How many times a day does a system administrator wish he had an opportunity to watch a live color image of what is going on at any network computer in real time? A sysadmin of a corporate network certainly has his hands full. Giving a helping hand to the employee who is having a technical problem at any given moment is probably one of the most important demands of being an admin, and the most time consuming. So anything that makes the job of remote troubleshooting easier and more effective will probably be welcomed. One technological enhancement that fits that bill is a new software system called Anyplace Control (http://www.anyplace-control.com). Developed by Anyplace Control Software Inc., the program allows a network sysadmin to monitor and control any remote PC in a network giving remote access computer with no need to stand up and walk to the physical location of the specific PC.

The system consists of Admin and Host modules that should be installed on the local computer and a remote one. The product requires both computers to be hooked to each other via the Internet or a LAN. The connection between these PCs can be established in two ways, either via an IP address or a DNS name or over the Internet using an account name and a nickname. In the latter case, the account type of connection allows bypassing routers and firewalls automatically granting remote access computer. Moreover it isn’t necessary to open any ports on the firewall that allows to keep a significant security level. So there is no need neither for users nor for admins to tweak network tuning at all which makes the program an easy to implement one.

After installing the program, administrator just goes about his everyday activities without doing anything special. At any moment, he can start Anyplace Control to get an easy remote access computer in a network, and if there is a need to help a remote user, takes control over remote computer, with his mouse and keyboard as if he were sitting in front of it. admins can move the necessary files between PCs, install new software, restart and shut down remote workstations and do anything else that one would normally do at the local workstationcomputer.

Spheres of Product Application

Anyplace Control is a reasonable alternative to Virtual Private Networks (VPN). Corporate computer networks which are located in the same or different countries can be consolidated into a single common network. Company employees can have full remote access to the necessary PCs of the other branch through the secure communication channel provided by Anyplace Control.

A special helpdesk edition of Anyplace Control enables help-desk specialists to provide remote tech support via the Internet or LAN to the customers who cannot resolve PC failures on their own. A technician can have easy remote access to the customer’s desktop and fix any issue on the remote machine rapidly (reducing the general cost of the help-desk services to the end user).

Corporate networks aren’t the only sphere of product deployment. White collars may find Anyplace Control useful while going to the business trips and taking part in meetings. Such unpleasant situations as missing PowerPoint presentations happen not so rarely as one may think. But issues of such nature are far less annoying when using Anyplace Control. Keeping the laptop open, click on the Anyplace Control icon and get full remote access to the home or office PC established over the Internet. Remote desktop displays the data as you left it, so it is pretty easy to browse to the folder where the presentation is saved, copy the missing file to the laptop using the file transfer option in Anyplace Control or simply start the presentation on remote desktop and let the others watch it on the laptop screen.

Using Anyplace Control, an individual can help relatives and friends to resolve computer issues without leaving the comfort of home chair. The product is also a tool for sharing files with friends. Transferring music, photos or documents directly to the friend’s computer is easy with Anyplace Control.

With Anyplace Control each user, either a home or a corporate one, can find the product meeting to only one’s requirements but budget as well.

Access, Computer, Frontiers, Hand, Helping, Network, Remote

By Jose Allan Tan

Months after Joe left his employer there was a major breach of security at his former company. Weeks of investigation identified the culprit as someone accessing the company’s intranet using Joe’s ID and password. Joe was gainfully busy at his new business so he wasn’t aware of the event until he was approached by police detectives piecing the puzzle together.

The fault here lie not so much in Joe’s possible carelessness in letting someone get hold of his network ID and password. It is more a failure on the company to implement policies regarding access to the network for anyone who has (or may have had) access to the system.

According to the “IDC Asia/Pacific Semiannual Security Software Tracker, 2H 2006″, I&AM software market in Asia-Pacific (excluding Japan) is estimated to be about $190 million in 2006.

“Many enterprise I&AM solutions have been built as point products or homegrown implementations. Additional patchwork modules were then added to these implementations, as requirements change over the years. The market is demanding for more holistic I&AM solutions and many vendors are positioning their products to meet this need,” said Willie Low, senior market analyst for IDC Asia/Pacific.

Access denied

Uttam Majumdar, chief of consulting and professional services at Locuz Enterprise Solutions based in Hyderabad, defines I&AM as an enterprise strategy to manage identity lifecycle of its information users and channel their access through secure and policy enforced methods.

The point of I&AM solutions is to limit access to an organization’s resources to those with legitimate access. Without it, an organization is at risk. The larger the organization the more resources are in need of protection, and the more complex the systems and policies become.

As a business expands and adds more users in need of access to the system, whether employees, partners or suppliers, the greater is the need for an automated system of processing applications for access and managing the lifecycle of those users. Delays in providing access to legitimate users will naturally translate to lower productivity and discontent in the workforce. Conversely, the window of vulnerability expands the longer it takes for the company to revoke access rights where appropriate.

Igor Janicijevic, Principal Security Architect at Cybertrust, defines I&AM as an enterprise-wide service that combines business processes, technologies, and policies to manage digital identities and specify how they are used to access resources. Activities include user provisioning, permission management, and password management, as well as synchronization of identities and accounts between different IT systems. “I&AM cuts across different functions within the enterprise, and increasingly in many cases involve external organizations, such as customers and suppliers,” said Janicijevic.

According to Jerry Cox, CA’s Director of Security Solutions Asia Pacific I&AM’s solves the issue of security threats is by linking policy-based access enforcement policies to identities. “Based on an individual’s role, or job description access rights on mainframes, distributed operating systems, web applications and even custom applications are enforced. The business role is tied to the identity and the identity is tied to the access, or authorization policy. Sometimes this is referred to as role-based access control,” says Cox.

Creating I&AM policies and implementing these through a combination of process and technology costs money. But the key issue here is not the cost of having the system but the greater cost of not having one. I&AM can be akin to having an insurance policy. You may think you are giving away hard earned money to someone for providing something you can’t see or touch. But when an accident happens you are glad you took on the policy to cover you.

Selling proposition

One of the challenges CIO faced with proposing I&AM projects is to develop the business case to justify the additional budget. I&AM initiatives are not typical IT infrastructure projects. They morph together business processes, policies and technologies and aim to provide an enterprise wide service that most ROI models cannot deal with. “From the CFO perspective, the issues that need to be taken into account are integration costs over time, provision of service and associated benefits on an enterprise-wide scale across multiple business units and corporate departments,” said Janicijevic.

The right approach

Any I&AM initiative will be complex and involve company-wide processes. At times the challenge is just figuring out where to begin.

Janicijevic suggests that organizations conduct a strategic analysis of critical business processes, and take into account key business drivers and articulate the enterprise-level requirements for access management before considering any particular technology for implementation.

“Too often organizations are lured into a technology-centric approach, which sometimes leads to an attempt to modify the way they do business to suit the capabilities and features of a chosen technology. The technology should be implemented to serve the business needs, not the other way around,” cautions Janicijevic.

It is also important to make sure that there is a good understanding of the strategic direction for the organization. I&AM investments can be large and it is important to have a clear understanding of a company’s business directions to make sure that the chosen model will serve the organization well into the future. Barring that, the strategy and solution must be flexible enough to adapt to new business and market realities in the future.

The best policy

CA’s Cox believes that one of the benefits of I&AM is the ability to externalize both identity and access management policies. He notes that policies can be tied to business processes vs. just specific systems or applications. “This allows policy to be defined around business needs and risk management objectives instead of being implemented haphazardly by a myriad of system and application administrators that may or may not understand the value of the data,” he adds.

Policy at a minimum should encompass those systems and applications that are critical to the business success of the corporation or data that is sensitive and can not be compromised.

The I&AM enforcer

Having policies in place is one thing. Communicating and enforcing these is another. I&AM policies protect a company’s most important assets and must be defined and implemented at the highest levels in a corporation. Corporate governance is becoming mandatory across many parts of Asia. What started as a US franchise is now spreading throughout the rest of the world. Governance includes the protection of corporate data assets from compromise and a regular review of implemented security controls is mandatory. We may not have seen the high profile jailing of senior executives as those in the US but certainly we are starting to see local executives making headlines in their own way. What is certain is that accountability is becoming a fact of corporate life.

The challenge for Asia is the delegation of responsibility for the company’s corporate data. Today, this is still left in the hands of system administrators who have traditional day jobs for which they were hired and are accountable to.

The role of a Chief Security Officer (CSO) is underdeveloped and under addressed. Cox believes that things will change. Security needs to be seen as a critical business issue, not as an afterthought.

The CSO needs the power to both define and enforce security policy. If a new system or application does not meet a corporation’s security policy, the CSO needs to have the authority to prevent the system from going on-line until security concerns are addressed. This is one of the reasons a CSO should not report up through the IT line of command, but directly to the CFO or President of a corporation.

“They are the watchdogs that ensure company resources are adequately protected and should not be influenced or allow systems to be compromised to meet development deadlines or other pressures,” says Cox.

Identity and access management best practices

Different companies have different priorities and likely will have unique approach to developing their I&AM strategy and executing it. The path may be slightly different but the similarities begin below.

Identify and address key business needs and objectives, including both “hard” and “soft” benefits in the business case. Explain the initiative in business terms, and explain clearly what the proposed business benefits are. Unless you are presenting to a bunch of IT geeks, avoid the technical elements of the proposed solution. Remember I&AM initiative is not an exercise in technology alone.

In any complex undertaking, the business processes often present much bigger hurdles for any successful implementation. So test the proposed business process not just the technology. Often technology becomes easy to implement once the business process issues have been ironed out.

Don’t let sales people fool you into a sense of false expectation. Each business is unique and any complex solution requires customization as you integrate the new solution into the business process. It is important to implement a robust and effective exception management process. Your organization may have existing legacy applications that may not act very well with the new solution. Some of the systems may not be integrated in a cost-effective manner so the appropriate exception management process may be required.

Technology and business processes change dynamically as businesses integrate into the global economy. The added uncertainty should not deter you from implementing the right solution today. The best way to protect against obsolescence is to implement consistent management practices across the enterprise. Standardizing business processes is the best way to protect any investment and offers a roadmap for future, as yet undefined, changes.

The guide post for any complex undertaking, including I&AM, is the company’s business direction. If you stay true to this course, your identity and access management strategy should deliver value throughout the entire organization.

I&AM is not a point solution. It is a strategy. And the most successful I&AM strategies are those that take a holistic approach to strategy creation. You can implement in phases but the goal must have the entire enterprise in mind.

Definitely outside parties will need to be brought in to help. The choice of vendor Best practice is to evaluate a company’s business objectives and a company’s ability to implement an I&AM solution in the context of those objectives.

Cox offers a I&AM twist to an age old advice: Look for a vendor that has the ability to provide a complete solution — identity management (or enablement), access management (or enforcement) and auditing all the way through.

“The company should be able to provide these functions from the mainframe all the way down through distributed operation systems to custom applications and web services. Also look for a company that is not using software to try and sell more hardware and has a diverse enough solution that they can focus on your business need and not just selling their product. There aren’t very many of these,” adds Cox.

Access, Deploying, Network, Secure