Worldwide LocationsActivIdentity Blog
« Back to Blog HomepageNew Surveys Show Smart Cards Trending Up – ActivIdentity Blog
Jul 25, 2011 3:55pm by Chris Harget | 0 Comment
It’s not every day you see your predictions come true. We’ve known for awhile that the threat environment was increasing. So far in 2011 Sony, Sega, RSA, Epsilon, HBGary, and WordPress together have had 178 million to 218 million user accounts, email addresses, token seed files or "records" stolen. The scale of the breaches, and hunger for publicity of some of the hackers, have heightened awareness to say the least. Still, there have been hacking sprees and malware storms in the past that did not lead to a visible proactive response from the IT community. Even when predictions make sense they don’t always come true. Today however, a previously predicted increase in smart card adoption seems to both make sense and be true. The data on this comes from a just-released research report by Aberdeen Group analyst Derek Brink, titled "The Case For Smart Cards."
- This report evaluates data from several longitudinal surveys and previous reports with some interesting findings: Between December 2010 and May 2011 surveys show a 1.5-2x increase in the number of organizations who planned to use smart cards in the next 12 months, or are evaluating smart cards.
- The same surveys showed 2.5-3x decrease in the number of organizations who planned to use OTP or were evaluating OTP.
- RSA's breach is offered as a partial explanation for these trends.
- Referenced reports indicate traditional perimeter defense is full of holes, traditional passwords are insecure, and privileged accounts are often unmanaged (allowing account escalation).
- The maturation of the smart card ecosystem and the CMS appliance option are called out several times as favorable to new smart card adoption.
- The report is very positive on the multi-purpose (multi-layered strong authentication) nature of smart cards.
While it is heartening to see a positive response to negative events, there are still worries about where we go from here. It is likely the highly publicized hacks we’ve seen this year are just the tip of the iceberg. Some of the most dangerous hacker types—organized criminals, unscrupulous competitors and state actors—will take great pains to conceal their successful data thefts, rather than advertise them. How do we get IT groups to respond to those?
PAN7DFHW9BWX
Post a Comment
All fields are required.
Legal Disclaimer
Some of the individuals posting to this blog website work for ActivIdentity Corporation ("ActivIdentity"). Opinions expressed in the blog postings and in any corresponding comments are the personal opinions of the original authors, not of ActivIdentity. The blog postings are provided for informational purposes only and are not meant to be an endorsement or representation by ActivIdentity or any other party. This blog website is available to the public. ActivIdentity moderates the comments and comments will not be posted until they are approved by the moderator. ActivIdentity does not guarantee that your comments will be posted to this blog website and ActivIdentity may refuse to post any comments in its sole discretion. No information you consider confidential should be posted to this blog website. By posting comments, you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to this blog website. You release ActivIdentity from any liability related to your use of this blog website and the content on this blog website. Your use of this blog website is also subject to the terms and conditions of the ActivIdentity Legal Notice available at http://www.actividentity.com/legal/ (the "Legal Notice"). The blog postings are "materials" and any comments that you post to this blog website are "feedback," each as defined in the Legal Notice.
Some of the individuals posting to this blog website work for ActivIdentity Corporation ("ActivIdentity"). Opinions expressed in the blog postings and in any corresponding comments are the personal opinions of the original authors, not of ActivIdentity. The blog postings are provided for informational purposes only and are not meant to be an endorsement or representation by ActivIdentity or any other party. This blog website is available to the public. ActivIdentity moderates the comments and comments will not be posted until they are approved by the moderator. ActivIdentity does not guarantee that your comments will be posted to this blog website and ActivIdentity may refuse to post any comments in its sole discretion. No information you consider confidential should be posted to this blog website. By posting comments, you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to this blog website. You release ActivIdentity from any liability related to your use of this blog website and the content on this blog website. Your use of this blog website is also subject to the terms and conditions of the ActivIdentity Legal Notice available at http://www.actividentity.com/legal/ (the "Legal Notice"). The blog postings are "materials" and any comments that you post to this blog website are "feedback," each as defined in the Legal Notice.
Subscribe to our RSS FeedSearch Blog
Category
Identity & Access ManagementRecent Posts
Recent Comments
Blogroll
The Forrester Blog For Security & Risk ProfessionalsComputer Weekly: David Lacey's IT Security Blog
Infosecurity Magazine: Security Viewpoint
Pro Security Zone: Editor's Blog
IT Pro
Adventures in Security
ha.ckers.org
Information Security: Security Bytes
Krebs on Security
SC: Data Breach Blog
Schneier on Security
Securosis
GovInfoSecurity.com: The Security Scrutinizer
GCN Tech Blog
Cybersecurity
Gartner Blog Network
Cnet: Insecurity Complex
Computerworld: Security Impact Blog
Computerworld: Security is Sexy
eWeek Security Watch
InformationWeek Security Weblog
Network World: Security Strategies Alert
ZDNet.com: Zero Day
Bank Info Security: Industry Insights
Bank Technology News
CRN Community: Hot Topics
Threatpost: Digital Underground