EverydayIdentity

Introduction: Why Zero Trust, Why Now? In 2023, attackers breached a major global financial services company by compromising a single VPN account. That one set of stolen credentials gave them access deep into the network, exposing millions of customer records. The organization had spent millions hardening its perimeter firewalls—but once the attacker got inside, there were few controls to stop them. This is the reality of today’s threat landscape: the perimeter is porous, and identity is the true control point....

From Passwords to Prompts: The AI Shift in Identity & IT Artificial intelligence (AI) has become a double-edged sword in IT and identity security. On one side, enterprises deploy AI for automation, fraud detection, adaptive authentication, and anomaly detection. On the other, cybercriminals are weaponizing the same tech to supercharge their intrusions. In 2023, U.S. consumers reported over $10 billion in fraud losses — the highest figure ever recorded. Analysts and regulators increasingly attribute this surge to AI-enhanced cybercrime, where phishing emails, romance scams, and business email compromise (BEC) are crafted by generative models....

#The Future of IAM: AI & Automation TL;DR Identity and Access Management (IAM) is evolving fast. AI and automation are moving IAM from static, rules-based controls to adaptive, intelligence-driven systems. Machine learning powers real-time anomaly detection, behavior-based authentication reduces reliance on passwords, and identity orchestration unifies workflows across multi-cloud and legacy systems. But with innovation comes new risks: AI agents, machine identities, and autonomous threats demand fresh governance and continuous monitoring....

Delegated Admin & Just-In-Time Access: Reducing Standing Privileges TL;DR Standing (always-on) admin privileges are a top target for attackers—and a pain point for compliance. By shifting to delegated admin roles and “just-in-time” access, organizations reduce risk, limit attack surfaces, and enforce true least privilege in practice. This post unpacks how to design and run these controls, practical pitfalls, and the benefits for audit, security, and business agility. Why Standing Privileges Are a Problem Standing privilege means an account (often admin) always has elevated rights, even when not in use....

Introduction: Why Context Is the New Secret Weapon In the world of digital security, the “who” is no longer enough. Identity and Access Management (IAM) has evolved beyond verifying a username and password. Today, the most resilient defenses are those that understand context—blending real-time signals about the user, their device, location, and behavior to make smarter access decisions. Welcome to the world of Context-Aware Access. If you’ve ever been prompted for a second factor when logging in from a new device, or denied access while traveling, you’ve seen context in action....

#IAM in the Cloud & SaaS Era: Tackling Shadow IT, API Sprawl, and Access Chaos TL;DR As enterprises shift further into cloud and SaaS ecosystems, identity and access management (IAM) becomes a tangled web of apps, permissions, and overlooked risks. This post outlines the top threats—like Shadow IT and API sprawl—and offers strategies to maintain control. The Identity Challenge in a Cloud-First World Modern enterprises are no longer running a single stack—they’re running hundreds....

Six Essential IAM Policies Every Business Needs (Beyond Passwords) TL;DR If your security program starts and ends with a password policy, your business is exposed. To defend against breaches, insider threats, and regulatory penalties, you need a well-rounded suite of Identity & Access Management (IAM) policies—clear, actionable rules that leave no gaps for attackers (or auditors) to exploit. This post breaks down six foundational IAM policies, when to use them, why they matter, and how to link them together for real-world protection....

IAM 101: The IAM Backbone – A Unified and Secure Foundation TL;DR Directories and identity federation are the backbone of any modern IAM program. They serve as the new security perimeter, enable Zero Trust, and automate lifecycle management. Misconfigurations here can undermine your entire security posture. Background: The Shift to Identity as the New Perimeter Not long ago, enterprise security meant big firewalls and locked-down networks. Today, those barriers are porous—thanks to remote work, SaaS, and hybrid environments....

Access Reviews & Certifications: Why and How Everything you need to know about periodic reviews, compliance value, and common traps to avoid TL;DR Access reviews and certifications are your IAM safety net. Done right, they ensure that users have only the access they need—no more, no less. In this post, we’ll explain the what, why, and how, along with real-world examples and common mistakes to avoid. What Are Access Reviews?...

🧠 TL;DR IAM projects don’t succeed because of tools—they succeed because of project discipline. This post breaks down core project management pillars—scope, stakeholders, communications, risk, and delivery—and ties them to identity work like Okta, Adaxes, and JAMF rollouts. 🏗️ IAM Projects Are Still Projects While identity work is technical and security-driven, the project fundamentals are universal: Stakeholder alignment drives decisions Scope controls chaos Communication prevents surprises Testing builds confidence Governance ensures long-term success Every successful identity project I’ve led—whether rolling out JAMF, Okta, or ServiceNow—followed proven project management best practices....