Join IDSA
Join IDSA

Archives

  1. Why Modern MFA Keeps Failing and Why Assured Identity is the Next Security Frontier

    February 5th, 2026 by Paul Hunter | Posted in Best Practices, Perspective, Research, Security Outcomes |

    Tags: , , , , , ,

    Introduction For most of cybersecurity’s history, attackers were forced to break into systems. They exploited software vulnerabilities, bypassed perimeter defenses, and escalated privileges once inside. That model is increasingly obsolete. Today’s attackers log in. Credential theft, authentication workflow abuse, and real time session relay attacks have become the most reliable and scalable methods of compromise….

  2. Azure AI Studio and Azure OpenAI

    January 22nd, 2026 by Vaughn Camarda | Posted in Perspective |

    The rapid evolution of AI, particularly with powerful platforms like Azure AI Studio and Azure OpenAI, presents an exciting frontier for innovation. However, as I’ve explored in previous posts on Google Vertex and AWS Bedrock, this new landscape also introduces a complex web of identity and access management (IAM) challenges that security and identity teams…

  3. AI Is Emerging as the New Enterprise Middleware

    December 11th, 2025 by Paul Hunter | Posted in Perspective, Research |

    Tags: , , , ,

    In the 1990s, middleware was the muscle that made enterprise computing truly scalable. Before middleware, applications communicated with databases and back-end services directly using drivers like ODBC (Open Database Connectivity) or native SQL calls. This was simple but brittle, used shared secrets, and riddled with risks. It required developers to write custom code for every…

  4. Supply Chain of Trust Broken | What the Ribbon Communications Breach Tells Us About Identity at the Network Layer

    November 13th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Security Outcomes |

    Tags: , , , , , , , , ,

    Modern supply chains run on trust. In cybersecurity, trust is often our greatest exposure. The recent Ribbon Communications breach, reportedly the work of a nation-state actor operating undetected for nearly a year, highlights a pattern we’ve seen before with Salt Typhoon: patient, credential-driven infiltration of telecom and infrastructure ecosystems. These aren’t just data breaches. They…

  5. From AAA to Assurance: How the UK Telecoms Security Act Is Shaping Identity-Based Network Control

    October 31st, 2025 by Paul Hunter | Posted in News, Perspective, Research, Security Outcomes |

    Tags: , , , , , , , ,

    Introduction As CISOs, we often face regulations that seem far removed from the practical realities of running identity and access infrastructure. The UK’s Telecommunications Security Act (TSA) and its accompanying Code of Practice mark a significant shift in that dynamic. Identity and privileged access management are no longer back-office hygiene tasks; they are front-line compliance…

  6. Self Assessment: Modern Access Management Maturity

    October 30th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    To conclude this 5 part series on the importance of comprehensive and deliberate NHI governance, we are pleased to share this self assessment framework to help organizations understand where they are in their access management maturity journey. In case you missed it, here’s what we’ve covered so far: 1. Outnumbered and underprotected: the hidden risk…

  8. Close the NHI Governance Gap

    October 23rd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    We’ve spent the better part of the last decade tightening our grip on workforce authentication. SSO is widespread. MFA is table stakes. Access reviews, offboarding workflows, and role-based policies are now standard practice. It took time and iteration, but we got there.  Now it’s time to apply that same rigor to machine identities. The service…

  9. Start Governing NHIs by Managing Access, Not Credentials

    October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…

  10. Beyond Humans: Governing Machine Identity Access at Scale

    October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…

Next Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA