Access Control News, Articles and Updates

The security risks of ghost users: 1 in 4 accounts are inactive

Some 26 percent of all accounts surveyed were of 'stale enabled users'; accounts - and 90 percent in one case.The risk is two-fold: ex-employee with unauthorised access, and the account can be hijacked by an external hacker.

Writing authorisation policies to secure big data

Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.

Rémy Cointreau Case Study - connecting a global workforce to the cloud

Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.

Is it time to rethink the password?

The password on its own is not enough to protect an organisation's data, even if you follow best practice says Kevin Timms, adding passwords that are easily entered and remembered are inherently weak and easily compromised.

Social Media - the privileged account no one talks about

Companies seem to be slow to realise that their Twitter, Facebook or LinkedIn accounts and passwords require exactly the same protection as any of their high-risk or high-value internal systems says Jackson Shaw.

Artificial intelligence can fool Captcha security more than half the time

Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.

Inherent security flaws of single-sign-ons; 2FA without passwords urged

Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."

IBM or Microsoft's vision for ID verification & device authentication?

Whether IBM or Microsoft's vision prevails, identity verification and device authentication are still a factor in security says Mike Lynch.

Interior Dept must update access control standards to meet NIST guidelines - report

The Inspector General has said that the U.S. Department of the Interior has to beef up its access controls if it wants to meet current standards

Video: The insider threat versus identity and access management

What are organisations doing wrong when it comes to dealing with the insider threat? That was the topic of conversation when we sat down recently with Mark McClain.

Industry Innovators: Access Control

The approaches to access control have varied over the decades, but today the challenges are greater than ever.

Is your summer intern more prepared than you?

Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

In defence of the humble password

The problem with passwords, is users says Francois Amigorena, and overcoming user-error can make passwords fit for purpose once again.

The (grim) reality of password security

There are security vulnerabilities when using passwords, but Tyler Moffitt says that there are steps that you can and should take to make sure your data less easy to access.

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

Tech Goliath vs. innovative and secure David

Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc

Visibility, security and access drives NHS to NAC solution

Around 2,000 of the 36,000 users who accessed Sussex's Health Informatics Service (HIS) were doing so from unmanaged mobile devices.

SC Data Protection Summit: Do not surrender data control by moving to the cloud

A move to the cloud cannot result in a loss of control of data, as due diligence should be done before and during the outsourcing process.