Authentication & authorization News
March 17, 2017
Although minting authentication cookies is not widely understood, the Yahoo hacker indictments has brought it to the forefront and shown it can be very dangerous.
February 23, 2017
Google restructured its network security with the BeyondCorp program and wants to show other organizations how to move past firewalls.
January 27, 2017
In part two of his interview with SearchSecurity, SSH creator Tatu Ylonen explains why proper SSH key management is crucial and how attackers can use lost or exposed keys.
December 12, 2016
Executives from One Identity, which operates under Quest Software, discuss the company's renewed focus on the channel.
Authentication & authorization Get Started
Bring yourself up to speed with our introductory content
How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor. Continue Reading
If you would like to rely on a wearable as a source of identity verification, there are some key things to keep in mind. Continue Reading
Tailgating, sometimes referred to as piggybacking, is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise. Continue Reading
Evaluate Authentication & authorization Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it compares to AWS IAM. Continue Reading
The rush to embrace digital technologies can put organizations at extreme risk. Here are six foundations for creating an information-security strategy that will keep your data safe. Continue Reading
With all the new updates and features, Windows 10 can appear daunting. To simplify the transition, break down and tailor the permissions in Windows 10 to users' specific needs. Continue Reading
Manage Authentication & authorization
Learn to apply best practices and optimize your operations.
After enterprise identities are authenticated, an authorization management system should monitor how resources are being used. Expert Peter Sullivan explains how it can work. Continue Reading
Ever since the internet of things became a "thing," the potential for abuse has been well documented; how best to achieve security for IoT is not yet clear. This Insider Edition of Information Security magazine tackles that second issue head on.
In three feature stories, our experts examine the key aspects closely related to IoT security: device discovery, IoT identity and IoT security testing. It's basic to security that, to devise a proper security strategy, a security team must possess an accurate record of what exactly needs to be secured. The challenge when it comes to security for IoT is in cataloging, assessing and classifying devices that can number into the thousands and are often located outside an enterprise's physical boundaries. Certain industries, such as healthcare, are well into tackling this challenge. But increasingly more companies of all sizes will have to give the issue careful attention. Discovery involves identity issues, another focus of this edition, and once a security team has refined their IoT security policy, the next logical step is to implement a process of IoT security testing.
Readers of this Insider Edition will come away with a deeper understanding of how to approach security for IoT, from how to create a compilation of what needs to be secured to how to set up a successful security testing process. When it comes to internet of things security, the threat of breaches may never be fully eliminated, but the odds that enterprises will thwart attacks can be improved through proper policy and security systems.Continue Reading
To increase security and monitor user access to public cloud resources such as compute and APIs, admins can use federated identity and access management. Continue Reading
Problem Solve Authentication & authorization Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
A holistic risk management approach allows you to develop and deploy a critical, hyper-connected IoT infrastructure without compromising security. Continue Reading
From compliance to encryption, there are many boxes an organization needs check to ensure its public cloud is secure. Use this flow chart to kick start that critical process. Continue Reading
The amount of enterprise unstructured content is growing every year. Expert Sean Martin explains why IAM is an important component of unstructured data management and security. Continue Reading