Access Control News, Articles and Updates

Data on the loose: why it's time to regain control

100,000 folders were open to all employees, 21 percent of all the folders in our investigation had no access controls at all. Worse yet, 41 percent of companies had at least 1,000 sensitive files open to all employees.

Outdated VPN remote access puts critical national infrastructure at risk

Critical national infrastructure organisations who cannot afford to let high value data or control of critical systems get into the wrong hands should be particularly wary of using outdated VPN remote access.

Facing the future: What the introduction of Face ID means for corporate security

30,000 infrared dots called 'True Depth' build a map of an individual's face so Face ID can claim a 1 in 1,000,000 rate of error but its not infallible; biometric authentication should be used in combination with other forms of authentication.

CCleaner attackers gained access to app developer's network via TeamViewer

The attackers who infected 2.27 million machines last year using a modified version of the computer maintenance app CCleaner gained unauthorised access to the developer's network using remote access program TeamViewer.

How poor privileged account management enables serious security breaches

There is a tendency for companies to simply lose track of their privileged accounts; 70 percent of organisations failed to fully discover all of the privileged accounts on their systems.

Preventing physical security devices becoming a cyber-security headache

Why GDPR may hold the key to ensuring the cyber-security of CCTV and access control technology.

Letter to the Editor: Biometrics misunderstood - causes death by starvation

Indian woman dies of starvation because of failures in system for biometric authentication for rations; her status is wrongly changed, unknown to victim who then receives reduced rations.

Biometrics as additional access route weaker than password-only protection

A society where identity authentication is allowed without users' volition would be a society where democracy is dead. The password as memorised secret is absolutely necessary says Hitoshi Kokumai.

Countdown to PSD2: Kill passwords to stay alive

Adopt dynamic authentication of customers for each interaction they perform, and do it as seamless and frictionless as possible: use the mobile devices we all carry. Too much is at stake to rely on shared secrets' as safeguards.

The security risks of ghost users: 1 in 4 accounts are inactive

Some 26 percent of all accounts surveyed were of 'stale enabled users'; accounts - and 90 percent in one case.The risk is two-fold: ex-employee with unauthorised access, and the account can be hijacked by an external hacker.

Writing authorisation policies to secure big data

Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.

Rémy Cointreau Case Study - connecting a global workforce to the cloud

Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.

Is it time to rethink the password?

The password on its own is not enough to protect an organisation's data, even if you follow best practice says Kevin Timms, adding passwords that are easily entered and remembered are inherently weak and easily compromised.

Social Media - the privileged account no one talks about

Companies seem to be slow to realise that their Twitter, Facebook or LinkedIn accounts and passwords require exactly the same protection as any of their high-risk or high-value internal systems says Jackson Shaw.

Artificial intelligence can fool Captcha security more than half the time

Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.

Inherent security flaws of single-sign-ons; 2FA without passwords urged

Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."

IBM or Microsoft's vision for ID verification & device authentication?

Whether IBM or Microsoft's vision prevails, identity verification and device authentication are still a factor in security says Mike Lynch.

Interior Dept must update access control standards to meet NIST guidelines - report

The Inspector General has said that the U.S. Department of the Interior has to beef up its access controls if it wants to meet current standards

Video: The insider threat versus identity and access management

What are organisations doing wrong when it comes to dealing with the insider threat? That was the topic of conversation when we sat down recently with Mark McClain.

Industry Innovators: Access Control

The approaches to access control have varied over the decades, but today the challenges are greater than ever.

Is your summer intern more prepared than you?

Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

In defence of the humble password

The problem with passwords, is users says Francois Amigorena, and overcoming user-error can make passwords fit for purpose once again.

The (grim) reality of password security

There are security vulnerabilities when using passwords, but Tyler Moffitt says that there are steps that you can and should take to make sure your data less easy to access.

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

Tech Goliath vs. innovative and secure David

Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc