< ciso
brief />
Tag Banner

All news with #iam tag

196 articles · page 7 of 10

Identity Dark Matter: Unseen Risks in Modern IAM Infra

🔍 Identity has fragmented across SaaS, on‑prem, IaaS, PaaS and unmanaged apps, creating an invisible mass of ungoverned accounts and non‑human identities the author calls identity dark matter. Traditional IAM and IGA address only the nearly managed half of this universe, while APIs, bots, service accounts and agent‑AI remain unobserved and ungoverned. Orchid Security recommends shifting from configuration‑based controls to Identity Observability: collect telemetry from every application, unify audit trails, and extend governance across managed, unmanaged, and agent‑AI identities to achieve measurable visibility and faster response.
read more →

Why Passwordless Deployments Fail in Complex Enterprises

🔒 Many enterprise CISOs continue to struggle to abandon passwords despite decades of effort and mounting security risks. RSA’s ID IQ Report 2026, based on a survey of 2,000 security professionals, finds that 90% of respondents report problems with passwordless deployments. Technical complexity across hybrid environments, legacy systems, OT/IoT devices, and inconsistent platform support creates gaps that often force organizations to retain insecure fallbacks. Experts recommend sequencing rollouts to secure privileged users first, using reverse proxies or VPN-enforced SSO for legacy apps, and ensuring end-to-end phishing-resistant enrollment and recovery.
read more →

Implementing NIS2 Without Creating Excessive Paperwork

🛡️ Companies facing NIS2 risk turning compliance into a voluminous paperwork exercise unless security is embedded in the technical stack from the outset. The piece argues that documentation alone does not equal protection and advocates for automating controls and evidence via infrastructure as code, CI/CD pipelines, and policy-as-code. Practical focus areas include IAM, vulnerability and supply-chain management, and monitoring and incident response, where automation both reduces burden and improves auditability.
read more →

NIST and CISA Draft Guidance to Protect Identity Tokens

🛡️ NIST and CISA released the initial draft of Interagency Report (IR) 8597, offering implementation guidance to protect identity tokens and assertions from forgery, theft, and misuse. The draft, open for public comment through January 30, 2026, targets federal agencies and cloud service providers. It reviews controls for IAM systems that rely on digitally signed tokens and calls on CSPs to adopt Secure by Design principles while prioritizing transparency, configurability, and interoperability. The report also urges agencies to understand CSP architectures and deployment models to align protections with their risk and threat environment.
read more →

Protecting Against Forgotten IT Assets and Risks Today

🔒 Organizations regularly leave servers, accounts, APIs, applications, and storage unmanaged or forgotten, creating high‑risk “IT zombies” that attackers exploit. The post outlines detection approaches — Automated Discovery and Reconciliation (AD&R), CMDB reconciliation, directory analysis, WAF/NGFW monitoring and SCA — and prescribes concrete responses for decommissioning, credential rotation, and data lifecycle control. Implementing IAM, SBOMs, DLP/CASB and automated test‑environment lifecycles reduces exposure and helps meet regulatory obligations.
read more →

AWS cost allocation using workforce user attributes

📊 AWS now supports cost allocation using workforce user attributes imported into IAM Identity Center. Customers can enable attributes such as cost center, division, organization, and department as cost allocation tags to automatically attribute per-user subscription and on-demand application fees to internal business units. Costs are visible in AWS Cost Explorer and AWS CUR 2.0 and the capability is generally available in all Regions except GovCloud (US) and China (Beijing and Ningxia).
read more →

2026 Cybersecurity Forecast: AI, Agentic Defense, IAM

🔒 The Cybersecurity Forecast for 2026 highlights how agentic security automation and widespread AI will reshape defenses, shifting SOCs from monitoring to automated action. It calls for building workforce AI fluency, evolving IAM to treat agents as managed identities, and deploying model-protection measures alongside tamper-proof backups. Boards will increasingly demand operational resilience, quantified exposure, and mature AI governance.
read more →

Simplifying Enterprise Cybersecurity Through Identity

🔐 Organizations face rising complexity as AI and sprawling systems make policy and compliance management touch every application. Deloitte has helped industrial and financial customers by linking named users to accounts, surfacing privileged and unvaulted accounts, and automating contact and remediation to reduce manual work. That improved SOC telemetry and cut time mapping incidents to MITRE ATT&CK. Meanwhile, apexanalytix uses Azure Active Directory and conditional access to detect risky sign-ins, impossible travel, and enforce geographic boundaries.
read more →

Amazon Cognito Identity Pools Support AWS PrivateLink

🔒Amazon Cognito identity pools now support AWS PrivateLink, enabling private connectivity between your VPC and Cognito to exchange federated identities for temporary AWS credentials. This removes the need to route authentication traffic over the public internet and reduces exposure of auth flows. PrivateLink endpoints are available in all Regions where Cognito identity pools operate except AWS China (Beijing) and AWS GovCloud (US); standard PrivateLink charges apply.
read more →

Securing RPA: Integrating Non‑Human Identities into IAM

🤖 Robotic Process Automation (RPA) bots are rapidly becoming first‑class Non‑Human Identities (NHIs) that streamline provisioning, deprovisioning and credential handling while reducing human error. Left unmanaged, bot identities and embedded secrets expand the attack surface and enable privilege misuse or lateral movement. Organizations should treat bots like human users — using secrets managers, PAM, JIT access and unified IAM with Zero Trust controls to preserve least‑privilege and maintain auditability.
read more →

IAM Policy Autopilot: Open-source IAM Policy Generator

🔧 IAM Policy Autopilot is an open-source static analysis tool that generates baseline AWS IAM identity-based policies by analyzing application code locally. Available as a CLI and an MCP server, it integrates with MCP-compatible AI coding assistants to produce syntactically correct, dependency-aware policies and to troubleshoot Access Denied errors. The tool favors functionality during initial deployments and recommends reviewing and tightening generated policies to meet least-privilege principles as applications mature.
read more →

Strengthening OT Security with Robust Password Policies

🔒 Operational technology (OT) environments underpin critical infrastructure but frequently lag behind IT in cybersecurity maturity. Strong password policies mitigate risks from outdated hardware, shared accounts, remote vendor access, and credential reuse. Core measures include prioritizing password length, enforcing rotation with reuse prevention, and adopting password vaults. Combined with MFA, network segmentation and Privileged Access Workstations, these practices form a resilient OT security posture.
read more →

Phishing, Privileges and Passwords: Identity Risk Guide

🔒Identity-focused attacks are driving major breaches across industries, with recent vishing incidents at M&S and Co-op enabling ransomware intrusions and combined losses exceeding £500 million. Attackers harvest credentials via infostealers, targeted phishing/smishing/vishing, breached password stores and automated attacks like credential stuffing. Implement least privilege, strong unique passwords in managers, MFA (authenticator apps or passkeys), PAM and automated identity lifecycle controls to limit blast radius.
read more →

Amazon Bedrock AgentCore Adds Policy and Evaluations

🛡️ Amazon Web Services' AgentCore introduces preview features — Policy and Evaluations — to help teams scale agents from prototypes into production. Policy intercepts real-time tool calls via AgentCore Gateway and converts natural-language rules into Cedar for auditability and compliance without custom code. Evaluations offers 13 built-in evaluators plus custom model-based scoring, with all quality metrics surfaced in an Amazon CloudWatch dashboard to simplify continuous testing and monitoring.
read more →

The CISO’s Paradox: Enabling Innovation While Managing Risk

🔒 Security leaders must shift from gatekeeper to partner, embedding practical risk controls early in product lifecycles so teams can deliver fast without exposing the business. By defining business-language risk tolerances, standardizing identity and logging, and automating guardrails in CI/CD and infrastructure-as-code, governance becomes an accelerator rather than a bottleneck. Pre-vetted, secure-by-default templates, runtime shielding and risk-based telemetry make the secure path easier for developers while preserving production resilience.
read more →

12 Signs the CISO-CIO Relationship Is Broken: Causes & Fixes

🔒 Gartner and industry advisors outline a dozen signs that the CISO–CIO relationship is strained, from overridden recommendations and withheld information to board messaging conflicts and late security involvement in IT initiatives. These dysfunctions lead to misaligned priorities, duplicated technology purchases, and increased security gaps. The piece highlights contributing factors such as competing incentives and differing metrics, and prescribes practical fixes like regular one-on-ones, clarified responsibilities, alignment on enterprise risk and strategy, and a business-enablement approach that offers trade-offs and multiple solutions.
read more →

Amazon Connect adds granular access controls for evaluations

🔐 Amazon Connect now offers granular access controls for performance evaluation forms, enabling administrators to restrict who can view, modify, or use specific evaluation templates. Managers can be granted template-specific edit or use permissions aligned to business lines or functions, while agents and managers can be prevented from viewing particular completed evaluations. This reduces the risk of unauthorized access and simplifies form selection during evaluations.
read more →

Passwork 7: Self-hosted Password and Secrets Manager

🔐 Passwork 7 is a self-hosted password and secrets manager designed for enterprise teams, combining a user-facing password vault with a programmatic secrets management system. It introduces a flexible vault architecture (user, company, and custom vault types), granular RBAC, secure internal and external sharing, and comprehensive audit trails. The platform supports SSO/LDAP, an API-first model with a Python connector, CLI and Docker deployment, and a zero-knowledge encryption mode to keep data encrypted client-side. Passwork 7 targets organizations seeking unified human and machine credential governance with self-hosting and compliance controls.
read more →

Year-End Cybersecurity Spend: Focus on Measurable Risk

🔒 As year-end budgets close, organizations should prioritize security purchases that reduce real business risk and produce measurable outcomes. Skip vendor wish lists; focus on strengthening identity controls — expanding MFA, tightening privileged access, and auditing Active Directory — and on short, outcome-based engagements such as attack-surface reviews, tabletop exercises, and purple-team testing. Consolidate redundant tools, pre-buy continuity capacity, and document KPIs to justify future funding.
read more →

Enterprise Password and Secrets Management — Passwork 7

🔐 Passwork 7 consolidates enterprise password and secrets management into a single, self-hosted platform supporting both human and machine credentials. The release improves credential organization with new vault types, expands RBAC and group-based permissions, and enhances audit trails and notifications. It also provides a REST API, Python connector, CLI, and Docker image for automation, plus zero-knowledge encryption and SSO/LDAP integration to help meet compliance needs.
read more →