As a security architect within IBM Security Services, I often get asked the question, “What exactly is a Zero Trust architecture?” Well, there is no single or unique answer to that question for two reasons. First, Zero Trust is not an architectural model but rather a set of guiding principles that should be applied to existing and new designs. W

In today’s hybrid multicloud environment, users expect to be able to access their work and personal resources from wherever they are, whenever they need them. With this expanded security perimeter, and especially considering this year’s tectonic shift in remote work, organizations need to be prepared with a distributed security strategy that incorporates pri

I grew up watching professional football back in the 70s, when defenses were so good they had their own nicknames. The Pittsburgh Steelers had the “Steel Curtain,” the Miami Dolphins had the “No-Name Defense” and the Dallas Cowboys had the “Doomsday Defense.” The Cowboys’ defense was based on a newfangled concept cal

Consumer identities are at the heart of brand engagements today. Digital interactions are a routine part of our lives and touchpoints for consumers have reached astounding heights. Nearly 60 percent of the world is digitally connected and more than half of the world’s population will be using social media by the middle of 2020, according to We Are Soci

The tax season deadline in the U.S. is April 15, 2020, and that means scammers are officially on the prowl for unsuspecting tax fraud victims. Attackers are utilizing both time-tested and new techniques to collect tax information and personal data from victims and target individual and corporate accounts. No one is immune from tax season risks, and most of u

Identity is a difficult term to define in the cybersecurity world. The range of personal information that can be associated with an identity interaction is highly dependent on the situational context of the interaction. The definition of identity also depends on the context of the medium within which it is exchanged. In the physical world, when we talk about

In 2019, we saw a record number of information security breaches. According to the IBM X-Force Threat Intelligence Index 2020, a total of 8.5 billion records were compromised — three times the number from 2018. The healthcare industry saw its fair share of attacks and was the 10th-most targeted industry, accounting for 3 percent of all attacks last year. Th

As a consumer, have you ever visited an online retail site only to be bombarded by a pop-up window asking for your email address in order to get a nominal discount? Or consider the process of exploring a home mortgage with a major financial institution. Your first interaction with the bank or financial institution prompts a request for your Social Security i

Imagine the impact on the government cybersecurity landscape if the mantra for every U.S. state were something like, “Every student, every school, cyber-educated.” It’s the first I’ve heard about an objective this bold, and it comes from a state that gets little media exposure: North Dakota. The small Great Plains state has establishe

Weak passwords can hurt any organization’s security efforts and make any device easily hackable, but could they also be the greatest point of failure for internet of things (IoT) security? Weak passwords certainly put companies deploying IoT devices at greater risk of falling victim to a cyberattack. We have already begun to see attacks targeting IoT d

Identity authentication is absolutely necessary to conducting our affairs today. Without it, we would lose virtually all confidence to conduct business or create and foster relationships. But with ever increasing concerns related to data privacy, it is worth looking at the past to see what future challenges we may face in the digital identity space. From Jew

Identity and access management (IAM) is a mature and well understood domain of security. That doesn’t mean it’s static. While IAM is commonly associated with security — indeed, it is an essential part of a holistic security program — many people are beginning to understand the business processes it represents as well. They therefore view it as an

Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction. In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not li

In the world of security, there is a constant struggle to justify spending, show business value and quantify positive impacts. But too often there is not enough funding, and security becomes important only after a crisis. The value of the identity and access management (IAM) domains is different because it doesn’t just address risk — it can lead to ope

Definition of Doxing (sometimes written as doxxing): gathering identifiable information about a person or a group of people with the objective to shame, scare, blackmail or bully the target. What is it? The technique as such was already known in the 1990’s when Usenet users researched and posted the real names belonging to online handles that they had an arg