Skip navigation
Twitter   Follow us  •   Share   Share    Become a member
Home Business Technology Strategy Business Technology Execution Professional Development Live Exchanges Smart Archive Smart Enterprise Magazine
Up to Blog Posts in IT Security

IT Security

2 Posts tagged with the iam tag
Larry Lange
0

Numerous start-up cloud vendors are busy hyping their "Security-as-a-Service" wares, with requisite promises of turnkey "Security in a Box" and the like. But enterprise CIOs have tough questions about the validity and reliability of such firms and their services — as well they should. Securing a global IT infrastructure is paramount — with millions of dollars and customers at stake, not to mention a company's tarnished reputation if a major security breach occurs. It’s wise to ask whether such a mission-critical task can be entrusted to a third-party host.

 

That’s why Matthew Clark, Senior Director of IT at telecom provider Qualcomm in San Diego, is taking a cautious approach to cloud services. "Trust and security in cloud computing are big deals to companies,” he says, and too often cloud providers are more concerned with protecting their own business than the customer’s. As a result, “We are very, very cautious about what we allow to be put out into external clouds," Clark says.

 

Lina Liberti, VP of the Security business at CA Technologies, understands the concerns. She told me recently that, "Some of these new-to-the-market Security-as-a-Service providers are great for small to midsize business, as smaller firms are more likely to take risks in order to realize the benefits from a cloud deployment." But, she warns, outsourcing large enterprise security to a new, immature vendor is a risky consideration.

 

That doesn’t mean a large or growing enterprise can’t take advantage of the cost and resource savings cloud security offers; they just need to partner with companies that have hardened enterprise-grade security tools delivered as a service.

 

Peter Hinssen, one of Europe's leading tech gurus, noted that "CA [Technologies] realized that cloud was going to happen faster than anyone else anticipated, and the company has taken a leading role in this market. Hinssen believes that CA Technologies also is out front with its Identity Management-as-a-Service as well.

 

The company recently released several cloud solutions aimed at the identity and access management (IAM) security market. The CA CloudMinder portfolio, for example, is morphing the firm's long-established IAM solutions into hosted, subscription-based security services for customers. With the new services, CIOs no longer need to purchase, install and maintain their IAM tools via old-school methods (as applications on CDs, for instance). Now, they're available in the cloud as services customers can procure or buy or license from CA Technologies.

 

Besides its experience with enterprise data centers, CA Technologies provides trained support 24x7x365 — critical to most global online enterprises. These “comfort factors” may boost Security-as-a-Service among skeptical CIOs — even those like financial and healthcare CIOs, who need to meet stringent requirements and regulations with their cloud deployment.

 

To me, that's hope, not just hype.

 

 

Larry Lange is a freelance writer on the business of technology and a contributor to Smart Enterprise magazine.

573 Views 0 Comments Permalink Tags: matthew_clark, security-in-a-box, larry_lange, lina_liberti, iam, cloud, security, peter_hinssen, cloud_services, services
Michael Denning
0

New Content-Aware Identity and Access Management (IAM) technologies promise to help enterprises rapidly embrace cloud-- and new business models-- without increasing risk.

 

Some security managers have a reputation for always trying to put the kibosh on new projects and new ways to use IT. In many organizations, the CSO and team have become known as “Dr. No” when it comes to certain device use, social networking tools or even cloud computing. (See related blog here.)

 

It's not necessarily their fault. The job of a security chief is to protect enterprise assets, after all. And the reality is that security applications — identity and access management, data-leak prevention tools, user activity reporting, among others — alone don't provide the necessary insight into users and the information and resources they want to use at the moment of the transaction. That is, they don't provide the context needed to measure real-world risk.

 

But this is changing.

 

At CA Technologies, we believe a new twist on identity and access management and data protection technologies — what we call Content-Aware IAM — will help to move this conversation forward by adding the necessary intelligence around content and data to reduce risk while maintaining productivity, whether working in a traditional or a cloud environment or both.

 

For instance, the more tightly coupled the identity information — such as who the users are, their job role, etc. — is with the actual data accessed, the more secure the migration to cloud services can be. With Content-Aware IAM, enterprises can more granularly control not just what applications and data users are attempting to access, but also what they can do with that information.

 

Risk-based Decisions

With that user and data information at hand – and even information about the device the user is operating from — organizations can put the information to use at the time of transaction and create a risk-based judgment about individual transactions. Think of this risk-based judgment as being similar to that of a credit or FICO score. Instead of checking credit history and opening a new credit card or car loan, Content-Aware IAM will evaluate the user and look at who she is, what devices she is using and what data she wants to access. Then, based on a set of predetermined criteria and policies — just like a FICO score — the advanced authentication portion of Content-Aware IAM (specifically, our CA Arcot RiskFort technology) can assign a risk score that determines whether or not a transaction can proceed.

 

For instance, if a user is accessing data daily from her desk PC during normal business hours, we'd assume a low-risk data transaction and can assume most actions would be allowed without further authentication. However, should this user suddenly start attempting to access that same data from an iPad after business hours from across the country, we'd have an entirely different risk score for the transaction. To proceed, even more advanced authentication can be required to verify her identity, such as a one-time-password sent to her cell phone number on file, or even delivered by a phone call.

 

Content-Aware IAM with advanced authentication allows security executives to control users, their access and what they can do with information. This helps organizations embrace the benefits of cloud computing and consumer technologies, such as tablets or smartphones, without bringing too much risk into the organization. That’s the path to saying “yes” to new IT projects and technologies.

 

 

Read the related article in Smart Enterprise magazine here.

617 Views 0 Comments Permalink Tags: security, authentication, ca_technologies, michael_denning, risk, identity_management, access_mangement, access, iam, cso, ciso, social_networking, cloud_computing


Incoming Links

We encourage your feedback. Reach out via the "Contact the Editor" and "Contact the Concierge" services for any needs, questions or comments. We look forward to serving you!

Paula Klein, Smart Enterprise Exchange Editor
e-mail

Ellen Lalier, Smart Enterprise Exchange Concierge
e-mail
phone 516-562-5727; fax 516-562-5466