Peel back the layers of most enterprise data breaches, and credential theft will be at the center. For an attacker, user credentials are worth their weight in gold, and getting them means exploiting the weakest link in the chain of cybersecurity: people. Even in 2020, social engineering remains arguably the most reliable tool in an…
Archives
-
New Technical Working Group Subcommittees Chartered to Expand Guidance for Identity and Security Professionals
We’re excited to announce a significant expansion to our research and development efforts with the addition of 6 new Technical Working Group (TWG) subcommittees that encompass everything from the basics of best practices to innovations at the intersection of identity and security. Through our Technical Working Group, IDSA technology and solution provider members come together to…
-
IAM Best Practices Blog Series: Protecting Active Directory
The traditional network perimeter is vanishing, making identity the most important thread protecting the services, users, and machines that populate enterprise IT ecosystems. Attackers have realized that too, and the number of breaches involving credential theft continues to climb. At the center of the storm is Active Directory (AD). With its foundational role in enterprise…
-
Customer Advisory Board Conversations: Zero Trust and the Remote Workforce
Until the last 45 days, an organization’s industry, company culture and the role of an individual were the primary drivers behind remote working policies. However, recently we’ve seen an unprecedented shift to remote working due to the concerns over Covid-19. For some organizations it’s been relatively uneventful, for others it has been a monumental change…
-
The Language of Identity: Bringing Everyone Together
Everyone in computer science understands the importance of standardized programming languages, and yet, in conversations between security practitioners and IT infrastructure managers about identity, much seems to get lost in translation. Terms like authorization and authentication are often used interchangeably, but also have distinct meanings to different people. Say authentication to a security person, and…
-
Zero Trust Myth Series: Leveraging Risk Analysis to Enhance Trust
Trust is a foundational part of personal relationships, and it is a foundational part of the digital relationships between employees, their devices, and the enterprise. However, the sad fact facing security professionals is that there are some insiders – whether they are disgruntled employees or external threat actors acting as legit users that penetrated the…
-
Zero Trust Myth Series: Zero Trust is about Secure Access, Not Zero Access
Say the term Zero Trust, and there will be those that take the word zero to mean exactly that-zero, as in no trust at all. In reality, Zero Trust is about acknowledging that bad actors will make their way into an organization’s environment and building defenses with that idea in mind. This confusion is the…