Some 26 percent of all accounts surveyed were of 'stale enabled users'; accounts - and 90 percent in one case.The risk is two-fold: ex-employee with unauthorised access, and the account can be hijacked by an external hacker.
Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.
Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.
The password on its own is not enough to protect an organisation's data, even if you follow best practice says Kevin Timms, adding passwords that are easily entered and remembered are inherently weak and easily compromised.
Companies seem to be slow to realise that their Twitter, Facebook or LinkedIn accounts and passwords require exactly the same protection as any of their high-risk or high-value internal systems says Jackson Shaw.
Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.
Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."
Whether IBM or Microsoft's vision prevails, identity verification and device authentication are still a factor in security says Mike Lynch.
The Inspector General has said that the U.S. Department of the Interior has to beef up its access controls if it wants to meet current standards
What are organisations doing wrong when it comes to dealing with the insider threat? That was the topic of conversation when we sat down recently with Mark McClain.
The approaches to access control have varied over the decades, but today the challenges are greater than ever.
Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.
Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.
The problem with passwords, is users says Francois Amigorena, and overcoming user-error can make passwords fit for purpose once again.
There are security vulnerabilities when using passwords, but Tyler Moffitt says that there are steps that you can and should take to make sure your data less easy to access.
Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.
As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell
Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.
Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc
Around 2,000 of the 36,000 users who accessed Sussex's Health Informatics Service (HIS) were doing so from unmanaged mobile devices.
A move to the cloud cannot result in a loss of control of data, as due diligence should be done before and during the outsourcing process.