Join IDSA
Join IDSA

Archives

  1. CIO POV: What Am I Actually Supposed to Do with Agentic AI?

    December 16th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Security Outcomes |

    Tags: , , ,

    This blog was originally published here. For every enterprise CISO in the world right now, the burning question isn’t about cloud, TPRM, or internal threats. It’s about how to securely and responsibly adopt AI—specifically, agentic AI, the buzziest of today’s AI buzzwords. There’s no shortage of stats on skyrocketing adoption trends. Consider EY’s recent Technology Pulse Poll,…

  2. AI Is Emerging as the New Enterprise Middleware

    December 11th, 2025 by Paul Hunter | Posted in Perspective, Research |

    Tags: , , , ,

    In the 1990s, middleware was the muscle that made enterprise computing truly scalable. Before middleware, applications communicated with databases and back-end services directly using drivers like ODBC (Open Database Connectivity) or native SQL calls. This was simple but brittle, used shared secrets, and riddled with risks. It required developers to write custom code for every…

  3. The Rise of Agentic AI Security

    December 8th, 2025 by Paul Hunter | Posted in News, Perspective, Research, Security Outcomes |

    Tags: , ,

    Here at IDSA, we have the pleasure of hosting the second annual NHIcon by member company Aembit. You will hear more from us on this as we get into the new year. For now, let’s give you a sneak peek of some of what you will see at NHIcon 2026 on January 27, 2026. For…

  4. Eliminate Static Credentials: Just-in-Time SSH/Sudo Access to Virtual Machines

  5. Zero Trust and Identity: Evolving from Humans to AI

  6. Self Assessment: Modern Access Management Maturity

    October 30th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    To conclude this 5 part series on the importance of comprehensive and deliberate NHI governance, we are pleased to share this self assessment framework to help organizations understand where they are in their access management maturity journey. In case you missed it, here’s what we’ve covered so far: 1. Outnumbered and underprotected: the hidden risk…

  7. Close the NHI Governance Gap

    October 23rd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    We’ve spent the better part of the last decade tightening our grip on workforce authentication. SSO is widespread. MFA is table stakes. Access reviews, offboarding workflows, and role-based policies are now standard practice. It took time and iteration, but we got there.  Now it’s time to apply that same rigor to machine identities. The service…

  8. Start Governing NHIs by Managing Access, Not Credentials

    October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…

  9. Red Hat’s GitLab Breach and the Cost of Embedded Credentials

    October 14th, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research, Security Outcomes |

    Tags: , , ,

    Open-source software giant Red Hat has confirmed that one of its GitLab instances, dedicated to consulting engagements, was breached. The attackers, a group calling itself “Crimson Collective,” claim to have taken nearly 28,000 private repositories and roughly 800 Customer Engagement Reports (CERs). CERs often contain detailed records of client environments – network diagrams, configuration data,…

  10. Beyond Humans: Governing Machine Identity Access at Scale

    October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…

« Previous EntriesNext Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA