Identity Management Blog

How Can Machine Learning and Identity Management Contribute to your Cyber Security Program?
Read More
Another Gartner IAM Summit has come and gone and the theme of 2017's conference really followed (and confirmed) what I saw at RSA Conference and the Identiverse (aka Cloud Identity Summit) earlier in the year: It's time to start considering adding intelligence capabilities to your IAM tools, services, and programs.
Privileged IDs are sometimes referred to as the “keys to the kingdom.” It’s a very accurate description since privileged accounts often have the highest level of access to make changes to applications, infrastructure and data. Compounding the risk is that many organizations have not deployed tools to monitor and mitigate the risk posed by privileged IDs.
In our Kickstart advisory engagements, we normally recommend that our clients deploy an Access Recertification process. Even when access provisioning has been automated, access recertification should be used to certify not only that users still “work here” but also that their access is appropriate.  This is particularly valuable in cases in which the user population being recertified is not ...
Part 1 provided context for the Enterprise IAM consumerization trend and talked about the positive and negative implications of the trend. In this article, I will discuss additional considerations and recommendations about this trends and how organizations may choose to approach it.
  I would like to express my sympathy to those affected by the terrible earthquake and tsunami that hit Japan this past Friday 3/11/2011.  This has been a terrible tragedy, and I can only hope that things begin to get to a stable state. By now, I figure everyone is familiar with the trend of “Consumerization of Enterprise IT.”   It is clear the Enterprise is being forced to adapt to change due to ...
Part 1 of this 3-part article defined access governance, and part 2 described some of the unique challenges poised by cloud applications.  In this last part, I provide some recommendations based on our experience bringing cloud applications under governance.
Part 1 of this 3-part article set the stage by defining access governance in general, and with a focus on cloud applications. In this second part, we look at the scope of access governance and some of the unique challenges that cloud applications rise.