The Internet of Identities: Coming Soon and Bringing Massive IAM Changes

My colleague Mark Bowker has a concept called the Internet of identities. How does this differ from the Internet of Things? The Internet of Things is about, well things – devices, controllers, actuators, etc. But these things will perform tasks, collect data, connect to other devices, etc. In other words, each device will have an identity with multiple attributes, and each of these attributes must be understood to enable good things to occur and block bad things from happening. Thus, the Internet of identities.

Topics: Cybersecurity Internet of Things Identity and Access Management Enterprise Mobility

How the Fluid Network Perimeter Is Driving an Internet of Identities

My esteemed colleague, Jon Oltsik, previously wrote about how identity and access management infrastructure is misaligned with security. Mobility, device proliferation, cloud, and the threat landscape make an enterprise IAM strategy extremely important, but many organizations continue to treat IAM as a hot potato, with no real owner or strategy. As I’m pursuing an upcoming research project related exploring IAM's key role in providing security via the Internet of Identities and speaking with IT pros who are rearchitecting their IAM infrastructure for mobility, I’m excited about how these business activities can be dramatically improved by taking a fresh look at IAM.

Topics: Cybersecurity Identity and Access Management Enterprise Mobility

The Internet of Identities (IoI)

Everyone is talking about IoT these days and for good reason – there are already billions of devices connected to the global Internet and some researchers are predicting 50 billion by 2020. This alone will make CISOs' jobs more difficult, but security executives face many other associated challenges as well:

Topics: Cybersecurity Internet of Things Identity and Access Management

NY State Cybersecurity Regulations: Who Wins?

As you probably know by now, on February 16, the State of New York’s Department of Financial Services (DFS) finalized its new cybersecurity regulations which take effect on March 1, 2017. 

Topics: Cybersecurity Identity and Access Management SOAPA

The Era of Identity-based Applications

Identity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.

As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.

Topics: Cybersecurity Identity and Access Management

Balancing user experience with security

The number one challenge I hear from IT professionals across the board is balancing security with user experience across multiple device types that employees use in the course of a day. If those IT pros turn the dial too far in one direction, they’re faced with security vulnerabilities. If they rotate the dial too far in the opposite direction, they faced user-experience hurdles.

This challenge is exacerbated for those companies that want to further embrace cloud consumption models, but are once again perplexed about where to set the dial.

Topics: Identity and Access Management Enterprise Mobility

Identity and Access Management (IAM) infrastructure is misaligned with security

Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e. user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.

Topics: Cybersecurity Identity and Access Management

Security Requirements Are Driving Identity Management

Anyone familiar with identity management knows that it can be extremely messy — lots of tactical tools, access policies, multiple data repositories, manual processes, etc. Furthermore, user authentication continues to be anchored by user names and passwords making nearly every organizations vulnerable to credentials harvesting, identity theft, and cyber-attacks.

Topics: Cybersecurity Identity and Access Management

Dear CISO, Tear Down These Legacy Cybersecurity Walls!

Here’s a scenario we’ve all encountered: You go to a nice restaurant to enjoy a meal and the whole experience turns sour. The service is terrible, your entrée arrives before your salad, and your food is overcooked and virtually inedible.

Topics: Identity and Access Management

Anticipating RSA 2015

The annual security geek-fest known as the RSA Security Conference is just 2 weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics. 

As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites and a constant barrage of hokey themed cocktail parties.

Topics: Cybersecurity Networking Identity and Access Management