Identity Management Blog

The convergence of the IDaaS and IAM spaces is creating a lot of confusion for many of our clients. This has a lot to do with the marketing efforts of software vendors, but it also has to do with internal confusion around the definition of identity management, business objectives around identities and strategic goals like taking one’s IT infrastructure to the cloud. I’m going to take a stab at trying to help us think this through–and I think the best approach to determining whether the cloud is a right fit is to first understand our objectives and use cases.
Read More
If you’ve been on the Internet at all in the past few years, you’ve probably seen some hum or buzz about the “cloud” or “cloud-based” programs. It basically means hosting data through the Internet and not through physical hardware. This bypass of hardware results in more convenient (and unprecedented) enterprise solutions that have changed the way we do business.
As more company business units explore and adopt Software as a Service (SaaS) solutions for their technology needs, IT security groups struggle to keep the “gathering clouds” from raining on their secured environment.  On the bright side, these organizations have a very strong security foundation in place for internally hosted applications. The challenge is simply to extend their secure identity ...
I consider a Zero-Password Enterprise to be one in which the end user does not have to remember or be prompted for additiona l passwords for each of the applications she is accessing. Rather, the user is authenticated by a primary authentication authority which acts as the main identity provider. Ideally, this primary authentication authority employs a multi-factor authentication scheme (i.e. ...
I was re-reading an oldie-but-goodie, Frank Villavicencio’s blog titled Top 10 Common Pitfalls of an IAM Initiative. For anyone who has been responsible for an enterprise system deployment, especially an enterprise IAM system deployment, the top 10 reads like the 10 Commandments.
What does marketing have to do with cloud Identity Management?  Quite a bit, it seems. Last week, HMV (a European retailer) laid off 190 employees.  Among those being let go included Poppy Rose, the HMV "Community Manager" who happened to be in charge of their twitter account.  The result?  See for yourself...
'Tis the season to be hacked, I guess. Twitter joined a bunch of other companies in revealing that it was the target of a sophisticated attack that may have exposed the information for about 250,000 users. While the data that was allegedly exposed, including encrypted/salted versions of passwords, was not as bad as in some other attacks recently, Twitter did take some proactive measures in ...
A common approach by organizations on tight budgets has been to solve their Identity and Access needs with Active Directory (AD). While this approach has its advantages, it has many more disadvantages. AD has its place in almost any enterprise-computing environment, but as security and risk professionals, we must know where it belongs (and doesn’t belong) in an IAM strategy.
What is missing from most IAM roadmaps?
There's no two ways about it. This year's Cloud Identity Summit was another incredible edition that brought together great content and really interesting discussions about the state and future of identity. It is definitely going to be fun watching the amazing community we have in identity use this conference as a platform to make a big impact on cloud identity and identity management in general.