Tag: single sign on

Consolidating the Variables: Augmenting Existing Identity Management Systems

The modern enterprise is a fluid entity. As an IT construct it expands and contracts (sometimes simultaneously), and many of the moving parts (like users and applications) are themselves evolving and changing. This creates unique challenges in operational efficiencies, core competency support, compliance observance and risk management.  The central theme to all these challenges is establishing and maintaining control of applications which serve as gateways to all the valuable data (personal, trade secrets and other IP) on which an enterprise exists. Many companies have turned

Synchronization enforces control for cloud integrated IDaaS and Access Management (SSO)

When Olympic rowers glide across the water’s surface at speeds of more than 25 mph, it’s because all the crew are in synch with one another. It’s a collaborative effort. As appropriate…if you are of a certain age and watched films from in science class and the guy in the lab coat was speaking but his words would burble out a second of two later. Not only is this synch off, but the power of the message of symbiosis is gone too. And in cloud

Mirror Mirror: the difference between Identity Management & Access Management

One of the biggest misconceptions in cloud security is the perception that identity management (IDaaS) and access management (SSO) are the same thing. They’re not. And it took a viewing of the famous Star Trek episode called Mirror Mirror for me to best illustrate and articulate the difference between the creation and management of a user account and credentialed rights and the funneled applications that entity is allowed to see. For those unfamiliar with the episode, it’s the one where Kirk is transported into an

Integrated provisioning and access: He said it was too good to be true

It’s no covert fact that my secret identity is that of a mild-mannered cloud security executive. And as such, I don’t try to directly promote or discuss any specific solutions my firm offers. However, I was showing a recent upgrade of an access and identity management integration to a CIO of a large medical management company and he offered up the best compliment I could hope for: “This is too good to be true.” What he was alluding to was the successful demonstration of a

Supporting CIO strategies and priorities from the cloud-Part 1

The biggest eye-opener in Gartner’s recently-published study on the current agenda regarding the digital landscape for Chief Information Officers is that CIO’s recognize that cloud computing will not only be a significant part of the future, but that their own roles and behavior need to be updated to survive in the modern enterprise. “CIOs will have to develop new IT strategies and plans that go beyond the usual day-to-day maintenance of an enterprise IT infrastructure…. technologies provide a platform to achieve results, but only if

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

My Security Playlist: now playing Access Management

While I peruse my morning inbox, I enjoy listening to music on my iPod. It just so happens this morning’s first random selection served as the inspiration for today’s blog: Let ‘Em In by Paul McCartney & Wings. “Someones knockin at the door Somebody’s ringin’ the bell Do me a favor, Open the door and let em in!” There is nothing more damaging to the overall enterprise operation and business reputation than permissive access policies. Considering the all the entry points from applications to social

When is a stack not a stack? When it’s unified in the cloud

While trawling the blogs, feeds and news I came across an analyst’s article about best security practices in which he kept referring to “the stack.” And by this he meant a multitude of various solutions that address certain security needs and capabilities; everything from email filtering, firewalling, authenticating, credentialing, logging and intrusion detection, etc… And, if you read my blogs often enough, you know I am a big proponent of unified security. However, unified security is not a stack. It is easy to be confused

REACT to the Cloud: A tale of horror and unified security

Today’s is a cautionary tale. One that you’ve probably heard before, but I promise a new spin on making sure it won’t happen again. It’s a true story. It recently happened to a colleague’s friend’s business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent. It was a dark and stormy night… Dan is the  CEO and CTO of a privately-owned business that develops software

The Cloud Guide to PCI Compliance for Retailers

One of the key drivers to IT security investment is compliance. Several industries are bound by various mandates that require certain transparencies and security features. They are designed to mitigate aspects of risk including maintaining the sacrosanctity of customer information, financial data and other proprietary information. One such affected vertical is retail. No matter if you’re Wal-Mart or Nana’s Knitted Kittens, if you store customer information; if you process payments using customer’s credit cards, you are required by law to comply with a variety of