In my last post, I talked about Jeff Bardin’s excellent session about the reality of successfully deploying an enterprise IAM infrastructure. During his session, he touched upon one of the more interesting problems that we see in enterprises today – the “Model-As” problem. Jeff was referring to a practice that is very common in a
I attended a very informative session entitled “Enterprise IAM Challenges – A Practical Approach to RBAC” given by Jeff Bardin, the CISO at Investors Bank and Trust. It was a frank, open account of his experience leading a team on an IAM project that took his previous employer from a failed audit to a successful
I attended a session titled “Delivering Security Integration with Compliance” by IBM’s Stuart McIrvine. During the session, he laid out the various governance frameworks for IdM (SOX, COSO and COBIT among others) and detailed how IBM’s Tivoli family of IdM products could be used to implement them as part of an IdM practice. As he
I’m here at the annual RSA Conference, and it is just as busy as every year. Everyone who is anyone in security is here, which is why certain vendors are conspicuous by their absence (talk about reverse marketing), but that’s a different issue. Every year, it seems like one topic is at the top of
It has been a long time since my last post. The fact that it coincided with the holiday season shouldn’t lead you to think that I was enjoying some well deserved time off. It has, in fact, been quite the opposite. Things have been really busy in the identity management group recently, and I have
I usually don’t expect too many replies to postcards (real world or blog) that I write, so I was pleasantly surprised to see the discussion my post about the Gartner summit generated. The lively discussions regarding the part roles play in compliance were definitely expected. What I was not expecting were the few emails I
Wired News (which I read assiduously) had a pretty interesting article in their “Security Matters” section recently that talked about an analysis done of MySpace account passwords (“MySpace Passwords Aren’t So Dumb“). It makes for a pretty interesting read, so check it out. While you are at it, check out whether you have a password
2 weeks ago I attended Gartner’s first IAM summit. Entering an arena long dominated by Burton and RSA, they nonetheless seemed to have a respectable turnout, even if it was mostly people like me curious to find out what their treatment of the space was going to be. The fact that it was in Vegas
This week, Oracle took a long awaited first step towards the realization of the Identity Services Framework that I have been talking about. At the Gartner IAM Summit this week, Oracle announced an open initiative, the Identity Governance Framework (IGF), to address governance of identity related information across enterprise IT systems. The IGF will enable
The following question was posed recently by a sales consultant: A global customer is implementing a “single forest, single domain” directory (MS AD), supporting among other things SAP and Windows – about 30,000 users. They have asked us to summarise the business case for additional IdM solutions given the single directory approach. Dr. K says: