Skip to main content

Tag: identityandaccessmanagement

11 articles

3 Steps to Tighten Security for Cybersecurity Month

3 Steps to Tighten Security for Cybersecurity Month

This Cybersecurity Awareness Month, forget flashy purchases and run a short, disciplined campaign to fix the basics: tighten identity and access controls, prioritize vulnerability management and attack‑surface reduction, and rehearse detection and response — small, focused moves that stop most breaches. Start now and turn playbooks into muscle memory before the next incident.

Analyst 207
IT Modernization: Must-Have Strategies for Best Missions

IT Modernization: Must-Have Strategies for Best Missions

Federal IT modernization isn’t just about new tech—it’s a pragmatic playbook for delivering faster, more secure services using cloud, AI, automation and zero-trust practices while keeping critical missions running without disruption. Leaders shared phased approaches, shared platforms and workforce-first strategies that balance risk, procurement and policy to turn legacy systems into resilient, mission-ready capabilities.

Analyst 207
intelligent agents: Must-Have Tools, Best Safeguards

intelligent agents: Must-Have Tools, Best Safeguards

Agentic AI is helping governments speed up services and free staff from routine tasks, but success hinges on clear guardrails, transparency, and human oversight to protect trust and fairness. When agencies pair smart automation with strong governance and easy escalation paths, citizens get faster, fairer outcomes without sacrificing accountability.

Analyst 207
Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Analyst 207
AI agents: Must-Have Best Practices for Security

AI agents: Must-Have Best Practices for Security

You likely have forgotten service accounts, API keys, and AI agents running everywhere that quietly widen your attack surface — but with a clear inventory, short‑lived credentials, and assigned ownership you can start regaining control. Begin small: catalog a critical app, enforce least privilege, and measure detection and remediation to prove the approach scales.

Analyst 207
token-handling flaw: Stunning Entra ID Risk Exposed

token-handling flaw: Stunning Entra ID Risk Exposed

A newly disclosed flaw in Microsoft’s Entra ID could have let attackers forge tokens to impersonate apps or users across many tenants — but quick action by Microsoft and a responsible researcher likely averted disaster. Now’s the time for organizations to harden token handling and tighten identity controls before the next flaw shows up.

Analyst 207
Identity Governance and Administration: Stunning Best Guide

Identity Governance and Administration: Stunning Best Guide

Who has the keys? Identity Governance and Administration puts that question to rest by giving you centralized visibility into who can access what, why they have it, and when to revoke it — so you can reduce risk, streamline onboarding, and prove compliance.

Analyst 207
Zero trust: Must-Have Best Practices for SLED Security

Zero trust: Must-Have Best Practices for SLED Security

As ransomware and credential-stuffing rise, SLED IT leaders are combining AI-driven zero trust with gamified training to tighten defenses and turn staff and students into an active line of defense.

Analyst 207
authentication tokens Risky Fallout: Stunning Wake-Up

authentication tokens Risky Fallout: Stunning Wake-Up

When Salesloft’s stolen authentication tokens turned into a supply‑chain free‑for‑all, hundreds of companies woke up to the scary truth that machine identities are as precious as passwords. Now’s the time to rotate keys, audit integrations, and rethink how we trust the apps that sit between our teams and their data.

Analyst 207
authentication bypass: Urgent Critical Emergency Flaw

authentication bypass: Urgent Critical Emergency Flaw

Could a single click hand a stranger the keys to your vault? Click Studios has rushed a patch for a Passwordstate flaw that can create an emergency admin account — if you use Passwordstate, patch immediately, assume possible compromise, and check for unauthorized accounts.

Analyst 207
compromised Microsoft Teams account: Stunning Risk Alert

compromised Microsoft Teams account: Stunning Risk Alert

Think your cloud and Teams are safe? Storm‑0501 slipped from on‑prem into Azure, stole sensitive files, and even used a compromised Teams account to extort the victim — a wake‑up call to lock down identities, tighten segmentation, and treat collaboration tools as prime targets.

Analyst 207