RSA SecuID SDK for Android

PR NEWSWIRE

Dec 13, 2010

BEDFORD, Mass., Dec. 13, 2010 /PRNewswire/ -- RSA, The Security Division of EMC (NYSE: EMC) announced the availability of the RSA SecurID® Software Token for Android(TM) that is engineered to enable an Android powered device to be used as an RSA SecurID authenticator, providing convenient and cost-effective two-factor authentication to enterprise applications and resources.

(Logo: http://photos.prnewswire.com/prnh/20101213/NE16032 )

Additionally, RSA is releasing a new Software Development Kit (SDK) for the Android platform that is designed to allow developers to embed RSA SecurID two-factor authentication directly into Android applications and gain competitive advantage by offering this additional layer of security. Mobile applications that directly integrate RSA SecurID technology provide organizations with the assurance that their resources are engineered to be protected from unauthorized access without any usability impact to the end user. The SDK is available free of charge for all RSA Secured® partners.

"Being able to offer the RSA SecurID tokens to our users on many of the most popular mobile platforms such as Android is a convenient and cost-effective way to deploy strong authentication in our enterprise," Tim Prendergast, Network Architect at Ingenuity Systems, Inc. "Deployment on smart phone platforms is done electronically so it's simple and fast for our IT organization to provision, eliminating any lag time if an end-user needs to get a new token. Our employees love it because the tokens are easily accessed on the mobile devices they already own and carry."

The new RSA SecurID Software Token for Android is engineered to generate a one-time password that changes every 60 seconds, enabling secure access to corporate resources. The solution complements the broad range of authentication methods offered by RSA, giving customers a choice in authentication methods based on risk, cost and convenience.

The RSA SecurID Software Token for Android is designed for enterprise users whose organizations have implemented the RSA SecurID system. The token can be installed directly onto Android enabled devices at no cost via a simple download from Android Market(TM). With minimal help from their IT department, users can enable the application with a unique software token seed, creating a convenient, secure and cost-effective RSA SecurID authenticator.

"The smart phone is revolutionizing the way consumers and commercial organizations are doing business," noted Mark Diodati, Research Director at Gartner. "The smart phone will become the default strong authenticator for users in the near-term; it means one less device that the user must carry. It's important that strong authentication methods like one-time password devices are supported on smart phones, and that developers have an easy way to embed this high-quality authentication method into mobile applications."

The use of RSA SecurID software tokens helps decrease total cost of ownership for organizations as they don't require any physical shipping, can be revoked and automatically redeployed if an employee leaves the company with their Android enabled device eliminating the need for replacement tokens. Additionally, having the software authenticator on business-critical smart phones reduces the number of costly technical support calls for misplaced tokens.

"It's no secret that mobile computing has exploded recently and we do not expect that trend to slow down at all. This enormous growth and proliferation gives us a strong opportunity to leverage these devices as authenticators and enable new forms of authentication to our customers to establish identity," said Tom Corn, Chief Strategy Officer, RSA, The Security Division of EMC. "Leveraging mobile devices running on the Android platform to deploy RSA SecurID technology allows customers a seamless delivery of two-factor authentication across cloud or on-premise applications."

The RSA SecurID software token for the Android mobile platform will be available for free download Dec. 22, 2010 from Android Market. It is enabled for users with a unique software token seed purchased by IT organizations that have deployed RSA® Authentication Manager.

Introducing the Skylab Community Project

Introducing the Skylab Community Project
CLOUD SECURITY | MARCH 24, 2010
http://pulsene.ws/tDlr

Creative ideas for new startup

If you are thinking to start a new company, here are some ideas and hope you can give me the initial credit if you happen to read my blog and started the company and make it successful.

1: A Search box which could search both public information (like Google) and protected and secured content (like share point, outlook e-mail, shared files server, etc). The basic idea would be to have user identity being seamlessly integrated into your search box, and for secured content, the identity can be federated using SAML or oAuth or OpenId. I have some very elaborated idea of how to make it work. If you are interested in this space and would like to work with me, please send me an e-mail. I am doing this in my spare time, so any support would be very beneficial.

2: Educational App in the Facebook. As you all know, majority kids over 13 years old in US are in Facebook now. How can we make their time useful, educational, fun is the biggest real world problem. If we can solve this problem, this would be our biggest contribution to our next generation and to our world. I welcome comments and suggestion on this and will be happy to talk with anyone who is interested in this idea.

I will post more ideas in new blog post.

Thanks

Ken Huang

HP to expand Cloud and Security Business in Asian Pacific area

According to CMS Wire:

At a media event in Barcelona, Spain, vice president and general
manager for HP's Business Technology Optimization, Robin Purohit, said
the company plans to expand its market share in Asia Pacific by 2011.
While he did not disclose the details of this target, he identified
two areas where HP plans to achieve this growth: security and cloud
computing.

Security and Datacenter Management
"Many companies are looking to improve their core security
capabilities but do not have the necessary skilled manpower to do so,
which is why we see a clear opportunity for us to play in this space,"
Purohit says. HP has highlighted its recent acquisition of security
providers Arcsight and Fortify Software to boost the company's
capability in providing managed security services to clients.

Meanwhile, cloud computing is another area where HP plans to ramp up
activities in the Asia Pacific region. More particularly, HP cites its
capabilities in managing disparate, virtualized datacenter systems,
which are a foundation of cloud computing services. Purohit says HP is
in a position to help businesses manage their data systems through a
networked infrastructure, with their experience in datacenter and
cloud technologies.

Application Lifecycle Management
Additionally, HP has identified application testing to be another
opportunity in the region. Outsourced BPO industries in India, China
and the Philippines are seen as potential growth areas for HP's
Application Lifecycle Management (ALM) 11 platform, which was launched
at the HP Universe 2010 conference, likewise in Barcelona.

Michael Sher, HP Asia Pacific & Japan director for application quality
sales says that the company sees "huge opportunities" for ALM 11 in
the region. He cited rising labor costs and scalability as being
advantages of automated application quality and performance testing.Gartner predicts that Asia Pacific sees an aggressive growth in

enterprise IT spending in 2011, expenditures expected to top US$ 312
billion. This includes a projected 11.3% growth in software and 9.3%
in IT services, fueled by the booming BPO industry in the region,
among others.

$1 Billion Market for User Provisioning

Recent Gartner report (revised on 11/5/2010) indicate that in 2010, User provisioning market reached $1 Billion. Oracle, IBM, CA still the market leader.

More information on:

http://www.gartner.com/technology/media-products/reprints/oracle/article157/article157.html

Finally I decided to turn off "Conversation Feature" with my Gmail

I believe myself think chronologically and for this reason I never get used to the features in gmail which show you the threads of e-mail which has the same subject lines. I find very hard to locate the e-mail and reply to e-mail if the e-mail I need to find is inside a big long thread of e-mails especially if the e-mail thread is very long. I really dislike this feature. Luckily, I was able to turn this off, and if you need to know how, here is how it works.

1) Sign into your gmail account.

2: Click on  Settings.

3: Click on General Tab and you will see the following Conversation on or off. And click off. 

This is how it worked for me.

Ken Huang

WikiLeaks fallout: it is about Identity and Access Managment and Encryption

The recent WikiLeaks includes Department of State and some big
financial institutions and technology companies have made big
headlines in the news.

I believe that two key measures to prevent this kind of leak is
Identity and Access Management(IAM) and Encryption of data at rest and
in the transit. IAM is not just technology, it is about process,
procedures, and policies. Agencies need to evaluate current IAM
practises with existing technologies and see if there is any holes in
SoD, Least privilege, user provisioning, and de-provisioning, fine
grained access control, etc. Department and Agency wide IAM strategy
is crucial to prevent the leak in the future. As data encryption and
key management, this can be combined with IAM strategy to protect data
in transit and at rest.

The financial institution and big technology companies are not
exempted from the data leaks such as wikiLeaks, and it is very
important to have a consistent and enterprise wide IAM strategy.

I welcome any comments.