Author Archive

General Information
User Name Clango
Fullname Clango
Bio
Website
Member Since June 19, 2019

How to Choose the Right Privileged Access Management Solution

Researchers who study large-scale data breaches have concluded that nearly all successful attacks involve privileged account compromise. In the 2017 Yahoo! breach, attackers began by stealing a user’s credentials, then harvested privileged credentials from the local PC in order to gain access to higher-level assets. The 2015 attacks on the U.S. Office of Personnel Management (OPM) followed a similar...

Seven Types of Privileged Accounts That Require Strong Security

In our last post, we explained the difference between privileged identity management (PIM) and privileged access management (PAM). PIM involves the identification of administrative accounts, which already exist on systems, and the association of individual users with those accounts. PAM secures privileged credentials and ensures they are used in accordance with established policy. We also defined the term “privileged,”...

Five Tips for Protecting Privileged Access in DevOps and Cloud Environments

Rapid software development processes, IT automation, and the cloud enable organizations to respond more quickly to changing business demands. Increased agility brings greater risk, however. There are more opportunities for attackers to obtain privileged credentials that give them access to sensitive systems and data. Continuous integration and continuous delivery (CI/CD) processes require that DevOps teams have privileged access to...

Shifting Network Priorities Call for Zero Trust Security

“Trust no one.” That was one of the taglines for The X-Files, the popular science-fiction television series about FBI agents who investigate a series of bizarre, supernatural cases. It’s also becoming a mantra for modern network security Faced with relentless cyber threats and expanding attack vectors, network security pros have begun to embrace a “zero trust” model as an...

Overcoming “Segregation of Duties” Challenges in 2019 and Beyond

As growing numbers of users need access to more on-premises and cloud resources, identity and access management (IAM) has become increasingly challenging. It’s virtually impossible to keep up with access requests using manual processes, so errors are bound to creep in. This can lead to orphaned accounts that remain active after the user changes roles or leaves the organization,...

The Essential Role of Automation in Cybersecurity

IT teams are overstretched. Business units need new applications and services spun up faster than ever before. At the same time, IT must maintain an ever-larger and increasingly complex environment and ensure robust security. New threats and vulnerabilities emerge every day, and security alerts never seem to let up. That’s why automation has become an essential part of any...

Many Federal Agencies Are Struggling to Meet ICAM Requirements

In 2009, the federal government began development of the Identity, Credential, and Access Management (ICAM) architecture to address security weaknesses across agencies in the areas of user identification and authentication. Established by the Office of Management and Budget (OMB), the federal ICAM program provides guidance on IT policies, systems, and standards that help agencies monitor, manage, and secure access...

CyberArk Privileged Session Manager: The Modern “Jump Server”

In our last post, we discussed how multifactor authentication (MFA) can help secure privileged accounts. Adding a second factor of authentication, such as a physical ID card or fingerprint, can prevent hackers from using a stolen username and password to gain access to a privileged account. That’s why security experts recommend MFA and many government and industry regulations require...

New Study Highlights Security Risks of Digital Transformation

Organizations are rethinking their operational models, finding new solutions to problems, and enhancing the customer experience by integrating technology into everything they do. That’s the essence of digital transformation (DX). Rather than simply building on what you have with new technology, DX is intended to drive innovation and reinvent internal processes and the external markets you serve. The problem...

Automating Access Certification Reduces Risk and Improves Compliance

Access certification requires that managers regularly review their employees’ access to financial systems to validate that access privileges align with the employee’s job requirements. Many organizations have implemented access certification processes to comply with the Sarbanes-Oxley Act (SOX) of 2002. Because SOX mandates an annual evaluation of internal controls and procedures for maintaining the integrity of financial reporting, organizations...