On Thursday, the House Committee on Homeland Security sent a letter to TSA Assistant Secretary Gale Rossides expressing concern about the handling of Clear members personal data.
User provisioning provides the foundation for effective lifecycle management of user identity and access rights in complex IT environments. Historically, enterprises have addressed this critical need through a combination of business process and integration of premise-based applications with management tools. These tools have included local directory services, identity services and user provisioning and role management solutions. The recent rapid adoption of SaaS and cloud-based applications is now significantly straining the on-premise capabilities of existing IT models and approaches.I think there are lots of executives and IT staff who are running around thinking that SaaS is the promised land. If you consider an SaaS application as "just another application" you will understand that your end-user identities still must be managed in that SaaS application. How are you going to provision, de-provision and update those identities? How are you going to manage the namespace of your corporate identities and the namespace of your SaaS application's identities? (Don't make me break out the Venn diagrams!)
Are you thinking about going to this conference? If you are let me help push you over the edge!Quest Software offers a suite of solutions that enables migration to Active Directory service from competing platforms, and delivers directory consolidation by extending Active Directory into heterogeneous IT environments. The suite also provides compliance by compiling an audit of system access events and secure dual-factor authentication through one-time password tokens, and creates a single sign-on solution using Active Directory. Quest implemented its solution, replacing a competing platform, to deliver dual-factor authentication of remote users at a lower cost and with zero impact to users. Seamless collaboration across Quest, Microsoft, and a key systems integrator partner enabled the Active Directory migration to be completed quickly and with no system downtime. Quest Software solutions have enhanced thousands of enterprise Active Directory environments, including Dell, Movado, Siemens, ADT, and Shell.Update: More from Microsoft here.
Finalist: Centrify, United States
Finalist: Likewise Software, United States
In Infrastructure as a Service (IaaS) cloud services such as Amazon’s EC2, the provider hosts virtual machines (VMs) on behalf of its customers, who can do arbitrary computations. In these systems, anyone with privileged access to the host can read or manipulate a customer’s data. Consequently, customers cannot protect their VMs on their own.I read two papers on this topic over the last few days and I invite you to take a look at them. If you are short of time at least try to read "Towards Trusted Cloud Computing". This paper gives a good overview of how cloud computing services "have no means of verifying the confidentiality and integrity of their data and computation". This paper helped me to understand some of the core security issues around cloud computing.
...a copy of your biometric information (but not your name) is retained by the Transportation Security Clearinghouse to prevent fraudulent enrollments under alternate identities.
GrIDsure’s solution is based on its groundbreaking yet simple invention that allows users to authenticate themselves by remembering a minimum of a four block sequential pattern on a five by five grid. By integrating GrIDsure’s software-based solution, Quest will be able to offer its customers an enhanced level of scalable security at a very competitive price point, whilst enhancing the user experience.
Brian Green's experience with not-so-secret questions began when he logged on to his World of Warcraft account in March of this year and found all of his characters in their underwear. Someone had stolen the account and sold off all of his virtual equipment.This article made me burst out laughing but behind the humor of someone have all of their "virtual equipment" being sold off there's a serious point to be made: Secret questions used to secure password-reset functions can be woefully insecure.
In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study's participants could guess the correct answers to the participant's secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question.If it isn't obvious to all you really must ensure that your secret answers are, in fact, secret and secret means not easily guessed or easily subjected to social engineering attacks. I highly recommend that an out-of-band technique be used to send you your new password. For example, an SMS message with your temporary password to your mobile phone or the use of a one-time password (OTP) as part of your Q&A response profile. Both of these rely on something you know and something you have - much harder for the hacker to defeat.
