Archive for the ‘saas security’ Category

On the subject of password management…

August 19, 2010

There is an interesting movement that is happening in and around the Identity management space in there is a struggle going on between the desire to have a single universal and secure way of accessing resources and applications, and finding the right third-party to “trust” with your access.

A variety of technologies and vendors are involved including SAML, Active Directory, individual passwords, and some of the social media vendors such as Facebook and Twitter, to name a few. And of course, all the other cloud, enterprise, and identity vendors have a dog in this fight too.

Here at Conformity we are clearly a part of the discussion, and ultimately we hope, part of the solution, but the ugly truth is the vast majority of current secure website services and SaaS business applications still use passwords for their primary authentication model. Andrew Jaquith’s blog entry on “The Rationality Of Re-Using Passwords” makes an observation that passwords will be around for a long time, which is a point of view that I share.

Since we are on the topic of passwords and logins, I need to mention that Conformity just introduced a new product, ConformityConnect, that is designed to be a simple to use, simple to deploy, and simple to administer way of securely managing the plethora of logins that we face every day at work.  If you find yourself drowning in passwords, this might be the life saver you’ve been looking for. It also lays a foundation for addressing some of the other issues I raised above. Sometimes the best policy is to trust no one but yourself

You can try ConformityConnect out for free by clicking HERE.

VeriSign’s New Cloud Identity Initiative

April 21, 2010

We’re very excited today about the VeriSign announcement of a new industry collaboration (which includes Conformity) to build trusted online identity solutions that will help accelerate SaaS and cloud adoption.   In conjunction with the initiative, we’re working with VeriSign as well as Ping Identity, Qualys and TriCipher to establish a blueprint for achieving identity trust by combining technologies and services with proven policies and certification programs.   The effort spans the major requirements for achieving identity trust, including

  • Strong mutual identification
  • Provisioning
  • Federation
  • Vulnerability and Compliance Management

We totally agree with Nico Popp, vice president of product development at VeriSign when he says “Trust won’t happen if users worry their identities are vulnerable, or if they’re unsure whether the cloud-based service they’re accessing is legitimate.  That makes identity trust the essential ingredient for cloud migration – and an industry imperative for SaaS providers.”

Read the full announcement here >>

An Internal Auditor’s Perspective on SaaS…

March 31, 2010

We recently spent some time with Sixto Bernal, Director of Internal Audit at SuccessFactors, who shared some very interesting insights on the governance and compliance challenges being created by SaaS and cloud applications, including:

  • The need for consistent user provisioning and management across SaaS applications
  • How each new SaaS deployment ‘scales the pain’ for IT management and auditors
  • The unsustainability of manual approaches to managing SaaS silos

View the full discussion here:

Get a Free SaaS Identity Audit from Conformity

March 8, 2010

As we’ve frequently discussed here in this blog, SaaS identity ’silos’ are creating major headaches for companies moving to the cloud. In fact we’re finding that  in most organizations 5-20% of SaaS user identities have errors or mismatches that can result in major security and compliance risks.  Some of these issues include:

  • Orphaned user accounts
  • Duplicate user identities
  • Misaligned user data
  • Inappropriate user roles and permissions
  • Unauthorized ’super admins’

We’re excited to announce that for a limited time Conformity is offering a free SaaS Identity Assessment that will help organizations identify user identity gaps and mismatches with their SaaS deployments and corporate directories. With the assessment, Conformity SaaS identity experts will provide:

  • A summary report of major SaaS identity exceptions
  • Assessment of potential audit and compliance risks
  • Recommended best practices and policies for aligning SaaS user identities

Click on the link below to learn more about our free assessment, and let Conformity help you and your organization get ahead of the curve on SaaS audit and compliance issues.

Click here to learn more >>