Join IDSA
Join IDSA

Archives

  1. The AI Agent Problem Nobody’s Talking About: Privileged Access for Non-Human Workers

    March 12th, 2026 by Vaughn-Shane Camarda | Posted in Perspective |

    The AI Agent Problem Nobody’s Talking About: Privileged Access for Non-Human Workers Every organization rushing to deploy AI agents is about to run into a problem that looks familiar but is actually something new. At first glance, this appears to be the same old mistake of providing users more access than required. However, upon closer…

  2. Close Hidden Gaps in Enterprise Password Management

    February 18th, 2026 by Vaughn-Shane Camarda | Posted in Best Practices, Perspective |

    This blog was originally published at this link. For compliance leaders and CIOs, password policy failures are often silent but dangerous. Across all industries, overlooked compliance gaps can quietly invite attackers into your enterprise. Even with robust enterprise password management tools, hidden cracks in your policies can undermine your entire security posture. It’s time to…

  3. Why Modern MFA Keeps Failing and Why Assured Identity is the Next Security Frontier

    February 5th, 2026 by Paul Hunter | Posted in Best Practices, Perspective, Research, Security Outcomes |

    Tags: , , , , , ,

    Introduction For most of cybersecurity’s history, attackers were forced to break into systems. They exploited software vulnerabilities, bypassed perimeter defenses, and escalated privileges once inside. That model is increasingly obsolete. Today’s attackers log in. Credential theft, authentication workflow abuse, and real time session relay attacks have become the most reliable and scalable methods of compromise….

  4. Enterprise Password Management for the Breach Era

    January 23rd, 2026 by Paul Hunter | Posted in Best Practices, Perspective, Security Outcomes |

    Tags: , , , , , , , , ,

    This blog was originally published here. Credential breaches are a top concern for IT Directors and CISOs across every industry. When attackers compromise user credentials at scale, the ability to reset passwords quickly and securely becomes mission-critical. Yet, most enterprises still rely on legacy password reset tools—solutions that were never designed for the speed, scale,…

  5. Enterprise Password Management: A Secure Access Checklist

    December 29th, 2025 by Paul Hunter | Posted in Best Practices, How To Advice, Perspective |

    Tags: , , , , , , , , , , , ,

    This blog was originally published here IT Admins and CISOs in today’s enterprise environments face mounting challenges in managing passwords across sprawling user bases, applications, and devices. In industries like financial services, higher education, and energy, the stakes are even higher: a single compromised password can lead to data breaches, regulatory penalties, and reputational damage….

  6. AI Is Emerging as the New Enterprise Middleware

    December 11th, 2025 by Paul Hunter | Posted in Perspective, Research |

    Tags: , , , ,

    In the 1990s, middleware was the muscle that made enterprise computing truly scalable. Before middleware, applications communicated with databases and back-end services directly using drivers like ODBC (Open Database Connectivity) or native SQL calls. This was simple but brittle, used shared secrets, and riddled with risks. It required developers to write custom code for every…

  7. Supply Chain of Trust Broken | What the Ribbon Communications Breach Tells Us About Identity at the Network Layer

    November 13th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Security Outcomes |

    Tags: , , , , , , , , ,

    Modern supply chains run on trust. In cybersecurity, trust is often our greatest exposure. The recent Ribbon Communications breach, reportedly the work of a nation-state actor operating undetected for nearly a year, highlights a pattern we’ve seen before with Salt Typhoon: patient, credential-driven infiltration of telecom and infrastructure ecosystems. These aren’t just data breaches. They…

  8. From AAA to Assurance: How the UK Telecoms Security Act Is Shaping Identity-Based Network Control

    October 31st, 2025 by Paul Hunter | Posted in News, Perspective, Research, Security Outcomes |

    Tags: , , , , , , , ,

    Introduction As CISOs, we often face regulations that seem far removed from the practical realities of running identity and access infrastructure. The UK’s Telecommunications Security Act (TSA) and its accompanying Code of Practice mark a significant shift in that dynamic. Identity and privileged access management are no longer back-office hygiene tasks; they are front-line compliance…

  9. Identity and Access Management and Identity Governance Explained

    October 22nd, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Security Outcomes |

    Tags: , , , , , , , , ,

    Mitigating identity-related access risks is critical as organizations face evolving threats daily. As businesses shift to multi-cloud and hybrid environments, identity sprawl such as shadow IT and unmanaged SaaS apps has become a top attack vector. Identity and access management (IAM) and identity governance and administration (IGA) must now secure identities beyond corporate perimeters, spanning AWS, Azure, Google Cloud, and SaaS platforms…

  10. Red Hat’s GitLab Breach and the Cost of Embedded Credentials

    October 14th, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research, Security Outcomes |

    Tags: , , ,

    Open-source software giant Red Hat has confirmed that one of its GitLab instances, dedicated to consulting engagements, was breached. The attackers, a group calling itself “Crimson Collective,” claim to have taken nearly 28,000 private repositories and roughly 800 Customer Engagement Reports (CERs). CERs often contain detailed records of client environments – network diagrams, configuration data,…

Next Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA