By the end of 2005 BMC Software introduced a new version of its I&AM software suite, IMS 5.0. Its main highlight was to try and tie business processes, hardware, software and users in an automated way. Doing so BMC was betting right where its business is : management. To perform that task, an Identity Discovery module harvests IDs within the different data stores (LDAP, databases, business applications...) to feed them into its Atrium CMDB (Configuration Management Database). The CMDB then really acts as a central point to store and correlate business processes, hardware, software and users.

Since then, BMC stayed very quiet about this approach. Worse yet, its suite has not really evolved. Stephan Belloni, IAM Channel Enablement Manager at BMC agreed to answer our questions on what 2008 might be for BMC on the I&AM front.

SecurityNewsletter.com : Two years after market consolidation, where does the I&AM market stands now ?

Stephan Belloni, BMC : It still requires a proper integration between business processes and identity management, in order to securely manage heterogeneous populations (employees, partners, customers...). Those need access to an ever increasing number of applications as well.

Vendors will address this need with their own assets, and thus solutions will range from targeted, very specific, softwares to fully integrated solutions.

Our approach is to offer a fully integrated provisioning application that brings identity, services, configuration and change management. Our goal is to present a solution that can more easily be automated for both the systems and the users.

And of course Identity Management will close the gap with the other IT solutions in our BSM (Business Service Management) strategy. 

SN.com : What do you plan to do in order to close that gap between Service Management and Identity Management ?

Let me give you some specific examples of areas we are working on :

• Extend the chain of employees to third-party organizations (through Identity Federation)
• Facilitate companies merging through unified access for all employees, thanks to multiple directories support, and the business abstraction layer needed to shield the complexity of dealing with so many different systems.
• Help Desk cost reduction through fully automated interfaces accessible to employees.
• Compliance management, both internal (specific rules for specific employees) or external (SOX, HIPPA, Basel II)
• Leverage the existing IT infrastructure to securely deploy B2B and B2C applications 

SN.com : How is BMC different in a market where all vendors provide software suites with very similar functionalities ? 

Our Identity Management solution is only a part of a more global strategy called BSM (Business Service Management). BSM is an IT centric approach that allows within the organization a better cohesion between people, access rights and the security policies. Being able to offer a solution using the business services as a whole, including but not limited to the IDs, is a huge advantage for BMC.

Automation of ID management processes, access rights and approvals also allows to not only know who are the users and what they can do, but also how and why they were given those rights. And be able to centralize this information in our CMDB allows for stronger controls and makes it easier to use this information in other decision making processes if needed.

And why are we so proud of our integrated solutions ? For many organizations, managing the users and the systems they work with (workstations, laptops, PDAs, software) is a true challenge. The IT needs to be able to support many different users needing very different hardware, software and access rights (and even on locally installed applications). Most of the time they can only overcome it thanks to many different solutions sold by many different vendors. But making them work together often ends up in insecure, non-compliant, inefficient and incoherent processes.

Without an integrated approach, IT must rely on manual and inefficient processes in three main areas :

• Provisioning :  New employees receive a workstation or a laptop configured with selected applications needed to perform their role, along with one or more logins and passwords. The same goes for new business partners or even clients when they need to access the information system. Provisioning is paramount here to ensure that the right person has access to the right information at the right time. And this has to be clearly documented for compliance with SOX, HIPAA or Basel II.
• Re-provisioning :  Change management to handle personnels getting a new role within the company, meaning new or modified access rights, new or modified local applications, and then patching.
• De-provisioning : Making sure the IT stays safe when employees leave the company, and dealing automatically with their credentials and confidential data.

BMC has integrated its ID Management solution with its Service Desk and change management solutions, and enjoys a unique position on the market. We are able to improve processes automation, performance and to maximize the benefits of each solution taken separately. In IT like anywhere else, strength is in numbers.  

Moreover, BMC's integrated solution offers a robust platform to build compliance management and monitoring. All provisioning actions are easily audited and maintained, making it easier to detect compliance problems and reporting. BMC solution also helps manage risk through rules and policies, ensuring that all users have the latest versions of their applications and the correct rights according to their profiles. All this is served in an integrated package.

SN.com : Identity Management is above all an organizational project. Nevertheless while the market is rich with software suites, it is quite poor with consulting. We mainly have major vendors with their professional services (that are not consulting experts), or numerous small to medium sized VARs for whom consulting is not the main business. Where are the major consulting practices that could bring I&AM vendors the essential business expertise, just like in the ERP world ?

BMC works with 24 global partners worldwide. We use our network of partners to help our clients define and implement a solution that will suit 100% of their business needs. Accenture, CapGemini and IBM Global Services account for the biggest share in terms of deployment and configuration. But we have a total of 526 business partners. Their role is to present BMC as the unique solution to manage IT from a business perspective. BMC relies on those professionals to be in the emerging market of access management through ITIL v3 and change management.