Tag Archives: Zero trust

Start governing NHIs by managing access not credentials

October 16th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

Tags: access governance, Cloud Security, cyber resilience, DevSecOps, IAM, identity security, machine identities, Privileged Access, security leadership, Zero trust

This is part 3 in our series on non-human identity (NHI) governance. In this post, we focus on one of the most persistent risks in production infrastructure: static credentials and standing privilege. Static credentials are still at large in most environments and many enable dangerously over-permissioned and under-governed access to sensitive systems and data. API…
Beyond Humans: Governing Machine Identity Access at Scale

October 9th, 2025 by Paul Hunter | Posted in News, Perspective, Research |

Tags: access governance, Cloud Security, cyber resilience, DevSecOps, IAM, identity security, machine identities, Privileged Access, security leadership, Zero trust

In organizations today, every identity—human or machine—is a potential pivot point in an attack. Most progress in identity security has focused on authenticating people: SSO, MFA, admin lockdowns, automated provisioning. Important steps, but they only address half the identities accessing your systems. The other half—machines like CI/CD pipelines, service accounts, automation tools, AI agents, and…
Outnumbered and Underprotected: The Hidden Risk of Non-Human Identities

October 2nd, 2025 by Paul Hunter | Posted in News, Perspective, Research |

Tags: access management, automation security, cloud native, Cloud Security, DevSecOps, hybrid-cloud, Kubernetes Security, Least Privilege, machine identity, non human identity, Privileged Access, service accounts, Zero trust

Most security teams have focused their identity governance efforts on managing human access. You’ve got SSO in place. MFA is enforced. There’s a reasonably consistent process for onboarding and offboarding employees. You probably run access reviews on a quarterly basis and, if you’re further along, maybe you’ve deployed a PAM solution to protect privileged user…
Break Glass Accounts – Risk or Required

October 1st, 2025 by Paul Hunter | Posted in Best Practices, Perspective, Research |

Tags: Access Control, break glass accounts, Cyber Risk, cybersecurity, Data Protection, IAM, identity management, Incident Response, IT Security, MFA, Privileged Access, Resilience, Risk Management, Security Best Practices, Zero trust

We have all seen the sign, “In case of fire, break glass, and pull alarm.” While this necessary mitigating control for fire safety is explicitly known and present in almost every building, an analogy translates into the cybersecurity landscape as “break glass accounts.” In fact, few risk-mitigating controls stir as much debate among CISOs as…
Identity Blind Spots on the Network Layer

September 25th, 2025 by Paul Hunter | Posted in Perspective, Research, Security Outcomes |

Tags: access management, cybersecurity, identity security, IT Security, Kron, KronPAM, KronTech, PAM, Privileged Access, privileged access management, Web App, Web Security, Zero trust

Webinar Title: Zero Trust Falls Short Without Network Identity: Lessons from Salt Typhoon Date: October 1, 2025 Registration: Save your spot here Abstract Identity for users, applications, servers, and cloud has matured. Network devices are often the exception. Shared device accounts, SSH key sprawl, limited per-command authorization, and weak session evidence create a gap that…
Salt Typhoon: How Network Admin Paths Became Attack Paths

September 23rd, 2025 by Paul Hunter | Posted in News, Perspective, Security Outcomes |

Tags: access management, cybersecurity, identity security, IT Security, PAM, Privileged Access, privileged access management, Web App, Web Security, Zero trust

Webinar Title: Zero Trust Falls Short Without Network Identity: Lessons from Salt Typhoon Date: October 1, 2025 Registration: Save your spot here Abstract Salt Typhoon highlights how valid credentials and built in tools can turn network administration into an attacker highway. This post walks a likely attack chain in plain language and shows where identity…
4 Mindset Shifts for Making Zero Trust Work in the Real World

June 4th, 2025 by Paul Hunter | Posted in Best Practices |

Tags: AI, Disconnected Applications, IAM, IGA, Zero trust

This blog was originally published by Cerby here. Zero Trust has become one of the cybersecurity world’s most misunderstood buzzwords. In theory, it’s simple: never trust, always verify. In practice, it’s often reduced to a check-the-box product deployment or a single vendor’s promise to “solve” it for you. But Zero Trust is not something you…
Building Zero Trust Security Posture for Secure Privileged Access Management Journey

February 18th, 2025 by Vaughn-Shane Camarda | Posted in Best Practices, How To Advice |

Tags: IGA, ITDR, MFA, multi-factor authentication, PAM, privileged access management, Zero trust

This blog was originally posted by Arcon on their blog page. You can read the original here. Overview Today, we are experiencing a growing assortment of applications, systems, APIs, and data that is scattered across IT networks in distributed IT infrastructure and multi-cloud environments. This assortment of critical information is constantly at risk from unauthorized…

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.

Join the IDSA

Tag Archives: Zero trust

4 Mindset Shifts for Making Zero Trust Work in the Real World

Building Zero Trust Security Posture for Secure Privileged Access Management Journey

Recent Posts

Recent Comments

READY TO MAKE AN IMPACT?