Showing results for "0":
Talkin’ ’bout AWS and Identity
by Mark Diodati | March 2, 2017
Amazon Web Services is an amazing platform. It makes impossible computing challenges, well, possible. It is one of only two “up and right quadrant” providers in Gartner’s IaaS Magic Quadrant—and is farthest up by a country mile. Amazon broke out AWS’ revenue for the first time last year and it was a whopping $6B. This […]
Making the Right Identity Choices for Azure AD and Office 365
by Mark Diodati | March 1, 2016
Based upon a recent survey, 62% of Gartner’s clients plan to migrate to or implement Office 365 in the next few years. And if you are using Office 365, you are relying upon the identity management functions within Azure Active Directory. But Azure AD is so much more than Office 365’s identity backbone. It is […]
Mobile Device Certificate Enrollment: Are You Vulnerable?
by Mark Diodati | July 2, 2012
Last week, US-CERT published a vulnerability note on the Simple Certificate Enrollment Protocol (SCEP). The vulnerability was reported by Certified Security Solutions, a consulting company with extensive Windows and PKI deployment experience. The company’s summary of the vulnerability is here. This vulnerability—when combined with two additional pieces of information—enables an attacker to impersonate another user […]
RSA SecurID, Crypto, and Satan’s Computer
by Mark Diodati | June 27, 2012
You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars […]
It’s … Minty
by Mark Diodati | May 7, 2012
Recently, I had the opportunity to talk with Sharon Epperson (CNBC/Today/NBC News). She was preparing for a Today show segment on the security of mint.com. I address this topic in my 2011 FFIEC authentication guidance document. Mint.com is Quicken for the cloud era. Like Quicken, it enables the analysis of personal financial data, including banking, […]
The Next Revolution In Mobility: Near Field Communication
by Mark Diodati | April 20, 2012
I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about: NFC’s moving parts Impending demand from your users NFC’s potential for access to buildings and applications Missing ecosystem components The next revolution in mobility is coming: it is near field communication […]
OTP Systems And Mobile Devices: Don’t Make The Biggest Implementation Mistake
by Mark Diodati | April 12, 2012
The topic of the secure distribution of one-time password (OTP) secrets recently surfaced again as part of our ongoing mobility research. Many organizations make the classic distribution mistake; they couple a weak identity proofing mechanism with the deployment of stronger authentication systems1. In our research, I call this an “impendance mismatch”. For example, if an […]
Dialoguing about SCIM
by Mark Diodati | February 23, 2012
Gartner’s Identity and Privacy Service (IdPS) has closely tracked provisioning standards since 2003. I published our first research document on Service Provisioning Markup Language (SPML v2) in early 2006. Additionally, I published a realistic assessment of developing an SPML service in early 2010. A few months later, I worked with industry leaders to publish a […]
Commentary on Centrify’s new MDM product
by Mark Diodati | February 19, 2012
Industry analysts discuss emerging concepts and current events with journalists. We are misquoted more than you might think (or we would like). Sometimes the misquote is minor. On occasion, the statement attributed to us differs materially from our original statement; we are inclined to speak out and make a correction. Misquotes can be the result […]
Déjà Vu – The Sykipot Attack on Smart Cards
by Mark Diodati | January 15, 2012
Kelly Jackson Higgins at Dark Reading provides an excellent summary of the Sykipot malware variant attack on smart cards. The malware opens the smart card and uses it for private key signing functions. Signing functions are the backbone of public key technology—they enable users to authenticate to mutually authenticated SSL and Microsoft Windows sessions, for example. […]
TRENDING TOPICS
Who's Blogging
- Andrew White
- James Mcgovern
- Anthony Bradley
- Kirsten Newbold
- Robert Hetu
- Andrew Lerner
- Mark Raskino
- Anton Chuvakin
- David Yockelson
- Martina Kurth
- Hank Barnes
- Ilona Hansen
- Todd Berkowitz
- Craig Roth
- Jennifer Polk
- Jessica Ekholm
- Manjunath Bhat
- Adam Ronthal
- David Norton
- Noah Elkin
- Rajesh Kandaswamy
- Augusto Barros
- Nick Heudecker
- Merv Adrian
- Anna Maria
- Cindi Howson
- Michael Maoz
- Stephen White
- Jack Santos
- Augie Ray
- Hanns Koehler
- Simon Walker
- Elizabeth Shaw
- Ewan Mcintyre
- Juergen Weiss
- Avivah Litan
- Jay Heiser
- John Kostoulas
- Melissa Hilbert
- Chris Ross
- Tad Travis
- John Wheeler
- Jake Sorofman
- Frank Buytendijk
- Homan Farahmand
- Steve Crawford
- Jason Wong
- Bryan Yeager
- Martin Kihn
- Marty Resnick
