Beginning in fiscal year 2012, U.S. government agencies must upgrade their physical and logical access control systems to provide federal employees and contractors with more secure and reliable forms of identification using Personal Identity Verification (PIV) credentials.

These credentials must leverage smart card and biometric technology in accordance with National Institute of Standards and Technology guidelines embodied in FIPS 201. These upgrades must be completed before federal agencies may use development and technology refresh funds to complete other activities. 

RSA Security executives spelled out the company’s product strategy for 2012, announcing that it would focus on mobile, anti-threat and cloud security.

As reported in Network World, RSA wants to develop tools that can help businesses improve data protection on mobile devices by separating personal and corporate data and improving mobile device authentication. RSA’s strategy includes adding more factor options to multi-factor authentication and embedding SecurID technology in mobile phones. 

Entrust Inc. has made enhancements to its Entrust Discovery digital certificate product by expanding search capabilities for digital certificates residing within Microsoft’s Cryptographic APIs and adding more than 25 basic or custom policy field alerts to ease certificate management.

Entrust Discovery is a certificate management tool that locates, inventories and manages digital certificates. It can work across diverse systems and aims to prevent outages, data breach and non-compliance. Users can establish and customize policies for certificate management and can run hourly, daily, weekly or monthly scans to check certificates for their status. 

Information delivery company Colt has licensed Cryptocard’s BlackShield authentication-as-a-service platform to enhance its virtual desktop infrastructure with secure remote access for up to 5,000 employees.

Techworld reports that Colt employees will use a smart phone application or key fob to generate a one-time password for use during remote login situations. 

One of the most exciting things that will happen in the next year or two is the confluence of a few major trends. It’s exciting because, together, they promise to make security and identity better and more manageable than it has been in the past.

Before I start, let me point out that these end-of-year articles, talking about the year ahead, often pretend that nothing happened the past 12 months. But these changes are happening now. They’ve been happening for a while. Furthermore, it’s not going to be complete in 2012. By the time 2015 rolls around, we’ll look back at 2012 and say that’s when it really took off.

The first of these changes is BYOD (Bring Your Own Device) computing. BYOD is a much better term than “consumerization” and really portrays the meaning that many of us are buying smart phones, tablets or laptops to use them on a work network. The tension this creates is predictable. 

UnboundID, a provider of identity data solutions for cloud, telco, and enterprise computing, released products based on the Simple Cloud Identity Management (SCIM) standard. By supporting SCIM, UnboundID can provide a standardized and simpler solution for organizations provisioning and managing user identities across multiple cloud-based services, including IaaS, PaaS and SaaS offerings.

UnboundID’s SCIM-enabled directory server enables developers to build directory applications using REST-based interfaces. In addition, UnboundID announced that it will release an extension to its Synchronization Server that makes it possible to synchronize identity data from existing data stores—such as Active Directory, LDAP and relational databases—to SCIM-enabled cloud applications, like SalesForce.com. 

IBM announced a new identity management system called Security Role and Policy Modeler. Based on IBM Research, the software analyzes employee data and recommends a set of roles to better secure an organization and manage compliance.

The analytics can flag abnormal behavior, inconsistencies in role access and expired user access. Bharti Airtel, a telecommunications provider in India, and Cognizant, an IT consulting and business process outsourcing in the U.S., are already using the software.

An employee’s unauthorized access to client information can leave a firm vulnerable to security breaches and audits. Many companies juggle the administration of identifying, managing and approving employee access, some of who have roles that require different levels of access to financial, personnel or sales and customer data, and can change during the course of a year.