by Mark Diodati | July 2, 2012 | 1 Comment
Last week, US-CERT published a vulnerability note on the Simple Certificate Enrollment Protocol (SCEP). The vulnerability was reported by Certified Security Solutions, a consulting company with extensive Windows and PKI deployment experience. The company’s summary of the vulnerability is here. This vulnerability—when combined with two additional pieces of information—enables an attacker to impersonate another user [...]
Category: Authentication Cloud IAM Mobility Tags:
by Mark Diodati | June 27, 2012 | Comments Off
You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars [...]
Comments Off
Category: Authentication IAM Mobility Uncategorized Tags:
by Mark Diodati | May 7, 2012 | 2 Comments
Recently, I had the opportunity to talk with Sharon Epperson (CNBC/Today/NBC News). She was preparing for a Today show segment on the security of mint.com. I address this topic in my 2011 FFIEC authentication guidance document. Mint.com is Quicken for the cloud era. Like Quicken, it enables the analysis of personal financial data, including banking, [...]
Category: Authentication IAM Tags:
by Mark Diodati | April 20, 2012 | Comments Off
I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about: NFC’s moving parts Impending demand from your users NFC’s potential for access to buildings and applications Missing ecosystem components The next revolution in mobility is coming: it is near field communication [...]
Comments Off
Category: Applications Authentication Cloud IAM Mobility NFC Tags:
by Mark Diodati | April 12, 2012 | Comments Off
The topic of the secure distribution of one-time password (OTP) secrets recently surfaced again as part of our ongoing mobility research. Many organizations make the classic distribution mistake; they couple a weak identity proofing mechanism with the deployment of stronger authentication systems1. In our research, I call this an “impendance mismatch”. For example, if an [...]
Comments Off
Category: Authentication IAM Mobility Tags:
by Mark Diodati | February 19, 2012 | Comments Off
Industry analysts discuss emerging concepts and current events with journalists. We are misquoted more than you might think (or we would like). Sometimes the misquote is minor. On occasion, the statement attributed to us differs materially from our original statement; we are inclined to speak out and make a correction. Misquotes can be the result [...]
Comments Off
Category: Authentication IAM Mobility Tags:
by Mark Diodati | June 6, 2011 | Comments Off
Quest is actively building out its identity management product portfolio. Some notable acquisitions: Vintela (Active Directory Bridge – 2005) Völcker Informatik AG (provisioning/access governance – late 2010) e-DMZ Security—privileged account management – early 2011) Today, Quest announced the acquisition of Symlabs, a vendor with virtual directory and federation products. In its early days, virtual directories [...]
Comments Off
Category: Cloud IAM Uncategorized Tags: Catalyst-NA
by Mark Diodati | September 16, 2010 | Comments Off
The document referenced in my prior posts about the Arcot and VMware acquisitions (http://blogs.gartner.com/mark-diodati/2010/08/30/ca-technologies-to-purchase-arcot/ and http://blogs.gartner.com/mark-diodati/2010/08/31/vmware%e2%80%99s-purchase-of-tricipher/) is now published (subscription required). Here is the document description: In this assessment, Research Director Mark Diodati evaluates the abilities of off-the-shelf directory services and federation technologies that solve the increasingly prevalent provisioning and authentication challenges for cloud-based applications. Product [...]
Comments Off
by Mark Diodati | August 30, 2010 | Comments Off
I’ve been following the evolution of Arcot Systems for twelve years. I became aware of them as a potential competitor (and acquisition target) while working at RSA, and I’ve kept up with them in my role at Burton/Gartner. I’ve seen the evolution of its products beginning with its innovative “Camouflage” technology, which provided enhanced protection [...]
Comments Off
Category: Applications IAM Tags:
by Mark Diodati | August 20, 2010 | Comments Off
I had the honor of facilitating the Standards-Based Provisioning Special Interest Group at this year’s Catalyst conference. The participants believe that standards-based provisioning is at a crossroads and wish to publish the following statement. The statement is based upon our conversation; all of the participants have reviewed it. I hope that the perspectives of these [...]
Comments Off
