Version: 2008
  • On GameFAQs: The top 10 fighting games of all time

Comments on: Gartner: Businesses struggling with ID management

Analyst says multiple types of software, business controls and processes are key to successful identity and access management.

Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
Solution is really simple
by wbenton July 15, 2007 8:51 AM PDT
Have smartcard authentication with password protection required for anything that warrants the removal of suspicion prior to allowing access.

Whether it be access to a firmware upgrade, reserving a meeting room, even filing a complaint or asking a simple request from the IT department.

With proper smartcard + password management set into place... it's really no problem at all.

Deciding what requires such strict access may be a problem at first, but once ALL of the resources have been defined and whom can access which resource has been layed out... the only thing remaining is periodical confirmation that such access is continually required or not. Once a month or once every three month mandatory re-requesting should allow IT management to take back control of their network.

Walt
Reply to this comment
A movement toward monitoring
by Buck French, Securify July 17, 2007 11:00 AM PDT
I fully agree with this article?s statement, ?Another recent challenge has been an increasing emphasis on ensuring that staff members actually are who they claim to be.? While identity management systems are being ramped up, and even after fully deployed, businesses need to monitor their users and verify they are who they say, post admission.



I think we?re going to see a move toward using monitoring devices to accompany IAM systems. Aside from role-based provisioning and access control, businesses need to track the activity of each user to ensure privileged users are not violating security controls or placing the company at risk. Monitoring will also help with continuous compliance measurement and improve the overall security posture.
Reply to this comment
by chriswininger1 July 17, 2008 11:11 AM PDT
I think what they are saying is that this isn?t just a technical problem anymore.

"Another recent challenge has been an increasing emphasis on ensuring that staff members actually are who they claim to be, an issue that is receiving increasing prominence as global employment patterns shift."

If the person was fraudulent from the get go then the identity on their smart card isn?t accurate. Maybe I am an illegal alien or a convicted felon and I forged all my documents. Upon being hired my company identity (smartcard, user accounts, etc) would be created from this fraudulent information. This is where the solution has to be implemented in more than just software and hardware. It has to be implemented in terms of company policy and enforcement.
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET