[Log In] []

Exploring the science and magic of Identity and Access Management

He who can no longer pause to wonder and stand rapt in awe, is as good as dead; his eyes are closed. — Albert Einstein

Sunday, May 24, 2015

KuppingerDole: 8 Fundamentals for Digital Risk Mitigation

Identity, Information Security
Author: Mark Dixon
Tuesday, May 5, 2015
1:45 pm

Mk

Martin Kuppinger, founder and Principal Analyst at KuppingerCole recently spoke in his keynote presentation at the European Identity & Cloud Conference about how IT has to transform and how Information Security can become a business enabler for the Digital Transformation of Business

He presented eight “Fundamentals for Digital Risk Mitigation” 

  1. Digital Transformation affects every organization 
  2. Digital Transformation is here to stay
  3. Digital Transformation is more than just Internet of Things (IoT) 
  4. Digital Transformation mandates Organizational Change
  5. Everything & Everyone becomes connected 
  6. Security and Safety is not a dichotomy 
  7. Security is a risk and an opportunity 
  8. Identity is the glue and access control is what companies need

I particularly like his statements about security being both risk and opportunity and that “Identity is the glue” that holds things together.

Wish I could have been there to hear it in person.

 

First American in Space – May 5, 1961

Space Travel
Author: Mark Dixon
Tuesday, May 5, 2015
1:24 pm

Fifty four years ago today, on May 5, 1961, a long time before I knew anything about Cinco de MayoMercury Astronaut Alan B. Shepard Jr. blasted off in his Freedom 7 capsule atop a Mercury-Redstone rocket. His 15-minute sub-orbital flight made him the first American in space

His flight further fueled my love for space travel that had been building since the Sputnik and Vanguard satellites were launched a few years previously.

 

Alan Shepard, Mercury-Redstone Rocket

 

IAM Euphemism: Opportunity Rich Environment

Identity
Author: Mark Dixon
Monday, May 4, 2015
8:36 pm

Recently I heard a  executive who had been newly hired by a company describe their current Identity and Access Management System as an “Opportunity Rich Environment”. Somehow that sounds better than “highly manual, disjointed, insecure and error-prone,” doesn’t it?

 

 

A Message to Dad

Family, Space Travel
Author: Mark Dixon
Wednesday, April 22, 2015
10:03 pm

This in an advertisement from Hyundai, but it has a really cool message. Enjoy!

 

In Pursuit of a “Known Traveler Number”

Identity, Travel
Author: Mark Dixon
Wednesday, April 22, 2015
4:59 pm

Precheck

I have been using the TSA PreCheck service since soon after its inception in 2011, without paying an enrollment fee, after being invited by US Airways to participate. This has allowed me to use the simpler and faster TSA PreCheck lane at airport security, rather than joining the majority of fliers in regular security lines. However a couple of weeks ago, I received a notice from American Airlines, which is merging with US Airways, that I now needed to register for a “Known Traveler Number” (KTN) so I can continue to use the PreCheck service. I don’t really know why my gratis status is no longer acceptable, but it apparently it is.

So, I filled out a pre-registration form at Universal Enroll last week, booked at a screening appointment at a registration center a few miles from my house, and went through the final process today. 

Today’s registration process was unexpectedly painless. It took less than 15 minutes, including a short wait in the lobby, fingerprinting, stepping through a series of Identity Proofing steps and paying the $85 fee. Alas, I still don’t have a KTN.  That is supposed to be issued in a week or two after some big computer in the sky processes my information. Then, I am supposed to be set up to use the PreCheck lane every time.

The downside?  The government has me in yet another identity database.  My KTN will be linked to my SSN, as well as to my fingerprints and other personal identification data. Big Brother seems closer than ever before!

Next step after the KTN?  I will need to get a new Arizona drivers license that is Real ID compliant before January if I want to continue flying. Yet another Federal tentacle into my life! 

 

Welcome Home Apollo 13

Space Travel
Author: Mark Dixon
Friday, April 17, 2015
7:57 am

Apollo13

Forty five years ago today, the embattled crew of Apollo 13 safely returned home. Against great odds, aided by terrific ingenuity from crews on the ground and undoubtedly by divine providence, the Apollo 13 crew survived an oxygen tank explosion and resultant failure of other systems through improvisation, steely dedication and pure grit.  

I was just finishing my junior year of high school when this occurred. Apollo 13 has been an inspiration to me ever since.

 

Photo: Astronauts James Lovell, John Swigert and Fred Haise are shown soon after their rescue still unshaven and wearing space overalls. 

 

Honoring Jackie Robinson in Space

Space Travel, Sports
Author: Mark Dixon
Wednesday, April 15, 2015
8:53 pm

NASA astronaut Terry Virts, wearing a replica Jackie Robinson jersey in the cupola of the orbiting International Space Station, is celebrating Jackie Robinson Day, April 15, with a weightless baseball.

