Category


Latest Blogs

All Blogs »

May 11, 2017 | Cloud Application and Data Controls
By Aaron Turner, IANS Faculty

 Securing Cloud Assets Using Federated Identities

Whether you view the cloud as infrastructure-, platform- or application-as-a-service, identity is the only control that exists universally across all cloud environments. Unfortunately, identity lifecycle management for cloud-based systems is not as mature as we need it to be. In this report, IANS Faculty Aaron Turner details how to make wise investments in a federated identity strategy that can scale to even the most complex cloud technology models.

Read More »


May 10, 2017 | Authentication
By Aaron Turner, IANS Faculty

 Implementing Contactless MFA across a PKI Environment

Implementing contactless multifactor authentication (MFA) across an entire organization is difficult enough, without the added stress of getting it operational by year end to meet the tight deadline of DFARS compliance. In this Ask-an-Expert written response, IANS Faculty Aaron Turner recommends taking a phased approach to ensure a seamless rollout. 

Read More »


April 26, 2017 | Privileged Access Management
By Aaron Turner, IANS Faculty

 Choosing an IDAM Tool for the Future

Finding one tool to handle both identity and privileged identity management is difficult enough, but what about one that will also provide the right set of capabilities as identity needs evolve in the future? In this Ask-an-Expert written response, IANS Faculty Aaron Turner details how to evaluate current vendors to ensure they remain relevant today and tomorrow.

Read More »


April 7, 2017 | Password Management
By IANS Faculty, IANS Faculty

 Poll: What Are the Best Password Strategies?

Password guidelines seems to change all the time. With new recommendations from NIST and vendors like Microsoft cropping up, how can enterprises determine the best approach? In this report, IANS Faculty Rich Guida, John Galda, Jason Gillam, Kevin Beaver, Marcus Ranum and Stephen McHenry offer their opinions and some rules of thumb for creating strong, enforceable password policies.

Read More »


April 5, 2017 | Risk Management
By Rich Guida, IANS Faculty

 Creating an Effective IDAM Governance Committee

Planning an optimal identity and access management (IDAM) strategy requires participation and buy-in from a variety of stakeholders, including HR, legal and more. In this Ask-an-Expert written response, IANS Faculty Rich Guida offers recommendations for creating the right membership, rules and processes for a strong IDAM governance committee.

Read More »


March 29, 2017 | Encryption, Digital Signatures, Certificates, Tokenization
By Aaron Turner, IANS Faculty

 Choosing the Right MFA and PKI Solution for a Complex, High-Security Environment

Leveraging multi-factor authentication (MFA) and public key infrastructure (PKI) across a large organization with multiple domains and trust levels can get complicated fast. In this Ask-an-Expert written response, IANS Faculty Aaron Turner goes over all the options and offers advice for minimizing cost, effort, lifecycle management and security issues.

Read More »


March 24, 2017 | Directory Services
By Rich Guida, IANS Faculty

 Managing Terminated Active Directory Accounts

Managing AD accounts for terminated employees can become complex and confusing, especially as organizations evolve over time. In this Ask-an-Expert written response, IANS Faculty Rich Guida details best practices for managing terminated accounts to meet application, audit and regulatory requirements, and offers recommendations for easing the process.

Read More »


March 13, 2017 | Single Sign-on
By Aaron Turner, IANS Faculty

 Assessing the Pros and Cons of IdentityServer

When evaluating single sign-on (SSO) solutions, it's important to examine a number of factors, including scalability, features, ease-of-use and cost. In this Ask-an-Expert written response, IANS Faculty Aaron Turner examines some of the pros and cons of IdentityServer as an SSO platform and compares it against other popular solutions such as ForgeRock and Active Directory Federation Services. 

Read More »


March 8, 2017 | Directory Services
By Rich Guida, IANS Faculty

 Detailing Requirements for an IDAM System

Establishing a set of questions and requirements is a critical step in the process of constructing an identity and access management (IDAM) system. In this Ask-an-Expert written response, IANS Faculty Rich Guida details the important questions security teams should be asking their prospective IDAM vendors, ranging from cryptography and authentication requirements to privilege management and separation of duties. 

Read More »


February 8, 2017 | Single Sign-on
By Aaron Turner, IANS Faculty

 Single Sign-On Platform Comparison

The identity and access management market is undergoing significant upheaval due to past under-investment in the space. In this Ask-an-Expert written response, IANS Faculty Aaron Turner offers a breakdown of the single sign-on (SSO) solution marketplace and provides recommendations for selecting a platform. 

Read More »


February 1, 2017 | Authentication
By Michael Pinch, IANS Faculty

 Authenticating Customers via Fingerprint Biometrics

A security team is considering using fingerprint-based biometrics to authenticate customers at its company's retail stores, but what are the pros/cons? In this Ask-an-Expert live interaction, IANS Faculty Mike Pinch details the current state of fingerprint biometrics and offers some advice for safe, cost-effective implementation.

Read More »


January 25, 2017 | Cloud Access Security Brokers
By George Gerchow, IANS Faculty

 Security Considerations Before Going Cloud-First

The business decision to go cloud-first has many implications, not the least of which is security. What do information security teams need to do up-front to ensure critical business data remains safe in this new paradigm? In this Ask-an-Expert live interaction, IANS Faculty George Gerchow offers some key strategies, tools and processes to put in place to ensure success.

Read More »


January 18, 2017 | Directory Services
By Jason Gillam, IANS Faculty

 Selecting an Access Management Solution

Access management within an organization can often be non-standardized, decentralized, mismanaged and unreliable. In this Ask-an-Expert written response, IANS Faculty Jason Gillam describes three potential solutions to this problem of access management and offers recommendations for when organizations should consider leveraging vendor solutions. 

Read More »


September 29, 2016 | Privileged Access Management
By Aaron Turner, IANS Faculty

 Using a Bastion Forest for Privileged Account Management in Microsoft AD Environments

In Microsoft Active Directory (AD) environments, a bastion forest can be used to both reliably manage privileged access and recover a compromised AD implementation. In this report, IANS Faculty Aaron Turner explains the theory behind the bastion forest and steps you through the process of setting one up. He also explains how some organizations may be able to use a bastion forest as a cost-effective alternative to pricier privileged access management (PAM) tools.

Read More »


June 27, 2016 | Cloud Access Security Brokers
By Ed Moyle, IANS Faculty

 Identity as a Service: Deciding When It Makes Sense

As more companies start using cloud services, many are considering identity as a service (IDaaS) to help simplify identity management, but is it a good idea? In this report, IANS Faculty Ed Moyle provides a quick market overview, some common use cases, and tips for deciding when IDaaS can work – and when it can’t.

Read More »


June 14, 2016 | Authentication
By Aaron Turner, IANS Faculty

 Assessing Biometrics as an Authentication Method

The adoption of biometrics as a means of authentication has experienced fluctuating popularity in recent years. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the current state of the biometrics space and explains why biometric identification is best used as a secondary authentication method.

Read More »


May 5, 2016 | Password Management
By Rich Guida, IANS Faculty

 Password Configuration Best Practices

Implementing a secure password policy can be a difficult task for security teams within a large organization. In this Ask-an-Expert written response, IANS Faculty Rich Guida offers recommendations on creating an organizational password policy that offers strong security, but does not overburden users.

Read More »


April 27, 2016 | Privileged Access Management
By Michael Pinch, IANS Faculty

 Automating the Privileged User Approval Process

Automating the process of assigning admin-level access to privileged users can be a challenging task, particularly for large organizations. In this Ask-an-Expert written response, IANS Faculty Michael Pinch details the advantages of privileged identity and access management (PIM/PAM) tools and offers tips for ensuring audit and other groups are comfortable with the process.

Read More »


December 30, 2015 | Privileged Access Management
By Aaron Turner, IANS Faculty

 Prioritizing Migration to New IAM Infrastructure

When migrating to a different IAM provisioning tool, it's critical to prioritize activities so that you are taking full advantage of the new solution, while still addressing the highest-risk applications first. In this Ask-an-Expert written response, IANS Faculty Aaron Turner provides a checklist for companies to make the most of their new IAM infrastructure without interrupting business processes.

Read More »


December 28, 2015 | Privileged Access Management
By Gunnar Peterson, IANS Faculty

 IDAM in the Cloud

Managing identity across cloud services and applications is becoming increasingly critical for many organizations. In this report, IANS Faculty Gunnar Peterson examines what needs to be handled in the cloud and what should be kept on-premises, as well as current best practices for managing identity in the cloud.

Read More »


October 22, 2015 | Account Provisioning
By Gunnar Peterson, IANS Faculty

 Easing Entitlement Review

Tool selection can be a time-consuming process, particularly for organizations looking to address multiple issues with one particular product. In this Ask-an-Expert written response, IANS Faculty Gunnar Peterson outlines the process of selecting a tool that can ease entitlement reviews in both AD and non-AD environments and explains that roles can help simplify access management by giving a more high-level view into permissions and privileges.

Read More »


October 20, 2015 | Authentication
By Jennifer Minella, IANS Faculty

 Using 802.1x and Certificates for Device Authentication vs. Profiling

The use of certificates and profiling technologies are two popular ways for companies to identify various devices attempting to access their network. In this Ask-an-Expert written response, IANS Faculty Jennifer Minella offers a detailed examination of the pros and cons of using 802.1x certificates for device authentication and lists some of the major technologies to watch in the space, including IEEE 802.1x, TPM and MACSec.

Read More »


October 6, 2015 | Directory Services
By Gunnar Peterson, IANS Faculty

 Forming an IDAM Strategy Roundtable

Implementing a workable IDAM strategy while dealing with separate business units spearheading multiple, competing projects is no easy feat. In this Ask-an-Expert live interaction, IANS Faculty Gunnar Peterson discusses creating an IDAM roundtable of stakeholders to help build a viable roadmap and foster collaboration across the organization.

Read More »


September 16, 2015 | Privileged Access Management
By Gunnar Peterson, IANS Faculty

 Friend or Foe: Getting a Handle on Social Media Account Management

The Islamic State's recent breach of the Department of Defense’s Twitter account brought the problem of managing corporate social media accounts into the spotlight. How can companies ensure their accounts stay secure, especially when most users aren't tech-savvy and the tools are limited? In this report, IANS Faculty Gunnar Peterson outlines practical policy, training and technical steps to ensure corporate social media accounts remain in the right hands.

Read More »


August 25, 2015 | Account Provisioning
By Rich Guida, IANS Faculty

 User Account Management Best Practices

User account management can be a challenge for organizations with thousands of users, particularly when credentials are frequently shared. In this Ask-an-Expert written response, IANS Faculty Rich Guida recommends two potential strategies for dealing with this issue: Implementing two-factor authentication for the most sensitive applications or tying single-factor authentication to HR/personal information that users would not want to share.

Read More »


August 19, 2015 | Password Management
By Gunnar Peterson, IANS Faculty

 Evaluating Enterprise Password Management Solutions

These days, a single employee having a simple, easy-to-guess password can cause a massive data breach. In this Ask-an-Expert written response, IANS Faculty Gunnar Peterson details the benefits of enterprise-controlled password managers and explains the importance of developing a threat model to help organizations understand which types of attacks passwords are defending against.

Read More »


August 5, 2015 | Authentication
By Gunnar Peterson, IANS Faculty

 Implementing Two-Factor Authentication at AD Login

The implementation of multi-factor authentication is a standard security process, but what about at the Active Directory (AD) log-in? In this Ask-an-Expert written response, IANS Faculty Gunnar Peterson details the important characteristics to focus on when selecting a vendor in this area, particularly the ability to deliver strong authentication in multiple ways.

Read More »