IAM

Yin and Yang: Two Views on IAM – Active Directory Automation, Success or Failure?

By Steve Mowll and Chris Williams Point: Effective identity management strategies are business-based, and should rise above technical limitations. Steve Mowll, Identity Architect, RSA True point, but in order to have effective strategies, they must be directed towards a desired outcome. Let’s take a look at this idea using Active Directory (AD) projects as an…

YIN AND YANG: TWO VIEWS ON IAM – NATURE OR NURTURE

By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris…

“I am an imposter.”

I was invited to give a keynote at the Cloud Security Alliance (CSA) Congress in Dublin recently, on behalf of my EMC colleague Said Tabet. Two years before, I had spoken at the CSA Congress in Rome about the EU-funded SPECS and SPARKS projects and their relevance to cloud in terms of GRC and security analytics.…

Identity for Modern IT: A New Appreciation for User Experience

The following is a simple analysis that puts into perspective the user experience of modern IT that organizations typically require their users to endure: Imagine a midsize enterprise with 1,000 users, each of whom has between one and three devices that connect to the enterprise infrastructure. Each user has installed between 25 and 100 applications…

Third and Fourth Party Risk Management: Access-as-a-Risk

By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing…

Identity for Modern IT: Balancing Provisioning and Integration in IAM

With the introduction of RSA Via Lifecycle and Governance 7.0, RSA Vice President of Engineering and Product Management Jim Ducharme emphasized “make it easy” as one of the four main themes for this latest release, particularly in the areas of onboarding new users and integrating new applications. Research from the Aberdeen Group on identity and…

Bring-Your-Own-Identity Gains Steam in Information Security

Bring-your-own-identity (BYOI, or sometimes BYOID) is an emerging concept in Identity and Access Management. BYOI has become interesting because it presents a realistic solution to a pressing problem: the need for better federated identity management. The Theory BehindBring-Your-Own-Identity The BYOI security methodology, like bring-your-own-device (BYOD) before it, contributes more than identity to the InfoSec ecosystem…

Why Marketing, HR and Finance Should Have a Bigger Say in Your IDaaS Strategy than You May Think

My colleague Darren Platt recently weighed in on the undeniable upward trend of organizations moving toward Identity as a Service, or IDaaS. While only 15% of organizations report having a cloud-based pure play for their identity solutions, more than 55% are saying they have a mix of cloud and traditional. Cloud-hosted identity solutions appear to…

Ransomware Rules for Payment: Do Extortionists Have the Advantage?

When an entire health system fell prey to cybercriminals and medical records were locked up by a ransomware attack in early February, there seemed no choice but to pay the sum demanded in order to avoid the impact on patient care: $17,000 in 40 Bitcoin.   And in that single moment, one hospital became the obligatory…

IDaaS, the New Identity White Whale or the Fish That Shouldn’t Get Away?

In Herman Melville’s epic novel Moby Dick, a crazed mariner wildly pursues an unattainable beast with tragic consequences. So too can the pursuit of identity solutions that give visibility to and control over cloud, mobile, web, and legacy applications feel like a wild quest. To this end, many organizations following the general IT trend of…