Most Recent Blogs

The Internet of Identities (IoI)

Posted: July 10, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, IoT, identity and access management, micro-segmentation, SDP, Internet of Identities

identity.jpgEveryone is talking about IoT these days and for good reason – there are already billions of devices connected to the global Internet and some researchers are predicting 50 billion by 2020. This alone will make CISOs' jobs more difficult, but security executives face many other associated challenges as well:

Read More

The Era of Identity-based Applications

Posted: September 15, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, IAM, identity and access management

Eye_on_Keyboard.jpgIdentity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.

As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.

Read More

Balancing user experience with security

Posted: June 29, 2016   /   By: Mark Bowker   /   Tags: identity and access management, Enterprise Mobility

mobility and securityThe number one challenge I hear from IT professionals across the board is balancing security with user experience across multiple device types that employees use in the course of a day. If those IT pros turn the dial too far in one direction, they’re faced with security vulnerabilities. If they rotate the dial too far in the opposite direction, they faced user-experience hurdles.

This challenge is exacerbated for those companies that want to further embrace cloud consumption models, but are once again perplexed about where to set the dial.

Read More

Identity and Access Management (IAM) infrastructure is misaligned with security

Posted: May 23, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, IAM, identity and access management

identity and access managementSeveral CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e. user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.

Read More

Enterprises Are Not Monitoring Access to Sensitive Data

Posted: May 01, 2014   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Dell, Security and Privacy, Security, google, Centrify, CyberArk, Courion, Sailpoint, data security, Quest, Box, Symantec, Target, nsa, cybercrime, identity and access management, security analytics, Edward Snowden

If you want to make a cybersecurity professional uncomfortable, simply utter these two word: ‘Data exfiltration.’ Why will this term garner an emotional response? Because data exfiltration is a worst-case outcome of a cyber-attack – think Target, the NY Times, Google Aurora, Titan Rain, etc. Simply stated, ‘data exfiltration’ is a quasi-military term used to describe the theft of sensitive data like credit card numbers, health care records, manufacturing processes, or classified military plans.

Most enterprises now recognize the risks associated with data exfiltration and are now reacting with new types of security technologies, granular network segmentation, and tighter access controls. Good start but what about simply monitoring sensitive data access activities? You know, who accesses the data, how often, what they do, etc.?

Read More

Posts by Topic

see all