Agile risk management – is it even possible? This is our second of two posts ruminating on agility versus security. Today, you’ll see that an agile risk management framework like the one in the figure below is feasible, and that… Continue reading
Agile security has emerged as a core topic for us in two cutting edge consulting engagements over the past few months.
The first of these engagements is to help a very large client develop and mature an enterprise risk management… Continue reading
Digital identity’s center of gravity has shifted to customer-facing identity (CIAM). As we learned in the changing face of identity (part 1 of this post), effective CIAM is crucial.
Ian Glazer, who inspired my last two posts… Continue reading
Digital identity is the core of the digital transformation. It underpins sales and distribution, enables outreach to customer communities, and helps build business value chains. But organizations must traverse a minefield of threats, operational challenges, and compliance issues. As we… Continue reading
You know how they say “identity is the new perimeter?” Yet for all the hoopla around de-perimeterization over the years, most organizations still have complex firewall infrastructures and clunky VPNs.
Google has reinvented its security perimeter around devices through… Continue reading
Data protection requires effectively coordinating good practices across many security domains. It is actually a large subset of the overall security program. Take a look:
If you’re familiar with Security Architects Partners, you’ll know we’re both broad and deep in… Continue reading
We recently completed a consulting engagement to create an authorization framework for a large financial services organization. As illustrated, the framework has three dimensions: Runtime authorization patterns, policy models, and governance structures.
The “runtime authorization patterns” describe the components, interfaces,… Continue reading
We are now in the second golden age of identity and access management (IAM). Mobile devices, cloud computing, social networks, Big Data, and the Internet of Things (IoT) require radically improved capabilities. They are driving rapid innovation in IAM standards,… Continue reading
Shadow IT is an explosion of cloud computing adoption for business use by employees and groups with no IT involvement. Shadow IT can lead to unintended and undesirable security risks, compliance concerns and hidden costs. But through collaborative IT… Continue reading