A small team from Tivoli development, product management, and sales enablement descended upon China and India recently to meet with customers, business partners, and the local IBM security teams. Aside from some seriously good food and some serious jetlag, what else did the Tivoli team get out of this trip? Read on my friends…
China: original architects of “perimeter defense”
We had the good fortune of working in a stop at the Great Wall of China on our travel day between stops in Beijing and Shanghai. Don’t think for one moment that this piece of the itinerary was a touristy boondoggle. Oh no. Our visit to the famous 5,000 mile long collection of walls, trenches, and other natural barriers was all business.
In security parlance, the Great Wall represents the ultimate in perimeter defense. Originally constructed over 2,000 years ago in the Qin Dynasty and improved through the 1600s during the Ming Dynasty to its present form today, the Great Wall performed well to keep the “bad guys out” – whomever the “bad guys” of the century happened to be.
While that is an impressive track record for any security professional, the Tivoli Security team decided to investigate a bit deeper. It turns out that the particular stretch of Wall that we visited was rather unique – and ripe with foreshadowing. We toured the Mutianyu section of the Great Wall, about 70km northeast of Beijing. What is unique about this stretch of the wall is that it was designed to fight off enemies on both the outer and inner sides of the wall.
This concept of finally looking at insider threat proved to be quite prophetic, but was too little, too late for the Ming Dynasty. A disgruntled insider, General Wu Sangui, opened the gates in 1644 from the inside at Shanhaiguan to the advancing enemy. Of course, this led to the fall of the government and certainly led to the loss of jobs for their security professionals.
Major banks and government institutions we visited in present day China have clearly followed suit with their predecessors and focused first on perimeter defense. Fortunately, we are seeing a renewed concern and focus inside these organizations to address insider threat and risk management. It is still a burgeoning area of investment for most firms, but the promising aspect is that the organizations we talked to were most interested in attacking the insider threat because true security risk management was the right thing to do and essential to protect valuable data – and not strictly as a “box to be checked” on an audit.
India: seeking wisdom, prosperity, good fortune…and security.
Our timing to visit Mumbai was very fortunate as we arrived during the annual Hindu festival of Ganesha Chaturthi. I admit that I did not know anything about this festival before traveling to India, but I am very glad the timing worked out to experience it. There are two important things I have learned about Ganesha Chaturthi: 1) worshipers of Ganesha seek wisdom, prosperity, and good fortune; and 2) visitors flying home during the festival should add extra hours to their travel time to the airport because of the processions in the streets. More on that later.
Security wisdom was something we did find in abundance in India. Not only does Tivoli security have major development labs in Pune and Bangalore, but the clients and business partners we met with had a sophisticated view of the types of security threats they were facing and evolving compliance landscapes domestically and abroad. This led to excellent discussions on perimeter defense, intrusion prevention, as well as identity and access management, insider threat and compliance reporting.
The Indian economy is booming and you could see signs everywhere of the country’s increasing prosperity. Organizations we met with clearly recognized the need to proactively handle insider and outsider threats and increasingly have the resources to do so. While there was wide agreement on the scope of security threats, the economics of how to handle those threats still seemed in flux.
Some organizations, like a large bank, saw custom development through a local services firm as the best way to meet its user provisioning and compliance auditing needs. They believed that they could deploy those security controls for a single important system more quickly and cheaply than with a leading commercial software solution. The problem with this approach became apparent when I asked them what happened when they wanted to add one more or 10 more or 20 more systems. Then the total cost of ownership advantages of partnering with a security leader like IBM, and taking advantage of the best practices of clients around the world, became obvious.
Other clients we talked with, like a large telco, expressed a strong desire to leverage IBM’s expertise in managing entire security functions and billing for this service as an operating expense (OPEX) vs. capital outlay (CAPEX). In this case, the client had already purchased intrusion prevention and perimeter defense technologies from IBM and had in-house skills to manage it, but was looking for IBM to deploy and operate new solutions for insider threats and compliance.
Now we come to good fortune. Our team was very fortunate to have such welcoming hosts, interesting clients, and fantastic food at all our stops in India and China. It was truly exciting to see security professionals in those countries embrace security and compliance challenges head on, in partnership with IBM.
I also had the good (?), or at least unintentional fortune of making this trip my first round the world flight. Heading from my home in Austin, the original intent was to fly West to China, then India, and return home through Delhi via the North Pole. One potential snag in this return home that I did avoid was traffic associated with Ganesha Chaturthi in Delhi. My hosts warned me it would take 3 hours or more (vs. the typical 45 minutes) to reach the airport – and I needed all of that extra time to make flight from Mumbai. Long story short, I didn’t make my connection in Delhi and ended flying through Brussels (directly over Kabul too!) on my way home. After 48 hours (and many connections later) from the time I left my last client I was finally home, sweet home! At least that detour gave me the chance to enjoy a fine mug of Hoegaarden on the way home and rack up my first round the world flight for security.
IBM Tivoli Security Management Blog
with Tags: iss X
Chris Bauserman 1200005JH3 email@example.com Tags:  security-management network-security insider-threat identity-management india ips compliance-management access-management security compliance managed-security-services data-privacy china iss tivoli 1,527 Visits
Kelly Schupp 06000132TN firstname.lastname@example.org Tags:  compliance-management ism-jams security tivoli compliance insider-threat identity ibm management iss 1,351 Visits
On October 13th, speakers Jeff Crume, IBM Distinguished Engineer and IT Security Architect, IBM World Wide Tivoli Tiger Team and Jim Goddard, Business Development Executive, IBM Internet Security Systems addressed issues around Mitigating insider threats through proactive identity management
We've excerpted the following questions and answers from the live Q&A segment of this Jam.
1. What if I need authentication that is stronger than the userids/passwords?
Both Tivoli Access Manager for e-business and Tivoli Access Manager for Enterprise Single Sign-On support second factor authentication mechanisms such as smart cards, one time password tokens and biometrics.
2. How does the security logging work to ensure collection and analysis is done in a forensically sound manner?
One of the most important aspects of log analysis is to ensure that any analysis does not occur on the original log file. Tivoli Compliance Insight Manager does that by archiving the original log file thereby not contaminating the event source. This is something often overlooked with custom code.
3. If a user's SSO password is compromised, are all his applications now accessible via that account and password?
It is likely that users are already using one password for all their accounts in order to minimize the complexity of password management so this risk already exits. However, another option to minimize the risk is to use a second factor to strengthen authentication.
4. What are some of the ways to recertify access?
Tivoli Identity Manager comes with pre-built workflows to perform a recertification of all users for a given service. You can configure the actions to take such as deactivate or mark only if a user or manager does not recertify the account.
5. Was What kind of PII (personally identifiable information) is stored within the Identity Access Management (IAM) solution?
Whether information is considered PII must be judged at a local level based on regulations and policy. However, some elements the personnel feed will include might be name, country and address. It is a best practice to not include sensitive information in the feed such as social security numbers.
6. What about authentication of a user who logs in from multiple systems at multiple locations?
In some cases this behavior may be desirable but if this is not the case, Tivoli Access Manager for e-business has a Session Management Service which can be configured to restrict simultaneous logins.
7. Does TIM work with Domino Servers?
Yes. Tivoli Identity Manager also supports provisioning email accounts on Microsoft Exchange as well as many other IBM and non-IBM applications, data bases, operating systems, etc.
8. Is there a Best Practices Guide available for customers to use as a roadmap for planning a security deployment?
IBM Redbooks are an excellent source of practical information on best practices for configuring, customizing and implementing Tivoli security solutions. The full set of documents can be found at www.redbooks.ibm.com or an informal listing of Tivoli security-related content can be found at extranet.lotus.com/crume.
You can access the replay, podcast and PDF slides by registering here: http://ow.ly/vrjx
About ISM Jams
IBM Service Management Jams are weekly webcasts that address the hottest service management topics on a variety of levels from technological thought leadership to product tips and tricks. Jams air Tuesdays at noon EST, are available on-demand within 24 hours and are accessible for one year. ISM Jams are led by Wendy Whalen, ISM Jams Program Manager, Tivoli.