Mobile Search Mobile Menu

By Abhi Yadav

Putting the “service” in “Identity as a Service”

What’s in a word? When it comes to “service,” it can be a lot. You wouldn’t think a simple word like “service” could have people scratching their heads. And yet there’s one use in particular that seems to be creating some confusion: it’s the meaning of “service” in the term “Identity as a Service.” At […]

By Abhi Yadav

What the Apple-DOJ Case Can Tell You About Your Enterprise Security

The recent public dispute between Apple and the U.S. Department of Justice (DOJ) over the encrypted “San Bernardino“ iPhone has served as a powerful reminder of the challenges every enterprise faces when it comes to identity and data security. No matter what side of the issue you come down on, it’s clear that there’s a […]

By Abhi Yadav

Limit Vendor Risk – Step 3: Ensure Periodic Access Reviews are Performed

In my previous post, I discussed the second of four steps for limiting Vendor Risk. This month we will review Step 3: Ensure Periodic Access Reviews are Performed. To ensure security processes are in place and operating effectively, you must perform periodic access reviews in order to detect inaccuracies in provisioned access. These are “who, […]

By Abhi Yadav

Limit Vendor Risk – Step 1: Properly Grant and Remove Access

In my last post, I introduced four steps you can take to limit vendor risk. In this month’s post, we’ll take a slightly deeper dive into step 1: properly granting and removing access. Access to systems must be controlled and granted only with proper approvals. If you follow the steps below, you can easily maintain […]

By Abhi Yadav

Reducing Exposure to Breaches through Audit and Compliance (Part 4)

When a cyber breach occurs, the fallout impacts the entire organization. There can be theft of company secrets, regulatory fines, loss of revenue from negative brand reputation, and the termination and departure of the senior-most people in the company. Audit and compliance around access to systems is a board level topic. The prepared organizations are […]

By Abhi Yadav

The Lifecycle Management Opportunities of a Data Breach (Part 3)

This is our third in a series of commentaries on minimizing the risk of becoming the next front page news story on data breaches. Identity lifecycle management is one of the most critical parts of a security and identity and access management program.  Identifying the assets and setting a baseline for acceptable risk needs to […]

By Abhi Yadav

Managing the Keys to the Kingdom – Privileged/Shared Accounts (Part 2)

This is our second in a series of commentaries on minimizing the risk of becoming the next front page news story on data breaches. Privileged and Shared Accounts are some of the most critical assets to manage in an organization since they provide broad access to systems and sensitive corporate and state information. Privileged Accounts […]

1 2 3 4 5