This week Google launched a new service called Google Dashboard which can be found in the account settings in top right hand corner under "personal settings". The service is a great idea for a couple of reasons. One, it served as a reminder (at least to this user) of all the services that I had actually signed-up for from Google over the years. Which given the pace of their innovation and continuous beta approach and my propensity to try new things in the technology space was quite a few. The second reason and arguably the most important was that it offered you the link to go and manage your privacy settings from the dashboard to the services you have subscribed. This is critical and important for those customers and users that are interested in actively managing their identity at Google. Here are the reasons why!
In the world of Web 2.0, Mashups and Federation business's are constantly stitching together different applications to provide value to customer's and consumer's. Organization's need to give user's control of their privacy setting's to allow them to control what information they share when and where on the internet. Most user's don't mind providing the information or more likely are unaware of what they are sharing. This is why the Google Dashboard feature is a powerful tool for user's to improve their security. The ability to access these privacy setting's existed in each of the services that Google offered. However, as I mentioned above, I had forgotten about all the different services I had signed up for within Google Land. This consolidation in one spot, gave me information, power and most importantly choice in one spot making my ability to make better decisions about how my identity is managed on the internet.
Facebook has learned this lesson and has done a lot to put the power in user's hands of controlling how applications user their information. I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means. You can join the Facebook Security Fan Page to get updates on different steps they are taking to improve the choices users have to manage their identity data. Another great step they have taken is also in the user experience they provide users in the pages that manage services and privacy by providing contextual help for users. Big improvements that contribute to better user decision making.
Next week, Nov. 9-11, the Identity Management Team travels down to Gartner Identity Access Management conference to showcase two of our latest releases DSEE 7 and Role Manager 5. Gartner IAM is a great event because it not only gather's together experienced practitioners in the identity management space but has a number of events that are small enough that you can have quality conversations about real problems. Last year, Verizon presented at this conference on the Directory and OpenSSO implementation that serves 50M users. The presentation is a great example of the proven expertise that Sun brings to Identity Management and the proven extranet scale our products can support---not a marketing benchmark.
Our team has taken a different approach to this even this year and we are participating in Gartner's Learning Lab's. Vendors, customer's and identity specialists are encouraged to come-by in a classroom style and learn about specific problem's Sun's product, partner's and customer's are using to solve their identity business problems. This is crucial today as the cost of failure or doing nothing rises exponentially. The best way to ensure success is to learn from real-world implementations not marketing based slideware presentations. This is why we have assembled not just the product teams but partners and real customer's to share their experience in these "learning labs".
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the Hard Rock Rooftop bar for drinks and conversation. The first 50 people get a wristband for free drinks. Identity management isn't hard so come to the Hard Rock to find out how to make it easy!
Gartner IAM Sun Schedule
Monday, Nov 9th
Learning Lab:
12:40 - 1:05pm “Increase Speed &
Performance while reducing TCO with Sun Directory Server Enterprise
Edition” Speaker: Nick Wooler, Sr Product
Manager – Sun Microsystems
1:05 - 1:30pm “Changing the Rules of
the game; Raising the bar with Rule Life-cycle Management and
closed-loop remediation” Speaker: Neil Gandhi, Sr Product
Manager – Sun Microsystems
1:35 - 2:00pm "IAM Governance,
Risk and Compliance -- the future of IAM", Speaker: Sachin Nayyar, President -
BrinQa
2:05 - 2:30pm "Enterprise Single
Sign On for Sun Identity Management", Speaker: Stephane Fymat, VP of Strategy
and Product Management - Passlogix
12:30 - 2:30pm Mat Hamlin showcasing Identity
Manager
Tuesday, Nov 10th
Learning Lab:
12:10 - 12:35pm “Role based user
provisioning; using business roles for identity life-cycle management
and identity auditing”, Speaker: Mat Hamlin, Sr Product
Manager, Sun Microsystems
12:35 - 1:00pm “Three tough
challenges, one powerful solution: OpenSSO for web access management,
federation and Web services security”, Speaker: Daniel Raskin, Chief Identity
Strategist – Sun Microsystems
1:05 - 1:30pm "Privileged
Identity Risk Management: Mitigating the Insider Threat", Speaker: Richard Weeks, VP of Channels
and Business Development, Cyber-Ark
1:35 - 2:00pm "The WHO behind the
WHAT: Arcot Authentication and Sun OpenSSO Enterprise " Speaker: R 'Doc' Vaidhyanathan, Chief
Product Officer - Arcot
Sun Booth:
12:00 - 2:00pm Nick Wooler, showcasing DSEE
12:00 - 2:00pm Neil Ghandi, showcasing Role
Manager
Identity management in government is a very important topic as it crosses a number of domains. There are a number of issues as government's across the world pursue e-Government initiatives. Norway is a great example as they have launched a portal to allow citizens to opt into services that they wish to consume from the government (e.g. postal, doctor, etc.). The government portal in Norway uses OpenSSO. This is only one of the ways in which Sun is helping governments further information sharing and reduce the cost of providing citizens and organizations the services they need to be successful.
