Category: Insight IdM

The 4 Core Principles of Invisible Identity

The Cloud Identity Summit is underway here in New Orleans, and it’s off to a great start. The organizers have done a wonderful job again, and with so much great content, the hardest thing is choosing which of the many interesting talks to go to. My talk is already done (it’s oddly liberating to not

Identity at the Nexus of Security and Usability

If you’ve followed my last few blog posts, you may have noticed the topic of usability in security pop up quite a bit. I’ve said in the past that usability issues in security should be considered vulnerabilities, because they create attack vectors in the form of user errors, exploits and workarounds. The idea was captured

How Not To Enhance Your Customers Security

RSA Conference is a little too big to be manageable any more. But a quick glance at the companies showing up at the 2016 edition and at the session topics is always a good indicator of current trends. And so it is with a mix of interest and disappointment that I take in the (long)

The Real Lessons from the LastPass Breach

Didn’t think I’d be writing back-to-back posts regarding breaches, but that’s the world we live in now. And the LastPass breach is interesting on many levels. In warning users of the breach, LastPass disclosed that their investigation into the breach showed “that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were

Quick Thoughts regarding the Kaspersky Labs Intrusion

Kaspersky Labs has revealed this week that their corporate network was subject to a sophisticated cyber-intrusion that leveraged a new malware platform. Their investigation is ongoing, and they have found the malware to have been used against other victims as well. So while I am sure there are more details that they will reveal, I

Building the Self Defending Enterprise

Algorithms. Algorithms. Algorithms. If Steve Ballmer were still running the show at Microsoft, I’m pretty sure that would have been his chant at the next conference. The abundance of data being generated, collected and analyzed now is so vast that it has been a completely logical progression to move away from human analysis to algorithmic

2FA in Password Managers: Fair or Faux

It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I

My Relationship with Metadata: It’s Complicated!

Ever since the Snowden revelations broke, there has been a lot of interest in metadata, with a lot of ink (or should that be bytes?) devoted to defining exactly what it is, where it can be gathered from, who is capable (and how) of doing said gathering, and most importantly of all, if it is

What Ended Up On The Cutting Room Floor

If you managed to catch my talk at this years Cloud Identity Summit, either in-person or using the video recording I posted (and if you haven’t, what are you waiting for?), then you know that I relied on humor to engage my audience while presenting a serious vision of how IAM needs to evolve for the better. That