Identity & Access Management

YIN AND YANG: TWO VIEWS ON IAM – NATURE OR NURTURE

By Steve Mowll and Chris Williams Question: When it comes to the complexities of identity management, is what we try to do in identity management the problem or is it just inherently hard? Point: We might be making it harder than it needs to be. Setting complex requirements may affect long-term suitability and success. Chris…

Yin and Yang: Two Views on IAM – HR vs Identity Management

By Steve Mowll and Chris Williams POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data! Steve Mowll, Systems Engineer, RSA Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is…

Governance is the Center of the Universe

We all know by now that granting access to our sensitive applications introduces all sorts of “what-ifs” in an organization. What if my accounts payable admin, disgruntled and upset, decides to abuse her access to my payment system to funnel funds outside of the company? Or what if she decides to plug in her USB…

Third and Fourth Party Risk Management: Access-as-a-Risk

By now, we all know that vendor engagement is key to business sustainability. Organizations cannot focus on their core business without outsourcing non-critical functions to third parties. From a 20,000 foot view, third party management becomes an operational activity governed through contracts, engagement analyses and effective risk management. Where organizations fall short is in implementing…

Intelligence-Driven IAM: The Perfect Recipe

Another day, another breach, right? It’s almost like we’ve started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach – no matter how large or small. They all can cause negative consequences – on the corporation whose share price plummets, or on…

The On-going Threat of Social Engineering

I spoke recently at a meeting of the Dublin, Ireland chapter of ISACA about the continued (and increasing) use of social engineering in cyberattacks discussed in several recent reports, including the joint report by ISACA and RSA that documents the results of a survey of cybersecurity professionals, conducted in the first quarter of 2015. Those…

Identity: The Keystone of Security

Okay, I’ve started this blog post with a deliberately controversial title, which truthfully is intended to be a bit of a thought experiment. Let’s suspend our disbelief, and think about the security landscape from this perspective for a few minutes. Really, this posting is intended to recap my thoughts and impressions from last month’s RSA…

RSA SecurID Customers Take Note: RSA Via Access is for You, Too!

Today, RSA announced a milestone – the upcoming 2015 release of RSA Via that includes RSA Via Access  – a new hosted cloud-based authentication service for single sign-on to SaaS and on-premise web applications. This news not only is exciting, it’s game-changing. And it demonstrates that RSA is meeting customer needs for a unified approach to…

Do Snow Days Really Exist Anymore?

Now that Boston has made it in the record books and hopefully Spring is on the way, I want to share a question with you: Do snow days really exist anymore? When I was younger, I would look forward to that 6 am phone call saying that school was cancelled because of snow. It meant…

Taking the Pulse of Identity in Retail

In a recent webcast on Identity management for the retail sector, we asked attendees five poll questions to better understand their level of concern and the state of their capabilities for managing and governing user identities and access. It comes as no surprise that security continues to be top of mind for retailers. Ninety percent…