Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

7/26/2010
02:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Ping Identity Calls For A Password Non-Proliferation Treaty

Ping Identity CEO Andre Durand challenged a group of Internet industry leaders to work together to solve the protocol and architectural challenges of identity management in the cloud

KEYSTONE, Colo. – July 21, 2010 – Cloud Computing promises to free applications from vendor lock-in and the confines of company walls. Business is on the move with laptops, smart phones, and tablets. Access to applications can no longer be limited to a desk, building or campus. But with the new found freedom that the Cloud promises comes a very different set of security challenges.

Today at the Cloud Identity Summit, Ping Identity CEO Andre Durand challenged a group of Internet industry leaders to work together to solve the protocol and architectural challenges of identity management in the Cloud that is creating a growing number of user passwords and threatening Cloud Computing’s long-term success.

“Each new Cloud application brings its own directory and associated overhead for managing users and permissions,” said Durand “Users must juggle dozens of separate logins and passwords, administrators are drowning in user provisioning tasks and IT is losing visibility and control. Proprietary solutions can’t scale. We must work together as an industry to stop the password proliferation for stronger Cloud Security.”

A substantial gap remains between companies that see potential value in Cloud Computing and those that are actually doing it according to a 2009 Kelton Research survey. Respondents reported that internal IT systems are too expensive, and two-thirds view Cloud Computing as a way to reduce up-front costs. Yet more than 80% of those with only internal IT systems don’t plan on integrating any form of Cloud Computing over the next 12 months. Why? By a five-to-one margin, respondents feel that their own IT systems are more secure.

Durand says delivering true Cloud Security requires industry-wide collaboration on standards so that scale and loose coupling can be achieved.

“We must have identity management systems that are inherently capable of interfacing with one another. To achieve this, all of our use-cases for identity and security must be based on open standards, freeing us to couple systems, applications and users across both internal and external scenarios, and freeing users to access applications from any location or device,” he said. “Identity federation – a single, strong user password – must be at the center of this new era of Internet Identity Security. Our customers show us again and again that SSO is key to enabling the access, authorization, account management and audit capabilities necessary to ensure Cloud security and bring an end to password proliferation.”

51% of Ping Identity’s customers said they purchased PingFederate Internet SSO and Internet User Account management software to secure access to SaaS and other external applications according to a recent TechValidate survey. Half said eliminating employee passwords was a primary buying driver. 37% said they use PingFederate to provide customers and vendors with access to Internet-based applications without managing third party identities and passwords and 10% said they are using PingFederate to meet an internal mandate for no passwords in the Cloud.

Ping Identity’s Cloud Identity Summit 2010 has converged a powerful group of industry change leaders including identity and security experts from Cisco, Cloud Security Alliance, Google, Microsoft, SafeNet, Salesforce.com, OASIS, Paypal and VeriSign. They are sharing their thoughts and plans for identity and security in the Cloud. Participants will take away greater insight into the converging worlds of identity management and Cloud security and Ping Identity CEO Andre Durand hopes, an industry-wide commitment to closer collaboration for the good of Cloud security.

###

About Ping Identity Corporation

Ping Identity is the market leader in Internet Identity Security, delivering on-premise software and on-demand services for Internet Single Sign-On (SSO), Identity-Enabled Web Services and Internet User Account Management. More than 450 enterprises, government agencies, Software-as-a-Service (SaaS) vendors and online service providers worldwide rely on Ping Identity to streamline application access, reduce administrative costs, generate additional revenue and improve security. Visit www.pingidentity.com for additional information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.