By Jack M. Germain E-Commerce Times
02/16/07 4:00 AM PT
What's it going to take for the industry to see higher identity and access management adoptions? For Imprivata CEO Omar Hussain, that's a philosophical issue. "There are two or three real drivers to achieving this," he said. "On the network side we need to add another form of access recognition. ... On the physical side we need a solution to the employee tailgating problem."
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
Recent high-profile data breach incidents have placed in the spotlight for many IT departments and corporate executives the importance of innovative solutions for effective identity and access management (IAM) solutions. Imprivata, which specializes in identification and access management appliance solutions, is positioning itself as the vanguard for better corporate security.
Imprivata was founded by entrepreneurs who pioneered identity management technology while working at Polaroid's small-business division. Imprivata's security solutions have earned the company a citation by Info Security Products Guide, a publication tracking security-related products and technologies, for its execution of products, people, performance and potential as a "Hot Companies" winner for 2007.
Imprivata's CEO, Omar Hussain, has strong views on his company's vision to deliver breakthrough appliance-based authentication and access management solutions. His goal is to provide out-of-the-box functionality and ease-of-use mechanisms to his customers and partners worldwide.
He knows that the odds are still against that happening easily. Forrester Research recently pegged adoption rates at no higher than 30 percent for comprehensive IAM products.
Hussain is convinced, however, that the key to bringing corporate security to its next level lies in fostering a foundation for the convergence of physical and logical security systems. Hussain shared his thoughts on convergence with the E-Commerce Times.
E-Commerce Times: What factors are driving the convergence of physical and logical security systems?
Omar Hussain: Two things are at the wheel. In the government market it is the legislation that requires both physical and logical (network) security. In the commercial market it is a need for more complete security and for economic concern. But there are no laws requiring this heightened security in this space.
ECT: How critical is the cost factor in considering convergence options?
Hussain: It is very expensive for a company to change its physical security layout. But this is a necessary expenditure because there is a problem caused by the instant user close out. Procedures are usually in place at many companies to remove a worker from the physical security system when the worker is fired or quits. This involves collecting access badges and canceling keypad codes, etc. But nobody remembers to lock the former worker out of the logical system--the network.
Many companies today have two systems of security running separately. They have the physical building barriers and the logical or network boundaries. But they are not tied together. Often, depending on the industry involved, compliance and reporting rules place additional burdens on securing physical and logical systems.
ECT: What are the barriers that enterprises face in deciding to integrate converged security solutions?
Hussain: Convergence of physical and logical boundaries has been talked about for years. Until now, implementation approaches were not good for commercial use. Doing a security convergence would require equipment upgrades to new security hardware that cost massive financial outlays.
When corporate executives realize that cost of converging security is not going to lead to adoption, they need a way to leverage what they have to accommodate convergence. The ideal solution would be a one-click button to match up two related identities. For instance, the network log-on is one identity. The building access is the second identity. What is needed is a mechanism to set rules and policies to cover both entities.
ECT: What is it going to take for the industry to see higher IAM adoptions?
Hussain: That is a philosophical issue. There are two or three real drivers to achieving this. On the network side we need to add another form of access recognition -- tokens, etc., to bolster a strong authentication. On the physical side we need a solution to the employee tailgating problem. This is a big, big problem. It occurs when a worker uses his access card or password to enter a controlled access and is followed in by others who may or may not be authorized to enter with him.
Either way, there is no record of the additional access and presence in the physical system. We also need a way to prove who is in the building using a login on the logical side, the network.
ECT: Isn't this similar to previous security concerns when corporations ventured onto networks?
Hussain: Yes, in the early days of network security, companies had to rely on firewalls to protect the network from outside intrusion. At first it was too expensive for all companies to deploy so nobody but banks had firewalls. Now firewalls are so ubiquitous that they are built into network routers.
At the start of the network security process, purchasing firewalls was impractical for many companies. The same thing is happening with the need to deploy convergence. The cost has to come down and the complexity has to go away. Then convergence will happen just as hardware and software security via firewalls and routers got accepted into mainstream business.
ECT: How do you see the market potential for accepting new measures for security?
Hussain: We face a huge untapped market. The logical side is all secured at the perimeter with multi-layered solutions. On the physical side there are cameras and keypads, etc. There is no system available today to identify the user in both because no system talks to both parts of the security systems. We need more coverage of both parts of the security fields. We need to focus more on the part that involves where the user is within the physical system.
From a business standpoint, the need is there. The value to the company is evident. The ROI is justified. But until now, the solution to convergence has been lacking.
ECT: How is Imprivata addressing these issues?
Hussain: Our solution does that. We run an open source platform and add proprietary software to it. It is still very early for widespread adoption. We have to integrate two different markets. The physical side is very mature and well established. We need to get both sides to cooperate. In many enterprises it is very political between these two factions of security.
Click Fraud: A Growing Nuisance for Web Advertisers, Part 2 February 14, 2007
Click fraud, the practice of misrepresenting click-throughs in online ads in order to cheat advertisers, is a growing problem in e-commerce. There are, however, ways for advertisers to fight back and improve their return on investment. Software companies are developing tools to more accurately track and audit Web ad traffic.
Related Stories
Patch Tuesday: 12 Down, Vista to Go February 15, 2007
The dozen patches issued by Microsoft Tuesday include fixes for very serious flaws, said FireEye CEO and founder Ashar Aziz, who predicted Microsoft will distribute more fixes for Vista in the near future. Although Microsoft's new OS raised the bar for security, he added, such a complex and vast program is bound to contain many flaws and exploits.
Linux vs. Vista: How Does Security Stack Up? February 13, 2007
For consumers looking to boost their computers' security, is Vista the way to go? Or can Linux provide greater protection from hacker attacks? In the face of viruses, worms or other breaches, the answer is obvious. "We don't need a survey or study to determine the answer. The answer is universal with those that actually manage these systems," said John Cherry of the OSDL Desktop Linux Working Group.
Sun Microsystems' Vipul Gupta: Security Never Rests February 12, 2007
In network security, engineers have to run as fast as they can just to keep up. "Something that is here today will not be good enough for tomorrow," said Sun Distinguished Engineer Vipul Gupta. "About five years ago, DES was ruled inadequate. Now we are moving from RSA to a new deployment of ECC."
More by Jack M. Germain
Microsoft FOSSifies .Net Micro Framework November 18, 2009
Microsoft has declared its .Net Micro framework open source under the Apace 2.0 license. Not all bits of .Net Micro are covered, however. Its TCP/IP stack has been stripped, as has its cryptography libraries. Rights to the TCP/IP stack aren't Redmond's to give, and the cryptography libraries are used outside of the scope of the .Net Micro framework, according to the company.
New Ubuntu OS Features Create Good Karma November 13, 2009
Amidst the OS upgrades from Apple and Microsoft over the last few months, the Linux OS Ubuntu got a version bump of its own. Ubuntu 9.10, or Karmic Koala, is well worth the effort to upgrade, and its developers have made the process easier -- if you're using the full-sized desktop/notebook version. The Remix version, intended for netbooks, caused quite a few headaches.
Samsung Chimes In With Bada Mobile OS November 11, 2009
With Android, iPhone, BlackBerry, WinMo, Symbian, WebOS and plenty other mobile platforms fighting for space, is there room for one more? Samsung believes there is, and it's announced a new open mobile platform called "Bada." The company, which already makes handsets for several existing platforms, says Bada will make app-making easy for developers. The first Bada handset should be out in the first half of 2010.
Headline Feeds
Talkback: 
