Identity Governance

TL;DR Annual access reviews alone won’t keep you safe. Real control requires a yin–yang operating model presented in the order you actually work: Yin (Secure AI-Assisted): risk-aware triage, context synthesis, toxic-combination detection, usage-based revocation suggestions, and policy-drift alerts—with human oversight for anything high-impact. Yang (Manual, Human-Led): clear ownership, accountable attestations by managers and app owners, strong evidence trails, and auditable decisions. Design your program around continuous and event-driven recertification—small, frequent, targeted reviews triggered by real changes—not a once-a-year scramble....

Delegated Admin & Just-In-Time Access: Reducing Standing Privileges TL;DR Standing (always-on) admin privileges are a top target for attackers—and a pain point for compliance. By shifting to delegated admin roles and “just-in-time” access, organizations reduce risk, limit attack surfaces, and enforce true least privilege in practice. This post unpacks how to design and run these controls, practical pitfalls, and the benefits for audit, security, and business agility. Why Standing Privileges Are a Problem Standing privilege means an account (often admin) always has elevated rights, even when not in use....

Access Reviews & Certifications: Why and How Everything you need to know about periodic reviews, compliance value, and common traps to avoid TL;DR Access reviews and certifications are your IAM safety net. Done right, they ensure that users have only the access they need—no more, no less. In this post, we’ll explain the what, why, and how, along with real-world examples and common mistakes to avoid. What Are Access Reviews?...

TL;DR AI brings speed, scale, and intelligence to Identity and Access Management (IAM). But real-world breaches, compliance rules, and business complexity prove a critical truth: without a human-in-the-loop (HiTL), automation introduces unacceptable risks. This guide covers how AI is transforming IAM, what can go wrong, real-world incidents, case studies, key compliance requirements (SOX, HIPAA, GDPR, NIST, and more), and a downloadable mapping document for your security program. 1. Introduction: The New Age of IAM Automation Identity and Access Management (IAM) is now at the crossroads of AI, automation, and Zero Trust....

Password Requirements Password Composition Minimum Length: All passwords must be at least 12 characters long. Longer passwords (16+ characters) are strongly encouraged. Character Requirements: Passwords must include at least: One uppercase letter (A-Z) One lowercase letter (a-z) One numeric digit (0-9) One special character (e.g., !@#$%^&*()_+-=[]{}|;:’",.<>/?`~) Complexity Enforcement: Password creation systems must validate these requirements in real-time and provide feedback to users. Dictionary Word Prevention: Passwords cannot consist solely of common dictionary words, regardless of character substitutions....