Join IDSA
Join IDSA

Archives

  1. The AI Agent Problem Nobody’s Talking About: Privileged Access for Non-Human Workers

    March 12th, 2026 by Vaughn-Shane Camarda | Posted in Perspective |

    The AI Agent Problem Nobody’s Talking About: Privileged Access for Non-Human Workers Every organization rushing to deploy AI agents is about to run into a problem that looks familiar but is actually something new. At first glance, this appears to be the same old mistake of providing users more access than required. However, upon closer…

  2. Close Hidden Gaps in Enterprise Password Management

    February 18th, 2026 by Vaughn-Shane Camarda | Posted in Best Practices, Perspective |

    This blog was originally published at this link. For compliance leaders and CIOs, password policy failures are often silent but dangerous. Across all industries, overlooked compliance gaps can quietly invite attackers into your enterprise. Even with robust enterprise password management tools, hidden cracks in your policies can undermine your entire security posture. It’s time to…

  3. The State of Identity Governance in 2026: Why Boards Think Access Is Under Control When It Isn’t

    February 11th, 2026 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , ,

    In many organizations, identity governance appears healthy at the executive level. Provisioning SLAs are met. Access reviews complete on time. Audit findings are addressed. Yet identity-related failures continue to surface in breach investigations, audit reports, and post-incident reviews. The issue is not that identity governance processes are inactive. It is that boards are typically shown…

  4. Azure AI Studio and Azure OpenAI

    January 22nd, 2026 by Vaughn Camarda | Posted in Perspective |

    The rapid evolution of AI, particularly with powerful platforms like Azure AI Studio and Azure OpenAI, presents an exciting frontier for innovation. However, as I’ve explored in previous posts on Google Vertex and AWS Bedrock, this new landscape also introduces a complex web of identity and access management (IAM) challenges that security and identity teams…

  5. Self Assessment: Modern Access Management Maturity

    October 30th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    To conclude this 5 part series on the importance of comprehensive and deliberate NHI governance, we are pleased to share this self assessment framework to help organizations understand where they are in their access management maturity journey. In case you missed it, here’s what we’ve covered so far: 1. Outnumbered and underprotected: the hidden risk…

  7. Close the NHI Governance Gap

    October 23rd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    We’ve spent the better part of the last decade tightening our grip on workforce authentication. SSO is widespread. MFA is table stakes. Access reviews, offboarding workflows, and role-based policies are now standard practice. It took time and iteration, but we got there.  Now it’s time to apply that same rigor to machine identities. The service…

  8. Identity and Access Management and Identity Governance Explained

    October 22nd, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Security Outcomes |

    Tags: , , , , , , , , ,

    Mitigating identity-related access risks is critical as organizations face evolving threats daily. As businesses shift to multi-cloud and hybrid environments, identity sprawl such as shadow IT and unmanaged SaaS apps has become a top attack vector. Identity and access management (IAM) and identity governance and administration (IGA) must now secure identities beyond corporate perimeters, spanning AWS, Azure, Google Cloud, and SaaS platforms…

  9. Start Governing NHIs by Managing Access, Not Credentials

    October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…

  10. Beyond Humans: Governing Machine Identity Access at Scale

    October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…

Next Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA