I had the opportunity to sit in on a Eurekify webcast on Wednesday outlining and demoing the new V4 version of their Role & Compliance Management Server. I haven’t personally worked with Eurekify products for a few years. They are certainly well known for their Sage product, which performed enterprise role discovery/mining. But I was impressed by what I saw on the webcast regarding their latest product . I especially enjoyed seeing the tight integration with Tivoli Identity Manager (ITIM). For those of you familiar with the space — it seems to provide similar functionality as Sun (Vaau)’s RBACx, but with a look-and-feel integration into TIM like SecurIT’s Role Manager product.

Eurekify’s demo mostly covered showing the integrated look & feel with ITIM v5 (it doesn’t support previous versions of ITIM) which included a “role-recommendation” feature for a particular user, a segregation of duties (SoD) conflict, as well as the configuration screen outside of TIM. Aside from aesthetics, a major feature is the ability to use the TIM adapters already configured for an environment with Eurekify’s product. Back when I remember working with Sage, you didn’t connect directly with user repositories. You exported the user and authorization data to a file or table. That may not be an easy task, depending upon the repository or application. Another major downfall of this previous approach is that you’re looking at a snapshot in time. Whereas tight integration with TIM adapters provides up-to-date and easy access to user/authorization data for analysis for the new version.

Integration of Enterprise Role Management (ERM) and Discovery tools is a logical extension of the automated account provisioning market. It’s why Oracle acquired Bridgestream. It’s why Sun acquired Vaau. (IBM?)

I have a follow-up request in to Eurekify for more information to hopefully evaluate hands-on and share more info here (the webcast audio was ahead of the demo, making it difficult to follow).

But here was the intro provided by Eurekify at the outset of the webcast:

A major part of this version is the ability to consume Eurekify Role & Compliance management analytics within a host system workflow.

As a first example of such integration, we took ITIM V5 and integrated into the role request mechanism 3 types of calls

1. At the beginning of the process, to ask for Eurekify’s recommendation of relevant roles based on the roles model and based on pattern analysis
2. In the middle of the process, to review selected roles vis-à-vis Eurekify compliance model (e.g., consisting of ERP rules and many other business and regulatory policies)
3. In the end of the process, to update Eurekify of changes made to the authorization structure

The integration consists of an easy to install ITIM extension, which makes the ITIM integration seamless and retains the ITIM look-and-feel.

I’ll post more when I hear back from Eurekify.

Filed under: Identification, Provisioning, Security