One solution to vulnerabilities such as this one may be mitigated by what Forrester Research, in its report, “The Forrester Wave: Enterprise Cloud Identity and Access Management, Q3 2012,” identifies as the “market moving toward turning IAM [identity and access management].” The report projects the segment emerging into an “explicit business enabler rather than a mere cost center and putting more focus on federated identity administration versus just front-door authentication and access control into remote apps.”
Guidelines: Stopping leaks
5. When evaluating IDP products, organizations should consider using a combination of several sources of data on the products' characteristics.
A variety of vendor-neutral resource material is available to assist the IT manager in developing a strategy to defend against insider threats. The National Institute of Standards and Technology (NIST), a non-regulatory agency of the U.S. Department of Commerce, currently is working on a special publication, the “Guide to Intrusion Detection and Prevention Systems (IDPS).” The draft offers recommendations for companies to protect themselves from both internal and external intrusions.
While another NIST document, “Special Publication 800-94,” was under public review until the end of August, it provides details on intrusion detection and prevention principles, an explanation and analysis of various technologies and their capabilities, and an explanation of how companies can do product selections.
This article originally ran in a Spotlight edition of SC Magazine.