< ciso
brief />
Tag Banner

All news with #identity security tag

168 articles · page 9 of 9

AWS HealthImaging Adds OIDC for DICOMweb APIs Integration

🔐 AWS HealthImaging now supports OpenID Connect (OIDC) authentication for DICOMweb REST APIs, enabling OAuth 2.0–compatible identity providers to issue JWTs to authorize requests. You can integrate existing IdPs such as Amazon Cognito, Okta, or Auth0 to manage user accounts and access to DICOM resources. OIDC support is limited to DICOMweb REST API requests while native AWS IAM authentication remains available for all API calls and the feature is available in all regions where HealthImaging is generally available.
read more →

Microsoft Enforces MFA for Azure Portal Sign-ins Globally

🔐 Microsoft has completed a global rollout enforcing multifactor authentication (MFA) for Azure Portal sign-ins across 100% of tenants as of March 2025. The rollout follows an initial enforcement announcement in May 2024 and prior warnings to Entra global admins to enable MFA to avoid access disruptions. Microsoft says this step strengthens account defenses and will be followed by mandatory MFA for Azure CLI, PowerShell, SDKs, and APIs in October 2025. The company cites internal research showing MFA dramatically reduces account takeover risk.
read more →

Avoid Outdated IGA: Choose No-Code for Faster Governance

🔐 Many organizations face rising identity-driven attacks but traditional IGA deployments are slow, costly, and require extensive custom integrations. tenfold promotes a no-code IGA platform with a library of ready-made plugins and a visual configuration interface that dramatically shortens setup from months or years to weeks. The vendor says this reduces technical debt, lowers resource demands, and still allows custom code where necessary.
read more →

Falcon Next-Gen Identity Security Unifies Protection

🔒 CrowdStrike announced Falcon Next-Gen Identity Security, a unified solution to protect human, non-human, and AI agent identities across on-premises, cloud, and SaaS environments. It consolidates initial access prevention, modern secure privileged access, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection into a single sensor and management console. Delivered via the AI-native Falcon platform, the offering provides real-time visibility, dynamic access enforcement, and autonomous response to reduce identity-driven breaches and simplify hybrid identity security.
read more →

Connect with Security Leaders at Microsoft Ignite 2025

🔒 Microsoft Security invites CISOs, SecOps leads, identity architects, and cloud security engineers to Microsoft Ignite 2025 in San Francisco (Nov 17–21) and online (Nov 18–21) to explore secure AI adoption and modern SecOps. Register with RSVP code ATXTJ77W to access the half-day Microsoft Security Forum (Nov 17), hands-on labs, live demos, and one-on-one meetings with experts. Attendees can join networking events including the Secure the Night party, pursue onsite Microsoft Security certifications, and engage in roundtables focused on threat intelligence, regulatory insights, and protecting data, identities, and infrastructure.
read more →

Beyond IAM Access Keys: Modern AWS Authentication Approaches

🔐 This AWS Security Blog post explains why long-term IAM access keys introduce exposure and operational risk, and outlines practical, more secure alternatives. It recommends browser-based CloudShell for CLI access, IAM Identity Center (with AWS CLI v2 and MFA) and IDE integrations for developer workflows, and IAM roles for compute and CI/CD. The post also covers external access options, emphasizes temporary credentials, and urges the principle of least privilege.
read more →

Securing Cloud Identity Infrastructure Through Collaboration

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.
read more →

Sparkasse Partners with Google for EU Age Assurance

🔐 Google and Germany’s Sparkasse announced a wallet-based EU age assurance service that lets customers prove age online without sharing personal data. Using the Credential Manager API, Google Wallet and zero-knowledge cryptography, Sparkasse will issue trusted credentials across its network of 343 regional savings banks serving 50 million customers. Integration with Android and Chrome enables one-click age checks for apps and sites and will roll out in the coming months.
read more →