Review – ADFS v1 & Preview – ADFS v2

Active Directory Federation Service (ADFS) is a component of Active Directory released as part of Windows Server 2003 R2. ADFS v1 can be used in various B2B/B2E/B2C Web Single Sign On and Identity Federation scenarios. Pros: – Enable Federated SSO between organizations – Enable Extranet SSO within the same corporate environment – Support either password and client cert/smart…

2

Review – Microsoft CLM Certificate Lifecycle Manager Beta 2

I reviewed CLM Beta 1 half year ago and rated it low. Now, CLM Beta 2 is ready for prime time and I’m going to deploy it in production environment. I’ve seen a lot of improvements in Beta 2 so many cons in Beta 1 are removed. Base CSP Smart Card support is a huge for me. For smart card…

0

IAM in TwC

I attended 2006 Microsoft EE & TwC Forum recently and tried to find out if there is any relationship between IAM and TwC. It is interesting that TwC (Trustworthy Computing) has Identity and Access Control as a grand child. At top level, TwC has four children, referred as 4 pillars: 1. Security 2. Privacy 3. Reliability 4. Business Practices…

0

IAM Strategy

IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here are some general strategies for enterprise to consider: Obtain executive sponsorship because IAM is an important part of…

0

How to Reduce TCO of Identity & Access Management

Identity & Access Management is an expensive investment in IT. Here are some tips to reduce Total Cost of Ownership: Follow the rule of economy of scale – If more people use the same solution, the unit cost of the solution will decrease. Therefore, you should always search and use the most popular out of shelf IAM solution in the market place first. …

0

Authentication Strategy

Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system. User Authentication Strategy: ·         Prepare and plan for Strong User Authentication ·      Educate line of business application owners to use standard OS and directory protocol authentication and avoid application custom…

0

Authorization Strategy

Authorization (or establishment or entitlement) defines a user’s (or process’) rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource. Here are some authorization strategies to improve security: By default, grant users no rights and permissions Grant users least privileged rights and permissions on “need to…

0

Auditing Strategy

Auditing (also referred as Audit or Accounting or Accountability) ensures that the activities associated with user access are logged for monitoring, regulatory and investigative purposes. Auditing Strategies for IAM to be compliance: Identify regulations you company must be compliance: such as SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), Basel II. Assess current compliance…

0

How to Improve Security with Identity & Access Management

Every time I told a friend I got an IT security job, I was always asked a similar question “Do you catch hackers or virus?”. Of course, the popularity of the Internet definitely puts external threats and attacks on enterprise IT security’s radar. However, I still personally believe internal threats and attacks cost more damage. According to a 2003 study by the Computer Security Institute (CSI) and…

0

How to Increase Productivity with Identity & Access Management

With right IAM solutions, your business can increase employee’s productivity (or avoid the loss) significantly. Before you look into IAM solutions, you should identify major factors impacting employee’s productivity in your business. Some common factors are: New employee setup time – the waste time to get a new network/system account and proper permissions to access resources. An…

0