<http://www.infoworld.com/article/05/01/24/04NNsunid_1.html?source=NLC-SEC2005-01-24> InfoWorld Sun rolls out Identity Auditor Software applies identity management for repeatable compliance By Cathleen Moore January 24, 2005 Sun Microsystems (Profile, Products, Articles) this week introduced identity audit and compliance software designed to give IT departments visibility into employee identity and system-access activities. The Sun Java System Identity Auditor can help with the difficult and expensive regulatory compliance requirements of reporting on systems and applications, proving internal controls, and giving auditors data on historical access privileges. "Identity - which [covers] who has access to what, who did what, and when - is essential to compliance," said Sara Gates, vice president of identify management at Sun. "The problem Identity Auditor addresses is automating compliance processes companies suffer through." Having visibility into identity and access-related activities is a key part of compliance for certain regulations, most notably Sarbanes-Oxley, said Jonathan Penn, principal analyst of identity and security at Forrester Research. "It may be that only certain systems or data are important to protect under those regulations. But it is important to have insight into who has access to what and why that access has been granted," Penn said. Sun's Identity Auditor makes it easier to implement controls through functionality focused on access-exclusion policies as well as the workflow dealing with conflicts that may arise between users' access rights and policy, Penn said. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'