Biodata

Anthony Truco has over 15 years of experience in the IT industry. His technical expertise is in digital rights management, where he has authored patent applications, identity management, network and applications-based security and systems management.

Prior to joining Novell, Truco founded three independent hi-tech startup businesses. Before that, he served with CA, where he ran the advanced technology group with responsibilities for Australia, New Zealand and India.

Q: How would you define compliance?

A: Meeting compliance requirement standards is about managing who gets access to what information, when and where. Within this context, identity management becomes key to information validation, which is crucial for companies wanting to realise compliance. In other words, compliance efforts without consideration for a systematic identity management and security are difficult, expensive and incomplete.

Q: What role does policy-based identity management play when it comes to dealing with compliance?

A: The best identity and security management solutions help companies establish the controls and business structure that enable governance. With that in place, businesses are able to implement Separation of Duties controls and provide documentation on who has access to what, who has authorised the access, and from where they are authorised to do so.

Well-planned governance, risk and compliance strategies help companies meet compliance and security requirements. One of the first steps to take is to consider how and what kind of internal policy can support external legal requirements and other business needs.

Policy-based identity management plays a critical role in ensuring that Separation of Duties controls are maintained and the correct level of access is granted to the appropriate people at the appropriate time.

Q: How can companies ensure a successful implementation of an identity management solution? How can success be measured?

A: A successful implementation of an identity management solution is predicated on a number of factors such as:

• Involvement of line of business and other non-IT owners early in the planning process;

• Thorough understanding of the business process that is being modelled;

• Setting realistic goals and staging the implementation project to ensure steady and continuous progress with demonstrable business outcomes at each stage; and

• Avoiding “big bang” projects.

Other aspects that should be considered are:

• Avoid solutions that would incur unnecessary costs such as rip-and-replace technologies;

• Work to leverage on existing infrastructures and integrate them as appropriate;

• Choose a vendor with a strong track record with a good number of implementations across verticals;

• Choose a solution that is modular in nature, but also provides strong integration between the individual modules as they are installed; and

• Choose a solution that has strong integration between security and event monitoring and identity and access management.

Novell has numerous offerings for companies interested in meeting compliance requirements. For details, visit http://www.novell.com/management/security/.