Posted 9:35 AM (0) comments

Microsoft strengthens Healthcare IdM Portfolio

Microsoft announced today the acquisition of Sentillion, Inc., an acknowledged leader in IdM for the Healthcare industry.

Earlier this year, the Gartner Group placed Sentillion in the "Visionaries" quadrant of their Magic Quandrant for User Provisioning, saying:

"Sentillion's singular focus is on meeting the identity management needs of healthcare entities. It remains in the Visionaries quadrant due to its continuing innovation in healthcare provisioning needs, continued customer growth, its increasing name recognition within healthcare, and its expanding partner network for resale and system integration."

So why did Microsoft pick this particular company? Let's go back a couple of years to an interview I did with Sentillion CEO Rob Seliger. I tried to get him to admit an interest in branching out beyond healthcare. Nothing too exotic; perhaps an allied market like pharmaceuticals? But he wouldn’t be baited. He claimed Sentillion knows the market well – the company was spun-off from HP’s Medical Products Group nine years ago - and wants to leverage its expertise to do healthcare identity better than anyone else.

Some say they were doing just that. And now they have Redmond's deep pockets behind them - the sky's the limit. At a time when the US is about to undergo a healthcare revolution, Microsoft shows remarkably agility in getting out in front.

Labels: acquisition, Gartner, Microsoft, provisioning

Posted 2:31 PM (0) comments

Self-service de-provisioning

The always intriguing Pam Dingle has come up with what I believe is an entirely new feature for IdM systems - self-service deprovisioning!

In a typical self-service system, a user's accounts, authorizations, applications, etc. are pre-configured and are installed/activated the first time the user signs in. But in a post called Federated De-provisioning, Pamela extends this capability of self-service to the de-provisioning event. She describes it as:

"There is no reason why an authority could not return a set of claims at the time a terminated user attempts to authenticate to the Relying Party that says (a) do not authenticate, and (b) de-provision immediately. If the authority is set up to do so, the Relying Party is home free! The urgent use case has been taken care of (ie abuse), and the non-urgent cases can be dealt with at leisure, because the associated risk is dealt with. Who cares if it takes a month to actually delete the account, if you can guarantee that should the terminated user attempt to access the resource during that time, a real-time status check will occur and the termination will be discovered?"

Brilliant!

Let's see who's first to market with this...

Labels: federation, provisioning, SAML

Posted 8:21 AM (1) comments

The role of roles

Ian Glazer has just released his first post since signing on with the Burton Group, and it's a good one, about the wrong-headed notion which appears to be taking hold in the market place that roles and role management are needed before provisioning can occur. As Ian puts it:

Implicit in the idea that an enterprise cannot attempt user-provisioning because it is not ready for role management is the notion that user provisioning has no value to the enterprise without role management. This is an outdated argument that is simply not true.

In fact, the opposite is true - roles, while not requiring it, will benefit from a good provisioning implementation.

Look at it this way, even without computer-based Identity Services people need to be provisioned into the resources they will use. eProvisioning simply automates that task. While the concept of roles may be present, roles-as-a-tool is only useful within a digital context.

Acquiring, piloting, prepping and rolling-out provisioning services should really be a no-brainer decision, especially today - almost 10 years after eProvisioning was first introduced - when so much of the setup and rollout is scripted, wizard-ed, template-ed and cookie cutter-ed. It's easy to demonstrate the efficiency gains (and the budget gains) from provisioning apps & services. There's also the fact that the successful launch of a provisioning service establishes a baseline and a platform for creating the rest of a full-blown identity services implementation, even beyond role management. Govenance, Risk Management, Entitlement Management, Security Audit, Simplified Signon, Priveleged Account Management and more have a much better chance of being successful if they follow a well executed provisioning rollout.

Labels: Burton Group, provisioning, roles