Gartner Blog Network

Mark Diodati
Research VP
6 years at Gartner
21 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include mobility, authentication, cloud idenitity, federation, directory services, provisioning, identity services, Active Directory interoperability, Web access management…Read Full Bio

Quest Acquires Symlabs

by Mark Diodati  |  June 6, 2011

Quest is actively building out its identity management product portfolio.  Some notable acquisitions: Vintela (Active Directory Bridge – 2005) Völcker Informatik AG (provisioning/access governance – late 2010) e-DMZ Security—privileged account management – early 2011) Today, Quest announced the acquisition of Symlabs, a vendor with virtual directory and federation products. In its early days, virtual directories […]

Read more »

The Seed and The Damage Done: RSA SecurID

by Mark Diodati  |  June 2, 2011

The fallout from the March attack on RSA has arrived. Per the news agencies—and the excellent blog post by Bob Cringely—several large defense contractors (Lockheed Martin, L-3, and potentially Northrop Grumman) were attacked using the information stolen in the March attack. The tokens associated with the stolen information should now be considered compromised. Recent events […]

Read more »

SCIM and the Future of Standards-Based Provisioning

by Mark Diodati  |  May 6, 2011

Here at Gartner/Burton Group, we have been closely tracking identity standards—including Service Provisioning Markup Language (SPML)—since 2003. The standard has some serious flaws, which we have articulated in our research documents and blog posts. In the summer of 2010, the participants at the Gartner Catalyst Conference Standards-Based Provisioning Special Interest Group issued a consensus statement […]

Read more »

Perspectives on OTP Authentication and Migration

by Mark Diodati  |  April 1, 2011

At last measurement, authentication dialogues were 25% of the total number of dialogues in our Identity and Privacy Strategies service. A common dialogue request goes something like this: “We have a one-time password (OTP) authentication solution. We want to evaluate another vendor’s lower cost OTP solution, or a smart card solution for physical and logical […]

Read more »

RSA SecurID: What If?

by Mark Diodati  |  March 22, 2011

While we wait for more information from RSA about the recent attack on its SecurID tokens, I’d like to revisit a potential attack vector that I discussed in my first blog entry on the topic (March 18). The OTP device’s seed and the serial number are present during the manufacturing process. What if the OTP […]

Read more »

SecurID Redux

by Mark Diodati  |  March 21, 2011

After writing about the recent SecurID attack on Friday, I began thinking about the utility of the SecurID symmetric keys (AKA “seeds”) in the hands of the attacker. Specifically, what would the attacker need in order to leverage these seeds to access protected resources? I must emphasize that RSA has (at this point) not stated […]

Read more »

Just What Happened to SecurID?

by Mark Diodati  |  March 18, 2011

As I write this, RSA has announced it experienced an attack on its RSA SecurID one-time password (OTP) products. You can see Art Coviello’s letter to RSA’s customers here. The letter is very light on the nature of the attacks and what was stolen. In the interest of full disclosure, I worked at RSA for […]

Read more »

UNIX Security and the New sudo

by Mark Diodati  |  March 4, 2011

One of the research topics that I am responsible for is UNIX1 security. Very early in my career, I grew to love awk, sed, and the Korn shell. While working out, I listen to Korn, too (That Korn/Korn coincidence never gets old for my sys admin buddies – these pictures are hanging in many enterprise […]

Read more »

Don’t Call It a Comeback …

by Mark Diodati  |  January 25, 2011

“I been here for years”.  Admit it, the first thing that pops into your mind when hearing LL Cool J’s magnum opus is the hardware storage module (HSM). The HSM is traditionally leveraged for x.509 certificate deployments in high identity assurance use cases. The HSM protects the certificate authority’s (CA) private key in a tamper-resistant […]

Read more »

Rethinking Identity Management: Time to Erase the Tape?

by Mark Diodati  |  January 10, 2011

There’s a story that goes along with ‘Where the Streets Have No Name”, the opening track of U2’s “The Joshua Tree”. The song seamlessly melds a wonderful introduction–which has a 6/4 time signature—into the body of the song, which is in 4/4. The recording process got so onerous that progress was slow. Very slow. Brian […]

Read more »