Endpoint

4/26/2018
01:15 PM
Sara Peters
Sara Peters
Slideshows
Connect Directly
Twitter
RSS
E-Mail

12 Trends Shaping Identity Management

As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
3 of 13

GDPR Gives Individuals Ownership of Their Own Identities 

Organizations have grown accustomed to behaving as though any name in a database is a name that belongs to them - collecting, storing, transmitting, buying, and selling individuals' personally identifiable information with relative impunity. The European Union's General Data Protection Regulation (GDPR) changes all that - and it amps up organizations' need for identity governance.

GDPR requires organizations to obtain explicit permission from individuals anytime they collect or share their personal information - autochecked boxes are not explicit enough - and individuals must be able to easily revoke that permission at any time. Individuals have a 'right to be forgotten.' Further, records must be kept of where this identity information is being used everywhere the data flows. 

GDPR applies to any EU citizen data anywhere, so it affects companies across the globe, and it applies to both organizations' customers and their employees, so it will have an impact on both their governance and security of internal and external identities. ForgeRock, which specifically provides IAM for external users, added a GDPR dashboard to their product. 

Enforcement actions for GDPR begin May 25 (after a two-year grace period since the act officially went into place). Those actions include but are not limited to fines of 20 million euros or 4% of annual revenue, whichever is higher.

'GDPR is really seminal,' says Herjavec. Like PCI it will move the industry, but unlike PCI, it affects all industries. He says he's '100% certain' that Canada and the US will have their own version of it.

(Image by Good_Stock, via Shutterstock)

GDPR Gives Individuals Ownership of Their Own Identities

Organizations have grown accustomed to behaving as though any name in a database is a name that belongs to them - collecting, storing, transmitting, buying, and selling individuals' personally identifiable information with relative impunity. The European Union's General Data Protection Regulation (GDPR) changes all that - and it amps up organizations' need for identity governance.

GDPR requires organizations to obtain explicit permission from individuals anytime they collect or share their personal information - autochecked boxes are not explicit enough - and individuals must be able to easily revoke that permission at any time. Individuals have a "right to be forgotten." Further, records must be kept of where this identity information is being used everywhere the data flows.

GDPR applies to any EU citizen data anywhere, so it affects companies across the globe, and it applies to both organizations' customers and their employees, so it will have an impact on both their governance and security of internal and external identities. ForgeRock, which specifically provides IAM for external users, added a GDPR dashboard to their product.

Enforcement actions for GDPR begin May 25 (after a two-year grace period since the act officially went into place). Those actions include but are not limited to fines of 20 million euros or 4% of annual revenue, whichever is higher.

"GDPR is really seminal," says Herjavec. Like PCI it will move the industry, but unlike PCI, it affects all industries. He says he's "100% certain" that Canada and the US will have their own version of it.

(Image by Good_Stock, via Shutterstock)

3 of 13
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2018 | 11:18:25 PM
not only are they manageable, theyre fundamentally consumable from a price point
This item has monumental importance. For IAM and PAM to gain widespread acceptance it needed to become some what of a commodity amongst the different organziational sectors. 
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure Mentem,  12/5/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8651
PUBLISHED: 2018-12-12
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8652
PUBLISHED: 2018-12-12
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8617
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8618
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8619
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Exp...