Gartner Blog Network

Mark Diodati
Research VP
6 years at Gartner
21 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include mobility, authentication, cloud idenitity, federation, directory services, provisioning, identity services, Active Directory interoperability, Web access management…Read Full Bio

Mobile Device Certificate Enrollment: Are You Vulnerable?

by Mark Diodati  |  July 2, 2012

Last week, US-CERT published a vulnerability note on the Simple Certificate Enrollment Protocol (SCEP). The vulnerability was reported by Certified Security Solutions, a consulting company with extensive Windows and PKI deployment experience. The company’s summary of the vulnerability is here. This vulnerability—when combined with two additional pieces of information—enables an attacker to impersonate another user […]

Read more »

RSA SecurID, Crypto, and Satan’s Computer

by Mark Diodati  |  June 27, 2012

You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars […]

Read more »

It’s … Minty

by Mark Diodati  |  May 7, 2012

Recently, I had the opportunity to talk with Sharon Epperson (CNBC/Today/NBC News). She was preparing for a Today show segment on the security of I address this topic in my 2011 FFIEC authentication guidance document. is Quicken for the cloud era. Like Quicken, it enables the analysis of personal financial data, including banking, […]

Read more »

The Next Revolution In Mobility: Near Field Communication

by Mark Diodati  |  April 20, 2012

I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about: NFC’s moving parts Impending demand from your users NFC’s potential for access to buildings and applications Missing ecosystem components The next revolution in mobility is coming: it is near field communication […]

Read more »

OTP Systems And Mobile Devices: Don’t Make The Biggest Implementation Mistake

by Mark Diodati  |  April 12, 2012

The topic of the secure distribution of one-time password (OTP) secrets recently surfaced again as part of our ongoing mobility research. Many organizations make the classic distribution mistake; they couple a weak identity proofing mechanism with the deployment of stronger authentication systems1. In our research, I call this an “impendance mismatch”. For example, if an […]

Read more »

Dialoguing about SCIM

by Mark Diodati  |  February 23, 2012

Gartner’s Identity and Privacy Service (IdPS) has closely tracked provisioning standards since 2003. I published our first research document on Service Provisioning Markup Language (SPML v2) in early 2006. Additionally, I published a realistic assessment of developing an SPML service in early 2010. A few months later, I worked with industry leaders to publish a […]

Read more »

Commentary on Centrify’s new MDM product

by Mark Diodati  |  February 19, 2012

Industry analysts discuss emerging concepts and current events with journalists. We are misquoted more than you might think (or we would like). Sometimes the misquote is minor. On occasion, the statement attributed to us differs materially from our original statement; we are inclined to speak out and make a correction. Misquotes can be the result […]

Read more »

Déjà Vu – The Sykipot Attack on Smart Cards

by Mark Diodati  |  January 15, 2012

Kelly Jackson Higgins at Dark Reading provides an excellent summary of the Sykipot malware variant attack on smart cards. The malware opens the smart card and uses it for private key signing functions. Signing functions are the backbone of public key technology—they enable users to authenticate to mutually authenticated SSL and Microsoft Windows sessions, for example. […]

Read more »

How Soon is Now: NFC Smartphones and Physical Access Control Systems

by Mark Diodati  |  October 31, 2011

You may have read about a recent pilot at Arizona State University, where 30+ students used their smartphones augmented with NFC (near field communication) to access facilities at the college. Instead of building access cards, the students used their smartphones. The pilot has fueled an already intense industry interest regarding the use of NFC and […]

Read more »

Of Identities, Clouds, and Bridges

by Mark Diodati  |  October 20, 2011

In response to the large number of client inquiries about identity management and the cloud, Gartner has recently published a research document that discusses identity management as a service (IDaaS)—turnkey identity management services that exist in the cloud. In the document (Market Profile: Identity Management as a Service (IDaaS) [subscription required]), I discuss over 20 vendors […]

Read more »