Information delivery company Colt has licensed Cryptocard’s BlackShield authentication-as-a-service platform to enhance its virtual desktop infrastructure with secure remote access for up to 5,000 employees.

Techworld reports that Colt employees will use a smart phone application or key fob to generate a one-time password for use during remote login situations. 

Operational Research Consultants Inc. (ORC), a subsidiary of WidePoint Corp., has been authorized to issue PIV-I as a certified non-federal issuer.

As a non-federal issuer, ORCs identity credentials, issued to government contractors, state and local governments, first responders and health care providers, have additional interoperability for customers who wish to conduct e-government and e-commerce transactions with other entities across the Federal Bridge. 

One of the most exciting things that will happen in the next year or two is the confluence of a few major trends. It’s exciting because, together, they promise to make security and identity better and more manageable than it has been in the past.

Before I start, let me point out that these end-of-year articles, talking about the year ahead, often pretend that nothing happened the past 12 months. But these changes are happening now. They’ve been happening for a while. Furthermore, it’s not going to be complete in 2012. By the time 2015 rolls around, we’ll look back at 2012 and say that’s when it really took off.

The first of these changes is BYOD (Bring Your Own Device) computing. BYOD is a much better term than “consumerization” and really portrays the meaning that many of us are buying smart phones, tablets or laptops to use them on a work network. The tension this creates is predictable. 

A variant of malware called Sykipot is circulating that purportedly enables it to hijack U.S. Defense Department Common Access Cards and Windows smart cards, according to Alien Vault Labs. This variant, which appears to have been put together in March 2011, has been seen in dozens of attack samples from the past year.

The attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine. Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. 

The National Institute of Standards and Technology (NIST) wants to see a biometric scanning device that has Web-enabled communication and control that’s built on a publicly-available specification, reports Bank Info Security. To that end, it’s looking for proposals for such a device.

NIST is funding the initiative to produce a functional yet small device for biometric acquisition that can be controlled through Web services as described in NIST Special Publication 500-288: Specification for WS-Biometric Devices. 

UnboundID, a provider of identity data solutions for cloud, telco, and enterprise computing, released products based on the Simple Cloud Identity Management (SCIM) standard. By supporting SCIM, UnboundID can provide a standardized and simpler solution for organizations provisioning and managing user identities across multiple cloud-based services, including IaaS, PaaS and SaaS offerings.

UnboundID’s SCIM-enabled directory server enables developers to build directory applications using REST-based interfaces. In addition, UnboundID announced that it will release an extension to its Synchronization Server that makes it possible to synchronize identity data from existing data stores—such as Active Directory, LDAP and relational databases—to SCIM-enabled cloud applications, like SalesForce.com. 

IBM announced a new identity management system called Security Role and Policy Modeler. Based on IBM Research, the software analyzes employee data and recommends a set of roles to better secure an organization and manage compliance.

The analytics can flag abnormal behavior, inconsistencies in role access and expired user access. Bharti Airtel, a telecommunications provider in India, and Cognizant, an IT consulting and business process outsourcing in the U.S., are already using the software.

An employee’s unauthorized access to client information can leave a firm vulnerable to security breaches and audits. Many companies juggle the administration of identifying, managing and approving employee access, some of who have roles that require different levels of access to financial, personnel or sales and customer data, and can change during the course of a year.