Security News

New cloud threat research from team Unit 42 at Palo Alto Networks reveals several security issues due to bad permissions handling and misconfiguration, which opens doors wide for threat actors. In cloud environments often composed of more than hundreds or thousands of workloads, every device or machine identity might be a risk for the cloud infrastructure.

28% of companies are using four or more public/private clouds today, but that is expected to more than double in two years to 65%. "As cloud service providers improve their security and data protection offerings, decision-makers increasingly realize they can't protect their firms' data on-premises as well as they can in the cloud. But migrating existing IAM tools and processes to multicloud IaaS, PaaS, and private clouds creates problems that firms must solve" according to the Forrester study. "According to the Forrester study, firms can't just lift-and-shift existing IAM tools from on-premises to the cloud," said Eric Olden, CEO of Strata Identity.

PlainID published a report, based on research conducted among IT and security professionals in North America and the UK. Among its headline findings, the report reveals that authorization is the rising priority in identity and access management, while organizations are also looking to consolidate and standardize access control and authorization. With the shift to identity-first security and with security perimeters now spread across data, APIs, applications and more, managing access has become highly complex, manual, and distributed across multiple systems.

The global consumer IAM market is projected to grow from $8.6 billion in 2021 to $17.6 billion by 2026, at a Compound Annual Growth Rate of 15.3% during the forecast period, according to ResearchAndMarkets. Based on application area, the healthcare segment will grow at the highest CAGR. The Healthcare segment is projected to witness the fastest growth rate of during the forecast period.

Hardware-based security tokens or dongles have gained popularity, particularly at the enterprise level. Tiny hardware devices are not without their challenges.

Ping Identity announced two of its Identity and Access Management solutions have been added to the Department of Homeland Security Continuous Diagnostics and Mitigation Approved Products List. Ping Identity's IAM capabilities align with the CDM program's goals by enabling secure interoperability and centralized access to federal data and resources.

GuidePoint Security announced the expansion of its Identity & Access Management consulting practice. GuidePoint's IAM consulting practice expands upon the company's existing capability of helping customers of all sizes evaluate, select, implement and maintain best-fit IAM solutions, to now also include program assessment and strategy and roadmap development.

According to the 200 CISOs and other security decision makers who participated in the survey, nearly 60% consider lack of visibility as well as inadequate identity and access management a major threat to their cloud infrastructure. 85% of organizations said they plan to increase their security spending this year, with a significant portion being allocated to cloud infrastructure security.

SecurID joined Identiverse to share new product enhancements, insights, and resources that will allow organizations to strategize for the future of identity and access management. "With COVID-19 vaccination rates varying from state to state and country to country, organizations everywhere are preparing for the next phase of their identity journeys: at Identiverse 2021, SecurID experts will share how cloud deployments, hybrid operations, and frictionless user experiences will shape the future of identity and how businesses should strategize for these emerging trends," said Dave Taku, Head of Product, SecurID. In every sector, organizations are working through new priorities in authenticating remote workforces, preventing ransomware and other sophisticated cyberthreats and investing in solutions that maintain businesses continuity.

Even in a modestly complex organisation one could argue that IAM is not only one of the most important IT and security tasks in the business, but also one of the most difficult. In such companies IAM is a significant job: in my 450-person day-job business, for example, there are two staff members who solely do IAM and others who also touch on it from time to time.