The search found 4075 results.
The other week, we announced some findings from a survey conducted over the past couple of months aimed at understanding where authentication and access management sits in the eyes of those concerned with Payment Card Industry (PCI) data security standards (DSS). With PCI publishing the latest PCI Data Security Standard 1.2 on Oct. 1, 2008, this online survey highlighted some interesting trends as companies work toward compliance.
Here are a few stats to briefly call out...
This week I was part of Network World's second annual real-life scary security stories podcast, a panel hosted by Keith Shaw that told the tales of some frightful security happenings over the past year. There were some amazing examples of breaches of data, corporate espionage and simple access and authentication mis-steps, of which I added a few anecdotes from actual conversations I've had over the past year. [to protect the innocent, actual names were not used]
While the concept of cloud computing (accessing applications online) has been around for close to a decade, talks on the subject have intensified significantly in recent months. The catalysts to these discussions range from the sharp decline in hardware and network infrastructure costs to the desire for a business to 'go green' to the need for accessibly by an increasingly distributed workforce. Whatever the reason, big business has taken notice and as this interest turns into action, these companies must be prepared to look at all of the key issues around this move before taking action.
Strong authentication can come in a variety of forms, each with it's own unique strengths and weaknesses. Before selecting a type of strong authentication, think about the following:
Hundreds of McKesson customers converged in Grapevine, Texas this past week to learn what their peers are doing and to get the latest product updates from McKesson. Infrastructure upgrades was a common theme this year for many of the attendees I spoke to, with virtualization in particular continuing to rise in priority. Many hospitals had partially or completely virtualized their data center, and some had even virtualized all their desktops.
I just came back from the ASIS 2008 Show in Atlanta and boy, do my feet hurt. Over 15,000 attendees, participation in 6 booths including our own, 3 days of constant conversation will do that to a person. This security show is the top venue for those wanting to be educated on the latest in security...from state of the art manhole covers to new IP video and access control systems.
I was recently asked to comment on the future of biometrics so I wanted to share my thoughts here after distilling them down into four buckets... What's Next in Adoption, What's Next in the Tech, What's Next in the Enterprise, and What's Next in Consolidation.
Since 1996, HIPAA has become one of the most important and highly publicized pieces of healthcare legislation in the United States. Over this time it has also become one of THE biggest topics of conversation within the healthcare and security industries and with good reason-HIPAA involves two major issues, patients and privacy. What's truly amazing to me is that behind the scenes, one would naturally have to assume that the majority of healthcare organizations are being driven by the worry of the potential penalties that might be levied on them by the Department of Health & Human Services (HHS) for their failure to fully comply with HIPAA...
Physical logical security convergence has garnered increased attention over the past year, and we've had countless conversations with both IT departments and physical security teams about the people, process and technology issues that come with the territory. Integrating teams and policy, not just the technology, needs to be well thought out. Increasingly, the path of our conversations with prospects and customers interested in converging physical and logical access focuses on where to start that type of project.
The New York Times recently posted an article decrying passwords as an inadequate defense mechanism for security today in a wave of identity theft occurrences. The article goes on to push a cryptography-based approach to log-on systems, touting ‘information cards' that rely on the computer handshake between machines to authenticate a user, or in this case, a site visitor. The article goes on to rail against the OpenID initiative because of its password-driven approach to SSO to access OpenID-enabled Web sites.