Ugggh....last week we were reminded of how social media platforms are vulnerable to identity security problems. Two colleagues of mine were hacked in the twitter and an add was posted to my facebook account via cross-posting feature in Facebook (I love uggh boots, I just didn't plan on advertising them on my Facebook account. More about this later). One of the powerful aspects of social media sites is the extended conversation that users can have with their friends, colleagues and communities that participate. However, if social media sites don't work more aggressively to thwart security holes in their platforms they will undermine the credibility and trust they have worked hard to gain with the mobile IT generation. This is not a new problem.
The twitter hack is not a new one and in the short term can be rectified by changing one's password immediately. However, with the simplicity of being able to acquire the password there seems to be a problem that the twitter team needs to plug immediately. I have severely restricted my link clicking activities as a result of these vulnerabilities and tell family members not to click links when possible. However, this takes the fun out of getting access to content quickly or participating in events that are happening immediately (e.g. conferences, concerts, etc.).
As for the cross posting via Facebook, first let's talk about what constitutes cross-posting. Cross-posting is a great feature if used properly. It is a way for you to post to wider groups of people and this is useful as communities sometimes do not always overlap. Simply put, it is where a bot or user puts a comment in a blog that has been posted to Facebook or other social media site. Because a trust relationship has been established between the post and social media site comments are "retweeted" to the social media site it has been published.
I have three options to ensure that this does not happen in the future. One, do not post/share blog entries on Facebook; two, remove the trust relationship from Facebook to my blog; three, review all comments before allowing to be published to my blog. All of them are not good options. I will probably choose the third because it allows me to still share my blogs with my friends on Facebook but yet maintain some level of control over what is "retweeted" to my friends. Each of the blogging platforms allows a different level of control and easy access to the social media platforms so investigate and determine which is best for you.
Lastly, here is a quick overview of the top 8 social media hacks as of August, 2009 by Michael Eggebrecht from CIO Zone (thanks for the great picture top left). He outlines the top 8 social media hacks so far (e.g. Koobface, Twittercut, Best Video, etc.). If you are not reading Mashable already then I suggest taking a peruse as they have great coverage of different events and issues associated with this emerging space.
DSEE 7.0 is available for download today here with new documentation here. The critical document you want to look at is the upgrade and migration guide here.
Directory Server Enterprise Edition 7.0 Boosts Speed and Performance:
Considered one of the best extranet LDAP Directory Servers in the market today, the latest version of Directory Server Enterprise Edition allows enterprises to accelerate growth in a simplified way, improve performance and lower total cost of ownership. Directory Server Enterprise Edition 7.0 has been optimized to improve performance by more than three times when compared to its predecessor. In addition, this release provides innovations that improve authentication and modification performance by 60 percent, allowing customers to accelerate their applications without changing one line of code.
What's New with Directory Server EE 7.0
• Boosts speed and performance: DSEE 7.0 has been optimized to improve performance of some operations by more than 3x the current version. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. • Reduces Total Cost of Ownership– Reduce cost by using the only solution in the market that provides customers with a directory server, virtual directory, proxy server, web console and Active Directory synchronization tool-kit under a single license. • Hassle Free Upgrade – DSEE 7.0 provides a simple upgrade path and provides 5x performance improvement in data import times, thereby reducing migration costs.
You can see a webinar we did recently on DSEE 7 and Role Manager 5 on why this release is important to your business and how this can help your company meet growth goals and reduce your total cost of ownership.
I recently attended Gartner IAM in San Diego and the topic of Cloud Computing permeated the titles of presentations throughout the conference. Eric Sachs, from Google gave a good presentation on applying IAM principles to applications in the cloud. RSA talked about network based security detection for companies leveraging the cloud. You might even argue, depending on your definition of the cloud, that Matthew Modica's talk on using Sun Role Manager at Express Scripts was about using role management to help provide better security to cloud based services. However, despite the good content and dialogue it seems that there is still some room for clarification as this space evolves. The one thing that seemed obvious was that performance requirements for IAM infrastructure is going to continue to grow and be tested by this evolving space.
