Monday, October 24, 2011

Quest Authentication Services now IBM VIOS Certified

Quest Authentication Services (QAS) 4.0 was recently awarded IBM Virtual I/O Server (VIOS) certification.

“VIOS allows a single machine to run multiple operating system (OS) images at the same time but each is isolated from the others. This logical partition (LPAR) controlled by the HMC or IVM that owns hardware adapters like SCSI disks, Fibre-Channel disks, Ethernet or CD/DVD optical devices but allows other LPARs to access them or a part of them. This allows the device to be shared. The LPAR with the resources is called the VIO Server and the other LPARs using it are called VIO Clients. For example, instead of each LPAR having a SCSI adapter and SCSI disk to boot from they can shared one disk on the VIO Server. This reduces costs but eliminating adapters, adapter slots and disks.”

Like a post? Please +1 it below. Thanks!

Thursday, October 20, 2011

More on privileged account (mis-)management

Check out this story I read on InformationWeek: Are Your IT Pros Abusing Admin Passwords?

Just goes to show you that this is a problem that is nearly endemic due to the fact that we have far too many passwords to remember - and that includes privileged account passwords.
  • 42% report that IT staff freely share passwords and access to multiple business systems and applications.
  • 25% of survey respondents said that at least some of the superuser passwords that grant all-access rights to hardware, applications, or databases were less complex than the business' end-user password policies required.
  • 48% of survey respondents reported that privileged account passwords at their business had remained unchanged for at least 90 days.
It's only getting worse with more and more cloud applications and services being used. What's going on with your admin passwords for, for example? What are you going to do about Office365? Exactly.

Wednesday, October 19, 2011

Privileged Identity Management (PIM) Market to Grow 24% Through 2014

I came across this report yesterday. Not surprising to see the following statement highlighted:
One of the key factors contributing to market growth is the growing compliance requirements.
Hopefully, we have all come to realize that the reason for many software acquisitions in this area - identity and access management - are to help companies meet compliance requirements. And, that most of the components of an IAM suite enable a customer to better comply with these regulations.

Update: Martin Kuppinger sent me an email and made a couple of good points that I felt were worth highlighting:

  1. 24% CAGR growth is too low. I agree! The issues around privileged account/identity management are only growing. We've seen some great examples recently of how poor controls around privileged accounts have led to some IT disasters. And, as the report highlights, compliance regulations aren't getting any easier.
  2. It's easier to be compliant when PxM (Privileged whatever Management) becomes tightly integrated with Provisioning and Access Governance, unlike today, where we frequently see things done separately for "normal" and privileged accounts, users, and identities. This is very true. It isn't really possible to consider PxM outside of provisioning and access governance any more. The days of just managing "root" on your Unix boxes are long gone. In fact, I wonder how companies are going to handle their Office365 administrative account? How they handle their privileged accounts? PxM needs to include the cloud too!

Tuesday, October 04, 2011

Achieving PCI DSS Compliance with Quest One Solutions for Privileged Access

We just published this whitepaper. It’s pretty hard to over-emphasize how the management, control and audit of both shared/privileged account passwords is mandatory in meeting PCI requirements.

Like all regulatory requirements, there is no single product or policy/procedure that can assure compliance! PCI compliance requires that your enterprise deploy many security technologies, and have specific policies and procedures in place.

This white paper focuses on the unique issues and solutions associated with both privileged password management and remote vendor access in meeting PCI compliance requirements. Many of the requirements highlighted cannot be resolved or adequately addressed by existing enterprise security technologies such as firewalls, VPN and IDS solutions. Existing legacy policies and procedures are also unable to meet many of the requirements standards presented under PCI.