SecureAuth and special guest Forrester Research discuss the trends and strategies that will help you boost security and protect your organization from access threats. In this session, you will hear from Forrester’s Andras Cser as he shares the top 5 information security and access control trends to watch for in 2016 and how they will impact your organization. Additionally, Keith Graham, CTO from SecureAuth, will present effective strategies to stay ahead of these trends and protect against advanced cyber attacks with adaptive authentication.

The post 5 Security and Access Control Predictions from Forrester and SecureAuth appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

When you’re just getting started with your Identity and Access Management (IAM) initiative, the world of Identity management can seem like a frightening,  complicated, and downright confusing place.

First you’ve got to sort through the acronyms—IAM, IdM, FidM, IDaaS, and the list goes on—it can be overwhelming. Then you’ve got to get to the nitty gritty of figuring out which IAM or IDaaS solution is correct for your organization, all the while wading through a sea of vendor-created info designed to sway you towards one solution or another.

This presentation, Identity and Access Management 101 by Jerod Brennen gives a frank and focused “crash course” on Identity and Access Management. Brennen breaks down the “alphabet soup” that makes IAM so confusing, gives straightforward definitions for several top terms, and lays out best practices for those pursuing an IAM reading. Recommended reading for IT pros looking to quickly familiarize themselves with Identity Management.

Interested in learning more about Info Security? Check out these additional resources: 

The post Crash Course: Identity and Access Management 101 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Join “Cloud Security for Dummies” authors Ravi Ithal and Krishna Narayanaswamy, along with Patrick Harding, CTO from Ping Identity for this special “Identity Edition” of the Cloud Security for Dummies webinar series.

In this panel-style discussion, the experts compare notes, debate approaches, and share stories from the cloud security and identity and access management front lines. IT security professionals will walk away with best practices on:

– Finding and assessing risk of all cloud apps running in your enterprise
– Onboarding new apps and bringing them into the secure Single Sign On fold
– Using identity to enable access and enforce usage and content policies
– Dealing with security issues such as poor reputation users and compromised accounts
– Communicating and coaching users

The post Cloud Security for Dummies: Identity Edition appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

SCIM (System for cross-domain identity management) is an open standard that simplifies user provisioning by defining a set of REST APIs to create, update, delete users, and assign/unassign them to roles. In this session you’ll learn how you can use SCIM to provision users from your on-premises directory to the cloud, and vice-versa; and see this in action with the Salesforce platform.

The post Provisioning IDaaS: Using SCIM to Enable Cloud Identity appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Identity is the new Enterprise security perimeter. It’s one of the hottest, most important areas in information security today, and it’s also one of the fastest going business segments in IT—but it can also be one of the most confusing.

As technology improves, the volume of terminology around it increases—there’s a seemingly endless torrent of new terminology surrounding Identity Management, and the acronyms just keep piling up—IAM, IDM, PIM, PAM, SIEM, RBAC, SSO,—the list goes on and on. Worst of all, if can be difficult to find an explanation that doesn’t reference another half dozen ciphered terms.

If you are an executive or IT leader challenged with understanding the complex world of identity management, you are not alone.

Luckily, the good folks at OneLogin have  created a presentation that helps explain  some key identity concepts with examples.

OneLogin’s presentation covers:

• Trends in cloud, and the standards to support them
• State of Identity, Digital Trust, Authentication and Access
• Directory Services and Federation
• SSO (Desktop SSO, Web SSO, and Mobile SSO)
• Automating Onboarding Practices, Provisioning and Deprovisioning

This is one of the best basic explanations of Identity Management on the net, so sit back and enjoy this 28-slide presentation, and check out the full on-demand webinar here.

Also, if you need any more explaining check out our Identity Management glossary and our 2016 IAM Buyer’s Guide. 

The post Identity Access Management 101, A Presentation appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

In 2016, there’s little doubt left that the cloud is the way forward for enterprise IT, and yet, cloud solutions are often used in manners that are shockingly insecure.

With 30% of the global public cloud computing market share, e-Retail giant Amazon.com’s cloud computing branch, Amazon Web Services, is the most dominant cloud service provider on the planet, and as such their services are likely an integral part of may of your IT toolboxes. So how can you manage identity and federate access in your AWS cloud?

In this in-depth, 57-slide slide presentation from AWS Public Sector Summit ’16, you’ll get a detailed breakdown of AWS’ built-in identity management and federation capabilities, straight from the horses mouth as AWS employees survey AWS’ IAM capabilities and show how they integrate with existing identity systems.

The post Understanding Identity Management in Amazon Web Services appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

It’s been proven time and time again: unmanaged, unmonitored privileged accounts are an easy target for both external attacks and malicious insiders— just take a look at some recent data breaches and chances are high the malicious party used a compromised privileged account to increase their permissions.

Due to this common practice Privileged Access Management (PAM)— the monitoring and protection of super user accounts— has emerged as one of the most important aspects of Identity and Access Management (IAM) , and cyber security writ large, today.
But in an organization with thousands of IT assets, it can be difficult to securely manage access to privileged accounts for several reasons:

• There are thousands of privileged passwords.
• Administrator passwords exist on each device and application.
• It is difficult to coordinate changes to shared passwords.

When there are many shared, static passwords, former IT staff retain sensitive access after leaving an organization. It can also be difficult to trace changes back to individuals who made them.

In this hour-long webinar from Hitachi ID, experts discuss best practices for privileged access management to remediate these problems.

Top 8 IAM Challenges for SaaS Apps

IAM Vendor Fact Book

The post Video: Best Practices for Securing Privileged Access appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

This probably sounds familiar: “Access Management technology is unable to handle modern networks.” The idea is nothing new, but it’s been getting a lot of airtime, as data breach after data breach result from clumsy workplace access management. Now, many are saying that even Role-based Access Control (RBAC) isn’t enough to account for the countless devices, environments, and circumstances of the modern workplace. According to some critics, the answer to these problems is Contextual Access Management. But what exactly does that mean?

In this brief video, clocking in at just over two minutes, experts from Nova Coast, a security and compliance services company, explain what contextual access management is, and how it can be used to alleviate the growing pains of Identity Management in the modern workplace.

Want more on Access Managment? Check out these resources:

Top 8 IAM Challenges for SaaS Apps

IAM Vendor Fact Book

The post Contextual Access Management Explained in 2 Minutes appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

The Information System Security Professional Certification is a vendor-neutral independent certification, offered by the International Information System Security Certification Consortium (ISC2). A CISSP is a security professional who has attained that certification.

In this 90 minutes CISSP certification training video from Simplilearn, you’ll learn all the basics of Identity and Access Management, such as:

• The Importance of Identity and Access Management in Information Security.
  How to control physical and logical access to assets.
  How to manage identification and authentication of people and devices.
  How to implement and manage authorization mechanisms.
  How to prevent or mitigate access control attacks.

The post Watch: CISSP Training for Identity and Access Management appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

The idea of using passphrases for storing stronger secrets has been around since at least 1982, yet little work has been done to improve the usability of this method. Diceware, the de facto method and passphrase wordlist, contains wonderfully easy to remember words such as “aeneid”, “zh”, and “$$” (Let’s not get started on “h”, “hh”, “hhh” and “hhhh”). Moreover, extended language support for Diceware is often based on translations of the original wordlist, which contains numerous Americanisms such as “howdy”, “hubbub”, and “Boise”.

In this talk, Peerio CTO Florencia Herra-Vega and Project Manager Skylar Nagao discuss the problems facing passphrases in the present, and propose alternative approaches to passphrase wordlist generation.

The post Passphrases for Humans: A Presentation from BSidesLV 2016 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Do you know where identities are born? How can you tell what an identity can and can’t do? What do you do when you realize your refrigerator has an identity of its own? If your IPS blocks your refrigerator you may lose access to your pizza. Identity and Access Management is what connects the identities, accounts, entitlements, roles, permissions, and resources to provide correct access control. All areas of security are dependent on IAM and need to understand how to take advantage of it. This talk will explore the IAM lifecycle showing how to protect it and wreck it along the way.

If your IPS blocks your refrigerator you may lose access to your pizza.

Identity and Access Management is what connects the identities, accounts, entitlements, roles, permissions, and resources to provide correct access control. All areas of security are dependent on IAM and need to understand how to take advantage of it. This hour-long presentation will explore the IAM lifecycle, showing how to protect it (and wreck it) along the way.

The post IAM Complicated: Why You Need to Know About Identity and Access Management, BSides Nashville appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

2015 was the milestone year companies started realizing that IT security is no longer a suggestion, but mandatory to stay in business. All of the SIEM tools, antivirus, firewalls, IDS, man traps, video cameras, and policies won?t protect you from your biggest vulnerability – your employees. Anti-phishing education can be fun, and you can do it too with a little know-how and a cheap server. This is a technical discussion on how to be the bad guy for a minute to demonstrate how real the threat of social engineering is. This is one step toward educating your organization in security awareness, and it can be fun, engaging, and competitive for the end users. Phish your own employees before someone else does and everyone learns a lesson the hard way.

All slides are available in full resolution here, and you can watch the full 45-minute presentation below.

The post Phish your Employees for Fun! A Presentation from GrrCon 2016 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Passwords are horrible for security. Over the past 20 years we’ve bolstered the password with other factors, the most common being a one time password (OTP, TOTP, HOTP) that is either generated on a physical device the user holds, in a smartphone app or most commonly sent via SMS. Using SMS for authentication is not secure. We’ve known this for years, but recently we’ve been reminded of this with problems with Google and Apple SMS security.

SMS is important to ensure we have a backup way of allowing people to login to systems, but it should always be a last resort. So what’s the first resort? Second factors to the password need a different communications channel to the one a user is authenticating to. SMS is not secure, but push notification methods are. It is possible to initiate a communication channel via Apple, Google and Microsoft mobile notification networks. At the end of these push notifications is a secured app that in turn securely communicates with the 2FA back end. Not only is this method more secure, it’s actually a far improved user experience that can be extended beyond the login to secure in application transactions.

This presentation will go over the limitations of traditional two-factor methods and introduce the improved approach using a push notification channel to achieve the same goal, i.e. authenticate a user identity by validating the initiating request comes from a person who has something in their possession which is trusted.

The post Why Using SMS in Your Authentication Chain is Risky, AppSec 2016 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

SCIM (System for cross-domain identity management) is an open standard that simplifies user provisioning by defining a set of REST APIs to create, update, delete users, and assign/unassign them to roles. In this session you’ll learn how you can use SCIM to provision users from your on-premises directory to the cloud, and vice-versa; and see this in action with the Salesforce platform.

The post Provisioning IDaaS: Using SCIM to Enable Cloud Identity appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Many websites allow users to log in with their Facebook or Google account. This web-based single sign-on (SSO), as it’s called, mostly uses the standard protocols such as OAuth and OpenID Connect, but how secure are these protocols? And what can go wrong?

In this 64-minute presentation from the 33rd Chaos Communication Congress (33c3),  an annual conference organized by the Chaos Computer Club in Hamburg, DE, speaker Guido Schmitz breaks down the disadvantages of OAuth and OpenID Connect and demonstrates what can go wrong with them.

Schmitz will also examine Mozilla’s proposed authentication protocol, BrowserID (a.k.a. Persona), and discuss whether their proposition really solved the privacy issue, the lessons learned and what we can do better.

The post On the Security and Privacy of Modern Web SSO, Presentation from 33c3 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

When you’re just getting started with your Identity and Access Management (IAM) initiative, the world of Identity management can seem like a frightening,  complicated, and downright confusing place.

First you’ve got to sort through the acronyms—IAM, IdM, FidM, IDaaS, and the list goes on—it can be overwhelming. Then you’ve got to get to the nitty gritty of figuring out which IAM or IDaaS solution is correct for your organization, all the while wading through a sea of vendor-created info designed to sway you towards one solution or another.

This presentation, Identity and Access Management 101 by Jerod Brennen gives a frank and focused “crash course” on Identity and Access Management. Brennen breaks down the “alphabet soup” that makes IAM so confusing, gives straightforward definitions for several top terms, and lays out best practices for those pursuing an IAM reading. Recommended reading for IT pros looking to quickly familiarize themselves with Identity Management.

