Tag: security

Five Tips for Protecting Privileged Access in DevOps and Cloud Environments

Rapid software development processes, IT automation, and the cloud enable organizations to respond more quickly to changing business demands. Increased agility brings greater risk, however. There are more opportunities for attackers to obtain privileged credentials that give them access to sensitive systems and data. Continuous integration and continuous delivery (CI/CD) processes require that DevOps teams have privileged access to...

Shifting Network Priorities Call for Zero Trust Security

“Trust no one.” That was one of the taglines for The X-Files, the popular science-fiction television series about FBI agents who investigate a series of bizarre, supernatural cases. It’s also becoming a mantra for modern network security Faced with relentless cyber threats and expanding attack vectors, network security pros have begun to embrace a “zero trust” model as an...

Many Federal Agencies Are Struggling to Meet ICAM Requirements

In 2009, the federal government began development of the Identity, Credential, and Access Management (ICAM) architecture to address security weaknesses across agencies in the areas of user identification and authentication. Established by the Office of Management and Budget (OMB), the federal ICAM program provides guidance on IT policies, systems, and standards that help agencies monitor, manage, and secure access...

Why Identity Governance Is Ripe for a “Shift Left” Approach

As organizations seek to bolster security and improve the user experience, the “Shift Left” movement is gaining steam. The term actually has a number of definitions, depending on context. In software development, where it originated, Shift Left refers to an approach in which testing is done earlier in the process — that is, it is shifted left on the...

Why Risk Analytics Is an Essential Component of Modern Identity Management

Risk management is a five-step process that always starts with identification. It’s common sense; you have to determine what risks are involved before you can evaluate, prioritize, mitigate, and monitor them. With identity and access management (IAM), however, identifying risks can be a difficult process. An enterprise with 1,000 employees and 25 IT systems that each have 10 levels...

PAM in 2019: Organizations Need Greater Visibility and More Granular Control

PAM 2019
Gartner’s Identity and Access Management (IAM) Summit was held Dec. 3-5 in Las Vegas, giving security pros an opportunity to discuss how the IAM landscape is evolving. Not surprisingly, privileged access management (PAM) was a focal point of the event. Organizations are struggling to implement effective PAM processes in light of growing numbers of users and devices, both internal...

How to Minimize the Risk of Local Admin Rights and Privileged Account Attacks

EPM
In our last post, we discussed the risks of granting administrator rights to end users at the workstation level. Local admin rights enable users — or hackers — to do whatever they want with a machine. An attacker who is able to obtain local admin credentials can launch a “pass-the-hash” attack, leveraging well-known Windows vulnerabilities to obtain higher-level privileged...

OAuth Is Convenient, But Is It Secure?

Clango
Earlier this year, a phishing attack targeting Google Docs abused OAuth to give hackers full access to victims’ Gmail accounts and contacts. Google blocked the attack within about an hour, but it might have affected as many as a million Gmail users. Here’s how it worked. The attackers got access to Google’s OAuth APIs by posing as legitimate third-party...

Identity Management Becoming Key to Mobile Security

Clango
Workers today spend more than a third of their time away from their desks, leveraging a mix of mobile devices and applications to access and share information and collaborate with others. While mobile devices give us unprecedented connectivity options, they also create significant security challenges. In a survey of 4,500 business users, the research firm Ovum found that 70...

Keystroke Cops: Authentication by Typing Patterns

Keystroke
In the early days of World War II, Army Signal Corps officers made a startling discovery about intercepted Nazi telegraph transmissions. Though they weren’t able to understand the messages, which were in an encrypted version of Morse code, they were able to determine that the “dots” and “dashes” came in highly distinctive speeds and rhythms. Using a methodology that...