All tagged IAM
Gartner estimates that 63% of all IAM products will be thrown out in the next two years as the ‘requirements have changed’ since the date of original purchase. The challenge for new and existing IAM programs is to establish and maintain a strong justification for the program’s continued existence. One retail client recognized this potential risk to their IAM program and took a novel approach to clearly illustrating the benefits of an IAM program.
CIO Online interviewed me for this article about authentication and authorization for hybrid and private clouds.
People are only able to detect lies about 50% of the time, but we tend to trust people we know when they request access by email. What does this mean for IAM, IGA, and PAM programs?
Our fifteen-year legacy of organizations implementing the relevant regulatory standards and still suffering cyber security breaches has led forward-thinking organizations to focus on risk management rather than compliance for compliance’s sake.
However, the biggest utility for my Pebble was two-factor authentication from my bank. My bank has had a somewhat tortured Consumer Identity and Access Management rollout over the years. They initially had single-factor authentication – a username and password. They briefly flirted with pictures, until they realized the Internet has an insatiable love of cats. They then deployed Knowledge-Based Authentication, safe in the knowledge that no-one would post their first spouse’s name, the name of their elementary school, and their favorite band on Facebook. Thus, they reluctantly deployed SMS-based two-factor authentication.
Password reuse by individuals is one of the great failings of IAM programs. The fundamental assumption of a successful IAM project is that an organization can correctly identify an individual user. Although this sounds like a low bar, many organizations are failing to clear it because of password breaches happening outside of the corporate firewall.
