Time to pack up and head out, the Security Identity Management Alert will be no more. Still, I couldn't leave you without some final words of advice, could I?
It was just over 12 years ago I wrote: "Welcome to the first Directory Services newsletter from Network World," and today we've reached the penultimate issue. Time flies when you're having fun. And it has been fun, for the most part, as the Directory Services newsletter matured into the Identity Management newsletter ultimately becoming part of the Security arena.
A few weeks ago we examined some results from a survey ("Who's stealing your data?") commissioned by SailPoint. This week they've released more results from that effort focusing on financial institutions, retailers and healthcare organizations and the cynicism consumers express about how these organizations are protecting their data.
Tom Kemp is the CEO of Centrify, a company which -- at its core -- is about tying other platforms (Unix, Linux Macintosh, etc.) into Active Directory to centralize administration, which Tom refers to as "Active Directory Bridging." He's been practicing this bridging since founding Centrify in 2004 and has been working with AD since founding his previous company, NetIQ. He knows what he's talking about in regard to Active Directory.
Kenneth P. Weiss founded Security Dynamics in 1984, served as CEO until 1986 and remained chairman of the board and CTO until 1996. Under his watch the company developed the SecurID token. Once the SecurID's potential was recognized by both customers and investors, Weiss set out to expand his company, and he initiated the purchase in 1993 of RSA, a small, fledgling encryption company that was gaining some notoriety in the field of Internet commerce security.
One of last week's newsletters ("Canada is out front once again") caught the attention of folks at the U.S. National Institute for Standards and Technology (NIST), and not in a good way.
In the past I've warned you about putting too much credence into publications such as Gartner's "Magic Quadrant" or Forrester's "Wave." Not that there's bad research, but that your needs might not fit the profile the report was drawn for -- better to pay the money and have an independent analyst do a report tailored to your situation.
In light of the U.S. government's NSTIC (National Strategy for Trusted Identities in Cyberspace), which may or may not become a victim of the U.S. Congress' budget-cutting axes this fall, I'd thought we go take a look at another government initiative that might provide a blueprint for how NSTIC could proceed.
I hadn't spoken to Andrew Ferguson (he's director, group marketing and global channel, for Australia's eB2Bcom, which he co-founded in '96) since last year's European ID Conference, but he did pop into my inbox recently to give me an update on one of his pet projects, ViewDS.
Canada's University of British Columbia is a large, multi-campus institution. There are two major campuses: Vancouver, located at the western tip of the Point Grey Peninsula, close to the city of Vancouver; and Okanagan, in the growing city of Kelowna, in British Columbia's beautiful Okanagan Valley. There are also two smaller campuses: Robson Square, located in the heart of downtown Vancouver; and The Great Northern Way Campus, located just southeast of the downtown Vancouver core. The University's Faculty of Medicine's Education Across British Columbia project maintains 75 healthcare facilities, including 22 large tertiary and medium regional hospitals, provide clinical education opportunities for both undergraduate and postgraduate medical students.
Longtime readers will remember Sara Gates from frequent appearances in this newsletter. Sara was director of product marketing for Waveset Technologies, becoming vice president of identity management at Sun Microsystems when Waveset was acquired. I nicknamed her the "Texas whirlwind," because of her ebullient, peripatetic and indefatigable demeanor. And now she's back in the saddle, and wants to help you.
There were a couple of announcements made at last month's Catalyst conference that I meant to draw to your attention but other things got in the way. Both are relevant to enterprise cloud-based computing so I'll talk about both today.
Frequently I read about or hear about a new product, service or application and say to myself, "What were they thinking?" But, just occasionally, I'll say, "Why didn't I think of that?"
Sarah Caudwell (pseudonym of Sarah Cockburn, 1939-2000) was a British barrister and writer of detective stories. Sadly, she only finished four novels before her untimely death. Reviews of her work uniformly use words such as witty, delightful, clever, diverting, etc. I happened to be rereading her first ("Thus was Adonis Murdered") while writing last week's newsletters and was struck by a good analogy for the "Real Names" (see "Google+: antisocial networking?") issue.
Last issue we started looking at Google's new social network, Google+, and its "Real Names" policy. We discussed the problem of using a single name as your identifier with all of the various "Circles" you can create, presumably to keep your boss from seeing the postings of your "homeboys" about that little party on Saturday night. But being only able to use a single name isn't the worst problem.
Google+ has been the subject of lots of comment in the media, blogs, wikis, email and even (shades of the 1960s!) around the water cooler in the office. What's being talked about isn't any single aspect of G+, but there is one aspect that's of interest to us: Google's "Real Names" policy.
Last issue we talked about the survey Sailpoint had commissioned to judge employee attitudes about improper access to and disposal of sensitive corporate data. Today there's another survey to examine.
In a number of recent newsletters we've looked at spear-phishing and how it can make your employees, customers, clients and users into unwitting dupes of the crackers and malfeasants who are trying to steal the "family jewels" of your organization. Just ask the folks at RSA (who insist that they are the "security division" of EMC).
I mentioned last issue a number of proposed identity protocols (Passport, Cardspace, OpenID, DigitalME, et al.) that have either died or, so far, failed miserably. There's a new entry in the so-called "user-centric" ID space that shows all the signs of following that path.
One place you could have gone to escape the recent heat wave that encompassed most of the U.S. was Keystone, Colo., where the afternoon temperatures barely reached the mid-70s F (while here in the mid-Atlantic we were stretching from the mid-90s to 100 or so). And while you were there you could have attended the Cloud Identity Summit, ably organized by Ping Identity's Andre Durand.
I love my readers. Yes, that's you I'm talking about. Time and time again you (individually or in groups) come up with just the information I need. Of course it is a two-edged sword -- sometimes you find data that seemingly contradicts what I've said. But most of the time you know the whereabouts of the documents that can help prove a point or answer a question.
Way back in 2006 I had a series of newsletters about anonymity. That's when I first tried to separate anonymity from privacy -- but they still keep getting confused to this day.
Last week ("More on biometrics") I recommended "biometric recognition as well as using passwords and SMS codes" for more secure mobile banking transactions. Long time reader Patrick O'Kane (he's chief architect for identity and access management services at Unisys) pointed me to a solution that does just that.
Rss Feed
The Connected Enterprise
