Peer-Driven Insights

Identity & Access Management (IAM)

About this topic

Identity and Access Management (IAM) is a security and business discipline that includes multiple technologies and business processes to help the right people or machines to access the right assets at the right time for the right reasons, while keeping unauthorized access and fraud at bay.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?

Active Ambassadors in This Topic

Rathik Pathak

JM Financial Services Ltd

Travel and Hospitality, 1k - 5k

India

View All Community Ambassadors

Community Posts

If these companies were affected then the foundation of computing could be at risk. If you could manipulate at the hardware layer via the firmware, BIOS, ect then a threat actor could weaponize well below the operating system which brings in to question the integrity of the entire computing stack and everything above it. The firmware and bios are like the rebar and concrete for a building. If that foundation is weak then the entire structure and anything dependent on it is at risk. We cannot underestimate the potential or the severity of these companies being potentially affected by the SolarWinds hack and what that means for the foundational computing hardware they provide to the world. What do others think ? How could this impact your organization ?

Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack - The Verge

Has anyone tweaked their PACS (physical access control system) to optimize for a hybrid office? Any best practices to share for assessment (e.g., forms) and implementation?

Read More Comments

dentist: so, are you flossing? me: are you using a unique password for every account? Jokes apart, how big of a problem is password management and support in your environment?

How do vendor security reviews influence technology purchases?

None, we don't perform vendor security reviews6%

Very little, our vendor reviews are mostly a box-checking exercises38%

Sometimes vendor security reviews delay purchases but they don't change outcomes29%

Vendor security reviews break ties between equal vendors14%

Vendor reviews make security a key buying criteria11%

View Results

What is the difference between EDR and XDR?

Read More Comments

Question about SSO and WordPress: Does anybody have experience with miniorange? They seem to have a bunch of interesting solutions. The first workflow I'm looking at is to use the user DB from one WP site on to a second one with a simple plugin, but they also have more advanced options like managing the full LDAP or syncing 3rd party apps. This could be interesting to link a download center with a LMS system swell as the internal Office365 users and clients using a Jira or confluence system. Other options would be Okta and Onelogin it seems. https://plugins.miniorange.com/single-sign-on-sso-between-two-wordpress-sites

How do you see the identity industry evolving, given that many people still use active directory?

Read More Comments

What password-alternative technology will eventually dominate?

Which IAM software is better?

SailPoint89%

Saviynt10%

Has your organization managed to implement zero trust access?

Read More Comments

In safeguarding human connections on all the collaboration and social channels used by your teams, would it be helpful to have a single point of visibility for consistent policy application and control?

Yes93%

No6%

What Microsoft security tools can displace third-party vendors? Which ones do you think can in the future?

Read More Comments

Do you still experience pushback on implementing robust password policies at your organization?

Read More Comments

About this topic

Featured One-Minute Insights

How are U.S. CISOs Addressing Liability Risk?

Active Ambassadors in This Topic

Rathik Pathak

Community Posts

Which vendor is the leader in IAM and what makes them stand out?

Anyone using hard tokens/hardware-based MFA? What's your experience?

What would you improve about your user access review process?

Has anyone tweaked their PACS (physical access control system) to optimize for a hybrid office? Any best practices to share for assessment (e.g., forms) and implementation?

dentist: so, are you flossing? me: are you using a unique password for every account? Jokes apart, how big of a problem is password management and support in your environment?

How do vendor security reviews influence technology purchases?

What is the difference between EDR and XDR?

How do you see the identity industry evolving, given that many people still use active directory?

What password-alternative technology will eventually dominate?

Which IAM software is better?

Has your organization managed to implement zero trust access?

In safeguarding human connections on all the collaboration and social channels used by your teams, would it be helpful to have a single point of visibility for consistent policy application and control?

What Microsoft security tools can displace third-party vendors? Which ones do you think can in the future?

Do you still experience pushback on implementing robust password policies at your organization?