- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
As any general knows, an effective system for distributing and managing appropriate provisions for the troops is essential to success on the battlefield. The same is true of companies trying to win wars in the marketplace. But instead of bombs, bullets and MRE rations, a corporation must provision access to items like cell phones and credit cards and, perhaps more important, to digital assets, such as networks and applications.
The provisioning process has always been a security and administrative nightmare for IT and human resources departments. In the past, it generated tons of paper, ate up administrators' time and caused plenty of errors that resulted in decreased productivity, security vulnerabilities and lost physical assets.
A Piece of the Puzzle
The advent of provisioning software within identity management systems has improved the situation. With automation, companies have a better chance of keeping up with the growing number and variety of systems, applications and devices within their organizations. Automation can also help contain the costs of managing user IDs and permissions.
But self-enclosed, proprietary provisioning systems can solve only a piece of the problem. As companies increasingly consolidate their systems and open them up to customers and partners over the Internet, the need for a standard that will allow centralized provisioning within and across organizations is clear to users and vendors.
This summer, a technical working group of the Organization for the Advancement of Structured Information Standards (OASIS) publically unveiled the Services Provisioning Markup Language to meet that need. SPML 1.0 is built on OASIS's Directory Services Markup Language V.2, which is an XML representation of the Lightweight Directory Access Protocol. If it's ratified as expected next month, SPML will join a family of standards designed to ease the implementation of Web services, including XACML, SAML, UDDI, WSDL and SOAP.
The goal of ratifying the specification is to establish interoperability among provisioning systems that will allow organizations to securely create end-user accounts for Web services and applications from a single point in an organization.
In July, at Burton Group's Catalyst Conference in San Francisco, 10 vendors that had been working to create SPML under the aegis of OASIS demonstrated that they could use one SPML request message to simultaneously create user accounts in all of their provisioning systems.
In San Francisco, all the vendors were set up in one hotel meeting room, but the idea is that SPML-enabled provisioning systems will work across geographic and corporate boundaries.
In a typical scenario, when a company hires a new employee, the HR system generates an SPML request to the company's provisioning system that creates all the access accounts the employee needs within the company. The provisioning system then automatically generates another SPML request to the provisioning systems of customer companies that give the employee access to the applications and data he needs to do his job.
Deprovisioning can be accomplished by HR by generating an SPML message request closing the employee's access accounts upon his leaving the company. The automated chain of SPML messages will then wipe out the employee's access to customer systems as well, eliminating the scourge of orphaned accounts. Used with SAML, the XML-based protocol for exchanging user authentication and authorization information, SPML may eventually be at the heart of a true single-sign-on system.
Although OASIS is just finalizing its approval of SPML, the standard has already drawn fire from critics who say that it doesn't do enough. For example, it doesn't enable functions such as moving or suspending accounts.
Chief among the naysayers have been IBM and Microsoft Corp., which have contended that SPML isn't powerful or flexible enough to work in conjunction with the group of standards the big vendors are developing, called WS-*, which includes WS-Security and WS-Federation.
SPML 1.0 is likely to emerge as a provisional standard as OASIS, IBM and Microsoft work toward compromise.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 2008-09-05 11:05:00+10
F-Secure delivers fastest protection in the online world 2008-09-04 16:50:00+10
NETGEAR expands ProSafe team as business-class products take off in SME market 2008-09-04 16:27:00+10
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 2008-09-04 16:00:00+10
Adaptec Intelligent Power Management Reduces Storage Power Consumption Up to 70 Percent 2008-09-04 11:28:00+10
Did you GET the memo? Getting you from Web 1.0 to Web 2.0 Security
Enterprises have forged ahead with the rapid evolution from Web 1.0 to Web 2.0 without addressing the inherent security risks. It is imperative for organisations to continue to embrace new technologies to survive, but security must shift from being an after thought to a primary consideration. Read on to find out more.
