First American Title Insurance Company creates audit trails, improves productivity with
role- and criteria- based identity management and user provisioning
Microsoft yesterday announced at 2010 RSA Conference the official release of its Forefront Identity Manager, an identity and access management tool designed to work across heterogeneous systems,
including card management systems.
Brendan Foley, director of product management in the identity and security business group at Microsoft, briefed Security Squared about that announcement, We'll have more in coming days about Forefront Identity Manager (FIM), especially its use of claims-based assertions, its ability to synchronize identities across disparate sources and how it integrates with strong authentication methods and their support systems.
For now, we'll let users tell the FIM story: At the briefing, we also spoke with First American Title Insurance Company, in the persons of Cameron Cosgrove, vice president, infrastructure; and Scott Weir, IT manager, desktop architecture group. They talked about their experiences with using FIM for role- and criteria-based identity and access management.
The convergence angle: Cosgrove and Weir discuss associating First American Title employees with identities rather than IP addresses--and the identities are built on roles and criteria that conceivably could include physical access rights. Further, those physical permissions could be correlated with data access rights, and both might vary with an employee's location on any given day, with FIM provisioning and deprovisioning in the background on the fly. As Weir says below, employees always have access to the resources they need, while First American has a clear audit trail for compliance.
Also of convergence interest: Cosgrove and Weir are evaluating multifactor authentication solutions at RSA to complement their logical access solution. Multifactor or strong authentication schemes are a natural intersection between the logical and physical identity worlds.
What follows is a transcript of our conversation at the RSA Conference Tuesday, edited for clarity.
*****
Cameron Cosgrove, First American Title: Our industry is real estate, and our fundamental business is property title insurance, helping people transact their real estate business. We are a global company, and we have a footprint of about 13,500 employees in the United States [and] we have deployed FIM to all 13,500.
One of the first challenges we wanted to address is the provisioning of users and deprovisioning. With 13,000 people all across the U.S., we are serving markets that are large and small, so we have large offices and small offices in the U.S. Employees need access to the system quickly--or when they leave, we need to de-provision quickly. Prior to FIM, we were doing that manually through HR requests, tickets going into our help desk. It would probably require a day or two days of elapsed time to complete by the time we would gather all the pertinent information about the new employee.
Microsoft yesterday announced at 2010 RSA Conference the official release of its Forefront Identity Manager, an identity and access management tool designed to work across heterogeneous systems,
including card management systems.Brendan Foley, director of product management in the identity and security business group at Microsoft, briefed Security Squared about that announcement, We'll have more in coming days about Forefront Identity Manager (FIM), especially its use of claims-based assertions, its ability to synchronize identities across disparate sources and how it integrates with strong authentication methods and their support systems.
For now, we'll let users tell the FIM story: At the briefing, we also spoke with First American Title Insurance Company, in the persons of Cameron Cosgrove, vice president, infrastructure; and Scott Weir, IT manager, desktop architecture group. They talked about their experiences with using FIM for role- and criteria-based identity and access management.
The convergence angle: Cosgrove and Weir discuss associating First American Title employees with identities rather than IP addresses--and the identities are built on roles and criteria that conceivably could include physical access rights. Further, those physical permissions could be correlated with data access rights, and both might vary with an employee's location on any given day, with FIM provisioning and deprovisioning in the background on the fly. As Weir says below, employees always have access to the resources they need, while First American has a clear audit trail for compliance.
Also of convergence interest: Cosgrove and Weir are evaluating multifactor authentication solutions at RSA to complement their logical access solution. Multifactor or strong authentication schemes are a natural intersection between the logical and physical identity worlds.
What follows is a transcript of our conversation at the RSA Conference Tuesday, edited for clarity.
*****
Cameron Cosgrove, First American Title: Our industry is real estate, and our fundamental business is property title insurance, helping people transact their real estate business. We are a global company, and we have a footprint of about 13,500 employees in the United States [and] we have deployed FIM to all 13,500.
One of the first challenges we wanted to address is the provisioning of users and deprovisioning. With 13,000 people all across the U.S., we are serving markets that are large and small, so we have large offices and small offices in the U.S. Employees need access to the system quickly--or when they leave, we need to de-provision quickly. Prior to FIM, we were doing that manually through HR requests, tickets going into our help desk. It would probably require a day or two days of elapsed time to complete by the time we would gather all the pertinent information about the new employee.
Bookmark this on Delicious
Subscribe to our site's news feed
