Zero Trust

In 2025, data breaches affected over 232 million individuals in the United States through breach notifications alone, with stolen credentials ranking as the most common initial attack vector . The average breach cost organizations $4.44 million globally ($10.22 million in the US), and here’s the kicker: nearly 80% of breaches involved compromised credentials . The traditional castle-and-moat security model—trust everything inside the network, scrutinize everything outside—is dead. Zero Trust Architecture (ZTA) isn’t another security buzzword....

Introduction The help desk at MGM Resorts had no idea they were about to enable one of the most devastating casino breaches in history. In September 2023, a group called Scattered Spider didn’t need sophisticated malware or zero-day exploits. They simply called the IT help desk, impersonated an employee using publicly available LinkedIn data, and convinced a well-meaning support agent to reset credentials and disable MFA. Within hours, they had super administrator privileges in MGM’s Okta and Azure environments....

Introduction Every few years, something comes along that forces identity and access management professionals to rethink the fundamentals. Federated identity changed how we think about trust boundaries. Zero Trust changed how we think about networks. Zero Standing Privilege changed how we think about admin access. Now agents are changing how we think about who is taking actions in our systems. I don’t mean chatbots. I mean autonomous systems that read context, make decisions, and execute real-world actions—send emails, merge code, modify configurations, publish content, interact with APIs—on behalf of a human....

Beyond Rubber-Stamping: How to Fix Account Recertification TL;DR Annual access reviews are a broken, compliance-driven ritual that often increases risk. This post breaks down how to move beyond traditional, manual recertification to a modern, automated, and continuous model. We’ll cover event-driven reviews, micro-certifications, and how to leverage automation to reduce risk, eliminate rubber-stamping, and build a system that governs access in real-time. The ‘Why’ For decades, account recertification has been a cornerstone of identity and access management (IAM)....

Series format: Three levels × two posts each. Post 1 (per level) = IAM — access, SSO, MFA/passkeys, device/risk checks, lifecycle (JML), SCIM, and PIM/JIT. Post 2 (per level) = IGA — access reviews/certifications, SoD, policy, audit evidence, and continuous assurance. Why this series—and why now Identity work breaks when teams buy governance before they stabilize access, or when they over-index on a single vendor instead of designing for outcomes and clean handoffs....

TL;DR Annual access reviews alone won’t keep you safe. Real control requires a yin–yang operating model presented in the order you actually work: Yin (Secure AI-Assisted): risk-aware triage, context synthesis, toxic-combination detection, usage-based revocation suggestions, and policy-drift alerts—with human oversight for anything high-impact. Yang (Manual, Human-Led): clear ownership, accountable attestations by managers and app owners, strong evidence trails, and auditable decisions. Design your program around continuous and event-driven recertification—small, frequent, targeted reviews triggered by real changes—not a once-a-year scramble....

TL;DR AI is chewing through the repetitive, entry-level work that used to give newcomers their start in Identity & Access Management (IAM)—account audits, basic access reviews, routine onboarding/offboarding “click-ops,” and boilerplate policy writing. That means mentorship isn’t a nice-to-have; it’s the on-ramp. This post lays out (1) why the shift is happening, (2) what effective IAM mentorship looks like, (3) a practical 12-week plan any team can run, (4) how to blend AI as a co-mentor without outsourcing judgment, and (5) a vetted directory of communities and mentorship programs to join right now....

Tag: EverydayIdentity Editor’s Note (September 2025): This guide is aligned to the latest NIST publications issued last month, including SP 800-53 Release 5.2.0 (with new software-update/patch and cyber-resiliency emphasis) and SP 800-63 Revision 4 (updated Digital Identity Guidelines). We also reference the SP 1800-35 Zero Trust practice guide finalized this summer to ground CIEM in current best practice. :contentReference[oaicite:0]{index=0} TL;DR Multi-cloud is powerful—and dangerously permissive by default. Over time, identities (humans and workloads) accumulate access they no longer need....

TL;DR You don’t need a twelve-month program to stop the most common identity breaches. In 30 days, you can close the biggest gaps: Purge orphaned accounts Process leavers the same day Rotate & vault NHI (non-human identity) passwords/keys Enforce MFA everywhere; phishing-resistant for admins Disable legacy/basic auth + app passwords Kill standing admin; adopt least privilege + JIT elevation Put critical apps behind SSO; disable local logins Run a high-risk access review sprint Establish a Conditional Access baseline (device/risk/location) Turn on identity logging & alerts; harden break-glass Below is a day-by-day plan with owners, acceptance criteria, checkpoints, and metrics....

#The Future of IAM: AI & Automation TL;DR Identity and Access Management (IAM) is evolving fast. AI and automation are moving IAM from static, rules-based controls to adaptive, intelligence-driven systems. Machine learning powers real-time anomaly detection, behavior-based authentication reduces reliance on passwords, and identity orchestration unifies workflows across multi-cloud and legacy systems. But with innovation comes new risks: AI agents, machine identities, and autonomous threats demand fresh governance and continuous monitoring....