Many businesses need a foolproof method for identifying users of their computer networks, particularly those small and midsize businesses that have grown up using Microsoft software.
That need hasn't been lost on software vendors. BMC Software, for one, is trying to position itself as the go-to security vendor for adding identity-management features to Microsoft .Net environments. Last week, it released BMC Identity Management .Net, which lets companies add user access, compliance, and password management into applications based on .Net. The software integrates with Microsoft security technologies, but it's intended to give businesses more options and features. Because of a lack of options, many have been forced to build their own identity-management apps for the .Net environment, says Somesh Singh, VP and general manager of BMC's identity-management group.
BMC's move to support .Net could help it stand apart from some of its large competitors. "This will give small and midsize businesses better automated control over their user populations, including access and the levels of privileges being granted--something only large businesses have been able to afford and implement," says Gerry Gebel, a Burton Group senior analyst, noting that BMC competitor Oracle doesn't support .Net with its security tools.
Oracle, meanwhile, says it's looking to partner with a vendor that has single-sign-on software to add to its identity-management offerings. Oracle is one to watch in identity management "because they have such a heavy presence in the business application space," Gebel says.
Oracle is relying on this software as a cornerstone of its Fusion Middleware strategy, which itself is crucial to Oracle's overall plans to sell integrated software packages rather than independent databases and business applications. Oracle's focus on identity management is a bit ironic, given that Gartner blasted it late last month for exploitable vulnerabilities to its database software.
"Critical Oracle vulnerabilities are being discovered and disclosed at an increasing rate, and exploit tools and proof-of-concept code are appearing more regularly on the Internet," Gartner research VP Richard Mogull said in an online advisory. He also criticized Oracle for providing too little information about vulnerabilities, rolling out low-quality patches, and neglecting to offer workarounds.