The VeriSign Security Review - Q1 2005 from VeriSign, Inc.

You Are Here:

US Home > Resources > Security Services Newsletters > The VeriSign Security Review > Q1 2005

The VeriSign Security Review

Q1 2005

Industry Intelligence for IT Executives
February 2005, VOL.2, NO. 4 (formerly the Intelligence and Control Review)
Brought to you by VeriSign Security Services

2004 was a year in which hackers did not rest. They hit organizations with a series of particularly sophisticated “hybrid” attacks that combined denial-of-service (DoS) strategies, exploits of system vulnerabilities, and complex “social-engineering” techniques such as “phishing,” in which perpetrators use fake email in an attempt to glean passwords. Fortunately, these attacks were easily thwarted by companies with the ability to see them coming. Through this newsletter, we provide you with the needed intelligence to take proactive control over your security and your network, so that you can reach your highest goals for the coming year.

In this Issue:

Stronger Security, Supported by Multiple Credentials

By Nico Popp
Vice President, Authentication Services

Passwords provide a measure of security, but unfortunately, they are often insufficient for securing critical systems; they can be guessed or stolen with relative ease, and a hacker needs only one working ID in order to steal valuable information or vandalize the critical systems of entire organizations. For this reason, companies are beginning to deploy Strong Authentication security systems, which combine something that they know, like a user name, with something that they have, like a one-time-password token or a USB smartcard. Although two-factor authentication gives users truly secure access to critical systems and applications, historical solutions are too costly, inflexible, and complex for most corporations to deploy.

Corporations deploying Strong Authentication solutions therefore need an intelligent infrastructure that is flexible enough to adapt to the broad range of users and applications found in today’s modern enterprise. This solution must be highly scaleable to support a corporation’s natural growth. At the same time, it must remain uncompromisingly cost effective, and easy to deploy and manage. VeriSign offers just such a service, VeriSign® Unified Authentication, which enables enterprises to leverage a single integrated platform for all of their Strong Authentication needs. Based on ubiquitous open standards such as Radius and LDAP, VeriSign Unified Authentication eliminates the need to develop and maintain proprietary systems for strong authentication.

Unified Authentication provides more value than many other Strong Authentication solutions, since it includes a next-generation multi-purpose token that can be used both as a one-time-password token (in unplugged mode) and as a USB smartcard (in plugged mode). Unified Authentication reduces the total cost of ownership by leveraging an enterprise’s existing infrastructure, and it moves the complexity of security and scalability to VeriSign’s substantial Internet infrastructure. Because the solution leverages open standards, it’s designed to fit easily within most organizations’ architectures, and because it is interoperable with most devices, no matter the protocol, the solution can be considered “future proof” with regard to technological innovation.

The latest release, Unified Authentication 2.5, extends platform and application support and delivers additional deployment options for larger enterprises. Key enhancements include:

Non-Windows LDAP and RDBMS user store support
A highly scalable authentication engine that provides in-premise validation of one-time-password values within the enterprise
Extended Microsoft application support that will include one-time-password authentication for Windows logon and Outlook for Web Access
Additional client software components that will support one-time-password authentication for Linux as well as Unix logon, mainframe logon, and Citrix logon.
An included software development kit (SDK)

In addition, VeriSign recently announced that Unified Authentication will now come bundled with IBM® Tivoli Identity Manager software, which will make it even easier for IT administrators to manage the distribution and control of tokens and other devices. This software also provides an automated mechanism for selectively granting access to business applications and data.

For more information, please visit the Unified Authentication pages on the VeriSign Web site.

Intrusion Prevention: Thinking Beyond The Box

By Scott Magrath
Product manager, VeriSign Managed Security Services

For anyone concerned about network security, notification in the event of any security breach is critical, and has become a mandatory component of any security program. Recently, however, security professionals are realizing that they need to be able to stop a potential intrusion before it becomes a threat. For this reason, hardware-based intrusion prevention system (IPS) devices have begun to gain traction in the marketplace. IPS devices combine the ability of an IDS device to detect an attack, with the ability of a firewall to block malicious traffic. Market research firm In-Stat/MDR predicted that the combined market for IPS and IDS technologies would reach $1.4 billion by 2008, an increase of $541 million since 2003. While these technologies are incredibly powerful, they are not, as some would have you believe, a “silver bullet.” Even the implementation of IPS devices is not enough to safeguard a corporate network, and security professionals agree that a truly effective security strategy requires more than the purchase and deployment of security devices, no matter how robust and full-featured they may be.

Even the best technologies, if not part of a complete security program, can be virtually useless. Beyond limiting their usefulness, IPS technologies if improperly deployed or configured, can actually create new problems for an enterprise. For example, an IPS device deployed inline with the wrong blocking policy can actually prevent benign traffic from entering the network; resulting in negative impacts to the business. Each organization needs the expertise to configure these technologies according to the particularities of their business. Intrusion prevention policies must be carefully reviewed and regularly updated to ensure that they are aligned with the particular needs of the organization’s IT environment. In addition, devices must be monitored continuously for uptime and security events. Such monitoring requires more than a person watching a monitor for an alert; it requires an intelligent infrastructure, active 24/7, that can analyze all traffic and correlate network events, as well as evaluate the functioning of these in-line devices on a regular basis. However, most companies do not have access to such an infrastructure.

VeriSign offers a Managed Intrusion Prevention Service (MIPS) that allows corporations to leverage VeriSign’s substantial infrastructure capabilities and considerable security expertise. With MIPS, companies can ensure that their IPS devices are not only operating efficiently, but are operating under a fully effective, pro-active security strategy that blocks unwanted traffic while intelligently allowing benign traffic to flow freely. VeriSign works with each individual MIPS customer to develop and fine-tune intrusion-prevention policies to ensure they are operating at peak efficiency. As with all its fully-managed offerings, VeriSign also patches and upgrades all devices under management.

VeriSign’s Intelligent Infrastructure Services are housed in military-grade Security Operations Centers (SOCs), highly available environments that provide 24/7 monitoring and management of security infrastructures for Global 2000 companies. All data is backed up across multiple redundant systems, eliminating any single point of failure. Through TeraGuard™, VeriSign’s information management architecture, VeriSign analyzes and prioritizes all security events, across multiple devices, multiple customers, and across the internet through VeriSign’s unique position in the internet infrastructure using its multi-context correlation engine. This enables VeriSign to quickly eliminate false positives, focus on the real threats, and take the appropriate action.

For more information about VeriSign MIPS, please call 650.426.5310 or send an email to mss_ips@verisign.com.

The OATH Initiative Gains Momentum

By David Berman
OATH Marketing Group Representative

In the late sixties, researchers at the U.S. Department of Defense Advanced Research Projects Agency (DARPA), developers of the open, distributed networking architecture that evolved into the modern-day Internet, probably could not have predicted the extent to which the original network would grow. Billions of interconnected nodes form the Internet of today, and these include not only desktop computers connected via wirebound networks but also laptops, cell-phones, pagers, PDAs, and a range of other devices connected over WiFi, cellular, and myriad other kinds of networks.

This proliferation of users and devices has greatly expanded the Internet’s usefulness and ubiquity while also adding considerable complexity to the tasks of maintaining security and authenticating users. With so many protocols to address, security professionals are hard pressed to decide which standards are best to support. If such professionals could leverage open, ubiquitous standards, they could respond to today’s security threats much more quickly, more efficiently, and much more cost-effectively. For this reason, at the 2004 RSA Conference, a group of companies announced that they would join forces to form the Initiative for Open AuTHentication (OATH). OATH’s mission is to drive the availability of strong authentication across all networks and devices through the establishment of an open-standards-based, interoperable “blueprint.”

The OATH group was originally formed by security vendors, device manufacturers, and middleware and application developers, but the group is actively seeking participation from corporations, merchants, and financial institutions as well; organizations know their own security needs better than any other party, and open security standards will be more effective with strong participation from all of the major participants. The first OATH meeting took place in April of last year, and soon after, three working groups were established (the Joint Coordination Committee, Technology Focus Group, and Marketing Focus Group), and OATH’s members agreed on governance guidelines and goals.

Revitalizing the One-Time-Password
The OATH group is active in the promotion of new open-source tools and the enhancement of existing ones. At Digital ID World in October, the OATH group announced that it had released a new algorithm to the Internet Engineering Task Force (IETF), an algorithm for facilitating the generation of one-time passwords (OTPs). Since OTPs cannot be re-used, they are practically useless to thieves. Once approved, the HMAC (Hashed Message Authentication Code) algorithm would allow any vendor or security provider to more easily build systems that incorporate OTPs. Further technical details regarding HMAC are available at the IETF [Link to http://www.ietf.org/internet-drafts/draft-mraihi-oath-hmac-otp-01.txt] site.

OATH Expands
Since its founding, manufacturers and application developers continue to swell OATH’s ranks. Such organizations are increasing the wealth of resources available to developers who seek to build systems that strengthen security and improve the bottom line by integrating multiple technologies. At Digital ID World (Denver, Co., October 26), more than 30 companies announced that they had agreed to form a charter to drive the adoption of open, standards-based strong authentication technology.

Currently, OATH includes the following companies: ActivCard, Inc.; Aladdin Knowledge Systems; ARM; Assa Abloy ITG; Authenex, Inc.; Aventail; Axalto Inc.; BEA Systems; BMC Software, Inc.; Checkpoint Software Technologies; Citrix Systems, Inc.; DataKey, Inc.; Digital Persona; Diversinet Corp.; Entrust Technologies, Inc.; Forum Systems, Inc.; Gemplus Corp.; I.B.M.; IMCentric, Inc.; Iteon; Juniper Networks, Inc.; K.K. Athena SmartCard Solutions; Livo Technologies S; Passlogix, Inc.; Phoenix Technologies Ltd.; SafeNet, Inc.; SecuriCode Limited; Signify; Smart Card Alliance; VASCO Data Security; VeriSign, Inc.; and VOCENT.

If you would like to join OATH, and help shape the development of tomorrow’s security standards, fill out a short form accessible via the OATH Web site. If you have any questions about OATH or its mission, please send an email to info@openauthentication.org.

For more information on OATH, visit http://www.openauthentication.org

Profile: i-SAFE America

Developing a system to allow students to chat safely online

The Internet can be a useful, educational medium for students, but it can also be dangerous because people take advantage of the anonymity of the online world. Some students have been lured from chat rooms into face-to-face meetings with adults who had been masquerading as other students. Clearly, youth need to be taught early on about the pitfalls of online communication, and that is precisely the mission of i-SAFE America (www.isafe.org). Teri Schroeder, i-SAFE president and CEO, said that she founded i-SAFE in response to a letter from one student relaying some difficulties she experienced online. “i-SAFE was formed to empower this student and every student across the nation,” says Schroeder. Having been awarded its first year of congressional appropriations in 2001, the foundation has been extremely successful in its educational pursuits, and as of last year, 1,185 schools have implemented i-SAFE’s curricula throughout 50 U.S. states. In pursuit of Schroeder’s mission, the organization has educated over 600,000 students in the year 2004 alone.

Schroeder wanted to build on i-SAFE’s educational foundation, and implement a technology solution that would further protect students participating in the organization’s programs. Schroeder needed a way for students to reliably authenticate themselves when engaged in online activities. She needed a tool that was compliant with open standards and widely accepted within well known market segments. Finally, she needed a system that would work seamlessly across numerous platforms. To meet these needs, Schroeder turned to VeriSign for its Unified Authentication offering.

A Trusted Environment
Through VeriSign, i-SAFE will be able to authenticate the identity of each student through the distribution of digital certificates, which act as “keys” to unlock access to email, chat rooms, and one-to-many communication tools. VeriSign’s proposed solution will provide grade school students with digital credentials to protect them when they’re surfing the Web and to help develop future “safe-use” case studies for children using the Internet for research and other school projects. Such certificates are commonly stored on computers, and in conjunction with username and password, they provide assurance that a given individual, on a given machine, is an authorized user with a registered identity. “We needed technology that could help protect and empower the safety of our nation’s youth, and VeriSign was able to provide it,” says Schroeder. “VeriSign will allow i-SAFE to provide security through their current digital certificate, which has been widely accepted within the online financial market.”

A “simple” digital-certificate solution would not suffice for Schroeder, however, since students tend to access the Internet from multiple machines. Instead, VeriSign intends to house digital certificates on USB Hybrid tokens, which are small enough for students to carry on a keychain. i-SAFE dubs the tokens “i-STIKs,” and the i-STIK solution will be rolled out as part of a pilot project to all of the schools in Nebraska, Florida, North Dakota, Virginia, Colorado, and Kentucky that are participating in i-SAFE’s education programs. School administrators will distribute the tokens after validating a student’s credentials, and i-SAFE will educate students in their use. i-STIKs will only transmit a student’s gender and age range in addition to the i-STIK’s serial number. Students’ names and other personal information will be stored in a secure, restricted database linked to each i-STIK’s unique identifier.

Schroeder sees great promise in the VeriSign solution. “The system provides two important benefits,” says Schroeder. “If someone were to impersonate a registered student, that would constitute identity theft, and there are laws already enacted for this. Also, if a student were to lose an i-STIK, administrators would easily be able to revoke the digital certificate and issue a new one without having to change the student’s user ID or password.” In addition, the solution allows for easy revocation of the credentials when students transfer, graduate, or are no longer enrolled in the school.

Schroeder chose VeriSign because of its strong reputation in the security sphere, and she feels that VeriSign offers strong technology to back up that reputation. “I believe that VeriSign was instrumental in our garnering government support for this project,” says Schroeder. “VeriSign’s solution addresses many factors that Congress was looking for with regard to protecting students online. This solution not only protects their privacy, but it also gives them the power to choose whom they wish to chat with online.”

A Safer World
Once the pilot is complete, Schroeder hopes to expand the i-STIK nationwide. Recently, i-SAFE demonstrated the solution to the Department of Commerce, showing how the i-STIK can be used to provide safe, two-way communication between youth under the age of 13 who use the kids.us top-level domain. i-SAFE is also working on a distribution system whereby students whose schools do not participate in i-SAFE’s programs will be able to acquire i-STIKs from their local post office with parental consent. In the future, Schroeder says that i-SAFE hopes to extend its outreach activities to the youth of Africa and other nations with limited access to technology.

“We needed technology that could help protect and empower the safety of our nation’s youth, and VeriSign was able to provide it.” — Teri Schroeder, President and CEO, i-SAFE America

i-SAFE Profile

Industry: Education/Outreach

Challenge: Provide a system to reliably validate the age of students online

Solution: VeriSign’s Unified Authentication

Results

i-SAFE can easily manage the distribution of certificates over a secure Web interface.
Using portable USB Hybrid tokens for authentication, students can roam from machine to machine.
The system effectively screens out unauthorized users.
i-SAFE can authenticate students using any machine on any platform.
VeriSign’s reputation helped i-SAFE to garner government support.

A New Look For 2005

By Melanie Branon
Vice President, Branding and Marketing Communications

When you pay a visit to the VeriSign Web site, or take a glance at one or two of our recent advertisements, then you might have noticed that there is something new happening at VeriSign. We have a new image—one that reflects the dynamic role we play in today’s society. In October 2004, we launched a new brand campaign featuring a consistent use of color (we call it “cranberry red”) and graphics (the check mark and dotted lines signifying connections) that unite the VeriSign brand across all of our products and around the world. Like any large corporation, we rely on strong brand elements to more consistently communicate our identity, but for VeriSign, our new look is not just skin-deep. What are we driving at with this new image that we’re sporting?

As the only company with substantial expertise in Internet, security, and telecommunications infrastructures, VeriSign has been known as many things to many people. But today, as the evolution to a digital economy gains speed, VeriSign is in a truly unique position to bridge multiple networks, technologies, and protocols—we are “where it all comes together.” Our new brand reflects the message that VeriSign operates the intelligent infrastructure services that enable businesses and people to find, connect, secure, and transact across today’s complex, global networks.

As our capabilities become more integrated to address the converged marketplace, our “look-and-feel” reflects that unified approach. In addition to using consistent colors and design elements, our materials show people interacting with technology, and our graphics show connections being made from one device to another across myriad protocols and networks, illustrating how we can facilitate the secure interoperability of multiple technologies. We hope you like our new look, but even more, we hope you take the time to learn more about how we provide the intelligent infrastructure and unique solutions to mitigate today’s increasingly complex network environments.

VeriSign and Ziff Davis Conduct Roundtable Discussions on Phishing and Compliance

By Deanne Martin
Corporate Marketing Events Manager, VeriSign

VeriSign takes an active role in the advance of the IT Security industry by co-hosting roundtable discussions on current security issues. In October, VeriSign and the Ziff Davis Custom/Conference Group held two such roundtables: One on the growing problem of phishing, and another that centered on complying with legislation. These discussions followed an open format that allowed all attendees to participate, but each was moderated by subject-matter experts, to keep the conversation on track and moving forward.

No Phishing Allowed
“Phishing” is a security concern that affects both individuals and businesses. Such attacks use fraudulent email appearing to originate from banks and other financial institutions to trick users into divulging sensitive account information. Joe Panettieri, editorial director for Ziff Davis Media’s Custom/Conference Group and a prominent technology journalist, moderated the phishing round table (October 21st, 2004, Intercontinental Barclay Hotel, New York). He opened the discussion with two alarming statistics: In 2004, phishing incidents rose 250 percent from March to April, and another 215 percent from April to May (Source: FraudWatch International). After a brief discussion of some of the common characteristics of phishing attempts, participants introduced themselves and listed two of their top challenges related to this growing problem. Panettieri then led participants through a detailed discussion during which participants exchanged strategies used to defend against this growing problem. Attendees told Panettieri that anti-spam technology alone wasn’t enough to combat phishing. In particular, participants were seeking managed security services that could identify, halt and report phishing attempts to the proper authorities in a timely, proactive manner. In addition to evaluating and embracing managed security services, participants shared several other best practices for combating phishing incidents, including:

Timely updates to HR handbooks provided to all company employees,
Clearly communicated corporate email and Web use policies. Typically, these policies are included in HR manuals, on corporate intranets and in written company memos distributed twice annually to all employees, and
Timely and regular communications with customers, partners and consultants who might otherwise fall victim to phishing attempts.

Complying with Compliance
CIOs are constantly under pressure to maintain compliance with government legislation such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Blily Act, and California SB 1386. Many companies have had to pay heavy penalties for failing to properly secure their IT infrastructure—some in fees, and others through unnecessary exposure to threats. Panettieri, who also moderated the roundtable discussion on compliance (September 15, 2004, San Francisco; and October 20, 2004, Chicago) began with the statistic that as many as 20% of CIOs are not involved in compliance. Attendees also learned that CEOs and CFOs can face up to $5 million in fines and 20 years in jail for non-compliance related offenses.

Attendees discussed each other’s primary pain points related to compliance, and these included auditing, user access rights, revenue recognition, ASP/ISP issues, debit cards, credit card compliance, Web site protection, and protection of the corporate brand and image. The discussion then turned to best practices for maintaining compliance, including garnering support from upper management using audits, risk assessments, and negative press coverage. The participants discussed the intricacies of federated ID management and two-factor authentication. All involved left the discussion with a much clearer sense of the importance of compliance, and with a more focused sense of how to proceed in their compliance efforts.

VeriSign Presents at NetworkWorldFusion Security Seminar Series

By Melissa Lavigne
Marketing Manager, VeriSign

Network World newsweekly produces a cutting-edge security seminar series that draws network security professionals from all over the globe, including many prominent CEOs, CIOs, and CSOs. The most recent series, entitled “Network Security: Structuring an Aggressive Defense,” toured Houston, Washington, D.C., Seattle, and New York, and offered especially comprehensive information, insight, and discussion.

No organization can afford to wait for an attack before implementing a security strategy, since a single attack can cause substantial financial damage, harm the company brand and customer relationships, or even shut down an organization completely. Security professionals are becoming aware that the only effective security strategy is a proactive one, a strategy that anticipates and prepares for attacks before they occur. However, organizations can employ many different security strategies, and many security professionals are uncertain about which are likely to be the most effective.

The seminar addressed these and other concerns by offering concrete, hands-on experience from security professionals who are leaders in their respective fields. Attendees also had an opportunity to share their experiences and advice drawn from hands-on experience in the “trenches” of network security. Topics ranged from the pros and cons of various security architectures, to the best methods for securing virtual private networks (VPNs), to the subtleties of authentication and public key infrastructure (PKI). Mark Griffiths, VeriSign’s Vice President of Authentication Services, and Sundar Krishnamurthy, Product Manager of VeriSign’s Email Security Service, presented a section entitled “Measuring the Success of Your Spam and Virus Protection Solution.”

The seminar helped participants to:

Prepare a seamless security system comprised of well integrated elements
Build layers of defense at multiple points in a corporate network
Combine and orchestrate today’s most-effective solutions
Aggregate and analyze assets to proactively defend a network
Benchmark a security architecture against industry best practices

“Network Security: Structuring an Aggressive Defense” provided a wealth of intelligence, opportunities, and advice in one highly productive day. Participation in this event is free of charge to qualified professionals (Advance reservation is always required for complimentary attendance), so be sure to keep an eye out for registration information for next year’s event!

For more information, see the NetworkWorldFusion Web site

Events Listing

Stay ahead of the curve by attending one or more of the following security-oriented events.

