Join IDSA
Join IDSA

Archives

  1. Start Governing NHIs by Managing Access, Not Credentials

    October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…

  2. Red Hat’s GitLab Breach and the Cost of Embedded Credentials

    October 14th, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research, Security Outcomes |

    Tags: , , ,

    Open-source software giant Red Hat has confirmed that one of its GitLab instances, dedicated to consulting engagements, was breached. The attackers, a group calling itself “Crimson Collective,” claim to have taken nearly 28,000 private repositories and roughly 800 Customer Engagement Reports (CERs). CERs often contain detailed records of client environments – network diagrams, configuration data,…

  3. Beyond Humans: Governing Machine Identity Access at Scale

    October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…

  4. Outnumbered and Underprotected: The Hidden Risk of Non-Human Identities

    October 2nd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , , , , ,

    Most security teams have focused their identity governance efforts on managing human access. You’ve got SSO in place. MFA is enforced. There’s a reasonably consistent process for onboarding and offboarding employees. You probably run access reviews on a quarterly basis and, if you’re further along, maybe you’ve deployed a PAM solution to protect privileged user…

  5. 2025’s Identity Security Storm: AI, IoT and Emerging Threats

    August 20th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Research, Security Outcomes |

    Tags: , , , , , , ,

    This blog was originally published by Bravura Security here. A stark reality faces modern enterprises: 94% of cyber attacks now specifically target identity systems, not traditional network defenses. As threats rapidly evolve, organizations struggling with fragmented identity and access management (IAM), privileged and access management (PAM), and password management architectures face increasing risk from sophisticated…

  6. Non-Human Identities: The unseen workforce driving AI-era security

    August 19th, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research |

    This blog was originally published by iDMig here. Non-human identities (NHIs) are front and center Throughout the conferences I’ve attended, and those I had the privilege to present in 2024 and 2025, one key takeaway from all is the explosive growth of non-human identities. These identities have been around for decades to be sure, primarily…

  7. How to Prevent $4M Breaches with Unified IAM and PAM Defense

    August 5th, 2025 by Paul Hunter | Posted in Best Practices, How To Advice, Perspective |

    Tags: , ,

    The identity security landscape has reached a critical tipping point. As AI-powered attack tools become readily available, attackers target identity credentials and privileged access with unprecedented sophistication and scale. Traditional fragmented security approaches are crumbling under the weight of automated threats that can simultaneously exploit both identity and privilege vulnerabilities.  According to EMA Research, the…

  8. Identity and Access Management in the AI Era: 2025 Guide

    April 29th, 2025 by Vaughn Camarda | Posted in Best Practices, Perspective |

    The enterprise technology landscape is experiencing a remarkable transformation that will fundamentally change how organizations approach identity and access management. AI industry leaders such as Sam Altman of OpenAI, and Jensen Huang of NVIDIA, have predicted that by 2025, AI agents will become integral members of the corporate workforce. For IAM leaders, this transformation represents…

  9. Top Cybersecurity Trends & Predictions: A Look Into 2025 & Beyond

  10. Identity Security and AI: Access Requests and Provisioning

    January 30th, 2022 by AI and ML TWG | Posted in Technical Working Groups | No Comments

    In a blog published in October (Identity Security and Artificial Intelligence), as part of #BeIdentitySmart week, the AI/ML Technical Working Group subcommittee outlined a blog series that will explore how Artificial Intelligence and Machine Learning are being utilized today, and how they can be used in the future to provide organizations with more effective Identity Security….

« Previous EntriesNext Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA