Information Security - Neil Readshaw
Neil Readshaw 270001X752 email@example.com Tags:  tivoli-security-policy-ma... pcty tspm pcty-nordic security microsoft-sharepoint pulse 514 Visits
In a couple of days I fly to Copenhagen to attend and speak at the Nordic version of Tivoli's Pulse Comes to You customer event. As well as meeting with specific customers, I am looking forward to reprising the "Heterogeneous Identity and Access Management for Microsoft Office SharePoint Server" presentation that Nataraj Nagaratnam and myself developed for the global Pulse event. As in Vegas, I'll be demo'ing some advanced capabilities that integrate Tivoli Security Policy Manager and Microsoft SharePoint for fine-grained application entitlements.
If you'll be at Pulse Nordic, stop by and say hej/hei/hallo/g'day.
Neil Readshaw 270001X752 firstname.lastname@example.org Tags:  gcn government-computer-news tklm nist tivoli-key-lifecycle-mana... encryption 458 Visits
Today I read a short though interesting article on the Government Computer News site titled "Five encryption tips from NIST". For me this article was quite timely as I had spent last week in Beijing teaching IBMers and business partners about a number of Tivoli security solutions, including Tivoli Key Lifecycle Manager (TKLM). I've added a few annotations below on each of the points raised by NIST.
Neil Readshaw 270001X752 email@example.com Tags:  authorization tspm tivoli-access-manager tameb security-policy-managemen... tivoli-security-policy-ma... authorization-policy-desi... tam 1 Comment 890 Visits
I've worked with Tivoli Access Manager (TAM) for a long time (through three product name changes and two company name changes at least) and have been getting into Tivoli Security Policy Manager (TSPM) over the last year or so. One of the things that I have become more aware of is the different thought process I go through to design authorization policies with these two products. I wouldn't say that I have developed a migration procedure or anything like that just yet. However, I did want to write down a few notes on the approach I take and how I neutralize the TAM bias currently in my brain.
Firstly, here is a recap on writing TAM authorization policies:
TSPM authorization policies, making some indirect comparisons to TAM authorization policies, have these highlights:
When it comes time to construct policies in TSPM, I try to keep these things at front of mind:
Then, I (think I) go through a process like this. For each role (including the special 'all authenticated' and 'everyone' roles)
I hope you found that useful. Now then, if you've played with TSPM or other XACML based products, how do you approach policy authoring?
Neil Readshaw 270001X752 firstname.lastname@example.org Tags:  tivoli-key-lifecycle-mana... redbook storage ekm tklm 799 Visits
A new IBM Redbook titled "IBM System Storage Tape Encryption Solutions" is available on the IBM Redbooks site. Redbooks are not only great publications, but a great learning experience when participating on a residency (sieze an opportunity if one presents itself - better still, make it happen for yourself).
This is the first redbook on the new Tivoli Key Lifecycle Manager (TKLM) product. TKLM evolved from an embedded encryption management solution (EKM) available previously with IBM and OEM storage devices. From the Redbook site: