Opinion

Opinion

Identity and access management products

• The practical steps needed to accelerate a UK digital identity ecosystem

  The draft digital identity framework published by the UK government highlights the importance of learning from the private sector and existing standards to accelerate deployment and citizen adoption  Continue Reading

• The case for vaccine passports: the real world versus the digital world

  What are the security issues challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Security culture must underpin vaccine passports

  What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports cannot be taken lightly

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Employees must be given the right to disconnect

  As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours  Continue Reading

• Security Think Tank: Back to square one – ground-up CNI protection

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• On digital identity, the government gets it wrong again

  The latest government proposals to regulate the digital identity sector continue to misunderstand how such a market works – a more API-based approach is needed to deliver the clear benefits of online ID  Continue Reading

• Vaccine passports highlight social impact of systems design

  Vaccine or immunity passports are an opportunity to advance the design of trustworthy digital systems, but much more work still needs to be done  Continue Reading

• The ransomware routine: pages from the Secret IR Insider’s diary

  The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided  Continue Reading

• Government Gateway at 20 – looking back at the UK’s most successful digital identity system

  Not all legacy IT systems in government cause problems – one has been at the heart of many of the most important online public services for 20 years  Continue Reading

• Security Think Tank: In 2021, enable, empower and entrust your users

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• How to manage non-human identities

  Identity management has traditionally focused on human identities, but non-human identities are proliferating and must not be overlooked. Businesses can reduce risk by managing both types of identity in the same way using a services-based approach  Continue Reading

• How to modernise identity governance and administration

  Modernising identity governance and administration (IGA) capabilities is essential for organisations to manage identities effectively to ensure they remain competitive, compliant and secure  Continue Reading

• Security Think Tank: Adapting defences to evolving ransomware and cyber crime

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: Tighten data and access controls to stop identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• UK government plan for digital identity lacks substance and strategy

  The tech sector has waited over a year for the government to respond to its consultation on digital identity, and when it came, the plan could hardly be more disappointing  Continue Reading

• Security Think Tank: Seven steps to edge security

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Digital identity must not remain the missing link in the UK’s digital strategy

  The UK's digital economy is desperately in need of a viable digital identity strategy - to recover from the pandemic, the government cannot wait any longer to resolve this much-delayed issue  Continue Reading

• How to tackle the IAM challenges of multinational companies

  The rapidly changing business, regulatory and IT environment makes identity and access management a tough nut to crack for large multinationals  Continue Reading

• Australian government has failed on cyber security

  The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries  Continue Reading

• Australia is painting a big red cyber target on its critical infrastructure

  Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems  Continue Reading

• Identification and access management: some possible futures

  Learn about how we might be using our heartbeats, brainwaves and eye movements to unlock our mobiles in the future  Continue Reading

• Security Think Tank: Security teams are key workers and need support

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Security Think Tank: Why and how cyber criminals exploit world events

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: Amid panic, how to find a sound level of security

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Is the EU better equipped than the US to supervise the use of facial recognition?

  Clearview AI can be an indispensable tool to reinforce national security, but there are many risks associated with the use of facial recognition technology that the EU might be better equipped to deal with than the US  Continue Reading

• Security Think Tank: Zero trust strategies must start small, then grow

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Ask yourself if zero trust is right for you

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: How zero trust lets you take back control

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ...  Continue Reading

• Security Think Tank: Practical steps to achieve zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: No trust in zero trust need not be a problem

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is not the answer to all your problems

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Facing the challenge of zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust – just another name for the basics?

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think-Tank: Tackle insider threats to achieve data-centric security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Implementing a 21st century approach to digital identity

  The government’s attempts at digital identity have failed – it is time for a new, modern approach  Continue Reading

• Security Think Tank: Data-centric security requires a holistic approach

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Data-centric security requires context and understanding

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: In-depth protection is a matter of basic hygiene

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Get basic security policy right, and the rest will follow

  Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from  Continue Reading

• The UK’s digital identity policy conundrum

  The UK government’s recent consultation on digital identity suggests that past mistakes and assumptions have yet to be resolved – a different, more user-centric vision is required  Continue Reading

• Security Think Tank: The case for blockchain-based identity

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Too soon to dismiss blockchain in cyber security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Use blockchain for integrity and immutability checks

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain is not for everyone, so look carefully before you leap

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain utility depends on business type and cost

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Risk mitigation is key to blockchain becoming mainstream

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain – balance risk and opportunity for smart security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• What the UK can learn from the Nordics when it comes to digital ID

  The UK and other countries can learn from the Nordic region when it comes to digital identity  Continue Reading

• Security Think Tank: Understanding tech is key to effective data segregation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: How to realise the benefits of security zoning

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Benefits and challenges of security segmentation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• How to accelerate digital identity in the UK

  Trusted online relationships are essential to the digital economy, but the UK is lagging behind. What needs to be done?  Continue Reading

• eIDAS and the EU’s mission to create a truly portable identity

  It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes   Continue Reading

• Can we live without passwords?

  Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve  Continue Reading

• Security Think Tank: Pay attention to attribute-based system access permissions

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not  Continue Reading

• Security Think Tank: Strong 2FA should be a goal in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Brexit and digital identity – avoiding future restrictions on digital trade

  The UK has been a major contributor to European efforts to establish cross-border digital identities. Governments need to ensure that Brexit does not introduce unwanted restrictions that harm digital trade  Continue Reading

• Security Think Tank: Cracking the code – what makes a good password?

  In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Some basic password guidelines

  In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Passwords alone are not good enough

  In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Firms need to support good password practices

  In the light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: How to create good passwords and add security layers

  In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough?  Continue Reading

• Security Think Tank: Patch, scan and lock down to counter fileless malware

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Mobile biometrics set to be game-changer in APAC

  Telcos, financial institutions and other industry players risk losing market share if they do not keep up with the demand for security, convenience and mobility  Continue Reading

• Security Think Tank: Automating basic security tasks

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Encourage employees to use an approved messaging app

  What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees?  Continue Reading

• Security Think Tank: Web security down to good risk management

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Will the review of Gov.uk Verify fix the UK's digital identity problems?

  The rumoured review of the UK government’s identity assurance programme provides the ideal opportunity to fix problems and accelerate progress  Continue Reading

• Security Think Tank: Are employees cyber pawns or cyber heroes?

  What are the best security controls to ensure a safe working environment where employees do not have the unfair pressure of being the first line of cyber defence?  Continue Reading

• Security Think Tank: People are part of security, but should not be key element

  What are the best security controls to ensure a safe working environment where employees do not have the unfair pressure of being the first line of cyber defence?  Continue Reading

• Security Think Tank: Avoiding the blame game

  What are the best security controls to ensure a safe working environment where employees do not have the unfair pressure of being the first line of cyber defence?  Continue Reading

• Why GDPR is so relevant to the business

  The GDPR is not only relevant to CISOs and DPOs, and has a massive impact on businesses  Continue Reading

• Energy and healthcare primed for blockchain disruption

  Blockchain applications are upending traditional industries, with startup activity expected to ramp up in years to come  Continue Reading

• Security Think Tank: Key things to consider to block malicious email attachments

  What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches?  Continue Reading

• Gov.uk Verify and identity assurance - it's time for a rethink

  The government's Verify identity platform is not meeting user needs - it's time to step back and review how best to make online identity for public services work  Continue Reading

• PSD2 – time to open and secure APIs and rethink business models

  With the EU’s Payment Service Directive (PSD2) going into effect in January 2018, banks have no time to waste in preparing for the changes it will bring  Continue Reading

• Navigating those early stages: research in its many forms

  This is the third in a series of articles charting the progress of participants from HutZero, a new cyber security entrepreneur acceleration programme run by Cyber London (CyLon) and the Centre for Security Information Technologies (CSIT) at Queen’s...  Continue Reading

• Self-sovereign identity on the block – ideal or no deal?

  There’s a rumour out there in the IT and business world that blockchains could be the magic elixir when it comes to users’ full control and power over their own digital identities. But is that really so?  Continue Reading

• Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

  Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon  Continue Reading

• Consumer identity management is the core of real CRM

  IAM + CRM is much more than simply IAM for external users, says Ivan Niccolai  Continue Reading

• Security Think Tank: Use biometric security at the right time and place

  How can organisations move to biometric authentication of users without running the risk of exposing sensitive biometric information?  Continue Reading

• Security Think Tank: Biometrics have key role in multi-factor security

  How can organisations move to biometric authentication of users without running the risk of exposing sensitive biometric information?  Continue Reading

• Security Think Tank: Practical biometrics in the enterprise

  How can organisations implement biometric authentication of users without running the risk of exposing sensitive biometric information?  Continue Reading

• Security Think Tank: Research biometrics thoroughly before deploying

  How can organisations move to biometric authentication of users without running the risk of exposing sensitive biometric information?  Continue Reading

• Security Think Tank: Proceed with caution on biometric authentication

  How can organisations move to biometric authentication of users without running the risk of exposing sensitive biometric information?  Continue Reading

• Security Think Tank: A starter guide for biometrics in security

  How can organisations move to biometric authentication of users without running the risk of exposing sensitive biometric information?  Continue Reading

• The problem with passwords: how to make it easier for employees to stay secure

  An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems  Continue Reading

• Are cloud users worrying about nothing when it comes to data sovereignty?

  With the upheaval surrounding the EU-US Privacy Shield, Clive Longbottom takes a closer look at the issue of sovereignty  Continue Reading

• Security Think Tank: Access control is key to protecting against cyber attacks

  In the modern business environment, what are the most common access control mistakes and how can these best be corrected?  Continue Reading

• Security Think Tank: Top five access control mistakes

  In the modern business environment, what are the most common access control mistakes and what is the best way to correct them?  Continue Reading

• Security Think Tank: Policies and procedures vital for successful access control

  In the modern business environment, what are the most common access control mistakes and what is the best way to correct them?  Continue Reading

• Security Think Tank: Password management tops list of access control issues

  In the modern business environment, what are the most common access control mistakes and how best are these corrected?  Continue Reading

• When a slowdown in IT budgets is a good thing

  IT budgets will grow at their slowest rate for four years in 2016, yet companies are spending more on digital technology  Continue Reading

• Security Think Tank: Find out what personal data your company holds

  How should businesses go about setting up and maintaining a comprehensive and accurate inventory of personal data?  Continue Reading

• Network security systems – dedicated or multifunction?

  For small and medium-sized businesses looking to secure their networks, multifunction security systems are a better option than best-of-breed technology  Continue Reading

• European regulation shakes up online payments security

  Payment service providers and merchants should lose no time in assessing the affect of proposed European security regulations  Continue Reading

• What next for online age verification in the UK?

  Websites will need to check the age of users if the Conservatives' proposed laws on restricting access to adult content go ahead  Continue Reading