Next Generation Cloud Security Through Actionable Intelligence

Posted on by Steve Tout in Cyber Security

I’m very pleased to share the following guest blog post by one of Forte Advisory’s esteemed customers, VeriClouds. VeriClouds is a startup in the Seattle area innovating in the cloud security space, helping companies reduce risk using its technology to detect and mitigate compromised accounts before falling into the hands of bad actors. ****** Our online world, like the larger world around us, is full of uncertainties and risks. We wake up to new data breaches on a nearly daily basis. As applications and data proliferate in a cloud and mobile world, the burden and reliance on Identity and Access Management (IAM) is greater than ever. We must enable IAM with real-time risk information for making the most reliable identity management and authorization decisions. Steve Tout, Founder, and CEO of Forte Advisory describes this as Highly Leveraged IAM. “The idea that identity being the center of every interaction that end users have …

Next Generation IAM Is Secure By Default

Posted on by Steve Tout in Management

We live in a world full of uncertainties and wake up to new data breaches on a daily basis. As applications and data proliferate in a cloud and mobile world, Identity and Access Management (IAM) must deliver more than ever, faster than ever, for businesses to succeed at building and maintaining trusted relationships and delighting customers at every interaction. We must get to a place where risk informs identity management services and authorization decisions in real-time to avoid our companies from being the next news headline. I call this Highly Leveraged IAM: the idea that identity being the center of every interaction that end users have with a company, IAM can not only provide the right access to the right user at the right time, but also the best user experience across a diverse set of protective layers and capabilities and can make these existing investments even more effective. The level of identity-centric …

Career Development for IAM Professionals

Posted on by Steve Tout in Career

Wrapping up a long, tiring yet rewarding week at Cloud identity Summit in New Orleans, I wanted to sign off with a few parting thoughts. First off, I’d like to thank Andrew Hindle for giving me the opportunity and the honor yet again to speak at CIS. Being a 4th time attendee at CIS and frequent speaker and attendee at other conferences, it is clear that not enough air time has been devoted to career development issues for professionals in our industry. This is evidenced by the fact that at least a dozen folks approached me afterwards with their questions, comments and thanked me for sharing lessons from the trenches. I was especially touched more than once by attendees who confided that my talk (given on the last day of the CIS event) was their favorite of the entire week. As far as I can tell, nobody is being paid …

The 2 ROIs of IAM

Posted on by Steve Tout in Architecture Guidance,Management

Last week I unveiled Identity Coherence in my webinar on the same subject(sponsored by CSA) and started by talking about the impact that IAM has on customer experience, federation and risk management. I concluded with a discussion on the 2 ROIs of IAM: Return On Investment and Risk Of Ignoring. If you step away from any IAM implementation and defocus the technology, what you see is a constellation of factors that either propel your efforts forward within your organization or stop you dead in your tracks. Naturally, this vantage point delivers insights into the upfront work needed to modernize IAM, including strategy, architecture, operations and innovation. But from experience, looking at IAM through the lens of program management, GRC, customer experience and even company culture all of which are critical to ensure ongoing success of an effective IAM program. This mental model is what I refer to as Identity Coherence. Identity Coherence provides the conceptual framework …

Culture Eats IAM for Breakfast

Posted on by Steve Tout in Management

It’s been said that you can’t fix culture. Focus on the business and the rest will follow. (See April 2016 HBR cover story) Within every organization, the values and people that shape the culture will ultimately affect how IAM is directed and managed. They are often invisible powers, but if you look and listen closely, the “invisible hand” will present itself to you, and unlock a key to success in your IAM program. Then @brennantom posed a great question to Shark, Robert Herjavec: “what’s better for investment, process driven results or disruptive technologies?” I immediately flipped the question to ask, what is better for business, process driven change or disruptive change?  With nearly every industry seeing its share of disruption, from healthcare to transportation, social media and hospitality, cloud and digital have turned old business models upside down and enabled new ones with digital transformation and cloud computing. For IAM and cybersecurity leaders in …

How Strategic is your IAM?

