May 30, 2016

Kuppinger ColeIoT (or IoEE): Product Security Is Becoming a Strategic Risk [Technorati links]

May 30, 2016 12:00 PM

by Martin Kuppinger

For a long time, IT risks have been widely ignored by business people, including Corporate Risk Officers (CROs) and C-level management. This has changed recently with the increasing perception of cyber-security risks. With the move to the IoT (Internet of Things) or, better, the IoEE (Internet of Everything and Everyone), we are beginning upon a new level.

When a company starts selling and deploying connected things, this also raises product liability questions. Obviously, goods that are connected are more in danger than goods that aren’t. Connecting things creates a new type of product liability risk, by creating a specific attack surface over the Internet. Thus, when enthusiastically looking at the new business potential of connecting things, organizations must also analyze the impact on product liability. If things go really wrong, this might put the entire organization at risk.

Product security inevitably becomes a #1 topic for any organization that starts selling connected things. These things contain some software – let’s call this a “thinglet”. It’s not an app with a user interface. It is a rather autonomous piece of code that connects to apps and to backend services – and vice versa. Such thinglets must be designed following the principles of Security by Design and Privacy by Design. They also must be operated securely, including a well thought-out approach to patch management.

It’s past time for vendors to analyze the relationship of the IoEE, product security, and product liability risks.

Sounds like “security as the notorious naysayer”? Sounds like “security kills agility”? Yes, but only at first glance. If you use the security argument for blocking innovation, then security stays in its well-known, negative role. However, as I have written in a recent post (and, in more details, in some other posts linked to that post), security and privacy, if done right, are an opportunity not a threat. Security by Design and Privacy by Design drive Agility by Design. A shorter time-to-market results from consequently following these principles. If you don’t do so, you will have to decide between the security risk and the risk of being too late – but only then. Security done right is a key success factor nowadays.

May 28, 2016

Gerry Beuchelt - MITRELinks for 2016-05-27 [del.icio.us] [Technorati links]

May 28, 2016 07:00 AM

Matthew Gertner - AllPeersCracked Phone Screen? Here’s What You Need to Know [Technorati links]

May 28, 2016 01:04 AM

Cracked Phone Screen? It can be fixed.

Photo by CC user zooboing on Flickr

Smartphones have become so popular over the past decade that it can seem impossible to go without one. You can use a smartphone for many things, from basic communication purposes to helping your business run smoothly when you are out of the office. Dropping a phone and cracking a screen is an unfortunate event that many people have experienced. Other than ruining your day, a cracked phone screen can be a hassle to deal with and may cause your phone to no longer work correctly.

An Ounce of Prevention….

Learn how to protect your smartphone before it becomes damaged. Some ways to protect your phone are better than others, and it’s helpful to research different products before you buy them. Glass screen protectors, such as the tempered glass screen protector iPhone 6. Adding an extra layer of tempered glass protects your screen without making it hard to use your phone.

Repairing the Cracked Screen

If your phone doesn’t have insurance and if you’re not due for an upgrade, you’ll either have to deal with the screen being cracked or fix it. If you don’t have any experience with repairing a cracked screen yourself, you should leave it up to the professionals because it’s easy to cause more damage when trying to repair it. Most places that sell cell phones will repair them as well with a fee.

Helpful During Travel

Smartphones come in handy for many reasons, especially during travel. There are numerous apps you can download to make your trip go smoothly, including Uber for finding rides to your desired destinations and Get Your Guide app for finding ways to save money. Some apps are helpful for organizing flights, reserving hotels, learning the language, keeping track of finances, and downloading maps. It’s easy to get lost in a new place, and when you’re traveling, the last thing you want to do is get lost. Use your smartphone to tell you your exact location and give you directions to where you need to go.

Important for Business

Having a smartphone is a great way to keep your business well-organized with apps that help you manage your finances, making to-do lists, making and sharing spreadsheets, exporting timesheets, and organizing conversations. With business apps, you can also have tools handy for project management, set productivity goals, and sharing files with your contacts. It’s easy to keep your business well-organized with a smartphone because everything is right at your fingertips.

Gives You Many Options for Staying Connected

Phones are not just for calling people anymore; there are numerous communication options available to make things more convenient for you. Instead of just talking on the phone, you can text, email, video chat, message on social media accounts, and much more. With a smartphone, you can get news instantly, weather updates when you’re out, and share photos and videos with many people at once. You can also have entertainment at your fingertips with the best game apps and entertainment apps.

Many people’s lives revolve around their smartphone because of how important they are for staying organized and connected. It can seem like an impossible task to go for a prolonged period without using your smartphone. Take necessary steps to make sure your smartphone is protected in case you drop it. A cracked screen is very unfortunate and can be costly to repair. With the right protection, such as an extra layer of tempered glass, your phone will be much more protected.

The post Cracked Phone Screen? Here’s What You Need to Know appeared first on All Peers.

May 27, 2016

Mark Dixon - OracleState of the Market: IoT 2016 [Technorati links]

May 27, 2016 08:52 PM

VerizonIoT1

This afternoon, I read a recently released Verizon report, “State of the Market: Internet of Things 2016.” It provides a quick, but fascinating read about Internet of Things market forces, real-life industry adoption, key trends and real-world successes.  The report states:

The Internet of Things (IoT) is much more than the result of seemingly fragmented and complex technologies smashed together … forward-thinking business and public sector leaders, as well as consumers and developers, are turning to the Internet of Things to address some of society’s most pressing social, economic and business challenges.

Five macro trends— data monetization, consumer expectations, the regulatory landscape, network connectivity/IoT platforms and security—are helping to speed IoT adoption and deliver measurable results across several industries and sectors.

Verizon believes we just completed the year where IoT graduated from the neat new idea stage to mainstream adoption:

In our view, 2015 was the year IoT gained legitimacy. Businesses moved beyond a “start small think big” mindset. Today, they’re building IoT into future strategies and business models. Companies across all industries now have IoT squarely on their radar.

In 2015, the emphasis of startup capital began to favor enterprise focused IoT businesses over consumer applications in a big way, and the trend appears to be accelerating:

According to analysis conducted by our venture capital (VC) arm, Verizon Ventures, we estimate that consumer IoT startups raised 15% more VC funding than enterprise-focused startups in 2014. However, in 2015, roles seemed to have reversed with enterprise outpacing consumer by around 75%. In 2016, we believe the enterprise will continue that trend, but by a much larger order of magnitude—roughly 2 – 3 times more than consumer.

The sheer size of the potential IoT market continues to boggle my mind. The following chart shows a few big numbers that barely scratch the surface of the potential for IoT growth.  

VerizonIoT4

Of the many potential IoT areas of emphasis, the Verizon report specifically addresses four:

Of these, the closest one to my heart is Farming with Precision – quite a big step from the old farm where I grew up, where adjusting irrigation meant installing canvas dams in ditches and using a shovel to channel water down the correct rows in a field:

Industry experts have quipped that the agriculture industry is proof that soon, every company will be an IoT business.

One of the biggest trends in farming today is precision agriculture, the practice of sensing and responding to variable soil, moisture, weather and other conditions across different plots. Farmers are deploying wireless sensors and weather stations to gather real-time data about things such as how much water different plants need and whether they require pest management or fertilizer  

Using this data, growers can customize growing processes. Indeed, one of the biggest benefits IoT offers farmers is the ability to gather much more granular data about smaller parcels of land. With site-specific data, growers can then optimize growing conditions on a plot-by-plot basis, boosting yields, improving quality and cutting costs in the process.  

VerizonIoT2

Again, the numbers are immense:

The total market size for digital precision agriculture services is expected to grow at a compound annual growth rate of 12.2% between 2014 and 2020, to reach $4.55 billion.

Security, is, of course, of critical importance across many facets of the IoT landscape. 

The sheer volume of IoT devices constantly producing communications, require careful security and privacy considerations. There is no current IoT protection framework that’s ahead of the implementation of this technology. The industry is keeping up with the development of technology by looking to the rising threat vectors—some old, some new—that will impact deployments and ongoing operations. Authentication of critical data, and baseline triggers for action are the emerging security focus.

VerizonIoT3

 The bottom line?

Innovation, productivity and value will thrive as private companies and the public sector both come to the inevitable conclusion that IoT is imperative to delivering the integrated, easy to use and sustainable products and services demanded by an increasingly mobile, tech-savvy 21stcentury society.

No single company or country can realize the full promise of IoT on its own. We believe collaboration, experimentation and openness will:

We live in an exciting world, at an exciting time.  Hang on for the ride!

Radovan Semančík - nLightThere is No Security without Identity Management [Technorati links]

May 27, 2016 12:16 PM

It isn't. That's how it is. Why? Take any study describing potential information security threats. What do you see among the top threats there? Take another study. What do you see there? Yes. That's the one. It is consistently marked as one of the most serious threats in vast majority of studies published for (at least) last couple of decades. Yet it looks like nobody really knows what to do about this threat. So, who is this supervillain? He's right under your nose. It is the insider.

It all makes perfect sense. The employee, contractor, partner, serviceman - they all are getting the access rights to your systems easily and legally. But, do you really know who has access to what? Do you know that the access is still needed? Maybe this particular engineer was fired yesterday, but he still has VPN access and administration rights to the servers. And as he might not be entirely satisfied by the way how he has left the company the chances are he is quite inclined to make your life a bit harder. Maybe leaking some of the company records to which he still has the access would do the trick? It certainly will. And who is the one to blame for this? Is the security officer doing his job properly? Do we know who has access to what right now? Do we know if the access is legal? Are we sure there are no orphaned accounts? Are we sure there are no default or testing accounts with trivial passwords? Can we disable the accounts immediately? Maybe we can disable password authentication, but are you sure that there is no other way around that? What about SSH keys? What about email-based or help-desk password resets?

If you do not have good answers to these questions then your information security is quite weak. I'm sorry. That's how it really is. Do you remember that weakest link idiom that is taught in every information security training? Now you know where your weakest link is.

But what to do about it? Obviously, you need to manage the access. So maybe the Access Management (AM) software can help here? Actually, the primary purpose of Access Management software is not security. The AM purpose is to make user's life easier by implementing convenience mechanisms such as single sign-on (SSO). Yes, AM might improve the authentication by adding a second factor, making the authentication adaptive and so on. But that won't help a bit. Authentication is not your problem. The insider already has all the credentials to pass the authentication. He got the credentials legally. So even the strongest authentication mechanism in the world will do absolutely nothing to stop this attack. No, authentication is not the problem and therefore Access Management is not going to make any significant difference.

The root of the problem is not in authentication, authorization, encryption or any other security buzzword. It is plain old management issue. The people have access where they should not have access. That's it. And what turns this into a complete disaster is lack of visibility: the people responsible for security do not know who has access to what. Therefore improvements in "information security proper" are not going to help here. What needs to be improved is the management side. Management of the identities and access rights. And (surprise surprise) there is a whole field which does right that: Identity Management (IDM).

Therefore there is no real security without Identity Management. I mean it. And I've been telling this for years. I though that everybody knows it. But obviously I was wrong. So recently I have been putting that openly in my presentations. But still everybody is crazy about deploying Access Management, SSO and OpenID Connect and OAuth and things like that. And people are surprised that it costs a fortune an yet it will not bring any substantial security improvement. Don't get me wrong, I'm not telling you that the AM technologies are useless. Quite the contrary. But you need to think how to manage them first. Implementing SSO or OAuth without identity management is like buying a super expensive sport car with an enormous engine but completely forgetting about steering wheel.

Don't make such dangerous and extremely expensive mistakes. Think about identity management before heading full speed into the identity wilderness.

(Reposted from Evolveum blog)

Kuppinger ColeElementary, My Dear Watson [Technorati links]

May 27, 2016 11:46 AM

by Alexei Balaganski

A couple weeks ago, just as we were busy running our European Identity & Cloud Conference, we’ve got news from IBM announcing the company’s foray into the area of Cognitive Security. And, although I’m yet to see their solution in action (closed beta starts this summer), I have to admit I rarely feel so excited about news from IT industry.

First of all, a quick reminder: the term “cognitive computing” broadly describes technologies based on machine learning and natural language processing that mimic the functions of human brains. Such systems are able to analyze vast amounts of unstructured data usually inaccessible to traditional computing platforms and not just search for answers, but create hypotheses, perform reasoning and support human decision making. This is really the closest we have come to Artificial Intelligence as seen in science fiction movies.

Although the exact definition of the term still causes much debate among scientists and marketing specialists around the world, cognitive computing solutions in the form of specialized hardware and software platforms have existed for quite some time, and the exponential growth of cloud computing has been a big boost for their further development. In fact, IBM has always been one of the leading players in this field with their Watson platform for natural language processing and machine learning.

IBM Watson was initially conceived in 2005 as a challenge to beat human players in the game of Jeopardy, and its eventual victory in a 2011 match is probably its best publicized achievement, but the platform has been used for a number of more practical applications for years, including business analytics, healthcare, legal and government services. The company continues to build an entire ecosystem around the platform, partnering with numerous companies to develop new solutions that depend on unstructured data analysis, understanding natural language and complex reasoning.

In the hindsight, the decision to utilize Watson’s cognitive capabilities for cyber security application seems completely reasonable. After all, with their QRadar Security Intelligence Platform, IBM is also one of the biggest players in this market, and expanding its scope to incorporate huge amounts of unstructured security intelligence makes a lot of sense. By tapping into various sources like analyst publications, conference presentations, forensic reports, blogs and so on, cognitive technology will provide security analysts with new powerful tools to support and augment their decision making. Providing access to the collective knowledge from tens of thousands sources constantly adapted and updated with the newest security intelligence, Watson for Cyber Security is supposed to solve the biggest problem IT security industry is currently facing – a dramatic lack of skilled workforce to cope with the ever growing number of security events.

Naturally, the primary source of knowledge for Watson is IBM’s own X-Force research library. However, the company is now teaming with multiple universities to expand the amount of collected security intelligence to feed into the specialized Watson instance running in the cloud. The ultimate goal is to unlock the estimated 80% of all security intelligence data, which is currently available only in an unstructured form.

It should be clear, of course, that this training process is still work in progress and by definition it will never end. There are also some issues to be solved, such as obvious concerns about privacy and data protection. Finally, it’s still not clear whether this new area of application will generate any substantial revenue for the company. But I’m very much looking forward to seeing Watson for Cyber Security in action!

By the way, I was somewhat disappointed to find out that Watson wasn’t actually named after Sherlock Holmes’ famous friend and assistant, but in fact after IBM’s first CEO Thomas Watson. Still, the parallels with “The Adventure of the Empty House” are too obvious to ignore :)

Matthew Gertner - AllPeersHow to spend your free time enjoyably [Technorati links]

May 27, 2016 08:09 AM

Everyone has free time, even the most busiest of businessmen still have a few minutes to kill while in a taxi or on an airplane. In fact, it’s important for your brain to take a break from hyper focusing on work and school. So, check out this post for a few ideas on how you can spend those extra seconds, minutes or hours giving your brain a rest, but at the same time enjoying yourself.

Checkout some fun online games.

First there was Snood, then there was Angry Birds, and now there is Slither.io. There are a wealth of free fun online games you can spend your extra minutes enjoying on your mobile or your computer.

Enjoy some exercise

If the thought of stepping into a gym makes you sweat even before going, then consider some other forms of exercise that might be more enjoyable for you. Head to the park with a co-worker and throw around a Frisbee, go for a bike ride or even walk the steps at your home or job to burn some extra calories for the day.

Learn a new language

There are a wealth of great online programs to learn a new language at your own pace and in your own time. Rosetta Stone is one program for the computer, which while not cheap, has great reviews. A free alternative is Duolingo which you can download on your phone.

Call a family member

People are busy these days and often forget to keep in contact with their loved ones and closest friends. Phone your grandmother, a cousin, an aunt or uncle. They will be pleased to hear from you and you’ll also kill sometime spending it with someone you care about.

The post How to spend your free time enjoyably appeared first on All Peers.

May 26, 2016

GluuGoogle on Identity: “Don’t try this at home!” [Technorati links]

May 26, 2016 08:56 PM

don't_try_this_at_home

Last year at the Cloud Identity Summit Google’s Product Management Director of Identity, Eric Sachs, gave an insightful talk about OpenID Connect. It was mostly the normal stuff about Account Chooser, and the idea of “identifier first” authentication workflow (great idea!).

But then came a surprise.

I’ll have to paraphrase since the talk was almost a year ago. But Sachs said something like “Identity is really hard. Leave it to the professionals.” Essentially he was advocating for the use of Google or a SaaS identity provider–or, in other words, he was saying that identity is too difficult for the masses.

Gluu is not anti-SaaS. In many situations we recommend SaaS providers like Okta to organizations that do not have the economies of scale to operate their own identity service. We also do not under-estimate the capabilities required to run a robust identity and access management service.

Nor are we anti-Google. We frequently point to Google as having the best consumer identity platform on the planet (note: consumer, not enterprise). From a usability perspective they have gotten so many things right; support for strong authentication is excellent; obviously it scales. And Google is on the cutting edge of new security paradigms–for example, their tight integration of identity with document sharing is wonderful.

But the idea that an identity platform is too hard or even inefficient for most organizations to operate is not accurate either.

As Google can probably attest, excellence at identity is a competitive advantage. The future of many organizations hinges on their ability to adapt to the digital revolution that is underway. If your organization’s capability to secure digital assets is constrained by a third party, will that impact the ability to innovate new products, services, and business relationships? What’s more important: top line growth or cost savings?

SaaS, like any utility, is made possible by two things: capital and established operating process. It’s the latter that presents a potential conflict of interest for the utility. The biggest cost for a SaaS identity provider is people. To achieve maximum profitablity, the best strategy is to reduce the support surface area.

Innovation is not always in the interest of enterprise SaaS providers. Supporting the latest and greatest technology is risky–if something fails, a SaaS provider may have to continue to support it for years (as long as some of their customers are still using it). This creates an atmosphere of extreme risk-aversion when it comes to enhancements. But for your organization to succeed, you may need to push the technology envelope.

Anything that is unfamiliar is hard. Is identity hard, or just unfamiliar?

I remember attending Microsoft seminars years ago about how to deploy a Kerberos server. Why is no similar effort underway to evangelize the adoption of OpenID Connect providers? All of a sudden it’s just too hard? Or, is it that operating an OpenID Provider is a valuable trade secret that will no longer be shared with the public because the monthly fee business model is more profitable?

I love utilities as much as the next person. I am not going to suggest that you build your own electricity plant to power your factory. But it’s important that we not dumb-down the security capabilities of our organizations–in fact, we should be doing the exact the opposite. Only then will we be able to build a new secure, inter-connected digital society.

Rakesh RadhakrishnanCore CISO Org Structure & "Threat Centric IAM” [Technorati links]

May 26, 2016 05:28 AM
Recently I authored a paper and presented a "brighttalk" on the same topic: "Threat Centric IAM". Both the paper and the tech talk was well received by at least 12+ CISO's I had met. Quite often they came back to me with more people, process and governance related questions to this approach, hence this blog entry.

 One of the interesting trends in enterprises, that I have witnessed in the past few years is a CISO organization that is folding the IAM resources under the CISO as opposed to having IAM resources distributed within IT and related groups. In the past IAM folks with expertise in Authentication, SSO, IDM provisioning and externalized fine grained access (entitlement developers), have been in IT organization that run IT support services or within Application Development teams. With the technology trend moving towards Cloud adoption by IT and SAAS models by application groups and given that IAM is a key control amongst all security controls, and its significance, in terms of addressing Compliance Reporting, IAM teams are getting folded within the CISO organizations as a new parallel pillar. This is further necessitated with the Mobile and IOT trends as a business enabler.

This to us is a reflection of the increased significance given to IAM by the CISO organization and the recognition that IAM is a critical core control for all distributed security controls (intra and inter enterprise). It is also helping in terms of leveraging resource expertise across an entire enterprise, as Authentication is a Service that gets reused and so is IDM provisioning as a service and Authorization as an externalized enterprise wide entitlement service that can integrate into Risk Systems (for risk based access), etc.

This is a welcome development as the IAM team works closely with Security Architecture and Engineering while modernizing and maturing its IAM Programs (via Standards interfaces and policy compliance) driven by requirements coming from Risk Management and Compliance teams. In addition, the IAM team has opportunities now to partner with Security operations and the cyber security team to work on “threat modeling” of the AS-IS IAM footprints and also drive towards “Threat Centric IAM” –integrating the Threat Intelligence and recommended coarse of actions (STIX COA) into IAM controls one step at a time. This can include threat intelligence integration into IAM vetting/proofing processes, IAM provisioning processes, authentication and multi factor authentication processes, network admission control processes, cloud access security brokers and enterprise fine grained access controls, including data base firewalls and DLP systems.

Folding the IAM team under the CISO org chart allows for these two pillars to collaborate more extensively moving forward to realize higher levels of maturity as described in the “Threat Centric IAM” paper.

Good to see a blog on CISO mind map…  11 functional domains highlighted here are collapsed into 5 organizational pillars, in my blog.
 
 
 
 
 
 
 
 
 
 

 


 



 
May 25, 2016

Nat SakimuraOpen Data in Finance @ London は6月15日! [Technorati links]

May 25, 2016 02:17 PM

FinTechの3本柱の1つとして注目されるAPIですが、特に欧州ではPayment Service Directive 2で銀行が2017年末までに金融API提供を義務付けられたことに伴い、とてもホットな話題になっています。日本ではまだまだブロックチェインの後塵を配していますが、まだまだリサーチ・プロジェクトと言っても良いブロックチェインに比べて、金融APIは喫緊の課題です。

こうした中で、金融APIをメインに取り扱う、「Open Data in Finance」というカンファレンスが、欧州金融の中心地・ロンドンで6月14日、15日の2日間にわたって行われます。6月14日はワークショップで、メインのカンファレンスは6月15日です。到底力不足ながら、不詳、わたくし、Nat Sakimura が、カンファレンスを通じたChair を拝命しております。

Screen Shot 2016-05-25 at 23.03.32

プログラムは、こちらのページ(Agenda)からご覧いただけますが、The Open Banking Standard のステアリング・コミッティのチェアの Open Data Institute の CEO の Gavin Starks とバークレイズ銀行のManaging DirectorのMatt Hammerstein の Armchair Chatに始まり、多くの有識者たちによるパネル・ディスカッションやラウンドテーブルを聞くことができ、欧州における金融APIの「今」を知るための貴重な機会となろうかと思います。

6月15日にロンドンにお立ち寄りの折には、ぜひお寄りください。

それでは、ロンドンでお会いしましょう。

 

Copyright © 2016 @_Nat Zone All Rights Reserved.

Kuppinger ColeJun 28, 2016: Externes Beziehungsmanagement: Kommunikation und Kollaboration mit Partnern und Kunden sicher steuern [Technorati links]

May 25, 2016 10:08 AM
Mit der steigenden Nachfrage von Unternehmen nach engerer Kommunikation und Kollaboration mit externen Partnern und Kunden wächst auch der Bedarf an professionellem Web Access Management und Identity Federation. Geeignete Lösungen ermöglichen sichere Zugänge von und auf externe Systeme, auch aus der Cloud. Um die Vielzahl an Anforderungen für eine sichere Kommunikation und Kollaboration erweiterter und vernetzter Unternehmen nahezu lückenlos mit IT abzudecken und gleichzeitig agil zu bleiben, sind Standardinfrastrukturen notwendig.

Kuppinger ColeComplexity Kills Agility: Why the German Reference Architecture Model for Industry 4.0 Will Fail [Technorati links]

May 25, 2016 10:00 AM

by Martin Kuppinger

The German ZVEI (Zentralverband Elektrotechnik- und Elektroindustrie), the association of the electrical and electronic industries, and the VDI (Verein Deutscher Ingenieure), the association of German engineers, has published a concept called RAMI (Referenzarchitekturmodell Industrie 4.0). This reference architecture model has a length of about 25 pages, which is OK. The first target listed for RAMI 4.0 is “providing a clear and simple architecture model as reference”.

However, when analyzing the model, there is little clearness and simplicity in it. The model is full of links to other norms and standards. It is full of multi-layer, sometimes three-dimensional architecture models. On the other hand, the model doesn’t provide answers on details, and only a few links to other documents.

RAMI 4.0 e.g. says that the minimal infrastructure of Industry 4.0 must fulfill the principles of Security-by-Design. There is no doubt that Industry 4.0 should consequently implement the principles of Security-by-Design. Unfortunately, there is not even a link to a description of what Security-by-Design concretely means.

Notably, security (and safety) are covered in a section of the document spanning not even 1% of the entire content. In other words: Security is widely ignored in that reference architecture, in these days of ever-increasing cyber-attacks against connected things.

RAMI 4.0 has three fundamental faults:

  1. It is not really concrete. It lacks details in many areas and doesn’t even provides links to more detailed information.
  2. While only being 25 pages in length and not being very detailed, it is still overly complex, with multi-layered, complex models.
  3. It ignores the fundamental challenges of security and safety.

Hopefully, we will see better concepts soon, that focus on supporting the challenges of agility and security, instead of over-engineering the world of things and Industry 4.0.

May 24, 2016

Kuppinger ColeKim Cameron - The Future of On-Premise AD in the days of Azure AD [Technorati links]

May 24, 2016 11:57 PM

Azure AD is here. It can act as a domain controller. It helps you managing your partners. It is ready-made for managing your customers. The application proxy builds the bridge back to your on-premise applications. That raises an important question for all organizations running AD on-premises: What is the future role for on-premise AD? What is the right strategy? Who can and should get rid of on-premise AD now or in the near future, who should focus on a hybrid strategy? Where is the overlap?



Kuppinger ColeDarran Rolls - The Anatomy of Your Next Cyber Attack: IAM Pitfalls and Protections [Technorati links]

May 24, 2016 11:56 PM

Security breaches and cyber attacks have become a daily occurrence. Worse, in some cases it can take an organization months to realize they’ve been breached. Open the pages of the latest breach forensic report and you will find a litany of basic IAM errors that read like a horror story. Many companies are missing the basic IAM best practices that can help prevent, detect and mitigate attack. In this session, SailPoint's CTO Darran Rolls presents the anatomy of a typical cyber attack and explains where and how IAM controls should be applied to better enable close-loop cyber protection for enterprise systems. You may not be able to prevent an attack, but you can minimize the damage and your exposure.



Kuppinger ColeDimitra Kamarinou - From Suppliers to Consumers: Issues of Liability in Industry 4.0 [Technorati links]

May 24, 2016 11:24 PM

This session looks at the responsibilities and liabilities of organisations involved in the ‘smart manufacturing’ process both internally (e.g. towards employees) and externally (e.g. other organisations, suppliers, consumers, the environment) and at the difficulties of attributing liability in a complex web of stakeholders that might include cloud service providers. We also discuss the importance of contractual and non-contractual liability as well as statutory and common law liability, including fault-based and strict liability. This session also looks at why these legal questions are important and at potential ways to clarify issues of attribution of liability in Industry 4.0.



Kuppinger ColeLuigi de Bernardini - Industry 4.0 and IIoT: Different Approaches to a Smarter Industry? [Technorati links]

May 24, 2016 11:23 PM

In most cases, the terms Industry 4.0 and Industrial Internet of Things (IIoT) are used interchangeably. But these two terms, though referring to similar technologies and applications, have different origins and meanings. Industry 4.0 is focused specifically on the manufacturing industry and the goal of ensuring its competitiveness in a highly dynamic global market. The IIC is more focused on enabling and accelerating the adoption of Internet-connected technologies across industries, both manufacturing and non-manufacturing. That’s why it’s important to understand the differences between Industry 4.0 and the "Industrial Internet of Things" and where our mindset and approaches best fit.



Kuppinger ColeThe Need to Destroy in the Era of Populous Data and Cloud [Technorati links]

May 24, 2016 10:43 PM

What often gets overlooked in the conversation on cloud security is the subject of “deletability" of cloud data. During this session our expert panel explore the topic of whether cloud data that is “deleted” by an end-­user is actually completely removed from the cloud? By end-user we mean the consumer and the cloud administrators.



Kuppinger ColeTrends & Innovation Panel: What Are the Most Important Innovations and Who Are the Innovators? [Technorati links]

May 24, 2016 10:40 PM

The idea of this trends & innovation panel is to give each panelist the opportunity to tell the audience what company or companies out there are doing something innovative, what it is, why it is important and why the audience should care track the company. For example, one of the panelists might talk about how the perimeter is disappearing and it’s important to be thinking about governance, security and privacy for cloud properties like Salesforce, Workday, etc. The only restriction on panelists is that they are not allowed to talk about their own products or products from anyone on the panel.



Kuppinger ColeTransforming Governance, Security and Compliance [Technorati links]

May 24, 2016 07:48 PM
The number of companies investing in modern “Big Data”-type SAP products and cloud-based SAP deployment models is growing constantly. Having formerly been stored in standalone database silos, SAP information from CRM, ERP etc. for Big Data deployments is now being migrated to a central high-volume and high-performance database. Deploying traditional SAP environments in the cloud and leveraging new cloud-based SAP applications introduce new groups of customers to SAP services and shift the focus of existing SAP users.

ForgeRockWhat’s Up in the Cloud? ForgeRock’s New Cloud Foundry OpenAM Service Broker [Technorati links]

May 24, 2016 01:00 PM

 

With the Cloud Foundry Summit underway in Santa Clara this week, we thought it would be a good time to announce our preview version of a new identity service broker for the Cloud Foundry platform. An extension of the OpenAM project, the new service broker will allow externally deployed ForgeRock solutions to protect applications and microservices running on any iteration of Cloud Foundry. In short, the service broker will enable developers to create persistent identities that are portable across clouds. ForgeRock identity solutions have been implemented as cloud deployments previously – notably European telecom giant Swisscom has offered identity as a service built on the ForgeRock Identity Platform for some time now. But this service broker project marks the first time that a cloud offering is universally available through the open source OpenAM project. We’re throwing around a lot of terms here that might not be immediately recognizable to everyone in the identity community, so let’s clarify a bit.

 

CloudFoundaryCorp_cmyk 2

What exactly is Cloud Foundry?

Cloud Foundry is an open source cloud computing platform as a service (PaaS) that is available as freeware, and also as commercial offerings from Pivotal Software, IBM Bluemix, Swisscom, HP and several other vendors. All of these iterations of Cloud Foundry offer a collection of platform elements that enable developers to create and host production versions of online services and applications. These platform elements include features for monitoring, logging, messaging, authentication, traffic routing and other tasks. One of the core concepts of the Cloud Foundry project is the service broker.

 

What exactly is a service broker?

A service broker is code that enables an application in the cloud to invoke or “point to” a needed service for that application to run. So in our case, an application on the cloud – let’s imagine the application is a smart car onboard navigation and information system – could point to the ForgeRock service broker to invoke identity and access management when a driver “logs in” by starting up their car. The advantage of using OpenAM as the authentication server for the Cloud Foundry platform is that it offers very rich capabilities, including authentication, authorization, adaptive risk and multifactor authentication. For instance, in the smart car scenario there could be different levels of identity required for different drivers – so for instance, parents could set certain restrictions for their teen drivers.

 

What are microservices?

Well-known software industry observer Martin Fowler, describes microservices thusly: “In short, the microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API.” Speaking last week to my colleague David Ferriera (cloud technology director here at ForgeRock and the exec who oversaw the development of our service broker project) he provided this overview of what microservices mean in the identity management context:

Microservices is a popular new architecture where monolithic applications are broken down into subcomponents that can then be used to scale independently. The promise of cloud is ubiquity, persistence and flexibility, and microservices are a natural fit in this kind of environment because they give developers more choices in how to approach technical and business challenges. Now, why is identity necessary in a cloud architecture? Identity and access management are key here because a single enduser request may result in many, many microservices requests, and you need identity to be consistent across all those requests. You need to make sure they’re all acting on the same person, and you need to make sure that each one of those microservices requests is authorized. And that’s what we released today – what the ForgeRock service broker does is it supports OAuth and allows you to extend OpenAM capabilities to secure those microservices.

 

What is OAuth?

OAuth is a standard for authorizing access to applications and data. It enables users to grant restricted access to resources they own—such as pictures residing on a site like Facebook—to a third‐party client like a photo printing site. Before OAuth, it wasn’t uncommon to find websites or online services asking users to share their username and password with the client, a deceptively simple request masking serious security risk. In contrast to this, OAuth promotes a least privilege model, allowing a user to grant limited access to their applications and data by issuing a token with limited capability. OAuth is beneficial because it hands the management of web delegation to the actual resource owner. The user connects the dots between their accounts on different Web applications without involvement from security administrators on the respective site. This relationship can be long‐lasting but can also be terminated at any time by the user. One of the great advancements OAuth brings to the Web community is formalizing the process of delegating identity mapping to users. OAuth originated through the OpenID project at Twitter, and became a standard with input from Google and other Internet companies. The OAuth 1.0 protocol was published as RFC 5849 in April 2010, and the OAuth 2.0 framework followed in 2012.

CF_rabbit_Blacksmith_vector

Final thoughts?

Daniel: The beauty of the cloud / service broker approach is that when a developer is coding an app, they can actually see the service and call out to it. They don’t have to think about deploying the service. If your developers are focused on code, and all they’re doing is pushing this stuff to where it needs to be deployed, and all that infrastructure – everything underneath it is taken care of – that’s gold.

David: That’s the point of the platform. If you’re a developer, you only need to worry about writing the business logic that you’re responsible for. You don’t have to become an expert in identity, deploying databases and all that other infrastructure stuff – it’s just write your code and get on with it.

Daniel: Yes, well there’s two things here, right? Why do developers care about a cloud identity service broker, and why do identity architects and security groups care about it? Because they can now plug into Cloud Foundry as well as their data center and have one single place to manage their security / identity processes. It’s beneficial for both, and that’s a powerful thing.

 

Where can I access the ForgeRock Cloud Foundry service broker?

The open source code for the service broker preview is accessible through GitHub, and ForgeRock welcomes feedback on the project. The service broker preview and IAM for cloud deployments will be discussed at ForgeRock’s upcoming UnSummit, taking place in San Francisco on June 1st. More information on the ForgeRock Identity Summit Series is accessible here.

 

 

 

 

 

The post What’s Up in the Cloud? ForgeRock’s New Cloud Foundry OpenAM Service Broker appeared first on ForgeRock.com.

Nat SakimuraCISでのOpenID Trackは6月7日火曜日 [Technorati links]

May 24, 2016 07:24 AM

昨年までは、CISでのOpenID Trackは、Pre-conference day でしたが、今年は 『Achieving Internet Scale Identity with OpenID Connect』と題して、main conferenceに取り込まれました。

トラック・コーディネーターはDon Thibeauです。
今年は、わたしは金融API WGの紹介をします。

Achieving Internet Scale Identity with OpenID Connect

Tuesday, June 7.

Copyright © 2016 @_Nat Zone All Rights Reserved.

Kuppinger ColeExecutive View: PingAccess - 71507 [Technorati links]

May 24, 2016 06:54 AM

by Ivan Niccolai

PingAccess is a web and API Access Management offering from Ping Identity. PingAccess is tightly integrated with PingFederate and provides a superior alternative to traditional Web Access Management products with its ability to provide policy- and context-driven access control to traditional on-premise web applications and cloud applications, as well as to REST-based APIs.

Kuppinger ColeFintech, Insurtech, Supply Chain, Automotive: Use Cases where Blockchain meets IoT and Identity [Technorati links]

May 24, 2016 02:10 AM

During the first part of the blockchain track at EIC 2016, we have learned a lot about the concept and technology of Blockchain Identity. In this session we build on this and have a look at what happens in different use case scenarios, if blockchain, the internet of things, identity and the need for privacy "collide". Has blockchain been the missing link to put the "platform" thought away from "Life Management Platforms" to make it a universally available privacy by design representation of humans in a digital world?



Kuppinger ColeProof of Identity for Refugees and Beyond: Blockchain Identity for the World [Technorati links]

May 24, 2016 01:42 AM

Recent research estimates that there are 1.5 billion individuals who do not have any means to prove their legal identity. Failing states lacking to perform even the most basic administrative tasks, supressed ethnic groups, and of course all those who have to flee their home due to conflicts or disasters.

New thinking is required to make identification available to all humans, and to help refugees and displaced people to cross borders and to apply for asylum. In this panel discussion, we will try to outline a blockchain based supranational identity infrastructure under the roof of an organization like UN.



Kuppinger ColeHow to Make the Blockchain a Reality [Technorati links]

May 24, 2016 01:09 AM

Blockchain is not yet ready to support industrial use cases. In this panel session we discuss the requirements across industries and how to improve and accelerate the maturity of this shared ledger technology through an open and coordinated approach.



Kuppinger ColeDr. Jutta Steiner - Blockchains Beyond the Hype [Technorati links]

May 24, 2016 12:00 AM

For the last few months, every day there has been a new announcement of a major corporate (successfully ?) trialing blockchain technology in a Proof-of-Concept. For anyone outside of the blockchain space and hype, it has become difficult to discern the signal from the noise. We give a brief introduction into the true technical innovation of these open multi-user platforms and present several use cases where businesses can benefit: From IT security to data privacy to IoT.



May 23, 2016

Kuppinger ColeSebastien Meunier - Blockchain – a New Compliance Paradigm? [Technorati links]

May 23, 2016 11:58 PM

One of the most promising use-case for distributed ledgers in financial services is the implementation of compliance and risk management solutions. In this session, we will analyze how the blockchain technology can be used to build trusted registries of identity and ‘know your customer’ data about individuals or companies, with concrete examples. We will also highlight the difficulties of such approaches and discuss the possible scenarios of evolution in this domain.



Kuppinger ColeIvan Niccolai - Blockchain, Identity, Cybersecurity [Technorati links]

May 23, 2016 11:57 PM

How is trust established without trusted third parties? Although it is not possible to offer a prediction of how distributed ledger technology with change society, the assertion that new and publically-accessible technology such as the internet, file sharing and social networks would empower individuals and lead to a more transparent and equitable society has been made before. While the advent of the internet has led to unparalleled global communication capabilities, it has also allowed for a situation of total, mass surveillance. The blockchain offers a trustless information security model, replacing human judgement with proof-of-work algorithms and perimeter security with total transparency.



OpenID.netAnnouncing the Financial API (FAPI) Working Group [Technorati links]

May 23, 2016 08:15 PM

In many cases, Fintech services such as aggregation services uses screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, the new OpenID Foundation Work Group invites developers, architects and technologists to contribute to an open standard approach using an API model with structured data and to cope with insecurity, it should utilize a token model such as OAuth [RFC6749, RFC6750].

The OpenID Foundation Financial API (FAPI) Working Group aims to rectify the situation by developing a REST/JSON model protected by OAuth. Specifically, the FAPI Working Group aims to provide JSON data schemas, security and privacy recommendations and protocols to:

Both commercial and investment banking account as well as insurance, and credit card accounts are to be considered.

The FAPI Working Group is building a Fintech bridge through open standards. This effort builds on the wide international adoption of OpenID Connect.

The FAPI Working Group was proposed by Nat Sakimura (NRI), Tony Nadalin (Microsoft), and Cindy Barker (Intuit). A charter will be approved and a chair selected at the first FAPI Working Group meeting.

The FAPI Working Group chairs will be presenting on the focus of the group at upcoming conferences including the 2016 Cloud Identity Summit in New Orleans and the Open Data Finance conference in London, both in June.

The Open Data in Finance conference is an end-user driven event that focuses exclusively on open data and data sharing in the finance sector.

It will bring together influential representatives at the nexus of the open data initiative, to give insights into the plans of government and key industry players, and share how they are shaping and responding to this market change.

The Open Data in Finance organizers have offered OpenID Foundation members a 20% discount to attend. Please contact me directly if interested.

Links of interest:

OIDF FAPI Working Group Page

Subscribe to the FAPI Working Group Mailing List

Those interested in participating will need to submit a signed IPR Agreement indicating their participation in the FAPI WG. The IPR agreement can be submitted online via DocuSign or emailed to help@oidf.org.

Kantara InitiativeKantara Initiative To Present Digital Identity Blockchain Workshops At MIT [Technorati links]

May 23, 2016 07:10 PM

Massachusetts Institute of Technology “Digital Contracts, Identities and Blockchains” Conference To Help Develop New Processes And Standards For Digital Contracts

 

WAKEFIELD, Mass., USA – May 23, 2016 — Kantara Initiative, which provides strategic vision and real-world innovation elements for the digital identity transformation, announced today it will present digital identity workshops at the Massachusetts Institute of Technology (MIT) “Digital Contracts, Identities and Blockchains 2016” conference May 23-24 at MIT, 75 Amherst Street, Cambridge, MA.  

 

The conference was organized by MIT Connection Science and brings together many of the world’s blockchain thought leaders and practitioners to discuss and develop better, more standardized approaches to digital identities and contracts using distributed ledger technologies.

 

“We are delighted that the Kantara Initiative as a standards defining organization is co-sponsoring technical sessions at the ‘MIT Digital Contracts, Identities and Blockchains 2016’ conference,” said Thomas Hardjono, CTO, MIT Connection Science. “The UMA Legal Subgroup in Kantara continues to be a creative forum for bridging between legal and technical communities addressing identity, trust frameworks and data privacy.”

 

 

About MIT Connection Science

MIT Connection Science under the leadership of its Founding Faculty Director, Prof Alex “Sandy” Pentland, is spearheading a new initiative around the legal and technical aspects of smart contracts, distributed incentives, and blockchain technology.   

 

Connection Science seeks to build better societies through data/analytics, with faculty-led research, training programs, and open-source tools libraries.  It is publishing a multi-part blockchain & financial services whitepaper series on “The Fifth Horizon of Networked Innovation”.  Contact shrier@mit.edu for a copy.

 

About Kantara Initiative
Kantara Initiative, Inc. provides strategic vision and real world innovation elements for the digital identity transformation. Developing initiatives including Identity Relationship Management, User Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and Minimum Viable Consent Receipt, Kantara Initiative connects a global, open, and transparent leadership community, including CA Technologies, Experian, ForgeRock, IEEE-SA, Internet Society, Nomura Research Institute, Radiant Logic and SecureKey. More information is available at https://kantarainitiative.org/.

 

Follow Kantara Initiative on Twitter — @KantaraNews

Nat SakimuraLet’s Encrypt あらため certbot でSSL証明書インストール [Technorati links]

May 23, 2016 05:48 PM

Let’s Encrypt がついにβフェーズを終わって正式リリースされました。そして、EFF提供のcertbotになりました。

インストールと設定も、βのころに比べると格段に楽になりました。

まず、https://certbot.eff.org/ に行ってください。すると、Web Server と OS を選ぶ画面が出てきます。

Certbot Front Screen

図)自分が使っているWeb ServerとOSを指定すると、インストラクションが出てくる。

 

ここで、自分の使っている Webserver と OS を選ぶと、お使いの環境ごとのマニュアルが出てきます(英語ですが)ので、それに従うだけです。たとえば、Apache + Ubuntu 14.04 だと、

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto

で、certbot のインストールファイルを落としてきて権限変更し、

$ ./certbot-auto

とすることで、certobot のインストールができます。

certbotのインストールが終わったら、証明書のインストールです。Apacheを使っている場合は、

$ ./path/to/certbot-auto --apache

でできます。使い勝手はほぼ Let’s encrypt と同じです。

ついでに、Courier MTA のSSL certs も切り替えてみよう

さて、Apache はほとんど全自動で設定できたのではないでしょうか?ついでですから、Courier MTAのSSL certs もこれに切り替えちゃいましょう。

Courier MTA で使う .pem ファイルは、プライベート・キー+証明書+証明書チェーンとつなげたものです。certbotの場合、あなたのドメインが「example.com」だった場合、/etc/letsencrypt/live/example.com/ にこれらのファイルは入っています。Courier MTA SSL の設定ファイル(/etc/courier/esmtpd-ssl ) から読んでいる .pem ファイルが /etc/courier/esmtpd.pem だったとしましょう。その場合、

$ sudo cd /etc/letsencrypt/live/example.com/
$ sudo cat privkey.pem cert.pem fullchain.pem > /etc/courier/esmtpd.pem
$ sudo /etc/courier-mta-ssl restart

で良いはず。例によって、保証はしませんがね。

Copyright © 2016 @_Nat Zone All Rights Reserved.

Kuppinger ColeThere Is No Such Thing as an API Security [Technorati links]

May 23, 2016 11:00 AM

by Martin Kuppinger

Kuppinger ColeThere Is No Such Thing as an API Economy [Technorati links]

May 23, 2016 11:00 AM

by Martin Kuppinger

Martin Kuppinger explains why there is no API economy.

ForgeRockTomTom Wins “Best Consumer Identity Project” at EIC [Technorati links]

May 23, 2016 10:46 AM

Breaking news! ForgeRock customer TomTom won “Best Consumer Identity Project” at Europe’s biggest identity conference, EIC, presented by KuppingerCole.

“TomTom has initiated a program for delivering a new identity platform that manages identities of customers and devices worldwide at very large scale. The identity platform is a global solution. It is a great example of a way to manage all identities ─ of peoples, devices, and things ─ in a consistent way.”
KuppingerCole 2016

IMG-20160511-WA0008 (1)TomTom accepting the award for Best Consumer Identity Project at EIC 2016

TomTom is a navigation, traffic, mapping, and GPS-focused company that uses the ForgeRock Identity Platform to secure the identities of consumers, devices, and things, worldwide. They’re working with us and our partner Everett to launch cool services like these:

EIC_AWARD__016 (1)Members of the ForgeRock, TomTom, and Everett teams at EIC.

We love to see TomTom in the spotlight for this ambitious and highly successful identity project. And, we’re proud that this award confirms that ForgeRock offers the best unified identity platform on the market for innovative digital businesses like TomTom.

KuppingerCole thinks so too. In their recently released “Leadership Compass – Access Management and Federation,” KuppingerCole named ForgeRock a leader in all four categories (Overall, Market, Product, and Innovation) and the outright leader in the Innovation category. Read up on the report here.

 

You can download the complete Leadership Compass here.

Want to know more about TomTom and their award winning identity project? Read on!

About TomTom

TomTom empowers movement. Every day millions of people around the world depend on TomTom to make smarter decisions. They design and develop innovative products that make it easy for people to keep moving towards their goals. Best known for being a global leader in navigation and mapping products, TomTom also creates GPS sports watches, as well as state-of-the-art fleet management solutions and industry-leading location-based products.

The TomTom business consists of four customer-facing business units: Consumer, Automotive, Licensing and Telematics. It has over 4,600 employees and 58 offices in 35 countries worldwide. Since 2004, TomTom has sold over 78 million personal navigation devices and the company’s navigable maps span over 135 countries, reaching more than 4 billion people. TomTom’s real-time traffic information service is available in 50 countries and over 625,000 professional drivers are powered by the TomTom fleet management solution WEBFLEET

The Challenge

Over time, TomTom’s different business units grew independently and created their own customer identification systems. With the introduction of new digital technologies and their rapid growth globally, TomTom needed to unify their customer databases and create a single consumer experience that would allow them to truly understand their consumer across all channels. To enable new technology like MyDrive, a smart route planner, TomTom needed consumers to have a single, persistent identity that followed them from their laptop, to their mobile device, to their car navigation system in order to create a seamless user experience. The identity platform also had to be able to scale to handle millions of concurrent users.

Originally, TomTom’s solution for Identity and Access Management was proprietary and did not follow industry standards. However, the growth of the IoT in the automotive space meant that navigation was no longer solely delivered on hardware manufactured by TomTom or on a dedicated navigation solution. This created external demands for TomTom to develop an IAM platform that met industry standards in order to integrate with other services and systems. TomTom realized that their legacy platform could not support the demands of the digital era.

The Solution

TomTom turned to ForgeRock to unify their approach of managing the identity of users, devices, and things. Working with identity systems integrator and ForgeRock partner, Everett, TomTom has migrated to the ForgeRock Identity Platform to manage its digital identities worldwide. There are three main components to the project:

All of these initiatives have the same goal: to gain control of consumer identity across all TomTom market areas and channels by consolidating identities in a central location.

Global Impact

The ForgeRock Identity Platform supports millions of TomTom consumers, devices and things throughaout the world. The solution is primarily focused on consumer identities for TomTom’s connected devices, the e-commerce platform, and for in-dashboard devices installed by car manufacturers.

Consumer Benefit

The solution is designed to provide a central point containing all accounts and a uniform identity strategy over all users, devices and touch points, providing a number of key benefits to the consumer:

Primary Business Drivers

TomTom’s digital ecosystem continues to evolve as it develops new products and services. This requires a market leading IAM platform that can keep up with the pace of innovation. The ForgeRock Identity Platform helps TomTom to reach their strategic business goals and empower movement around the globe.

Recognized as a leader in digital identity

The TomTom identity solution is one of the largest deployments worldwide based on a single identity platform. It delivers TomTom a secure platform with which to build trust with its customers (consumers and OEM) while also enhancing the end-user experience. From a business perspective, this identity platform is directly impacting both the top and bottom line revenue as well as stockholder value. The TomTom identity project is unique and demonstrates the true value IAM can have for the business.

 

The post TomTom Wins “Best Consumer Identity Project” at EIC appeared first on ForgeRock.com.

Kuppinger ColeExecutive View: Omada Identity Suite v11.1 - 70835 [Technorati links]

May 23, 2016 08:06 AM

by Ivan Niccolai

Omada Identity Suite is a strong offering which is well-respected for its advanced Access Governance features. New functionality and strategic partnerships position the solution as a comprehensive Identity and Access Management product, with flexible cloud and on-premise deployment options.

May 22, 2016

Kuppinger ColePatrick Parker - Reimagining Identity and Access Management Processes with Algorithms [Technorati links]

May 22, 2016 11:56 PM

We are on the brink of a machine learning revolution in which computers won't just speed up existing security processes but enable the automation of processes and decisions too complex for the human mind to imagine. The machine-reengineering revolution will leverage powerful algorithms and the immense lakes of organizational data to drive changes in business processes that will fundamentally change the way security is managed. This session provides an overview of machine learning and big data technologies as they apply to Identity and Access Management.



Kuppinger ColeJason Rose - Balancing Personalization and Trust in the Age of the Customer [Technorati links]

May 22, 2016 11:53 PM

In this session, find out how customer-obsessed businesses are increasing their audiences and creating trusted, customized experiences across devices and platforms in exchange for first-party data. We provide case studies of how leading brands are leveraging customer identity and access management (CIAM) to create personal relationships at scale while maintaining high degrees of data privacy and security.



Kuppinger ColeDr. Carsten Bange - How Big Data Technology can help Increasing Cyber Attack Resilience [Technorati links]

May 22, 2016 11:51 PM

Big Data meets Security: Analyzing systems logs to understand behavior has become one of the main applications of big data technology. Open source initiatives as well as commercial tools and applications for big data integration, collection and analytics become more important building blocks of cyber attack resilience through better collection and analysis of very large sets of log and transaction data, real-time analysis of current events and potentially also prediction of future behavior.



Kuppinger ColePatric Schmitz - Managing User Risk: How to Constrain, Control and Empower [Technorati links]

May 22, 2016 11:49 PM

A large proportion of time spend securing IT systems involves managing user risk in a variety of guises. Balancing the need to be secure against the needs of users to be productive in their day-to-day activities is an on-going challenge. In this session I will show how you can deliver reductions in user risk without impacting their productivity. How IT Security can empower users to do more with less risk.



Kuppinger ColeJackson Shaw - The Internet of Things One Year Later [Technorati links]

May 22, 2016 11:48 PM

Last year we had our first discussion of risk and value related to IoT. Over the last 12 months we have gone from “What is this IoT?” to IoT becoming a driver of digital transformation. All of the major platform (PaaS) players have made IoT a key part of their strategies. In this session Jackson will highlight how the IoT landscape has changed from a risk & security perspective for both consumers and enterprises, how it is driving digital transformation and why it is even more important for you to be planning your IoT strategy now.



Kuppinger ColeKim Cameron - The Cloud is Rewiring the World: What Does it Mean for Identity? [Technorati links]

May 22, 2016 11:45 PM

The Cloud is turning out to have important “emergent properties” – features not previously observed in computing systems, never imagined by cloud architects, and not yet widely discussed or understood.  They will be key to determining which strategies prevail in meeting cloud era challenges. Kim Cameron discusses how this impacts the world of identity – leading to better applications and simpler identity solutions for people and things.



Kuppinger ColeHenning Christiansen - Driving Digital Expansion at Axel Springer while improving Cybersecurity through Identity & Access Management [Technorati links]

May 22, 2016 07:40 PM

Axel Springer becoming a truly digital publisher and further investing in digital expansion. Meaning and selling of Identity and Access Management in a media company like Axel Springer. A way to bundle forces and gain buy-in from related parties and sponsors. Increasing importance of Identity and Access Management to manage cloud services.



Kuppinger ColeIsabel María Gómez González - The Secret Keys for the New Age of the CISO [Technorati links]

May 22, 2016 07:38 PM

How many times do you change your hat per day? In the new age, the CISOs will change their roles as much as they can for making decisions about how to affront new risks. Compliance, Governance, legislation, data protection, cybersecurity, intelligence, cyberdefense, cyberfusion…. how can we deal with them?



Kuppinger ColePaul Grassi - From Digital Transformation to Perpetual Disruption [Technorati links]

May 22, 2016 01:46 AM

Transitioning the NSTIC from the 2nd goal to the 4th and how we plan to finish the job, as, US President Barack Obama stated it, NSTIC was really a 10-year effort. In this keynote, Paul Grassi talks about modularization and performance-based standards, future proofing by leveraging a diverse marketplace, transition to the next phase of Connect.gov which will be moving from pilot to production, and landing high-risk, large user volume of transactions.



Kuppinger ColeChristian Loeffler - From Shadow IT to an IDaaS Solution [Technorati links]

May 22, 2016 01:43 AM

In this keynote session, Christian Loeffler talks about: project conduction, architecture definition, IDaaS election and implementation,key challenges for business and IT, lessons learned.



Kuppinger ColePaul Simmonds - The Trust Conundrum [Technorati links]

May 22, 2016 01:41 AM

It's all too easy to pretend to be someone else, whether it's organised crime, social engineers, hackers or paedophiles. The financial impact of this impersonation runs to 100's of billions of dollars per annum. As a result business costs increase, not only because of the increasing losses, transactional friction increases as do the processes that business implements to increase their level of trust.



Kuppinger ColeSebastien Meunier - From Exploration to Implementation – Preparing for the Next Steps of Blockchain [Technorati links]

May 22, 2016 01:39 AM

Blockchain technology is certainly at the peak of the hype cycle. In this keynote, Sebastien will give you the keys to understand the reality of blockchain beyond the myths and anticipate the next steps.



Kuppinger ColeJohn Worrall - The Most Travelled Attack Route: Securing the Privileged Pathway [Technorati links]

May 22, 2016 01:37 AM

Privileged accounts have been at the center of each recent high-profile attack. This session will explain how hackers that successfully exploit these accounts are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection.



May 21, 2016

Matthew Gertner - AllPeersSummer Music Festivals in Paris: 2016 [Technorati links]

May 21, 2016 12:20 PM

Paris is a musical in every manner as here you can find legendary jazz clubs to the thriving independent and underground music scenes. The city is brimming with some great sharp record stores and in the last few years the number of music festivals has also accelerated with interesting line-up of international artists. Big hitters like Pitchfork, and radical home-grown treats like We Love Green and Weather Festivals are also celebrated here, covering almost all genres in music that you like.

We Love Green  

We Love Green

The festival is known for its eclectic mix of rock, pop and electronic music. Promoting and encouraging responsibility and community values owing to its eco-friendly values at its core. Here you can get to see innovative line-ups like Hot Chip, Diplo, PG Harvey and Amon Tobin, French acts and with strong threads of techno and indie-rock. Join the festival if you want to enjoy a beautiful outdoor partying indulging in organic food.

Details 

Afropunk

Afropunk

Afropunck is a multi-genre black music and culture festival that celebrates pop, rock, electro and hip-hop music. Some of the stellar lineup in this event is Saul Williams, Angel Haze, Lizzo, Michael Kiwanuka and Samm Henshaw, among others. Joining this event, you can also enjoy ‘cultural experience’, as the venue features excellent food stalls and art displays done by local artists.

Download Festival France 

Download Festival France

 The legendary 14th annual heavy rock festival, Download is the favourite event for heavy-metal and hard rock fans. Apart from the great music, the festival is also popular for its several other events like Heavy Metal Dating, Dog’s Bed Stage, and the real ale house. Download has all rock bases covered and more, giving you an intense dose of rock and heavy metal music. Some popular music bands that will be performing here are Deftones, Korn, Biffy Clyro and Megadeth.

Details 

Paris Jazz Festival

Paris Jazz Festival

This summer, experience your favourite live jazz concert in a Paris park. The festival begins from mid-June until the end of July. You can enjoy two jazz groups’ performances every Saturday and Sunday in the big open hall of the Parc Floral de Vincennes. Join this free event to enjoy great music, performances, and the sunshine amid coloured flowers, woodlands and lakes.

Details

Paris International Festival of Psychedelic Music

Paris International Festival of Psychedelic Music

If your interest lies in listening an audacious program of live performances, visual arts, and film projections this festival worth visiting. This underground mixed-media festival will take place over five days in popular venues of Paris. This year the musical festivals line-up will feature live performances from The Horrors, King Gizzard & The Lizard Wizard, Rendez Vous, and Dorian Pimpern, among others.

Details

About the Author-

Hi, I am Krishna, avid traveller, foodie and music lover. I like to explore new places and share my experiences. Here I am sharing upcoming music festivals in Paris, so if you are music lover in this romantic city, make sure to attend these music events. While my visit to romantic city-Paris, I had an amazing time staying in Paris serviced apartment to experience a bit of everything in the city like a local.

The post Summer Music Festivals in Paris: 2016 appeared first on All Peers.

Kuppinger ColeEnsuring Compliance Through Automation [Technorati links]

May 21, 2016 03:13 AM
The definition, implementation and maintenance of an adequate set of policies is a major task for many areas of today’s organizations. However, continuously ensuring compliance to these policies and providing adequate documentation of evidence is even more challenging. Keeping computer security definitions in compliance with your corporate security policy and with mandatory regulations is overly complex when done the conventional way.

May 20, 2016

Mark Dixon - OracleHappy Birthday, Levi’s Jeans! [Technorati links]

May 20, 2016 10:45 PM

Levi’s blue jeans have been a staple in my life for a long time.  Today I am wearing a new pair I bought last week. The Levi’s brand is quintessential Americana. In fact, complex.com dubbed Levis as the eighth most iconic brand of all time!

Today, we celebrate the birthday of Levi’s. According to History.com:

On this day in 1873, San Francisco businessman Levi Strauss and Reno, Nevada, tailor Jacob Davis are given a patent to create work pants reinforced with metal rivets, marking the birth of one of the world’s most famous garments: blue jeans.

Levis

The pair of Levi’s I am wearing now don’t have classic copper rivets, but I like the comfort and fit. I suppose that wearing Levi’s is the closest I’ll ever come to being “hip.”

 

Matthew Gertner - AllPeersIs Your Sexual Relationship as Healthy as It Can Be? [Technorati links]

May 20, 2016 08:45 PM

This couple's Sexual Relationship might need some work ...

Photo by CC user Skedonk on Flickr

Sexual relations are never quite as easy as some people may make them out to be.

On the one hand, some individuals/couples find their sexual relations to be all but perfect.

On the other side of the coin, some individuals/couples find nothing but frustration in their sexual relations, almost getting to or even reaching giving up.

If you are in the latter group, what are you doing specifically to make things better?

Talk and Action Both Go a Long Way

For your sexual relations to improve sooner rather than later there are a number of steps you can put into place to do just that.

These include:

 

 

 

One of the hot-button issues in relationship can be sexual relations.

While one of the partners may feel like things are just fine or even satisfactory, the other can see things in a totally different light.

In order for both parties to come together and enjoy everything that a healthy sexual relationship can provide, being honest with one another, being open to new experiences, and being able to talk and listen to each other proves critical.

So, is your sexual relationship as healthy as it can be?

If not, start working on it today.

The post Is Your Sexual Relationship as Healthy as It Can Be? appeared first on All Peers.

Mike Jones - MicrosoftInitial ACE working group CBOR Web Token (CWT) specification [Technorati links]

May 20, 2016 06:54 PM

IETF logoWe have created the initial working group version of the CBOR Web Token (CWT) specification based on draft-wahlstroem-ace-cbor-web-token-00, with no normative changes. The abstract of the specification is:

CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. CWT is a profile of the JSON Web Token (JWT) that is optimized for constrained devices. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) is used for added application layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value.

Changes requested during the call for adoption will be published in the -01 version but we first wanted to publish a clean -00 working group draft.

The specification is available at:

An HTML-formatted version is also available at:

Kuppinger ColeExecutive View: Universal SSH Key Manager - 71509 [Technorati links]

May 20, 2016 07:52 AM

by Alexei Balaganski

Universal SSH Key Manager from SSH Communications Security Corporation is an enterprise-grade solution for centralized automated management of SSH keys across multiple platforms and network devices.

Kuppinger ColeExecutive View: CA Privileged Access Manager - 71264 [Technorati links]

May 20, 2016 07:40 AM

by Ivan Niccolai

CA Privileged Access Manager (PAM) is a well-integrated suite that provides a comprehensive solution for privileged identity management in physical and virtual environments. CA PAM enables centralized control and management of privileged user access to a broad range of servers, network devices and applications.