Using passwords introduces both a large attack surface (phishing, brute force, password spreading, rainbow table, etc.) and a poor user experience. As a result, passwords have been denounced in favour of passwordless technologies for several years. However, passwords remain commonly…
In this second article on Identity and Access Management (IAM) we look at why many organisation face difficulties transforming their IAM ecosystem, and how IAM programmes should be approached and structured. In our previous article – Identity and Access Management:…
Large organisations are facing unprecedented change, such as adapting to remote working and managing operational risk in a post-pandemic world. Identity & access management (IAM) – the provision and verification of identities and their access rights – is once again…
Nowadays, access management and security concept of APIs are inherent to federation protocols OAuth2 and OpenID Connect. Both protocols natively cover a great deal of use cases, but regularly evolve and come with complements to address more innovative subjects. In…
In a previous article, we discussed the main motivations behind the implementation of an authorization model and answered a first set of essential questions one should think about when setting up or redesigning a model. Let’s continue here with a…
Introduction DAC, RBAC, OrBAC, ABAC or GraphBAC? Flagship authorization models evolve regularly and each one brings its share of challenges, promises, and complexity. Over the last twenty years or so, during which the RBAC/OrBAC models seem to have prevailed, the…
Le travail à distance et les interactions numériques étant de plus en plus courants, il est essentiel que les entreprises offrent la meilleure expérience possible pour les activités numériques quotidiennes et la collaboration avec les fournisseurs et les partenaires. Une…
We have seen in the first part of the article the risks that represent the deepfakes for the businesses. In this part, we are going to focus on the strategies available to pre-empt deepfakes and the concrete actions to implement…
Online media and social networks expand the attack surface usable by the malicious actors, and deepfakes are the ultimate weapon. Well-known as a disinformation tool for the society, they bring about other risks to be considered by businesses. The recent…
Dans un précédent article, nous avons pu découvrir l’IAM of Things (IAMoT) et souligner les très fortes interactions avec les domaines de l’IAM et du Customer IAM (CIAM). Dans ce nouvel article, nous allons maintenant mettre en évidence les lacunes…
