Identity in the News – Week of April 2, 2018

Selections from the top news items this week in the world of identity and application security.

Tech Thinks It Has a Fix for the Problems It Created: Blockchain

From The New York Times: The first blockchain was created in 2009 as a new kind of database for the virtual currency Bitcoin, where all transactions could be stored without any banks or governments involved. Now, countless entrepreneurs, companies and governments are looking to use similar databases — often independent of Bitcoin — to solve some of the most intractable issues facing society, including identity challenges.

Digital Identity Is Broken. Here’s a Way to Fix It

From the Wall Street Journal: The identity we use to interact with the government, obtain services, and pay for goods is unreliable. In poor parts of the world people simply don’t have trusted identity credentials that allow them to prove who they are, while in rich parts of the world we worry about identity theft, and crimes using fake or stolen identity credentials are rampant. The core problem is that the identity credentials we use often are defined and certified by someone else, for instance, by the government or a company such as a bank.

The identity crisis: Password managers and your business

From ITPro: Passwords used to be the preserve of the office network, but now you can't even avoid them if you're unemployed: benefit systems want you to log in and prove who you are to access your personalized view, save your data and so on. And as online security has become a growing burden, not just at work but in our personal lives, it's been no surprise to see password managers gaining popularity all over the app and web service marketplace.

What is FedRAMP? How cloud providers get authorized to work with the U.S. government

From CSO Online: The Federal Risk and Authorization Management Program, or FedRAMP, is a program by which the U.S. federal government determines whether cloud products and services are secure enough to be used by federal agencies. While the process for getting the FedRAMP seal of approval is complex, it can ultimately be lucrative for companies that are certified, not least because it signals a commitment to security to non-government customers as well.

Inside Privacy: Okta CEO Takes Hardcore Line On Identity Management

From Forbes: “Identity is the critical point when you are thinking about connecting people and technology,” said McKinnon. “In the post-firewall world, we need to be able to free our technology from the datacenter. Everything today is connected. The value that all these identity connections have to the people that use them is now a component of business value itself. As we approach the point where data becomes an identifiable unit on the corporate balance sheet, identity will help validate that information value.”

Putting access management at the foundation of student success in higher ed

From Edscoop: San Jose State University is the oldest, and one of the largest, universities in the California higher education system, with more than 32,000 students and another 5,000 or so faculty and staff. Meeting their IT needs has resulted in managing “in excess of 100 web-based applications,” Michael Cook, SJSU’s director of customer service and information security, said. Many of those applications tie into proprietary systems with unique sign-on requirements. After evaluating potential solutions, SJSU selected the Okta Identity Cloud.

Password security: Tips for creating a better policy

From ZDNet: In recent years the received wisdom on passwords -- that they need to be complex, lengthy, and changed frequently -- has begun to be challenged. These type of passwords are not only potentially insecure, but following these guidelines can open up major holes in an organization's defences. Leading security figures in the US and the UK have said it's time for businesses to look beyond the traditional advice and consider approaches to password security that work in practice, not just in theory.

The Cloud Is Rising To The Cybersecurity Challenge

From Forbes: Cybersecurity was front and center at last year’s Google Next cloud conference, with a wealth of announcements. Last month the company followed this up with a flurry of new announcements from access auditing to data loss prevention to identity controls to new partnerships with third party security companies, emphasizing just how much of a growth area the major cloud companies see the cyber environs.

1.5 billion sensitive files exposed by misconfigured servers, storage and cloud services

From ZDNet: Researchers have discovered over one and a half billion sensitive files including payroll information, credit card data, medical information and patents for intellectual property are exposed online, putting consumers and businesses at risk of theft, cyber crime and espionage. But the information exposed online - which amounts to a total of 12,000 terabytes of data - isn't there as a result of hacking or other cybercriminal activity, it has been stored in publicly available locations ranging from Amazon Simple Storage Service (Amazon S3) buckets, rysnc, SMB and FTP servers, misconfigured websites and unsecured Network Attached Storage (NAS) drives.

IT must seek identity management tools with AI, biometrics

From TechTarget: Although identity and access management (IAM) products have been around for some time, many are ill-equipped to handle an influx of device diversity, user access methods and application variety. Further, many organizations implement little or no upgrades to already installed systems. Fortunately, new methodologies are on the horizon -- although it will take several years for them to fully play out.

Business increases use of encryption in the cloud

From ComputerWeekly: The past year has seen the biggest growth in the use of encryption in the cloud, the Thales 2018 Global encryption trends study shows. The uptick in the adoption of encryption has been driven by various factors, with the fact that organizations are now using up to four or more public cloud providers combined with the desire by organizations to protect against specific identified threats topping the list.