Identity Management Blog

Every IT environment has them. They are called by a variety of names: Non-human accounts; system accounts; service accounts; administrator accounts; shared accounts; group accounts; and the list goes on. What is common is that they have exceedingly high privileges to often the most critical areas of an IT environment. In fact, the list of acronyms describing IT management tools for these accounts is almost as long: Privileged User Management (PUM); Privileged Identity Management (PIM); Privileged Account Management (PAM); and Privileged Account Security to name a few. Unlike our personal ...
Read More
Last Tuesday, the Wall Street Journal reported on the SEC’s ruling that Social Media sites such as Twitter and Facebook are appropriate and legal disclosure channels, as long as the company acknowledges which sites they will use for disclosure.   Not only does the ruling reflect the profound impact Social Media has had on business communications, it has major implications in the realm of Identity ...
No blog about National Cyber Security Awareness Month would be complete without the obligatory link to the Department of Homeland Security’s (DHS) official website on the topic – after all, they started it 9 short years ago.
In part 1 of this 2-part article, we described some of the symptoms that are found when the IAM team is perceived as the owner rather than the facilitator of access governance processes.  This article will provide some pointers and suggestions on how to re-focus the program.
Once upon a time, an organization was confronted with the fact its IT group was consumed in answering auditors' questions, as well finding and resolving issues found by auditors.  The IT group, responsible for the Identity and Access Management (IAM) team was constantly overworked and barely had any cycles to advance their IAM initiative outside of addressing questions and requests from internal ...
Part 1 of this 3-part article defined access governance, and part 2 described some of the unique challenges poised by cloud applications.  In this last part, I provide some recommendations based on our experience bringing cloud applications under governance.
Part 1 of this 3-part article set the stage by defining access governance in general, and with a focus on cloud applications. In this second part, we look at the scope of access governance and some of the unique challenges that cloud applications rise.
In working with some of our clients recently, I have engaged in discussions with them concerning their Identity and Access Management (IAM) strategies in light of compliance and risk mitigation, and the topic of Access Governance has been front and center of the discussion. Since this is a timely and relevant issue for many organizations, I feel compelled to share my point of view.