Enterprise identity and access management
Identity and access management tools are integral to maintaining data security in the enterprise. Here you'll find information on passwords, authentication and Web access control. Browse the identity management and access control topics below for the latest news, expert advice, learning tools and more.
Top Stories
-
Answer
19 Apr 2023
How to defend against TCP port 445 and other SMB exploits
Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place. Continue Reading
-
Answer
12 Apr 2023
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
-
Feature
15 May 2018
What to know before implementing an IAM system
IT administrators have many features to choose from and requirements to meet when looking for an IAM tool. Check these boxes before committing to IAM. Continue Reading
-
Answer
03 May 2018
How do admins check the Exchange IRM setup?
Testing Exchange information rights management functionality can be tedious, but Microsoft offers a dedicated cmdlet for Exchange 2016 administrators that streamlines the process. Continue Reading
-
Answer
05 Apr 2018
How can IT combat rogue RDP access?
Hackers can gain remote access to users' desktops through RDP hijacking. As a result, IT pros must know what they can do to prevent such an attack. Continue Reading
-
News
27 Feb 2018
New SAML vulnerability enables abuse of single sign-on
Duo Security discovered a new SAML flaw affecting several single sign-on vendors that allows attackers to fool SSO systems and log in as other users without their passwords. Continue Reading
-
Tip
30 Nov 2017
Use caution with OAuth 2.0 protocol for enterprise logins
Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication. Continue Reading
-
Feature
28 Nov 2017
Security Controls Evaluation, Testing, and Assessment Handbook
In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control. Continue Reading
-
Tip
19 Sep 2017
How to balance organizational productivity and enterprise security
It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. Continue Reading
-
Tip
17 Aug 2017
Common web application login security weaknesses and how to fix them
Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading
-
Tip
09 Aug 2017
Are biometric authentication methods and systems the answer?
Biometric authentication methods, like voice, fingerprint and facial recognition systems, may be the best replacement for passwords in user identity and access management. Continue Reading
-
Podcast
12 Jul 2017
Risk & Repeat: Should IAM systems be run by machine learning?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the identity and access management industry and how machine learning algorithms could govern IAM systems. Continue Reading
-
Feature
12 Jul 2017
Q&A: Ping CEO on contextual authentication, intelligent identity
Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading
-
E-Zine
10 Jul 2017
The best endpoint security practices are evolving and essential
Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.
The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.
This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.
Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.
Continue Reading -
Feature
10 Jul 2017
Advanced endpoint protection takes on the latest exploits
Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints. Continue Reading
-
Opinion
10 Jul 2017
Do thoughts of your least secure endpoint keep you up at night?
Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies. Continue Reading
-
News
22 Jun 2017
Machine learning in cybersecurity is coming to IAM systems
Machine learning in cybersecurity applications for identity management systems are becoming more common today. But will algorithms be the best option for authenticating and authorizing users? Continue Reading
-
News
21 Jun 2017
Ping embeds multifactor authentication security in mobile apps
At the 2017 Cloud Identity Summit, Ping Identity launched a new software development kit that will embed multifactor authentication security features in mobile apps. Continue Reading
-
Tip
25 May 2017
How SSH key management and security can be improved
The widespread use of SSH keys is posing security risks for enterprises due to poor tracking and management. Expert Michael Cobb explains how some best practices can regain control over SSH. Continue Reading
-
Answer
12 May 2017
How did a Slack vulnerability expose user authentication tokens?
A Slack vulnerability exposed user authentication tokens and enabled hackers to access private data. Expert Matthew Pascucci explains how and why this hack was successful. Continue Reading
-
Tip
10 May 2017
Avoid privilege creep from the software development team
Too often, privilege creep occurs via the software development team, the result of pressure to update or launch apps. Learn what tools and tactics can counter privilege creep. Continue Reading
-
Opinion
19 Apr 2017
Start redrawing your identity and access management roadmap
Securing enterprise systems and information requires an IAM roadmap that helps you identify effective policy, technology and tools. Continue Reading
-
Feature
19 Apr 2017
Identity and access management strategy: Time to modernize?
More likely than not, your company's identity and access management strategy needs an update. Learn how to decide if that's the case and, if so, what you should do now. Continue Reading
-
Guide
11 Apr 2017
How to deal with Identity and access management systems
An identity and access management system is increasingly essential to corporate security, but technological advances have made managing an IAM more complex than ever. Continue Reading
-
Tip
02 Mar 2009
From the gateway to the application: Effective access control strategies
Organizations need to strike a balance between so-called front-door access control and more fine grained controls established within an application itself. This article discusses the difference between products designed to set access at the gateway and complementary application-level controls. You'll learn how gateway-based access control works, the value in managing authorization in a centralized manner and the access control functions left for the application to perform. You'll also learn the role each variety of control plays in moving an organization toward single sign-on. Continue Reading
-
Tip
28 Aug 2008
How to lay the foundation for role entitlement management
Role entitlement management is a daunting task, however, there are steps you can take to lay the foundation for a successful management process. In this tip, expert Rick Lawhorn details these seven steps. Continue Reading
-
Tip
24 Jul 2008
Key management challenges and best practices
Key management is essential to a successful encryption project. In this tip, expert Randy Nash explains the challenges financial organizations face when implementing key management and some of the best practices to overcome them. Continue Reading