Identity Management Blog

The Identropy Advisory team recently came together and presented to a group of CISOs in Upstate New York. The topic: The High Cost of Not Doing IAM Right. As part of that discussion, we talked about how failing at Identity and Access Management (IAM) can lead to an increase not only in the number of breaches, but the costs associated with remediating them. While good IAM is hard, failing at it can be quite costly. Companies with less mature IAM programs suffer twice as many breaches and end up paying $5 million more on average to remediate a breach than those with a mature approach to IAM.
Read More
Granting access to a user is an exercise in trust. This is why information security best practices preach following the principle of “least privilege” to mitigate the risk of trusting a user. But even when we give a user exactly and only the right privileges to do their jobs, we are still trusting them with those privileges and expecting them to use them for the right things. An important part of ...
I’m on the road again, sitting in a club lounge at O’Hare airport. It’s another typical Tuesday late morning with a decent number of people busy typing (or in some case hunting and pecking) through emails. With that setting here is a recap of a scenario that has just played out just a few feet from me:
I’ve always heard that no two snowflakes are exactly alike. I don’t know if this is true, but I’m willing to accept it as a fact. No two clients are identical; they all have different IAM needs, target systems, processes and procedures. No two IAM implementations will ever be alike, but if we consider this situation with an open mind we will see that in the early stages of an IAM implementation ...
Pokemon Go has taken the world by storm.  There are currently more Pokemon Go users than Twitter users in America. Pokemon Go has been out in the U.S. for 7 days. Let that sink in for a second. It took 7 days for an application to have more users than Twitter in America.  As big an event as it is, the launch has been troubled by numerous issues. Two of the most prominent are:
Since its inception, Identropy has had a love affair with innovation. We’ve always encouraged Identropians to challenge why things are done in a specific way, and to tinker with new tech to find smart ways to tackle hard problems. That has served us well, and has resulted in many successes (and many failures as well!) in the IAM field, including the development of the industry's first Managed IAM ...
It’s been shown that the security baseline of yesteryear is far from sufficient; in fact, even the binary identity and access management (IAM) approach fails to provide the proper level of security to protect important data.
When you think of companies being hacked, which are some of the first that come to mind that are most vulnerable to hacker attacks? We may be quick to point the finger at big corporations, but it’s not just them that are being targeted--small companies are just as viable to hackers, or “the bad guys.” This should come as no surprise. Last year’s Duke University/CFO Magazine Global Business ...
The stuff of nightmares is no longer the boogeyman or Bloody Mary--it’s mutated into hackers, thieves and crooks. An article from theguardian shows how a known hack dated back to 2014 is still very much in motion. All they need is your phone number, and nothing else. Regardless of carrier, with no remedy besides turning your phone off, this hack uses Signaling System No. 7 (SS7), a network ...
Everyone loves a game of Monopoly, right? That is, unless the odds are turned against you, and suddenly your nemesis has acquired Boardwalk and all the Railroads after 5+ hours of gameplay. It’s happened all too often. It’s difficult to turn the game in your favor when this occurs--mainly because having the right strategy and gameplan, and being able to deal with chance, is the linchpin to ...