Tag: Access

How CIAM Creates a 360-Degree View of the Customer

CIAM
Each of us has multiple identities — personal, consumer, business-related, etc. To his family, a man might simply be “Sam,” but to his employer, Sam is a complex array of user IDs, passwords, and access privileges. Identity and access management (IAM) provides a disciplined approach for the creation, maintenance, and use of those digital identities. It integrates business processes...

Federated Identity Management Extends Control Across Hybrid Environments

ID Management
The continued adoption of Software-as-a-Service (SaaS) solutions and other cloud-based services has blurred the concept of the network perimeter. At the same time, organizations have become increasingly dependent on partners who span supply chains, brokers, and other networks. These distributed computing models have created new challenges for identity and access management (IAM) solutions, which provide a framework for managing...

The Proper Role of Identity Management in Regulatory Compliance

IAM
According to Gartner’s “Survey Analysis: Trends in End-User Security Spending, 2017,” organizations are increasing their cybersecurity budgets due to fears of data breaches and related business risks. Regulatory compliance is also a top concern that’s driving security spending. Organizations face significant financial penalties if they fail to meet increasingly strict regulatory requirements for data security and privacy. The 2016...

The Cloud Demands a Centralized Approach to Identity and Access Management

IAM 2
Ever-increasing numbers of users, both inside and outside organizations, need convenient access to corporate IT resources that exist both on-premises and in the cloud. The result is a porous network perimeter that relies heavily on user authentication to prevent unauthorized access. However, many organizations are finding that their identity and access management (IAM) platforms are inadequate. Growing security threats...

How Do We Optimize Access Control Performance?

DIT IAM
In a perfect world, the lifecycle of any identity is readily tracked and managed. The policies that determine basic access are derived from the relevant characteristics of the identity – role, function, business unit, project team, location, certifications, etc. Additional access rights may require a resource owner’s permission. All of these inputs and controls are effectively managed in a...

New York’s New Security Rules Emphasize Identity and Access Management

NY Security
In September 2016, New York Governor Andrew Cuomo announced new regulations that established minimum security requirements for the protection of sensitive data in the financial services sector. The first state-mandated regulations of their kind in the nation, the new rules cover banks, insurance companies, and other financial services firms licensed by the New York Department of Financial Services (DFS),...

Data Manipulation: A More Troubling Problem than Data Theft

Many people are concerned about the theft of sensitive information, and rightfully so. According to the 2016 Identity Fraud study by Javelin Strategy and Research, identity theft cost U.S. consumers $15 billion in 2015. Businesses also fall victim to identity theft, to the tune of $221 billion worldwide each year. But a more insidious data security problem is gaining...

Why the IoT Needs IAM, Part 2: The Complexity of Controlling Access

DDOS
In a previous post Why the IoT Needs IAM, Part 1: Rise of the Botnets, we discussed the growth of the Internet of Things (IoT) and the enormous attack surface created by billions of Internet-connected devices. Many of these devices have been recruited into botnet armies that are used to launch distributed denial of service (DDoS) attacks. Others are...

Automation Helps Meet Regulatory Requirements for Privileged Accounts

Automation
Privileged account security has become a focal point of many government and industry regulations. Take, for example, the latest version of the Payment Card Industry Data Security Standard (PCI-DSS), which mandates security practices and controls that must be implemented by organizations that store, process, or transmit payment card data. PCI-DSS 3.2 requires that organizations change vendor-default passwords for privileged...

Why the IoT Needs IAM, Part 1: Rise of the Botnets

DIT
In the Internet of Things (IoT), billions of connected objects quietly collect and transmit data and perform a wide range of functions, generally without human intervention. Imagine vending machines that tell you when they need to be replenished, vehicles that schedule their own maintenance, and “smart home” products that let you lock your doors, control your thermostat, and peek...