Identity And Access Management Research Articles

M&As and market value creation in the information security industry

Facing mounting competition from large information technology (IT) conglomerates, information security firms have engaged in a multitude of mergers and acquisitions (M&As) to survive and remain profitable. In this paper, we uncover some characteristics that make these M&As valuable to the acquiring firms’ stock market value. Using a combination of event study and regression analyses, we analyze longitudinal panel data from 787 M&As initiated by 174 public information security firms between 1998 and 2011. We find that, on average, M&As are associated with an increase in the stock market value of information security acquirers. Moreover, our results show that whereas smaller information security acquirers gain more from domestic diversification, larger information security acquirers are better off seeking M&A targets internationally within their line of business, especially during good economic conditions. Our analysis also reveals that M&As with identity and access management (IAM) targets are perceived favorably by the stock market regardless of other M&A characteristics. This paper contributes an information security-IT complementarities framework that, along with our findings, carries valuable managerial insights.

Open sourcing the future of IAM

Every CIO needs a reliable identity relationship management (IRM) system, the more evolved version of identity and access management (IAM), for protecting not merely employee and partner data, but now millions of customers' data.

Mediated IBC-Based Management System of Identity and Access in Cloud Computing

Cloud computing is a new technology that provide to consumers dramatically scalable andvirtualized resources, bandwidth, software and hardware on demand. However, cloud computingintroduces serious security problems. One of these major security concerns is the management ofaccess and identities of different entities involved in such environment. This paper proposes a newsystem for Identity and Access Management (IAM) based on combining the techniques of Identity-BasedCryptography (IBC) and security mediated cryptography with the Trusted Cloud (TC) to facilitate thesecure management and access control for cloud computing. IBC is an interesting choice for IAM as itsignificantly reduces the key management complexity. On the other hand, mediated cryptographyenables system administrators to achieve access control in a fine grained manner, while a TC canprovide a Single Sign On (SSO) ability to users. The paper also presents results of the developedprototype implementation of the proposed IAM system.

Event Driven Identity Management Systems

Businesses typically have several services where employees may log in using some centrally provided credential(s). However, those credentials are usually system specific and stored separately in different records - one for each system. When one of the attributes (e.g. name or title) common to some credentials changes, it should be updated everywhere to match. Doing this in batch mode e.g. once a day has at least the following drawbacks: ● Creates delay (credentials are out of sync until batch is run) ● Unnecessary processing of identities that didn't change ● High system load while identities are being synchronized Event driven identity management trades all these flaws to increased complexity. In Helsinki Metropolia University of Applied Sciences such system, an in-house developed software named Amme (translates literally into basin, tub), is being used. The purpose of this paper is to present an overview of the software architecture and behaviour of Amme as an example of an event driven identity management system. This paper also studies other parts of IAM (Identity and Access Management) architecture and support processes in Metropolia e.g. software systems where identity information is originated, directories where data is populated, custom interfaces for software systems and single-sign-on - architecture.

Identity – the new perimeter

Identity has become key in a de-perimeterised world. Effective Identity and Access Management (IAM) enables open interaction between a business and employees, consumers or customer and partner organisations. Identity has become key in a de-perimeterised world. Effective identity and access management enables open interaction between a business and employees, consumers or customer and partner organisations. However, many organisations are struggling to get identity management right, reports Tracey Caldwell. Organisations may have recognised the need for identity management, but many are making basic mistakes implementing it. She explores the issues and ways in which they can be addressed.

Management of Identity and Access in the Cloud

Cloud computing is new technology that provides cheaper, easier, and more powerful processes to customers over internet. The cloud service provider (CSP) provides virtualized resources on Internet instead of using software or storage on a local computer. The economic benefits are the main reason for using cloud computing. Cloud computing dynamically delivers everything as a service (XaaS) over the internet based on user demand, such as network, operating system, storage, hardware, software, and resources. Thus, many security and privacy issues must be taken into consideration. The services of cloud computing are usually classified into three types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). This paper aims to achieve two main goals. The first is to review the field of cloud computing with an emphasis on the identity and access management (IAM) in the cloud. Secondly, we will report on our ongoing work for developing a novel system for IAM based on the techniques of Identity-Based Cryptography (IBC) security mediated cryptography. The proposed system architecture will be outlined along with some of the major operational steps.

Regulatory Influence and the Imperative of Innovation in Identity and Access Management

In an effort to protect end users from identity theft, policy makers have enacted numerous regulations that require organizations to acquire identity and access management (IAM) technologies. In this paper, the authors develop and validate a conceptual framework that captures the unique characteristics of information security regulations and their impact on demand for IAM technologies, and the innovation and market value of IAM firms. Using paired two-sample for means t-tests and the Chow test, the authors demonstrate that the annual changes in sales of IAM firms from 1998 to 2008 are higher than those of other information technology (IT) firms around the time that information security regulations were enacted. The vector autoregression analyses show that IAM innovation is demand-driven, consistent with Schmookler’s “demand-pull” hypothesis, and has been positively valued by stock market investors. As such, our results demonstrate how policy makers can stimulate innovation and increase shareholder wealth by regulating IT consumers.

Identity in the cloud

The provisioning and management of users' accounts in the cloud is a problem, and one that undermines many of the advantages that cloud-based architectures appear to promise, such as reduced costs. The current Identity and Access Management (IAM) situation is inconsistent across architectures and fails to make use of existing standards. However, a new standard promises to ease these issues.

Identity and Access Management: the second wave

Many regulated organisations are now starting to activate a second wave of Identity and Access Management (IAM) initiatives as they attempt to rectify the mistakes made in the first attempt. Organisations are starting on a second wave of Identity and Access Management (IAM) projects as they attempt to rectify the mistakes made the first time round. Cath Everett explores what went wrong and why focusing on processes, governance and people rather than technology is the only way to create sustainable and secure ways of working. She also looks at what the future is likely to hold and what we can expect to see in the third wave.

Identity and access: How to protect your business

AbstractHow good is your Internet security? What procedures do you have to protect your most valuable electronic assets? As e‐business grows, so does the need for identity and access management (IAM). But what exactly is IAM, and how can it protect your business? © 2008 Wiley Periodicals, Inc.

Managing information security in a business network of machinery maintenance services business – Enterprise architecture as a coordination tool

Today, technologies enable easy access to information across organizational boundaries, also to systems of partners in business networks. This raises, however, several complex research questions on privacy, information security and trust. The study reported here provides motivation and a roadmap for approaching integrated security management solutions in a business network of partners with heterogeneous information and communication technologies (ICT): Systems, platforms, infrastructures as well as security policies. Enterprise architecture (EA) is proposed as a means for comprehensive and coordinated planning and management of corporate ICT and the security infrastructure. The EA approach is proposed as a pre-requisite for transparent and secure inter-organizational information exchange and business process support crossing corporate boundaries. This study provides an example of security architecture planning based on EA, which aligns the development of technological solutions with the business goals. The EA approach combines the planning of business and ICT developments. The alignment provides arguments for cohesive identity and access management (IAM) in a business network. A case study with Metso Paper, Inc., the leading manufacturer of paper machinery and related services, exemplifies the EA-based security architecture planning and specification.

Human Resources have a vital role to play within employee identity and access management

Many organizations are turning to identity and access management for better security, improved efficiency, maintenance of data quality as well as help with regulatory compliance. However, as more employee role changes occur, employees and non-employees are not losing their electronic privileges when they should. Dale Young at Insight Consulting advocates that IT should make the most of human resources in any identity management process. HR are the authoritative source of employee whereabouts and job descriptions. By getting HR buy-in at the beginning of the project, and leveraging HR life-cycle and life-events, this can significantly reduce an identity access management project life-cycle as the data and structures are already used within the business. This article discusses how to liaise with HR and use its intelligence to manage employee identities. While most organizations view security as 'keeping the bad guys out', Identity and Access Management (IAM) approaches security from the opposite direction - focusing on how to securely let business in and control application access to internal employees, external customers and business partners.

The Great Identity Crisis in Business Computing

Identity management is one of the hottest IT topics in the industry today, with the Gartner Group expecting identity and access management (IAM) to be the fastest-growing product category through 2007, with over 10 percent compound growth rates from 2003 to 2007.