Opinion

Opinion

Identity and access management products

• Security Think Tank: The many dimensions of DevSecOps

  It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends  Continue Reading

• Is digital ID still the missing link for the UK’s digital economy?

  While progress has been made, the government’s proposed digital ID trust framework needs more work – and the tech industry wants to have more input  Continue Reading

• Security Think Tank: Basic steps to secure your supply chain

  When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail  Continue Reading

• Security Think Tank: Don’t trust the weakest link? Don’t trust any link

  Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must  Continue Reading

• Security Think Tank: Your path to understanding attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Online Safety Bill: Collaborating to make the internet safer for all

  The UK government's plan to regulate the internet and social media includes some positive and progressive measures – but by working with industry, a lot more could be achieved  Continue Reading

• The UK’s cyber security sector is thriving, but our work has only just begun

  The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector  Continue Reading

• Security Think Tank: Good training is all about context

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• The way we talk and think about tech is crucial to helping solve the skills shortage crisis

  Companies are looking to short-term fixes to find IT specialists, but there is still a need for long-term solutions  Continue Reading

• Back to the past with government identity

  The UK government plans to spend up to £400m developing yet another digital identity system – why is taxpayer money going into a time warp when there is surely a better and cheaper way?  Continue Reading

• Watching me, watching you – challenging the rise of digital surveillance at work

  Unprecedented levels of digital monitoring at work is embedding a culture of surveillance, despite workers’ opposition to the practices, says Prospect Union  Continue Reading

• Keeping the UK in the global race to adopt digital identity

  The UK government’s proposed digital ID trust framework is a step in the right direction, but more is needed to ensure the successful adoption of digital identity across the economy  Continue Reading

• ICO cookie consent: How will the plan affect businesses?

  A data privacy and compliance expert considers what the ICO’s proposals for an overhaul of cookie consent procedures could mean for businesses  Continue Reading

• Facial recognition cannot be a standalone authentication method

  As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation  Continue Reading

• Protecting children in the digital playground

  The ICO’s Age Appropriate Design Code ushers in a new set of standards that advance children’s rights in the digital age  Continue Reading

• How the cyber security market is evolving

  The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments?  Continue Reading

• Government-led innovation can help cyber startups find a market

  There are many reasons why early-stage cyber startups often struggle to get off the ground, but government-backed programmes can help them find a path  Continue Reading

• Sparsely staffed offices: the new post-pandemic cyber gap

  With many offices still operating at limited capacity, a red teaming expert reveals how his job is getting easier, and why this is a problem  Continue Reading

• Security Think Tank: A return to the office is not a return to normal

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Why identity is the central problem for the future of the internet

  As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day?  Continue Reading

• Security Think Tank: Reopening is an opportunity to reassess wider security posture

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Security Think Tank: Returning workers to the office: Is your security posture up to date?

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Security Think Tank: To secure printers think process, technology and people

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Policies key to revolutionising Identity Governance and Administration

  The proliferation of digital identities, applications, data, security threats and compliance requirements means that Identity Governance and Administration (IGA) has never been more important, but not all organisations are approaching it in an ...  Continue Reading

• The practical steps needed to accelerate a UK digital identity ecosystem

  The draft digital identity framework published by the UK government highlights the importance of learning from the private sector and existing standards to accelerate deployment and citizen adoption  Continue Reading

• The case for vaccine passports: the real world versus the digital world

  What are the security issues challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Security culture must underpin vaccine passports

  What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports cannot be taken lightly

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Employees must be given the right to disconnect

  As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours  Continue Reading

• Security Think Tank: Back to square one – ground-up CNI protection

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• On digital identity, the government gets it wrong again

  The latest government proposals to regulate the digital identity sector continue to misunderstand how such a market works – a more API-based approach is needed to deliver the clear benefits of online ID  Continue Reading

• Vaccine passports highlight social impact of systems design

  Vaccine or immunity passports are an opportunity to advance the design of trustworthy digital systems, but much more work still needs to be done  Continue Reading

• The ransomware routine: pages from the Secret IR Insider’s diary

  The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided  Continue Reading

• Government Gateway at 20 – looking back at the UK’s most successful digital identity system

  Not all legacy IT systems in government cause problems – one has been at the heart of many of the most important online public services for 20 years  Continue Reading

• Security Think Tank: In 2021, enable, empower and entrust your users

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• How to manage non-human identities

  Identity management has traditionally focused on human identities, but non-human identities are proliferating and must not be overlooked. Businesses can reduce risk by managing both types of identity in the same way using a services-based approach  Continue Reading

• How to modernise identity governance and administration

  Modernising identity governance and administration (IGA) capabilities is essential for organisations to manage identities effectively to ensure they remain competitive, compliant and secure  Continue Reading

• Security Think Tank: Adapting defences to evolving ransomware and cyber crime

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: Tighten data and access controls to stop identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• UK government plan for digital identity lacks substance and strategy

  The tech sector has waited over a year for the government to respond to its consultation on digital identity, and when it came, the plan could hardly be more disappointing  Continue Reading

• Security Think Tank: Seven steps to edge security

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Digital identity must not remain the missing link in the UK’s digital strategy

  The UK's digital economy is desperately in need of a viable digital identity strategy - to recover from the pandemic, the government cannot wait any longer to resolve this much-delayed issue  Continue Reading

• How to tackle the IAM challenges of multinational companies

  The rapidly changing business, regulatory and IT environment makes identity and access management a tough nut to crack for large multinationals  Continue Reading

• Australian government has failed on cyber security

  The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries  Continue Reading

• Australia is painting a big red cyber target on its critical infrastructure

  Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems  Continue Reading

• Identification and access management: some possible futures

  Learn about how we might be using our heartbeats, brainwaves and eye movements to unlock our mobiles in the future  Continue Reading

• Security Think Tank: Security teams are key workers and need support

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Security Think Tank: Why and how cyber criminals exploit world events

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: Amid panic, how to find a sound level of security

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Is the EU better equipped than the US to supervise the use of facial recognition?

  Clearview AI can be an indispensable tool to reinforce national security, but there are many risks associated with the use of facial recognition technology that the EU might be better equipped to deal with than the US  Continue Reading

• Security Think Tank: Zero trust strategies must start small, then grow

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Ask yourself if zero trust is right for you

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: How zero trust lets you take back control

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ...  Continue Reading

• Security Think Tank: Practical steps to achieve zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: No trust in zero trust need not be a problem

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is not the answer to all your problems

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Facing the challenge of zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust – just another name for the basics?

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think-Tank: Tackle insider threats to achieve data-centric security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Implementing a 21st century approach to digital identity

  The government’s attempts at digital identity have failed – it is time for a new, modern approach  Continue Reading

• Security Think Tank: Data-centric security requires a holistic approach

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Data-centric security requires context and understanding

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: In-depth protection is a matter of basic hygiene

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Get basic security policy right, and the rest will follow

  Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from  Continue Reading

• The UK’s digital identity policy conundrum

  The UK government’s recent consultation on digital identity suggests that past mistakes and assumptions have yet to be resolved – a different, more user-centric vision is required  Continue Reading

• Security Think Tank: The case for blockchain-based identity

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Too soon to dismiss blockchain in cyber security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Use blockchain for integrity and immutability checks

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain is not for everyone, so look carefully before you leap

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain utility depends on business type and cost

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Risk mitigation is key to blockchain becoming mainstream

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• Security Think Tank: Blockchain – balance risk and opportunity for smart security

  What are the best and most effective ways information security professionals can use blockchain technology?  Continue Reading

• What the UK can learn from the Nordics when it comes to digital ID

  The UK and other countries can learn from the Nordic region when it comes to digital identity  Continue Reading

• Security Think Tank: Understanding tech is key to effective data segregation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: How to realise the benefits of security zoning

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• Security Think Tank: Benefits and challenges of security segmentation

  What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome?  Continue Reading

• How to accelerate digital identity in the UK

  Trusted online relationships are essential to the digital economy, but the UK is lagging behind. What needs to be done?  Continue Reading

• eIDAS and the EU’s mission to create a truly portable identity

  It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes   Continue Reading

• Can we live without passwords?

  Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve  Continue Reading

• Security Think Tank: Pay attention to attribute-based system access permissions

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not  Continue Reading

• Security Think Tank: Strong 2FA should be a goal in 2019

  At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not  Continue Reading

• Brexit and digital identity – avoiding future restrictions on digital trade

  The UK has been a major contributor to European efforts to establish cross-border digital identities. Governments need to ensure that Brexit does not introduce unwanted restrictions that harm digital trade  Continue Reading

• Security Think Tank: Cracking the code – what makes a good password?

  In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Some basic password guidelines

  In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Passwords alone are not good enough

  In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: Firms need to support good password practices

  In the light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough?  Continue Reading

• Security Think Tank: How to create good passwords and add security layers

  In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough?  Continue Reading

• Security Think Tank: Patch, scan and lock down to counter fileless malware

  What should organisations do at the very least to ensure business computers are protected from fileless malware?  Continue Reading

• Mobile biometrics set to be game-changer in APAC

  Telcos, financial institutions and other industry players risk losing market share if they do not keep up with the demand for security, convenience and mobility  Continue Reading

• Security Think Tank: Automating basic security tasks

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Will the review of Gov.uk Verify fix the UK's digital identity problems?

  The rumoured review of the UK government’s identity assurance programme provides the ideal opportunity to fix problems and accelerate progress  Continue Reading

• Gov.uk Verify and identity assurance - it's time for a rethink

  The government's Verify identity platform is not meeting user needs - it's time to step back and review how best to make online identity for public services work  Continue Reading

• Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

  Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon  Continue Reading

• Consumer identity management is the core of real CRM

  IAM + CRM is much more than simply IAM for external users, says Ivan Niccolai  Continue Reading

• The problem with passwords: how to make it easier for employees to stay secure

  An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems  Continue Reading

• Security Think Tank: Top five access control mistakes

  In the modern business environment, what are the most common access control mistakes and what is the best way to correct them?  Continue Reading

• Security Think Tank: You can’t protect what you don’t know you’ve got

  IP theft: who should be tackling it and how?  Continue Reading