Explore the latest in Identity and Access Management for secure access control and user authentication practices in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Identity and Access Management (IAM) is a framework of policies and technologies ensuring that the right individuals have the appropriate access to technology resources. In the context of information security, IAM is crucial for controlling user access to critical information within an organization. It facilitates the management of user identities and their corresponding access rights, ensuring that users gain access only to the resources they are authorized to use.
IAM systems provide tools for organizations to change roles, track activities, and enforce policies on an ongoing basis. These systems are integral for maintaining the security of sensitive data and compliance with regulations. By using IAM, organizations prevent data breaches by ensuring that users do not exceed their access privileges.
Weekly headline count for the current query.
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
Explore how AI is reshaping the security landscape—uncover emerging threats, identity challenges, and the strategies needed to stay ahead.
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
CEOs and CISOs on Dealing With the ‘Work From Anywhere’ ChallengeIn this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.
How Consolidation Is Forcing CISOs and CIOs to Rethink Security ArchitectureFor more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools - endpoint detection, firewalls, cloud security and IAM - each designed to address a specific threat or compliance requirement. But that approach is starting to break down.
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls
Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. [...]
How Consolidation Is Forcing CISOs and CIOs to Rethink Security ArchitectureFor more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools - endpoint detection, firewalls, cloud security and IAM - each designed to address a specific threat or compliance requirement. But that approach is starting to break down.
The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles
Managing just-in-time access at scale is a growing IAM challenge as speed and auditability collide daily. Tines shows how automated workflows can grant, track, and revoke temporary app access without manual effort. [...]
The Invisible Half of the Identity Universe Identity used to live in one place - an LDAP directory, an HR system, a single IAM portal
Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). [...]
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining
As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber
Ping Identity and Ameris Bank on Stopping Fraud Without Alienating Legitimate UsersIn the latest "Proof of Concept," Rich Keith, director of product and solutions marketing at Ping Identity, and Todd Smith, senior vice president of customer IAM at Bank Ameris, joined ISMG editors to discuss how AI-based fraud is breaking trust models faster than many systems can adapt.
Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all integrated into a single, cohesive control plane
The same APT hammered critical bugs in Citrix NetScaler (CVE-2025-5777) and the Cisco Identity Service Engine (CVE-2025-20337) in a sign of growing adversary interest in identity and access management systems.