Identity Intelligence to Drive Business Objectives

As I pointed out in my answer to Ema’s question about the recent Gartner IAM Summit in London, the overwhelming theme of the conference was Identity & Access Intelligence. The main driver for this shift in focus being discussed at the conference was around the core idea of driving down costs in identity management projects,

Talking Identity at the European Identity Conference and more

May is going to be a busy month. I already mentioned I’ll be at the Internet Identity Workshop next week (if only for the first day and a half), where I fully expect to dive into discussions regarding SCIM and OAuth in the Enterprise (picking up from where we left off at the last IIW).

SCIMming the Surface of User Provisioning

This should be interesting! By all accounts, one of the main reasons that SPML never achieved traction was that application vendors were not involved in developing or deploying the standard. The effort to standardize provisioning of accounts was driven largely by the provisioning engine vendors. The result was an unwieldy standard that nobody could figure

A Brief Q&A on Identity

The intrepid Emanuela Giannetta (Marketing Manager for Oracle InfoSec in EMEA, and the voice behind @OracleSecurity) just did a brief Q&A session with me about my recent experience at Gartner IAM Summit in London and Oracle’s entitlement-centric approach to identity management. I had promised to give her some time during my London trip, but the

An Entitlement-Centric Approach to Security

Last week, I gave a well-received talk to a group of CxO and high-level IT managers on a new way to think about security built around entitlements. The premise of the talk was that with the de-perimiterization of the enterprise, the modern enterprise has already become entitlement-based; we in the security industry just haven’t caught

Cardspace and the KISS Principle

(My original title for this post was “Cardspace, We Hardly Knew Thee”, but Dave Kearns stole that by a nose). RSA is not the best conference for identity related news and topics, but there were more than a few interesting story lines that emerged last week (and no, I am not referring to what went

Join Us (Me) at the Oracle Security Online Forum (Feb 24)

On Thursday, February 24, Oracle will be holding an online mini conference focusing on security – the Oracle Security Online Forum. This live joint event with Accenture will last from 12:00-4:00pm ET, and will feature a great line-up of speakers and sessions focusing on security trends, best practices, and proven solutions for your business. It’s

When “Trust” Is Not Enough

Computerworld has an interesting article ‘Security fail: When trusted IT people go bad‘ with the even more interesting subtitle “One rogue IT employee can do more damage than an army of hackers“. It’s well worth a read, if only to get a feel for the nightmarish scenarios CIO’s can be faced with. The 3 case

Sometimes It Is Better To Detect Than Prevent

The recent tragedy in Tucson, AZ has gripped the nation in more ways than one. There are so many different story lines unfolding out of that single tragedy – about politics, about rhetoric, about immigration, about dreams. Significantly less visceral, but important from an identity management perspective is this avoidable but all too common story

Future in the Clouds? How About Some ESSO-To-Go?

There is little doubt any more that the cloud revolution is in full swing. Enterprises today are adopting cloud-based and hosted solutions for everything from CRM (even industry-specific solutions like this car dealer CRM) to personal productivity applications to business intelligence. Enterprises want the user experience of accessing SaaS applications to be secure, but transparent.