Tag: Identity Management

Unified Security: Avoid becoming a statistic

Take 3 minutes to learn why this best practice is not only the next evolutionary step in IT security management, but affordable, manageable and more effective than individual point solutions. Unified security from the cloud transforms IT security from reactive collection to proactive and actionable defense while limiting costs and preserving resources.  It leverages the the collective power and intelligence capabilities of SIEM, log management, vulnerability scanning/assessment, Identity management (IDM), access management and single sign on under a single pain of glass…and in real time

Analyzing the Top 10 benefits of Unified Security from the cloud (Part 2)

If you missed Part 1: read it HERE More than security from the cloud, the concept of unified security takes the method another step forward in terms of best practices—the ability to deploy a holistic security initiative, AND  one that seamlessly collaborates with the other components; that shares input across the enterprise so that a clearer understanding of vulnerabilities can lead to effective preventive policies and actions. They say the whole is greater than the sum of its parts. And that is the core of

Analyzing the Top 10 benefits of Unified Security from the cloud (Part 1)

Of all the strategies and tactics available to prevent breaches, deter data leakage and theft, control access and secure beyond the so-called network perimeter, the one that is emerging as an achievable and affordable best practice is that of unified security from the cloud. But if you look across the web, you will no doubt come across various versions of what constitutes “unified,” what is “protected,” and, what is “security from the cloud?” Luckily this means that the concept of unified security from the cloud

Consolidating the Variables: Augmenting Existing Identity Management Systems

The modern enterprise is a fluid entity. As an IT construct it expands and contracts (sometimes simultaneously), and many of the moving parts (like users and applications) are themselves evolving and changing. This creates unique challenges in operational efficiencies, core competency support, compliance observance and risk management.  The central theme to all these challenges is establishing and maintaining control of applications which serve as gateways to all the valuable data (personal, trade secrets and other IP) on which an enterprise exists. Many companies have turned

Law firms in the security cross-hairs: how cloud security can level the playing field.

“Law firms are a back door to clients’ confidential information,” Business Week. As corporations have become more aware of threats to data, hackers and other fraudsters are quickly discovering a new, softer target to attack and siphon highly confidential corporate details, proprietary personal information, and trade secrets. Even as stewards of trust for their corporate and private clients, law firms have traditionally been slow to embrace new technologies. Cloud computing has been no exception because many mistakenly believe the cloud is less secure than traditional

Mirror Mirror: the difference between Identity Management & Access Management

One of the biggest misconceptions in cloud security is the perception that identity management (IDaaS) and access management (SSO) are the same thing. They’re not. And it took a viewing of the famous Star Trek episode called Mirror Mirror for me to best illustrate and articulate the difference between the creation and management of a user account and credentialed rights and the funneled applications that entity is allowed to see. For those unfamiliar with the episode, it’s the one where Kirk is transported into an

Identity-As-A-Service (IDaaS) is more important than ever

Conspiracy theorists and other concerned citizens will insist the government is watching every keystroke, keeping a record of every website, transaction, text and email. Shades of 1984’s Big Brother, right? These last few weeks, the news has been brimming with revelations of data surveillance and monitoring by the government (not to mention data harvesting corporations like Google, Yahoo, Facebook etc…). Everyone, including the security buffs at CloudAccess, is sensitive as to what is being looked at, stored, and analyzed for hazily defined purposes. Privacy is

The Do’s and Don’ts of Password Management

I’ve written quite a few words for CloudAccess on the importance of password management and cloud security, but I think this list I found through my friends over at iRise Security really hits the nail on the head. DON’T Reuse and recycle passwords. If you do, a hacker who gets just one of your accounts will own them all. Use a dictionary word as your password. If you must, then string several together into a pass phrase. Use names of loved ones, dogs, birthdays, birthdays of loved ones

Integrated provisioning and access: He said it was too good to be true

It’s no covert fact that my secret identity is that of a mild-mannered cloud security executive. And as such, I don’t try to directly promote or discuss any specific solutions my firm offers. However, I was showing a recent upgrade of an access and identity management integration to a CIO of a large medical management company and he offered up the best compliment I could hope for: “This is too good to be true.” What he was alluding to was the successful demonstration of a

Erasing the Identity Blind Spot

Security is not an all-or-nothing proposition. And that’s part of the problem. It creates blind spots; gaps in vulnerability. Partly because of the inherent complacency that after a company institutes a new security initiative that hackers will be held at bay, or the employees won’t be tempted to make off with a database or a hundred other internal or external threats. I have long promoted that security is as much about planning and process as it is about the various solutions that are deployed to