Rebooting IAM: Transforming IT at its Foundation

IAM must be retooled at its very foundation. We need to add intelligence and business context at the heart of IAM. It all starts with the user. If we get a solid handle on ‘who’ the user really is in the business context and ‘what’ they should have access to, all downstream functions like authentication and provisioning will be much more effective. This was the primary driver for RSA’s acquisition of Aveksa, the leader in business-driven identity management.

Darkness Lies Directly Under the Candle

Far too often, we fail to see the obvious weaknesses in our defenses.  Over 50 million consumer passwords have been reported stolen in 2012 alone in highly visible ‘smash and grab’ attacks.  Yahoo, LinkedIN, Zappos, eHarmony…the list goes on.   This is the equivalent of robbery in broad daylight.  How did we as an industry let…

Laying the foundation for tomorrow’s IAM

The last time I witnessed a reboot of identity and access management (IAM) infrastructure was 1996. Web applications had taken hold and intranets and extranets were buzz words. The security industry responded with web access management (WAM), provisioning, strong authentication and directory services. The industry has since built on these technologies to deliver identity federation, risk-based authentication and identity and access governance. All these IAM technologies have served us well but a wave of new developments has revealed the need for a rethink.

The New (Virtual) Stack Just Got Taller

VMware’s acquisition of Zimbra is a big step towards delivering IT as a service and signals VMware’s intention to deliver the benefits of virtualization and cloud computing all the way from the infrastructure to the platform to the application layer.

Getting started with security compliance for virtualization

VMworld 2009 has been buzzing with an infectious energy since it opened this week.  One can see the very visible and strong effect that virtualization is having on the entire IT industry.  The emergence of virtualization as a major mainstream paradigm across datacenters has spawned a rich ecosystem of vendors and technologies that secure and manage virtualization.