Latest news
Identity and access management trends
Posted on 31 January 2012.
Six major trends will drive the evolution of corporate management of identity and access management (IAM) and privacy management in 2012, according to Gartner.
In 2012, businesses need to increase their focus on identity and privacy projects that can achieve quick time-to-value and deliver real value not just to IT, but also to the business, said Bob Blakley, vice president and distinguished analyst at Gartner. As organizational boundaries erode under the pressure of federation and outsourcing, and as organizations' control over IT continues to weaken through increased adoption of mobile devices and cloud services, identity management is more important than ever and more problematic.
Six major trends will drive the evolution of the IAM and privacy management sectors in 2012:
Tactical identity: The scope of, and budgets for, identity management projects will remain constrained. A major cause of failure for these projects has been an overly broad scope combined with a lack of focus on business value. There is no longer the budget or the appetite for projects that run the risk of such failure. This year's IAM projects will generally be limited in scope and schedule to help ensure success.
Identity assurance: Demands for stronger authentication and more mature identity provider infrastructures and practices will intensify. Serious deficiencies in both these areas, and in credential issuers, came to light in 2011. Organizations need to know who they are trusting, why, and for what. They also need to know what the consequences will be if the organizations they trust to provide identity information do not fulfill their obligations, and they need to know the strength of the mechanisms used to convey identity information.
Authorization: Authorization requirements will grow more complex and more urgent in response to continuing regulatory pressure and riskier and more complex IT and business environments. Identities are not very useful by themselves their usefulness lies in authorising access and in the creation of logs that can be used to hold people accountable for their actions. Identity life cycle management, authentication and auditing are fairly mature in many organizations. Authorization (i.e., the creation and enforcement of access control policies) is much less mature, but will assume a place as a first-class business function.
The identity bridge: Identity management must start to span the chasm between organizations a new architectural component is needed to manage the flow of identity information between cooperating organizations. Managing federated identities is a complex task, and the protocols for federated provisioning and federated management of identity policies and attributes are immature. The central authoritative source of identity information can only reside at the edge of the organization to look inward and outward simultaneously, and the processes that manage federated identity span the perimeter. The hole in modern identity architecture is starting to be filled and will become an identity bridge.
The sea of tokens: Identity information frequently has to be transformed by each domain that receives it, and then passed on to downstream domains. Identity information is transmitted via tokens (which may be carried in protocol headers, but are increasingly carried in protocol payloads). The new tokens-and-transformers architecture is more modular, more flexible and more loosely coupled.
Policy battles: Increasingly, concerns over privacy and identity theft are alarming the public, and they are also having a serious impact on business operations and even business viability. The business community, the privacy lobby, and law enforcement and national security communities will continue to wrangle over identification and privacy laws and regulations and this will continue to drive changes in the identity infrastructure.
In 2012, businesses need to increase their focus on identity and privacy projects that can achieve quick time-to-value and deliver real value not just to IT, but also to the business, said Bob Blakley, vice president and distinguished analyst at Gartner. As organizational boundaries erode under the pressure of federation and outsourcing, and as organizations' control over IT continues to weaken through increased adoption of mobile devices and cloud services, identity management is more important than ever and more problematic.
Six major trends will drive the evolution of the IAM and privacy management sectors in 2012:
Tactical identity: The scope of, and budgets for, identity management projects will remain constrained. A major cause of failure for these projects has been an overly broad scope combined with a lack of focus on business value. There is no longer the budget or the appetite for projects that run the risk of such failure. This year's IAM projects will generally be limited in scope and schedule to help ensure success.
Identity assurance: Demands for stronger authentication and more mature identity provider infrastructures and practices will intensify. Serious deficiencies in both these areas, and in credential issuers, came to light in 2011. Organizations need to know who they are trusting, why, and for what. They also need to know what the consequences will be if the organizations they trust to provide identity information do not fulfill their obligations, and they need to know the strength of the mechanisms used to convey identity information.
Authorization: Authorization requirements will grow more complex and more urgent in response to continuing regulatory pressure and riskier and more complex IT and business environments. Identities are not very useful by themselves their usefulness lies in authorising access and in the creation of logs that can be used to hold people accountable for their actions. Identity life cycle management, authentication and auditing are fairly mature in many organizations. Authorization (i.e., the creation and enforcement of access control policies) is much less mature, but will assume a place as a first-class business function.
The identity bridge: Identity management must start to span the chasm between organizations a new architectural component is needed to manage the flow of identity information between cooperating organizations. Managing federated identities is a complex task, and the protocols for federated provisioning and federated management of identity policies and attributes are immature. The central authoritative source of identity information can only reside at the edge of the organization to look inward and outward simultaneously, and the processes that manage federated identity span the perimeter. The hole in modern identity architecture is starting to be filled and will become an identity bridge.
The sea of tokens: Identity information frequently has to be transformed by each domain that receives it, and then passed on to downstream domains. Identity information is transmitted via tokens (which may be carried in protocol headers, but are increasingly carried in protocol payloads). The new tokens-and-transformers architecture is more modular, more flexible and more loosely coupled.
Policy battles: Increasingly, concerns over privacy and identity theft are alarming the public, and they are also having a serious impact on business operations and even business viability. The business community, the privacy lobby, and law enforcement and national security communities will continue to wrangle over identification and privacy laws and regulations and this will continue to drive changes in the identity infrastructure.
Spotlight
17% of the world's PCs are unprotected
Posted on 30 May 2012. | In a study that analyzed data from voluntary scans from an average of 27-28 million computers per month, McAfee researchers found 17% of the world is browsing the internet completely unprotected.
What's new in ISO 22301
Posted on 29 May 2012. | Currently there are many business continuity frameworks and standards around the world, but none of them have really taken the dominant position.
Trojan spyware promoted as Steam keygen
Posted on 29 May 2012. | To users looking for keygens for their Steam games, read on: we found something that will make you think twice and probably leave you steering clear of key generators forever.
New cyber weapon targets systems in the Middle East
Posted on 28 May 2012. | A new sophisticated piece of malware dubbed "Flame" has been discovered in systems belonging to users in many Middle Eastern countries and is though to have been developed by a nation state.
RuFraud scammers caught and fined
Posted on 28 May 2012. | PhonepayPlus managed to cut off a malware attack that took the form of premium SMS fraudulent apps masquerading as popular apps offered on Google Play and other online stores.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
 |
