Tag Archives: identity and access management

“IAM technologies are becoming threat-aware”: Executive Interview with Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems

Executive Interview with Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems who will be presenting in the keynote at Ovum Identity & Access Management Forum on 22 October.


Ravi Austin picIs the traditional use of Identity and Access Management (IAM) technology changing within an enterprise?

Yes.   With the rapid adoption of mobile, social and cloud-based services to expand the businesses and to collaborate with partners and consumers alike, the traditional use of IAM technology is changing to securely enable these transformations.  Traditionally, IAM technologies are deployed as operational management tools to help IT demonstrate compliance and support the internal risk programs.    Now, IAM technologies are viewed as key security controls, to help businesses improve assurance and strengthen the context in which access controls are determined and enforced across the enterprise.

How are IAM technologies evolving to safeguard the cloud, mobile and social interactions?

IAM technologies are becoming threat-aware. Cyber attackers target the weakest link within an enterprise – its people.  As organisations rollout new mobile apps or increase use of cloud-based services, they need to implement context and risk-based access to minimize the use of passwords to control access to business resources.   Organisations are also increasingly under pressure to not only authorise user access, but also inspect and block malicious content for affecting the business critical web applications and services.

Insider threat is on the spotlight.  What can organisations do to address the threats from insiders?

This is a challenging security issue for organisations around the world. Insiders are more than just administrators and root users with shared access. They can be employees with high risk access.  To tackle the insider threat, organisations are investing in privileged identity management that can manage and govern shared access and privileged user passwords, while auditing and recording the high risk session activities to address the growing insider breach and threats.

Continue reading

Advertisements

Are Passwords Dead? We Need a Better System Now

Guest post from IBM Security Systems.

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

According to the Verizon 2013 Data Breach Investigation Report, roughly 76% of all data breaches were enabled by weak credentialing and user authentication. We can therefore say that most – if not all – of our traditional security measures are doing little to close credentialing vulnerabilities. If that’s the case, then we need to discuss replacing them with something that does work.

Importantly, the location of the authentication transaction affects the risks, liability, convenience and economic feasibility for the service provider and consumer differently. Consider that there are effectively only two locations the user-authentication transaction can occur; on the device, and/or in the cloud.

Authentication on the device

Authentication on the device implies just that; processing the authentication of the user on the phone.  Many phone manufacturers contemplate including fingerprint sensors on the device to authenticate the phone user – presumably the entitled privilege holder associated with the credentials stored on the phone or in some data repository elsewhere.

Authentication in the cloud

Authenticating in the service provider’s cloud implies capturing the biometric data on the phone and securely retrieving or transmitting it to the service provider’s cloud, where the authentication transaction takes place.  In this case, the service provider could reduce risk by comparing user-authentication data, captured during applicant enrolment, to data of existing customers so as to negate dual enrolments and fraud.

To learn more about Threat-aware Identity and Access Management for a multi-parameter world, hear Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems, present during the keynote at Ovum Identity & Access Management on 22nd October.

Read the full story http://securityintelligence.com/passwords-are-dead-we-need-a-better-system-now/