25 May 2016

feedPlanet Identity

Nat Sakimura: Open Data in Finance @ London は6月15日!

FinTechの3本柱の1つとして注目されるAPIですが、特に欧州ではPayment Service Directive 2で銀行が2017年末までに金融API ...

Copyright © 2016 @_Nat Zone All Rights Reserved.

25 May 2016 2:17pm GMT

Kuppinger Cole: Jun 28, 2016: Externes Beziehungsmanagement: Kommunikation und Kollaboration mit Partnern und Kunden sicher steuern

Mit der steigenden Nachfrage von Unternehmen nach engerer Kommunikation und Kollaboration mit externen Partnern und Kunden wächst auch der Bedarf an professionellem Web Access Management und Identity Federation. Geeignete Lösungen ermöglichen sichere Zugänge von und auf externe Systeme, auch aus der Cloud. Um die Vielzahl an Anforderungen für eine sichere Kommunikation und Kollaboration erweiterter und vernetzter Unternehmen nahezu lückenlos mit IT abzudecken und gleichzeitig agil zu bleiben, sind Standardinfrastrukturen notwendig.

25 May 2016 10:08am GMT

Kuppinger Cole: Complexity Kills Agility: Why the German Reference Architecture Model for Industry 4.0 Will Fail

by Martin Kuppinger

The German ZVEI (Zentralverband Elektrotechnik- und Elektroindustrie), the association of the electrical and electronic industries, and the VDI (Verein Deutscher Ingenieure), the association of German engineers, has published a concept called RAMI (Referenzarchitekturmodell Industrie 4.0). This reference architecture model has a length of about 25 pages, which is OK. The first target listed for RAMI 4.0 is "providing a clear and simple architecture model as reference".

However, when analyzing the model, there is little clearness and simplicity in it. The model is full of links to other norms and standards. It is full of multi-layer, sometimes three-dimensional architecture models. On the other hand, the model doesn't provide answers on details, and only a few links to other documents.

RAMI 4.0 e.g. says that the minimal infrastructure of Industry 4.0 must fulfill the principles of Security-by-Design. There is no doubt that Industry 4.0 should consequently implement the principles of Security-by-Design. Unfortunately, there is not even a link to a description of what Security-by-Design concretely means.

Notably, security (and safety) are covered in a section of the document spanning not even 1% of the entire content. In other words: Security is widely ignored in that reference architecture, in these days of ever-increasing cyber-attacks against connected things.

RAMI 4.0 has three fundamental faults:

  1. It is not really concrete. It lacks details in many areas and doesn't even provides links to more detailed information.
  2. While only being 25 pages in length and not being very detailed, it is still overly complex, with multi-layered, complex models.
  3. It ignores the fundamental challenges of security and safety.

Hopefully, we will see better concepts soon, that focus on supporting the challenges of agility and security, instead of over-engineering the world of things and Industry 4.0.

25 May 2016 10:00am GMT

24 May 2016

feedPlanet Identity

Kuppinger Cole: Kim Cameron - The Future of On-Premise AD in the days of Azure AD

Azure AD is here. It can act as a domain controller. It helps you managing your partners. It is ready-made for managing your customers. The application proxy builds the bridge back to your on-premise applications. That raises an important question for all organizations running AD on-premises: What is the future role for on-premise AD? What is the right strategy? Who can and should get rid of on-premise AD now or in the near future, who should focus on a hybrid strategy? Where is the overlap?



24 May 2016 11:57pm GMT

Kuppinger Cole: Darran Rolls - The Anatomy of Your Next Cyber Attack: IAM Pitfalls and Protections

Security breaches and cyber attacks have become a daily occurrence. Worse, in some cases it can take an organization months to realize they've been breached. Open the pages of the latest breach forensic report and you will find a litany of basic IAM errors that read like a horror story. Many companies are missing the basic IAM best practices that can help prevent, detect and mitigate attack. In this session, SailPoint's CTO Darran Rolls presents the anatomy of a typical cyber attack and explains where and how IAM controls should be applied to better enable close-loop cyber protection for enterprise systems. You may not be able to prevent an attack, but you can minimize the damage and your exposure.



24 May 2016 11:56pm GMT

Kuppinger Cole: Dimitra Kamarinou - From Suppliers to Consumers: Issues of Liability in Industry 4.0

This session looks at the responsibilities and liabilities of organisations involved in the 'smart manufacturing' process both internally (e.g. towards employees) and externally (e.g. other organisations, suppliers, consumers, the environment) and at the difficulties of attributing liability in a complex web of stakeholders that might include cloud service providers. We also discuss the importance of contractual and non-contractual liability as well as statutory and common law liability, including fault-based and strict liability. This session also looks at why these legal questions are important and at potential ways to clarify issues of attribution of liability in Industry 4.0.



24 May 2016 11:24pm GMT

Kuppinger Cole: Luigi de Bernardini - Industry 4.0 and IIoT: Different Approaches to a Smarter Industry?

In most cases, the terms Industry 4.0 and Industrial Internet of Things (IIoT) are used interchangeably. But these two terms, though referring to similar technologies and applications, have different origins and meanings. Industry 4.0 is focused specifically on the manufacturing industry and the goal of ensuring its competitiveness in a highly dynamic global market. The IIC is more focused on enabling and accelerating the adoption of Internet-connected technologies across industries, both manufacturing and non-manufacturing. That's why it's important to understand the differences between Industry 4.0 and the "Industrial Internet of Things" and where our mindset and approaches best fit.



24 May 2016 11:23pm GMT

Kuppinger Cole: The Need to Destroy in the Era of Populous Data and Cloud

What often gets overlooked in the conversation on cloud security is the subject of "deletability" of cloud data. During this session our expert panel explore the topic of whether cloud data that is "deleted" by an end-­user is actually completely removed from the cloud? By end-user we mean the consumer and the cloud administrators.



24 May 2016 10:43pm GMT

Kuppinger Cole: Trends & Innovation Panel: What Are the Most Important Innovations and Who Are the Innovators?

The idea of this trends & innovation panel is to give each panelist the opportunity to tell the audience what company or companies out there are doing something innovative, what it is, why it is important and why the audience should care track the company. For example, one of the panelists might talk about how the perimeter is disappearing and it's important to be thinking about governance, security and privacy for cloud properties like Salesforce, Workday, etc. The only restriction on panelists is that they are not allowed to talk about their own products or products from anyone on the panel.



24 May 2016 10:40pm GMT

Rakesh Radhakrishnan: Core CISO Org Structure & "Threat Centric IAM”

Recently I authored a paper and presented a "brighttalk" on the same topic: "Threat Centric IAM". Both the paper and the tech talk was well received by at least 12+ CISO's I had met. Quite often they came back to me with more people, process and governance related to this approach, hence this blog entry.
One of the interesting trends in enterprises, that I have witnessed in the past few years is a CISO organization that is folding the IAM resources under the CISO as opposed to having IAM resources distributed within IT and related groups. In the past IAM folks with expertise in Authentication, SSO, IDM provisioning and externalized fine grained access (entitlement developers), have been in IT organization that run IT support services or within Application Development teams. With the technology trend moving towards Cloud adoption by IT and SAAS models by application groups and given that IAM is a key control amongst all security controls, and its significance, in terms of addressing Compliance Reporting, IAM teams are getting folded within the CISO organizations as a new parallel pillar. This is further necessitated with the Mobile and IOT trends as a business enabler.
This to us is a reflection of the increased significance given to IAM by the CISO organization and the recognition that IAM is a critical core control for all distributed security controls (intra and inter enterprise). It is also helping in terms of leveraging resource expertise across an entire enterprise, as Authentication is a Service that gets reused and so is IDM provisioning as a service and Authorization as an externalized enterprise wide entitlement service that can integrate into Risk Systems (for risk based access), etc..


This is a welcome development as the IAM team works closely with Security Architecture and Engineering while modernizing and maturing its IAM Programs (via Standards interfaces and policy compliance) driven by requirements coming from Risk Management and Compliance teams. In addition the IAM team has opportunities now to partner with Security operations and the cyber security team to work on "threat modeling" of the AS-IS IAM footprints and also drive towards "Threat Centric IAM" -integrating the Threat Intelligence and recommended coarse of actions (STIX COA) into IAM controls one step at a time. This can include threat intelligence integration into IAM vetting/proofing processes, IAM provisioning processes, authentication and multi factor authentication processes, network admission control processes, cloud access security brokers and enterprise fine grained access controls, including data base firewalls and DLP systems.
Folding the IAM team under the CISO org chart allows for these two pillars to collaborate more extensively moving forward to realize higher levels of maturity as described in the "Threat Centric IAM" paper.
Good to see a blog on CISO mind map… 11 functional domains highlighted here are collapsed into 5 organizational pillars, in my blog.






24 May 2016 9:02pm GMT

Kuppinger Cole: Transforming Governance, Security and Compliance

The number of companies investing in modern "Big Data"-type SAP products and cloud-based SAP deployment models is growing constantly. Having formerly been stored in standalone database silos, SAP information from CRM, ERP etc. for Big Data deployments is now being migrated to a central high-volume and high-performance database. Deploying traditional SAP environments in the cloud and leveraging new cloud-based SAP applications introduce new groups of customers to SAP services and shift the focus of existing SAP users.

24 May 2016 7:48pm GMT

ForgeRock: What’s Up in the Cloud? ForgeRock’s New Cloud Foundry OpenAM Service Broker

With the Cloud Foundry Summit underway in Santa Clara this week, we thought it would be a good time to announce our preview version of a new identity service broker for the Cloud Foundry platform. An extension of the OpenAM project, the new service broker will allow externally deployed ForgeRock solutions to protect applications…

The post What's Up in the Cloud? ForgeRock's New Cloud Foundry OpenAM Service Broker appeared first on ForgeRock.com.

24 May 2016 1:00pm GMT

Nat Sakimura: CISでのOpenID Trackは6月7日火曜日

昨年までは、CISでのOpenID Trackは、Pre-conference day でしたが、今年は 『Achieving Internet Scale I ...

Copyright © 2016 @_Nat Zone All Rights Reserved.

24 May 2016 7:24am GMT

Kuppinger Cole: Executive View: PingAccess - 71507

by Ivan Niccolai

PingAccess is a web and API Access Management offering from Ping Identity. PingAccess is tightly integrated with PingFederate and provides a superior alternative to traditional Web Access Management products with its ability to provide policy- and context-driven access control to traditional on-premise web applications and cloud applications, as well as to REST-based APIs.

24 May 2016 6:54am GMT

Kuppinger Cole: Fintech, Insurtech, Supply Chain, Automotive: Use Cases where Blockchain meets IoT and Identity

During the first part of the blockchain track at EIC 2016, we have learned a lot about the concept and technology of Blockchain Identity. In this session we build on this and have a look at what happens in different use case scenarios, if blockchain, the internet of things, identity and the need for privacy "collide". Has blockchain been the missing link to put the "platform" thought away from "Life Management Platforms" to make it a universally available privacy by design representation of humans in a digital world?



24 May 2016 2:10am GMT

Kuppinger Cole: Proof of Identity for Refugees and Beyond: Blockchain Identity for the World

Recent research estimates that there are 1.5 billion individuals who do not have any means to prove their legal identity. Failing states lacking to perform even the most basic administrative tasks, supressed ethnic groups, and of course all those who have to flee their home due to conflicts or disasters.

New thinking is required to make identification available to all humans, and to help refugees and displaced people to cross borders and to apply for asylum. In this panel discussion, we will try to outline a blockchain based supranational identity infrastructure under the roof of an organization like UN.



24 May 2016 1:42am GMT