Identity Management Blog

A colleague shared this story: “It was one of ‘those’ mornings – overslept, running late, traffic, no close in parking left.  Not even time for the morning coffee stop. Then it happened.  Upon arriving, a co-worker said: “You are not going to have a good day.”  Turns out the automatic deprovisioning routines in IAM had received bad data feeds from the HR system and took action.” And, yes, you guessed the rest of the story – not a good day. Most are probably thinking – Why didn’t they consider this possibility?  In fact they did.  The solution for this use case was already developed, heading ...
Read More
That is the position is set out to convince people of with my talk 'IDaaS: The Now Big Thing' at this years Cloud Identity Summit. Even with the words 'Cloud' and 'Identity' in the name of the conference, and even with a fairly friendly crowd, I knew that this would be a somewhat daunting challenge. 30 minutes is a short amount of time in which to make the case that IDaaS has better Security, ...
In Part 1 of this series, we looked at how important it is to have documentation of what you expect your system to do and the value of making a plan. Now we want to take a closer look at writing the test cases, themselves.
What does it take to wake me from my blogging slumber? I guess it takes someone bashing Identity Management as a security technology that is deployed just for the sake of it.
Want to get insight from the experts on how to achieve success with your identity and access management program? Then join us for a lunch and learn where some smart folks from  Quest Software and Identropy will share insight on the key technologies and best practices that can help you improve your security and compliance posture while maximizing your ROI and avoiding common pitfalls that doom ...
After reading very interesting posts by Earl Perkins at Gartner, an article from Deloitte on financial institutions making Identity and Access Management (IAM) their #1 priority, and my friend Nishant Kaushik's recent series on Federated Provisioning and the Cloud, which is brilliant and thought provoking (nicely done Nishant); I felt compelled to chime in.
Given the increased relevance of NERC CIP compliance in the Energy sector over the last 12 months, we have been focusing on this topic from an Identity and Access Management (IAM) perspective since early this year.  Our CTO, Ash Motiwala posted a couple of very good blog articles on this subject: A NERC CIP Quick Win = Recertification + Closed Loop Deprovisioning and An Introduction to NERC CIP ...
In this 2-part article, I hope to explain the importance of identity assurance in everyday life. I will first level set on terms and definitions in part 1, and then illustrate with real-life examples in part 2.