Most Recent Blogs

How the Fluid Network Perimeter Is Driving an Internet of Identities

Posted: August 10, 2017   /   By: Mark Bowker   /   Tags: Cybersecurity, IAM, Enterprise Mobility, Internet of Identities

internet-identities.jpgMy esteemed colleague, Jon Oltsik, previously wrote about how identity and access management infrastructure is misaligned with security. Mobility, device proliferation, cloud, and the threat landscape make an enterprise IAM strategy extremely important, but many organizations continue to treat IAM as a hot potato, with no real owner or strategy. As I’m pursuing an upcoming research project related exploring IAM's key role in providing security via the Internet of Identities and speaking with IT pros who are rearchitecting their IAM infrastructure for mobility, I’m excited about how these business activities can be dramatically improved by taking a fresh look at IAM.

Read More

NY State Cybersecurity Regulations: Who Wins?

Posted: February 23, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, CISO, IAM, encryption, SOAPA, financial services, DFS 23 NYCRR 500

hero-newyork.jpgAs you probably know by now, on February 16, the State of New York’s Department of Financial Services (DFS) finalized its new cybersecurity regulations which take effect on March 1, 2017. 

Read More

The Era of Identity-based Applications

Posted: September 15, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, IAM, identity and access management

Eye_on_Keyboard.jpgIdentity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.

As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.

Read More

Identity and Access Management (IAM) infrastructure is misaligned with security

Posted: May 23, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, IAM, identity and access management

identity and access managementSeveral CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e. user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.

Read More

Security Requirements Are Driving Identity Management

Posted: January 28, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, IAM, identity management

IAM analysisAnyone familiar with identity management knows that it can be extremely messy — lots of tactical tools, access policies, multiple data repositories, manual processes, etc. Furthermore, user authentication continues to be anchored by user names and passwords making nearly every organizations vulnerable to credentials harvesting, identity theft, and cyber-attacks.

Read More

Dear CISO, Tear Down These Legacy Cybersecurity Walls!

Posted: May 26, 2015   /   By: Jon Oltsik   /   Tags: Network Security, CISO, IAM, web application security

wallsHere’s a scenario we’ve all encountered: You go to a nice restaurant to enjoy a meal and the whole experience turns sour. The service is terrible, your entrée arrives before your salad, and your food is overcooked and virtually inedible.

Read More

Anticipating RSA 2015

Posted: April 07, 2015   /   By: Jon Oltsik   /   Tags: Network Security, endpoint security, threat intelligence, IAM, SDN, cloud security

cable_carThe annual security geek-fest known as the RSA Security Conference is just 2 weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics. 

As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites and a constant barrage of hokey themed cocktail parties.

Read More

Big Data Security Analytics Meets Identity and Access Management (IAM)

Posted: May 19, 2014   /   By: Jon Oltsik   /   Tags: IBM, End-User Computing, Data Management & Analytics, Information and Risk Management, Enterprise Software, Security and Privacy, Security, big data security analytics, Courion, Sailpoint, compliance, IAM, Governance, cybercrime, Anti-malware

While most enterprise organizations have SIEM installed, they now realize that these venerable security systems cannot address today’s dangerous threat landscape alone. As a result, many are adding network forensics and big data analytics systems for capturing, processing, and analyzing a whole bunch of additional security data.

In the majority of cases, big data security analytics systems are applied to data such as network packets, packet metadata, e-mails, and transaction systems to help security teams detect malware, phishing sites, and online fraud. Great start, but I’m starting to see another burgeoning focus area – IAM. Of course, many large organizations have IAM tools for user provisioning, SSO, and identity governance, but tracking all the instantiations of user activity remains elusive. In a recent ESG research survey, security professionals were asked to identify their weakest area of security monitoring. More than one-quarter (28%) pointed to “user behavior activity monitoring/visibility,” – the highest percentage of all categories.

Read More

Posts by Topic

see all