Identity and access management (IAM) is a mature and well understood domain of security. That doesn’t mean it’s static. While IAM is commonly associated with security — indeed, it is an essential part of a holistic security program — many people are beginning to understand the business processes it represents as well. They therefore view it as an

Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction. In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not li

In the world of security, there is a constant struggle to justify spending, show business value and quantify positive impacts. But too often there is not enough funding, and security becomes important only after a crisis. The value of the identity and access management (IAM) domains is different because it doesn’t just address risk — it can lead to ope

Definition of Doxing (sometimes written as doxxing): gathering identifiable information about a person or a group of people with the objective to shame, scare, blackmail or bully the target. What is it? The technique as such was already known in the 1990’s when Usenet users researched and posted the real names belonging to online handles that they had an arg

Personal Identity Instruments Today our personal identity is collected, captured and rendered by identity-issuing institutions. The plastic card is the common format used to convey that a trusted institution has certified your identity. However, we all know that this trust model is plagued with fraud issues. The most common personal identity instrument, the

Traditional enterprise access management is rooted on-premises. A centralized access management platform lets security administrators remove authentication and authorization logic from business applications, saving application developers time and increasing security by providing uniformity of access controls. That works well when employees and customers prim

A few days ago, IBM CEO Ginni Rometty announced the Cognitive Business initiative. This journey is supported by IBM Watson, the cognitive computing system that understands and learns from natural language. The name Watson is not an homage to Sherlock Holmes’ friend and assistant Dr. John Watson, but rather to Thomas J. Watson, IBM’s first CEO and

Security researchers have refined a long-theoretical profiling technique into a highly practical attack that poses a threat to Tor users and anyone else who wants to shield their identity online.The technique collects user keystrokes as an individual enters usernames, passwords, and other data into a website. After a training session that typically takes

IAM: Proprietary Vs Cloud Posted by Kevin on June 1, 2015.Wisegate will shortly publish the results of a survey into the current state of Identity and Access Management (IAM) maturity within business. Almost 150 CISOs took part. What we’re going to look at today is attitudes towa

NSTIC – it will prove our identity but will it protect our privacy? Posted by Kevin on May 4, 2015.NSTIC, the National Strategy for Trusted Identities in Cyberspace, is an Obama initiative designed to make internet usage more secure for everyday users. It will do this by allowing third

PwC UK has published a summary of enforcement actions taken by the Information Commissioner's Office (ICO) in 2014.The Privacy and Security Enforcement Tracker 2014 summarises and comments on information originally published by the ICO on its web site concerning actions it has taken against organisations. This includes enforcement notices, monetary penalty n

As organizations grow and extend into new business models, so does the challenge of managing identities and access privileges. The Gartner IAM Summit, which was held from March 16 to March 17 in London, allowed customers and vendors alike to get together and discuss new advancements, challenges and trends in identity and access management (IAM). The conferen

Some news stories about web site security incidents caught my eye in the last week.These events outline some disappointing behaviour:The Association of Chief Police Officers (ACPO) say a contractor's error led to the existence of an unsecure (HTTP) connection on its website where sensitive personal data was submitted; the ICO was notifiedIntuit, the makers o

Till We Have Faces I got a message the other day from an old friend.  He left the country over four decades ago, and I’ve only seen him once, since, fairly shortly after he left.I’m unfollowing a celebrity on Twitter today.(Yes, of course I am going to relate these two even

A recent study on the use of metadata to de-anonymize users revealed that three credit card transactions could reveal your identity. Privacy is the great utopia of a society based on the technology, every action we make leaves a track that could be used to reveal our identity, track our profile and monitor our habits. We have