IBM: Security Crucial From The Inside Out


Corporations today spend so much time keeping external viruses, bugs and
perpetrators out of their computer systems that they sometimes leave
internal holes wide open.


IBM wants to fill them.


With the RSA Security show winding down, the company today unveiled Tivoli
Identity Manager Express, a software package that helps small businesses
combat insider security attacks and automate compliance management.


The software blocks people from using usernames and accounts that the
company neglected to cancel, or “orphan accounts,” which have been left open
due to employee layoffs or company mergers.


Typically, smaller businesses employ antivirus software or a network
firewall, according to Steve Henning, manager of integrated identity
management solutions for IBM Tivoli.


But this leaves the so-called “back door” open to fired employees or
dishonest clients trying to access confidential information.


Perpetrators who once came in from the “front door” of a network,
using their skills to penetrate firewalls, are now taking advantage of
open user accounts from employees who get fired.


The potential for harm is great: Experts expect insider attacks to be a top
security threat for 2006.


Henning said Tivoli Identity Manager Express can quash orphan accounts by
giving managers control over who has access to what information and matching
user accounts with current employee information.


Because the software automates the way managers can verify employee access,
the new IBM software can also make it easier to meet federal compliance
requirements for internal controls.


The software can manage who has access to what accounts so that companies
can show auditors that they verify employee access for a set time period.


Priced at $24 per user for a base license of a minimum of 100 users, Tivoli
Identity Manager Express will be available at the end of the month.


The news comes as the popular RSA Security conference is coming to a close
in San Jose, Calif., this week, where Microsoft, VeriSign, RSA and a host of
other vendors convened
to discuss security issues and new forms of digital authentication software.

News Around the Web