Tag: IDM

The Secret Sauce to User Provisioning

If you want the secret to user provisioning and de-provisioning in an enterprise setting, I’ll give you the one word answer, and then you can get on with the rest of your day… Integration. However, if you need to know why, how and with what…read on. The need to credential authorized users to your network and other proprietary assets is clear. You only want those with the proper rights in…and all others out. Complicating matters is that there are so many users these days…employees, channel

Consolidating the Variables: Augmenting Existing Identity Management Systems

The modern enterprise is a fluid entity. As an IT construct it expands and contracts (sometimes simultaneously), and many of the moving parts (like users and applications) are themselves evolving and changing. This creates unique challenges in operational efficiencies, core competency support, compliance observance and risk management.  The central theme to all these challenges is establishing and maintaining control of applications which serve as gateways to all the valuable data (personal, trade secrets and other IP) on which an enterprise exists. Many companies have turned

Synchronization enforces control for cloud integrated IDaaS and Access Management (SSO)

When Olympic rowers glide across the water’s surface at speeds of more than 25 mph, it’s because all the crew are in synch with one another. It’s a collaborative effort. As appropriate…if you are of a certain age and watched films from in science class and the guy in the lab coat was speaking but his words would burble out a second of two later. Not only is this synch off, but the power of the message of symbiosis is gone too. And in cloud

Mirror Mirror: the difference between Identity Management & Access Management

One of the biggest misconceptions in cloud security is the perception that identity management (IDaaS) and access management (SSO) are the same thing. They’re not. And it took a viewing of the famous Star Trek episode called Mirror Mirror for me to best illustrate and articulate the difference between the creation and management of a user account and credentialed rights and the funneled applications that entity is allowed to see. For those unfamiliar with the episode, it’s the one where Kirk is transported into an

Identity-As-A-Service (IDaaS) is more important than ever

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is

The Do’s and Don’ts of Password Management

I’ve written quite a few words for CloudAccess on the importance of password management and cloud security, but I think this list I found through my friends over at iRise Security really hits the nail on the head. DON’T Reuse and recycle passwords. If you do, a hacker who gets just one of your accounts will own them all. Use a dictionary word as your password. If you must, then string several together into a pass phrase. Use names of loved ones, dogs, birthdays, birthdays of loved ones

Integrated provisioning and access: He said it was too good to be true

It’s no covert fact that my secret identity is that of a mild-mannered cloud security executive. And as such, I don’t try to directly promote or discuss any specific solutions my firm offers. However, I was showing a recent upgrade of an access and identity management integration to a CIO of a large medical management company and he offered up the best compliment I could hope for: “This is too good to be true.” What he was alluding to was the successful demonstration of a

Erasing the Identity Blind Spot

Security is not an all-or-nothing proposition. And that’s part of the problem. It creates blind spots; gaps in vulnerability. Partly because of the inherent complacency that after a company institutes a new security initiative that hackers will be held at bay, or the employees won’t be tempted to make off with a database or a hundred other internal or external threats. I have long promoted that security is as much about planning and process as it is about the various solutions that are deployed to

A de-provisioning proverb: When a door closes, just make sure you don’t leave a window open

Earlier this week I attended a local cloud developers group, and I met a gentleman who consults with companies to engage in deep dive forensic examinations of their networks. He looks for the virtual fingerprints of misdeeds, fraud, and misdoings that can be used for e-discovery in legal cases. He essentially gets down to the bits and bytes of how much information flows to certain IP addresses to ascertain whether or not proprietary data has been tampered or stolen. He confirmed something that I long

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal