Security Identity Management Alert

The foundation for security and enterprise management

Search Security Identity Management Alert

Free-email newsletter: Identity management news and resources from NetworkWorld.

Journey's end: 09/27/11; Time to pack up and head out, the Security Identity Management Alert will be no more. Still, I couldn't leave you without some final words of advice, could I?
Thank you, one and all: 09/23/11; It was just over 12 years ago I wrote: "Welcome to the first Directory Services newsletter from Network World," and today we've reached the penultimate issue. Time flies when you're having fun. And it has been fun, for the most part, as the Directory Services newsletter matured into the Identity Management newsletter ultimately becoming part of the Security arena.
Survey: Consumers cynical about how organizations protect data: 09/20/11; A few weeks ago we examined some results from a survey ("Who's stealing your data?") commissioned by SailPoint. This week they've released more results from that effort focusing on financial institutions, retailers and healthcare organizations and the cynicism consumers express about how these organizations are protecting their data.
History lesson on cross-platform identity management: 09/16/11; Tom Kemp is the CEO of Centrify, a company which -- at its core -- is about tying other platforms (Unix, Linux Macintosh, etc.) into Active Directory to centralize administration, which Tom refers to as "Active Directory Bridging." He's been practicing this bridging since founding Centrify in 2004 and has been working with AD since founding his previous company, NetIQ. He knows what he's talking about in regard to Active Directory.
Stupid, arrogant and greedy: 09/13/11; Kenneth P. Weiss founded Security Dynamics in 1984, served as CEO until 1986 and remained chairman of the board and CTO until 1996. Under his watch the company developed the SecurID token. Once the SecurID's potential was recognized by both customers and investors, Weiss set out to expand his company, and he initiated the purchase in 1993 of RSA, a small, fledgling encryption company that was gaining some notoriety in the field of Internet commerce security.
Setting the record straight on US, Canadian governments' trusted identity programs: 09/09/11; One of last week's newsletters ("Canada is out front once again") caught the attention of folks at the U.S. National Institute for Standards and Technology (NIST), and not in a good way.
Aveksa catches a Wave: 09/06/11; In the past I've warned you about putting too much credence into publications such as Gartner's "Magic Quadrant" or Forrester's "Wave." Not that there's bad research, but that your needs might not fit the profile the report was drawn for -- better to pay the money and have an independent analyst do a report tailored to your situation.
Canada is out front once again: 09/02/11; In light of the U.S. government's NSTIC (National Strategy for Trusted Identities in Cyberspace), which may or may not become a victim of the U.S. Congress' budget-cutting axes this fall, I'd thought we go take a look at another government initiative that might provide a blueprint for how NSTIC could proceed.
XACML-based directory server: 08/30/11; I hadn't spoken to Andrew Ferguson (he's director, group marketing and global channel, for Australia's eB2Bcom, which he co-founded in '96) since last year's European ID Conference, but he did pop into my inbox recently to give me an update on one of his pet projects, ViewDS.
A transparent IAM project: 08/26/11; Canada's University of British Columbia is a large, multi-campus institution. There are two major campuses: Vancouver, located at the western tip of the Point Grey Peninsula, close to the city of Vancouver; and Okanagan, in the growing city of Kelowna, in British Columbia's beautiful Okanagan Valley. There are also two smaller campuses: Robson Square, located in the heart of downtown Vancouver; and The Great Northern Way Campus, located just southeast of the downtown Vancouver core. The University's Faculty of Medicine's Education Across British Columbia project maintains 75 healthcare facilities, including 22 large tertiary and medium regional hospitals, provide clinical education opportunities for both undergraduate and postgraduate medical students.
Your very own club: 08/23/11; Longtime readers will remember Sara Gates from frequent appearances in this newsletter. Sara was director of product marketing for Waveset Technologies, becoming vice president of identity management at Sun Microsystems when Waveset was acquired. I nicknamed her the "Texas whirlwind," because of her ebullient, peripatetic and indefatigable demeanor. And now she's back in the saddle, and wants to help you.
Identity security in the cloud: 08/19/11; There were a couple of announcements made at last month's Catalyst conference that I meant to draw to your attention but other things got in the way. Both are relevant to enterprise cloud-based computing so I'll talk about both today.
Useful new things: 08/16/11; Frequently I read about or hear about a new product, service or application and say to myself, "What were they thinking?" But, just occasionally, I'll say, "Why didn't I think of that?"
The Real Name mystery: 08/12/11; Sarah Caudwell (pseudonym of Sarah Cockburn, 1939-2000) was a British barrister and writer of detective stories. Sadly, she only finished four novels before her untimely death. Reviews of her work uniformly use words such as witty, delightful, clever, diverting, etc. I happened to be rereading her first ("Thus was Adonis Murdered") while writing last week's newsletters and was struck by a good analogy for the "Real Names" (see "Google+: antisocial networking?") issue.
Google+: antisocial networking?: 08/09/11; Last issue we started looking at Google's new social network, Google+, and its "Real Names" policy. We discussed the problem of using a single name as your identifier with all of the various "Circles" you can create, presumably to keep your boss from seeing the postings of your "homeboys" about that little party on Saturday night. But being only able to use a single name isn't the worst problem.
Google minus: 08/05/11; Google+ has been the subject of lots of comment in the media, blogs, wikis, email and even (shades of the 1960s!) around the water cooler in the office. What's being talked about isn't any single aspect of G+, but there is one aspect that's of interest to us: Google's "Real Names" policy.
You've lost the battle, can you win the war?: 08/02/11; Last issue we talked about the survey Sailpoint had commissioned to judge employee attitudes about improper access to and disposal of sensitive corporate data. Today there's another survey to examine.
Who's stealing your data?: 07/29/11; In a number of recent newsletters we've looked at spear-phishing and how it can make your employees, customers, clients and users into unwitting dupes of the crackers and malfeasants who are trying to steal the "family jewels" of your organization. Just ask the folks at RSA (who insist that they are the "security division" of EMC).
When will we ever learn?: 07/26/11; I mentioned last issue a number of proposed identity protocols (Passport, Cardspace, OpenID, DigitalME, et al.) that have either died or, so far, failed miserably. There's a new entry in the so-called "user-centric" ID space that shows all the signs of following that path.
UnboundID releases SCIM toolkit beta: 07/22/11; One place you could have gone to escape the recent heat wave that encompassed most of the U.S. was Keystone, Colo., where the afternoon temperatures barely reached the mid-70s F (while here in the mid-Atlantic we were stretching from the mid-90s to 100 or so). And while you were there you could have attended the Cloud Identity Summit, ably organized by Ping Identity's Andre Durand.
Getting the band together again: 07/19/11; Thor Technologies was an early pioneer in the provisioning field before being gobbled up by Oracle as one of their first moves into the IdM space.
The identity list: 07/15/11; I've often said to myself that I need to compile a list of links to all things Identity on the Web. Now I don't have to.
My readers can be my best sources: 07/12/11; I love my readers. Yes, that's you I'm talking about. Time and time again you (individually or in groups) come up with just the information I need. Of course it is a two-edged sword -- sometimes you find data that seemingly contradicts what I've said. But most of the time you know the whereabouts of the documents that can help prove a point or answer a question.
Aristotle on anonymity: 07/08/11; Way back in 2006 I had a series of newsletters about anonymity. That's when I first tried to separate anonymity from privacy -- but they still keep getting confused to this day.
Safer mobile transactions: 07/05/11; Last week ("More on biometrics") I recommended "biometric recognition as well as using passwords and SMS codes" for more secure mobile banking transactions. Long time reader Patrick O'Kane (he's chief architect for identity and access management services at Unisys) pointed me to a solution that does just that.