Don't lose control with outsourcing

11/14/05

Be sure that security is considered when you're planning outsourcing or trying to bring an already-outsourced environment back under control.

Sarbanes-Oxley: Act promotes survival of the fittest

02/07/05

Because Sarbanes-Oxley doesn't specify IT controls in detail, most auditors are using COBIT to evaluate SOX IT compliance. But COBIT itself provides only control objectives; it's up to IT managers and architects to determine how to implement controls. And it's up to auditors to decide how deeply to look, and then judge if implementations are acceptable.

Federated identity gets a boost

10/11/04

By testing federation products for interoperability and supporting the EAP, the E-Authentication Initiative is having a positive impact on federated identity adoption. If E-Authentication is broadly adopted by federal agencies in production federations, it will spur the formation of multiple federated communities.

Demand higher-quality software

08/02/04

Avoid the worst consequences, address complexity and balance security with other business needs by working through the issues using a systematic approach and your organization will come out OK.

Fight the cause, not the symptom

06/21/04

Worms and viruses plaguing users worldwide are symptoms of weak security in Windows and other programs. But so far, vendors are doing more to combat the disease's symptoms than its root cause.

Weigh risks of offshore outsourcing

03/08/04

Offshore outsourcing might be a good economic decision for some organizations based on lower labor costs. But make sure you carefully consider the security risks of the decision.

Shaping federation standards

12/15/03

The industry needs Microsoft's Longhorn, IBM WebSphere, and future WS-* based offerings to interoperate with SAML 2.0 and address needs outside of SAML's scope. If IBM and Microsoft put WS-* components into OASIS in the near future, these works soon will have the blessing of an open standards community, and crossover work can occur with SAML 2.0. The convergence that customers demand can begin now.

Federated ID gains momentum

10/06/03

I haven't seen anything this exciting in this area since Multi-purpose Internet Mail Extensions began spreading like a prairie fire across the world of Internet mail in the early 1990s.

Out of the desert, into OASIS

08/11/03

Join others in the industry in pushing for immediate submission of Microsoft and IBM's WS-* identity-management-related specifications to OASIS so that the SAML 2.0 group and Liberty Alliance can move forward with their important work.

SAML, Liberty offer identity gains

06/16/03

It might make sense to start your journey toward federated identity by using SAML or Liberty as a way to integrate some in-house or business-to-employee applications initially. Consider making SAML a mandatory capability for new applications and security infrastructure rollouts.

Secure e-mail is worth the effort

02/17/03

It isn't acceptable to send sensitive e-mail over the Internet in the clear. We shouldn't let spammers get away with forging their "From" address. Experiment in your environment to see what can be done, and push your vendors to improve support for interoperable, secure e-mail.

Authentication gets smart

12/02/02

Basic identity management processes must get better.

The application identity crisis

10/21/02

It seems that the better our portals and Web access managers get, the more application integration becomes the key problem.