I've had a few conversations lately tied around the topic of the insider threat in the financial services arena, so I figured I'd scan around the Web to see what's out there and came across an interesting InfoWorld article. Though it is from last Fall, it hits on a number of concerns that are timely now, especially given the major breaches like Societe Generale. The article reports on a Deloitte study that highlights two major data points that I want to call out:

There's a lot of news and opinions on the web as the blogosphere continues to grow. As a result, the web can be overwhelming on one hand and full of wonder on the other as you sort and click through the rabbit hole of conversations on the other side. In light of this, I thought I would provide a short list of great blogs and resources that I follow from the identity management circles that are worth checking out and engaging with:

Insider threat is among the biggest challenges security folks face in 2008. The perimeter is dissolving with increased reliance on distributed computing and the mobile workforce, making it more difficult than ever to put up definitive walls around the enterprise. It's a simple reality that we all have to deal with. Check out last month's 2008 Global Information Security Workforce Study conducted by Frost & Sullivan for ISC(2) and SearchSecurity.com's coverage. Two-factor authentication using biometrics as well as physical-logical convergence will gain speed in dealing with the insider threat.

Having spent last week at the 2008 International MUSE (Medical Users Software Exchange) Conference in Grapevine Texas - the 25th annual gathering of clinical and technical users of Meditech software - I was delighted to see SSO is such a hot topic among this group. There were five customer presentations related to SSO and Strong Authentication, and all of them were filled to capacity.

After the recent 2008 HIMSS Conference, we conducted a survey of 171 healthcare IT decision makers to identify some of the trends they face relating to identity management. I wanted to call out a few interesting data points...

I work in the field for Imprivata, working with customers day in, day out. And the single most heard question I get relating to our products is: 'which authentication technology should I use'. Fingerprint? Yeah that's good, I will never forget my finger, right? Or a prox card? Even better, because I can use that to open doors, pay at the lunch cashier, and so forth. Nah - maybe a smartcard is better. Or a one-time-password token. Or ... Of all of the suggestions I made above, none of them is ideal. All of them have pros and cons, and really, all of them have very different characteristics. In my mind, there are three/four things to ask yourself when choosing an authentication technique...

Next week, Tuesday 27th of May, we will be speaking at the ICT & Healthcare seminar in Ede, the Netherlands. Topic of our discussions will be clear and simple: how can we restore the 'Identity balance'. With this topic, we aim to explore how customers and partners can work with healthcare organisations to strike the right balance between...

To paraphrase Princess Leia, ‘the more you tighten your grip, the more star systems will slip through your fingers.' The same can be said in trying to manage identities in today's enterprise. A number of weeks back, I got into a discussion with the 451Group's Steve Coplan about this very topic: the chaos of identities.

I'm often asked what seems like a simple question: 'what's new in identity management?' As simple as it is, it's a big question so here are five trends that I see out there for identity management... at least for now.