It's All About Identity and Access Management

| 0 Comments | 0 TrackBacks
Identity and access management (IAM), or simply identity, when boiled down to its essence, may be what security is all about. Is the person opening an application, walking through a door, or logging on the enterprise network with a BlackBerry the person they claim to be? And if so, are they where they are allowed to be, virtually or physically?

IAM--as in credentialing, confirming and managing identity is a big theme at next week's RSA Conference in San Francisco. The conference is typically known as the place where IT cyber-security folks gather to trade notes on thwarting the latest threats to networks and applications. While foiling hackers and malware is flashier, the number of IAM sessions listed in the voluminous conference guide indicates IAM's importance in enterprise security.

The IAM-related sessions range from technical discussions about building "identity metasystems" to IAM in cloud computing to strategic overviews of basic identity and access technologies such as smart cards. Judging from their descriptions, most panels have a strong focus on the IT department's role in IAM, including those panels categorized as "physical security" topics.

Microsoft, HP Labs, Sun Microsystems, Cisco, CA, McAfee and Symantec are just some of the companies well-known in IT circles addressing identity management, including its physical aspects, at the conference. HID Global appears to be the best-known traditional physical security solution vendor on a panel; some IP-centric presenters include Imprivata, N2N Secure, PlaSec Inc. and Probaris.

As described, the sessions sketch a calculation in which physical access control and its tools, ranging from door locks to video analytics, add to IT's IAM security formula. Physical security experts could easily flip that equation, discussing with IT counterparts how data in logical systems can enhance enterprise physical IAM--which in turn strengthens logical IAM efforts in an ever-stronger loop.

PlaSec's scheduled presentation suggests IAM should be a collaborative process between physical and logical security. Physical security has specialized in identity since its inception: now is the time to sit down with IT counterparts to demonstrate the value of combining your identity knowledge.   

--By Sharon J. Watson

Comment question: How physical is your company's IAM strategy?
Identity and access management (IAM), or simply identity, when boiled down to its essence, may be what security is all about. Is the person opening an application, walking through a door, or logging on the enterprise network with a BlackBerry the person they claim to be? And if so, are they where they are allowed to be, virtually or physically?

IAM--as in credentialing, confirming and managing identity is a big theme at next week's RSA Conference in San Francisco. The conference is typically known as the place where IT cyber-security folks gather to trade notes on thwarting the latest threats to networks and applications. While foiling hackers and malware is flashier, the number of IAM sessions listed in the voluminous conference guide indicates IAM's importance in enterprise security.

The IAM-related sessions range from technical discussions about building "identity metasystems" to IAM in cloud computing to strategic overviews of basic identity and access technologies such as smart cards. Judging from their descriptions, most panels have a strong focus on the IT department's role in IAM, including those panels categorized as "physical security" topics.

Microsoft, HP Labs, Sun Microsystems, Cisco, CA, McAfee and Symantec are just some of the companies well-known in IT circles addressing identity management, including its physical aspects, at the conference. HID Global appears to be the best-known traditional physical security solution vendor on a panel; some IP-centric presenters include Imprivata, N2N Secure, PlaSec Inc. and Probaris.

As described, the sessions sketch a calculation in which physical access control and its tools, ranging from door locks to video analytics, add to IT's IAM security formula. Physical security experts could easily flip that equation, discussing with IT counterparts how data in logical systems can enhance enterprise physical IAM--which in turn strengthens logical IAM efforts in an ever-stronger loop.

PlaSec's scheduled presentation suggests IAM should be a collaborative process between physical and logical security. Physical security has specialized in identity since its inception: now is the time to sit down with IT counterparts to demonstrate the value of combining your identity knowledge.   

--By Sharon J. Watson

Comment question: How physical is your company's IAM strategy?

No TrackBacks

TrackBack URL: http://www.securitysquared.com/cgi-bin/mt/mt-tb.cgi/20

Leave a comment