Identity and access management

Identity is often considered the perimeter in infosec, especially as traditional enterprise perimeters dissolve. Identity and access management is critical to maintain data security. From passwords to multifactor authentication, SSO to biometrics, get the latest advice on IAM here.

Top Stories

News 27 Jun 2023
ChatGPT users at risk for credential theft

As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
News 14 Jun 2023
HashiCorp Vault trims SaaS; Boundary hooks up Enterprise

HashiCorp Vault's appeal to a broader field of users gets a boost from a new entry-level cloud service, while a new Boundary Enterprise targets the high end of the market. Continue Reading

News 13 Jun 2023

AWS launches EC2 Instance Connect Endpoint, Verified Permissions

At re:Inforce 2023, AWS launched a new service that allows customers to connect to their EC2 instances through SSH and RDP connections, removing the need for a public IP address. Continue Reading
Tip 08 Jun 2023

How to secure blockchain: 10 best practices

Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
Tip 07 Jun 2023

6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
News 16 May 2023

Coalition: Employee actions are driving cyber insurance claims

After analyzing cyber insurance claims data, Coalition determined that phishing escalated in 2022, ransomware dropped and timely patching remained a consistent problem. Continue Reading
News 10 May 2023

Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
Opinion 10 May 2023

2023 RSA Conference insights: Generative AI and more

Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
Feature 05 May 2023

How to implement principle of least privilege in Azure AD

Restricting users' permissions in Microsoft Azure AD to only what they need to complete their job helps secure and reduce the cloud attack surface. Continue Reading
News 03 May 2023

Google rolls out passkeys in service of passwordless future

Google referred to its new passkey option, which features facial recognition, fingerprint and PIN-based authentication, as 'the beginning of the end of the password.' Continue Reading
News 01 May 2023

1Password execs outline shift to passwordless authentication

1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
News 26 Apr 2023

CrowdStrike details new MFA bypass, credential theft attack

At RSA Conference 2023, CrowdStrike demonstrated an effective technique that a cybercrime group used in the wild to steal credentials and bypass MFA in Microsoft 365. Continue Reading
News 25 Apr 2023

Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
Tutorial 12 Apr 2023

How to create fine-grained password policy in AD

Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
Tutorial 12 Apr 2023

How to enable Active Directory fine-grained password policies

Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
Answer 12 Apr 2023

How to use a public key and private key in digital signatures

Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
Answer 11 Apr 2023

What are the Microsoft 365 password requirements?

When IT administrators manage passwords for Microsoft 365 accounts in Azure AD, they can deploy and remove critical policies that can improve overall security posture. Continue Reading
News 11 Apr 2023

FTX bankruptcy filing highlights security failures

Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets. Continue Reading
Tip 11 Apr 2023

Centralized vs. decentralized identity management explained

With decentralized identity, organizations can worry less about data security and privacy, while users get more control over their information. But it's not without challenges. Continue Reading
Feature 11 Apr 2023

How to use Azure AD Connect synchronization for hybrid IAM

Organizations face many challenges authenticating and authorizing users in hybrid infrastructures. One way to handle hybrid IAM is with Microsoft Azure AD Connect for synchronization. Continue Reading
Opinion 06 Apr 2023

Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
Tip 06 Apr 2023

Comparing enabled and enforced MFA in Microsoft 365

When managing Microsoft 365 authentication, IT admins may encounter the distinction between enabled and enforced MFA. Find out what those terms mean. Continue Reading
News 06 Apr 2023

119 arrested in Genesis Market takedown

The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania. Continue Reading
News 27 Mar 2023

Zoom launches Okta Authentication for E2EE to verify identity

Authenticated Zoom attendees will get a blue shield icon next to their participant name to give enterprises additional security during sensitive meetings. Continue Reading
News 09 Mar 2023

GitHub 2FA plan adds SMS, account lockout safeguards

GitHub has added SMS support and fresh account lockout prevention features to its phased rollout plans as it prepares to implement a 2FA requirement for accounts beginning Monday. Continue Reading
News 28 Feb 2023

LastPass breach tied to hack of engineer's home computer

LastPass said a threat actor hacked an employee's home computer to access a corporate password vault and steal decryption keys for its product backups and cloud storage resources. Continue Reading
Guest Post 23 Feb 2023

