This picture, with caption, is the Steve Jobs I will remember:

Deep thoughts aside, I’d like to wish you all a marvellous holiday period with your loved ones, and extend my best wishes for a successful and prosperous 2012, or as the Lawyer said, “ I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2012, but not without due respect for the calendar of choice of other cultures whose contributions to society have helped make our country great (not to imply that Australia is necessarily greater than any other country) and without regard to the race, creed, colour, age, physical ability, religious faith or sexual preference of the wishee”.

Back to Steve. One of his characteristics that I’ve always admired was his total disdain for the status quo (foolish), and an obsessive focus (hunger) on doing things better; thinking different. As the year end approaches, and out of respect to Steve Jobs, the list below is the little bit of Steve that we’ve applied to First Point Global:

• Too often in IT we exhibit a crowd mentality, and go from one fad to the next. Sometimes it helps to pause and ask yourself some questions. There was lots of talk in 2011 about IAM suites. Without any particular outcome in mind we began searching outside of full suites about five years ago. We were looking for solutions that weren’t being addressed by the full IAM suites, which is only natural when one has customers who are struggling to address issues, like SOX compliance. Suddenly, five years down the track, we find ourselves representing a whole bunch of companies that were started by really smart people; the same people who came from the big companies that pioneered the IAM suites. Could it be that we were subconsciously wanting to become software resellers? No, that wasn’t the case at all – we wanted to do things better. Our Partners page is not a catalogue of products. It’s the result of a relentless pursuit of people with ideas who can make a difference for us and our customers.

• With all that said, many customers continued the trend of buying the IAM suites. A Gartner report entitled “Good Night Suite Dreams” was published on April 1, and it debunked the myth that the IAM suite is better, has better integration, more functionality etc. This contrasts with reports from The Aberdeen Group, which quantified the cost savings associated with the Oracle IAM suite. Confused? Don’t be. If it’s important to you to have a relationship with a large, successful company, and use all their stuff, then go down the Oracle path and you’ll get inward integration – “disk to memory”. If your IT environment is heterogeneous, then maybe an “outward integrating” solution is your best approach.

• Late in 2011, it occurred to us that this whole suite versus best of breed debate was reminiscent of the open systems wars of the 80s. Questions being asked at the time were, “Is UNIX as robust as VMS?”. You can either place your IAM future in the hands of a single vendor, or you can shop the market for the best “things” around. Sun had a tagline circa 1985 of “Open Systems for Open Minds”. We proudly use that as the header for our Partners Page. Just as open systems enabled small companies to innovate and interoperate with UNIX in the 80s, standard interfaces like SAML, SPML, and XACML allow the same capability in IAM products. It’s nice to know we’re not the only people advocating this approach. In 2011, Bank of America, Societe General, PayPal, UBS, RBS, and Boeing all bought open systems, or point solutions (as the disparagers call them) to solve important IAM problems. Foolish?

• In 2011, we joined the OASIS group. I think we’re the only Australian boutique integrator which is an OASIS member. What an amazing organisation. Some of the best IT brains in the world  are working on ways to solve the next round of IAM problems, with innovation and interoperability at front of mind. It’s been an eye opener to see how this process works, and work in progress at OASIS clearly heralds that the days of proprietary IAM suites are numbered. As Molly Meldrum would say, “do yourself a favour and take a look at OASIS”.

• Early this year, I read a paper by Bob Blakley of Gartner. He spoke of Pull Based Provisioning and Attribute Based Access Control using XACML. His vision flew in the face of everything we knew. I wondered what Bob had been drinking. You buy a provisioning system. You spend millions making it work to your target applications, and you implement Role Based Access Control – that’s how it’s done. Then I saw an Axiomatics XACML demonstration using ABAC.  I was shocked. The system could simply pull attributes about a person, then grant access according to current job role, location, time of day, environment – you name it, without having to change a single line of code. As Gerry Gebel, President of Axiomatics Americas says, “Life is too short to spend a day without SAML and XACML”.

• We’ve been beating the SailPoint drum for over five years now. I’m pleased to say that Gartner published their Identity and Access Governance (IAG) Magic Quadrant this month, and SailPoint is the leader. Not just a leader. The leader. Congratulations to the SailPoint team, and G’day to Kevin Cunningham (president and founder of SailPoint) who’s spending Christmas in Queensland this year. Kevin has become very fond of Australia, we guess as a result of numerous trips down here meeting the many “foolish” customers who placed their bet on the capability of the SailPoint team. Welcome back Kevin!

• In 2011, we stopped ignoring the problem of identity management on UNIX platforms. As Forrester said in their end of year wrap up, Microsoft’s AD has become the defacto standard enterprise directory. We found Centrify, who built a marvellous product that allowed an AD systems admin to manage rights and permissions in UNIX using AD admin tools. So we’ve brought Centrify into our portfolio, and it has solved two really big problems. First, AD admins can manage UNIX – great. Second, as an IAM integrator, integration just got a whole lot easier, as all we need to do now is provision to AD. This makes a whole lot of sense, and the benefits are clear when you pause and think about it.

• We’ve seen some amazing apps emerge for the iPad and iPhone this year. Our friends at Layer 7 stopped and thought about the security implications of these “mash ups”. 2011 saw the convergence of good security practice and convenient API management in a single package. The innovative developers gained access to the APIs needed to build mashed up applications, while the security managers were able to control “who had access to what”. Congratulations to Scott Morrison (CTO, Layer 7) and his team for delivering the goods which will continue to enable sizzling applications, while allowing us security-minded folks to sleep at night.

• This year, we worked on a number of Federation projects. Our co-founder, Jan Zeilinga, did a stack of federations for clients. In fact he was so busy with our ForgeRock OpenAM customers, that he nearly finished his White Paper entitled, “Federate in 4 hours”. Keep an eye out for that in the new year. Hats are off to ForgeRock for continuing the evolution of OpenSSO, arguably the best integrated access control and federation product on the market.

• I say arguably, because this month we shipped 99 copies of ACF-B, First Point Global’s own “Access Control. For Beer” product. We shipped it to many of our customers in Australia and overseas, and if yours didn’t arrive, please let me know, and we’ll fix that.

So that’s a wrap folks. Thank you for your friendship and business this year. It’s been lots of fun, and I’m itching to get back into it in 2012. Have a happy and safe festive season.

John and the First Point Global team.

First Point Global Signs Consulting and Reseller Partnership

with Centrify Corporation

- Complements & Strengthens First Point Global’s best-of-breed IAM solution set -

- Leverages Active Directory for centralised management of user access control

for better security and compliance -

Brisbane, 8 November 2011 – First Point Global, the identity and access management solutions company, today announced it has entered into a partnership with Centrify Corporation, the leader in securing and auditing access to cross-platform systems and applications through Microsoft Active Directory. Under the terms of the agreement, First Point Global will provide Centrify solutions, support, and related professional services to organisations looking to enhance their data centre security by centralising access control and privilege management for all their non-Windows servers and desktops within Active Directory on premise and in the cloud.

Centrify enables organisations to reduce IT expenses, strengthen security and enhance regulatory compliance. By leveraging Active Directory and the Centrify Suite, organisations get a cost-effective solution for authentication, access control, role-based privilege management, user level auditing, and server protection for more than 300 operating systems.

Jan Zeilinga, chief technology officer and co-founder of First Point Global said, “The Centrify Suite extends solid identity management practices to the OS platform and applications – solving a number of important platform and application authentication, access and audit issues. Under Centrify, customers can now integrate their UNIX, Linux and Mac OS X users into a comprehensive, centrally managed environment; a massive win for operations and security.

“Our partnership with Centrify reaffirms First Point Global’s best of breed market approach which offers customers smarter next-generation technologies,” Zeilinga continued. “We are committed to enabling our customers to achieve international standards of good practice, compliance, and risk management – ensuring corporate data centres are secure and compliant is central to this mission.”

Matt Ramsay, Centrify’s Regional Director for Asia Pacific based in Australia, said, “We welcome First Point Global to the growing Centrify APAC team. FPG strengthens and broadens our professional services coverage in the region with qualified and experienced IdM engineers. Their track record within existing enterprises and their reach to new customers has already uncovered some mutually beneficial enterprise opportunities for Centrify.”

Regulatory compliance requirements such as PCI and Sarbanes-Oxley, as well as security best practices, dictate that organisations limit access to business-critical systems only to named users whose job role requires it. They must also audit and report on actions taken by those users. In cross-platform environments, establishing accountability by linking privileges and actions to named users can be a complex task. Though Active Directory provides a central repository for Windows user accounts, privileges to UNIX and Linux systems may reside in multiple identity silos, or they may be managed locally system by system. Centrify addresses these IT security and compliance requirements with a comprehensive solution that uses Active Directory to centralise authentication, administration, access control, authorisation and auditing of non-Microsoft systems and applications – whether physical or virtual, on-premise or cloud-based.

About the Centrify Suite

The Centrify Suite lets organisations centrally control, secure and audit access to cross-platform systems and applications by leveraging an infrastructure they already own — Microsoft Active Directory.  Built on an integrated architecture, the Centrify Suite strengthens security, enhances regulatory compliance initiatives, and reduces IT expense and complexity.  The Centrify Suite — consisting of DirectControl DirectAuthorize, DirectAudit , DirectSecure  and DirectManage  — delivers secure authentication and single sign-on, role-based access control, privileged identity management, user-level auditing for Windows and UNIX systems, server isolation, and encryption of data-in-motion for the industry’s broadest set of heterogeneous systems and applications.

About First Point Global

First Point Global is a leading identity and access management (IAM) solutions provider. Its philosophy is based on an open systems approach to IAM, enabling customers to adopt class-leading components, and achieve rapid deployment without the proprietary lock-ins associated with homogenous vendor suites. Its customers include major banking, insurance, telecommunications, media, retail, education and government organisations in Australia, New Zealand and Asia. Visit www.firstpointglobal.com to learn more.

About Centrify

Centrify delivers integrated software solutions that centrally control, secure and audit access to cross-platform systems and applications by leveraging the infrastructure organisations already own – Microsoft Active Directory. From the data centre and into the cloud, more than 3,500 organisations, including 40 percent of the Fortune 50, rely on Centrify’s identity consolidation and privilege management solutions to reduce IT expenses, strengthen security and meet compliance requirements. For more information about Centrify and its solutions visit www.centrify.com

###

So what can we expect? For one, Identity Governance is here to stay. Threats to business information and technology infrastructure haven’t gone away and, if anything, must now be even more carefully managed. Compliance is a constant and growing requirement. And controlling user access to sensitive data will remain a high priority. Organisations seeking to ensure their house is in order should consider an Identity Governance solution such as SailPoint’s IdentityIQ which, according to a new note from identity management analysts Kuppinger Cole, “should be included in any shortlist of platforms for Access Governance under evaluation.”

More interestingly and particularly challenging in this new era will be the requirement for adaptable methods for providing security such as authentication.  OAuth is the default authentication method and a sound identity management strategy must entail careful consideration of how API interfaces make use of OAuth.  Smaller organisations or point solutions might look at building OAuth support into applications.  But this has ongoing support issues. OAuth is still emerging and you need to decide if we will build your apps using OAuth 1, OAuth 1a, or OAuth 2.0?  What if you need to add HMAC support (digital signatures)?  The standard is evolving very fast but so too are the security needs of your applications – especially as your enterprise apps mature, or you use third parties either directly or via a community group to build and extend them.

A significantly more flexible model would be the use of an API proxy, such as Layer 7’s API Proxy or its premium CloudConnect Gateway:

This technology enables you to ‘commoditise’ the security with out-of-the-box OAuth support.  Simply by deploying the technology in front of your APIs you can start using OAuth. So if you’re building an application, or doing a COTS implementation, you don’t need to worry about security: once a user’s request is received, all the security is taken care of.  Importantly, as your security needs advance, you can make all the necessary changes in a single place. Plus, it provides a method to provide backwards compatibility.  Today, all your apps use OAuth 1.0a. Tomorrow, the risks change and you want to implement OAuth 2.0 with HMAC support.  Most likely the implementation required by your risk department will be available in the API proxy.  But if not, no need to worry, the technology is based on Java, so you can extend the existing capability to support your new needs.  Once implemented, the challenge is then how to update all the apps.  Not all users will update their apps on a regular basis.  So you will need a way to accept the old authentication method until the users update their apps.  Once again, this can be handled at the proxy layer in a standard way.  Adding auditing will allow you to also see how many of the users have switched over.

Closing thoughts:

• Commodisation of security into a proxy gives you flexibility
• Not all APIs are built securely
• Not all API interfaces are flexible
• OAuth protocol is emerging and constant changes are expected
• Always keep your users in mind. Just because you want to use the latest security fixes, does not mean the users are ready for them.  Think of your users.

Open standards allow innovative technology creators and consumers to build better solutions faster, and for less. Harnessing the collective thought of the world’s brightest, open standards unleash us from the trap of closed vendor offerings.  The emergence of WS Security, SAML and XACML are examples of powerful, productised open standards which have enriched the discipline of identity and access management. And that is why we are pleased to announce:

FIRST POINT GLOBAL JOINS OASIS

- Demonstrates Commitment to Advancing Open Standards & Best Practices-Based IAM Solutions -

Brisbane, 12 October 2011 – First Point Global today announced it has joined the international open standards consortium OASIS (Organisation for the Advancement of Structured Information Standards) as a contributor member affirming its commitment to help shape the future of the global identity and access management (IAM) market.

OASIS is a not-for-profit, global organisation that drives the development, convergence and adoption of open standards for the global information society. Its members broadly represent the marketplace of public and private sector technology leaders, users and influencers. Members decide how and what work is undertaken through an open, democratic process. To date, OASIS members have developed more than 80 standards including ebXML (ISO 15000), Open Document Format (ISO 26300), SAML, WS-Security and XACML.

Commenting on the new membership, John Havers, CEO and founder of First Point Global said: “It’s the right thing to do for a company like us, as OASIS is a global melting pot of thought leaders with particular influence on the direction of identity and access management. It will give us a broader perspective than might otherwise be gleaned from our own ecosystem of customers and partners.”

“While we have close partnerships with a number of select vendors, we recognise that innovation is driven by end user requirements from all corners of the globe, including the requirements of our own customers. As a contributor to OASIS, we will have the opportunity to represent our customers’ needs during the standards-setting process, and potentially advance the state of the art. OASIS membership also provides an important new platform for our engineers’ social and career development through active participation with some of the smartest in the business.”

“First Point Global has long been a supporter and implementer of OASIS security and identity management standards, including XACML and SAML. It is great to have them ‘inside the tent’ now, contributing to the decisions that shape these and other standards,” said Laurent Liscia, executive director of OASIS.

ABOUT FIRST POINT GLOBAL

First Point Global is a leading independent identity and access management (IAM) solutions company. It helps organisations manage key information assets for measurable commercial outcomes including access management for compliance and audit; automated user provisioning for increased operational efficiency and cost savings; and enhanced access enablement and control for extended business reach. First Point Global partners with best of breed technology companies to deliver state-of-the-art capabilities and services. Its customers include major banking, insurance, telecommunications, media, retail, education and government organisations in Australia, New Zealand and Asia.http://firstpointglobal.com

ABOUT OASIS

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for cloud computing, security, business transactions, electronic publishing, Smart Grid, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

In between attending FST Media’s Cloud Conference in Melbourne and Sydney, we met with a number of our banking and insurance customers and other major organisations. A key takeaway from these meetings was the increasing need among commercial and public sector organisations for secure and reliable API management solutions – in line with a trend Layer 7 is seeing among its blue-chip global customer base, according to Scott.

Essentially, API management is about enabling a business to open up select internal data and functionality to third party developers and partners in order to capitalise on external innovation, reach new customers, create new revenue streams, and build brand loyalty. The emerging masses of iOS and Android developers would be examples of such collaboration. Internal applications can be extended to customers as a means of automating interactions, thus lowering costs. For instance, an app could allow them to update their personal information.

The fundamentals of API management are about creating an enforcement layer and a developer portal.  Most people at the technology level understand the enforcement layer.  They know they need to secure inbound and outbound APIs;  APIs exposed as Web Services or JSON all carry their own threats and integration challenges.  The Layer 7 technology enables this integration and mitigates against API threats and unauthorised access.

But this is only half the story.  The other half is about how you manage and report on the developers who use your portal. That is where the Layer 7 API Portal is key.  Imagine a dashboard that lets you know who is developing to your API, what the value of each developer is, and what services are actually being consumed by customers via smart phones.  This is real power.  And all provided as a turnkey solution.  In the coming weeks, First Point Global and Layer 7 will be running a series of Australian Webinars on this topic.  Please get in touch if you are interested in joining us and learning more about how you can derive real business value from API management with Layer 7’s API Portal.

To learn more about the suite of SOA and API Management tools offered by Layer 7 see http://www.layer7tech.com/products.

This month we are hosting Gerry Gebel, president of Axiomatics Americas, and formerly vice president and service director for The Burton Group’s identity management practice. Gerry will be joining First Point Global on a roadshow around the country from 20 June – I July. Having cut my teeth on Access Management and Authorisation back at Dascom (prior to the IBM acquisition) I can attest to the power and flexibility of Axiomatics’ widely acclaimed XACML implementation. Seeing is believing. Drop me an email if you’d like to meet the man and hear why so many organisations are switching to Axiomatics and XACML. By the way, Axiomatics and SailPoint are partnering to wrap Identity and Access Governance around XACML Policies, delivering the industry’s most advanced access management solution. SailPoint execs, Kevin Cunningham and Collin Perry will be visiting Australia in July and August with more of that story.

Gerry Gebel has authored or contributed to more than 70 reports and articles on topics such as authorisation, federation, identity and access governance, user provisioning and other IAM topics. He’s been instrumental in advancing the state of identity-based interoperability by leading demonstration projects for federation, entitlement management, and user-centric standards and specifications. In 2007, he facilitated the first ever XACML interoperability demonstration at the Burton Group Catalyst conference.  Gerry has some 15 years experience in the financial services industry including architecture development, engineering, integration, and support of Internet, distributed, and mainframe systems.

Gerry comes to us fresh off of taking part in the European Identity Awards last month where XACML 3.0 received an award for most influential standardization effort.

In line with the global trend, Externalised Authorisation is gaining momentum in our region as more and more organisations look for a flexible and relatively easy way to deploy solutions that speed up and improve their access control processes. ABAC offers a dynamic system that enables secure compliance with regulations and corporate policies integrated with existing platforms. This not only provides substantial savings over time, but also opens up new business opportunities.

Axiomatics products and services are used in financial, manufacturing, health care and telecom industries, as well as the public sector – all with complex information security requirements. Its growing list of customers throughout Europe and North America includes: PayPal (the world’s largest XACML deployment to date), Bell Helicopter, Swedish National Health Service, plus one of the world’s largest banks.

If you’re looking for a flexible and relatively easy way to deploy solutions that speed up and improve your access control process, you may be well served by talking to Gerry and First Point Global, and exploring Axiomatics. We’d be delighted to arrange for you to meet with Gerry during his time here. We are planning a couple of after work social functions (Sydney confirmed for June 30) and Melbourne is TBD. If Access Management with XACML is of interest to you, please get in touch with us on 07 3227-1550, or email etweedie@firstpointglobal.com

_____________________________________________________

Axiomatics, the leading supplier of XACML based authorisation solutions, is partnering with First Point Global, experts in identity management solution delivery

April 7, 2011 Stockholm – Axiomatics AB, the leading developer of externalized authorization solutions, today announced it is partnering with First Point Global, a well-known expert at implementing best-in-class identity management solutions. With this agreement, First Point Global becomes an official reseller and solutions delivery partner for Axiomatics in the Asia Pacific region. Established in 2006, Axiomatics continues to be the leader for scalable, externalized authorization solutions built on the XACML standard. Axiomatics is a pioneer in its field, committed to providing ABAC (Attribute Based Access Control) solutions that offer a new paradigm in authorization management. Furthermore, the company has contributed considerable intellectual capital to the XACML standards process at OASIS. First Point Global is a highly acclaimed organization in the field of identity management, thanks to years of experience in delivering successful solutions across several industry verticals in Australia and the broader Asia Pacific region.

“At First Point Global we seek out best-in-class technology partners that can enhance and support our identity and access management offering,” says John Havers, CEO and founder of First Point Global. “As the leading independent supplier of XACML based authorization solutions, Axiomatics was the logical choice for us to partner with.”

“As we continue to expand, and interest in ABAC authorization solutions continues to grow, finding outstanding partners that can represent us in new markets is imperative,” says Babak Sadighi, Axiomatics CEO and co-founder. “We are very happy to become a part of the First Point Global offering, which already includes solutions from some of our other strategic partners. Furthermore, this agreement will not only bring us closer to the Asia Pacific market, it will also open up opportunities for us within a wider scope of industries.”

About Axiomatics

Axiomatics, located in Stockholm, Sweden, is the leading provider of fine-grained and attribute-based authorization (ABAC) solutions. The company has a global customer base within healthcare, finance, manufacturing and the public sector, among others. The Axiomatics Policy Server (APS) protects systems against unauthorized use while enabling smooth sharing of information within and across enterprise borders. Axiomatics actively contributes to the development of the XACML standard and has editorial responsibilities within the OASIS Technical Committee.

About First Point Global

First Point Global is a leading independent identity and access management (IAM) solutions company. It helps organisations manage key information assets for measurable commercial outcomes including access management for compliance and audit; automated user provisioning for increased operational efficiency and cost savings; and enhanced access enablement and control for extended business reach. First Point Global partners with best of breed technology companies to deliver state-of-the-art capabilities and services. Its customers include major banking, insurance, telecommunications, media, retail, education and government organisations in Australia, New Zealand and Asia. Visit www.firstpointglobal.com to learn more.

Contact Information

Elisa Tweedie, Marketing Manager
First Point Global
Email: etweedie@firstpointglobal.com

Good Night Suite Dreams: The Myth of the IAM Suite

This is the title of a research paper that you need to read. Ironically, it tells the story that  ”Magic Quadrant” vendors don’t necessarily have all the answers, and “new problem spaces” may be better addressed by innovative, niche companies.  The report findings are paraphrased below:

• Don’t buy IAM suites because of the promise of better integration or innovation
• Do buy IAM Suites if you’re looking to have a relationship with a vendor
• Look further afield if you’re looking for the best tool for the job

Our take

We agree with this analysis, and have been operating this model for about six years now.  Many of our customers have a hybrid of solutions from industry giants like IBM, BMC and Oracle, which are augmented by innovative solutions from our other partners like SailPoint and Layer 7.  Our approach is not purely binary. If one has ITIM or Control SA installed and operating, we apply the old adage, “if it’s not broke – don’t fix it”.  That is, it’s not that hard to bolt on additional functionality, such as IAI through SailPoint as an example.

Relationships and Technology

Gartner suggests that a key reason for purchasing a suite might be to leverage a business relationship.  We are fully supportive of this principle, and may I just say that it’s possible to have a relationship with an integrator as well as a software company.  We are proud of the fact that we’ve had long term relationships with many customers, and in some cases for 10 years.  To add to Gartner’s point, it is possible to have your cake and eat it too with a company like First Point Global.  You get the links with the industry stalwarts like IBM, a choice of carefully selected best of breed solutions, coupled with advice, services and support, all under one umbrella.

when considering IAM purchases

If you have a relationship with a vendor and you’re happy with that, don’t change it.  If you have a suite, keep it. If you need to solve a challenging problem, and you suspect your vendor may not have a mature solution, or local ability to execute, take a different approach:  Lay out your needs and invite your vendor and prospective niche vendors to perform a proof of concept with your data. This should only take a couple of weeks, and guaranteed, you will be surprised and delighted with the outcome.

ForgeRock has bases in the USA, UK, France and Norway, and has an amazing collection of very experienced people who have been around since the beginning of “IAM”, and have contributed to its evolution. Take a look at http://www.forgerock.com/about.html and see who’s behind ForgeRock. There is no doubt that the IAM market has matured, both in terms of technology (products) and customer awareness. Ten years ago customers were confident to engage with MNCs for their IAM requirements, and quite wary of engaging with newer, boutique companies like First Point Global. Now, with ten years experience under their belts (and the associated successes and failures), customers know as much about this space as the vendors; perhaps more. So the questions being asked today have morphed from “how big is it?” to “how good is it?”,  and “tell me about what you’ve delivered”. Or using a phase construct that HP devised, “Better is better than bigger”. HP once said “standard is better than better” (in the height of the UNIX wars), and that stuck with me.

We look forward to continuing the good work started by Sun Microsystems, and continued by the great people at ForgeRock. Keep up those downloads, and please call us if you need a hand with the nitty gritty. As Neil Young once said, “Keep on rockin’ in the free world”. Read on for the official press release issued today.

First Point Global Signs Consulting, Training and Reseller Partnership

with ForgeRock to deliver Open Source

Identity and Access Management Software Solutions

- Extends and Complements First Point Global’s best-of-breed market offerings -

Brisbane, 23 February 2011 – First Point Global, the identity and access management solutions company, today announced that it has entered into a partnership with ForgeRock, the dynamic new global open source company with offices in the US, UK, France and Norway. Under the terms of the agreement, First Point Global will be the first company in Australia and New Zealand to deliver consulting and training services in support of ForgeRock’s open source identity and access management (IAM) portfolio thus offering a smooth migration path for former Sun Microsystems customers following the acquisition of Sun by Oracle in early 2010.

As a result of ForgeRock’s sponsorship and commitment to Sun’s identity management product development roadmap, Sun’s OpenSSO and OpenDS software projects continue to thrive in ForgeRock’s integrated I3 Open Platform as OpenAM, the market leading open source authentication, authorisation, entitlement and federation solution, and OpenDJ, a LDAPv3 compliant, Java-based directory server – both rebranded for trademark reasons.

In addition, ForgeRock recently announced the launch of OpenIDM, an identity management and user provisioning solution, and the third pillar of its IAM portfolio. OpenIDM milestone 1 provides Web-based enterprise provisioning capabilities to a wide range of IT systems and resources such as databases, directories, ERP-systems and access management suites all accessible by administrators and users via a customizable web 2.0 (AJAX) user interface. OpenIDM integrates with OpenAM and OpenDJ but can also be used independently.

According to John Havers, CEO and founder of First Point Global, “We are delighted to announce our partnership with ForgeRock and very excited about what it means for the Sun user community in our region. The alliance allows Sun customers to restore continuity to their initiatives which were disrupted by the acquisition of Sun Microsystems. Customers now have options. And where there are options, there is competition, better products and better value. Customers win.

“Our partnership with ForgeRock is an example of First Point Global’s best of breed market approach which offers customers next-generation technologies from the best people and the best start-ups from around the world.” he added.

“We’ve already seen huge interest from Australia, both from former Sun customers left without a viable solution and from others drawn by the scalable, reliable and open source I3 platform,” said Lasse Andresen, CEO of ForgeRock. “First Point Global’s commitment as a trusted advisor to customers, outstanding leadership and technical expertise will ensure this partnership provides a way to meet customer needs.”

The first regional, public OpenAM Deployment Workshop is scheduled to take place in Sydney 12-15 April 2011. To enquire or enroll email: training@forgerock.com.

About First Point Global
First Point Global is a leading independent identity and access management (IAM) solutions company. It helps organisations manage key information assets for measurable commercial outcomes including access management for compliance and audit; automated user provisioning for increased operational efficiency and cost savings; and enhanced access enablement and control for extended business reach. First Point Global partners with best of breed technology companies to deliver state-of-the-art capabilities and services. Its customers include major banking, insurance, telecommunications, media, retail, education and government organisations in Australia, New Zealand and Asia. Visit www.firstpointglobal.com to learn more.

About ForgeRock
A global company with bases in the UK, USA and Norway, ForgeRock is committed to continuity of innovation and service for the existing and new open source interaction, identity, and integration software found within the I3 platform. ForgeRock provides customers with enterprise-class subscriptions for the platform as well as training and access to an extensive partner community. For more information, visit http://www.forgerock.com.
###

Governance and compliance will continue to be the main drivers

In 2010 a number of our customers started projects to address audit deficiencies around User Access Revalidation (UAR). These were projects that had business involvement, and board level visibility, as the compliance mandates were a requirement of “staying in business”. The results of these projects were spectacular – for the first time, business users (certifying managers) gained true visibility of “who has access to what”, and the ability to approve or rescind access according to a business policy. That was a great leap forward for identity and access management through the eyes of business, who, after all, fund these initiatives. Analyst firms like Gartner branded this component of IAM as “Identity and Access Governance”, or IAG. 2011 will see IAG systems proliferate, and there is “goodness” in IAG outside of attaining compliance.

