Identity And Access Management Articles

Showing Articles: 17 of 7

Jul 6 2014

The Mainframe and IDM

Identity Management Projects always result in lower costs and Streamlined Security Administration.

Where have you heard that one before?

Since the mid 1990's there has been a talent drain in the Mainframe Security Administration field.   Concerned IT Management, looking for ways of filling the void basically figured that automating User Provisioning and Credentials could fill the void. To meet the Customers needs Large Software Companies developed centralized Identity and Access management tools. In terms of the Mainframe it meant putting a common Windows GUI in front of ACF-2 Top secret and RACF for inexperienced Administrators to drag and drop ID's and…

Keep Reading

Jun 13 2014

All Threats are Insider Threats

Back in the day when the enterprise security model was a hardened perimeter protecting the internal "trusted" network, security vendors seized on the notion that businesses need protection from their employees - the insider threat.

Studies were commissioned to show how much malicious insiders were costing businesses. More recent studies indicate the majority of data breaches are carried out by…

Keep Reading

May 28 2014

Identity & Access Management: Don’t get Death Starred!

Many things seem impenetrable until a “small vulnerability” is exploited. The phrase “small vulnerability” almost sounds like an oxymoron when you think about it.  Take the fable of one Luke Skywalker and the Death Star.  In the story Luke exploited a small two-meter-wide thermal exhaust port in the Death Star’s design to destroy the ultimate weapon and break the back of the Galactic Empire in their moment of triumph. To make matters worse the Empire was warned about this “small vulnerability”, but the Galactic bureaucrats reasoned that the risk was small and the whistleblowers were overestimating rebels’ chances…

Keep Reading

May 8 2014

Invisible at Infosecurity Europe 2014? Definitely Not

The major tube strike that was conducted in London during the first two days of Infosecurity Europe 2014 didn’t seem to have had an impact on the visitors count. Held from April 30 to May 1 at Earl’s Court, Infosecurity Europe is the biggest IT Security related exhibition in Europe, and supposedly brought close to 15,000 visitors there this year. And of course, we participated with a stand and speaking sessions, not to miss out on the opportunity to meet up with customers and…

Keep Reading

Apr 27 2014

Privileged Users – Not Malicious But Still a Threat

One of challenges security architects face is finding the right balance between security and end user convenience. This conflict is typified by the example of password policies. A too stringent policy drives users to write down their passwords on sticky notes (thus defeating the security objective) and a too weak policy leaves passwords exposed to cracking…

Keep Reading

Apr 10 2014

SSH Communications Security Comments on Heartbleed Vulnerability

Key Facts: 

  • SSH Communications Security’s products are not affected by the Heartbleed flaw. Customers are advised to patch any server where the vulnerable OpenSSL software is installed.
  • Due to the pervasive nature of the Heartbleed vulnerability, the length of time the flaw has been in place and the broad access that an attacker could potentially obtain, SSH Communications Security is recommending that all Secure Shell keys used to establish trust relationship with affected systems should be changed immediately after the Heartbleed patch has been installed, and should be a part of your organization’s standard remediation…

Keep Reading

Mar 18 2014

People Centered Security: Themes from The Gartner IAM Summit

Growing up, we get a lot of conflicting advice. We are told  “look before you leap” but also “nothing ventured nothing gained”. The book of clichés is littered with other examples. The world of Identity and Access Management is similarly conflicted. On the one hand, IAM  should be transparent to the user and simple to administer. On the other hand, IAM must enforce the principle of least privilege. These goals are mutually exclusive. Why? It is just too complex to define specifically the fine grained access each user needs in order to perform their job and manage that access over time in a dynamic work environment. The result is too many job roles, too many exceptions and ultimately weaker, not stronger…

Keep Reading