Play fair... or they'll come after your secrets

Chris McClean

I’m not usually one for ‘this-could-happen-to-you’ stories, but I’m still having trouble getting over last month’s story about grocery giant Tesco having to turn over 11 million emails to the UK’s Competition Commission for their investigation into possible anti-competitive practices against its suppliers.

Read more

Role Management and eSSO vendors - a call for action

Andras Cser

Part of a successful Identity Management (IdM) project is a successful role discovery and mapping phase. Many organizations -- after having mapped and optimized their business processes -- turn to role design and management solutions (VAUU RBACx, BHOLD, Oracle's BridgeStream, and others). While these solutions give a great initial insight into the existing role structure, they are not the only source of role interrelationship information. Role design can build

on

many other sources: demographics mined from helpdesk tickets from users requesting access, job descriptions, quality management systems (it certain cases this is wishful thinking...), and increasingly from Enterprise or Desktop eSSO solutions (PassLogix, ActivIdentity, CA). eSSO solutions store multiple login credentials for users to multiple applications. As such, extracting account linkage, mapping and correlating user IDs between user repositories based

on

access information built by end-users is much more reliable than any artificial role mining logic, usually based

on

Read more

CIOs Entitlement Management Worries

Andras Cser

While I was looking through current offerings in Entitlement Management (EM), I was struck with the questions that will likely be the next logical thoughts in the CIO’s mind after they are sold on the obvious ROI of an EM solution.

Read more