At Sun, we worry about performance requirements every day as our customers push our existing technologies with demanding performance requirements. Directory Server Enterprise Edition with it's more than 10 years of experience in the market has had to deal with cloud based architectures in a number of ways. However, before we talk about how they intersect it is prudent for us to define the different types of clouds (prudent because there is still controversy over the definition of clouds). According to Wikipedia there are three different types of clouds: Public, Hybrid and Private.
Directory Server Enterprise Edition (DSEE) provides infrastructure for companies that primarily use private and hybrid clouds. In both the private and hybrid environments, these cloud based architectures reside in large enterprises using Directory Server to provide an authentication service for a portal and collaboration platforms for customer, employees and partner's. Additionally, Telco's and service providers have used DSEE to provide the identity backbone for private and hybrid clouds. In these deployments DSEE is used as the access and authentication layer and OpenSSO as the single-sign-on, federation or web services security layer. However, the most common use case that we see today is enterprises using DSEE as the identity backbone for the hybrid cloud environment. This is where companies are using federation or web services security on top of Directory Services to leverage Public Cloud services to extend the services they offer customers, employees and partners.
At the very least these architectures in cloud computing are pushing performance beyond traditional levels. This is also why we have seen a resurgence in interest in Directory Services. The Directory Server and specifically Sun's Directory Server Enterprise Edition provides proven performance that enterprises can rely on as they build, experiment and deploy these new services. We continue to push our existing products and new versions of the product to get the best performance out of the platform. Terry Gardner, building off the great work Brad Diggs has done, recently published an example of this in his blog post to report performance results on a 13,800,000 user Directory using DSEE 5.2, Solaris 10 Update 7 using ZFS and Sun Netra x4250. The deployment provided some impressive performance results below (taken from Terry's Blog here):
8,000 searches per second with simultaneous updates
maximum 800 milliseconds for any single search
minimum 70% CPU utilization (usr+sys)
As DSEE 7 is available for download today (here) with 3x performance improvements it is worth remembering the strong foundation and history DSEE 7 follows. I look forward to sharing with you over the next several months the performance figures of proven deployments as customers use DSEE 7. These future architectures that drive performance whether they be to serve private or hybrid clouds or critical enterprise collaboration platforms will continue to drive us at Sun to produce the best proven performance directory server on the planet.
The Sun Identity Management team will be giving a webinar next Wednesday to discuss the very important topic of Identity Management and healthcare. As the healthcare legislation moves through congress the increase of 36M patients on healthcare providers, insurance companies, and patients will be profound. The cost savings projected by the bills will rely on IT systems to provide increased access to information to drive productivity gains. As we have seen with recent high profile identity security breeches at hospitals identity security is critical in making sure the right people have access to the appropriate information, that information must be shared with all members of the value chain securely.
Sun's Identity Management Suite provides a powerful package of solutions to help with storing identity information with Directory Server Enterprise Edition; managing authorization, federation and web services security with OpenSSO; providing provisioning solutions with Identity Manager; and, defining and managing role based access control with Role Manager.
Join this free Webinar to learn how Sun's identity management solutions can help your organization to:
Automate management of digital identities for other providers, patients, physicians, clinicians, and payors Provide single sign-on (SSO) and secure federated access to privacy-regulated healthcare information while adhering to strict mandates
Comply with the Health Insurance Portability and Accountability Act (HIPAA), internal security policies, and corporate governance policies with complete auditing and reporting capabilities
Sun identity management solutions make it easier for healthcare organizations to manage and share digital information.
SAVE THE DATE - Wednesday, December 2, 2009 Sun Identity Management User Group Session Grammercy Park Room Sun Microsystems, 101 Park Avenue, New York, NY
The Sun Identity Management User Group will meet for its next session at Sun Microsystems, 101 Park Avenue, New York, NY on Wednesday, December 2, 2009.
We are still finalizing the agenda and I will publish in this blog as soon as it is ready.
This week Google launched a new service called Google Dashboard which can be found in the account settings in top right hand corner under "personal settings". The service is a great idea for a couple of reasons. One, it served as a reminder (at least to this user) of all the services that I had actually signed-up for from Google over the years. Which given the pace of their innovation and continuous beta approach and my propensity to try new things in the technology space was quite a few. The second reason and arguably the most important was that it offered you the link to go and manage your privacy settings from the dashboard to the services you have subscribed. This is critical and important for those customers and users that are interested in actively managing their identity at Google. Here are the reasons why!
In the world of Web 2.0, Mashups and Federation business's are constantly stitching together different applications to provide value to customer's and consumer's. Organization's need to give user's control of their privacy setting's to allow them to control what information they share when and where on the internet. Most user's don't mind providing the information or more likely are unaware of what they are sharing. This is why the Google Dashboard feature is a powerful tool for user's to improve their security. The ability to access these privacy setting's existed in each of the services that Google offered. However, as I mentioned above, I had forgotten about all the different services I had signed up for within Google Land. This consolidation in one spot, gave me information, power and most importantly choice in one spot making my ability to make better decisions about how my identity is managed on the internet.
Facebook has learned this lesson and has done a lot to put the power in user's hands of controlling how applications user their information. I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means. You can join the Facebook Security Fan Page to get updates on different steps they are taking to improve the choices users have to manage their identity data. Another great step they have taken is also in the user experience they provide users in the pages that manage services and privacy by providing contextual help for users. Big improvements that contribute to better user decision making.
Next week, Nov. 9-11, the Identity Management Team travels down to Gartner Identity Access Management conference to showcase two of our latest releases DSEE 7 and Role Manager 5. Gartner IAM is a great event because it not only gather's together experienced practitioners in the identity management space but has a number of events that are small enough that you can have quality conversations about real problems. Last year, Verizon presented at this conference on the Directory and OpenSSO implementation that serves 50M users. The presentation is a great example of the proven expertise that Sun brings to Identity Management and the proven extranet scale our products can support---not a marketing benchmark.
Our team has taken a different approach to this even this year and we are participating in Gartner's Learning Lab's. Vendors, customer's and identity specialists are encouraged to come-by in a classroom style and learn about specific problem's Sun's product, partner's and customer's are using to solve their identity business problems. This is crucial today as the cost of failure or doing nothing rises exponentially. The best way to ensure success is to learn from real-world implementations not marketing based slideware presentations. This is why we have assembled not just the product teams but partners and real customer's to share their experience in these "learning labs".
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the Hard Rock Rooftop bar for drinks and conversation. The first 50 people get a wristband for free drinks. Identity management isn't hard so come to the Hard Rock to find out how to make it easy!
Gartner IAM Sun Schedule
Monday, Nov 9th
Learning Lab:
12:40 - 1:05pm “Increase Speed &
Performance while reducing TCO with Sun Directory Server Enterprise
Edition” Speaker: Nick Wooler, Sr Product
Manager – Sun Microsystems
1:05 - 1:30pm “Changing the Rules of
the game; Raising the bar with Rule Life-cycle Management and
closed-loop remediation” Speaker: Neil Gandhi, Sr Product
Manager – Sun Microsystems
1:35 - 2:00pm "IAM Governance,
Risk and Compliance -- the future of IAM", Speaker: Sachin Nayyar, President -
BrinQa
2:05 - 2:30pm "Enterprise Single
Sign On for Sun Identity Management", Speaker: Stephane Fymat, VP of Strategy
and Product Management - Passlogix
12:30 - 2:30pm Mat Hamlin showcasing Identity
Manager
Tuesday, Nov 10th
Learning Lab:
12:10 - 12:35pm “Role based user
provisioning; using business roles for identity life-cycle management
and identity auditing”, Speaker: Mat Hamlin, Sr Product
Manager, Sun Microsystems
12:35 - 1:00pm “Three tough
challenges, one powerful solution: OpenSSO for web access management,
federation and Web services security”, Speaker: Daniel Raskin, Chief Identity
Strategist – Sun Microsystems
1:05 - 1:30pm "Privileged
Identity Risk Management: Mitigating the Insider Threat", Speaker: Richard Weeks, VP of Channels
and Business Development, Cyber-Ark
1:35 - 2:00pm "The WHO behind the
WHAT: Arcot Authentication and Sun OpenSSO Enterprise " Speaker: R 'Doc' Vaidhyanathan, Chief
Product Officer - Arcot
Sun Booth:
12:00 - 2:00pm Nick Wooler, showcasing DSEE
12:00 - 2:00pm Neil Ghandi, showcasing Role
Manager
Yesterday, Neil Ghandi, Matt Hamlin, Etienne Remillon and I gave a quick overview of what is new in Directory Server Enterprise Edition 7 and Role Manager 5. Here are just a few of the great highlights that were discussed during the presentation. Of course, you can get the full video embeded below. Lastly, if you are interested in seeing more events like this you can go to the webinar site here.
You can download the slides here. You can download the video here.
Sun's Identity Team have been busy over the summer! On Oct. 9, 2009 the Identity Management Team announced the release of Directory Server Enterprise Edition 7 and Role Manager 5. Next Wednesday, Oct. 21 at 8:00am PT, Neil Ghandi (Role Manager Technical Product Manager) and I will be giving an overview of some of the great features that exist in the new releases. Here are a couple of highlights:
What's New with Directory Server EE 7.0
• Boosts speed and performance: DSEE 7.0 has been optimized to improve performance of some operations by more than 3x the current version. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. • Reduces Total Cost of Ownership– Reduce cost by using the only solution in the market that provides customers with a directory server, virtual directory, proxy server, web console and Active Directory synchronization tool-kit under a single license. • Hassle Free Upgrade – DSEE 7.0 provides a simple upgrade path and provides 5x performance improvement in data import times, thereby reducing migration costs.
What's New with Role Manager 5.0
• 360 Degree View of Assigned Access – A unified view of data related to user access that empowers reviewers to make more intelligent decisions concerning users access. • Closed-loop Remediation – A complete end-to-end solution for reviewing user access and removing inappropriately assigned access. • Rule Life-cycle Management – The first solution for managing the complete life-cycle of role assignment and SoD audit rules.
Interested in hearing more? Interested in hearing more about the release and what business problems it solves for your enterprise? Register here for the Webinar here:
Topic:
Improve Compliance, Access Controls, and Performance with Sun's Latest Releases of Role Manager and DSEE
If you haven't noticed, Oracle published this ad to Sun Customer's today in the Wall Street Journal. Just in case you missed it, you can see it here. As an ex-coach and former water polo player, the quote resonates. The Directory Server Enterprise team continue to deliver. Watch this space as we get ready to release DSEE 7.0.
Our very own, Ludo Poitou will be presenting with other luminaries in the identity industry at The 2nd.International conference on LDAP, LDAPCon 2009 will be held on September 20th and 21st at Waterfront Marriot Hotel , Portland OR, USA.
LDAP is gaining renewed attention as the identity repository for enterprise, telco's, global partner networks, healthcare and education institutions. The LDAP repositories have been faced with massive growth over the last five years and the performance and availability they have come to rely upon is being tested.
New requirements driven by the growth of users, the explosion of security requirements imposing more "writes" and the access to web services security and policies are forcing LDAP experts to look at new innovations.
You should attend, if you want to be apart of hearing how LDAP experts are innovating and addressing these business and technical challenges. If you haven't registered yet, please register NOW here!
The registration fee includes access to the LinuxCon 2009 (Sep 21 - 23), and if you still need to be convinced that it's worth attending, you can check the agenda here.
This is going to be a fun week for three simple reasons. One, we are releasing the next version of the OpenDS SE product this week continuing to prove that Sun is an innovation company. Two, Burton Catalyst is this week in San Diego and the Identity Management team will be there to listen, learn and evangelize. Three, the US Water Poloteam enters the medal round of the FINA World Championships.
First, the latest release of OpenDS contains three innovations that are important to customers that need a high performance directory server in their identity architecture. Identity architecture's are evolving. The traditional arguments of choose a directory purely because of it's read performance will not suffice as identity data is being updated by multiple applications to meet security and policy requirements. This does not mean that read performance and stability are still the critical requirement it just means that the pendulum is swinging to include more read performance. This is why we are excited about the early performance testing results that we are seeing in OpenDS with 14,000 writes per second. Here is a link to some other performance testing data on the Nehalem platform for those of you that like to get into the weeds.
Second, Burton Catalyst is happening this week in San Diego. This conference is always a favorite as they do a great job of attracting real identity and security practitioners in one location. This allows for a real exchange and learning experience for all of us that that want to move identity security forward. If you haven't done so already and want to attend here is the information.
Lastly, the US Water Polo team made it out of the preliminary round into the elimination round and will play on Tuesday at 21:00 CET. This will be at 12:00pm PT. I have been watching the games I can and the highlights on Universal.com. This is where the internet shines and changes the world. It is so powerful that those of us that support sports like water polo, swimming, etc can not consume the content we want via sites like NBC Universal when traditionally the mainstream media could not afford to distribute this content. The internet has provided that low cost channel. Sun Microsystems helped provide the technical platform for NBC Universal during the Olympics and it was a huge success. I am not sure if Sun is helping with the FINA World Championships but I am still supporting the site. I hope you will as well.
Identity management in government is a very important topic as it crosses a number of domains. There are a number of issues as government's across the world pursue e-Government initiatives. Norway is a great example as they have launched a portal to allow citizens to opt into services that they wish to consume from the government (e.g. postal, doctor, etc.). The government portal in Norway uses OpenSSO. This is only one of the ways in which Sun is helping governments further information sharing and reduce the cost of providing citizens and organizations the services they need to be successful.
If you are interested in hearing more about the different way's Sun can help governments help solve Identity Management issues such as the following, please attend the following webinar.
Secure control over information access by dynamic and diverse user populations
Single sign-on and identity federation for seamless operations across multiple IT environments
Automated provisioning and deprovisioning to reduce costs
Delegrated and self-service account management to improve the user experience
Auditing and reporting to meet internal security and compliance requirements
I wanted to pass along a quick note about an upcomming webinar on Directory Services which will be held Wednesday, May 20. The webinar will cover how to reduce cost and improve the speed and performance of your enterprise using directory services. The conversation will go over the following:
How to use save cost by consolidating identity sprawl in your enterprise
How to meet agressive time-lines on a merger and acquisition
How to federate faster with virtual directories
If you are interested, please sign-up here. Even if you are not able to attend, registering will give you access to the replay.
If you attend and want to see what I look like, the picture to the left was captured at the European Identity Conference by the very serious people at the Daily Mail the bastion of great journalism in the UK.
At this very moment, every company on the planet is trying to find ways to reduce cost. A creative and innovative member of the Directory Server team at Sun has come up with a way to do just that using the iPhone and LDAP. I am about to plagiarize from Ludo's blog post located here so please read it for more detail on how Anton put this solution together. I am going to focus on the business angle of this important innovation using LDAP. Again, I hope David Kearns is reading because this is really what "Pimping Your Directory" is all about.
More and more companies are having to support mobile workforces or employees that work a portion of their time at home. Sun has been one of the leaders in this space. Not only does it improve productivity but it gives knowledgeworkers more empowerment thus improving their quality of work and life and thus loyalty to the company that employs them. However, the tools that support these workers have been slow to catch-up. Company Directories are a good example. How many times do employees call the 1-800 number to get an employee number to make a phone call on the road? As a consultant, I used to do this all the time. As a Sun employee, I have used this feature more than once while traveling to different trade shows, between offices, etc. This ties up valuable resources who could be routing real customer calls! I have realized this paradox but when you have to get something done you go through the path of least resistance. And, let's face it voice portals have not replaced human beings in either efficiency or effectiveness.
Here is where the innovator at Sun, Anton Bobrov, filled the gap. The Sun IT and Directory Teams recognized this gap a long time ago and placed a limited version of the employee directory outside the firewall. It is a great tool if you have a web browser and don't want to VPN into the network. However, Anton realized there was a better solution via the iPhone. He has developed an iPhone App that is an LDAP browser that allows employees to connect to this Directory outside the firewall and quickly search, find an employee and make the phone call from one device. My vote for iPhone App of the Year would be for the LDAP app by Zen and our very own Anton Bobrov.
The Business Case
So hypothetically, using Company A with 33,000 employees as an example, imagine 5% of employees have an iPhone. Imagine that same 5% make one phone call a week or 52 calls per year to the 1-800 number to get a phone call. Imagine each call takes 2 min of productivity away from the call center employee then this simple application could save approximately 2,860 hours. Put another way this is 1.43 FTE per year worth of productivity.
Number of Employees
33,000 Employees
Percent that have iPhone
5% Employees
Number of Employees with iPhone
1,650 Employees
Number of calls made per year to 1-800 per week by one employee
52 calls per year per employee
Total number of calls made in a year
85,800 calls per year
Total number of hours taken (avg time per search 2 min)
2,860 hours
Number of Employees Needed to Cover this Task (50 weeks * 40 hours)
1.43 FTE's
Please see Ludo's blog for more detail on how the app works and what Anton did to build it. His bog is located here.
How do you get it?
Go to the App Store and seach "LDAP". You want to download the Zen version for $3.99. Refer to the cost savings table above if you balk at the price. Here are the configuration details for Sun's directory, as described in Ludo's blog here.
Here's the settings that I've used (once you've installed the Directory application, there is a "Directory" section in the Settings application).
Identity: cn=John Smith (12345),ou=people,dc=sun,dc=com
[your Sun ID should be enclosed in brackets and watch the spaces]
Password: My Sun password
LDAP: book.sun.com
(Keep the remaining untouched).
How do I get one for my company?
If you are employee at a company that has a large mobile workforce you should show this blog post to an IT Director, Call Center Director, or someone who can make this project happen. This is a quick win for most companies in improving productivity. You can use DSEE or OpenDS with replication to create the directory instance outside the firewall. Publish a configuration guide for employees and start improving productivity.
Ugggh....last week we were reminded of how social media platforms are vulnerable to identity security problems. Two colleagues of mine were hacked in the twitter and an add was posted to my facebook account via cross-posting feature in Facebook (I love uggh boots, I just didn't plan on advertising them on my Facebook account. More about this later). One of the powerful aspects of social media sites is the extended conversation that users can have with their friends, colleagues and communities that participate. However, if social media sites don't work more aggressively to thwart security holes in their platforms they will undermine the credibility and trust they have worked hard to gain with the mobile IT generation. This is not a new problem. 
|
|
|
|
DSEE 7.0 is available for download today 
I recently attended 
At Sun, we worry about performance requirements every day as our customers push our existing technologies with demanding performance requirements. Directory Server Enterprise Edition with it's more than 10 years of experience in the market has had to deal with cloud based architectures in a number of ways. However, before we talk about how they intersect it is prudent for us to define the different types of clouds (prudent because there is still controversy over the definition of clouds). According to 
The Sun Identity Management team will be giving a webinar next Wednesday to discuss the very important topic of Identity Management and healthcare. As the healthcare legislation moves through congress the increase of 36M patients on healthcare providers, insurance companies, and patients will be profound. The cost savings projected by the bills will rely on IT systems to provide increased access to information to drive productivity gains. As we have seen with recent high profile identity security breeches at hospitals identity security is critical in making sure the right people have access to the appropriate information, that information must be shared with all members of the value chain securely.
This week Google launched a new service called 
information. I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means. You can join the 
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the 
Our very own, Ludo Poitou will be presenting with other luminaries in the identity industry at The 2nd.International conference on LDAP, LDAPCon 2009 will be held on September 20th and 21st at Waterfront Marriot Hotel , Portland OR, USA.
First, the latest release of 
CET. This will be at 12:00pm PT. I have been watching the games I can and the highlights on 
government's across the world pursue e-Government initiatives. 
