
Single founder approach - centralized modelAs shown in figure 4, a single founder sets the rules of engagement for membership to the group that it controls. From its position of strength, the owner agrees new federated relationships with other group members on the terms that it controls and chooses to make available.
Organizations also profit when consumers are able to reap the benefits of a federated SSO culture
Consumers are further disadvantaged
OpenID is addressing some of the early adopter issues for public and private identity usage
5.4 Making better use of standards is the way forward
Standards organizations are developing architectures and tools to encourage federated identity
OASIS and Liberty provided the lead in developing standards for federated identity
The role of the Liberty Alliance has transitioned to Kantara and OASIS, and other interest groups are co-operating
5.5 Recommendations
Recommendations for enterprises
Recommendations for vendors

TECHNOLOGY COMPARISON
6.1 Summary
Catalyst
Ovum view
Key messages
6.2 IAM Features matrix
Features Matrix methodology
Features Matrix
6.3 IAM Decision matrix
The leaders: CA, IBM, Novell, and Oracle
The challengers: Evidian, Hitachi, and Microsoft
The Prospects: Entrust and RSA
6.4 Vendor analysis
CA Technologies: Identity and Access Management Radars
Entrust: Identity and Access Management Radars
Evidian: Identity and Access Management Radars
Hitachi-ID: Identity and Access Management Radars
IBM: Identity and Access Management Radars
Microsoft: Identity and Access Management Radars
Novell: Identity and Access Management Radars
Oracle: Identity and Access Management Radars
RSA Security: Identity and Access Management Radars

TECHNOLOGY AUDITS
7.1 CA Identity and Access Management Suite
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Market opportunity
Go to market strategy
Implementation
Deployment examples
7.2 Entrust IdentityGuard, GetAccess, & TransactionGuard
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Implementation
Deployment examples
7.3 Evidian IAM Suite (version 8)
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Implementation
Deployment examples
7.4 Hitachi-ID Portfolio
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Implementation
Deployment examples
7.5 IBM Tivoli Identity and Access Management Products
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Implementation
Deployment examples
7.6 Microsoft Forefront Identity Manager 2010 and Associated Products
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Market opportunity
Go to market strategy
Implementation
Deployment examples
7.7 Novell Identity Manager 4 Advanced Edition
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Implementation
Deployment examples
7.8 Oracle Identity and Access Management Suite - Release 11g
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Implementation
Deployment examples
7.9 RSA (The Security Division of EMC) Identity & Access Management
Catalyst
Key findings
Ovum view
Recommendations
Solution overview
Solution analysis
Product strategy
Market opportunity
Go to market strategy
Implementation
Deployment examples

VENDOR PROFILES
8.1 ActivIdentity
Company profile
Product description
8.2 Aladdin (SafeNet)Company profile
Product description
8.3 Avatier
Company profile
Product description
8.4 Aveksa
Company profile
Product description
8.5 Beta Systems
Company profile
Product description

8.6 BMC
Company profile
Product description
8.7 Courion
Company profile
Product description
8.8 Cyber-Ark
Company profile
Product description
8.9 Fox Technologies
Company profile
Product description
8.10 Imprivata
Company profile
Product description
8.11 Passlogix
Company profile
Product description
8.12 Ping Identity
Company profile
Product description
8.13 Pirean
Company profile
Product description
8.14 Red Hat
Company profile
Product description
8.15 SailPoint Technologies
Company profile
Product description

8.16 SAP
Company profile
Product description
8.17 Sentillion
Company profile
Product description
8.18 Siemens
Company profile
Product description

8.19 WSO2
Company profile
Product description

GLOSSARY
Glossary
Access control
Access control list (ACL)
Analytics
The American National Standards Institute (ANSI)
Application server
Application programming interface (API)
Authentication
Authorization
Business-to-business (B2B)
Business-to-consumer (B2C)
Business-to-citizen (B2Cz)
Biometric Application Programming Interface (BAPI)
BioAPI
Business Process Execution Language (BPEL)
Certificate authority (CA)
Cloud computing
Circle of trust (CoT)
Data Encryption Standard (DES) and Triple DES/3DES
Data Loss Prevention (DLP) technology
Demilitarized zone (DMZ)
Domain Name System (DNS)
Directory Services Markup Language (DSML)
Enterprise Web 2.0

EMV 2000
Enterprise Resource Planning (ERP)
Extranet

ESSO

FIPS
File Transfer Protocol (FTP)

GSM

GRC
Graphical user interface (GUI)
Health Insurance Portability and Accountability Act (HIPAA)
Hardware security module (HSM)
Homeland Security Presidential Directive (HSPD)
Hypertext markup language (HTML)
Identity Federation Framework (ID-FF)
IdF
Identity Services Identity Specifications (ID-SIS)
Identity Web Services Framework (ID-WSF)
Internet Protocol Security (IPSec)
Integrated Services Digital Network (ISDN)

ISO
Internet service provider (ISP)
Information Technology Infrastructure Library (ITIL)
Java EE (formerly J2EE: Java Platform, Enterprise Edition)
Java Message Services (JMS)
Kantara Initiative
Kerberos
Lightweight Directory Access Protocol (LDAP)
Middleware

.NET
Network Access Control (NAC)
Organisation for the Advancement of Structured Information Standards (OASIS)
Open Database Connectivity (ODBC)

OS
OTP (One-time password)
Payment Card Industry Data Security Standard (PCI DSS)
Personal identification number (PIN)
Public Key Infrastructure (PKI)
Portal
Registration authority (RA)
Remote Authentication Dial-In User Service (RADIUS)
Radio-Frequency Identification (RFID)
Return on investment (ROI)
RSS feeds
Software as a service (SaaS)
Signatures and Authentication for Everyone (SAFE)
Security Assertion Markup Language (SAML)
Simple Authentication and Security Layer (SASL ) protocol
Small and medium enterprises (SME)
Simple Mail Transfer Protocol (SMTP)
Service-oriented architecture (SOA)

SOAP
Social media
Sarbanes-Oxley Act (SOX)
Service Provisioning Markup Language (SPML)
Secure Sockets Layer (SSL)
Single sign-on (SSO)
Total cost of ownership (TCO)
Transmission Control Protocol/Internet Protocol (TCP/IP)
The Open Group
Transport Layer Security (TLS)
Two-factor authentication
Uniform Resource Locator (URL)
Virtual local area network (VLAN)
Virtual private network (VPN)
Wide area network (WAN)
Web 2.0
Web service
Workflow Management Coalition (WFMC)
Workflow
Web Services Description Language (WSDL)
WS-Federation
Web Services Flow Language (WSFL)
Web Services Interoperability (WSI)
WS-Policy
WS-Privacy
WS-Security
WS-Trust

X.509
Extensible Access Control Markup Language (XACML)

XLANG
Extensible Markup Language (XML)
XML Common Biometric Format (XCBF)
XML Key Management Specification (XKMS)
XML signature

APPENDIX
Methodology
Author(s)
Ovum consulting
Disclaimer


Back to Top