Provisioning Simplified

A key audit requirement is to define the “as is state” of user access entitlements. Our customer projects confirmed that the entitlements warehouse established by the IAG platform created a central “source of truth” and reality! This in practice is a stark contrast to the multiple and mostly incomplete “sources of truth” that are the backbone of the current generation of provisioning systems. Furthermore, the IAG platforms have the ability to describe policy using a “point and click” configuration paradigm. Sounds fancy? This means you don’t have to write countless workflows, which, by our records was a huge component of provisioning system deployments. In 2011, organisations will drastically reduce the complexity of their provisioning deployments by performing business logic and workflow in their IAG platforms.

Architectures will change

We praise Gartner for defining the IAG market segment within IAM, and we have evidence (in terms of project cost) that “passing the workflow and policy ball to the IAG platform” is a cleaner, smarter, cheaper, more business friendly way to go. Looking at provisioning system architectures, there’s not much left in a provisioning system when you remove the business logic. In 2011, provisioning will continue to be simplified, and become workflow-free zones.

Yet more change!

As IAM has become a more business friendly tool, other parts of organisations have put their hands up to become involved. The initial cause of this interest was around user privileges revocation during recertification. Some customers have implemented a direct interface between their IAG and provisioning platforms. This has enabled them to immediately revoke access rights during the business driven UAR process, yielding the ability to remove and update user access during a certification – without the involvement of IT. That too was a great leap forward, but customers then wanted to be able to grant rights in a similar way. The market responded with a solution that treated Access Request and Access Revocation in the same way. In 2011 organisations will continue to move their access request and access revocations to an IAG platform. This will yield significant savings, as traditionally these functions were provided by bespoke customisations of the provisioning system, and very costly and complex at that!

What about Service Management?

An interesting consequence of moving IAM closer to business users has been the bringing together of groups that had previously not been connected. In 2010 we saw the evolution of IAG and the value provided to business users. The same business users had formerly used the help desk as a means of requesting anything from stationery to systems access. It would come as no surprise therefore to predict that Service Management Architectures in 2011 will include components of IAM, and IAM Architectures will feature linkages to Service Management.

And then there’s The Cloud

2010 has seen lots of talk and controversy around cloud computing. Frankly this is hype and a certain amount of FUD from some of the regulators. The Internet has always used “the cloud”, and what customers are really striving for is the ability to run Software as a Service (or SaaS), or variations of “things” as a service. No new security paradigms are introduced by “the cloud”. At the end of the day, one must be able to manage “who has access to what”. Whether the application resides in your building, or across the world, organisations must take responsibility for sound governance. In 2011 the FUD barriers will be broken down and organisations will deploy cloud-based services with IAM in place to control access. Solutions built on technologies such as XML and XACML will rise to the forefront.

What about current technology?

The current generation of IAM technologies has been with us for about 10 years, and it is refresh time. As has been the pattern over my last 30 years in IT&C, innovation is being driven by companies that are responding to customer needs. Compliance, Governance, Cloud and more “business control over IT” are the drivers. Expect to see a number of new products in 2011 aimed at addressing these needs. For the last decade we’ve seen the IAM product landscape dominated by “super suite” vendors. Over the next year we believe that organisations’ needs will drive a market shift toward best of breed, new technologies, which are focussed on new business drivers and outcomes. And no doubt, the mergers and acquisitions in our market will continue as the industry giants strive to remain contemporary. No offense intended to any industry giants reading this.

Last but not least

Or, “Lasse men ikke minst” as they say in Norway. Open Source will come of age in IAM. The final years of Sun Microsystems saw a push of IAM technology out to the open source community. Many of the elite (and myself) in our sector scoffed at this notion, but the proof was in the pudding. With the emergence of quality software that outclassed many of the traditional stacks, 2011 will see the continuation of open source development in the IAM market, and the rise of organisations which embrace the best of community development and commercial support.

Finally

To all of our customers, employees, suppliers and business partners, thanks for a fantastic 2010, and may 2011 bring you happiness, good health, success and IAM goodness.