Posted on by Steve Tout in Business

Wrapping up a week  spent talking with customers and partners and conversations that keep popping up are not surprising.  In spite of IAM enjoying increased attention from the business and security community, there is a predominate focus on the technology vendors, cloud, and security with little mention of how they actually get implemented.  One sentiment I encountered this week from a global consulting services provider – where budget is seemingly endless and far from a constraining factor – is that IAM deployed into customer environments pretty much on demand.  The revenues realized from IAM implementations by the consulting provider were nothing more than a “rounding error” to the overall revenues. This sentiment is not shared alone as IAM is often overshadowed by the larger security program from an operational and budget perspective.  In typical fashion, it leads me to ask the question: how strategic is IAM to your business? Philosophy Determines …

Predictions for 2016…more of the same

Posted on by Steve Tout in Current Events

It’s that’ time of year when many of us start thinking more about egg nog and snow sleds than cyber security and business, there are a few of you out there making effort to predict what 2016 has in store for our industry. And with much respect to those who can predict these trends with much greater accuracy (see here, here and here) I would like to go out on a limb here and make my prediction for 2016. There will be more of the same throughout 2016 from an IT and security perspective. While many of the predictions focus on how the technology and privacy landscape will evolve increasingly throughout the year, including perhaps the affect that IOT and data breaches will have on consumers, what often goes unnoticed is how relatively immune IT departments are to these micro changes. Unfortunately, or fortunately depending on your views, the reality …

Privilege Access Management – Next Generation Jump Servers

Posted on by forteadmin in Cyber Security

The essential capability of privilege access management is the jump server access to protect organizations against advanced security attacks. As is evident from most of the recent cybersecurity attacks, the frontline for securing organizations has moved inside the enterprise and not at the network perimeter. Next generation jump server access is an important countermeasure against advanced cybersecurity attacks. [tweetthis]As the advanced attacks continue to rise, abuse of privilege accounts becomes a critical threat to organizations. [/tweetthis] Jump servers create a solution to separate sensitive and non-sensitive data in the organization’s internal network. As the advanced attacks continue to rise, abuse of privilege accounts is becoming a critical threat vector in many organizations. Key logging exploitation of default, noncomplex or comprise credentials have been the pivot point in most of the breaches in the recent past. Isolation of sensitive assets and networks has become a mandatory security step to control access …

Privilege Access Management – Moving Front Lines of Cyber Security

Posted on by forteadmin in Cyber Security

Dear friends, I don’t always have the privilege of welcoming an old friend and good colleague into the Forte Advisory Network and introducing them to you all, but today is such a day.  Dipak Rath, Sr. Manager of Security Ops at The Home Depot, has graciously accepted my challenge to write this guest blog post, and has not only one upped me, he has 3 more blog posts in this series that you will find posted here in the weeks ahead. Dipak joined The Home Depot just before the well known data breach and has learned more through those experiences that many of us might learn in an entire career in the industry.  Today he shares his thoughts on the real insider threats, and I’m looking forward to what he’ll bring to us next! Steve @stevetout @forteadvisory —————————- It is clear to me and many IT security leaders around the …

The Business Value of IAM

Posted on by forteadmin in Business

Hey again! The inaugural Seattle IAM User Group got kicked off last night with great success, and I enjoyed presenting thoughts on the value of game theory (decision science) and professional development on career and the IAM program and the great conversations that ensued.  More than once the “business value of IAM” came up with conversations around how we could increase our chances at gaining executive buy-in to our strategies and plans.  It just so happens that Forte Advisory fellow, Jeff Kistler, contributed a blog post on the same topic that I think will extend the conversation about the business value of IAM even further. Enjoy the post, and as always feel free to leave your comments here or reach out directly or leave your comments below with your thoughts or suggestions. Steve @stevetout @forteadvisory —————————- Organizations around the world are experiencing profound issues with their implementation of Identity and Access Management …