Tuesday, September 22, 2009

Request for the ILM product Team

So here I am, pounding away at creating a synchronization solution for a client. One of the last things you might want to do before committing a bunch of changes to their directory is verify the pending exports before you actually export.

Now there is functionality to do that: by searching the connector space and filtering for pending exports. But anyone who has used this knows that the window where the results are shown is small and you have to scroll through them to view more than a few objects at a time. Not very handy if you have a lot of changes going on. To make things worse, there's no 'Save to a file' button anywhere so you can review this table in something more comfortable like Excel. Now that's not totally true, because there in a CSExport.exe tool that can be found in the ...\bin\ folder that you can use to create a file. Unfortunately the file is XML. What am I supposed to do with a 90 meg XML file that has over 250,000 changes in it??? And why is this even in XML format anyways? I would love to know what they were thinking when they decided to make it XML. Why not make it in a text or CSV format, I say. So I take with huge XML file and try to open it, now the only application I know that open this is a way that will ultimately make sense to me is Excel. You wanna know how long it takes to open a file of this size? No you don't... OK it takes about 30-45 minutes and it pretty much uses all the resources on the computer too, so I can't do much else but wait around and think about writing a blog about it. Once it finally finishes I save it in TXT for XLS format, then it opens in a jiffy next time.

So here's my ask, ILM product team: Can you put a button on the GUI search result window that allows users to export that result into a file? And give us options with file formats, just like we've become accustomed to in the past with every other product Microsoft offers. At the very least, if you won't put a button on the ILM UI, would you could you please allow for different file formats in the CSExport.exe tool?

Friday, April 24, 2009

If Edgar Allan Poe only knew computer security

This is the winning entry from the RSA Conference's - Prose like Poe's Poetry Contest. This entry comes from Jamie Armstrong.

The Salesman

Once upon more malware nested, while I reflected broken and bested,
Over many hacks and attacks and safeguards that failed,
While I worried, clearly nervous, succumbed by relentless denials of service,
My blackberry did chirp with purpose - apprising me of new email,
"Tis some salesman" I muttered, surprising me with new email -
Only a salesman with products for sale.

But the caller, with his expertise, was soon to put my mind at ease,
That one meeting, all his knowledge in that one meeting he did convey,
He spoke of technical innovation - providing for security and prevention,
Access controls and authentication: hackers be gone, intruders away,
Sound the alerts of penetration: viruses contained, worms done away,
The threats of tomorrow addressed today.

Congratulations Jamie!

Monday, March 30, 2009

ILM2 delay - say it ain't so

Lots of people were caught off guard when it was announced at TEC that ILMv2 is going to be delayed. It wasn't so much the idea of a delay, as everyone is pretty much use to product releases being delayed by a month or so. The weeping and gnashing of teeth is due to the fact that ILMv2 won't be released till Q1 of 2010 - that's a year, not a month.

Talk about an identity vacuum... (I'm glad I was able to connect a topic to the name of my blog - he he)

Speaking to clients on a daily basis, most are in disbelief about this decision by Microsoft. Some clients are scrambling to figure out how to deal with this delay. Many vendors are doing similar shuffles due to this delay too. Selling ILM services, as I did in my past life, is proving to be somewhat difficult right now because clients aren't sure what to do. I know lots of ISVs that add value to both ILM and ILMv2, and it'll be interesting to see how they adapt to this news.

I'm sure Microsoft thought long and hard before making this sort of a big decision, I trust it'll pay off for them in the long run. I hope the IDA sales team can hold out till then.
Here's the news from Microsoft http://blogs.technet.com/stbnewsbytes/archive/2009/03/24/identity-lifecycle-manager-2-schedule-update.aspx
Thanks to Richard Blackham for pointing this out. (Updated 4/6/09)

Here's what other bloggers are saying about it: (http://www.wapshere.com/missmiis/?p=387 , http://jacksonshaw.blogspot.com/).

