Two-Factor Authentication|Identity|Secure Access Management|Assurance - Anakam

Products Services Solutions Company Knowledge

Home : News : Blog

Anakam Blog
Insights into Authentication, Identity Management and Trusted Access

Monday, August 23, 2010

Password Policies and Identity Security
by Anna Slomovic, Anakam CPO

In spite of security concerns, many users still choose passwords that are easy to guess, write down their passwords and share them with others. They also re-use their passwords on multiple sites, and sometimes use the same passwords on sites that do not house sensitive or personal information, like content sites, and ones that do, like financial services sites. This type of password usage makes the users' identities much more vulnerable to theft and fraud.

Thursday, August 5, 2010

The Fine Print Isn't Enough
by Anna Slomovic, Anakam CPO

Installing automated strong authentication linked to potentially risky transactions, like password reset, helps mitigate security risks. Businesses and individuals expect their sensitive information and financial interests to be protected, no matter what the contractual small print says. The Baidu case and others like it tell us that the courts also agree, but good business practices shouldn't wait on the courts for a reading on the minimal effort required. Best practice tells us that protecting your customer's personal information and your own corporate data is the smart thing to do.

Wednesday, June 23, 2010

Vulnerability Assessment — Do You Know Who Is Accessing Your Data?
by Anna Slomovic, Anakam CPO

Organizations remain accountable for data protection whether their data resides behind corporate firewalls or in the cloud, and regardless of the method by which the data is accessed. Analyzing potential attack vectors related to remote access, identifying vulnerabilities, and implementing solutions to minimize risk of compromise is an essential part of securing systems and networks. The threats and potential vulnerabilities involving credentials used to access corporate networks and view or transact business with corporate data need to be addressed along with more traditional defense assessments.

Tuesday, June 8, 2010

Context-based Identity Proofing
by Brent Williams, Anakam CTO

Context-based identity proofing acknowledges how an identity will be used and is tailored to meet the levels of risk associated with the identity and the transaction. It builds from existing levels of trust already established within an industry vertical or a group within a circle of trust.

Wednesday, May 26, 2010

Federation vs. Single Sign On
by Brent Williams, Anakam CTO

As mobile banking webs, cloud-based databases, and electronic transaction applications continue to proliferate, the knowledge of who has access to the system and who verified the user’s identity will be essential. The trust fabric between organizations needs to leverage identity proofing, professional credentialing, and authentication as part of a comprehensive approach to risk management.

Wednesday, April 21, 2010

Protecting Against Willful Compromise
by Brent Williams, Anakam CTO

A lock is easily opened when the owner gives the key to somebody else. This is true for gaining access to online accounts with passwords as well as second factor authentication tokens and smart cards. The act of token fraud may increase the likelihood of identity fraud, but it is fundamentally different from identity fraud, and different means of risk mitigation are needed to counter the fraud if it is a concern for the enterprise.

Friday, April 2, 2010

Privacy and Consent in Patient Health Information
by Anna Slomovic, Anakam CPO

The growing scale of electronic health information exchange has brought us face-to-face with the question about the extent to which patient should be able to control access to their health information. With paper records patients could decide to not tell one doctor about other doctors they were seeing, or not to tell one doctor what medications were prescribed for them by other doctors. This is being fundamentally changed by the ability to search for electronic health information and then collect and collate it.

Wednesday, March 10, 2010

Don’t Put the Key Under the Mat – Authentication AND Encryption Working Together
by Anna Slomovic, Anakam CPO

In order to prevent different types of attacks against usernames and passwords, organizations have made the login process more difficult--passwords have become more complex, additional “security questions” have become part of the process, and some organizations have moved toward two-factor authentication either because they are required to do so by regulation or because they find the risk of unauthorized access to be too high for the type of data they house.

Tuesday, March 2, 2010

Understanding the Identity Lifecycle—Part 3
by Brent Williams, Anakam CTO

The identity lifecycle involves a series of different processes, each with its own essential role. These processes can be classified into identity creation and validation (sometimes also called “registration”), authentication, and identity change management. In this final installment in the series we will discuss how identities change and how the changes are managed over time.

Monday, February 22, 2010

Understanding the Identity Lifecycle—Part 2
by Brent Williams, Anakam CTO

The identity lifecycle involves a series of different processes, each with its own essential role. These processes can be classified into identity creation and validation, authentication, and identity change management. In Part 1 of this blog series we discussed how an identity is created and validated within the enterprise. In this post we will discuss how registered identities are used to gain access to systems, applications and data.

1 2 3

Anakam News

News

Blog

Policy

Technical

August 23, 2010
Password Policies and Identity Security August 5, 2010
The Fine Print Isn't Enough June 23, 2010
Vulnerability Assessment — Do You Know Who Is Accessing Your Data? April 2, 2010
Privacy and Consent in Patient Health Information March 10, 2010
Don’t Put the Key Under the Mat – Authentication AND Encryption Working Together

January 29, 2010
Multiple First Factor Questions Do Not Equal Multi-factor Authentication February 9, 2010
Understanding the Identity Lifecycle—Part 1 January 6, 2010
Proposed Rule on the Electronic Health Record Incentive Program February 10, 2010
Secrets and Authentication February 22, 2010
Understanding the Identity Lifecycle—Part 2

Product Demo

Want to learn more about our products in the Anakam Identity Suite®? Request an online demo or contact us directly at (888) 826-2526.

Product Demo

Subscribe to this blog

Blogroll

Burton Group Blogs: Identity and Privacy

Gartner Blog Network

Kim Cameron's Identity Weblog

Life as a Healthcare CIO

NIST Computer Security Division

Privacy Rights Clearinghouse