identity and access management

Reimagine Your Identity Strategy

We are at the edge of yet another evolution for the Identity and Access Management (IAM) industry. Applications are being deployed at incredible speeds with user populations demanding access from wherever they are, whenever they want, from any device. The network is no longer clearly defined, in fact, identity is the new perimeter. Regulations and…

Identity Comes into Focus at RSA Conference

We are less than two weeks away from RSA Conference, the world’s largest security event! This year’s theme – The Power of Opportunity – emphasizes “unity.” Clever, right? We think so. Not only is it a great time to call for unity in cybersecurity among vendors and practitioners, but also end users. Every day we’re…

Identity and Access Management Strategies: IAM Spending to Increase in Europe

Businesses around the world recognize that it’s crucial to take the necessary precautions to verify identities and manage digital credentials when conducting business online. In fact, a recent study by Pierre Audoin Consultants (PAC) found that 93% of 200 polled European businesses claimed that they planned to maintain or increase their identity and access management…

Hackers Hunt for Healthcare Records

What’s the difference between data theft from a bank account versus a healthcare record? For starters, think of theft from a bank account as the equivalent of a single withdrawal; one and done. Sooner than later it’s discovered, a new account number is issued and, as a hacker, you’re effectively cut off. When it comes…

“I am an imposter.”

I was invited to give a keynote at the Cloud Security Alliance (CSA) Congress in Dublin recently, on behalf of my EMC colleague Said Tabet. Two years before, I had spoken at the CSA Congress in Rome about the EU-funded SPECS and SPARKS projects and their relevance to cloud in terms of GRC and security analytics.…

Identity for Modern IT: A New Appreciation for User Experience

The following is a simple analysis that puts into perspective the user experience of modern IT that organizations typically require their users to endure: Imagine a midsize enterprise with 1,000 users, each of whom has between one and three devices that connect to the enterprise infrastructure. Each user has installed between 25 and 100 applications…

LinkedIn Breach: The Death of Passwords Has Finally Arrived

The headline screamed at me this morning when I opened my inbox, “117 million LinkedIn user credentials compromised.”  I had no reaction as I went to get my first cup of coffee.   Credentials have become a commodity to hackers and are sold widely and cheaply in different venues—both in the deep-and open-web.   Stolen credit cards…

Identity for Modern IT: Balancing Provisioning and Integration in IAM

With the introduction of RSA Via Lifecycle and Governance 7.0, RSA Vice President of Engineering and Product Management Jim Ducharme emphasized “make it easy” as one of the four main themes for this latest release, particularly in the areas of onboarding new users and integrating new applications. Research from the Aberdeen Group on identity and…

Bring-Your-Own-Identity Gains Steam in Information Security

Bring-your-own-identity (BYOI, or sometimes BYOID) is an emerging concept in Identity and Access Management. BYOI has become interesting because it presents a realistic solution to a pressing problem: the need for better federated identity management. The Theory BehindBring-Your-Own-Identity The BYOI security methodology, like bring-your-own-device (BYOD) before it, contributes more than identity to the InfoSec ecosystem…

Defend the Kingdom – My Final Thoughts

Episode #6 of Defend the Kingdom, “Ghost in the Machine”, brings to close the dramatic battle between good and evil in both Marty’s imagination and his daily work as a security “hunter”.   The episode reveals a highly skilled, persistent, maniacal adversary bent on the Kingdom’s ultimate destruction.  In Marty’s alter-universe, he sees this as an…