CA Community






This Blog
Syndication

January 2012 - Posts

Cloud IAM Services-Everyone’s New Punching Bag

Published: January 30 2012, 10:36 AM | no comments
by Merritt Maxim

Any new product or technology is invariably accompanied by certain levels of skepticism and cynicism.  Whether it is the latest smart phone lacking a certain mega-pixel camera or a new version of enterprise software not supporting a given operating system or standard, critics will always appear to question these new products' viability.

As we enter 2012, cloud computing, or more specifically, Identity and Access Management as a cloud service, is seeing a healthy level of criticism around its viability and maturity.  This is to be expected as with any new product or offering, but based on my discussions with customers and partners over the last few months; some of this criticism is unfounded.

Yes, organizations have certain levels of trepidation around IAM in the cloud, but interestingly many of these concerns are business and operational not technology issues.  Questions such as:

  • Physical locations of datacenters
  • Disaster recovery/backup procedures
  • Ownership and storage of data in cloud
  • Auditing procedures
  • Background screening on datacenter employees

These are all valid questions and now that even Virginia is susceptible to seismic activity, surprisingly common.  But these questions should not be reason for skepticism.   The reason is that these issues can be solved and addressed.  If customers' questions were focused purely on underlying technology issues such as lack of standards support or lack of support for certain use cases, it would be cause for concern as such issues would indicate a mismatch between customer requirements and the actual technology (anyone remember PKI in the late 1990s?).

When concerns focus more on business issues, that is cause for optimism.  Security professionals need to look no farther than the growth of identity federation as a proof point.  Although identity federation had some early hiccups on standards and implementations, many of the obstacles for federation were centered around contractual issues between partners and how to execute/manage such relationships.  The continued maturation of identity federation has proven that these business issues have been resolved and that federation has grown successfully without continued technological obstacles.

There is no doubt that there are still many technology issues that have to be addressed with cloud IAM, but we can look to initiatives like SCIM as proof that the industry is committed to solving these.  When it comes to cloud IAM, in the words of the great 1980s band Timbuk3, "The Future is So Bright, I Gotta Wear Shades."

Share this post:  
Tags: , , , , ,
Leave a comment

 

By: Merritt Maxim
Merritt Maxim has 15 years of product management and product marketing experience in the information security industry, including stints at RSA Security, Netegrity and CA Technologies. In his current role at CA Technologies, Merritt handles product marketing for CA's identity management and cloud...
Read More..

DLP as a process

Published: January 18 2012, 07:38 AM | no comments
by Henk van der Heijden

 

I read with interest recently a paper from Forrester called ‘Rethinking DLP' by John Kindervag.

John made two observations about DLP strategies today:

1) strategies treat DLP as a product rather than an embedded function or process

2) most strategies focus on financial data such as cardholder information or personal identifiable information such as social security numbers in the US for example and forget IP

Treating DLP as something which can be addressed by a point product solution is doomed to fail, firstly because an organization is limited to focusing on the data itself, or only one potential data loss channel, such as removable media.

Most solutions on the market today are limited because they focus only on an end point -not allowing data to travel out through social media for example, or, by document type. How do you apply this approach to an excel file? You prevent financial information in an excel spreadsheet being sent via email by a financial clerk. But what about the CFO? Or what if we simply take a picture of the data source? This highlights the limitations of treating DLP as a point product solution; it's not a holistic approach and doesn't take into account other parameters such as the identity, the content and the context of the user.

Secondly the nature of the approach of Data Loss Prevention assumes the data is accessible in the first place. With a more holistic approach, that considers data protection combined with policies around identities and their access to data, this access assumption is not made.

Approaching DLP from a data protection perspective means implementing policies around identity and access management, giving the right people the access to the right data, and then knowing and understanding what they are doing with it. This approach negates the need for the silo end point DLP solutions which may prevent losses through certain channels, but may miss other channels for example. 

By the nature of this approach, an organization becomes more aware of the different types of data it may hold, because the data protection approach asks the questions of who has access to what data and what can they do with that data. Read more about Data Protection solutions and CA Technologies holistic approach here:

Content Aware Identity and Access Management solutions

 

 

Share this post:  
Leave a comment

 

By: Henk van der Heijden
Henk is responsible for Security Sales in Europe. He is an information security professional with over 24 years’ experience in IT sales and services. Henk has an illustrious history of producing results through new sales and business development both in the Netherlands and across Europe. In his previous...
Read More..

More Posts