Identity Management Blog

Every time I look at my calendar and I see that a dentist appointment is coming up I tend to worry that she might find something that is going to lead me towards some type of painful procedure. I worry and fret and then go to the doctor, and, on the rare occasions that she has told me that she’s going to have to bust out the jackhammer, I’m somewhat relieved. Why?
Read More
Earning the “keys to the kingdom” can be as elusive as getting the pot of gold at the end of the rainbow. But what does it actually mean? To understand the importance of getting these keys, we need to dig a little deeper into identity governance, or an identity and access management (IAM) governance body. Explaining identity governance is easy: it’s a way of having ultimate access to who is doing ...
We’ve talked about the importance of having an identity & access management (IAM) strategy in place for your enterprise countless times. That said, we talk about IAM as a broad umbrella, in which action pieces like single sign-on and provisioning constitute as its entirety.
An article posted by CSO explains what the world would be like if assigning employees specific access rights to what they need and restrictions to what they don’t need were not implemented. This is a significant task that, in the days where passwords functioned as flagship security, IT reigned supreme.  However, this is no longer the case. As the article suggests, these systems have transcended ...
Identity and Access Management (IAM) has become an increasingly important discipline, from its tentative beginnings in the early 90s to the multi-disciplinary, cloud-based process it is today. With 2.4 million Google results, IAM has gotten lots of ink. But the growing discipline of Identity and Access Governance, an essential component of IAM projects, hasn’t seen as much coverage in the news ...
Understanding the evolution of the Identity and Access Governance (IAG) space is helpful when determining the value of an identity initiative to your organization. Our industry loves buzzwords and we tend to move in packs, if not herds. By taking a look at the evolution of IAG we can better understand why certain topics are hot. Armed with this knowledge we can determine whether those hot topics ...
Continuing where we left off last week, this post takes a deeper look at access controls and the types of authorizations that can be implemented.  Authentication, Authorization, and Accountability (AAA) Identity management has become a separate consideration for access control. However, the three pillars that support authorized access still define the tools and techniques necessary to manage who ...
*Keep it Simple, Stupid The National Institute of Standards and Technology (NIST) model on Role Based Access Control is a fascinating document (http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf). It is loaded with explanations of many important basic RBAC concepts such as Separation of Duties, “permission-role review” that is effectively comparable to user-role review, non-specificity of ...
It’s par for the course in enterprise IT that when game-changing technologies hit the mainstream, the many benefits they offer are accompanied by a new set of unforeseen IT risks.  It’s the way of the world, and while you may not be able to account for the unknown, if you anticipate that there will be surprises, you can ensure that the benefits of any given innovation will far outweigh the risks.
For many years now, the Identirati have talked about the many reasons why Identity and Access Management (IAM) projects fail. Close to three years ago, we created our top ten pitfalls of an IAM initiative, which was the precursor to our advisory services business.