Last week, I gave a well-received talk to a group of CxO and high-level IT managers on a new way to think about security built around entitlements. The premise of the talk was that with the de-perimiterization of the enterprise, the modern enterprise has already become entitlement-based; we in the security industry just haven’t caught
(My original title for this post was “Cardspace, We Hardly Knew Thee”, but Dave Kearns stole that by a nose). RSA is not the best conference for identity related news and topics, but there were more than a few interesting story lines that emerged last week (and no, I am not referring to what went
Computerworld has an interesting article ‘Security fail: When trusted IT people go bad‘ with the even more interesting subtitle “One rogue IT employee can do more damage than an army of hackers“. It’s well worth a read, if only to get a feel for the nightmarish scenarios CIO’s can be faced with. The 3 case
The recent tragedy in Tucson, AZ has gripped the nation in more ways than one. There are so many different story lines unfolding out of that single tragedy – about politics, about rhetoric, about immigration, about dreams. Significantly less visceral, but important from an identity management perspective is this avoidable but all too common story
I just got back from a trip, where I had the opportunity to visit a number of Oracle (including former Sun) IdM customers. During the trip I (quite unintentionally) got some insight into an area of enterprise identity management that I had not considered before – Identity Management for Visitors. Over the last few years
Some recent moves by major players could have a significant impact on the perception of multi-factor authentication technologies. Google recently introduced two-factor authentication for Google Apps. The mechanism they chose to employ relies on a one-time password token delivered to a cell phone either by an SMS text message or a call to the phone
Lest all the recent posts about “pull”-based identity make you think that I have completely forgotten about good old “push”-based identity provisioning, here is some news on that. As I have discussed here in the past, SPML has been under a cloud in recent years, with low adoption and a litany of issues being documented.
Ben has responded to my response by vigorously defending his stance against the pull movement. His statement that “…this will take more effort than it will return in value” is correct in identifying what enterprises should focus on – a cost-benefit analysis – but not in his estimation of how to do the valuation. I
My friend Ben Goodman over at Novell recently wrote a blog post arguing against the “future of identity is pull” movement that seems to be sweeping the nation (well, at least the hallways at the recent Catalyst conference). I’ll give him credit for having the conviction to go against the grain here, since the idea
Another Burton Group Catalyst conference has come to a close, and as always it was a treasure trove of stories, ideas and conversations. Which is why it was great to have the uncertainty around the conference laid to rest when it was announced that it will be back next year (July 26-29 in San Diego,