Wednesday, December 14, 2016

Privileged Access Management (PAM) & Approach

There are both enterprise and point PAM solutions available to organizations.  With that said, as many organizations transition to a cloud-first and federated model, an enterprise solution may be the wiser choice.

While CyberArk, CA PAM, Centrify, etc. are expensive solutions, an organization may see a better return on investment (ROI) in the long run than an organization deploying multiple pointed (e.g., MSFT LAPS) solutions.

So, deploy PAM in a phased manner for AD, EUC, ERP / EHR, cloud, social media, etc. to make the cost palatable for the enterprise.

Tuesday, December 6, 2016

Are passwords going away?

With the introduction of additional associations and research organizations (e.g., FIDO: focused on negating the need for passwords, one might ask if they are going away.

The answer is no, not really.  Password-based credentials will still be around, especially within enterprises, for years to come.  Especially for legacy systems, and administrative access.

With that said, business-to-consumer (B2C) authentication for enterprises will morph considerably, as it already has.  And for that matter, so has business-to-business (B2B) authentication with PKI / x.509 certificate-based authentication for point-to-point VPN / RESTful API.

So, compensating controls in the way of conditional access (CA), multi-factor authentication (MFA: biometrics, OTP, voice, security challenge / questions), etc. will take the lead in identity verification, but passwords will be around for a long time.