Join IDSA
Join IDSA

Tag Archives: IAM

  1. Supply Chain of Trust Broken | What the Ribbon Communications Breach Tells Us About Identity at the Network Layer

    November 13th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Security Outcomes |

    Tags: , , , , , , , , ,

    Modern supply chains run on trust. In cybersecurity, trust is often our greatest exposure. The recent Ribbon Communications breach, reportedly the work of a nation-state actor operating undetected for nearly a year, highlights a pattern we’ve seen before with Salt Typhoon: patient, credential-driven infiltration of telecom and infrastructure ecosystems. These aren’t just data breaches. They…

  2. Self Assessment: Modern Access Management Maturity

    October 30th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    To conclude this 5 part series on the importance of comprehensive and deliberate NHI governance, we are pleased to share this self assessment framework to help organizations understand where they are in their access management maturity journey. In case you missed it, here’s what we’ve covered so far: 1. Outnumbered and underprotected: the hidden risk…

  3. Close the NHI Governance Gap

    October 23rd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    We’ve spent the better part of the last decade tightening our grip on workforce authentication. SSO is widespread. MFA is table stakes. Access reviews, offboarding workflows, and role-based policies are now standard practice. It took time and iteration, but we got there.  Now it’s time to apply that same rigor to machine identities. The service…

  4. From Chatbots to Agents: The Evolution Toward Agentic AI

    October 21st, 2025 by Paul Hunter | Posted in News, Perspective, Research, Security Outcomes |

    Tags: , , , , ,

    The chatbot that once asked “Press 1 for billing” can now autonomously process your refund, update your account, and schedule a follow-up call. What we’re witnessing is the fourth major evolution in AI-human interaction, from rigid rule-following systems to autonomous agents that can reason, adapt, and take action across complex workflows. This progression from rule-based…

  5. Start Governing NHIs by Managing Access, Not Credentials

    October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…

  6. Beyond Humans: Governing Machine Identity Access at Scale

    October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…

  7. Break Glass Accounts – Risk or Required

    October 1st, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research |

    Tags: , , , , , , , , , , , , , ,

    We have all seen the sign, “In case of fire, break glass, and pull alarm.” While this necessary mitigating control for fire safety is explicitly known and present in almost every building, an analogy translates into the cybersecurity landscape as “break glass accounts.” In fact, few risk-mitigating controls stir as much debate among CISOs as…

  8. 5 Reasons Disconnected Apps Are An Enterprise Risk You Can No Longer Ignore

    September 30th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Research |

    Tags: , , , ,

    Companies of every size depend on Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) to secure logins, enforce policies, and meet compliance requirements. These platforms are the backbone of modern identity security. But there’s a problem: they can only secure what they connect to. The apps that don’t…

  9. Do Your CI/CD Pipelines Need Identities? Yes.

    September 4th, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research, Security Outcomes |

    Tags: , , , , , ,

    If one principal can do anything, one mistake can undo everything. I’ve read too many incident reviews where the “automation user” turned out to be the attacker’s best friend. One token. All the doors. Code, artifacts, production. We built CI/CD to go fast. We accidentally made it the fastest path to a breach. Just like…

  10. How Convergent Identity-Based Security Reduces Risk, Increases Efficiency

    August 26th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Research |

    Tags: , , , , ,

    This blog was originally published by Bravura Security here.   In an era where 80% of data breaches involve compromised credentials and privilege escalation, traditional identity and access management (IAM) and privileged access management solutions (PAM) solutions are falling behind. While organizations have invested millions in layered implementations rooted in traditional enterprise approaches, these solutions…

Next Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA