Sun launches identity compliance tool

Sun today announced new software designed to help businesses meet the requirements of Sarbanes-Oxley by better tracking which employees access company applications.

This Content Component encountered an error

Today Sun Microsystems Inc. released identity software that helps businesses keep track of which employees access their applications and IT systems, a requirement established by the Sarbanes-Oxley Act of 2002.

The new Java System Identity Auditor from the Santa Clara, Calif.-based company allows users to generate reports showing which systems are accessed, and by whom -- as well as any access violations that may have occurred across a broad range of applications. The software also automatically sends reports to business managers when a violation of access policy occurs.

"This is about automating all of the manual work that has to go on today to comply with regulations," said Sara Gates, vice president of identity management for Sun.

Section 404 of Sarbanes-Oxley requires businesses to ensure that only authorized users have access to financial reporting applications, and that companies document any exceptions to that rule.

For more information

Get advice from a SOX auditor

CIO Survival Guide: IT governance

"Because of Sarbanes-Oxley, we need to know what is happening on our network," said Cliff Bell, CIO of Phoenix Technologies Ltd., a Milpitas, Calif.-based software company.

While some provisioning applications may be able to provide information on who is allowed to access a certain application, such as SAP, the new Sun software should make it much easier to find access violations throughout a system, said Jonathan Penn, a principal analyst with Cambridge, Mass.-based Forrester Research Inc.

"Provisioning systems can do a lot, but they require a lot of customization, and customization means expense," Penn said. "This makes it a lot easier to do."

Still, Bell said even the Sun software may not cover all his needs. He uses software from Emeryville, Calif.-based GroundWork Open Source Solutions Inc., which monitors both the activity of users, as well as devices such as servers. If a server goes down, or there is an interruption on the network, it may indicate an attack, Bell said.

"I need to monitor both people and machines," Bell said.

The market for such identity auditing systems is likely to grow dramatically as more companies try to meet reporting requirements, said Roberta Witty, a research director at Stamford, Conn.-based research firm Gartner Inc. Every public company is regulated by Sarbanes-Oxley and needs to audit who has access to financial applications, she said.

"The need [for identity auditing products] has existed ever since two people could access the same computer," Witty said. "Now Sarbanes-Oxley is forcing the issue."

She said several vendors have already gone to market with similar products, including Calgary, Alberta-based M-Tech Information Technology Inc., Framingham, Mass.-based Curion Corp., and New York-based Thor Technologies Inc.

IBM, Sun's primary competitor in the overall identity management market, does not yet have an auditing product, but Witty said IBM is likely to launch one soon.

Sun's Java System Identity Auditor starts at $250,000 and can stand alone or work in conjunction with the rest of Sun's identity management products.

Dig deeper on IT asset management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close