Category Archives: Identity and Access Management

Britain’s banks told to draw up cyber-attack plans

Original story on finextra.

Britain’s financial institutions must put concrete plans in place over the next few months to deal with the growing threat of cyber-attacks, the Bank of England has warned.

Minutes of last month’s BofE Financial Policy Committee meeting reveal concerns that, with the cyber-threat growing, the financial system has “a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems”.

The Treasury is already working to assess, test and improve the UK’s financial system’s resilience to cyber-attacks, developing general guidance on best practice for banks.

The FPC has backed the “direction of travel” but says that the next step is for regulators to make sure that banks have concrete plans in place. Action plans should be ready by the first quarter of 2014, with progress report by the end of this year. The Bank of England will also “be reviewing its own resilience”.

Last month a top US banking regulator warned that more legislation may be needed in the fight against an ever-growing cyber-security threat which has seen bank Web sites come under repeated DDoS attacks in recent months.

To find out how best to draw up plans for these regulations, register for the Ovum and Incapsula webinar Effectively mitigating the largest and smartest DDoS attacks here.

Taking advantage of the human factor

Guest post from IBM Security Systems

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

No one doubts that social media is a valuable tool for business.  Unfortunately it is now a top asset for cyber-criminals too, playing a pivotal role in the way in which they reach their targets.  Initially seen as a rich source for gathering the intelligence required for more sophisticated attacks, nowadays attackers are using the psychology behind social media to gain and exploit users’ trust.

  • A single attack can influence the actions of millions of people in real-time as shown when a compromised trusted account sent out false information about explosions at the White House causing a “flash crash” of the US stock market.
  • If a Twitter account with millions of followers sends a link to an infected site the odds of some of those recipients clicking on the link are greatly increased.
  • By compromising a central site and using it to serve malware attackers are able to reach more technically savvy victims who might not be fooled by phishing attempts.

The only effective defence is awareness and education to understand the latest security risks and stay ahead of emerging threats.  Join the IBM experts at Ovum Identity & Access Management on 22nd October to find out what you can do to help keep your organization secure.

“IAM technologies are becoming threat-aware”: Executive Interview with Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems

Executive Interview with Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems who will be presenting in the keynote at Ovum Identity & Access Management Forum on 22 October.


Ravi Austin picIs the traditional use of Identity and Access Management (IAM) technology changing within an enterprise?

Yes.   With the rapid adoption of mobile, social and cloud-based services to expand the businesses and to collaborate with partners and consumers alike, the traditional use of IAM technology is changing to securely enable these transformations.  Traditionally, IAM technologies are deployed as operational management tools to help IT demonstrate compliance and support the internal risk programs.    Now, IAM technologies are viewed as key security controls, to help businesses improve assurance and strengthen the context in which access controls are determined and enforced across the enterprise.

How are IAM technologies evolving to safeguard the cloud, mobile and social interactions?

IAM technologies are becoming threat-aware. Cyber attackers target the weakest link within an enterprise – its people.  As organisations rollout new mobile apps or increase use of cloud-based services, they need to implement context and risk-based access to minimize the use of passwords to control access to business resources.   Organisations are also increasingly under pressure to not only authorise user access, but also inspect and block malicious content for affecting the business critical web applications and services.

Insider threat is on the spotlight.  What can organisations do to address the threats from insiders?

This is a challenging security issue for organisations around the world. Insiders are more than just administrators and root users with shared access. They can be employees with high risk access.  To tackle the insider threat, organisations are investing in privileged identity management that can manage and govern shared access and privileged user passwords, while auditing and recording the high risk session activities to address the growing insider breach and threats.

Continue reading

Image

Infographic: How are you embracing innovation in spite of IT risks?

2013 INFOGRAPHIC-How-are-you-embracing-innovation-in-spite-of-IT-Risks

Safeguarding mobile, cloud and social interactions across the enterprise

Guest post from IBM Security Systems

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

The line between work and personal technology continues to merge as smartphones, tablets and other mobile devices proliferate. Although mobile employees can be more productive by working anytime and anywhere, doing so means they are accessing resources from outside the traditional network perimeter.  Traditional access and authentication controls are now no longer sufficient to safeguard the organisation. As cyber criminals become more sophisticated in their attack methods, so organisations need to be more diligent and proactive in protecting resources in a mobile environment. IBM has developed a portfolio of mobile security solutions that emphasize an adaptive approach to security that can help drive down costs, is secure and can keep up with today’s business climate.

