01.24.2017 - Does IoT Have an Identity Management Problem?
Forgive us for sounding like a lawyer, but the question “does IoT have identity management?” can only be answered by saying: It depends. There are a wide range of consumer devices that have no identity management — they’re just sitting out there providing data to a local network and are easily accessible by just about anyone who is willing to take the time to find them. You can do this yourself by simply going to a search engine and looking for unsecured security cameras. Not only can you browse tens of thousands of completely unsecured security cameras, but you can also browse through nearly 100,000 cameras that use default passwords — some of which autofill when you access the cameras because they’re designed to be replaced as soon as the camera is installed. Many of these IP cameras show the inside of homes and stores, which can create significant threats for your person and your property. Business applications sometimes have a better policy on user authentication in their Internet of Things rollouts, but this isn’t a guarantee. The most likely identity management paradigm covers devices that require consistent interaction, such as keyboard and touchscreen input, or that must be unlocked through passwords and facial recognition. ...
01.10.2017 - Navigating a Multi-Forest Office 365 Migration Without Losing Your Mind
A logistics management business wants to consolidate its multi-tenant, multi-forest Office 365 environment. Expansion via acquisitions created a multi-tenant, multi-forest problem for the logistics company further complicated by additional challenges involving business productivity, managing users in AD and development of cross-forest trust. They also wanted SSO to reinforce secure access to applications and decrease time used by IT to manage end-user requests for password reset within their business. So what do you do? Decide to take the plunge and enter the crazy world of multi-forest sharepoint Catch-22s, or pull your hair out strand by strand to numb your brain and avoid dealing with it? For starters, you should know Microsoft does support different scenarios for implementing SSO. Two components needed are DirSync (directory synchronization) between the Azure AD detail used for the subscription to Office 365 and user credential authentication to the IdP. DirSync is the essential identity accessory while user credential authorization is the sharepoint federation aspect of a multi-forest Office 365 situation. But wait, there’s more… Because Microsoft does support user password synchronization — AKA “password hashes” — between Azure AD and your on-site Active Directory System, you don’t need to worry about federation because Azure AD represents the user authentication point. On-site AD systems act as the de facto system for user accounts and are not used to authenticate users of Office 365. This is a generally the preferred scenario of small- to mid-level companies that want to avoid managing a federation infrastructure with password hash synchronization. ...