And watch this for the 10 Best Resources for Evaluating IAM solutions:

The post Crash Course: Identity and Access Management 101 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Do you know where identities are born? How can you tell what an identity can and can’t do? What do you do when you realize your refrigerator has an identity of its own? If your IPS blocks your refrigerator you may lose access to your pizza. Identity and Access Management is what connects the identities, accounts, entitlements, roles, permissions, and resources to provide correct access control. All areas of security are dependent on IAM and need to understand how to take advantage of it. This talk will explore the IAM lifecycle showing how to protect it and wreck it along the way.

If your IPS blocks your refrigerator you may lose access to your pizza.

Identity and Access Management is what connects the identities, accounts, entitlements, roles, permissions, and resources to provide correct access control. All areas of security are dependent on IAM and need to understand how to take advantage of it. This hour-long presentation will explore the IAM lifecycle, showing how to protect it (and wreck it) along the way.

The post IAM Complicated: Why You Need to Know About Identity and Access Management, BSides Nashville appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

2015 was the milestone year companies started realizing that IT security is no longer a suggestion, but mandatory to stay in business. All of the SIEM tools, antivirus, firewalls, IDS, man traps, video cameras, and policies won?t protect you from your biggest vulnerability – your employees. Anti-phishing education can be fun, and you can do it too with a little know-how and a cheap server. This is a technical discussion on how to be the bad guy for a minute to demonstrate how real the threat of social engineering is. This is one step toward educating your organization in security awareness, and it can be fun, engaging, and competitive for the end users. Phish your own employees before someone else does and everyone learns a lesson the hard way.

All slides are available in full resolution here, and you can watch the full 45-minute presentation below.

The post Phish your Employees for Fun! A Presentation from GrrCon 2016 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

Passwords are horrible for security. Over the past 20 years we’ve bolstered the password with other factors, the most common being a one time password (OTP, TOTP, HOTP) that is either generated on a physical device the user holds, in a smartphone app or most commonly sent via SMS. Using SMS for authentication is not secure. We’ve known this for years, but recently we’ve been reminded of this with problems with Google and Apple SMS security.

SMS is important to ensure we have a backup way of allowing people to login to systems, but it should always be a last resort. So what’s the first resort? Second factors to the password need a different communications channel to the one a user is authenticating to. SMS is not secure, but push notification methods are. It is possible to initiate a communication channel via Apple, Google and Microsoft mobile notification networks. At the end of these push notifications is a secured app that in turn securely communicates with the 2FA back end. Not only is this method more secure, it’s actually a far improved user experience that can be extended beyond the login to secure in application transactions.

This presentation will go over the limitations of traditional two-factor methods and introduce the improved approach using a push notification channel to achieve the same goal, i.e. authenticate a user identity by validating the initiating request comes from a person who has something in their possession which is trusted.

The post Why Using SMS in Your Authentication Chain is Risky, AppSec 2016 appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.

It’s been proven time and time again: unmanaged, unmonitored privileged accounts are an easy target for both external attacks and malicious insiders— just take a look at some recent data breaches and chances are high the malicious party used a compromised privileged account to increase their permissions.

Due to this common practice Privileged Access Management (PAM)— the monitoring and protection of super user accounts— has emerged as one of the most important aspects of Identity and Access Management (IAM) , and cyber security writ large, today.
But in an organization with thousands of IT assets, it can be difficult to securely manage access to privileged accounts for several reasons:

• There are thousands of privileged passwords.
• Administrator passwords exist on each device and application.
• It is difficult to coordinate changes to shared passwords.

When there are many shared, static passwords, former IT staff retain sensitive access after leaving an organization. It can also be difficult to trace changes back to individuals who made them.

In this hour-long webinar from Hitachi ID, experts discuss best practices for privileged access management to remediate these problems.

Top 8 IAM Challenges for SaaS Apps

IAM Vendor Fact Book

The post Video: Best Practices for Securing Privileged Access appeared first on Top Identity & Access Management Software, Vendors, Products, Solutions, & Services.