Jon Oltsik: The two cornerstones of next-generation cybersecurity (Part 2) As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else - applications, endpoints, networks, and servers - must kowtow to these two cornerstones and enforce specific data security and identity policies.
Alessandro Festa: BYOI (Bring Your Own Identity): Adaptable Risk approach for contextualized identities I define a contextualized identity as: "A contextualized identity is made by a superset of metadata who represent in a variable form a unique subject. This superset is made of general (static) and detailed (dynamic) metadata who represent the identity contextualized to the moment in time where it is used." Based on this definition, what I expect is the need to evaluate constantly not only the information's I have as "pre-filled", the static metadata I collect from the identity lifecycle, but even the dynamic ones.
Leveraging Fingerprint Authentication On Mobile Devices: Apple's Touch ID API & More At WWDC this year, Apple made several major announcements, indicating that it will open up the iOS platform to an unprecedented level. As you would expect, here at Nok Nok Labs we are most excited about the new Touch ID API announcement. With this API, Apple joins Samsung in making biometric authentication capabilities available to third party applications.
Mark Diodati: Tweet Jam To Examine Mobile Security As Conference Chair of the Cloud Identity Summit, I am happy to announce we are hosting a tweet jam at 1 pm EST on Thursday, June 26. The one-hour long event on Twitter will examine the topic of mobile security and current approaches to managing it, and act as a preview to discussions and seesions at CIS in July.
Meetup: Bay Area Identity Developers; June 23, 6 pm (VMware HQ) As the popularity of the cloud, APIs, and Internet of Things explodes, understanding identity is becoming more important for developers--but it's a large, complex field. The month's speakers are Morteza Ansari, Cisco: SCIM 101 - A walk through of SCIM history, use cases, protocol, schema, and its future; and Pam Dingle, Ping Identity: Working Code for hands-on use of SCIM 1.1 end points, with color commentary on SCIM 2.0 differences by Ansari.
Haydn Shaughnessy: The Revolution Hidden In The Apple Health Kit Apple is about to change the relationship between brands, data and customers. That's the secret sauce in its new Health Kit offering, according to several observers of data and security, including Ping Identity's Paul Madsen and David Waite. OAuth 2.0 and OpenID Connect 1.0 are likely standards for Apple to draw on, though Apple has a preference for doing identity its own way.
Patrick Thibodeau: U.S. looks to create an 'Internet of Postal Things' The Internet has so far delivered mostly bad news to the U.S. Postal Service, but the agency now hopes an emerging Web applicationv - the Internet of Things - can help it improve efficiency. The postal service is spending up to $100,000 to investigate how it can utilize low-cost sensors and related wireless technologies.
Gartner Catalyst - UK June 17-18; London A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes. #gartnercat
Cloud Identity Summit 2014 July 19-22; Monterey, Calif. The modern identity revolution is upon us. CIS converges the brightest minds across the identity and security industry on redefining identity management in an era of cloud, virtualization and mobile devices. #CISmcc
Gartner Catalyst - USA Aug. 11-14; San Diego, CA A focus on mobile, cloud, and big data with separate tracks on identity-specific IT content as it relates to the three core conference themes.
Application Security Forum Nov. 4-6; Yverdon-les-Bains, Switzerland The conference is a well-established annual event dedicated to information, application and software security that features a full-day of training sessions and two days of conference sessions.