Join IDSA
Join IDSA

Tag Archives: identity security

  1. Enterprise Password Management: A Secure Access Checklist

    December 29th, 2025 by Paul Hunter | Posted in Best Practices, How To Advice, Perspective |

    Tags: , , , , , , , , , , , ,

    This blog was originally published here IT Admins and CISOs in today’s enterprise environments face mounting challenges in managing passwords across sprawling user bases, applications, and devices. In industries like financial services, higher education, and energy, the stakes are even higher: a single compromised password can lead to data breaches, regulatory penalties, and reputational damage….

  2. CIO POV: What Am I Actually Supposed to Do with Agentic AI?

    December 16th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Security Outcomes |

    Tags: , , ,

    This blog was originally published here. For every enterprise CISO in the world right now, the burning question isn’t about cloud, TPRM, or internal threats. It’s about how to securely and responsibly adopt AI—specifically, agentic AI, the buzziest of today’s AI buzzwords. There’s no shortage of stats on skyrocketing adoption trends. Consider EY’s recent Technology Pulse Poll,…

  3. From AAA to Assurance: How the UK Telecoms Security Act Is Shaping Identity-Based Network Control

    October 31st, 2025 by Paul Hunter | Posted in News, Perspective, Research, Security Outcomes |

    Tags: , , , , , , , ,

    Introduction As CISOs, we often face regulations that seem far removed from the practical realities of running identity and access infrastructure. The UK’s Telecommunications Security Act (TSA) and its accompanying Code of Practice mark a significant shift in that dynamic. Identity and privileged access management are no longer back-office hygiene tasks; they are front-line compliance…

  4. Self Assessment: Modern Access Management Maturity

    October 30th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    To conclude this 5 part series on the importance of comprehensive and deliberate NHI governance, we are pleased to share this self assessment framework to help organizations understand where they are in their access management maturity journey. In case you missed it, here’s what we’ve covered so far: 1. Outnumbered and underprotected: the hidden risk…

  6. Close the NHI Governance Gap

    October 23rd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    We’ve spent the better part of the last decade tightening our grip on workforce authentication. SSO is widespread. MFA is table stakes. Access reviews, offboarding workflows, and role-based policies are now standard practice. It took time and iteration, but we got there.  Now it’s time to apply that same rigor to machine identities. The service…

  7. Start Governing NHIs by Managing Access, Not Credentials

    October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…

  8. Beyond Humans: Governing Machine Identity Access at Scale

    October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

    Tags: , , , , , , , , ,

    In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…

  9. 5 Reasons Disconnected Apps Are An Enterprise Risk You Can No Longer Ignore

    September 30th, 2025 by Paul Hunter | Posted in Best Practices, News, Perspective, Research |

    Tags: , , , ,

    Companies of every size depend on Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) to secure logins, enforce policies, and meet compliance requirements. These platforms are the backbone of modern identity security. But there’s a problem: they can only secure what they connect to. The apps that don’t…

  10. Identity Blind Spots on the Network Layer

    September 25th, 2025 by Paul Hunter | Posted in Perspective, Research, Security Outcomes |

    Tags: , , , , , , , , , , , ,

    Webinar Title: Zero Trust Falls Short Without Network Identity: Lessons from Salt Typhoon Date: October 1, 2025 Registration: Save your spot here Abstract Identity for users, applications, servers, and cloud has matured. Network devices are often the exception. Shared device accounts, SSH key sprawl, limited per-command authorization, and weak session evidence create a gap that…

Next Entries »
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.
Join the IDSA