For Security & Risk Professionals

Case Study: Baker Tilly Virchow Krause Builds Trust With Strong Authentication

Customer Data Is Accessible Yet Safe Whether Users Are Connected Or Not

by Bill Nagel, November 16, 2009

Matt Jennings at Baker Tilly Virchow Krause needed to overhaul the accounting and advisory firm's security processes and technologies to ensure ongoing regulatory compliance and customer confidence. Replacing the company's use of a single password as . . .

For Application Development & Program Management Professionals

Your Enterprise Database Security Strategy 2010

Stronger Measures Have Become Essential To Defend Against Growing Attacks

by Noel Yuhanna, September 28, 2009

With increasingly sophisticated attacks and rising internal data theft, database security merits a stronger focus that goes beyond traditional authentication, authorization, and access control (AAA). A single intrusion that compromises private data such . . .

For Security & Risk Professionals

Market Overview: Firewall Auditing Tools

by John Kindervag, July 30, 2009

In the battle to protect your organization's information and assets, firewalls are the first line of defense for preventing attacks against the network. And for the most part, they've succeeded at keeping the enemy at bay — that is, when the firewall . . .

For Security & Risk Professionals

Case Study: The Smart Card Is King At Deloitte Ireland

A Multifunctional Authentication Credential Is Now Integral To Employees' Daily Lives

by Bill Nagel, July 23, 2009

John Gray at Deloitte Ireland had a vision for a multifunctional second-factor authentication credential that would not only address the company's need to better protect its data, network, and facilities but also become a positive aspect of the firm's . . .

For Security & Risk Professionals

Best Practices: Implementing Strong Authentication In Your Enterprise

Kill Two Birds With One Token

by Bill Nagel, July 23, 2009

The adoption of strong multifactor authentication (MFA) is on the rise. It's often the first port of call on the journey to a fuller identity and access management implementation; MFA directly addresses the password problem, which is a well-known and . . .

For Security & Risk Professionals

Case Study: For Avaya, Customers Are Not A Token Consideration

A Plug-And-Go Smart Token Combines With PKI For Security And Auditability

by Bill Nagel, July 23, 2009

Rick Robinson at Avaya had a vision for a multifunctional second-factor authentication credential that would satisfy customer compliance requirements without significant adverse effects on his engineering and technical support staff. By testing how well . . .

For Security & Risk Professionals

PCI X-Ray: Network Segmentation

by John Kindervag, July 17, 2009

To effectively deal with the broad and complex requirements of Payment Card Industry (PCI) data security, you need to break the elements apart to provide enhanced clarity. We've designed the PCI X-Ray series to provide actionable information to help Forrester . . .

For Security & Risk Professionals

IT Security's Critical Role During Layoffs

How To Safeguard Company Data In Difficult Times

by Andrew Jaquith, July 2, 2009

The Gateway Recession of 2009 has brought the prospect of slowing sales and profits — and job losses. Although layoffs are never desirable, they are often necessary. Much of the responsibility for keeping company data safe during layoffs falls to security . . .

For Business Process & Applications Professionals

Best Practices: Customer Onboarding

A Visible Target During Economic Uncertainty

by Craig Le Clair, April 27, 2009

Take customer onboarding . . . please. Customer onboarding lags behind other business processes in both the quality of customer experience and costs. The poor state of customer onboarding results in customers abandoning the application process, loss of . . .

For Security & Risk Professionals

Identity And Access Management Adoption In Europe: 2008

by Bill Nagel, April 16, 2009

Interest in and adoption of identity and access management (IAM) technologies has been growing steadily over the past few years, fueled both by the desire to streamline processes relating to employee, contractor, partner, and customer access to company . . .

For Security & Risk Professionals

PCI X-Ray: IDS And IPS

by John Kindervag, April 8, 2009

To effectively deal with the broad and complex requirements of Payment Card Industry (PCI) data security, you need to break the elements apart to provide enhanced clarity. We've designed the PCI X-Ray series to provide actionable information to help Forrester . . .

For Security & Risk Professionals

Inquiry Spotlight: E-Signatures, Q2 2009

by Bill Nagel, April 2, 2009

The current economic and regulatory climate has made it more important than ever for firms to find ways of streamlining business processes while maintaining the security and integrity of the associated data. E-signatures combine the security of digital . . .

For B2B Market Research Professionals

Healthcare Identity And Access Management  (398 KB PPT)

by Eric G. Brown, March 31, 2009

Earlier in the decade, HIPAA compliance was driving security and identity access management. The current drivers are now coming directly from the business goals to improve operations and enable clinical access.

For Security & Risk Professionals

The GRC Technology Puzzle: Getting All The Pieces To Fit

Breaking Down The Complex GRC Technology Landscape

by Chris McClean, February 3, 2009

At a time when the global business community struggles to enhance internal controls and maintain long-term viability, improvements in governance, risk, and compliance (GRC) programs can be well worth the investment. Technology plays an integral role in . . .

For Technology Product Management & Marketing Professionals

Hot Banking Tech Companies To Watch In 2009

Profiles Of Technology Companies That Address Banking's Changed World

by Ellen Carney, December 22, 2008

The banking industry is going through its most challenging period since the Great Depression. Bank capital structures are stressed because of write-downs and write-offs, formerly high-flying investment banks face the more regulated world of retail banking, . . .

For Security & Risk Professionals

Case Study: Unisys Takes Its Own Authentication Medicine

Systems Integrator Chooses An Integrated Credential To Solve Global Physical And Logical Access Challenges

by Bill Nagel, October 21, 2008

Unisys is a large and diversified systems integrator with operations worldwide. In recent years, the firm has seen its global workforce become increasingly mobile. At the same time, techniques to defeat passwords have become more sophisticated, eroding . . .

For Security & Risk Professionals

Confessions Of A QSA: The Inside Story Of PCI Compliance

by John Kindervag, September 11, 2008

PCI (Payment Card Industry) compliance — a requirement for accepting credit card transactions — can be difficult. About 65% of global enterprises are still working on their PCI compliance initiatives. But PCI compliance is an ongoing effort, not a bounded . . .

For Security & Risk Professionals

A US National ID Begins To Take Root

WHTI, EDL, And REAL ID

by Geoffrey Turner, July 21, 2008

In the aftermath of the Al Qaeda attacks on 9/11, the US government realized that the lack of effective identity credentials for use in domestic air travel was a contributing factor in the attacks' effectiveness. Several initiatives have since been launched . . .

For Security & Risk Professionals

Market Overview: Strong Authentication For Enterprises In 2008

Securing The Doors To Your IT Environment

by Bill Nagel, July 16, 2008

Security professionals have long known that passwords are no longer sufficient to act as the sole means of gatekeeping access to enterprise network and data resources. Increasingly, they're putting that knowledge into action: More than half of the enterprises . . .

For Security & Risk Professionals

Biometrics: State Of The Art And Future Implications

by Geoffrey Turner, May 12, 2008

Biometrics has matured to the point where several technologies have been internationally standardized and incorporated into major international and national identity verification implementations across both the public and private sectors. Because these . . .

For Security & Risk Professionals

Topic Overview: Identity And Access Management

by Andras Cser, April 14, 2008

Identity and access management (IAM) is the entire aspect of maintaining a person's complete set of information, spanning multiple identities and establishing the relationship among these various identities with the goal of improving data consistency, . . .

For Security & Risk Professionals

Extending Mobile Identity Beyond Authentication

Banks, Mobile Operators, And Vendors Team Up For SIM Card-Based Security

by Bill Nagel, April 11, 2008

With mobile phones reaching saturation levels in many countries, banks and other service providers are taking a second look at providing financial and commercial services over the mobile channel. Mobile banking and PKI both flamed out spectacularly in . . .

For Security & Risk Professionals

Government eID Projects Need Private Sector Initiative And Support For Broader Success

A Look At Europe's Experience With PKI-Enabled National ID Cards

by Bill Nagel, April 7, 2008

To date, at least 12 European countries have either developed or rolled out national electronic citizen IDs (eIDs) based on a government-created and -managed public key infrastructure (PKI) or are in the process of doing so. National governments intended . . .

For Security & Risk Professionals

Biometrics: Beginning To Fulfill Its Promise

by Geoffrey Turner, Bill Nagel, February 26, 2008

Public uncertainty about biometrics' impact on privacy and civil liberties has long kept the technology from realizing its full potential. However, these concerns have stemmed primarily from an incomplete understanding of the technology and a mistrust . . .

For Security & Risk Professionals

Case Study: 1 Million Strong For Absa

Rapid Response, Decisive Action, And Forward Thinking Add Up To Mobile Authentication Success

by Bill Nagel, January 31, 2008

In 2003, the South African bank Absa Group faced a big obstacle: It was the victim of one of the first major phishing attacks on Internet banking that the country had seen. Up to that point, account numbers and PINs had sufficed to safeguard customers' . . .