Articles about Identity and access management

CrowdStrike has launched Falcon Next-Gen Identity Security, a new unified solution aimed at protecting identity across the full attack chain.

The platform covers human users, non-human service accounts, and AI agent identities, delivering security without the usual integration delays typically seen in multi-vendor setups.

Continue reading →

With identity security growing more complex a new report shows that of 70 percent of enterprises recognize the need to consolidate their identity security tool stack.

The study by Enterprise Strategy Group for Silverfort finds that while 70 percent of teams plan to expand their use of an existing tool to cover a new use case in the next 12-18 months, 62 percent of organizations plan to implement a new tool to satisfy a use case, hinting that current solutions may not be adequate to satisfy evolving priorities.

Continue reading →

Non-human identities (NHIs) -- such as service accounts, tokens, API keys, and workloads -- are exploding in volume, now outnumbering humans 50 to one, but they remain under-observed, under-protected, and dangerously over-privileged.

New data from identity security platform Silverfort shows 40 percent of cloud NHIs do not have an owner. These accounts are often excluded from proper lifecycle management, leaving them unobserved, unprotected, and open to abuse.

Continue reading →

As you'll already know, today is World Passkey Day and the FIDO Alliance has released an independent study of over 1,300 consumers across the US, UK, China, South Korea, and Japan to understand how passkey usage and consumer attitudes towards authentication have evolved.

The results are encouraging, they find 74 percent of consumers are aware of passkeys and 69 percent have enabled passkeys on at least one of their accounts.

Continue reading →

Generative AI is already defeating traditional identity verification (IDV) methods like knowledge-based authentication, 2FA, and more.

This shift is likely to see the acceleration of new forms of IDV in 2025 that place a greater emphasis on ensuring they're both more secure and easy for people to use. This will result in a convergence of customer identity and access management (CIAM) which essentially gives customers more control over their identity and verification.

Continue reading →

According to the Identity Theft Resource Center (ITRC) there were 1.1 billion breaches in the first half of 2024 -- a 490 percent increase over the first half of the year before.

In addition, an enormous and unprecedented rate of credential stuffing and bot attacks have been spearheaded by ChatGPT's debut. All of this means having intelligent and accurate fraud prevention techniques have never been so critical.

Continue reading →

A new report from SpyCloud highlights a 22 percent increase in stolen identity records since 2023.

These identity records, consisting of harvested employee, consumer, and supply chain data, are the fuel that power cyberattacks like ransomware, account takeover, and fraud with nearly 80 percent of breaches last year involving the use of stolen credentials.

Continue reading →

Passwords are an essential part of our digital lives, yet many people still use weak or simple combinations of letters and numbers that can be cracked in just a few seconds.

A new report from Safety Detectives, based on analysis of a 2.5TB database containing passwords compromised through data breaches and malware attacks across 44 countries, looks at the current state of password habits, to highlight how these practices have evolved over time.

Continue reading →

Identity is at the root of most cyberattacks, but although we're seeing greater adoption of things like biometrics we still rely heavily on passwords.

There's added complication in the form of soaring numbers of machine identities too. Here's what some industry leaders think the identity landscape has in store for 2025.

Continue reading →

Organizations are facing increasingly sophisticated threats to their identity infrastructure so it's not surprising that a new survey of over 370 IT professionals shows use of identity threat detection and response (ITDR) technology is growing, though many are running into roadblocks to unlocking its full potential.

The study from Quest Software shows 84 percent of organizations are reaping benefits from their ITDR efforts, even if it hasn’t been fully implemented. Over one in three (36 percent) say their expectations have been fully met or exceeded.

Continue reading →

Modernizing identity systems is proving difficult for organizations due to two key challenges, decades of accumulated identity and access management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs).

A new report from Strata Identity and the Cloud Security Alliance (CSA) finds incompatibility with non-standard, legacy applications is a barrier to deploying advanced application authentication for 71 percent of respondents, further highlighting the issue of technical debt with 54 percent of respondents citing it as their top hurdle when modernizing their IAM architecture.

Continue reading →

Long-lived credentials on major cloud platforms continue to be a huge risk for organizations, according to a new report from Datadog.

Long-lived cloud credentials never expire and frequently get leaked in source code, container images, build logs and application artifacts, making them a major security risk. The report finds that 46 percent of organizations are still using unmanaged users with long-lived credentials.

Continue reading →

Identity and access management (IAM) programs put a lot of emphasis on users, for the obvious reason that compromising user identities is the prime attack vector for ransomware and other threat actors. But while strengthening access and permission controls for employees, third parties and other stakeholders, too many organizations overlook a vast trove of network identities that can be equally vulnerable to attack -- the non-human identities (NHIs) that are proliferating in the cloud.

The number of non-human identities, ranging from API keys and cloud services to DevOps tools and software bots, has exploded in recent years. By some estimates they are now outnumbering human users on the network by 45-1. The tools and services that comprise non-human identities can significantly increase efficiency and productivity, but they greatly expand an organization’s attack surface if they’re not properly protected. And too many of them aren’t protected.

Continue reading →

Traditional processes for ensuring employees have the right levels of access to systems have come under strain and become harder to manage because of the spread of cloud-based software.

A new AI-powered identity governance and administration (IGA) platform from Zilla Security aims to tackle the long-standing challenge of managing hundreds of roles or group membership rules to ensure organizations give users job-appropriate access.

Continue reading →

New data shows that one in five organizations has experienced a security incident related to non-human identities; and only 15 percent remain confident in their ability to secure them.

A report from the Cloud Security Alliance (CSA), and Astrix Security reveals that there is a growing recognition of the importance of investing in NHI security with a quarter of organizations already investing in these capabilities and an additional 60 percent planning to within the next twelve months.

Continue reading →