SIM and IAM – Don’t Forget DLP
Posted by Bob Craig - Dir Prod Marketing on Fri, May 08, 2009
In an article "
Changing times for identity management" published by
Information Security magazine, Burton analyst Mark Diodati makes some interesting and useful observations about the current and future state of the identity and access management (IAM) market.
Diodati makes a great point of the need to do a thorough evaluation of any IAM solution you're planning to deploy, including a recommendation to "...install the identity management products in your development environment, and test them against your existing applications..." Our experience is that customers find it's well worth the time and effort to do a rigorous proof of concept to clearly understand the features, ease of implementation, and long term support requirements of each solution within their IT ecosystem.
Courion's Access Assurance vision focuses on "ensure only the right people have the right access to the right resources and are doing the right things", so we were interested to see Diodati call out security information management - SIM (sometimes referred to as security incident event management - SIEM) as an important, fast growing segment of the IAM market.
Integration between IAM and SIM technology addresses the need to make sure that users are "doing the right things." However, SIM tools are notorious for generating lots of false positive alerts - alerts that turn out not to be a problem. Since the real issue is sensitive data at risk of exposure, Courion believes that integrating data loss prevention (DLP) technology into an identity architecture, along with IAM and SIM, adds even greater synergy.
DLP tells you when and where sensitive data is vulnerable, SIM tells you which user accounts have accessed the data, and IAM adds the business context of who the user is, what department they work for, what other access entitlements they hold, etc. The combination of identity, SIM and DLP makes it easier for security administrators and IT managers to focus their remediation efforts on those situations that represent the highest level of risk to the enterprise.