If you are interested in hearing more about the different way's Sun can help governments help solve Identity Management issues such as the following, please attend the following webinar.
Secure control over information access by dynamic and diverse user populations
Single sign-on and identity federation for seamless operations across multiple IT environments
Automated provisioning and deprovisioning to reduce costs
Delegrated and self-service account management to improve the user experience
Auditing and reporting to meet internal security and compliance requirements
If you are a Facebook user that has received some crazy emails recently from "friends" with enticing subject lines to click on a video or picture should think twice before clicking the link. The Koobface virus has rared it's ugly head again and for some in the eweek article posted here have had to throw out their PC's because of being infected. Facebook has been great about identifying scams and exploits and maintains this page for users to get information about their security.
In the interest of spreading the word and propagating good usage of the internet:
Here are some ways to be smart and aware on Facebook:
If a link or message seems weird, don't click on it.
This is true of all spam—whether a chain letter, an ad, or a phishing
scam. If it seems weird for an old friend to write on your Wall and
post a link, that friend may have gotten phished. Let the person know,
and don't click on links you don't trust.
Be aware of where you enter your password. Just because
a page on the Internet looks like Facebook, it doesn't mean it is.
Learn to tell the difference between a good link and a bad one.
Report any spam or abuse you see on discussion boards and Walls.
Those report links are there for a reason. The sooner we find spam, the
sooner we can remove it and eliminate spammers from the site.
Don't use the same password on Facebook that you use in other places on the web.
If you do this, phishers or hackers who gain access to one of your
accounts will easily be able to access your others too. You might find
yourself locked out of your email and even your bank account.
Never share your password with anyone. Don't
do it. Facebook will never ask for your password through any form of
communication. If someone pretending to be a Facebook employee asks you
for it, don't give it out, and report the person immediately.
Don't click on links or open attachments in suspicious emails.
Fake emails can be very convincing, and hackers can spoof the "From:"
address so the email looks like it's from Facebook. If the email looks
weird, don't trust it, and delete it from your inbox.
Add a security question. If your account ever
does get stolen, you might need this to prove your identity to
Facebook. If you haven't already done so, you can add a security
question from the "Account Settings" page.
Also, if you are interested in avoiding scams during the holiday season here is a helpful site from CNET. The site can be viewed here.
BusinessWeek published an interesting article on Sunday titled "U.S. Is Losing Global Cyberwar, Commission Says". If you are interested in Identity Management or IT security this is an important topic. The plenary session was held this afternoon with press releases flying across the internet. You can find the MSNBC version here. BusinessWeek did a nice job of scooping the report and summarizing some of the recommendations which include creating a "CyberSecurity Czar". I am not sure we need more Czar's but if you are interested in the details of the report please take a look at the full report here.
Jim Carr from Security Magazine published an interesting article this week that exposes the long road that we still have to travel in the industry managing patient information within hospitals/organizations/enterprises. You can read the whole story here. The article doesn't go into tremendous detail about how the employees got access to the information. However, it does illustrate the challenge Health Care providers have in balancing access to patient information to people "who need to know" while maintaining patient information privacy. This is further exacerbated by the changing roles and responsibilities in organizations and applications. Ben Worthen, from the Wall Street Journal created a blog post here that also reminds us of the fact that a number of security breaches occur from trusted employees.
"But lest you think the threat is more imagined than real, consider that
among companies that experienced a data breach in 2006, 23% said the
culprit was an insider, according to a survey by the Computing
Technology Industry Alliance. "
Additionally, towards the end of the article an argument is made to sanction Doctor's who may have checked Britney's information without having a direct need to see the data.
Jamie Nelson, the director of engineering for Federation Access Manager, provides some very valuable insights into building identity security into your applications from the ground-up. Jamie also shares his insights into the problems that customers face in federating with partners and suppliers.
Kim Cameron provided a link recently to a great article by the Economist. The Economist in February reviewed how government;s were creating portals and using identity based software to aggregate services for citizens. You can get the article here. This is a trend that is happening not only in Europe (here is a great case study on Norway.no which used Federated Access Management to deliver SSO across all the government service providers while giving citizens choice) but also in the United States as governments try to provide more efficient services to an increasing online electorate. This has some great benefits, here are a couple to name a few: better information for health care providers, reduced cost and more eco-friendly government by reducing paper distributed information for citizens, reduce cost by getting better identity information on citizens (e.g. wrong address information results in government communication and postage costs to deliver mail to wrong location). However, despite many other benefits the fact that the government is holding more and more information about citizens causes some citizens to grow concerned. This article provides some insights into those issues but also on how much more work still needs to be done to leverage and protect identity for customers and governments.
It is not every day that you get to hear from one of the great thought leaders on Security. At Sun we are lucky every day because we get to work with people like Whitfield Diffie all the time. Whitfield Diffie is Sun's Chief Security Officer.
In this article on Computer World he gives insight into one of the future growth areas in security. He believes that outsourcing or your data managed by others is the biggest force of change in security over the next 5 to 20 years. Companies like SugarCRM, SalesForce.com,Amazon or Google provide global business with the ability to outsource business operations, IT functions all to more efficiently invest their resources to continue to innovate. However, the challenge for us all is to ensure that the appropriate level of security is applied to the data that we want to protect.
Sun takes security seriously and that is why we have one of the leading Identity solutions in the market, Identity Manager. Additionally, we offer a product called Sun Connection will allows companies to quickly and efficiently apply security updates to RedHat, SuSE and Solaris operating systems.
This week Google launched a new service called Google Dashboard which can be found in the account settings in top right hand corner under "personal settings". The service is a great idea for a couple of reasons. One, it served as a reminder (at least to this user) of all the services that I had actually signed-up for from Google over the years. Which given the pace of their innovation and continuous beta approach and my propensity to try new things in the technology space was quite a few. The second reason and arguably the most important was that it offered you the link to go and manage your privacy settings from the dashboard to the services you have subscribed. This is critical and important for those customers and users that are interested in actively managing their identity at Google. Here are the reasons why!
information. I applaud what they have done to provide not only the tools but the education to users about what that privacy information actually means. You can join the Facebook Security Fan Page to get updates on different steps they are taking to improve the choices users have to manage their identity data. Another great step they have taken is also in the user experience they provide users in the pages that manage services and privacy by providing contextual help for users. Big improvements that contribute to better user decision making. 
|
|
|
|
The other great thing about Gartner IAM is that there are usually a few different ways to combine great industry expertise and a little fun. On Tuesday, Nov. 10 at 9:00pm you can meet the Sun Identity team at the 
government's across the world pursue e-Government initiatives. 
If you are a 
Nick:
Thanks for the info on the Google dashboar...