Friday Summary: March 21, 2014—IAM Mosaic EditionBy Adrian Lane
Researching and writing about identity and access management over the last three years has made one thing clear: This is a horrifically fragmented market. Lots and lots of vendors who assemble a bunch of pieces together to form a ‘vision’ of how customers want to extend identity services outside the corporate perimeter – to the cloud, mobile, and whatever else they need. And for every possible thing you might want to do, there are three or more approaches. Very confusing.
I have had it in mind for several months to create a diagram that illustrates all the IAM features available out there, along with how they all link together. About a month ago Gunnar Peterson started talking about creating an “identity mosaic” to show how all the pieces fit together. As with many subjects, Gunnar and I were of one mind on this: we need a way to show the entire IAM landscape. I wanted to do something quick to show the basic data flows and demystify what protocols do what. Here is my rough cut at diagramming the current state of the IAM space (click to enlarge):
But when I sent over a rough cut to Gunnar, he responded with:
“Only peril can bring the French together. One can’t impose unity out of the blue on a country that has 265 different kinds of cheese.”
– Charles de Gaulle
Something as basic as ‘auth’ isn’t simple at all. Just like the aisles in a high-end cheese shop – with all the confusing labels and mingled aromas, and the sneering cheese agent who cannot contain his disgust that you don’t know Camembert from Shinola – identity products are unfathomable to most people (including IT practitioners). And no one has been able to impose order on the identity market. We have incorrectly predicted several times that recent security events would herd identity
cats vendors in a single unified direction. We were wrong. We continue to swim in a market with a couple hundred features but no unified approach. Which is another way to say that it is very hard to present this market to end users and have it make sense.
A couple points to make on this diagram:
- This is a work in progress. Critique and suggestions encouraged.
- There are many pieces to this puzzle and I left a couple things out which I probably should not have. LDAP replication? Anyone?
- Note that I did not include authorization protocols, roles, attributes, or other entitlement approaches!
- Yes, I know I suck at graphics.
Gunnar is working on a mosaic that will be a huge four-dimensional variation on Eve Mahler’s identity Venn diagram, but it requires Oculus Rift virtual reality goggles. Actually he will probably have his kids build it as a science project, but I digress. Do let us know what you think.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Favorite Securosis Posts
- Mike Rothman: Firestarter: An Irish Wake
- Most of us chose this one: Jennifer Minella Is Now a Securosis Contributing Analyst.
Other Securosis Posts
- Incite 3/18/2014: Yo Mama!
- Webinar Tomorrow: What Security Pros Need to Know About Cloud.
- Defending Against Network Distributed Denial of Service Attacks [New Series].
- Reminder: We all live in glass houses.
- New Paper: Reducing Attack Surface with Application Control.
Favorite Outside Posts
- A Few Lessons From Sherlock Holmes. Great post here about some of the wisdom of Sherlock that can help improve your own thinking.
- Gunnar: Project Loon. Cloud? Let’s talk stratosphere and balloons – that’s what happens when you combine the Internet with the Montgolfiers
- Adrian Lane: It’s not my birthday. I was going to pick Weev’s lawyers appear in court by Robert Graham as this week’s Fav, but Rik Ferguson’s post on sites that capture B-Day information struck an emotional chord – this has been a peeve of mine for years. I leave the wrong date at every site, and record which is which, so I know what’s what.
- Gal Shpantzer: Nun sentenced to three years, men receive five. Please read the story – it’s informative and goes into sentencing considerations by the judge, based on the histories of the convicted protesters, and the requests of the defense and prosecution. One of them was released on January 2012 for a previous trespass. At Y-12…
- David Mortman: Trust me: The DevOps Movement fits perfectly with ITSM. Yes, trust him. He’s The Real Gene Kim!
Research Reports and Presentations
- Reducing Attack Surface with Application Control.
- Leveraging Threat Intelligence in Security Monitoring.
- The Future of Security: The Trends and Technologies Transforming Security.
- Security Analytics with Big Data.
- Security Management 2.5: Replacing Your SIEM Yet?
- Defending Data on iOS 7.
- Eliminate Surprises with Security Assurance and Testing.
- What CISOs Need to Know about Cloud Computing.
- Defending Against Application Denial of Service Attacks.
- Executive Guide to Pragmatic Network Security Management.
Top News and Posts
- 110,000 Wordpress Databases Exposed.
- Whitehat Security’s Aviator browser is coming to Windows.
- Missing the (opportunity of) Target.
- PWN2OWN Results.
- Symantec CEO fired.
- The official ‘CEO Transition’ Press Release.
- This Is Why Apple Enables Bluetooth Every Time You Update iOS.
- Threat Advisory: PHP-CGI At Your Command.
- IBM says no NSA backdoors in its products.
- Google DNS Hijack.
- 14% of Starbucks transactions are now made with a mobile device. And what the heck is a “Chief Digital Officer”?
- New Jersey Boy Climbs to Top of 1 World Trade Center.
- Are Nation States Responsible for Evil Traffic Leaving Their Networks?
- Full Disclosure shuts down.
- NSA Program monitors content of all calls. Country details not provided.