Tag: Identity

Automating Access Certification Reduces Risk and Improves Compliance

Access certification requires that managers regularly review their employees’ access to financial systems to validate that access privileges align with the employee’s job requirements. Many organizations have implemented access certification processes to comply with the Sarbanes-Oxley Act (SOX) of 2002. Because SOX mandates an annual evaluation of internal controls and procedures for maintaining the integrity of financial reporting, organizations...

Report: Billions of Malicious Login Attempts Each Month — and Growing

Intuit recently notified users of its TurboTax software that their accounts might have been compromised using username/password combinations obtained from another source — what’s known as a credential-stuffing attack. The company said the hackers might have obtained the names, Social Security numbers, dates of birth, driver’s license numbers, and financial information of those affected. In credential stuffing, hackers use...

Why Identity Governance Is Ripe for a “Shift Left” Approach

As organizations seek to bolster security and improve the user experience, the “Shift Left” movement is gaining steam. The term actually has a number of definitions, depending on context. In software development, where it originated, Shift Left refers to an approach in which testing is done earlier in the process — that is, it is shifted left on the...

The Growing Bot Army Creates Identity Management Challenges

If you think about it, humans spend a lot of time each day proving they’re not bots. We have to decipher the letters and numbers in a Captcha, choose the pictures that contain a bicycle, or simply check a box that says, “I am not a robot.” How did we get to this point? According to Oracle Dyn, bot...

Effective Privileged Account Management Requires Identity Governance

Privileged ID Governance
The typical enterprise has an ever-increasing number of privileged accounts to manage across on-premises and cloud environments. These privileged accounts extend outside the organization to contractors, business partners, and other third parties. Holders of privileged credentials access systems and data from a wide range of devices and diverse locations. Many systems and applications also use privileged credentials to access...

Is Blockchain the Answer to Identity Management?

Clango
The ideal in identity management is to have a single source of truth — one repository that holds a unique ID for each user and allows users to access all the resources they’re entitled to. Very few (if any) organizations have achieved this ideal. In most cases, users maintain multiple sets of credentials to log into various systems. Single...

What Is Privileged Session Management and Why Is It Important?

PSM
The critical first step in privileged account management (PAM) is to identify, consolidate, and lock down privileged credentials so only authorized users have access to them. However, this is only the first step. To be effective, PAM should include privileged session management as well as credential protection. Privileged session management is a security control involving the monitoring and recording...

Mature Identity Management Processes Equate to Reduced Security Risk

Clango
Identity and access management (IAM) is often approached tactically, as a means of giving users access to resources while minimizing IT operational overhead. The threat mitigation and risk management aspects of IAM are not prioritized, leaving gaps in the organization’s security strategy. Cybersecurity spending, which IDC says will reach $81.7 billion this year, remains heavily weighted toward network security...

The Benefits and Potential Pitfalls of IT Self-Service

Clango
Organizations are increasing their use of self-service tools to streamline help desk operations. Most IT self-service tools focus on the automation of manual processes related to password resets and other common identity management tasks. Given that approximately 80 percent of all help desk calls are related to password resets, self-service reduces the strain on the help desk and the...

Federated Identity Management: More than Single Sign-On

Clango
In a previous post, we discussed how lax password management is putting organizations at risk. A recent Ovum study found that most organizations rely on employee education and self-monitoring to ensure the use of strong passwords. Few organizations have automated tools for password management, creating a burden on employees and help desk personnel. Identity and access management (IAM) technology...