Web3 blockchain enables users to take control of identity

A centralized identity model creates security and privacy risks. Decentralized identity through Web3 could mitigate these risks, but companies must adapt to keep pace. Continue Reading
Feature 23 Feb 2023

Top incident response tools: How to choose and use them

The OODA loop can help organizations throughout the incident response process, giving insight into which tools are needed to detect and respond to security events. Continue Reading
Feature 21 Feb 2023

8 best password managers of 2023

A dedicated tool can help simplify password management and improve online security for individuals and enterprises alike. Continue Reading
Tip 16 Feb 2023

How to filter Security log events for signs of trouble

Certain accounts, such as company executives, will draw unwanted attention from hackers. Learn how to catch these targeted attacks by checking Windows event logs. Continue Reading
Tip 16 Feb 2023

Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
Opinion 03 Feb 2023

4 identity predictions for 2023

Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more. Continue Reading
Podcast 24 Jan 2023

Risk & Repeat: Another T-Mobile data breach disclosed

This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts. Continue Reading
News 24 Jan 2023

Customer data, encryption key stolen in GoTo breach

GoTo's breach update follows the recent disclosure made by GoTo subsidiary LastPass, which similarly lost significant sensitive customer data in a breach last year. Continue Reading
News 23 Jan 2023

Experts applaud expansion of Apple's E2E encryption

Amidst growing privacy concerns and data breach threats, Apple launched Advanced Data Protection for U.S. customers last month to secure almost all data stored in iCloud. Continue Reading
Opinion 20 Jan 2023

6 cybersecurity buzzwords to know in 2023

Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
Podcast 20 Jan 2023

Risk & Repeat: Breaking down the LastPass breach

This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager. Continue Reading
News 18 Jan 2023

LastPass faces mounting criticism over recent breach

LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. Continue Reading
Feature 05 Jan 2023

Windows security tips for the enterprise

Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
Podcast 21 Dec 2022

Risk & Repeat: OT security progress, threats in 2022

This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape. Continue Reading
Tip 20 Dec 2022

What enumeration attacks are and how to prevent them

Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
News 19 Dec 2022

The state of OT security: a rapidly evolving landscape

Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount. Continue Reading
Feature 19 Dec 2022

11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
News 15 Dec 2022

Google drops TrustCor certificates as questions loom

Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors. Continue Reading
Tip 13 Dec 2022

What are the differences between su and sudo commands?

Linux administrators have choices when deciding how to delegate privileges. Learn about the options they can take while ensuring their operations remain secure. Continue Reading
Tip 06 Dec 2022

How to implement least privilege access in the cloud

More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
Tutorial 06 Dec 2022

How to use the Hydra password-cracking tool

Need help brute-forcing passwords? Get started by learning how to use the open source Hydra tool with these step-by-step instructions and companion video. Continue Reading
News 22 Nov 2022

Google's new YARA rules fight malicious Cobalt Strike use

Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted. Continue Reading
News 17 Nov 2022

CISA: Iranian APT actors compromised federal network

CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access. Continue Reading
News 15 Nov 2022

Twitter users experience apparent SMS 2FA disruption

The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed. Continue Reading
Feature 08 Nov 2022

5 ways to overcome multifactor authentication vulnerabilities

Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
Tip 26 Oct 2022

Why it's time to expire mandatory password expiration policies

Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security. Continue Reading
Tip 24 Oct 2022

6 ways to prevent privilege escalation attacks

Privileges dictate the access a user or device gets on a network. Hackers who access these privileges can create tremendous damage. But there are ways to keep your networks safe. Continue Reading
Feature 14 Oct 2022

How Jamf zero trust can improve Apple device security

Jamf is supporting zero trust with new features across its suite of Mac management software. The proliferation of remote work has made this security model more important. Continue Reading
Tip 12 Oct 2022

An overview of the CISA Zero Trust Maturity Model

A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
Tip 07 Oct 2022

Perimeter security vs. zero trust: It's time to make the move

Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
Opinion 29 Sep 2022

Multifactor authentication isn't perfect, passwordless is better

Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy. Continue Reading
Tip 28 Sep 2022

Why zero trust requires microsegmentation

Microsegmentation is a key security technique that enables organizations to achieve a zero-trust model and helps ensure the security of workloads regardless of where they are located. Continue Reading
News 21 Sep 2022

Cybercriminals launching more MFA bypass attacks

New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
News 19 Sep 2022

Rockstar Games confirms hack after 'Grand Theft Auto' leak

A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games. Continue Reading
News 16 Sep 2022

Uber responds to possible breach following hacker taunts

Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network. Continue Reading
News 14 Sep 2022

Consumer data needs better protection by government

Though legislation is before Congress that would address data privacy, it may not set clear enough guidelines or give individuals enough control. Continue Reading
News 14 Sep 2022

Data privacy concerns grow as legislation lags

While healthcare and financial data are protected by federal legislation, individuals have little control over how consumer data is collected and used. Continue Reading
News 13 Sep 2022

Secureworks reveals Azure Active Directory flaws

Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
News 01 Sep 2022

Researcher unveils smart lock hack for fingerprint theft

An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Tutorial 30 Aug 2022

Learn to monitor group memberships with PowerShell

Use PowerShell automation to build reports in local group memberships on a server and security groups in Active Directory to keep tabs on any irregular behavior. Continue Reading
Tip 18 Aug 2022

What is identity sprawl and how can it be managed?

With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed. Continue Reading
Tip 15 Aug 2022

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
Opinion 11 Aug 2022

Why 2023 is the year of passwordless authentication

Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
Feature 11 Aug 2022

What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
News 10 Aug 2022

Ermetic addresses IAM weaknesses in multi-cloud environments

Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
Feature 08 Aug 2022

Passkey vs. password: What is the difference?

Companies are turning to passkeys as a secure login for consumers. Passkeys make it more difficult for thieves to steal information, and they are also more convenient for users. Continue Reading
News 03 Aug 2022

Amazon CSO Steve Schmidt preaches fungible resources, MFA

In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
News 03 Aug 2022

Thoma Bravo to acquire Ping Identity for $2.8B

Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday. Continue Reading
Tip 27 Jul 2022

SSH2 vs. SSH1 and why SSH versions still matter

The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
News 26 Jul 2022

AWS issues MFA call to action at re:Inforce 2022

To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
Tip 22 Jul 2022

Top 10 enterprise data security best practices

To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
Feature 08 Jul 2022

Top 7 types of data security technology

These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
Tip 24 Jun 2022

How to fit customer experience security into your strategy

Most organizations overlook security in their CX strategies. However, with collaboration, personalization, CIAM controls and more, organizations can offer a secure and positive CX. Continue Reading
News 23 Jun 2022

Access management issues may create security holes

Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches. Continue Reading
News 15 Jun 2022

Microsoft takes months to fix critical Azure Synapse bug

Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
Feature 10 Jun 2022

3 types of PKI certificates and their use cases

Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases. Continue Reading
Answer 09 Jun 2022

Are 14-character minimum-length passwords secure enough?

When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe. Continue Reading
News 08 Jun 2022

SANS lists bad backups, cloud abuse as top cyberthreats

A panel of experts from the SANS Institute took the stage at RSA Conference 2022 to weigh in on some of the biggest threats and risks facing security teams. Continue Reading
News 07 Jun 2022

Microsoft details zero-trust transition, challenges

Over the past three years, Microsoft has moved to a zero-trust framework. Security engineers outlined the transition and its challenges during a session at RSA Conference 2022. Continue Reading
Tutorial 02 Jun 2022

Improve Azure storage security with access control tutorial

These step-by-step guidelines detail how to grant limited access in Microsoft Azure storage. This best practice helps keep storage secure from internal and external threats. Continue Reading
News 24 May 2022

MFA technology is rapidly evolving -- are mandates next?

The evolving landscapes of both the modern workplace and cyberthreats have paved the way for some organizations to require multifactor authentication protection. Will others join? Continue Reading
Feature 20 May 2022

Apple, Microsoft, Google expand FIDO2 passwordless support

Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
News 19 May 2022

Small businesses under fire from password stealers

Kaspersky researchers tracked notable increases in password-stealing Trojans, RDP attacks and other cyberthreats against small businesses in various countries. Continue Reading
Guest Post 17 May 2022

5 steps to ensure a successful access management strategy

Access management is top of mind for organizations, especially in the hybrid workspace. Follow these five steps to create an access management strategy that benefits all users. Continue Reading
News 28 Apr 2022

Lapsus$ targeting SharePoint, VPNs and virtual machines

From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
Feature 27 Apr 2022

Why companies should focus on preventing privilege escalation

If attackers can elevate privileges once inside a system, their access can be unlimited. Discover common privilege escalation techniques and how to mitigate them. Continue Reading
News 18 Apr 2022

Stolen OAuth tokens lead to 'dozens' of breached GitHub repos

Stolen OAuth tokens issued to Heroku and Travis CI were used to download data from the private repositories of 'dozens of organizations,' including GitHub subsidiary npm. Continue Reading
News 14 Apr 2022

VMware Workspace One flaw actively exploited in the wild

Multiple threat intelligence providers have detected threat activity related to the VMware Workspace One flaw, including cryptocurrency mining activity. Continue Reading
Tutorial 14 Apr 2022

Get started with Azure AD entitlement management automation

Identity governance tasks in Azure Active Directory can be overwhelming, but understanding how to use Microsoft Graph and PowerShell to work with these settings will help. Continue Reading
Tip 07 Apr 2022

5 key elements of data tenancy

Data tenancy is a key piece of any data protection scheme and can be crafted around five building blocks to provide safe, secure data access to users. Continue Reading
Feature 06 Apr 2022

How secure are one-time passwords from attacks?

Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs. Continue Reading
Feature 04 Apr 2022

How to implement OpenID Connect for single-page applications

The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
Feature 04 Apr 2022

How to use OpenID Connect for authentication

OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
News 22 Mar 2022

Lapsus$ hacking group hit authentication vendor Okta

Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
News 08 Mar 2022

Researchers uncover vulnerabilities in APC Smart-UPS devices

Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading

1
2
3
4
5

Networking

Cisco to add SamKnows broadband visibility to ThousandEyes
The SamKnows One dashboard for service providers displays data from home routers and mobile devices. The information helps to ...
10 edge computing quiz questions
Edge computing isn't new, but it has grown in popularity due to 5G and the influx of IoT devices. This quiz covers edge computing...
What's shaping the future of wireless networking technology?
Cloud-managed Wi-Fi, radio spectrum expansion and the hybrid workplace are some of the converging developments that are ...

CIO

8 blockchain-as-a-service providers to have on your radar
You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary...
Ultimate guide to digital transformation for enterprise leaders
This in-depth guide explains what digital transformation is, why it is important and how enterprises can successfully transition ...
How to become a smart contract developer
Blockchain fundamentals, programming knowledge, security awareness, and experience in testing and debugging are among the major ...

Enterprise Desktop

Is AppleCare+ worth it for enterprise organizations?
AppleCare is a useful limited warranty that comes with all Apple devices, but some organizations should consider the benefits of ...
Deploying Intune's Microsoft configuration manager console
Organizations looking to deploy Microsoft Configuration Manager console must make sure to set up this platform correctly and ...
4 PC lifecycle management best practices
There isn't a perfect PC lifecycle plan for all organizations, so IT teams and management should ask themselves these four ...

Cloud Computing

HPE bets big on public cloud offering for AI
HPE is entering the AI public cloud provider market -- but is it ready? Read more about its AI offerings for HPE GreenLake and ...
Refining HPE GreenLake as it sets its sights on everything
HPE's Bryan Thompson talks about how HPE GreenLake has become synonymous with the brand, and looks to its future and how the ...
Are AWS Local Zones right for my low-latency app?
AWS offers its customers several options to minimize application latency. Let's look at the role AWS Local Zones can play in ...

ComputerWeekly.com

IT Sustainability Think Tank: Making sense of the changing green IT regulatory landscape
There is an ever-growing list of rules and regulations for enterprises to get their heads around when it comes to sustainability,...
Navigating cyber security under ChatGPT
Balancing the risk and reward of ChatGPT – as a large language model (LLM) and an example of generative AI – begins by performing...
NHS England signs five-year Microsoft 365 contract
Hot on the heels of its earlier deployment of Microsoft Teams, NHS England is now going all-in on the rest of the software giant’...

Close