|
IDC OPINION
Increasing global regulatory compliance mandates, combined with budgetary and staffing constraints, continue to drive organizations to look for better ways to costeffectively manage their IT security infrastructure. Identity and access management (IAM) products are a key component of a secure compliance platform to deal with the following issues:
* Password policies are a top concern within IT departments and are included as key IT control for compliance.
* Companies will implement IAM technology to centrally define and enforce a global password policy.
* Investments to automate user and access control can be leveraged across multiregulatory environments.
* Companies need to be proactive, not reactive, in developing, educating, and enforcing enterprisewide security policies and procedures.
IN THIS WHITEPAPER
In this white paper, IDC outlines the issues surrounding user passwords and password management and examines how this technology often serves as a starting point for organizations looking to implement an IAM solution to increase security and achieve compliance. IDC has incorporated elements of the following categories into its research methodology for this document:
* Reported and observed trends and financial activity within the industry
* IDC’s Software Census interviews (IDC interviews all significant market participants to determine product revenue, revenue demographics, pricing, and
other relevant information.)
* Product briefings, press releases, vendor financial statements, and other publicly available information
* IDC’s extensive demand-side research initiatives
SITUATION OVERVIEW
IAM solutions exist to provide a centralized solution for enterprise accounts regardless of their physical/logical location. IAM serves to manage identities for mainframes, Web portals, databases, directories, and mobile environments while providing authentication and account provisioning/deprovisioning functions. This need has been compounded by the explosion of client devices and end-user (or end-use) devices found at the network edge. IDC calls this phenomenon "pervasive computing." Pervasive computing has had a considerable impact on the need to expand the security infrastructure. Subsequently, organizations have an urgent requirement to create a strong, secure, and flexible architecture capable of managing these rapidly multiplying user identities among the growing number of applications and services found within their corporate software catalogues. The password represents the first and perhaps most essential piece of this puzzle. End-user passwords are still the dominant identification and authentication method in computing today. A user simply enters a character string, which is then submitted over the network and matched against a passwords database or an authentication software program. What could be easier? For many years, this was enough. However, the need to balance end-user convenience with effective security and password policies has become increasingly important in today’s ever-expanding world of IT boundaries.
|
