Identity and Access Management (IAM)

Is IAM like a jellyfish?

Matthew Gardiner — Tue, 08 Jul 2008 14:15:00 GMT

IAM Market is Like a Jellyfish? I couldn't resist the blogging exercise of connecting these two seemingly unrelated concepts. In the world of blogging, for better or worse, often the best way to attract readership is with a strange title and lead-in. I think the title of this blog entry covers that approach sufficiently. However thinking of IAM technologies as being...

The Identity Dial Tone -- the tip of the iceberg

Jeffrey Broberg — Thu, 26 Jun 2008 20:31:00 GMT

My previous blogs discussed Identity 2.0 and OpenID, both of which describe a user-centric perspective of identity that focus on breaking down the enterprise control over personal private information. I also collaborated on the joint paper "CA and Microsoft Support for User-Centric Identity and the Identity Metasystem", that describes how SiteMinder can participate...

Identity and Virtualization -- the start of a discussion

Vadim Lander — Thu, 19 Jun 2008 15:42:00 GMT

The other day I was re-configuring a VmWare instance of our SiteMinder product when a simple realization hit me. What if this was an image containing some kind of secure application or sensitive financial data? I would be able to change the application, change the data or plant a virus. And if someone else with no knowledge of my attack copied the image to a production environment,...

Security through the ages

Mike Small — Mon, 09 Jun 2008 14:47:00 GMT

Anyone who has visited the British Museum in London cannot fail to be impressed by the collection of 130,000 cuneiform tablets dating back up to 3,000 years. But what were the messages written on these tablets that have been passed down through the generations between? An interesting article in the UK Daily Telegraph Newspaper...

Embarrassing Questions -- and how IAM can help eliminate them

Sumner Blount — Mon, 26 May 2008 15:11:00 GMT

I work with many members of the CA IAM sales and technical teams to help them understand and communicate the business values of IAM. As a general rule, this is fairly straightforward since the benefits of IAM have become quite clear over past few years. The tried-and-true benefits, include (each one is linked to a CA whitepaper on that topic): a) reduces IT costs, b)...

Compliance Messages at RSA....some thoughts

Sumner Blount — Wed, 14 May 2008 20:52:00 GMT

Although it's been a few weeks since the RSA show, I wanted to pass on something that struck me as I walked around the show floor, checking out all the booths. Last year, the hot buzzword of the show seemed to be "compliance". Everyone was jumping on that bandwagon in their marketing, because customers seemed to view their compliance challenges as the biggest...

Security, Privacy, and Trust -- Mission Impossible?

Mike Small — Mon, 12 May 2008 15:11:00 GMT

Scott McNealy famously said "You have zero privacy - get over it". The recent stories regarding the loss of personal data have put a sharp perspective on the question of privacy. Polls show that people say they will only deal with organization that they can trust to protect their personal data. What can organizations do to achieve this trust? Privacy What is...

Recent news and how IAM could have helped

Merritt Maxim — Wed, 23 Apr 2008 15:27:00 GMT

As information security professionals, we are always interested in finding stories or anecdotes to help make a point or to further educate people on the importance and need for strong information security. An item grabbing US headlines recently was the story concerning the inappropriate access to the passport files of the 3 major US presidential candidates, Barack Obama,...

Liberty Alliance Workshop at the RSA Conference Drives Home the Point that Identity Federation is Entering the IT Security Mainstream

Matthew Gardiner — Thu, 17 Apr 2008 13:31:00 GMT

I recently returned from a week at the RSA Conference which is somewhat of an annual pilgrimage for IT security people that takes place in the heart of San Francisco in the Moscone Center. http://www.rsaconference.com/2008/US/home.aspx Even though the Olympic flame relay was also in town on its only stop in North America on its worldwide tour, we RSA Conference...

Some thoughts on e-ID

Mike Small — Fri, 11 Apr 2008 13:22:00 GMT

In late February I gave a talk at a conference on e-ID in Belgium organized by L-SEC http://www.lsec.be. Belgium is one of the first countries in the world where all citizens will have their identity supported by a digital identity card. Unlike Finland, where the e-ID card is optional, in Belgium it is a legal requirement that every resident registers their address. This registration process...

User-centric Identity - a joint CA/Microsoft effort

Jeffrey Broberg — Tue, 08 Apr 2008 15:29:00 GMT

The Identity Metasystem offers a new way to think about the relationship between parties that are interested in either consuming or producing identity information. Sometimes this is referred to as Identity 2.0, or more correctly as User Centric Identity. This new paradigm offers many benefits, from increased security, enhanced privacy, and the opportunity for new business models. It is sometimes...

A visit to the Vasa Museum -- an IT analogy

Mike Small — Thu, 13 Mar 2008 15:04:00 GMT

During my recent visit to Euro CACS - the Computer Audit and Control Symposium - in Stockholm the event night was held at the Vasa museum. This museum contains the preserved remains of the Vasa a 16th century man of war that was recovered from the sea near Stockholm. The story of this ship is one that will have a ring of familiarity to anyone involved in the IT industry. The...

CA Receives SAML 2.0 Certification from the GSA’s E-Authentication Solution

Matthew Gardiner — Mon, 29 Oct 2007 14:25:00 GMT

Excuse me while I blow our own horn a bit via the title of this blog. I recognize that excessive horn-blowing is not blogger couth. I do have a more general point to make in this blog – that the technology particulars of federation systems still do matter. But, first the facts. Recently CA and five other IAM vendors received certification from the GSA’s E-Authentication Solution for the GSA’s...

Thoughts From ISSE/Secure 2007 – We Are All In This Together

Matthew Gardiner — Wed, 03 Oct 2007 15:01:00 GMT

I recently returned from a week in Warsaw, Poland where I presented at, and attended the ISSE/Secure 2007 (Information Security Solutions Europe) conference and reconnected with the city and people with whom I lived some 15 years ago. What is the ISSE/Secure 2007 conference? It bills itself as Europe’s only independent security conference. A primary organizer of the conference is ENISA, which is...

Software Quality: The UK Report on Internet Security

Simon Perry — Tue, 14 Aug 2007 14:08:00 GMT

In 2006, the UK House of Lords undertook a far ranging study of the problem of internet crime and the resultant impact to individuals, businesses, and the economy as a whole. On August 10 th 2007, the results of the study were published under the title...(read more)