Identity and access management
Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.
Top Stories
-
News
25 Sep 2023
Dallas doles out $8.5M to remediate May ransomware attack
The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed. Continue Reading
-
Tip
25 Sep 2023
How to add digital signatures to a PDF
Organizations use digital signatures to secure agreements. Common document applications, such as Adobe Acrobat and macOS Preview, let users quickly add digital signatures to PDFs. Continue Reading
-
News
08 Jun 2022
SANS lists bad backups, cloud abuse as top cyberthreats
A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
-
News
07 Jun 2022
Microsoft details zero-trust transition, challenges
Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022. Continue Reading
-
Tutorial
02 Jun 2022
Improve Azure storage security with access control tutorial
These step-by-step guidelines detail how to grant limited access in Microsoft Azure storage. This best practice helps keep storage secure from internal and external threats. Continue Reading
-
News
24 May 2022
MFA technology is rapidly evolving -- are mandates next?
The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join? Continue Reading
-
Feature
20 May 2022
Apple, Microsoft, Google expand FIDO2 passwordless support
Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
-
News
19 May 2022
Small businesses under fire from password stealers
Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
-
Guest Post
17 May 2022
5 steps to ensure a successful access management strategy
Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
-
News
28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines
From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
-
Feature
27 Apr 2022
Why companies should focus on preventing privilege escalation
If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
-
News
18 Apr 2022
Stolen OAuth tokens lead to 'dozens' of breached GitHub repos
Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
-
News
14 Apr 2022
VMware Workspace One flaw actively exploited in the wild
Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
-
Tutorial
14 Apr 2022
Get started with Azure AD entitlement management automation
Identity governance tasks in Azure Active Directory can be overwhelming, but understanding how to use Microsoft Graph and PowerShell to work with these settings will help. Continue Reading
-
Tip
07 Apr 2022
5 key elements of data tenancy
Data tenancy is a key piece of any data protection scheme and can be crafted around five building blocks to provide safe, secure data access to users. Continue Reading
-
Feature
06 Apr 2022
How secure are one-time passwords from attacks?
Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
-
Feature
04 Apr 2022
How to implement OpenID Connect for single-page applications
The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
-
Feature
04 Apr 2022
How to use OpenID Connect for authentication
OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
-
News
22 Mar 2022
Lapsus$ hacking group hit authentication vendor Okta
Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
-
News
08 Mar 2022
Researchers uncover vulnerabilities in APC Smart-UPS devices
Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading
-
Feature
04 Mar 2022
Use digital identity proofing to verify account creation
Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address. Continue Reading
-
Feature
03 Mar 2022
How to stop malicious or accidental privileged insider attacks
How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
-
Tutorial
01 Mar 2022
Learn to adjust the AdminCount attribute in protected accounts
It's critical to know how to change the settings for protected accounts and groups in Active Directory to avoid serious problems. PowerShell can make quick edits to keep order. Continue Reading
-
Tip
23 Feb 2022
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
-
Tutorial
17 Feb 2022
Build your knowledge of Azure AD conditional access policies
The rapid pace of change in the modern workplace requires new methods to control who has access to what. This Azure Active Directory feature can help IT meet those security goals. Continue Reading
-
News
09 Feb 2022
Google: 2-step verification led to 50% fewer account hacks
Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
-
Guest Post
09 Feb 2022
How automated certificate management helps retain IT talent
Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
-
News
03 Feb 2022
Distrust, feuds building among ransomware groups
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Tip
26 Jan 2022
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
-
Tutorial
20 Dec 2021
How to perform Azure AD bulk operations with PowerShell
Microsoft offers multiple ways to manage users and groups in Azure Active Directory. PowerShell is one option, but it requires knowing which module to use to handle coverage gaps. Continue Reading
-
Tip
14 Dec 2021
Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
Feature
08 Dec 2021
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
-
Tip
06 Dec 2021
Why you should plan to upgrade to Azure AD Connect v2 soon
Administrators who rely on an Azure AD Connect v1 version for hybrid identity with Office 365 should prepare for the impending retirement of several technologies in the utility. Continue Reading
-
Feature
06 Dec 2021
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
-
Guest Post
30 Nov 2021
Enterprise password security guidelines in a nutshell
In this concise guide to passwords, experts at Cyber Tec outline the security problems that put enterprises at risk and offer answers on how to solve them. Continue Reading
-
Tip
30 Nov 2021
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
-
Tip
22 Nov 2021
Top 5 password hygiene tips and best practices
Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
-
News
15 Nov 2021
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
-
News
05 Nov 2021
MVSP: Will Google's security baseline work?
In response to data breaches involving third-party vendors, Google worked alongside vendors to developed what it refers to as a 'vendor-neutral security baseline.' Continue Reading
-
Tip
01 Nov 2021
Adopt 5 best practices for hybrid workplace model security
As hybrid workforce models become the norm due to the pandemic, enterprises should look to best practices to ensure secure unified access for on-premises and WFH employees. Continue Reading
-
Tip
01 Sep 2021
Blockchain for identity management: Implications to consider
Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
-
Guest Post
05 Aug 2021
3 steps to create a low-friction authentication experience
Passwords are no longer sufficient, but more secure authentication methods frustrate users. Explore how to create a low-friction authentication process for improved UX and trust. Continue Reading
-
Tip
03 Aug 2021
10 ways blockchain can improve IAM
DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM. Continue Reading
-
Tip
03 Aug 2021
Federate and secure identities with enterprise BYOI
Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend. Continue Reading
-
Feature
30 Jul 2021
Keycloak tutorial: How to secure different application types
IT pros and developers can secure applications with the open source IAM tool Keycloak. When you don't need to worry about passwords, it reduces the potential attack surface. Continue Reading
-
Feature
30 Jul 2021
Secure applications with Keycloak authentication tool
As we look toward the future of authentication, open source tools, such as Keycloak, provide companies a way to secure applications to its specific needs. Continue Reading
-
Tip
27 Jul 2021
Use a decentralized identity framework to reduce enterprise risk
To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure. Continue Reading
-
Answer
23 Jul 2021
Best practices to conduct a user access review
User entitlement reviews ensure only authorized users have access to essential systems and data. Uncover the steps of a user access review and helpful best practices. Continue Reading
-
Answer
19 Jul 2021
The top 7 identity and access management risks
An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that might arise? Continue Reading
-
Tip
12 Jul 2021
How to implement machine identity management for security
In IAM, companies must consider whether machines, applications and devices have the appropriate identities and access authorizations when communicating behind the scenes. Continue Reading
-
Feature
12 Jul 2021
5 IAM trends shaping the future of security
The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help. Continue Reading
-
Quiz
01 Jul 2021
Test yourself with this e-learning authentication quizlet
Integrity and authentication are two evergreen security topics. Try this quick quiz from Technic Publication's PebbleU, and see where to focus your continuing education. Continue Reading
-
Feature
23 Jun 2021
10 identity and access management tools to protect networks
IAM tools keep enterprises safe by ensuring only authorized users can access sensitive data and applications. Read this in-depth product overview of top tools on the market. Continue Reading
-
Feature
08 Jun 2021
How cloud adoption is shaping digital identity trends in 2021
Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust. Continue Reading
-
Tip
07 Jun 2021
Corral superuser access via SDP, privileged access management
Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM? Continue Reading
-
Quiz
25 May 2021
Try this cloud identity and access management quiz
Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date. Continue Reading
-
News
14 May 2021
'Scheme flooding' bug threatens to sink user privacy
Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN. Continue Reading
-
Tip
15 Apr 2021
Get to know cloud-based identity governance capabilities
As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options. Continue Reading
-
News
05 Apr 2021
Remote work increases demand for zero-trust security
One year after lockdowns and office closures prompted a massive, hurried move to remote work, many enterprises are reexamining their security posture. Continue Reading
-
News
04 Mar 2021
Microsoft makes passwordless push in Azure Active Directory
To adapt to security challenges like remote work and increasingly sophisticated threats, Microsoft is building a passwordless ecosystem within Azure Active Directory. Continue Reading
-
News
04 Mar 2021
Okta acquires identity rival Auth0 for $6.5 billion
Okta CEO Todd McKinnon said Auth0 shares his company's vision to establish identity services as one of the 'primary clouds' for enterprises, such as IaaS and collaboration. Continue Reading
-
Podcast
12 Feb 2021
Risk & Repeat: Oldsmar water plant breach raises concerns
This week's Risk & Repeat podcast looks at how an unknown threat actor used TeamViewer to manipulate chemical levels in a water treatment facility in Oldsmar, Fla. Continue Reading
-
Tip
08 Feb 2021
7 privileged access management best practices
Privileged access is a given in enterprise environments, but it presents many security issues if breached. Follow these seven PAM best practices to mitigate risk. Continue Reading
-
Guest Post
29 Jan 2021
The security battle over entitlements and permissions creep
IT must continually keep track of entitlements and permissions for all their cloud services, with methods such as CI/CD tools, increased visibility and continuous monitoring. Continue Reading
-
News
26 Jan 2021
Zero trust 2.0: Google unveils BeyondCorp Enterprise
BeyondCorp Enterprise, which replaces Google's BeyondCorp Remote Access, uses the Chrome browser to extend the zero-trust platform to customers for continuous authentication. Continue Reading
-
News
20 Jan 2021
FireEye releases new tool to fight SolarWinds hackers
The new tool, dubbed Azure AD Investigator, will help audit Microsoft 365 environments for techniques used by the nation-state actors behind the SolarWinds supply chain attack. Continue Reading
-
Tip
14 Jan 2021
Select a customer IAM architecture to boost business, security
Not all customer IAM platforms are created equal. Will a security-focused or marketing-focused CIAM architecture best meet your organization's needs? Read on for help deciding. Continue Reading
-
News
11 Jan 2021
5 cybersecurity vendors to watch in 2021
Despite the COVID-19 pandemic and economic setbacks, 2020 was another big year for investments in cybersecurity vendors. Here are five startups that stood out from the crowd. Continue Reading
-
Feature
11 Jan 2021
Biometric security technology could see growth in 2021
Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits. Continue Reading
-
News
07 Jan 2021
Defending against SolarWinds attacks: What can be done?
While no defense is guaranteed, zero-trust access and behavioral monitoring can be useful against nation-state hackers and threats like the SolarWinds attacks. Continue Reading
-
Tip
06 Jan 2021
Organize a cloud IAM team to secure software-defined assets
Building a cloud IAM team with the necessary technical expertise and soft skills is key to securely managing IAM in complex cloud environments. Continue Reading
-
News
28 Oct 2020
Ping Identity launches passwordless authentication system
Ping's new suite of authentication features looks to secure accounts and login processes by eliminating the need for usernames and passwords, which are often reused and an easy target. Continue Reading
-
Quiz
05 Oct 2020
Quiz: Network security authentication methods
There are many methods available to authenticate users requesting access to an organization's systems. Test your knowledge with this quiz on authentication in network security. Continue Reading
-
Feature
29 Sep 2020
Explore self-sovereign identity use cases and benefits
The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
-
Feature
29 Sep 2020
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading
-
News
15 Sep 2020
Gartner: Privileged access management a must in 2020
Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials. Continue Reading
-
Answer
10 Sep 2020
Manage unsuccessful login attempts with account lockout policy
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to prevent credential-based attacks. Continue Reading
-
Tip
03 Aug 2020
The pros and cons of biometric authentication
Hoping for a passwordless future? Multifactor authentication using biometrics may be the answer. Consider the pros, cons and implications of biometric authentication before deploying. Continue Reading
-
Tip
31 Jul 2020
6 persistent enterprise authentication security issues
Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues. Continue Reading
-
Tip
06 Jul 2020
How IAM systems support compliance
IAM is a key component of any security strategy, but its role in regulatory compliance is just as crucial. Read up on features and processes to make IAM work for your enterprise. Continue Reading
-
News
18 Jun 2020
New Cisco Webex vulnerability exposes authentication tokens
Trustwave SpiderLabs researchers disclosed a vulnerability in Cisco Webex software that leaks information stored in memory, including authentication tokens. Continue Reading
-
Answer
16 Jun 2020
6 key identity and access management benefits
Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework. Continue Reading
-
Answer
16 Jun 2020
Identity management vs. authentication: Know the difference
Andrew Froehlich breaks down how authentication and identity management differ and how each of them are intrinsic to an identity and access management framework. Continue Reading
-
Tip
15 Jun 2020
In biometrics, security concerns span technical, legal and ethical
Biometrics are increasingly being used for enterprise security, but they are not without technical, legal and ethical concerns, which teams must address before deployment. Continue Reading
-
Tip
11 Jun 2020
3 key identity management tips to streamline workflows
Organizations must audit IAM processes to ensure that opportunities to streamline workflows are not missed. Use these identity management tips to get started. Continue Reading
-
Tip
09 Jun 2020
How to ensure security for 3 types of digital identity
Enterprise identity and access management strategies must include processes for managing and securing three types of digital identity. Learn how. Continue Reading
-
Feature
05 Jun 2020
How to build an effective IAM architecture
Identity and access management is changing and so must strategies for managing it. Read up on IAM architecture approaches and how to select the best for your organization. Continue Reading
-
Tip
03 Jun 2020
4 essential identity and access management best practices
Now is the time to shore up the who, what and where of network identities. Adopt these four critical identity and access management best practices to bolster your infosec program. Continue Reading
-
Feature
27 May 2020
Top 3 advantages of smart cards -- and potential disadvantages
As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
-
News
23 Apr 2020
COVID-19 strains critical certificate authority processes
Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
-
News
08 Apr 2020
Researchers beat fingerprint authentication with 3D printing scheme
New research by Cisco Talos shows popular fingerprint scanning technology can be defeated by lifting actual fingerprints and reproducing them through 3D printers. Continue Reading
-
Tip
06 Apr 2020
SASE identity policies enhance security and access control
Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model. Continue Reading
-
Opinion
12 Mar 2020
The future of facial recognition after the Clearview AI data breach
The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition? Continue Reading
-
Opinion
03 Mar 2020
Idaptive adds new remote employee onboarding option & passwordless authentication to Next-Gen Access
Seeing more and more vendors jump on the passwordless train makes my heart swell! Continue Reading
-
Tip
25 Feb 2020
Tackle identity management in the cloud with AaaS or IDaaS
Has your organization considered outsourcing cloud identity management? Learn more about the benefits of AaaS, aka IDaaS, and what to consider before settling on a particular service. Continue Reading
-
Feature
18 Feb 2020
Zero-trust model case study: One CISO's experience
Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises. Continue Reading
-
Opinion
10 Feb 2020
Idaptive is taking machine learning for authentication and applying it to authorization
We’ve seen AI/ML/analytics used for figuring out if a user is who they say they are. Now, how about if they’re doing what they should? Continue Reading
-
Feature
31 Jan 2020
Can IDaaS adoption improve enterprise security posture?
Experts suggest enterprises consider identity as a service as organizations' data management needs grow and access management becomes more complex. Continue Reading
-
Opinion
27 Jan 2020
Where does 1Password Enterprise Password Manager fit in the EUC landscape?
Reduce the chance of a breach due to poor password habits with password vaulting. Continue Reading