Blog posts by guest authors

Organizations around the world have been rapidly modernizing their access management infrastructures in response to increased cyber-attacks and data breaches, enactment of security and privacy regulations, and a shift to remote working. Access management modernization is quick shift away from insecure passwords, which time and again facilitate criminals to gain access to corporate networks and data. A recent survey on the Psychology of Passwords found that 59% of the respondents use the same password repeatedly, at home and in the office. The main reason behind this dangerous trend is...

When thinking about the C-suite’s priorities, people tend to focus on growth, security, digital transformation or, more recently, keeping a remote workforce running. All of these aspects are important to keep the business profitable, remain at the forefront of innovation, maintain shareholder satisfaction and ensure that employees are safe, equipped and content. Yet, there is something that underpins every one of these priorities: digital trust. And without it, every area of the business would cease to function. Digital trust is a concept no business leader can ignore today. With...

There is no single right way to do cloud-based identity and access management (IAM) services. Not only is every organization at a different place in their journey, but each will prioritize cloud benefits differently. Therefore, no matter where you are on your cloud journey, modular and integrated solutions can strengthen your identity security, help you achieve governance and a Zero Trust model, and get compliant. The cloud comes with great opportunities as well as significant dangers. When including it in your IGA strategy (of which it should be a critical element), keep identity...

The Ugly Face of Yesterday’s CIAM We all have multiple different personas. But before we put on our hats as identity “experts” -  either as architects, implementers or vendors - let us start by simply being consumers.  Consumers of online services for banking, e-commerce, education, entertainment, and more.  And by thinking as consumers, we can all tell endless stories of poor user experiences with respect to using those services. Those poor user experiences are essentially putting an invisible barrier to entry to the applications and goods we wanted to...

Zero trust and IAM from the cloud as the foundation of hybrid IT must be simple Most companies today rely on a hybrid IT infrastructure: Existing on-premise solutions are extended with flexible best-of-breed SaaS solutions. This improves flexibility and agility, but also increases the scope for cyber attacks due to the growing number of digital identities. For example, the Verizon Data Breach Investigation Report 2020 showed that attack patterns that target end-users - such as phishing and the use of stolen credentials - lead the attack rankings again. With obvious numerical sequences...

For today’s companies, IT service management is more than IT support. ITSM is about working behind the scenes to help employees to do the work that drives your business – providing a one-stop shop for service needs, upgrades, improvements, and asset management. If IGA doesn’t play a critical role in your ITSM strategy, it should. We frequently hear from customers who are looking to better align IGA and ITSM, and our conversations with the analyst firm KuppingerCole often focus on this topic as well. Simply put, it just makes sense to marry IGA and ITSM....

Symantec Enterprise: With more informed decisions comes more automated security. In today’s Zero Trust world, where the principle of least privilege is ubiquitous, enterprises are struggling to balance security while simultaneously enabling a highly agile business environment. There has always been friction with security and making highly specific security decisions quickly and efficiently contributes to this. Moreover, decision-making in enterprises exists on a spectrum from completely manual to completely automated. Regardless of where your organization resides on this scale,...

Even before COVID-19 entered our lexicon, privileged access management (PAM) was widely recognized as a foundational cybersecurity technology . In recent years, almost every cyberattack has involved compromised or misused privileges/privileged credentials. Most malware needs privileges to execute and install payload. Once a threat actor has infiltrated an IT network, privileges are typically needed to access resources or compromise additional identities. With privileged credentials and access obtained, a threat actor or piece of malware essentially becomes a malicious...

Privileged Access Management (PAM) software comes in many forms. Some are heavy with software components (the thick client model) while others are leaner (the thin client model). Since we at SSH.COM are firm believers in the thin client model, I wanted to present five solid reasons why this is the case. 1. No constant cycle of installing, patching and configuring agents Thick clients require that you have to install agents on the client - and usually on the server as well. Moreover, you need to ensure that those agents are always up-to-date, patched and compatible with the...

Before there were PAM solutions everyone was given access to privileged accounts with little regard or control as to who had access to them, when they had access and what they did with that access. As security breaches started to rise and compliance regulations were written it was obvious that manual processes and home-grown approaches to manage privileged access weren't enough to secure your organization. First PAM solutions solved issues but were too inflexible That's when privileged management solutions popped up in the market. There were solutions for password management and...