Identity & Access Management

YIN AND YANG: TWO VIEWS ON IAM – Global Risk Standards or States & Nations Policies

By Steve Mowll and Chris Williams POINT: Chris Williams – Advisory Architect, RSA Identity In our last blog, I stated the following about why we most commonly engage in security practices. And these two items were represented: We embrace identity projects because we need to satisfy compulsory mandates. We need to provide competitive protective services…

YIN AND YANG: TWO VIEWS ON IAM – NATURE OR NURTURE

By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris…

Yin and Yang: Two Views on IAM – HR vs Identity Management

By Steve Mowll and Chris Williams POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data! Steve Mowll, Systems Engineer, RSA Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is…

Governance is the Center of the Universe

We all know by now that granting access to our sensitive applications introduces all sorts of “what-ifs” in an organization. What if my accounts payable admin, disgruntled and upset, decides to abuse her access to my payment system to funnel funds outside of the company? Or what if she decides to plug in her USB…

Third and Fourth Party Risk Management: Access-as-a-Risk

By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing…

Intelligence-Driven IAM: The Perfect Recipe

Another day, another breach, right? It’s almost like we’ve started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach – no matter how large or small. They all can cause negative consequences – on the corporation whose share price plummets, or on…

The On-going Threat of Social Engineering

I spoke recently at a meeting of the Dublin, Ireland chapter of ISACA about the continued (and increasing) use of social engineering in cyberattacks discussed in several recent reports, including the joint report by ISACA and RSA that documents the results of a survey of cybersecurity professionals, conducted in the first quarter of 2015. Those…

Identity: The Keystone of Security

Okay, I’ve started this blog post with a deliberately controversial title, which truthfully is intended to be a bit of a thought experiment. Let’s suspend our disbelief, and think about the security landscape from this perspective for a few minutes. Really, this posting is intended to recap my thoughts and impressions from last month’s RSA…

RSA SecurID Customers Take Note: RSA Via Access is for You, Too!

Today, RSA announced a milestone – the upcoming 2015 release of RSA Via that includes RSA Via Access  – a new hosted cloud-based authentication service for single sign-on to SaaS and on-premise web applications. This news not only is exciting, it’s game-changing. And it demonstrates that RSA is meeting customer needs for a unified approach to…

Do Snow Days Really Exist Anymore?

Now that Boston has made it in the record books and hopefully Spring is on the way, I want to share a question with you: Do snow days really exist anymore? When I was younger, I would look forward to that 6 am phone call saying that school was cancelled because of snow. It meant…