In a recent analysis of the top 1,000 global companies, 97 percent were found to have had leaked credentials that were made publicly available on the Web. While this statistic is disturbing enough by itself, what is more troublesome is how that information is captured and made public.

Many leaked credentials come as the result of an organization suffering from a data breach, but another method that attackers are using is to steal credentials from a third-party source, similar to what happened when Spotify and Pandora were attacked. In both of these incidents, corporate emails used to sign up for accounts were either published or sold. Dating and adult websites are also common places where corporate emails are inappropriately used to create accounts, resulting in more than 300,000 corporate or government worker email addresses being exposed.

When organizations start or plan to start a new IAM initiative, one of the first steps they take is some form of requirements gathering. The idea is that the requirements represent the functional and nonfunctional (IAM) needs of an organization. Then, typically through some form of procurement, the organization attempts find a solution/service/product(s) that best aligns with those requirements.

Are you using an identity and access management (IAM) solution designed for the enterprise to manage user identities and access privileges at your community college or university? If so, then you’ve likely already run into some serious difficulties—and if you haven’t yet, it’s only a matter of time. An increasingly complex IT environment and growing number of users that require access to systems and data have made user identity and permissions management more challenging than ever, particularly in higher-education institutions.

One of the most concerning trends for 2016 seems to be "Another day, another healthcare data breach." Breaches are becoming an all too regular occurrence and not just among healthcare providers. Retailers, credit and financial institutions, entertainment giants, and even governmental agencies are falling prey to the hackers, and in many cases are allowing access to very private customer data, at an alarming rate.

Whenever I am involved in the initial discovery phase of an Identity and Access Management (IAM) project, the term Single Sign-On (SSO) always comes up. SSO is often desired or a hard requirement of customers, which inevitably prompts a clarification discussion around just exactly what SSO means to them.

The customer’s definition of SSO is usually something along the lines of “customers have one set of login credentials for all of their web applications instead of a different set for each.” For example, a single “scarter” account and password can get me access to Salesforce and Google Apps versus having a separate “scarter1” account for Salesforce and then an “scarter2” account for Google Apps.  

However, this interpretation of what SSO means is actually only half correct.

Quick. Think fast! Which industry is the most under attack by cybercriminals?

If you guessed the financial sector, which has historically been the most targeted industry, then it’s time to update your understanding of today’s cybersecurity threats because retail has taken the top spot, according to 2016 NTT research.

Recently, one of our RapidIdentity customers ran into a conundrum. While the customer heavily uses RapidConnect to synchronize their various application and authentication identity sources, they awoke to a mass Email stating that during their morning provisioning the displayName attribute on every user in their environment was changing!

When Dustin Hardin became the Director of Technology for New Caney Independent School District in 2011, the district didn't have WiFi or student accounts and only had basic email for staff. However, district leadership had ambitious goals: to implement 21st century teaching methodologies in the form of digitized learning and ongoing student-teacher engagement. To get there, New Caney ISD created a program called 1:Vision, with the goal of issuing a laptop to each student in grades 3-12.

Compliance with the Payment Card Industry Data Security Standard (PCI-DSS) alone does not ensure security against data breaches and stolen payment card records. Even the PCI-DSS website defines the standard’s priorities as helping: