Identity Management Blog

In our last two entries, I blogged about the changing faces of the stakeholders of an Identity and Access Management (IAM) initiative. The first entry described the stakeholders during the inception phases of the initiative, while the second entry focused on the stakeholders that are needed in order to get the IAM initiative funded.  This entry will focus on the "Off to the Races" phase of the program.
Read More
2010 has been a very eventful year for identity.   It has been a solid year chock full of M&A activity and innovations – all good signs that Identity and Access Management (IAM) continues to be a vibrant and relevant space in the information security market.  Below are some rants on my perspective of the events in IAM in 2010.
Identropy adds a new offering as part of its well-known Advisory Services: the Identropy IAM Primer Series.  This offering not only provides access to Identropy's IAM best practices library, but also provides direct access to an Identropy IAM professional.
Based on feedback received from nearly 100 IAM projects (and counting), it's abundantly clear to us that organizations that have taken the up-front time to set-up an IAM Governance Body prior to detailing the specifications of the solution are typically far more successful than those that have chosen to 'play it by ear.'  Unfortunately, too many organizations shy away from establishing an IAM ...
As with any market, IAM software vendors vie for business by positioning and re-position their software in front of potential customers. Ultimately, the customer selects a vendor, implements the software, and walks into the sunset...right? Wrong.
Given the increased relevance of NERC CIP compliance in the Energy sector over the last 12 months, we have been focusing on this topic from an Identity and Access Management (IAM) perspective since early this year.  Our CTO, Ash Motiwala posted a couple of very good blog articles on this subject: A NERC CIP Quick Win = Recertification + Closed Loop Deprovisioning and An Introduction to NERC CIP ...
In my previous entry on NERC CIP compliance, I mentioned a few patterns that have emerged in addressing NERC CIP standards with IAM technologies.  I also mentioned the importance of developing an IAM roadmap and executing on quick wins to demonstrate that your organization is making moves towards compliance.   In this article, I'd like to highlight a great first quick win that your organization ...
For professionals who work in Information Security (InfoSec) within the Energy sector, NERC (the North American Electric Reliability Corporation) is simply a part of everyday life.  NERC is a self-regulatory, non-government organization which has statutory responsibility to regulate bulk power system users, owners, and operators through the adoption and enforcement of standards for fair, ethical ...
In Part I of this series, we covered why a corporation may (or may not) need an Identity Management Roadmap. In this post, we'll briefly cover its prerequisites. Roadmap Development should be viewed as a discrete task that is only one component of an Identity Management Workshop. In fact, Roadmap Development should be the last (or one of the last) tasks in your identity management assessment. ...
Since we've performed more identity management workshops for our customers than I care to count, I thought a blog series was in order to provide some of our insights into aiding corporations develop an Identity Management Roadmap (which is a step by step guide for your organization to follow when deploying an identity management solution).   I got a chance to sit down and interview some of our ...