There are both enterprise and point PAM solutions available to organizations. With that said, as many organizations transition to a cloud-first and federated model, an enterprise solution may be the wiser choice.
While CyberArk, CA PAM, Centrify, etc. are expensive solutions, an organization may see a better return on investment (ROI) in the long run than an organization deploying multiple pointed (e.g., MSFT LAPS) solutions.
So, deploy PAM in a phased manner for AD, EUC, ERP / EHR, cloud, social media, etc. to make the cost palatable for the enterprise.
Wednesday, December 14, 2016
Tuesday, December 6, 2016
Are passwords going away?
With the introduction of additional associations and research organizations (e.g., FIDO: https://fidoalliance.org/) focused on negating the need for passwords, one might ask if they are going away.
The answer is no, not really. Password-based credentials will still be around, especially within enterprises, for years to come. Especially for legacy systems, and administrative access.
With that said, business-to-consumer (B2C) authentication for enterprises will morph considerably, as it already has. And for that matter, so has business-to-business (B2B) authentication with PKI / x.509 certificate-based authentication for point-to-point VPN / RESTful API.
So, compensating controls in the way of conditional access (CA), multi-factor authentication (MFA: biometrics, OTP, voice, security challenge / questions), etc. will take the lead in identity verification, but passwords will be around for a long time.
The answer is no, not really. Password-based credentials will still be around, especially within enterprises, for years to come. Especially for legacy systems, and administrative access.
With that said, business-to-consumer (B2C) authentication for enterprises will morph considerably, as it already has. And for that matter, so has business-to-business (B2B) authentication with PKI / x.509 certificate-based authentication for point-to-point VPN / RESTful API.
So, compensating controls in the way of conditional access (CA), multi-factor authentication (MFA: biometrics, OTP, voice, security challenge / questions), etc. will take the lead in identity verification, but passwords will be around for a long time.
Subscribe to:
Posts (Atom)