Finding the value in Microsoft Forefront Identity Manager 2010

Will Forefront Identity Manager give admins the gift of time? Security expert Kevin Beaver examines the value proposition of Microsoft's identity and access management solution.

If there's one thing that's a huge challenge for network administrators, it's lack of time. I've experienced it and seen others struggle to get the bare minimum done before the day is over, and it really is a never-ending cycle.

There's hardly any area of IT where such a scenario holds true more than identity and access management (IAM). Enterprise user management across disparate systems, applications and business units creates the perfect storm to suck all the fun -- and time -- out of network administration.

Microsoft's solution to this issue is Forefront Identity Manager 2010 (FIM), which includes new features designed to take the pain out of IAM and add more time to your day. Microsoft touts FIM's four main areas for identity and access management, as shown below:

Figure 1: Identity and access management via FIM 2010
Identity and access management via FIM 2010

Each area provides visibility, compliance and self-service capabilities -- all of which contribute to a more secure network environment. Windows administrators create policies and workflows via a centralized SharePoint interface for tasks such as:

  • user provisioning
  • password resets
  • group membership management
  • certificate management

The idea is that rather than burdening IT professionals with trivial tasks that others can and should perform, users and their corresponding business managers can handle the workload. The neat thing about this process in FIM 2010 is that users have the ability to perform many tasks from within their own Microsoft Office applications that everyone's already familiar with. It's a smart move by Microsoft, as it allows users to perform business-related tasks that are often confusing and easy to botch via a program like Outlook rather than an unfamiliar interface.

In addition to its automated provisioning and access capabilities, FIM 2010 goes beyond the Microsoft realm to provide connectors and synchronization capabilities to Novell eDirectory, Lotus Notes, Sun, Oracle and others. No shock there.

Forefront Identity Manager 2010 has other risk management-related benefits as well, providing support for separation of duties, enhanced audit trails and increased visibility into the network environment. This centralized insight and control could come in handy during security audits, compliance-related issues and -- heaven forbid -- security breaches. Outside of increased efficiency and simplicity, these security-related benefits can make a big difference.

Is FIM 2010 a winner?

We've no doubt gotten to a point in business where information system complexity has a direct impact on productivity, visibility and security. Being on the receiving end of IAM in my work and seeing how so many administrators continue to struggle with the process, I can't imagine not having something like FIM 2010 in all but the smallest of shops.

I'm a strong believer that tasks should be delegated to others where it makes sense. This will be a hard sell to some folks in IT who don't want to give up control. Success in IT depends on the ability to come up with unique solutions for not only keeping the shop running, but making things better over time. In the end you're not giving up control, but rather demonstrating that you're confident enough in your abilities -- and the abilities of others -- to let go of the trivial stuff that merely serves to drive you batty.

Will FIM 2010 actually live up to the hype? After all, talk is cheap. The marketing folks at Microsoft can make FIM 2010 sound like the best thing since Novell NetWare, but that's easy for Microsoft. Time will show us whether or not they can deliver, but things are certainly looking good on the IAM front.

Make some time to download and evaluate FIM 2010 and see how it can take some of the pain out of your everyday work. If you look in the right places from the proper perspectives, I suspect you'll find that it will more than pay for itself right out of the box.

ABOUT THE AUTHOR
Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC where he specializes in performing independent security assessments. Kevin has authored/co-authored eight books on information security including Hacking For Dummies now in its third edition. He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at his website www.principlelogic.com.

This was first published in September 2010

Dig deeper on Windows Identity and Access Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close