08.15.2019 - 2019 Gartner Magic Quadrant for Access Management, Worldwide
According to Gartner, “Niche Players provide access management technology that is a good match for specific use cases. They may focus on specific industries or have a geographically limited footprint; however, they can actually outperform many competitors.” ...
07.9.2019 - Zero Trust: Organizations can begin to trust users, devices and transactions starting with a high level of IAM services and support.
A Zero Trust model begins with strong identity and access management (IAM) solutions. The challenge is how to balance between absolute assurance (thereby promoting maximum security) and end-user productivity and usability. The user identity can be challenged in many ways – for example, by requiring a hardware token or asking the person to answer a series of security questions – but overtly challenging the user can cause frustration and lead to lost productivity. ...
04.26.2019 - Does My Business Need Cloud Security?
If you have a business with sensitive information to protect, you may be wondering, “should my business use cloud security?” What distinguishes ‘cloud security’ from ‘on-premise’ security. Cloud security is a term for security technologies that leverage the power of the cloud. These advantages could be based on cloud-scale (ability to immediately provision more units to bear on a problem), pattern recognition (using a form of complex algorithms and/or A.I. to discover some type of intelligence about an alleged attack), identity proofing (ability to verify the digital identity can verify who they are by comparing them to known identities on other trusted external databases and networks), authentication assurance (ability to confirm access to applications/resources based on multiple proofs of who you know, what you possess or who you are), etc. ...
02.18.2019 - Mergers, Acquisitions and Divestitures – How to Unite Your Active Directories
CIOs that are under pressure to bring two companies’ IT systems and applications together after a merger or acquisition can unify their directory services quickly and inexpensively with a Virtual Identity Server. This paper looks at three of the leading approaches to bridging disparate sets of directory services into one seamless directory following a merger or acquisition. Conversely, we’ll look at the aspect of a divestiture, in which one company must entirely split out from another. Here, too, directory services play a role in a clean and quick divestiture or spin-off. ...
02.6.2019 - European Identity & Cloud Conference Ticket Giveaway
Optimal IdM is giving away tickets to the conference! Win one of three free tickets to the entire conference and workshop sessions. Participation is free of charge and the closing date for entries is April 19, 2019. Winners will be notified by e-mail and/or by phone. ...
01.29.2019 - Hotel Show-and-Tell – Massive Data Breach Exposes Identities Part 2 of 2
This is Part II of a 2 Part Blog…click here for Part I ...
01.17.2019 - Typing Biometrics and Other Multi-Factor Authentication Methods: When Passwords Are Not Enough
81% of data breaches are from weak, default or stolen passwords. Leveraging MFA when it’s offered lessens the attack vector for digital identity impersonation attempts. This paper looks at existing MFA options, including biometric typing technology, examines decision factors for MFA and discusses the difference between various authentication methodologies. ...
01.7.2019 - Hotel Show-and-Tell – Massive Data Breach Exposes Identities Part 1 of 2
If you were one of the 500 million users affected by the December 2018 Marriott/Starwoods password breach, your credentials were exposed, your personal details were collected as was, possibly, your credit card information on file. ...
11.30.2018 - HTTP Header Session Protection
The HTTP protocol was designed as a transport protocol to fetch and return content and to display HTML or other functions. But, HTTP wasn’t designed with authentication security top of mind. Approximately 40% of data breaches originate from attacks on web apps. And many of these breaches are preventable. HTTP header session protection as a part of your SSO solution should be at the forefront of your mind. Access to web/SaaS applications obviously initially requires successful authentication. After your username and password are accepted, authentication between the user and web service (client/server) session is usually maintained by cookies. The cookie allows the server, after successful authentication, to identify and trust the client during the session to allow seamless access to the web service. Many web services are front ends to databases, consumer data and/or corporate user specific data. An attacker, therefore, would just need to steal the cookie to hijack the current authenticated session. HTTP headers provide another layer of security for employees and consumers to guard against a number of attack vectors — including man-in-the-middle attacks (MIM), many cross-site scripting (XSS) attacks, session hijacking, and more. Cross-site scripting (XSS) has been a popular attack vector. In fact, it’s reported that XSS is the most common exploited vulnerability in web applications. XSS are high risk vulnerabilities where a type of code injection is used to hijack a legitimate users’ session. This isn’t a password breach, but a breach in the web session where the user has already successfully authenticated and is interacting with a web service. The HTTP session is hijacked and the attacker is now impersonating a legitimate authenticated user. Users are vulnerable everywhere to these threats but are especially susceptible within public unsecured WiFi networks where attackers can easily extract session cookies. Certainly, you would always also prefer an HTTPS session over an HTTP session, but that won’t necessarily help mitigate some XSS security issues. You need multiple layers of protection. HTTP header session protection is an essential component of a secure web services session; however, HTTP header session protection won’t protect against weak and reused passwords, brute force attacks, phishing attacks and other attacks against the passwords themselves. To mitigate password threats, implement strong authentication using multifactor authentication (MFA). Optimal IdM has a rock solid, agile MFA solution that was named Best MFA Solution of the Year in the GSN Homeland Security Awards. Microsoft reports that only 4% of SaaS storage apps and 3% of SaaS collaboration apps support all HTTP headers session protection. It’s irresponsible for organizations to ignore such large, yet solvable, attack vectors. Today’s sophisticated threat landscape for web and SaaS SSO applications require a vendor who can support modern, strong authentication by leveraging multiple HTTP session protections. Optimal IdM is that vendor. Further, Optimal IdM’s SSO solutions session support protections and encrypt data in transit and at rest. Additional Recommendations ...
10.11.2018 - Identity Management Challenges for Retailers
In part one of our retail blog series we discussed protecting consumer identity. Read on as we discuss other identity issues retailers face. ...