Novell News » security management

Control from Afar – A Few Tips on Managing Access Remotely

Amie Johnson — Mon, 08 Nov 2010 23:07:31 +0000

Any firm with concerns about network and facility security has to be aware of the challenges that come with Identity Access Management. It's s not a simple process that requires one key, one door, one lock. IAM poses myriad challenges to any enterprise, not the least of which is remote identity management is still the responsibility of the IT department to monitor authentication to ensure proper access to approved personnel.

Anything larger than a mall kiosk requires a complete security framework to manage access, information exchange, separation of duty (SoD) monitoring and more. Further, the real challenge today is performing all these IAM tasks from a central location – or from the road via smartphones and mobile devices.

Here are a couple things to know about remote IDM from respected industry knowledgebase discussion.*

You can use remote tools without affecting permissions and rights

When implementing remote-access tools, users maintain the same access to files and shared drives as they do at the office.

Remote-access tools can be either software or service

Software requires that administrators have the program loaded on both remote and host computers. Hosted services require a subscription and then route access through their servers. These are browser-based and allow access from any browser. Both solutions provide remote system access – it

Beyond that, there are several best practices for securing your network and facilities. According to an article by George Wrenn, there's a five-point strategy for ensuring secure remote access. Briefly, these are…

Software and policy must be interconnected. Create a policy that defines the exact security software controls that must exist on systems with remote access.

Install and monitor a product (either software or server-based) that offers comprehensive endpoint security management and policy enforcement. This puts the control in your hands.

Enforce enterprise-wide compliance through education. Let employees, contractors, partners and clients know how systems and information is protected and ensure that all audiences use the proper protection and access techniques.

Establish reporting that informs and assists IT in making decisions about access. This reporting can include alarms, out-of-compliance alerts and more. Ultimately, access figures will ensure that IT has enough information to implement security measures going forward.

Continually review and revise security policy based on real-world practice. Knowing how and why systems are being accessed – and by whom – arms you with information you need to make informed decisions about securing your data, servers, facilities and access to each.

Learn more about network and enterprise security as it pertains to IAM here.

Taking Pervasive Enterprise Security Up a Notch

Amie Johnson — Thu, 19 Aug 2010 21:16:10 +0000

Guest post: Jay Roxe, director of solution marketing, Identity and Security, Novell

Despite some of the buzz in the blogosphere today (see links below), Intel’s acquisition of McAfee makes sense. I believe it’s premised on the need to provide security in the growing mobile space. Intel has a chance to produce some differentiated technology for mobile and that will also flow into data centers. This surprise acquisition also acknowledges that security is something enterprises expect at all levels of the software stack. This also validates that security should no longer be viewed as “part” of an IT strategy. It’s an essential ingredient to every part of the IT ecosystem.

The challenge is that pervasive security is hard. You’ve got to have the chops to implement the right security policies for your organization. Let’s face it – cybercrime has advanced from being lone wolves and script kiddies to organized crime using military-grade techniques. Enterprises need to be increasingly worried about their data. To meet these threats, security must be pervasive throughout the enterprise, and Intel has taken the first step to embed security directly into hardware. Security also needs to be integrated in the operating system, the application and the cloud so that enterprises can log and correlate events to look for rogue activity from either internal employees or external threats. This takes knowledge, and the right solution providers to help you navigate the complexities of this ever evolving risk landscape. I’m sure we’ll see others with different takes on how to solve this but Intel has made a bold and interesting move.

Andrew Jaquith's Blog
Threatchaos.com
The Register
Securosis

The best kept secret everyone knows

Amie Johnson — Fri, 21 May 2010 16:50:19 +0000

I have lost count of the number of news articles I’ve read, or discussions I’ve had with customers, reporters, analysts and others when the topic of Novell’s Identity and Security products come up and I get a respectful nod of approval and acknowledgement that we have well engineered solutions.

We’re the St. Louis Cardinals of identity and security management. The Cardinals consistently have a solid team. They’re respected by those that really know baseball including fans, the MLB organization and even competing teams. They also have an amazingly loyal fan base. Yet, they don’t get the same attention and publicity as the New York Yankees. That’s just not their style.

On Wednesday we announced a “new team.” Identity Manager 4 is a family of solutions. According to Larry Walsh at Channel Insider, “the best kept secret in security is Novell's identity management solutions. Today, Novell is taking the wraps off the latest incarnation of its suite – Identity Manager 4 – which is truly unique in two respects: It's design to manage identities on-premises, virtual infrastructure and cloud applications; and it integrates log and event management for policy enforcement and audits.”

Walsh, a long-time veteran of the security business also highlights other features of Identity Manager 4:

“How effective is Novell at managing identities in the cloud? That's something that will show over time, I suspect. The concept is significant, since many enterprises are wrestling with how to secure data and access cloud computing resources. Novell's Identity Manager 4 promises to give enterprises the ability to provision accounts, manage access rights and revoke credentials with ease and efficiency. That's a security function that's sorely lacking today.”

“The addition of log and event management capabilities to Identity Manager 4 is a tremendously powerful tool for regulatory compliance. Enterprises can use the tool to demonstrate not just how an account was managed, but what actions were taken when anomalous activity was detected.”

So, I’d like to tip my hat to Larry Walsh. We’re pleased you understand our efforts to solve the complex identity and security issues facing the industry today.

Guest Post: Preview Identity Manager 4

Frank Days — Mon, 22 Mar 2010 20:57:55 +0000

Guest post by Lucy Sullivan, Solution Marketing Manager – Identity and Access Management

We are previewing Novell Identity Manager 4 this week at BrainShare. One of the major changes is that there will be three members of the Identity Manager family:

Novell Identity Manager 4.0 “Capricorn”: Our market-leading product continues to raise the bar with improved reporting, scalability, and programmability.
Novell Identity Manager 4 “Dorado”: We're demonstrating Dorado at Brainshare this week. It features integrated identity management, roles management, cutting-edge reporting, built-in content packaging framework and the ability to ensure security policy across various system domains.
Novell Compliance Management Platform: This ensures real-time compliance by providing the most complete IT GRC, user control and certification solution on the market today.

Learn about Novell Identity Manager 4 at novell.com/idm4launch.

Welcome Amie Johnson!

Ian Bruce — Mon, 06 Oct 2008 20:25:58 +0000

I'm very pleased to welcome Amie Johnson to the Novell PR team. Amie started work last week and will be supporting our identity and security management solutions, as well as PR for our channel.

Amie brings great experience to Novell. Before joining us she ran worldwide PR for Burton Group, a leading IT analyst firm with a large and well-respected security/identity practice. She's also worked for PR agencies and has managed marketing programs and activities, as well as analyst relations. Amie will be based in our Provo, Utah office and I'm sure will soon be actively posting on this blog.