Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

News 22 Nov 2022
Google's new YARA rules fight malicious Cobalt Strike use

Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted. Continue Reading
News 17 Nov 2022
CISA: Iranian APT actors compromised federal network

CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access. Continue Reading

News 15 Nov 2022

Twitter users experience apparent SMS 2FA disruption

The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed. Continue Reading
Feature 08 Nov 2022

5 ways to overcome multifactor authentication vulnerabilities

Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
Tip 26 Oct 2022

Why it's time to expire mandatory password expiration policies

Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security. Continue Reading
Tip 24 Oct 2022

6 ways to prevent privilege escalation attacks

Privileges dictate the access a user or device gets on a network. Hackers who access these privileges can create tremendous damage. But there are ways to keep your networks safe. Continue Reading
Tip 12 Oct 2022

An overview of the CISA Zero Trust Maturity Model

A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
Tip 07 Oct 2022

Perimeter security vs. zero trust: It's time to make the move

Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
Opinion 29 Sep 2022

Multifactor authentication isn't perfect, passwordless is better

Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy. Continue Reading
Tip 28 Sep 2022

Why zero trust requires microsegmentation

Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located. Continue Reading
News 21 Sep 2022

Cybercriminals launching more MFA bypass attacks

New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
News 19 Sep 2022

Rockstar Games confirms hack after 'Grand Theft Auto' leak

A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games. Continue Reading
News 16 Sep 2022

Uber responds to possible breach following hacker taunts

Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network. Continue Reading
News 13 Sep 2022

Secureworks reveals Azure Active Directory flaws

Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
News 01 Sep 2022

Researcher unveils smart lock hack for fingerprint theft

An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Tip 18 Aug 2022

What is identity sprawl and how can it be managed?

With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed. Continue Reading
Tip 15 Aug 2022

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
Opinion 11 Aug 2022

Why 2023 is the year of passwordless authentication

Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
Feature 11 Aug 2022

What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
News 10 Aug 2022

Ermetic addresses IAM weaknesses in multi-cloud environments

Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
News 03 Aug 2022

Amazon CSO Steve Schmidt preaches fungible resources, MFA

In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
News 03 Aug 2022

Thoma Bravo to acquire Ping Identity for $2.8B

Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday. Continue Reading
Tip 27 Jul 2022

SSH2 vs. SSH1 and why SSH versions still matter

The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
News 26 Jul 2022

AWS issues MFA call to action at re:Inforce 2022

To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
Tip 22 Jul 2022

Top 10 enterprise data security best practices

To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
Feature 08 Jul 2022

Top 7 types of data security technology

These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
News 23 Jun 2022

Access management issues may create security holes

Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches. Continue Reading
News 15 Jun 2022

Microsoft takes months to fix critical Azure Synapse bug

Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
Feature 10 Jun 2022

3 types of PKI certificates and their use cases

Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
Answer 09 Jun 2022

Are 14-character minimum-length passwords secure enough?

When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe. Continue Reading
News 08 Jun 2022

SANS lists bad backups, cloud abuse as top cyberthreats

A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
News 07 Jun 2022

Microsoft details zero-trust transition, challenges

Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022. Continue Reading
News 24 May 2022

MFA technology is rapidly evolving -- are mandates next?

The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join? Continue Reading
Feature 20 May 2022

Apple, Microsoft, Google expand FIDO2 passwordless support

Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
News 19 May 2022

Small businesses under fire from password stealers

Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
Guest Post 17 May 2022

5 steps to ensure a successful access management strategy

Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
News 28 Apr 2022

Lapsus$ targeting SharePoint, VPNs and virtual machines

From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
Feature 27 Apr 2022

Why companies should focus on preventing privilege escalation

If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
News 18 Apr 2022

Stolen OAuth tokens lead to 'dozens' of breached GitHub repos

Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
News 14 Apr 2022

VMware Workspace One flaw actively exploited in the wild

Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
Feature 06 Apr 2022

How secure are one-time passwords from attacks?

Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
Feature 04 Apr 2022

How to implement OpenID Connect for single-page applications

The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
Feature 04 Apr 2022

How to use OpenID Connect for authentication

OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
News 22 Mar 2022

Lapsus$ hacking group hit authentication vendor Okta

Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
Tip 15 Mar 2022

Top 3 Web3 security and business risks

The third iteration of the internet is quickly coming to fruition. With Web3 comes an evolution in business risks, however, as well as susceptibility to traditional risks. Continue Reading
News 08 Mar 2022

Researchers uncover vulnerabilities in APC Smart-UPS devices

Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading
Feature 04 Mar 2022

Use digital identity proofing to verify account creation

Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address. Continue Reading
Feature 03 Mar 2022

How to stop malicious or accidental privileged insider attacks

How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
Tip 23 Feb 2022

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
Tip 10 Feb 2022

6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
News 09 Feb 2022

Google: 2-step verification led to 50% fewer account hacks

Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
Guest Post 09 Feb 2022

How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
News 03 Feb 2022

Distrust, feuds building among ransomware groups

In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
Tip 31 Jan 2022

8 best practices for blockchain security

In a world of decentralized record-keeping, remember all emerging technologies come with their own security risks. Follow these eight best practices to minimize the risk. Continue Reading
Tip 21 Jan 2022

How to start implementing passwordless authentication today

Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
Tip 14 Dec 2021

Use these 6 user authentication types to secure networks

One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
Tip 14 Dec 2021

4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
Feature 08 Dec 2021

Is a passwordless future getting closer to reality?

Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
Feature 06 Dec 2021

Passwordless authentication issues to address before adoption

The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
Guest Post 30 Nov 2021

Enterprise password security guidelines in a nutshell

In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
Tip 30 Nov 2021

How to create a company password policy, with template

Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
Tip 22 Nov 2021

Top 5 password hygiene tips and best practices

Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
News 15 Nov 2021

Microsoft releases out-of-band update for Windows Server

Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
News 05 Nov 2021

MVSP: Will Google's security baseline work?

In response to data breaches involving third-party vendors, Google worked alongside vendors to developed what it refers to as a 'vendor-neutral security baseline.' Continue Reading
Tip 01 Nov 2021

Adopt 5 best practices for hybrid workplace model security

As hybrid workforce models become the norm due to the pandemic, enterprises should look to best practices to ensure secure unified access for on-premises and WFH employees. Continue Reading
Tip 01 Sep 2021

Blockchain for identity management: Implications to consider

Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
Guest Post 05 Aug 2021

3 steps to create a low-friction authentication experience

Passwords are no longer sufficient, but more secure authentication methods frustrate users. Explore how to create a low-friction authentication process for improved UX and trust. Continue Reading
Tip 03 Aug 2021

10 ways blockchain can improve IAM

DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM. Continue Reading
Tip 03 Aug 2021

Federate and secure identities with enterprise BYOI

Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend. Continue Reading
Feature 30 Jul 2021

Keycloak tutorial: How to secure different application types

IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
Feature 30 Jul 2021

Secure applications with Keycloak authentication tool

As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
Tip 27 Jul 2021

Use a decentralized identity framework to reduce enterprise risk

To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure. Continue Reading
Answer 23 Jul 2021

Best practices to conduct a user access review

User entitlement reviews ensure only authorized users have access to essential systems and data. Uncover the steps of a user access review and helpful best practices. Continue Reading
Answer 19 Jul 2021

The top 7 identity and access management risks

An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that might arise? Continue Reading
Tip 12 Jul 2021

How to implement machine identity management for security

In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
Feature 12 Jul 2021

5 IAM trends shaping the future of security

The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help. Continue Reading
Quiz 01 Jul 2021

Test yourself with this e-learning authentication quizlet

Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
Feature 23 Jun 2021

10 identity and access management tools to protect networks

IAM tools keep enterprises safe by ensuring only authorized users can access sensitive data and applications. Read this in-depth product overview of top tools on the market. Continue Reading
Feature 08 Jun 2021

How cloud adoption is shaping digital identity trends in 2021

Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust. Continue Reading
Tip 07 Jun 2021

Corral superuser access via SDP, privileged access management

Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM? Continue Reading
Quiz 25 May 2021

Try this cloud identity and access management quiz

Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date. Continue Reading
News 14 May 2021

'Scheme flooding' bug threatens to sink user privacy

Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN. Continue Reading
Tip 15 Apr 2021

Get to know cloud-based identity governance capabilities

As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options. Continue Reading
News 05 Apr 2021

Remote work increases demand for zero-trust security

One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture. Continue Reading
News 04 Mar 2021

Microsoft makes passwordless push in Azure Active Directory

To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory. Continue Reading
News 04 Mar 2021

Okta acquires identity rival Auth0 for $6.5 billion

Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration. Continue Reading
Podcast 12 Feb 2021

Risk & Repeat: Oldsmar water plant breach raises concerns

This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla. Continue Reading
Tip 08 Feb 2021

7 privileged access management best practices

Privileged access is a given in enterprise environments, but it presents many security issues if breached. Follow these seven PAM best practices to mitigate risk. Continue Reading
Guest Post 29 Jan 2021

The security battle over entitlements and permissions creep

IT must continually keep track of entitlements and permissions for all their cloud services, with methods such as CI/CD tools, increased visibility and continuous monitoring. Continue Reading
News 26 Jan 2021

Zero trust 2.0: Google unveils BeyondCorp Enterprise

BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication. Continue Reading
News 20 Jan 2021

FireEye releases new tool to fight SolarWinds hackers

The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack. Continue Reading
Tip 14 Jan 2021

Select a customer IAM architecture to boost business, security

Not all customer IAM platforms are created equal. Will a security-focused or marketing-focused CIAM architecture best meet your organization's needs? Read on for help deciding. Continue Reading
News 11 Jan 2021

5 cybersecurity vendors to watch in 2021

Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd. Continue Reading
Feature 11 Jan 2021

Biometric security technology could see growth in 2021

Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits. Continue Reading
News 07 Jan 2021

Defending against SolarWinds attacks: What can be done?

While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks. Continue Reading
Tip 06 Jan 2021

Organize a cloud IAM team to secure software-defined assets

Building a cloud IAM team with the necessary technical expertise and soft skills is key to securely managing IAM in complex cloud environments. Continue Reading
News 28 Oct 2020

Ping Identity launches passwordless authentication system

Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target. Continue Reading
Quiz 05 Oct 2020

Quiz: Network security authentication methods

There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security. Continue Reading
Feature 29 Sep 2020

Explore self-sovereign identity use cases and benefits

The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
Feature 29 Sep 2020

How self-sovereign identity principles suit the modern world

There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading

1
2
3
4

Networking

5 most valuable wireless network certifications
Wireless networking skills are in high demand. Having a top-notch wireless network certification can help networking newbies and ...
A history of wireless for business and a look forward
This history of enterprise wireless takes you from WLAN development inside the enterprise to cellular data services outside the ...
Evaluate various SASE approaches for deployment
Enterprises must choose between single- or multivendor SASE approaches, as well as DIY or managed service options. Experts ...

CIO

Federal, private work spurs Earth observation advancements
Earth observation is a primary driver of the global space economy and something federal agencies are partnering with commercial ...
Top 9 blockchain platforms to consider in 2023
Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most ...
A rising space industry will create new jobs and products
A growing space industry is creating business opportunities in space, ranging from Earth observation and communications to space ...

Enterprise Desktop

How to monitor Windows files and which tools to use
Monitoring files on Windows systems is critical to detect suspicious activities, but there are so many files and folders to keep ...
How will Microsoft Loop affect the Microsoft 365 service
While Microsoft Loop is not yet generally available, Microsoft has released details about how Loop can connect users and projects...
Latest Windows 11 update adds tabbed File Explorer
The latest Windows 11 update offers a tabbed File Explorer for rearranging files and switching between folders. The OS also ...

Cloud Computing

Reynolds runs its first cloud test in manufacturing
The maker of popular household brands will decide whether an IoT system from DXC Technology will help reduce natural gas use in ...
A conference guide to AWS re:Invent 2022
Explore the latest news, product releases and technology updates, as well as analysis and expert advice from AWS re:Invent 2022 ...
Rise in Nutanix revenue driven by subscription renewals
Nutanix revenues jumped 15% thanks to more users renewing their subscriptions. The company also reported positive quarterly ...

ComputerWeekly.com

The future is SASE: Transform your enterprise network for good
Less than a year after it received an official name, Secure Access Service Edge has started to disrupt the networking and ...
DCMS to assess UK semiconductor industry
The ongoing global chip crisis, geopolitician tension with China and deal-blocking are the backdrop to this latest assessment
How HashiCorp is driving cloud provisioning and management
HashiCorp CEO Dave McJannet talks up how the company is supporting cloud provisioning in a hybrid environment and its investments...

Close