|
 Effective enforcement of security policies is the key challenge
Security is, more than ever, a leading concern in enterprise-class IT. This is particularly true as IT services are increasingly delivered in new, multifaceted ways, both inside and outside organizational walls; one example would be Web applications used by employees, business partners, and even external clients and customers. Maximizing the business value of such applications requires careful, ongoing access and privilege management to ensure that access is never granted to inappropriate parties or in inappropriate ways.
Many complexities, however, mean that obtaining integrated, scalable, effective, and flexible security for applications and application transactions is a challenging goal indeed. Access levels will often be refined by changing security policies, yet implementing those policies in an integrated, consistent manner across many different technological and organizational contexts can be far from simple. Compliance with government regulations is another major consideration, and while achieving compliance is difficult enough, it's also essential to be able to demonstrate that compliance on demand in the event of an audit.
 Access solutions must be able to scale in accordance with growing demand, delivering high performance and high reliability at the same time. And in the pursuit of end-to-end holistic security, it's important that access management solutions also integrate easily and effectively with other elements of the IT infrastructure, ranging from other security solutions to enterprise applications to applications developed internally by the development team.
IBM Tivoli Access Manager 6.1 delivers scalable, security-rich access policies
Via IBM Tivoli Access Manager, organizations can realize all these benefits and more, helping to ensure that access is granted only to the right people, and with the right privileges, across an exceptionally broad range of business and technological contexts. And new features included in the latest iteration of the solution, version 6.1, extend the value premise even further through key enhancements in performance, reliability, and cross-domain integration.
How does the solution work? (PDF,1.2MB) From the standpoint of initial implementation, IBM Tivoli Access Manager 6.1 can be used to create users, cluster them into logical groups, and assign both the users and the groups access privileges to business data, IT services, and other resources. Because these privileges are role-based, translation of business logic into policy specifics is relatively straightforward.
Comprehensive policies can be created and administered in accordance with business responsibilities, goals, and strategies in each case, limiting business risk and simplifying management. The tool's Web-based administration interface means that managers also have easy access to it from anywhere in the organization via any standard browser.
Once deployed and configured, IBM Tivoli Access Manager 6.1 enhances the application access experience for end users in a number of different ways. One that's particularly compelling is single-sign on (SSO); while many services may actually leverage multiple systems, and might therefore require users to sign on multiple times, this problem is precluded via IBM Tivoli Access Manager 6.1's SSO functionality. Furthermore, because the solution integrates with a wide range of enterprise applications and software development tools, this convenience of access can be invoked across many different contexts, ensuring that users always log on once for any particular service, however complex.
Integration with other Tivoli solutions, software development, and third-party products
Just how comprehensive is this range? In order to deliver maximum business value for customers, IBM Tivoli Access Manager 6.1 has been designed with flexibility as a paramount consideration, and as a result, its power can be extended across more domains, more easily, than ever before. On the development side, for instance, engineers will find that they can invoke the solution's features through a set of application programming interfaces (APIs) addressing key functionality such as authentication, authorization, and administration.
These span a host of different languages and development environments including some of the most popular in use today, such as Java (servlets, applications, Enterprise JavaBeans), Microsoft .NET, and C/C++. In this way, in-house applications can realize all the power of best-in-class access management without requiring custom code, while also accelerating deployment and improving build quality. Furthermore, because the solution serves to abstract the details of access privileges away from specific code, changes in access policies do not require changes in applications; that is, applications don't have to be recompiled, but instead simply apply the new access information automatically. And because IBM Tivoli Access Manager 6.1 integrates with IBM Rational AppScan, potential security vulnerabilities in applications, if detected, can be resolved via the creation of a user-to-application tunnel.
IBM Tivoli Access Manager 6.1 also integrates seamlessly with other elements of the IBM Tivoli system management portfolio as a central element of a holistic, proactive security strategy. For example, the solution links with Tivoli Identity Manager to import users, synchronize passwords and empower users with self-service management capabilities for functions such as password resets. It links with Tivoli Federated Identity Manager to achieve cross-domain authentication, authorization and SSO, and also with Tivoli Directory Integrator (a license to which is included) to synchronize user information across different data repositories in place throughout the organization.
What's more, the solution can play a key role for an organization seeking to achieve regulation compliance through integration with Tivoli Compliance Insight Manager, which tracks privileged user activity in real time, and Tivoli Security Operations Manager, which aggregates and analyzes security data, then takes action based on suspicious activity by generating alerts and escalating relevant information.
But the Tivoli Access Manager 6.1 integration story does not stop there; integration with non-Tivoli applications and tools is also extensive. Via the Ready for Tivoli program, support has been provided for such key solutions as the IBM Lotus portfolio, including Lotus Domino; IBM WebSphere; Microsoft Exchange; Microsoft Sharepoint Portal and Sharepoint Services; Oracle Database and Oracle eBusiness; Peoplesoft PeopleTools; and a range of SAP applications, utilities, and development tools.
New refinements for extra speed and robustness
Finally, several compelling new features in IBM Tivoli Access Manager 6.1 help to ensure that high-end performance and availability will be maintained even in unpredictable conditions of escalating demand.
Non-standard, secure load balancing, for instance, is now provided to distribute workloads in proportion to changing requirements, maintaining availability even as demand climbs unexpectedly; failover to alternate Web servers is also supported in the event of a system failure. The solution's integrated proxy server, WebSEAL, delivers exceptional transparency and rapid deployment, and it can now run in multiple independent iterations on a single directory server if necessary.
Session management, too, has been enhanced; managers can impose a ceiling on the number of sessions within each realm, blocking subsequent session creation to ensure resiliency and responsiveness. Similar improvements help resiliency by eliminating unnecessary sessions. Once users have logged out of one session, the solution will automatically log them out of all sessions. Finally, because the solution now supports dynamic configuration, a server restart will not be necessary following configuration changes.
|