VeriSign Web Seminars

February 9^th
VeriSign® Email Security Service Web Seminar, hosted by SearchSecurity.com (TechTarget)

Companies are spending money on complying with SOX, HIPAA, GLB, and SEC 17a3-4. However, many are realizing that the initial costs are but a small portion of the total cost to maintain systems and processes. Service providers, however, can provide trusted support to meet ongoing compliance initiatives and maximize profits. In this Web seminar, VeriSign will discuss the ramifications of compliance and corporate governance as it pertains to Information Security. While some organizations view compliance as an ongoing “tax” on IT resources, others have used it as leverage to further protect corporate assets that reside inside the data center. Outsourcing some compliance initiatives has allowed for organizations to shift their focus towards generating a greater return on these information assets.

February 23^rd
VeriSign Internet Security Intelligence Briefing

VeriSign’s widespread intelligent infrastructure provides an unparalleled view into emerging threats across the entire Internet, including detailed statistics on e-commerce activity. VeriSign reports on intelligence drawn from the global Domain Name System (DNS) as well as VeriSign’s Authentication Services, Managed Security Services, Payment Services, and Fraud Protection Services. During this free Web Seminar on VeriSign’s Q4 2004 data, you will learn about the growing usage trends in e-commerce and the Internet, in addition to valuable information about e-commerce fraud. The briefing also identifies the peak days in the holiday shopping season and analyzes the e-commerce growth sustained into Q1 2005 by online merchants.

March 15^th
Ensuring Messaging Continuity in the Enterprise: A VeriSign® Email Security Services Web seminar hosted by SearchExchange (TechTarget)

Today, email security is mostly confined to spam filtering and virus scanning. But since email is a mission-critical business application, enterprises must focus on a broader, more comprehensive “messaging continuity” strategy that secures email systems from disasters and disruptions. This Web seminar will discuss approaches and alternatives for disaster recovery, email availability and attack prevention.

Registration information is not yet available for this event. Visit SearchExchange.com, after February 15th, to register.

Upcoming Conferences

January 23rd – 27th
Lotusphere
Walt Disney World Resort, Orlando, Florida

This four-day conference delivers a comprehensive view into Notes, Domino, and the entire Lotus product portfolio, as well as the WebSphere Portal product line, Pervasive Computing technology, and the IBM Workplace. VeriSign will showcase enhancements to its Email Security Service.

February 14th – 18th
RSA Conference 2005
Moscone Center, San Francisco, California

The RSA Conference is one of the most authoritative resources for organizations seeking to secure their systems against cyber-criminals. Visit VeriSign at booth #704 and the OATH Partner Booth at booth #930. Be sure to catch the special keynote session by VeriSign president and CEO Stratton Sclavos. VeriSign is also hosting an exclusive customer event, invitation only, on Wednesday, February 16. Contact Melissa Lavigne (mlavigne@verisign.com) for more information.

March 6th – 8^th
Computerworld Premier100
JW Marriott Desert Ridge Resort, Scottsdale, Arizona

At this event, you will have an opportunity to learn from Computerworld magazine’s Premier 100 IT Leaders and Alumni.

March 15th -17th
Electronic Transactions Association (ETA) Annual Meeting
Mirage Hotel and Casino, Las Vegas, Nevada

The ETA serves the needs of organizations that offer transaction processing products and services. ETA is now an international association with over 400 member companies from seven different countries.

May 9th – 12th
Digital ID World
Hyatt Regency Embarcadero, San Francisco, California

Sponsored by VeriSign, Digital ID World 2005 is packed with 40 insightful hours of workshops, tutorials, and panels on bringing identity to your business. Learn about technologies and strategies that will help you address:

IT Availability and Business Continuity
Business Partner Integration and Supply Chain Management
The Ongoing Erosion of User Confidence
Dynamic Management of Corporate Resources

The global identity community of vendors, analysts, academics, and media coalesces into a singular “identity ecosystem” at Digital ID World. The benefits are as unique as the event.

June 6th – 8^th
Gartner IT Security Summit
Marriott Wardman Park Hotel, Washington, DC

This comprehensive conference covers the latest in security technologies, and provides comprehensive advice on building business cases for information security budget requests, complying with complex legislation, disaster recovery, and business continuity planning.

July 13th – 15th
Catalyst North America
Manchester Grand Hyatt, San Diego, California

The Catalyst Conference is an annual, three-day educational event offering four tracks: Application Platform Strategies, Identity and Privacy Strategies, Network and Telecom Strategies, and Security and Risk Management Strategies.

August 21st – 23rd
Aspen Summit
The St. Regis, Aspen, Colorado

The Aspen Summit 2005 is the Progress & Freedom Foundation’s annual gathering of the digital world’s most prominent business leaders, probing thinkers, and influential policymakers.