Identity Automation Blog

Stay up to date with all of the latest news and events.

In the first installment in this blog series, we looked at the many trends in the business landscape today (digital transformation, a changing workforce, and the shift to cloud IT infrastructures, among others) that are driving the need for a more comprehensive and integrated IAM solution. In our second blog in this series, we will take a look at why evolving regulatory and threat landscapes, combined with shrinking IT budgets, have necessitated more robust, modern IAM solutions.

In Part 1 and Part 2 of my series on the value of identity, we looked at the consequences of revealing excessive personal information in public, more specifically the digital realm, can have on the individual and an organization. We saw that hackers can use the information you reveal on social media and the internet not only to impersonate and steal your identity, but to even infiltrate and take control of your company’s network. 

According to the new 2016 Verizon Data Breach Investigations Report (DBIR), legitimate user credentials were used in most data breaches, with some 63 percent of them using weak, default, or stolen passwords. This may come as some surprise to businesses that are not yet victims of such breaches as they continue to utilize homegrown, piecemeal, or legacy identity access management (IAM) solutions. While your CIO is focused on perimeter defense, your challenge is to shift this focus to the need for a more robust, modern, and integrated IAM solution, which is easier said than done.

Recently, our CEO, James Litton sat down with the South Texas chapter of ISSA as part of the organization's podcast series on cybersecurity. Their conversation covered a wide range of security and identity and access management (IAM) topics, including identity and the Internet of Things, the future of passwords, contingent workers, IAM and the cloud, and much more.

Earlier this month, I attended the 2016 Interop Conference in Las Vegas. While I had many discussions with attendees on a variety of identity and access security topics, I was surprised by the number of questions about biometrics and multi-factor authentication (MFA).  The majority of people asking these questions were interested in better understanding if and how biometrics should be used as part of their authentication process. Since this topic came up so often at Interop, I’m guessing a lot of you have similar questions. So, I thought it would be helpful to provide some additional biometrics and our point our view on them.

Earlier this year, James Litton, our CEO, appeared on Texas Business Radio, the syndicated radio show that features leading businesses, people, and events from the Texas business world.

Last month I read an article reporting that researchers found two-factor authentication to be insecure and vulnerable to hacks. My initial reaction was skepticism, since it wasn’t recommending a more secure alternative like multi-factor authentication, but instead simply stating 2FA isn’t secure.

James Bond is known for impeccable taste in clothes, cars and cocktails. Not to mention, cool gadgets and tricks up his sleeve like wristwatch lasers and passenger ejector seats. Along with the style and grace, keeping data safe and intelligence top secret is still top of mind for Bond.

Last week, I wrote a post about how with the proliferation of the Internet of Things, “things” within an organization - those smart connected devices that are able to think on their own - will emerge as insider threats in the future. At the end of that post, I said that things will eventually become another identity we will have to secure and manage.

In the past, we’ve talked a lot about rogue employees and how they pose an internal threat to organizations if their identities aren’t properly managed. Last month, Troy discussed them again, building on our rogue employee archetypes by adding a few others to the list.

Yet as the Internet of Things continues to grow from a concept into something more tangible, I can’t help but think that “things” could eventually pose an internal threat to organizations as well.