Gartner Blog Network

Mark Diodati
Research VP
12 years at Gartner
27 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include IoT, IaaS, authentication, hybrid and cloud identity, and API identity service (e.g., OAuth, OpenID Connect and SCIM).Read Full Bio

New Research: IoT Platforms, Devices and Identity Management

by Mark Diodati  |  November 2, 2017

New Research: IoT Platforms, Devices and Identity Management Gartner just published my latest research note. It focuses on the intersection of the IoT platform and identity management—for both devices and users. This note attempts to answer some popular questions from our clients, including: How do I establish and maintain device trustworthiness? Before you can rely […]

Read more »

The Gartner 2018 IAM Planning Guide Is Here!

by Mark Diodati  |  October 5, 2017

October is the month for candy corn and paper-bagged tricks on front stoops. And the release of Gartner’s IAM planning guide! The 2018 Planning Guide for Identity and Access Management contains four technical planning trends informed by our two principal research endeavors.  We derived insights from our 1,000 hours of client interaction over the past […]

Read more »

iPhone X, NFC and Authentication: What Does It All Mean?

by Mark Diodati  |  September 14, 2017

It seems like everyone is focused on this week’s iPhone announcement. I will not be buying one anytime soon, due to the expected price tags of the iPhone 8 and X. But the new NFC support caught my attention. I’ve been waiting for years for iPhone support of user authentication via NFC (near-field communication). Here’s […]

Read more »

Talkin’ ’bout AWS and Identity

by Mark Diodati  |  March 2, 2017

Amazon Web Services is an amazing platform. It makes impossible computing challenges, well, possible. It is one of only two “up and right quadrant” providers in Gartner’s IaaS Magic Quadrant—and is farthest up by a country mile. Amazon broke out AWS’ revenue for the first time last year and it was a whopping $6B. This […]

Read more »

Making the Right Identity Choices for Azure AD and Office 365

by Mark Diodati  |  March 1, 2016

Based upon a recent survey, 62% of Gartner’s clients plan to migrate to or implement Office 365 in the next few years. And if you are using Office 365, you are relying upon the identity management functions within Azure Active Directory. But Azure AD is so much more than Office 365’s identity backbone. It is […]

Read more »

Mobile Device Certificate Enrollment: Are You Vulnerable?

by Mark Diodati  |  July 2, 2012

Last week, US-CERT published a vulnerability note on the Simple Certificate Enrollment Protocol (SCEP). The vulnerability was reported by Certified Security Solutions, a consulting company with extensive Windows and PKI deployment experience. The company’s summary of the vulnerability is here. This vulnerability—when combined with two additional pieces of information—enables an attacker to impersonate another user […]

Read more »

RSA SecurID, Crypto, and Satan’s Computer

by Mark Diodati  |  June 27, 2012

You may have read about two recent vulnerabilities associated with RSA authentication products. Last month, a researcher specified how to copy a SecurID software token from one computer to another, which can enable an impersonation attack (Ars Technica). This week, researchers described a way to decrypt data encrypted with a SecurID smart card (again, Ars […]

Read more »

It’s … Minty

by Mark Diodati  |  May 7, 2012

Recently, I had the opportunity to talk with Sharon Epperson (CNBC/Today/NBC News). She was preparing for a Today show segment on the security of mint.com. I address this topic in my 2011 FFIEC authentication guidance document. Mint.com is Quicken for the cloud era. Like Quicken, it enables the analysis of personal financial data, including banking, […]

Read more »

The Next Revolution In Mobility: Near Field Communication

by Mark Diodati  |  April 20, 2012

I want to welcome you to a multi-post discussion about near-field communication (NFC). Over the next few blog posts, I will be talking about: NFC’s moving parts Impending demand from your users NFC’s potential for access to buildings and applications Missing ecosystem components The next revolution in mobility is coming: it is near field communication […]

Read more »

OTP Systems And Mobile Devices: Don’t Make The Biggest Implementation Mistake

by Mark Diodati  |  April 12, 2012

The topic of the secure distribution of one-time password (OTP) secrets recently surfaced again as part of our ongoing mobility research. Many organizations make the classic distribution mistake; they couple a weak identity proofing mechanism with the deployment of stronger authentication systems1. In our research, I call this an “impendance mismatch”. For example, if an […]

Read more »