Join IDSA
Join IDSA

Archives

  1. Mitigating the Risk of Social Engineering

    August 10th, 2020 by Jerod Brennen | Posted in Perspective | No Comments

    Peel back the layers of most enterprise data breaches, and credential theft will be at the center. For an attacker, user credentials are worth their weight in gold, and getting them means exploiting the weakest link in the chain of cybersecurity: people. Even in 2020, social engineering remains arguably the most reliable tool in an…

  2. New Technical Working Group Subcommittees Chartered to Expand Guidance for Identity and Security Professionals

    July 14th, 2020 by Asad Ali | Posted in Technical Working Groups | No Comments

    We’re excited to announce a significant expansion to our research and development efforts with the addition of 6 new Technical Working Group (TWG) subcommittees that encompass everything from the basics of best practices to innovations at the intersection of identity and security. Through our Technical Working Group, IDSA technology and solution provider members come together to…

  3. IAM Best Practices Blog Series: Protecting Active Directory

    June 17th, 2020 by Gil Kirkpatrick | Posted in Best Practices | No Comments

    The traditional network perimeter is vanishing, making identity the most important thread protecting the services, users, and machines that populate enterprise IT ecosystems. Attackers have realized that too, and the number of breaches involving credential theft continues to climb. At the center of the storm is Active Directory (AD). With its foundational role in enterprise…

  4. BYO[D] Doesn’t Have to Mean Bring Your Own [Vulnerability]

    June 1st, 2020 by Baber Amin | Posted in Best Practices | No Comments

    The Bring-Your-Own-Device (BYOD) model of operating has been a double-edged sword for IT professionals. On the one hand, it empowers and allows for business productivity. On the other hand, it continues to create a serious challenge for organizations as IT and security professionals find ways to enforce access control across a diverse ecosystem of mobile…

  5. Adapting the IDSA Framework to Keep Pace with Evolution of Identity and Security Industry

    May 14th, 2020 by Asad Ali | Posted in Best Practices | No Comments

    Today we are excited to announce the latest adaptation of the Identity Defined Security Framework, which offers practical, vendor-neutral guidance on how to achieve identity-centric security. The update is the culmination of numerous whiteboards, conference calls, and a two-day Technical Working Group workshop in San Francisco, where over 15 IDSA member companies came together to discuss…

  6. Research Shows How Forward Thinking Enterprises are Preventing Breaches

    May 14th, 2020 by Jeff Reich | Posted in Best Practices | No Comments

    Last fall we published our first research, the results of a survey of 511 security leaders, to get their perspective on identity, including importance and organizational challenges that might create added risk. We found explosive growth of identities in the last five years (half of the companies experienced five-fold growth in the past 10 years) and…

  7. Customer Advisory Board Conversations: Zero Trust and the Remote Workforce

    May 4th, 2020 by Jeff Reich | Posted in Customer Advisory Board, Perspective | No Comments

    Until the last 45 days, an organization’s industry, company culture and the role of an individual were the primary drivers behind remote working policies. However, recently we’ve seen an unprecedented shift to remote working due to the concerns over Covid-19. For some organizations it’s been relatively uneventful, for others it has been a monumental change…

  8. The Language of Identity: Bringing Everyone Together

    April 28th, 2020 by Richard Bird | Posted in Perspective | No Comments

    Everyone in computer science understands the importance of standardized programming languages, and yet, in conversations between security practitioners and IT infrastructure managers about identity, much seems to get lost in translation. Terms like authorization and authentication are often used interchangeably, but also have distinct meanings to different people. Say authentication to a security person, and…

  9. Zero Trust Myth Series: Leveraging Risk Analysis to Enhance Trust

    January 28th, 2020 by Torsten George | Posted in Perspective | No Comments

    Trust is a foundational part of personal relationships, and it is a foundational part of the digital relationships between employees, their devices, and the enterprise. However, the sad fact facing security professionals is that there are some insiders – whether they are disgruntled employees or external threat actors acting as legit users that penetrated the…

  10. Zero Trust Myth Series: Zero Trust is about Secure Access, Not Zero Access

    January 8th, 2020 by Torsten George | Posted in Perspective | No Comments

    Say the term Zero Trust, and there will be those that take the word zero to mean exactly that-zero, as in no trust at all. In reality, Zero Trust is about acknowledging that bad actors will make their way into an organization’s environment and building defenses with that idea in mind. This confusion is the…

« Previous EntriesNext Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA