Identity Management & Cybersecurity News | 5.31.2018

Posted: 
May. 31st, 2018

How IAM can help move the finish line for hackers  data security

Identity and access management can be leveraged by an enterprise to secure a network that might already be compromised. Here's how...If I could distill the goals of IAM down, I would liken them to the Yin and Yang of simple identity management and security.  On one hand, we leverage IAM solutions so that we can make sure the business can remain agile, user requests are handled automatically, and accounts are provisioned and deprovisioned in target systems quickly and efficiently.  And on the other hand, IAM is leveraged to create a framework for security.  Both can be viewed as the primary purpose for IAM, but we’re going to be focusing on security here.  While there is a virtual buffet of solutions to consider, it’s important to first take a look at two core concepts in IAM security and how they move the goal posts for attackers out of reach.  Read more...

 

Feeling secure enough to use open source for IAM projects

As identity and access management (IAM) systems grow and reach out to a wider audience, performing more critical online transactions, they will require increased functionality. Using open source software is a great way to plug functional gaps in a cost-effective and quick to market manner; it gives a solution architect and their team a much needed “bag o’ tools’ to play with. This toolset is even more crucial in a complex customer IAM system – customer IAM system need to have multiple additional parts to manage everything from omnichannel communications to myriad verification calls by third parties. Read more...

 

The Inadvertent Insider Threat: A CISO Confronts a Breach From Within

Fortunately for security leaders in the real world, the story doesn’t have to end this way. To avoid a public relations fiasco and frustrating forensic investigation, Marie could have done a number of things differently. First, her agency could have leveraged identity and access management (IAM) services to manage identity governance and technology deployment. Then, there wouldn’t have been a credentials-based nightmare.  In addition, Marie could have used a mainframe security solution to effectively delegate and automate the CISO’s constantly expanding role. She could have also monitored employee behaviors with user behavior analytics (UBA) and insider threat protection tools. Deploying a data protection solution would have helped her keep tabs on high-risk behavior in real time. Plus, a resiliency and compliance platform would have allowed her to restrict attempts to change configurations with a resiliency and compliance platform. Read more...

 

Your security: Ever considered you might be looking in the wrong place?

Identity management lies at the center of security today. It is a much larger and more complex problem than just giving employees access to apps, systems and data – it’s about managing and governing the digital identities that get access to sensitive data whether it resides in systems, cloud apps, or in files and folders. Identity goes beyond the network, tying into both endpoint and network security to ensure that all of the pieces of an organization’s security infrastructure work together. Read more...

 

GDPR: How to make sure your business is ready

Compliance also needs to go broader than it previously has and must cover the whole solution set. With the increasing number of ways people communicate about business today through messaging platforms, social media and email, the amount of unstructured data continues to expand, and data goes just about anywhere. Businesses can no longer approach security by simply setting up a wall to protect their structured data from the outside world.  Whereas achieving 90 percent compliance may have previously been acceptable, under GDPR compliance requirements will be a lot stricter. Companies who previously focused on simply passing an audit and securing the perimeters of their network must shift their approach.  Read more...

 

Keep Your Data Secure with a Layered Approach

Protecting the data can include identity and access management to control who accesses the data and what they can access. First, you must know what data you have and what components of that data need a higher level of protection. Second, you need rights management to establish who can view, update, create, and delete data of certain levels of security and sensitivity. Finally, you need a way to authorize and verify who a person is so they can receive the appropriate level of access rights. These fundamentals of identity and access management become a protective layer around your data. Read more...

 

Identity and access management tools add AI, microservices

Identity and access management tools can also use analytics to more precisely determine when they actually need multifactor authentication (MFA) and cut down on its usage to improve the user experience. For example, an IAM system can evaluate attributes such as user location, device fingerprint and IP address and automatically grant access if the combination is low risk. An insurance company that deployed this functionality reduced its employees' usage of MFA and passwords by 90%.  Read more...

 

Author Information