Archives

  1. Mitigating the Risk of Social Engineering

    Peel back the layers of most enterprise data breaches, and credential theft will be at the center. For an attacker, user credentials are worth their weight in gold, and getting them means exploiting the weakest link in the chain of cybersecurity: people. Even in 2020, social engineering remains arguably the most reliable tool in an…

  2. New Technical Working Group Subcommittees Chartered to Expand Guidance for Identity and Security Professionals

    We’re excited to announce a significant expansion to our research and development efforts with the addition of 6 new Technical Working Group (TWG) subcommittees that encompass everything from the basics of best practices to innovations at the intersection of identity and security. Through our Technical Working Group, IDSA technology and solution provider members come together to…

  3. IAM Best Practices Blog Series: Protecting Active Directory

    The traditional network perimeter is vanishing, making identity the most important thread protecting the services, users, and machines that populate enterprise IT ecosystems. Attackers have realized that too, and the number of breaches involving credential theft continues to climb. At the center of the storm is Active Directory (AD). With its foundational role in enterprise…

  4. BYO[D] Doesn’t Have to Mean Bring Your Own [Vulnerability]

    The Bring-Your-Own-Device (BYOD) model of operating has been a double-edged sword for IT professionals. On the one hand, it empowers and allows for business productivity. On the other hand, it continues to create a serious challenge for organizations as IT and security professionals find ways to enforce access control across a diverse ecosystem of mobile…

  5. Adapting the IDSA Framework to Keep Pace with Evolution of Identity and Security Industry

    Today we are excited to announce the latest adaptation of the Identity Defined Security Framework, which offers practical, vendor-neutral guidance on how to achieve identity-centric security. The update is the culmination of numerous whiteboards, conference calls, and a two-day Technical Working Group workshop in San Francisco, where over 15 IDSA member companies came together to discuss…

  6. Research Shows How Forward Thinking Enterprises are Preventing Breaches

    Last fall we published our first research, the results of a survey of 511 security leaders, to get their perspective on identity, including importance and organizational challenges that might create added risk. We found explosive growth of identities in the last five years (half of the companies experienced five-fold growth in the past 10 years) and…

  7. Customer Advisory Board Conversations: Zero Trust and the Remote Workforce

    Until the last 45 days, an organization’s industry, company culture and the role of an individual were the primary drivers behind remote working policies. However, recently we’ve seen an unprecedented shift to remote working due to the concerns over Covid-19. For some organizations it’s been relatively uneventful, for others it has been a monumental change…

  8. The Language of Identity: Bringing Everyone Together

    Everyone in computer science understands the importance of standardized programming languages, and yet, in conversations between security practitioners and IT infrastructure managers about identity, much seems to get lost in translation. Terms like authorization and authentication are often used interchangeably, but also have distinct meanings to different people. Say authentication to a security person, and…

  9. Zero Trust Myth Series: Leveraging Risk Analysis to Enhance Trust

    Trust is a foundational part of personal relationships, and it is a foundational part of the digital relationships between employees, their devices, and the enterprise. However, the sad fact facing security professionals is that there are some insiders – whether they are disgruntled employees or external threat actors acting as legit users that penetrated the…

  10. Zero Trust Myth Series: Zero Trust is about Secure Access, Not Zero Access

    Say the term Zero Trust, and there will be those that take the word zero to mean exactly that-zero, as in no trust at all. In reality, Zero Trust is about acknowledging that bad actors will make their way into an organization’s environment and building defenses with that idea in mind. This confusion is the…

Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.