Friday, March 13, 2009

The Daily Show Musings

Jon Stewart interviews Jim Cramer from Mad Money on CNBC. It really is a strange world when CNBC can be described as a circus side show and Comedy Central does the serious reporting…

It’s a 3 part episode that’s un-edited. Absolutely great television.


Tuesday, March 10, 2009

Amazing! I can post a blog from MS Word

Just had a conversation with one of the folks at Hitachi-ID. They seem to be positioning themselves to go after the big boys; like IBM and Oracle. I don't think they have all the pieces yet to compete head to head with the likes of Larry Ellison. I'll be very interested to see how things shape up for the former M-Tech company. I do like some of their products such as their P-Synch app, it has lots of great connectors to most apps in the field. I do get confused that they are re-branding their products to new names – uggh… I'll keep an eye on these guys and see what happens.

Thursday, February 26, 2009

Break in at U of Florida

I read the article today about 3 break-ins at the U of Florida http://www.networkworld.com/news/2009/022309-three-months-three-breaches-at.html?nlhtident=rn_022509&nladname=022509security:identitymanagemental

I find it incredible, partly because they have such a great team in the IT department. In reality, it's hard to watch everything all the time. Even having all the greatest staff and good security equipment, if comes down to the weakest link. One break-in was due to really, really old equipment - back from 1996. That one got fixed pretty quick. I'm glad to see they took the corrective steps, and reported it also.

Reporting security break-ins should be mandatory. I'm from the camp that believes all break-ins should be reported and not hidden. It allows the community at large to know about their own personal data, while holding institutions responsible. I'm not just talking about the University as much as I'm talking about corporate America. In California, there was a law passed requiring companies to disclose break-ins. If it wasn't for that, companies like ChoicePoint, Citigroup and LexisNexis would have no reason to report on the break-ins they had. At the end of the day these laws help by putting the spotlight on these mistakes and this motivates them to stop the bad press.

Like most IT investments, security can be boiled down to ROI. Is it worth it for the company to spend a bunch of money to secure the public's data? Bad press resulting in lower stocks is definitely an ROI driver.

Thursday, January 15, 2009

Security in Politics

Caption says 'Security upgrades are now in place for all Bush press conferences'

Intro to Bruce Schneier

Back in 2000, Microsoft was getting hammered for it's lack of security. At the time I was working for the Exchange team focused on Key Management Server (or KMS). This was functionality used by Exchange to offer signed and encrypted emails to users in the system. Because of all the bad publicity at Microsoft, there was a push from upper management (I mean way up high) to get better at security. Some of you may remember when Microsoft stopped coding for a while to better their security. This wasn't just PR, but it was something they believed in. So because I worked on signed and encrypted email, that meant I knew something about security (which I didn't). I got drafted to the newly formed Exchange Security team. Actually it was a lot of fun. I got to learn new concepts and think in ways I wasn't use to.

I attended a seminar on security from some outside guy. This was Bruce, he was definitely a geek, he knew what he was talking about. The best thing about him was that he dogged Microsoft - in their own house. I thought that was ballsy. I immediately became a fan, read his books and joined his monthly newsletter. I like how he explained security in his books. He took abstract security concepts and brought them down to every day tangible examples. The tell tale sign that someone really knows what their talking about is when they can break it down in terms that even a child can understand. Not that techno-babble speak we all hear from time to time.

So in the end, Microsoft can out a bit more secure. Some may debate to what extent though. I came out of this a bit wiser when it came to software testing. Identity management is a small slice of the security pie, and I would argue that not to understand the overall security implications undermine any IdM system.

Bruce has a monthly newsletter that I would recommend to everyone. http://www.schneier.com/crypto-gram.html. In this latest issue he talks about impersonation - very relevant to IdM. It can also be found here. There's been some talk lately about OpenID, I think the ability to validate one's ID will decide how viable OpenID will be.

Finally, more on the musings topic than IdM there's a great article on the NSA can be found here