Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

News 27 Mar 2023
Zoom launches Okta Authentication for E2EE to verify identity

Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
News 09 Mar 2023
GitHub 2FA plan adds SMS, account lockout safeguards

GitHub has added SMS support and fresh account lockout prevention features to its phased rollout plans as it prepares to implement a 2FA requirement for accounts beginning Monday. Continue Reading

News 15 Nov 2021

Microsoft releases out-of-band update for Windows Server

Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
News 05 Nov 2021

MVSP: Will Google's security baseline work?

In response to data breaches involving third-party vendors, Google worked alongside vendors to developed what it refers to as a 'vendor-neutral security baseline.' Continue Reading
Tip 01 Nov 2021

Adopt 5 best practices for hybrid workplace model security

As hybrid workforce models become the norm due to the pandemic, enterprises should look to best practices to ensure secure unified access for on-premises and WFH employees. Continue Reading
Tip 01 Sep 2021

Blockchain for identity management: Implications to consider

Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
Guest Post 05 Aug 2021

3 steps to create a low-friction authentication experience

Passwords are no longer sufficient, but more secure authentication methods frustrate users. Explore how to create a low-friction authentication process for improved UX and trust. Continue Reading
Tip 03 Aug 2021

10 ways blockchain can improve IAM

DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM. Continue Reading
Tip 03 Aug 2021

Federate and secure identities with enterprise BYOI

Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend. Continue Reading
Feature 30 Jul 2021

Keycloak tutorial: How to secure different application types

IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
Feature 30 Jul 2021

Secure applications with Keycloak authentication tool

As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
Tip 27 Jul 2021

Use a decentralized identity framework to reduce enterprise risk

To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure. Continue Reading
Answer 23 Jul 2021

Best practices to conduct a user access review

User entitlement reviews ensure only authorized users have access to essential systems and data. Uncover the steps of a user access review and helpful best practices. Continue Reading
Answer 19 Jul 2021

The top 7 identity and access management risks

An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that might arise? Continue Reading
Tip 12 Jul 2021

How to implement machine identity management for security

In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
Feature 12 Jul 2021

5 IAM trends shaping the future of security

The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help. Continue Reading
Quiz 01 Jul 2021

Test yourself with this e-learning authentication quizlet

Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
Feature 23 Jun 2021

10 identity and access management tools to protect networks

IAM tools keep enterprises safe by ensuring only authorized users can access sensitive data and applications. Read this in-depth product overview of top tools on the market. Continue Reading
Feature 08 Jun 2021

How cloud adoption is shaping digital identity trends in 2021

Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust. Continue Reading
Tip 07 Jun 2021

Corral superuser access via SDP, privileged access management

Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM? Continue Reading
Quiz 25 May 2021

Try this cloud identity and access management quiz

Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date. Continue Reading
News 14 May 2021

'Scheme flooding' bug threatens to sink user privacy

Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN. Continue Reading
Tip 15 Apr 2021

Get to know cloud-based identity governance capabilities

As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options. Continue Reading
News 05 Apr 2021

Remote work increases demand for zero-trust security

One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture. Continue Reading
News 04 Mar 2021

Microsoft makes passwordless push in Azure Active Directory

To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory. Continue Reading
News 04 Mar 2021

Okta acquires identity rival Auth0 for $6.5 billion

Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration. Continue Reading
Podcast 12 Feb 2021

Risk & Repeat: Oldsmar water plant breach raises concerns

This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla. Continue Reading
Tip 08 Feb 2021

7 privileged access management best practices

Privileged access is a given in enterprise environments, but it presents many security issues if breached. Follow these seven PAM best practices to mitigate risk. Continue Reading
Guest Post 29 Jan 2021

The security battle over entitlements and permissions creep

IT must continually keep track of entitlements and permissions for all their cloud services, with methods such as CI/CD tools, increased visibility and continuous monitoring. Continue Reading
News 26 Jan 2021

Zero trust 2.0: Google unveils BeyondCorp Enterprise

BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication. Continue Reading
News 20 Jan 2021

FireEye releases new tool to fight SolarWinds hackers

The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack. Continue Reading
Tip 14 Jan 2021

Select a customer IAM architecture to boost business, security

Not all customer IAM platforms are created equal. Will a security-focused or marketing-focused CIAM architecture best meet your organization's needs? Read on for help deciding. Continue Reading
News 11 Jan 2021

5 cybersecurity vendors to watch in 2021

Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd. Continue Reading
Feature 11 Jan 2021

Biometric security technology could see growth in 2021

Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits. Continue Reading
News 07 Jan 2021

Defending against SolarWinds attacks: What can be done?

While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks. Continue Reading
Tip 06 Jan 2021

Organize a cloud IAM team to secure software-defined assets

Building a cloud IAM team with the necessary technical expertise and soft skills is key to securely managing IAM in complex cloud environments. Continue Reading
News 28 Oct 2020

Ping Identity launches passwordless authentication system

Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target. Continue Reading
Quiz 05 Oct 2020

Quiz: Network security authentication methods

There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security. Continue Reading
Feature 29 Sep 2020

Explore self-sovereign identity use cases and benefits

The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
Feature 29 Sep 2020

How self-sovereign identity principles suit the modern world

There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading
News 15 Sep 2020

Gartner: Privileged access management a must in 2020

Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials. Continue Reading
Answer 10 Sep 2020

Manage unsuccessful login attempts with account lockout policy

Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to prevent credential-based attacks. Continue Reading
Tip 03 Aug 2020

The pros and cons of biometric authentication

Hoping for a passwordless future? Multifactor authentication using biometrics may be the answer. Consider the pros, cons and implications of biometric authentication before deploying. Continue Reading
Tip 31 Jul 2020

6 persistent enterprise authentication security issues

Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues. Continue Reading
Tip 06 Jul 2020

How IAM systems support compliance

IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise. Continue Reading
Answer 30 Jun 2020

How to use a public key and private key in digital signatures

Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
News 18 Jun 2020

New Cisco Webex vulnerability exposes authentication tokens

Trustwave SpiderLabs researchers disclosed a vulnerability in Cisco Webex software that leaks information stored in memory, including authentication tokens. Continue Reading
Answer 16 Jun 2020

6 key identity and access management benefits

Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework. Continue Reading
Answer 16 Jun 2020

Identity management vs. authentication: Know the difference

Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework. Continue Reading
Tip 15 Jun 2020

In biometrics, security concerns span technical, legal and ethical

Biometrics are increasingly being used for enterprise security, but they are not without technical, legal and ethical concerns, which teams must address before deployment. Continue Reading
Tip 11 Jun 2020

3 key identity management tips to streamline workflows

Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading
Tip 09 Jun 2020

How to ensure security for 3 types of digital identity

Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how. Continue Reading
Feature 05 Jun 2020

How to build an effective IAM architecture

Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization. Continue Reading
Tip 03 Jun 2020

4 essential identity and access management best practices

Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program. Continue Reading
Feature 27 May 2020

Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
News 23 Apr 2020

COVID-19 strains critical certificate authority processes

Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
News 08 Apr 2020

Researchers beat fingerprint authentication with 3D printing scheme

New research by Cisco Talos shows popular fingerprint scanning technology can be defeated by lifting actual fingerprints and reproducing them through 3D printers. Continue Reading
Tip 06 Apr 2020

SASE identity policies enhance security and access control

Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model. Continue Reading
Opinion 12 Mar 2020

The future of facial recognition after the Clearview AI data breach

The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition? Continue Reading
Opinion 03 Mar 2020

Idaptive adds new remote employee onboarding option & passwordless authentication to Next-Gen Access

Seeing more and more vendors jump on the passwordless train makes my heart swell! Continue Reading
Tip 25 Feb 2020

Tackle identity management in the cloud with AaaS or IDaaS

Has your organization considered outsourcing cloud identity management? Learn more about the benefits of AaaS, aka IDaaS, and what to consider before settling on a particular service. Continue Reading
Feature 18 Feb 2020

Zero-trust model case study: One CISO's experience

Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises. Continue Reading
Opinion 10 Feb 2020

Idaptive is taking machine learning for authentication and applying it to authorization

We’ve seen AI/ML/analytics used for figuring out if a user is who they say they are. Now, how about if they’re doing what they should? Continue Reading
Feature 31 Jan 2020

Can IDaaS adoption improve enterprise security posture?

Experts suggest enterprises consider identity as a service as organizations' data management needs grow and access management becomes more complex. Continue Reading
Opinion 27 Jan 2020

Where does 1Password Enterprise Password Manager fit in the EUC landscape?

Reduce the chance of a breach due to poor password habits with password vaulting. Continue Reading
News 23 Jan 2020

AWS leak exposes passwords, private keys on GitHub

UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys. Continue Reading
Answer 22 Jan 2020

What are the most common digital authentication methods?

In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal. Continue Reading
Answer 21 Jan 2020

How effective are traditional authentication methods?

Are you up to date on the most popular digital authentication methods and their potential cybersecurity risks? Learn how the right technology can improve and secure access management. Continue Reading
Tip 02 Jan 2020

5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are five steps to a secure cloud control plane. Continue Reading
Opinion 17 Dec 2019

Login.gov starts to fill the gap between social logins and enterprise identities

Access federal services with a service designed for governmental use but that uses common standards. Continue Reading
News 13 Dec 2019

RSA teams up with Yubico for passwordless authentication

RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit. Continue Reading
Tip 20 Nov 2019

How to use and manage BitLocker encryption

Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it. Continue Reading
News 07 Nov 2019

SSL certificate abuse drives growing number of phishing attacks

Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse. Continue Reading
Opinion 29 Oct 2019

How to go passwordless if not all your apps support modern authentication standards

We want to eliminate passwords ASAP, unfortunately, some older apps can stand in the way of progress—thankfully, some identity providers devised solutions. Continue Reading
Tip 22 Oct 2019

How to address cloud IAM challenges

Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges. Continue Reading
Opinion 17 Oct 2019

Okta competing with Microsoft, Google, and others in passwordless offerings

While giants Microsoft and Google try leading the passwordless charge, Okta also plans to help organizations cut down on password use. Continue Reading
Opinion 14 Oct 2019

Okta is making big investments in on-premises identity

Okta is also working to bring more context into access decisions. Continue Reading
Opinion 09 Oct 2019

How far is Google going in eliminating passwords?

We looked at Microsoft, let’s see how a couple other vendors are doing as well, starting with Google. Continue Reading
News 03 Oct 2019

Ping Identity launches identity and access management tool

PingCentral aims to streamline the identity and access management processes and bridge the gap between IAM teams and application teams to improve productivity. Continue Reading
Opinion 24 Sep 2019

When will we finally ditch passwords? Here’s Microsoft’s 4-step plan

Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap? Continue Reading
News 17 Sep 2019

Researcher finds digital certificate fraud used to spread malware

A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware. Continue Reading
Opinion 17 Sep 2019

A look at ID proofing: bootstrapping a digital ID using a mobile device and physical ID

For the moment, it’s more for B2C than for employees, but it’s poised to keep spreading. Continue Reading
Answer 16 Sep 2019

What's the purpose of CAPTCHA technology and how does it work?

Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections. Continue Reading
News 08 Aug 2019

'Dupe' there it is: SAML authentication bypass threatens Microsoft

Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key confusion,' which allows threat actors to bypass Microsoft's SAML token validation. Continue Reading
News 02 Aug 2019

CloudKnox Security adds privileged access features to platform

CloudKnox Security updated its Cloud Security Platform with features such as Privilege-on-Demand, Auto-Remediation for Machine Identities and Anomaly Detection. Continue Reading
Feature 01 Aug 2019

New tech steers identity and access management evolution

IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets. Continue Reading
01 Aug 2019

New tech steers identity and access management evolution

Continue Reading
Opinion 01 Aug 2019

Is your identity management up to the task?

IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle. Continue Reading
01 Aug 2019

Is your identity management up to the task?

Continue Reading
E-Zine 01 Aug 2019

Managing identity and access well unlocks strong security

Continue Reading
Tip 25 Jul 2019

How to limit the cloud security blast radius of credential attacks

Explore how the security blast radius concept, which has admins evaluating how to assess and limit the damage of a threat, can be applied to cloud identity and access management. Continue Reading
News 24 Jul 2019

Citrix breach blamed on poor password security

An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen. Continue Reading
Opinion 24 Jul 2019

What's the difference between a password and a PIN?

A question I've always had but was too afraid to ask when I first learned about passwordless experiences. Continue Reading
Opinion 23 Jul 2019

A look at MobileIron’s zero sign-on and passwordless authentication plans

MobileIron’s “zero sign-on” tech uses phones to authenticate when accessing SaaS apps from unmanaged devices. Continue Reading
News 19 Jul 2019

Enzoic for Active Directory brings continuous password protection

Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live database of common or vulnerable passwords. Continue Reading
News 19 Jul 2019

CyberArk brings updates to privileged access security offering

CyberArk introduces CyberArk Alero to its privileged access management product lineup, in addition to other endpoint management and cloud offering updates. Continue Reading
Tip 17 Jul 2019

The benefits of IAM can far outweigh the costs

Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network. Continue Reading
News 09 Jul 2019

OneLogin Desktop Pro for Windows reduces password load

By eliminating the need for remote workers to sign into Active Directory to access their network, OneLogin's Desktop Pro for Windows aims to make working remotely easier, according to the vendor. Continue Reading
News 08 Jul 2019

Ipsidy's Identity Portal uses biometrics for secure access

Identity Portal by Ipsidy uses biometric authorization methods to ensure secure account access, enable users to verify changes, protect customers from fraudulent phone calls, and more. Continue Reading
Tip 27 Jun 2019

Where does IMAP security fall short, and how can it be fixed?

Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates. Continue Reading
Feature 27 Jun 2019

Words to go: Identity and access management security

IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
Tip 25 Jun 2019

What identity governance tools can do for your organization

Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data. Continue Reading

1
2
3
4
5

Networking

Analysis of 7 single-vendor SASE platforms
This analysis by SD-WAN Experts compares some of the major single-vendor SASE options in the market, looking at strengths, ...
Explore private wireless network vendor options
Private wireless networks can be difficult to deploy. Networking vendors -- such as Celona, Cradlepoint and Extenet -- offer ...
How to build an SD-WAN RFP to evaluate vendors
There are key questions that belong in your SD-WAN request for proposal. Use them to better assess vendor features and ...

CIO

3 strategies CIOs can use to improve IT's efficiency
In uncertain times, CIOs need to take appropriate measures to improve IT efficiency. These practical strategies can also ...
Top 10 enterprise technology trends for 2023
IT investments underpin an organizational performance and help businesses gain a competitive edge. That's why CIOs and IT leaders...
IT leaders drive evolution of digital transformation
Some CIOs are redefining digital transformation, while others abandon the term. What comes next will feature smaller projects, ...

Enterprise Desktop

Costs to migrate from Windows 10 to 11
Each organization's cost to migrate to Windows 11 will be slightly different depending on existing licenses, so IT teams should ...
9 end-user experience monitoring tools to know
The end-user experience monitoring market is chock-full of options that can be confusing to keep track of. Take a look at nine ...
Translating the experience optimization products' acronyms
When organizations look for software and services that can help monitor users, customers and IT system functionality, they need ...

Cloud Computing

Is a cloud-first strategy right for you?
A cloud-first strategy has its fair share of advantages and disadvantages. Learn how to avoid risks and build a strategy that is ...
How to use startup scripts in Google Cloud
Google Cloud lets you use startup scripts when booting VMs to improve security and reliability. Follow these steps to create your...
When to use AWS Compute Optimizer vs. Cost Explorer
AWS Compute Optimizer and Cost Explorer monitor, analyze and optimize your cloud costs. Compare the two tools to choose which is ...

ComputerWeekly.com

IBM Storage launched with backup appliance plan
Prosaically named brand will replace Spectrum products, while IBM rationalises offer for AI/ML, hybrid cloud and malware, which ...
Alan Turing Institute unveils strategy to support UK AI
The strategy is built around helping the UK government realise its artificial intelligence ambitions, and focuses on areas where ...
Cisco enhances hybrid work with AI Webex innovations
Comms tech giant makes AI-powered enhancements to collaboration offering, encompassing devices and customer experience to deliver...

Close