News & Commentary

It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.

Identity Management: Where It Stands, Where It's Going

News | 3/6/2018 |

How companies are changing the approach to identity management as people become increasingly digital.

What Enterprises Can Learn from Medical Device Security

Commentary | 3/1/2018 |

In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.

How to Secure 'Permissioned' Blockchains

Commentary | 2/28/2018 |

At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.

Leveraging Security to Enable Your Business

Commentary | 2/23/2018 |

When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.

Takeaways from the Russia-Linked US Senate Phishing Attacks

Commentary | 2/21/2018 |

7 comments

The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.

Facebook Aims to Make Security More Social

News | 2/20/2018 |

Facebook's massive user base creates an opportunity to educate billions on security.

IRS Reports Steep Decline in Tax-Related ID Theft

News | 2/15/2018 |

Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.

Can Android for Work Redefine Enterprise Mobile Security?

Commentary | 2/13/2018 |

Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.

Back to Basics: AI Isn't the Answer to What Ails Us in Cyber

Commentary | 2/9/2018 |

The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.

Identity Fraud Hits All-Time High in 2017

News | 2/6/2018 |

Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.

Google Cloud Least-Privilege Function Goes Live

Quick Hits | 1/31/2018 |

Custom Roles for Cloud IAM now available in production from Google.

Passwords: 4 Biometric Tokens and How They Can Be Beaten

Commentary | 1/31/2018 |

Authentication security methods are getting better all the time, but they are still not infallible.

K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online

News | 1/31/2018 |

Survey says local school districts and education departments lack even the most basic security and privacy safeguards.

6 Tips for Building a Data Privacy Culture

Slideshows | 1/26/2018 |

Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.

New Voice MFA Tool Uses Machine Learning

Quick Hits | 1/25/2018 |

Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.

Less than 10% of Gmail Users Employ Two-Factor Authentication

Quick Hits | 1/23/2018 |

Google software engineer reveals lack of user adoption for stronger authentication.

One Identity Acquires Balabit

Quick Hits | 1/17/2018 |

Union expands One Identity's privileged access management and analytics offerings.

Oracle Product Rollout Underscores Need for Trust in the Cloud

News | 12/11/2017 |

Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.

Gartner: IT Security Spending to Reach $96 Billion in 2018

News | 12/8/2017 |

Identity access management and security services to drive worldwide spending growth.

Why Security Depends on Usability -- and How to Achieve Both

Commentary | 11/29/2017 |

Any initiative that reduces usability will have consequences that make security less effective.

Uber Paid Hackers $100K to Conceal 2016 Data Breach

News | 11/22/2017 |

The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.

Who Am I? Best Practices for Next-Gen Authentication

Commentary | 11/15/2017 |

By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.

Inhospitable: Hospitality & Dining’s Worst Breaches in 2017

Slideshows | 11/8/2017 |

Hotels and restaurants are in the criminal crosshairs this year.

How Law Firms Can Make Information Security a Higher Priority

Commentary | 11/8/2017 |

Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.

Hiring Outside the Box in Cybersecurity

Commentary | 11/7/2017 |

Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.

How I Infiltrated a Fortune 500 Company with Social Engineering

Commentary | 11/7/2017 |

Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.

10 Mistakes End Users Make That Drive Security Managers Crazy

Slideshows | 11/2/2017 |

Here's a list of common, inadvertent missteps end users make that can expose company data.

Why Data Breach Stats Get It Wrong

Commentary | 10/26/2017 |

It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.

Advanced Analytics + Frictionless Security: What CISOS Need to Know

Commentary | 10/25/2017 |

Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.

What's Next after the SEC 'Insider Trading' Breach?

Commentary | 10/19/2017 |

Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.

Game Change: Meet the Mach37 Fall Startups

Slideshows | 10/18/2017 |

CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.

Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way

News | 10/17/2017 |

Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.

Google Bolsters Security for Select Groups

Quick Hits | 10/17/2017 |

Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.

How Systematic Lying Can Improve Your Security

Commentary | 10/11/2017 |

3 comments

No, you don't have to tell websites your mother's actual maiden name.

SecureAuth to Merge with Core Security

News | 9/20/2017 |

K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.

How Apple's New Facial Recognition Technology Will Change Enterprise Security

Commentary | 9/19/2017 |

Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.

Workplace IoT Puts Companies on Notice for Smarter Security

Commentary | 9/6/2017 |

Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.

The Active Directory Botnet

Dark Reading Videos | 8/30/2017 |

It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.

GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries

Commentary | 8/24/2017 |

14 comments

What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.

Risky Business: Why Enterprises Can’t Abdicate Cloud Security

Commentary | 8/7/2017 |

It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.

The Lazy Habits of Phishing Attackers

News | 7/27/2017 |

Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy.

4 Steps to Securing Citizen-Developed Apps

Commentary | 7/19/2017 |

Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.

AWS S3 Breaches: What to Do & Why

Commentary | 7/17/2017 |

Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.

The High Costs of GDPR Compliance

Commentary | 7/11/2017 |

Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.

Avoiding the Dark Side of AI-Driven Security Awareness

Commentary | 7/5/2017 |

Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?

WannaCry Blame Game: Why Delayed Patching is Not the Problem

Commentary | 6/27/2017 |

While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.

WannaCry? You’re Not Alone: The 5 Stages of Security Grief

Commentary | 6/22/2017 |

10 comments

As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.

Climbing the Security Maturity Ladder in Cloud

Commentary | 6/15/2017 |

These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.

Why Compromised Identities Are IT’s Fault

Commentary | 6/7/2017 |