Blog posts by Richard Hill

Zero Trust is a key paradigm for cybersecurity today, used well beyond the security circles. The goal is building cybersecurity that “ never (blindly) trusts ”, but “ always verifies .” This traditionally meant verifying Who has access to What resource. In the past, the Who typically meant a human with a digital identity being given access to some application within an organization. Once the individual was given access to said application, that individual would be verified via an IAM tool’s authentication capability and then authorized based on policy...

The days in which having just an Identity and Access Management (IAM) system on-premises are long gone. With organizations moving to hybrid on-premises, cloud, and even multi-cloud environments, the number of cyber-attacks is growing. The types and sophistication of these attacks are continually changing to get around any new security controls put in place. In fact, it is much easier for the cyber attacker to change tactics than it is for organizations to bring in new solutions to mitigate current attack vulnerabilities. Organizations must realize that they will never be 100% secure,...

An organization’s need to support communication and collaboration with external parties such as business partners and customers is just as an essential technical foundation today as it has been in the past. Web Access Management and Identity Federation are two vital and inseparable technologies that organizations can use to manage access to and from external systems, including cloud services, consistently. While the core Web Access Management and Identity Federation technologies have been well established for years, organizations will still need a strategic approach to address the...