findprotected.com

Robert Martis · Joined: 14 May 2005 Posts: 22

Most identity management failures aren’t due to technology glitches. Instead, the most common security issues seem to result from how people interface with this technology.

Here are some most frequent problems of confidential data management:

1.Too much rigor reduces employee productivity: while password changes require a small tweak to IDM system, the need to remember complex passwords may cause hundreds of people to require resets regularly.

2.Tighter security measures can lead to back-end shortcuts: for example, in order to remember a new 10-digit alphanumeric password every 60 days, employees may be forced to put their numbers on a note directly on their terminals or keypads.

3.Too much convenience decreases end-user confidence: customers have more trust when they believe that a bank's IDM and authentication process is rigorous.

4.Too much collection of personal information creates privacy risks: when collecting personal data, more may not be better than less. Too much personal data may tempt others within the organization to reuse sensitive information.

5.Poor manual controls open the door to social-engineering risks.

6.Too much autonomy creates opportunity for malicious insiders.

7.Ignorance causes low-tech risks: companies need to pay closer attention to low-tech security risks that can affect identity management, especially if access can occur through remote, offshore locations.

See the full story at The seven deadly sins of identity management

Robert Martis · Joined: 14 May 2005 Posts: 22

The need to ensure any IT defense mechanisms should NOT jeopardize staff or customer access to important information.

The security issue is how to make information safe when a user's personal data is being transmitted outside the company walls.

Several years ago, it was just individual hackers messing around: it was a pain but it wasn't dangerous. Now we have consortiums of hackers who are paid to get information.

Some companies have to resort to drastic means to ensure that its core data is not, for instance, taken away when an employee resigns to join the competition. There are 'forensic' companies that are able to tear apart your laptop to find evidence of what has been done to the files.

Another security problem is presented by all the gadgetry available to employees - memory sticks, thumb drives, micro drives, MP3 players, and CD burners among them.

The trick is to put in as many defense measures as you can while keeping the environment friendly. No one wants to get to the point where people start to throw rocks at IT because too much security means you pretty much stop everybody from using the data. Security people are not the keepers and protectors of information. The point is to give everybody access to data in the most secure way.

See the full story at A delicate balance

Robert Martis · Joined: 14 May 2005 Posts: 22

Key challenges that IT faces today include reducing budgets, increasing demand to provide new services, and increasing demand on the existing infrastructure.

Enhancing IT productivity and empowering self-service can result in drastically reduced IT overhead, which may then be applied to more strategic IT projects without increasing total IT budgets.

One area potentially costing the enterprise a substantial amount of money is password management. The average user in today's large enterprise utilizes five to fifteen major systems, many of which have their own authentication systems. Users that are forced to remember all of these passwords typically do not--they choose simple, easy to guess passwords, or store their passwords in an unsecured location. When users forget their passwords, they call the help desk, which drives up IT costs.

A major technical challenge for IT industry is single sign-on (SSO). The concept is simple: require users to provide their identity through a single authentication system, and then automatically provide access to all of the IT systems and information resources.

One criticism of centralized SSO systems is that they present a potentially large security risk. If hackers gain access to an SSO system, they would possess the "keys to the kingdom," allowing unfettered access to corporate resources.

An enterprise-class SSO solution must therefore support strong password policy enforcement, high levels of encryption, and multi-factor authentication methods that are impervious to attack.

See the full story at Password/Security Management Whitepaper