Essential Guide

Get started Bring yourself up to speed with our introductory content.

How to deal with Identity and access management systems

Identity and access management systems keeps getting more complex, what with cloud and mobile devices complicating the network security picture. This guide offers concrete advice on how to stay on top of the IAM environment in your enterprise.


Disruptive technologies of the past several years, including cloud, mobile apps and the internet of things, makes it tougher than ever for infosec pros to ensure efficient and effective use of their company's identity and access management system. This guide covers the fundamentals of IAM systems and IAM-associated issues, including the business concept and technology. It delves into how mobility affects an IAM system and also covers issues like password policy and management, Azure AD and provisioning tools for the enterprise user. It also delves into the now critical issue of privilege creep -- how to recognize it and remedies to stop it. This guide will help infosec pros implement and oversee their identity and access management system.


Basic essentials of IAM systems

IAM is nothing new but it certainly is changing, just as the network too is changing. While always intended to keep the network secure by building controls around who can access it, now a company's identity and access management sytem must also adapt to so many new tech advances, from the cloud to employee-owned devices, not to mention ever-changing, always-complex compliance requirements. In this section, you'll gain a better understanding of the general concept of IAM, and how IAM systems are adapting to technological advances.


Why enterprise cloud IAM policies need to be stronger

A cloud IAM policy is crucial to protecting an organization from external and internal threats. Expert Rob Shapland discusses how to bolster cloud IAM. Continue Reading


When your IAM policy encounters the internet of things

Aging identity and access management tools, and technical innovations like the internet of things, make it imperative that you update your enterprise IAM policy now. Here's how. Continue Reading


The cloud IAM market evolves to meet old and new IT challenges

Single sign-on continues to be the main driver for cloud identity and access management systems, but BYOD and shadow IT bring new challenges for these tools to solve. Continue Reading


Set up an identity and access management system for public cloud

To increase security and monitor user access to public cloud resources such as compute and APIs, admins can use federated identity and access management. Continue Reading


Update your IAM strategy for integration with new technology

Revise your enterprise's IAM strategy for better integration with emerging technologies, such as cloud services and software-defined everything. Expert Johna Till Johnson explains. Continue Reading


Password management and policy in IAM systems

Passwords are central to securing the network and, therefore, password management is central to any identity and access management system. This section examines the password management tools available, how best to use them and what to avoid.


Major password breaches: How can enterprises manage user risk?

With the large number of password breaches happening, enterprises should look into new methods of protecting their resources. Expert Nick Lewis explains how to reduce user risk. Continue Reading


Security Think Tank: Password management tops list of access control issues

In the modern business environment, what are the most common access control mistakes and how best are these corrected? Continue Reading


The problem with passwords: how to make it easier for employees to stay secure

An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading


FIDO authentication standard could signal the passing of passwords

The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies. Continue Reading


What new NIST password recommendations should enterprises adopt?

NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note. Continue Reading


How are weak passwords banned with Microsoft's Smart Password Lockout?

Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and if it will be beneficial. Continue Reading


If only security experts could persuade us to change passwords

The inability for most users to grasp the importance of the password is something that Nick Booth thinks needs to be better addressed Continue Reading


Privileged users, privilege creep and tools that can manage them

Edward Snowden, the NSA employee who stole and released thousands of sensitive documents, undertook a security breach that succeeded in making enterprises more aware of the threat of "inside" attacks on their system security. But has awareness led to action? In this section learn about the issue of insider attacks, the danger of so-called privilege creep and ways to manage such security hazards in general and via an IAM system.


Preventing privilege creep: How to keep access and roles aligned

Privilege creep can result in the abuse of user access and security incidents. Expert Michael Cobb explains how enterprises can keep user roles and privileges aligned. Continue Reading


The cyber threats lurking within every company

Insider threats have been around for a long time, but it is only recently that people have begun to acknowledge the true danger they pose Continue Reading


How can privileged access accounts be managed in large companies?

Network administrators typically resist policies for separate accounts when performing different tasks. Expert Michael Cobb explains the risk of privileged access. Continue Reading


How to handle privileged user management in the cloud

Privileged user management is important for enterprises operating on the cloud. Expert Dave Shackleford discusses some best practices to help secure cloud access control. Continue Reading


Handling mobile in an identity and access management system

Once employee-owned mobile devices hit the enterprise, and BYOD became the norm, IAM got a whole lot more complicated. In this section, learn how to secure identity and access even in a large enterprise where employees bring in multiple personal devices each day. Mobility has changed just about everything in the information security world, including the challenges a corporate identity and access management system must face.


Active Directory management gets easier with mobile apps for IT admins

Software vendors are increasingly offering admin-facing mobile apps, allowing IT to use their mobile devices to remotely manage users. Take ADManager Plus for Active Directory management, for example. Continue Reading


Mobile identity management and authentication FAQ

ID management and authentication help IT answer the burning questions of who is accessing the company network, when, where and on what device. Continue Reading


Discover the advancements and risks of mobile biometrics

As mobile biometrics technology becomes increasingly common, it is important for IT to know how to support this kind of authentication and the security vulnerabilities it may still bring. Continue Reading


How to balance access needs and mobile data security concerns

Mobile workers need to access corporate data, but giving them open access is often easier said than done. Businesses must balance users' wants with mobile data security concerns. Continue Reading


Make mobile data access and security top priorities

Information is king for today's workers, but it isn't always as easy as it should be to access mobile data. Businesses must also consider mobile data security. Continue Reading


Where AD and Azure AD fit into any IAM system

Active Directory (AD) is a key aspect of any identity and access management system today. A directory holds user account information and AD is Microsoft's trademarked system to, among other things, authenticate and authorize users and computers by checking submitted passwords and determining whether the person signing on is a regular user or an administrator. With the huge increase in dependence on cloud, companies have needed a cloud-based AD. Azure Active Directory (Azure AD) is Microsoft's multi-tenant directory based in cloud that manages identity services. This section of our guide looks in depth at both AD and Azure AD, reviewing recent developments and methods of making these vital services, and related ones, more secure.


How does privileged identity management work in Azure Active Directory?

Organizations that assign privileged access to certain users can lose track of who has access to what. Privileged user monitoring ensures users comply with corporate policies. Continue Reading


When to use AWS IAM roles vs. users or groups

We have restrictions imposed on in-house IT staff with AWS Identity and Access Management. How do IAM roles protect access to services, applications and end users? Continue Reading


How do AWS IAM permissions manage resource access?

We use AWS Identity and Access Management for cloud security, but aren't sure how roles, permissions and policies differ in a cloud security strategy. How do they protect resources? Continue Reading


'Federated' identity and access management tools

Federated identity management has clear security advantages. Learn ways to use Microsoft's AD FS and AWS AD Connector as identity and access management tools in the cloud. Continue Reading


Active Directory cleanup trims database bloat

Administrators can avoid unnecessary risks and potential performance issues by removing unneeded and outdated objects from Active Directory. Continue Reading


Watch as experts delve into current IAM issues

Watch these videos for expert insights into the issues affecting identity and access management systems today.


Expanding the IAM infrastructure to meet emerging challenges

Your IAM infrastructure should cut through the 'access excess' that is plaguing most companies. Learn how to overcome the challenges posed by migration to cloud and mobility.


Privileged user access: Managing and monitoring accounts

Maintaining the security principle of least privilege can prevent abuse of privileged user accounts. Learn about the best practices for monitoring privileged access.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.