Microsoft Updates Identity and Security Apps

First off, there's Identity Lifecycle Manager, which combines identification management and certificate management -- sort of the chocolate and peanut butter of security, as we once called them, much to the amusement, apparently, of some folks in Redmond.

Anyway, ILM2 -- the "2" part is just a code name for now -- is in release-candidate mode as of this week. Scheduled for general availability in the first half of 2009, ILM2 will include a nifty integration with Microsoft Office that will expand ID and certificate capabilities outside the bounds of IT to regular folks.

For example, a "knowledge worker" (as in a non-IT person, as if IT people have no knowledge) will be able to grant or deny an employee permission to use a network or application via, say, an automatically generated e-mail in Outlook. In other words, an IT person won't have to do it -- a non-IT manager will have simple, Office-based control over who gets to do what, and IT will have control in turn over what the manager gets to do.

"One of the greatest security risks enterprises have is loss of identity," John Chirapurath, director of marketing for the Identity and Security Division at Microsoft, told RCPU in a phone chat late last week. "When somebody leaves an organization, how does IT know? It's really the knowledge worker who knows."

There's a customization opportunity there for the channel, Chirapurath, better known as J.G., said. "ISVs can expand and extend our solution," he said. "At the same time, there is also a very powerful services story. Partners can look at the problem of identity management in a holistic fashion and design the right processes and self-service capabilities so you do identity management right from day one."

Microsoft's also updating another product, Intelligent Application Gateway, with Service Pack 2 for the application. "ILM is really all about identity and certificate management and self service," J.G. said. "IAG is about using those identities and governing access."

IAG SP2 adds virtualization to the mix, as it'll run as a virtual machine on Microsoft's Hyper-V hypervisor. It'll also grant partial access to certain applications, alleviating the "all-or-nothing" nature of access that exists today, J.G. said.

"Today, access is all or nothing," J.G. (and yes, we like calling him that) said. "It becomes a very complex problem because either you have to give [users] all access or no access [to an application]. IAG provides intelligence to that access -- very fine-grained access." A customer could, for instance, access an order-fulfillment part of an application but nothing else, J.G. said.

With SP2, IAG will also support Firefox, as well as Linux and the Mac OS. "Access is not a Microsoft-centric problem," J.G. said. With IAG SP2, hopefully it won't be a problem at all -- or certainly not one worth talking to a therapist about.

Posted by Lee Pender on November 04, 2008