Tag Archives: risk

Are Passwords Dead? We Need a Better System Now

Guest post from IBM Security Systems.

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

According to the Verizon 2013 Data Breach Investigation Report, roughly 76% of all data breaches were enabled by weak credentialing and user authentication. We can therefore say that most – if not all – of our traditional security measures are doing little to close credentialing vulnerabilities. If that’s the case, then we need to discuss replacing them with something that does work.

Importantly, the location of the authentication transaction affects the risks, liability, convenience and economic feasibility for the service provider and consumer differently. Consider that there are effectively only two locations the user-authentication transaction can occur; on the device, and/or in the cloud.

Authentication on the device

Authentication on the device implies just that; processing the authentication of the user on the phone.  Many phone manufacturers contemplate including fingerprint sensors on the device to authenticate the phone user – presumably the entitled privilege holder associated with the credentials stored on the phone or in some data repository elsewhere.

Authentication in the cloud

Authenticating in the service provider’s cloud implies capturing the biometric data on the phone and securely retrieving or transmitting it to the service provider’s cloud, where the authentication transaction takes place.  In this case, the service provider could reduce risk by comparing user-authentication data, captured during applicant enrolment, to data of existing customers so as to negate dual enrolments and fraud.

To learn more about Threat-aware Identity and Access Management for a multi-parameter world, hear Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems, present during the keynote at Ovum Identity & Access Management on 22nd October.

Read the full story http://securityintelligence.com/passwords-are-dead-we-need-a-better-system-now/

Cloud: transforming the IAM industry

Andrew Kellett, Principal Analyst – Software and IT Solutions, has been sharing his thoughts on the problems and opportunities that Cloud presents to the identity and access management industry. Andrew will be presenting his latest research on the topic at Ovum’s 2nd Annual Identity and Access Management Forum, taking place in London in October. Read more below, and on the Ovum website:

The cloud provides significant problems and opportunities for the identity and access management (IAM) industry, according to global analyst firm Ovum. It is a disruptive technology that is challenging the status quo within the IAM sector.

New research from the global analyst firm examined the impact of cloud computing and identity-as-a-service (IaaS) on the IAM sector. Traditional platform vendors are coming under pressure from a new generation of cloud-based specialists that are changing the way that IAM services will be consumed in the future.

According to Andrew Kellett, principal analyst for IT security solutions and author of the report, “The increasing use of cloud-based services is driving the need for better and more interactive single sign-on (SSO) and federated identity management (FIM) facilities. For the foreseeable future, organisations will continue to make use of a mixed range of on-premise, hosted and cloud-based systems and services.”

Continue reading