SpaceBall2

April 15th (Baseball’s opening day in 1947) has now come to commemorate Jackie Robinson’s memorable career and his place in history as the first black major league baseball player in the modern era. He made history with the Brooklyn Dodgers (now the Los Angeles Dodgers) and was inducted to the Baseball Hall of Fame in 1962.

Congratulations, Jackie, for your courage!  Thank you, Terry, for a memorable celebration!

 

Version 2015 Data Breach Investigations Report

Information Security
Author: Mark Dixon
Wednesday, April 15, 2015
8:25 pm

Verizon2015DBIR

The new Verizon 2015 Data Breach Investigations Report has been published.

It is interesting to note … 

The year 2014 saw the term “data breach” become part of the broader public vernacular, with The New York Times devoting more than 700 articles related to data breaches, versus fewer than 125 the previous year.

And there are undoubtedly more to come. Consider one of the scariest charts in the report:

[The chart] contrasts how often attackers are able to compromise a victim in days or less (orange line) with how often defenders detect compromises within that same time frame (teal line). Unfortunately, the proportion of breaches discovered within days still falls well below that of time to compromise. Even worse, the two lines are diverging over the last decade, indicating a growing “detection deficit” between attackers and defenders.”

VerizonChart01

Enjoy the read! We in the information security industry have a lot of work to do.

 

Cory Doctorow:Will Technology Set Us Free or Enslave Us?

Identity
Author: Mark Dixon
Wednesday, December 3, 2014
12:10 pm

CoryDoctorow

I heard my first speech from Cory Doctorow at the Gartner IAM Summit this morning. He gave an interesting overview of the history of digital copyright law and attempts to enforce limited access by schemes such as Digital Rights Management and encrypted data streams. He expanded beyond this basic overview to discuss how current laws make it illegal to reveal hidden flaws in software and devices. Some points I found particularly thought-provoking include:

  • The 1998 Digital Millennium Copyright Act  which criminalized breaking Digital Rights Management methods, wasn’t very effective, because people who were willing to break existing laws to steal content didn’t mind breaking another law.
  • Current copyright laws designed to make it illegal to know how DRM or encrypted streaming video devices work (e.g. Netflix player devices) also make it illegal to reveal flaws in our computers.
  • These laws may stop honest people, but support bad guys’ efforts to discover and weaponize vulnerabilities.
  • The NSA and its British equivalent spent billions of dollars per year to find vulnerabilities in devices, but don’t reveal what they have found.
  • Back doors to systems (such as government-requested back doors to encryption algorithms) have no allegiance.  We must assume that such back doors will be used for evil as well as good purposes.
  • Be suspicious of any software you cannot audit or inspect. How else can you know what lurks therein?
  • Remember – the capacity for human self-deception is bottomless. Will technology set us free or enslave us?

Interesting ideas worthy of further investigation.  The concept of unintended consequences certainly applied here.

 

Earl Perkins: The Identity of Things for the Internet of Things

Identity, Information Security, Internet of Things
Author: Mark Dixon
Wednesday, December 3, 2014
11:20 am

Earl Perkings, Gartner

Yesterday, at the Gartner Identity and Access Management SummitEarl Perkins, Gartner’s Research Vice President in Systems, Security and Risk, gave a thought-provoking talk, proposing that Identity and Access Management as it is today is not going to cut it for the Internet of Things. Some the highlights include (filtered through the lens of my interpretation):

  • IoT can be described as as set of devices that can sense and interact with the world around it. Such devices can sense, analyze, act and communicate.
  • Devices, services and applications are creators or consumers of information, and must join humans in having identities.
  • Architectural concepts of IAM may still hold, but the scale will be vastly larger and must accommodate more than human identities.
  • Perhaps the word “thing” should be replaced by the term “entity”
  • Every entity has an identity
  • We need a model of entities and relationships between these entities.
  • We must address layered hierarchies of identities.
  • We should not separate device management and identity management systems.
  • Identity Management and Asset Management systems will likely converge.
  • Identity and Access Management may become:
    • Entity Relationship Management
    • Entity Access Management
  • We may think of architectures in four levels: things, gateways/controllers, connectivity, applications and analytics.
  • Two major camps of consumption: Enterprise (where more money is currently being spent) and Consumer (which is hot and sexy, but not currently making much money).
  • Strong year-over-year IoT growth is happening in four industry sectors:
    • Automotive – 67% CAGR
    • Consumer – 32% CAGR
    • Vertical specific – 24% CAGR
    • Generic business – 44% CAGR
  • Companies are “throwing jello against the wall” to see what sticks.

I really like Earl’s ideas about convergence of “entities” and “relationships” between entities.  Please note my blog post Identity Relationship Diagrams  posted in March 2013.

I also favor his view that identity management should not be separate from device management.

It will be interesting to see how architectures are transformed and what “jello sticks to the wall” in the coming years.

 
 
 
 
 
Copyright © 2005-2013, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.