Security news aggregator

Latest coverage for Identity and Access Management

Identity and access management limits unauthorized access by controlling accounts and permissions; least privilege and MFA reduce breach impact.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Identity and Access Management (IAM) is the set of processes and systems that create and manage digital identities, verify who or what is requesting access, and decide which resources it may use. It covers people, services, applications, and devices across their lifecycle, including account creation, role changes, and removal. Authentication establishes identity; authorization applies permissions.

IAM is a primary control against unauthorized access: stolen credentials, compromised service accounts, or excessive and abandoned permissions can expose systems and data or enable an attacker to move between them. Effective practice combines phishing-resistant multifactor authentication for sensitive access, least privilege through roles or attributes, prompt joiner–mover–leaver changes, and periodic access reviews. Centralized logs and alerts for unusual authentication or privilege changes support investigation, while carefully governed federation and machine identities prevent one compromised trust relationship from granting broad access.

Volume over time

Weekly headline count for the current query.

Showing 9 most recent headlines Filtered view
The Register 2 years, 8 months ago

Helping you bridge the cloud security gap

Learn how to implement effective identity and access management with Entra ID and SANS Sponsored Post The job of the cyber security professional is never easy, and it gets progressively harder with the movement of sensitive data and applications across the multiple different on and off premise systems that make up modern hybrid cloud environments.…

As identity management becomes the new security perimeter, cyber risk underwriters want to see resilient IAM control ID sprawl Sponsored Feature Many organizations are suffering from an identity crisis. Not in the psychological sense, nor in respect to their branding or culture. But in how their IT systems enable employees to access the applications and data they need for work.…

You need to open up core systems to consumers and partners. Here's how to do it securely Sponsored Feature It's easy to forget the human factor when it comes to cybersecurity. Completely locking down your network will certainly make you secure, just as completely locking down your building will do the same. The problem is you'll struggle to get much work done, because people need access to assets, physical or virtual, to do their jobs.…

Datadog security researchers found the flaw before miscreants did Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. …

The Register 3 years, 8 months ago

The point solution IAM evolution under reform

A consolidation of IAM tools, suppliers and managed services providers is changing the default approach Sponsored Feature The inexorable pace of technological innovation in response to the unrelenting growth of cyber attacks has led to fragmentation within cyber security provision. Things generally follow a common pattern, starting with a new security requirement being identified, whether a response to a novel threat, or a compliance or regulation challenge. This leads buyers to specialized tools, usually from smaller vendors that do one thing well. But inevitably over time, buyers end up using a mishmash of systems and tools, each with its own job and management processes.…

The Register 3 years, 9 months ago

Can IAM help save on cyber insurance?

Demonstrating a robust defense can help underwrite cyber risk for customers and providers, says One Identity Sponsored Feature Underwriters are continuing to feel the pinch as cyber insurance claims mount. That means customers are hurting too, with policies becoming more costly and insurers demanding more proof of cybersecurity. So how do organizations make better use of identity and access management to demonstrate their competency in protecting people's sensitive personal and financial data?…

Three vulnerabilities in one line of code AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…