Mark Diodati

A member of the Gartner Blog Network

Entries Categorized as 'IAM'

Mobile Device Certificate Enrollment: Are You Vulnerable?

by Mark Diodati  |  July 2, 2012  |  1 Comment

Last week, US-CERT published a vulnerability note on the Simple Certificate Enrollment Protocol (SCEP). The vulnerability was reported by Certified Security Solutions, a consulting company with extensive Windows and PKI deployment experience. The company’s summary of the vulnerability is here. This vulnerability—when combined with two additional pieces of information—enables an attacker to impersonate another user […]

1 Comment »

Category: Authentication Cloud IAM Mobility     Tags:

RSA SecurID, Crypto, and Satan’s Computer

by Mark Diodati  |  June 27, 2012  |  Comments Off

You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars […]

Comments Off

Category: Authentication IAM Mobility Uncategorized     Tags:

It’s … Minty

by Mark Diodati  |  May 7, 2012  |  2 Comments

Recently, I had the opportunity to talk with Sharon Epperson (CNBC/Today/NBC News). She was preparing for a Today show segment on the security of I address this topic in my 2011 FFIEC authentication guidance document. is Quicken for the cloud era. Like Quicken, it enables the analysis of personal financial data, including banking, […]


Category: Authentication IAM     Tags:

The Next Revolution In Mobility: Near Field Communication

by Mark Diodati  |  April 20, 2012  |  Comments Off

I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about: NFC’s moving parts Impending demand from your users NFC’s potential for access to buildings and applications Missing ecosystem components The next revolution in mobility is coming: it is near field communication […]

Comments Off

Category: Applications Authentication Cloud IAM Mobility NFC     Tags:

OTP Systems And Mobile Devices: Don’t Make The Biggest Implementation Mistake

by Mark Diodati  |  April 12, 2012  |  Comments Off

The topic of the secure distribution of one-time password (OTP) secrets recently surfaced again as part of our ongoing mobility research. Many organizations make the classic distribution mistake; they couple a weak identity proofing mechanism with the deployment of stronger authentication systems1. In our research, I call this an “impendance mismatch”. For example, if an […]

Comments Off

Category: Authentication IAM Mobility     Tags:

Commentary on Centrify’s new MDM product

by Mark Diodati  |  February 19, 2012  |  Comments Off

Industry analysts discuss emerging concepts and current events with journalists. We are misquoted more than you might think (or we would like). Sometimes the misquote is minor. On occasion, the statement attributed to us differs materially from our original statement; we are inclined to speak out and make a correction. Misquotes can be the result […]

Comments Off

Category: Authentication IAM Mobility     Tags:

Quest Acquires Symlabs

by Mark Diodati  |  June 6, 2011  |  Comments Off

Quest is actively building out its identity management product portfolio.  Some notable acquisitions: Vintela (Active Directory Bridge – 2005) Völcker Informatik AG (provisioning/access governance – late 2010) e-DMZ Security—privileged account management – early 2011) Today, Quest announced the acquisition of Symlabs, a vendor with virtual directory and federation products. In its early days, virtual directories […]

Comments Off

Category: Cloud IAM Uncategorized     Tags:

‘Directory Services, Federation, and the Cloud’ Document

by Mark Diodati  |  September 16, 2010  |  Comments Off

The document referenced in my prior posts about the Arcot and VMware acquisitions ( and is now published (subscription required). Here is the document description: In this assessment, Research Director Mark Diodati evaluates the abilities of off-the-shelf directory services and federation technologies that solve the increasingly prevalent provisioning and authentication challenges for cloud-based applications. Product […]

Comments Off

Category: Cloud IAM     Tags:

CA Technologies to Purchase Arcot Systems

by Mark Diodati  |  August 30, 2010  |  Comments Off

I’ve been following the evolution of Arcot Systems for twelve years. I became aware of them as a potential competitor (and acquisition target) while working at RSA, and I’ve kept up with them in my role at Burton/Gartner. I’ve seen the evolution of its products beginning with its innovative “Camouflage” technology, which provided enhanced protection […]

Comments Off

Category: Applications IAM     Tags:

Consensus on the Future of Standards-Based Provisioning and SPML

by Mark Diodati  |  August 20, 2010  |  Comments Off

I had the honor of facilitating the Standards-Based Provisioning Special Interest Group at this year’s Catalyst conference. The participants believe that standards-based provisioning is at a crossroads and wish to publish the following statement. The statement is based upon our conversation; all of the participants have reviewed it.  I hope that the perspectives of these […]

Comments Off

Category: Cloud IAM     Tags: