Identity and Access Management (IAM) is likely the fastest growing area in the IT security industry today. IAM provides larger organizations with the ability to better manage user access to web sites, applications and databases. The need for IAM solutions has grown with the increased use of the Internet to provide external users with access to business applications. Without appropriate security controls, these applications can potentially suffer misuse, including unauthorized access and subsequent leakage of confidential or business-sensitive information. Enter IAM.

Organizations need IAM solutions to meet the security expectations of their customers and stakeholders – and, equally important, increasingly strict privacy legislation. Since 2002, Technology North has been assisting enterprise clients to define, plan and execute Identity and Access Management projects. We have provided a wide range of resources to these projects including technical architects, technical analysts, project/program managers, and business analysts

Technology North's Security Services are a complete range of assessment and hands-on consulting services. Designed to suit virtually any size of business -- and almost any budget -- our services can meet the needs of companies with both common-place and unique technology platforms.

Included in this work have been assignments to:

• define requirements for products to meet IAM needs
• develop models and architectures to meet business needs
• design of user registration and enrolment solutions
• strong authentication research and recommendation development
• large-scale application integration project management
• outsourced vendor management

TN have experience with Computer Associates Siteminder, RSA SecurID and ACE Server, IBM Tivoli Identity Manager, Microsoft Active Directory, and a wide range of operating systems, network protocols and firewall solutions. In the IAM space today, we are currently managing 10 application integration projects, providing project management, technical and business analyst support. In addition, we are advising an enterprise client on the ongoing operations of an outsourced service that will one day support over 2,000,000 users.

A Security Review is usually carried out before we attempt to fix security problems.   Our approach to performing Security Review projects is made up of 5 steps:

• Initial Risk Evaluation – What information do you need to protect? What hazards and risks is your IT infrastructure exposed to? What obligations do you have to protect your information?
• Security Needs Assessment – We perform a detailed review of the following: Policies and Procedures, Physical Security, External Access Security (using Ethical Hacking techniques via the Internet), Internal Network, and Business Applications/Databases.
• Security Trends - Technology North has developed a Security Trends Report that contains up-to-date information on IT security trends. During our review of your security needs, this information is updated and customized for your use.
• Security Recommendations - Once the business needs for security are understood, specific recommendations can be prepared. These are practical, detailed recommendations for implementing new security solutions. An overview implementation plan and cost estimates are also provided.
• Security Policies - In many cases, an operational security policy is needed to ensure that the recommended changes are formally recognized. The policy can also be updated on an ongoing basis and used to keep management and staff informed.