IBM Tivoli Identity Manager (TIM) Version 5.0 is the biggest update to date for the software and the first in two-an-a-half years. TIM 5.0 helps companies dictate who has access to what information and ensure that access is business appropriate. The software also provides centralized reports on security policy, access rights and audit events to ease response to internal audits and regulatory mandates necessary to prove compliance.
The TIM software takes a risk-based approach to manage user accounts, access permissions and passwords for employees, contractors and customers from creation to termination, said Chris Bauserman, IBM Tivoli security and compliance product manager. It's a single point for administering users, their passwords and business roles and their access rights, to ensure that business and security policy is set on all systems and applications across the company.
Many computing environments comprise thousands to millions of users accessing numerous databases, applications and systems. Automating identity management gives a company the control to ensure the right people access the right applications and information, such as corporate financial data or customer and employee information databases.
Bauserman said the software update is intended to improve management of business policy compliance, accelerate and simplify set-up and deployment and enhance productivity of identity management business users and IT administrators. The software features instructional wizards, templates and best practices to cut deployment time and reduce the learning curve for new users. Bauserman estimated a 50 percent reduction in deployment time compared to previous TIM releases.
For VARs and IBM business partners, reducing deployment time will be a big draw, Bauserman said. That, coupled with the easy set-up templates, wizards and best practices will help resellers get their clients up and running.
"Business partners get more predictable, repeatable and profitable results when deploying," he said. "It reduces deployment time for customers and systems integrators to get identity management up and running. Business partners get best practices, templates and wizards baked into the product and it's flexible to customize."
Along with easing deployments, Bauserman said IBM partners will get enhanced ROI tools to share with their clients to help them sell the value, technology enablement and a host of other documentation.
"Business partners will help their end customers in dealing with compliance in a cost-effective manner," he said.
Matt Hickmott, Tivoli security specialist with Watson SCS, a Tampa, Fla.-based systems integrator, agreed that easing deployment will help the channel leverage the Tivoli update.
"For one, it's going to be easier to deploy because of the wizards that are in there," he said, adding that resellers can also leverage the advanced reporting capabilities and the self-service user interface used to manage passwords and access rights. "It walks you through the different configurations for it. It really reduces the turnaround time for deployment"
Hickmott said the new administrator console makes it easier to manage the Tivoli environment and version 5.0 offers a smooth migration path out of the previous version, 4.6.
"It really reduces the amount of custom code you need to do. You just fill in the blanks," he said. "It's really easy to administer. It walks you right through the process. You just go through and select which parts you want to set up."
The software update automatically corrects and removes noncompliant access rights through periodic management review and sign-off. In the past, reviewing user access rights to achieve compliance with internal security policies or legal requirements meant IT admins had to manually produce reams of spreadsheets, email them to business managers and log management response in reports for auditors. Bauserman said that was a painstaking and time-consuming process performed each quarter.
The new Tivoli Identity Manager integrates with IBM Tivoli Compliance Insight Manager, a solution for security audit and compliance management, for audit reports that map to regulations and best practices. It also offers up intelligence and recommended actions on policy compliance issues, chopping out the need to review policies manually.
Bauserman said TIM 5.0 is not just geared toward security experts, but toward business managers, auditors and users as well.
"It's bridging the gap between business managers and IT to give them an understanding of access rights," he said.