Aldon Boosts Identity Tracking in ALM Tool
June 5, 2007 Alex Woodie
Aldon simultaneously strengthened and streamlined the authentication process for its change management tools last month with the introduction of a new identity access management (IAM) component. By automatically tracking which objects a given person can access and what they can do with them, the new IAM component should make life easier for Aldon’s customers, as well as the auditors trying to gauge their compliance.
Change management software, by its very nature, is very process oriented. It’s also generally at least somewhat aware of its users’ identities. After all, no change management product that’s correctly configured would allow a disgruntled former employee to check out the general ledger, delete the source code, and then promote the change into production. By compartmentalizing the application development process and strictly governing how pieces of applications can be moved about, change management software–or application lifecycle management (ALM) software as it’s known these days–prevents this sort of thing from happening.
Of course, the devil is in the details, and there are multiple shades of gray. While Aldon’s Lifecycle Manager offerings previously offered authentication and tracking, today’s regulatory climate demands finer-grained user access monitoring and control capabilities. While Aldon’s Lifecycle Manager products previously offered DEFCOM 4-level protections, the new identity segmentation and tracking capabilities lock things down to DEFCOM 2.
It’s all about risk, says Modi Ronen, director of sales engineering at Aldon. “Controlling who has access to what has never been more critical from both a legal and operational standpoint,” he says. “Our goal is to give organizations technology that makes access control automated, cost effective, and systematically reduces risk exposure.”
With its new IAM component, Aldon is providing a framework to better manage the different roles people play in an enterprise and boosting its “separation of duty” functionality. The software enables managers to give one user different roles, with different access privileges for each role. These rules are then incorporated into a set of processes and hierarchies involving roles that the manager can set by group, by department, or at the individual level. Support for inherited roles in the new software allows managers to quickly propagate multiple layers of access privileges and control.
The new IAM component makes it easier to organize a confusing array of development teams, application releases, and supporting objects, Ronen says. Take, for example, a payroll application for which there are several releases of source code, and objects from different areas, including Java code and Word documents.
“IAM allows you to combine all three [developers, applications, and objects] together,” he says. “It allows me to very easily with a GUI to say, ‘Alex Woodie, under the payroll application has the authentication and control of a programmer. When he starts work on HR, you are defined as manager.’ The system will automatically inherit you all the permissions for all the objects that you manage under the entity. This gives you an enormous amount of flexibility. [It even allows you to restrict access for] people offshore that you don’t want to give access to certain parts of the application.”
The new IAM component also simplifies the log-in process for users and their various roles. Instead of requiring users to remember different user names and passwords for the different development resources they need under their various roles, the IAM framework provides the authentication needed to grant access. Other ALM products offer unified sign-on capability, but they can’t do it for multiple roles, says Helaine de Tomasi, senior director of marketing for Aldon.
The new software also allows external users to access company assets. Managers can explicitly assign privileges, such as read, write, and delete, to a user outside of a role or group structure, such as an external consultant. Aldon’s IAM also provides full audit tracking through the metadata registry that all of Aldon’s ALM products are based on.
While Aldon’s i5/OS offering, called Lifecycle Manager System i Edition, or LMi, already offered some of the advanced capabilities found in its new IAM offering, Aldon’s open systems offering, called Lifecycle Manager Enterprise, lacked them.
The new IAM component works with the most recent releases of both of Aldon’s main products, including LMi 7.5 and Lifecycle Manager Enterprise 5.0. The new capability is built into these products, and is not available as a separate offering. For more information, visit www.aldon.com.