The latest addition to the portfolio is IBM Security Access Manager for Mobile (ISAM for Mobile)

ISAM for Mobile protects access to enterprise resources by authenticating and authorizing mobile users and their devices. Available as either a virtual or hardware based appliance, ISAM for Mobile enables organisations to safeguard access points into the corporate network and enforce context-based access policies that define who and what can access protected resources. Highly scalable and configurable, the solution is designed to deliver a quick time to value and a lower total cost of ownership (TCO).

ISAM for Mobile provides a variety of capabilities for strengthening mobile security:

  • Enables secure user access to mobile and web applications with single sign-on, session management and context-based access control.
  • Improves identity assurance with flexible authentication schemes, such as one-time passwords and RSA SecurID token support ensure single sign-on is available from all access points in the network.
  • Enforces context-aware authorization using device fingerprinting, geographic location awareness and IP reputation scores.
  • Delivers seamless user and application security through integrations with IBM® Worklight
  • Provides actionable insights for reducing risks and demonstrating compliance through integration with the IBM® QRadar® Security Intelligence Platform

For more information on ISAM for Mobile visit our web site at http://www-03.ibm.com/software/products/us/en/access-mgr-mobile

To learn more about protecting the organisation in a multi-perimeter world, come and hear Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems, present on Threat-aware Identity and Access Management during the keynote at Ovum Identity & Access Management on 22nd October.

Are Passwords Dead? We Need a Better System Now

Guest post from IBM Security Systems.

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

According to the Verizon 2013 Data Breach Investigation Report, roughly 76% of all data breaches were enabled by weak credentialing and user authentication. We can therefore say that most – if not all – of our traditional security measures are doing little to close credentialing vulnerabilities. If that’s the case, then we need to discuss replacing them with something that does work.

Importantly, the location of the authentication transaction affects the risks, liability, convenience and economic feasibility for the service provider and consumer differently. Consider that there are effectively only two locations the user-authentication transaction can occur; on the device, and/or in the cloud.

Authentication on the device

Authentication on the device implies just that; processing the authentication of the user on the phone.  Many phone manufacturers contemplate including fingerprint sensors on the device to authenticate the phone user – presumably the entitled privilege holder associated with the credentials stored on the phone or in some data repository elsewhere.

Authentication in the cloud

Authenticating in the service provider’s cloud implies capturing the biometric data on the phone and securely retrieving or transmitting it to the service provider’s cloud, where the authentication transaction takes place.  In this case, the service provider could reduce risk by comparing user-authentication data, captured during applicant enrolment, to data of existing customers so as to negate dual enrolments and fraud.

To learn more about Threat-aware Identity and Access Management for a multi-parameter world, hear Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems, present during the keynote at Ovum Identity & Access Management on 22nd October.

Read the full story http://securityintelligence.com/passwords-are-dead-we-need-a-better-system-now/

Cloud: transforming the IAM industry

Andrew Kellett, Principal Analyst – Software and IT Solutions, has been sharing his thoughts on the problems and opportunities that Cloud presents to the identity and access management industry. Andrew will be presenting his latest research on the topic at Ovum’s 2nd Annual Identity and Access Management Forum, taking place in London in October. Read more below, and on the Ovum website:

The cloud provides significant problems and opportunities for the identity and access management (IAM) industry, according to global analyst firm Ovum. It is a disruptive technology that is challenging the status quo within the IAM sector.

New research from the global analyst firm examined the impact of cloud computing and identity-as-a-service (IaaS) on the IAM sector. Traditional platform vendors are coming under pressure from a new generation of cloud-based specialists that are changing the way that IAM services will be consumed in the future.

According to Andrew Kellett, principal analyst for IT security solutions and author of the report, “The increasing use of cloud-based services is driving the need for better and more interactive single sign-on (SSO) and federated identity management (FIM) facilities. For the foreseeable future, organisations will continue to make use of a mixed range of on-premise, hosted and cloud-based systems and services.”

Continue reading