Pramatr Blog

The new year sees the launch of Pramatr’s Identity Management solution, something we’ve spent the last year working hard on.

It will initially focus on the core problem of user provisioning; user management, resource provisioning, de-provisioning, auditing and upfront risk reporting.

All registered users will get access to exclusive early releases soon and have the opportunity to give feedback, share ideas and thoughts through the forums. For all those that haven’t joined us yet, registering is a great opportunity to get involved in the project and to help in its direction. With your input we can build a product that answers the need of users, focus on solving problems that really matter.

To register visit our website.

From the Pramatr team We wish you all a happy and fruitful 2010 !!

REDMOND, Wash. — Dec. 10, 2009 — Microsoft Corp. today announced that it intends to acquire Sentillion Inc., a privately held company specializing in software for the healthcare industry.

Microsoft acquire IDM solutions vendor Sentillion, it seems more from a healthcare perspective than identity management.

Classified as visionaries within user provisioning by Gartner, Sentillion have a good array of SSO and IdM expertise which Microsoft could amalgamate with their own Forefront Identity Manager.

It wont be easy; Sentillion is specifically geared towards the healthcare sector so could be missing a few essential pieces to fit snugly and Forefront also has a provisioning solutions as does Sentillion in the form of ProVision. But to leverage only Sentilion’s healthcare presence, at a time when US healthcare is going through a revolution, and nothing else would be a travesty.

Only time will tell.

Graham Cluley reported on this phishing email today:

It’s an attempt to source account information from the recipient. Fortunately as Graham points out it’s not the most professional of executions:

1. You would have to not question why the Yahoo Webmaster Team is emailing you.. especially as it wasn’t sent to a Yahoo email address.

2. You would have to overlook that the bad guys didn’t even bother to forge the message to look as though it came from a Yahoo domain

If hackers were as good as this individual we wouldn’t have to worry about identity theft.

In July of this year an ex-employer at Goldman-Sachs was reported to have stolen code behind Goldman-Sachs propriety trading software. November of this year saw the largest breach of data in the UK when over a million customer records were alleged to have been stolen by a T-Mobile employee and sold on to rival firms.

All data has value and if someone pays the right price its not uncommon to find someone willing to breech company policy and turn a blind eye to any consequences if caught stealing.

Data Use in the Company ?
We entrust organisations with our personal data and in return we expect them to keep our data secure, private and to not share with others without our consent.  The thought of an employee abusing the information we willingly give over is something we rarely ever consider. However few organisations themselves know how this data is handled inside. The good news is, technology exists that can help, that can assist in reducing data loss, keep prying eyes away and entrust only the right personal to access personal data.

Inside Data Protection
Data Loss Prevention (DLP) technology has been around since 2006 and has is gaining speed with each passing year. DLP tech at a high-level discovers, monitors and protects sensitive data. Advances in this area have moved so far on that this statement probably doesn’t do the area any justice but suffice to say data stored, in use and even in transit can be managed, allowing identification of unexpected usage patterns; those accessing records more than they need to or at unusual times.

Outside Identity Protection
Identity and Access Management (IdM/ IAM) technology is another technology that has been around for several years and gained significant traction. Where DLP technology focuses primarily on data, its accessibility and authorisation IdM like Pramatr IdM is concerned with restricting access to data at the identity layer. Through managing access, authorisation, authentication across identity silos Pramatr IdM can help identify unusual access patterns, unexpected access times and even those trying to get access to unauthorised areas.

With data theft  on the rise, and cases like these ever more tempting its time to take a proactive approach to data protection both inside and out.

I had an opportunity to read the Gartner Magic Quadrant Provisioning report recently. With 50 pages it’s quite a thorough report so I won’t bore you with the gory details. Dave Kearns does a great job of summarizing it here and you can read the entire report published by CA here.

The first thing I did was compare the Magic Quadrant chart with the same chart from 2007. A quick comparison shows little that separates the two. The larger enterprise solutions remain where they always have, in the upper echelon of the square, while the remainders continue to jostle for position around the centre.

There was minor movement amongst the larger organizations; one moved up a little on one axis while another tiptoed along the other. But despite that nothing much visibly has happened.

Personally it’s no surprise as the larger organizations make the biggest footprint. With a larger reservoir of capital they can afford to make things happen much quicker, marketing, sales and even innovation.

Its Just One Opinion Right ?
I think we should be grateful that this market even has a Magic Quadrant report for people to chew over. As is states at end of the report, “Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant.”

It’s a bit naive though to think the report is just another opinion, as James Governor analyst with RedMonk says, being in Gartner’s Magic Quadrant can move mountains for a company.

Organizations use these reports as a means for garnering further sales, why else participate?

Quotes and positioning details are peeled off and reprinted on marketing material. In fact it’s not uncommon to find the entire Magic Quadrant report available on company websites which have benefited from the report.

Ratings by research firms matter, their opinions are taken very seriously by IT procurement departments evaluating products and services.

Moving Mountains
The Gartner Magic Quadrant evaluation process looks at several areas, not only regarding the product, its limitations and direction but also the supporting business infrastructure, marketing execution, pricing, sales execution. For a lesser-sized business, being compared to the likes of Oracle in these departments is hardly going to work in your favor.

As Dave Kearns mentions in his article, Thor Technologies’ provisioning product was ranked third or fourth (depending on how you read the chart) a few years ago. Once it was acquired by Oracle however, it was repositioned at the top of the leader quadrant with little change except for the acquisition. Despite the improved sales force the product remained the same yet it had gravitated to Leader status.

So it’s not hard to see why some businesses find these annual reports demoralizing and even attribute them to potential lost earnings as was the case with ZL Technologies

It can not be underestimated; the Magic Quadrant is incredibly powerful. “It’s the difference between trying to sell something and trying to fulfill. The business of IT purchasing is predicated on requests for proposals. Everybody in the leaders [quadrant] is always going to be invited to bed,” James Governor RedMonk analyst.

Not All Lost
If there are any positives that can be taken from these reports (for those that have not favored highly) is that they can be a catalyst for change. These detailed reports highlight areas that can be improved, providing opportunities where alternative strategies need to be sought; whether that is improving marketing execution, customer experience or something else.

Whether Gartner stops producing these reports or alters them makes no odds, there will always be opinions that some people give greater importance to over all others.

Bone-idle IT procurement departments will continue to start and end their product evaluation with these reports and opinions; grading product viability on how high and furthest to the right something is on a chart. But for many, especially with IT security budgets shrinking, purchasing decisions are being done with a lot more care. Businesses are using these opinions and reports along with many others to find something that is right for them rather than relying on where a product is positioned against bespoke criteria.