Network World Fusion, June 2, 2003
Building identity management
| Business Layers' software helps gather, clean up user data.
By John Fontana
|User data is the heart of establishing any identity management system but getting accurate user data might not be as easy as many think.
Data about users always is stretched across a number of systems and consolidating it into a "clean" set of attributes about each user is difficult. Provisioning vendor Business Layers has been through the exercise many times with its customers, and this week is introducing eProvisioning Role Out. The software, which will be offered through a service, helps corporations clean up data and create a single user identity that can be plugged into identity management systems, which basically combine security and provisioning software.
"Traditionally, we've seen a lot of hard work and heartache in dealing with [cleaning up] user data," says Gerry Gebel, an analyst with Burton Group. "The issue is something seen historically with directories and metadirectories, and is now a potential stumbling block to deploying identity management."
Gebel says the issue includes establishing the ownership, quality and accuracy of data as it is pulled from human resources systems, databases and other IT systems. Without a reliable set of data, company's struggle to automate provisioning and security that are based on user attributes such as name and job title. "People have taken a step back and tried to approach provisioning in stages, and certainly what Business Layers is trying to provide should help," Gebel says.
The company competes with similar products from Beta Systems.
Business Layers' eProvision Role Out is a service that pulls user data from corporate systems and feeds it into a Microsoft SQL Server database. Once collected, the software executes a number of procedures to collate data about a user and determine the authoritative source for different user attributes to create a single identity. The results then are fed into a directory system that becomes the foundation for an identity management system.
The technology uses online analytical processing tools that are part of SQL Server to interpret the data and metadirectory technology from MaXware to pull together the data.
"We have found that we can reduce the task of cleaning up user data from about two weeks to two days," says David Lavenda, co-founder and vice president of marketing and product strategy for Business Layers. "People are realizing this is a hurdle they need to get over in their provisioning projects."
Once the data is cleaned up, it can be used to support the deployments of Business Layers' eProvisioning software or a competitor's product such as those from Waveset Technologies or IBM.
The average cost of the eProvisioning Role Out service for an organization with 10,000 users and five to 10 identity repositories is $50,000. The service is expected to be available this fall.
Provisioning software vendors are approaching the technology from one of three angles. Start-ups defined the category, but the major systems administration and metadirectory vendors see it as an extension of what they already are doing.