All news with #iam tag

🔒 The contributor reframes AI agents as delegated identities rather than independent actors, arguing enterprises cannot safely govern agents without first governing the identities that delegate authority to them. It calls out pervasive "identity dark matter"—unmanaged human and machine credentials that create hidden permissions and execution paths which agents can amplify. The piece recommends sequencing remediation: first illuminate and reduce identity dark matter across humans, bots, and service accounts, then feed continuous telemetry into a real‑time delegation authority engine. Orchid's continuous observability model is presented as that live feed, enabling dynamic decisions to allow, recommend, constrain, or block agent actions based on delegator posture, intent, application context, and scope.

🔒 Amazon Quick now includes an ACL Permission Checker for knowledge bases with document-level ACLs, enabling administrators to verify whether a specific user can access a particular document without manually tracing permission inheritance. To use it, open a knowledge base with ACLs enabled, go to the Sync reports tab, choose View Access Details for any synced item, and enter the user's email in the Permission Checker to get an immediate result. The Access Details panel also lists all users and groups with access so administrators gain full visibility into applied permissions. The checker returns one of three outcomes: the user has access, the user does not have access, or no ACL was found for the document.

🛡️ Google has launched the Gemini Enterprise Agent Platform, a hub for managing agentic AI that assigns each agent a unique cryptographic ID to enable traceable, auditable actions and map to authorization policies. The platform centralizes agents, tools and skills in an Agent Registry and offers an Agent Gateway to enforce agent-to-agent and agent-to-tool policies, apply Model Armor protections, and support MCP and A2A protocols. New detection and security features include real-time Agent Anomaly Detection, an Agent Security dashboard integrated with Security Command Center, and specialized security agents for threat hunting, detection engineering and third-party context enrichment.

🔐 The UK’s National Cyber Security Centre (NCSC) now recommends passkeys as the preferred sign-in method for consumers, advising passwords only when passkeys are unavailable. This follows a year of collaboration with the FIDO Alliance, observed improvements across the passkey ecosystem and successful NHS deployments. The NCSC also urges businesses to adopt passkeys as the default and to use single sign-on (SSO) where possible, with additional business guidance expected.

🔐 Identity-centric systems have evolved from simple login mechanisms into the operational backbone of digital enterprises. By replacing the old network perimeter with a person- and device-centric model, modern identity frameworks enable fine-grained access control, real-time authorization and auditable accountability across cloud, mobile and distributed workforces. They also power customer personalization and fraud detection, helping teams move faster while reducing operational and security risk.

🔐 Amazon EKS now supports seven new IAM condition keys for cluster creation and configuration APIs, giving organizations finer-grained governance over cluster settings. Administrators can enforce private-only API endpoints, require customer-managed KMS keys for secret encryption, restrict approved Kubernetes versions, mandate deletion protection, set control plane scaling tiers, and enable zonal shift. The keys apply to CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig APIs and integrate with Service Control Policies for centralized multi-account enforcement. They are available in all Regions where EKS is offered at no additional charge.

🔐 Microsoft Deputy CISO Ilya Grebnov outlines practical steps to make opportunistic cyberattacks harder by design. He emphasizes credential elimination using managed identities and federated tokens, paired with endpoint reduction to move services off the public internet. The article further advocates platform engineering—paved paths, policy-as-code, and centralized core services—to enforce consistent secure defaults and reduce the attack surface at scale.

🔒 AWS has automatically upgraded all AWS Managed Microsoft AD directories to the Windows functional level 2016, effective Apr 20, 2026. The update delivers enhanced authentication and improved privileged access management and enables built-in LAPS to generate unique, complex local administrator passwords stored securely in Active Directory. The upgrade is applied in all Regions where the service is available, except Middle East (UAE) and Middle East (Bahrain). See the AWS Directory Service Administration Guide for details.

🔐 AWS introduced multi-session sign-in for Amazon Quick, allowing users to access up to five Quick accounts concurrently in the same browser. The update includes the account name in all URLs so agents, spaces, flows, reports, dashboards, and other assets open in the intended account. Users add accounts via the top-right menu or a pre-populated account input on global URLs, and can sign out per tab or from all sessions.

🔐 This live webinar explains why unmanaged non-human identities—service accounts, API tokens, AI agent connections, and OAuth grants—are now a primary vector for cloud breaches. You will learn a repeatable discovery process to surface every automated credential, a framework to right-size permissions, and how to implement an automated lifecycle policy so dead credentials are revoked. Attendees receive an Identity Cleanup Checklist to apply immediately.

🔒 The article argues that the ongoing debate over the CISO reporting line persists because many organizations still view cybersecurity as a technical issue rather than a strategic leadership concern. It emphasizes that reporting relationships matter for access, authority and influence, but they are not a panacea. Effective security depends on governance, trust between the CISO and their boss, and the ability to operate across IT, legal, HR, procurement and business units. The piece rejects a universal model and urges focus on cross‑functional authority and leadership.

🔒 Curity announced Access Intelligence, an extension to its Identity Server IAM platform designed to secure rapidly proliferating autonomous AI agents. Rather than rely on static, pre-granted permissions, the company uses Token Intelligence to embed an agent's declared purpose and intent in OAuth tokens and issues short-lived, action-specific tokens at runtime. The system can require human approval for high-risk tasks, is deployed as a self-hosted microservice, and centralizes token validation to isolate unregistered or shadow agents.

🔒 This post explains how AI agents and coding assistants access AWS resources via the Model Context Protocol (MCP) and why deterministic IAM controls are required. It outlines three security principles—assume all granted permissions could be used, enforce role governance, and differentiate AI-driven from human-initiated actions—and maps them to deployment patterns. It contrasts AWS-managed MCP servers (which inject context keys) with self-managed servers (which require session tags), and provides practical IAM policy examples, monitoring guidance, and operational controls.

🔐 Microsoft has introduced a temporary fast-track to reinstate accounts suspended from the Windows Hardware Program after developers reported being locked out without prior notice. The process asks affected partners to open a support case, provide a clear business justification, and resolve outstanding compliance requirements before full access is restored. Microsoft also provided guidance on correct sign-in and alternative support contacts to address workflow issues.

🔒 The new Aurora DSQL Connector for PHP (PDO_PGSQL) simplifies building PHP applications on Aurora DSQL by automating IAM token generation, SSL configuration, and connection pooling. It removes the need for static user-managed passwords while maintaining full compatibility with existing PDO_PGSQL features. The connector also offers opt-in optimistic concurrency control (OCC) retries with exponential backoff and supports custom IAM credential providers and AWS profiles to streamline credential management and client retry logic.

🔒 AWS Private Certificate Authority now supports customer managed permissions in AWS Resource Access Manager (AWS RAM), enabling administrators to grant only the specific API operations each consuming account needs. You can choose from granular read operations (for example, DescribeCertificateAuthority, GetCertificate, GetCertificateAuthorityCertificate) and write operations (for example, IssueCertificate, RevokeCertificate). Cross-account issuers are no longer limited to a single certificate template. The feature is available in all Regions where Private CA and RAM are offered.

🔍 Orchid Security warns that modern IAM estates harbor extensive "identity dark matter," with roughly 46% of identity activity operating outside centralized visibility. The article positions Gartner's Identity Visibility and Intelligence Platform (IVIP) as a necessary observability layer that unifies telemetry from managed and unmanaged systems, applies AI to infer intent and risky behavior, and enables automated remediation to reduce exposure.

🛡️ The Hacker News highlights that while headline breaches attract investment, recurring credential incidents—account lockouts, reused or exposed passwords, and frequent resets—impose persistent operational costs. Forrester estimates resets can account for up to 30% of helpdesk tickets, at roughly $70 each, and IBM’s 2025 report cites a $4.4M average breach cost. Poorly designed password policies and mandatory periodic resets often make the problem worse by prompting insecure user behavior. Practical measures include user-friendly, robust policies, breached-password screening, and shifting away from arbitrary expiration windows; vendors such as Specops Password Policy are presented as tools that detect exposed credentials and reduce incident volume.

🔒 Cloudflare has introduced Organizations in public beta to help enterprise customers manage multiple Cloudflare Accounts centrally. The feature creates an organization layer for account grouping, introduces an Org Super Administrator role, and provides aggregated analytics and shared policy sets. Initial rollout targets enterprise plans with staged expansion to other customers and partners. There is no additional fee for Organizations during beta.

🔑 AWS has added support for policy store aliases along with named policies and policy templates in Amazon Verified Permissions. Developers can now assign human-readable aliases to tenant policy stores and reference policies by meaningful names instead of system-generated IDs. This removes the need for separate mapping tables and simplifies multi-tenant deployments and everyday policy management. These capabilities are available in all Regions where the service operates.