Trending Articles

Your organisation has forty-three applications. Each one manages its own users. Each one has its own provisioning process, its own access review cycle, its own offboarding checklist item, and its own audit log in its own format. In normal operations, this is manageable. Imperfectly, slowly, with more manual effort than any IT team would choose, … Continue reading Identity Fragmentation: The Hidden Cost of Managing IAM Across Multiple Applications

Your PAM platform covers privileged access. Ask your infrastructure team how much of it, and the answer will involve a percentage. Ask which systems are excluded, and the answer will almost certainly include Linux servers accessed directly over SSH. PAM coverage metrics count the accounts that are under management on the PAM platform. A Windows … Continue reading PAM Coverage Gaps on Linux: Why SSH Sessions Are Your Highest-Risk Ungoverned Access

Your SCIM provisioning connector ran its last sync six hours ago. It failed. Nobody received an alert. Nobody knows. The employee who left the organisation this morning still has active entitlements in the three applications connected through that SCIM integration. The access revocation that should have happened at offboarding ran, the IGA platform recorded the … Continue reading SCIM Connector Failures Are Silent. The Access Gaps They Leave Are Not.

Your MDM platform reports device location. What it does not tell you is how much of the shift that location data actually covers. Android distinguishes between foreground location and background location at the API level. Foreground location APIs deliver updates while the requesting application is the active process on the device screen. The moment the … Continue reading Android MDM Background Location Tracking: Why Foreground-Only APIs Miss Most of the Shift

What is the most sensitive system in your organisation? Not the most technically complex. The one with the highest concentration of data that would cause the most damage if a former employee retained access to it after leaving. For most manufacturing, financial services, and retail organisations, the answer is SAP. The general ledger. Accounts payable. … Continue reading Your Offboarding Checklist Has a Gap. It’s Called SAP.

Here is a question worth asking your compliance team: how long would it take to produce the evidence package for your next ISO 27001 or SOC 2 audit if the auditor announced it today? If the answer is measured in weeks, your organisation is not compliant. It is compliant-looking, periodically, when someone assembles the evidence. … Continue reading Audit-Ready Organisations Don’t Prepare for Audits. They’re Already Ready.

Your BYOD policy permits employees to access corporate applications from personal devices. The security team agreed to this because blocking personal device access was creating friction that hurt productivity. The IT team agreed because enforcing full MDM enrollment on personal devices was operationally impractical and legally contested in some jurisdictions. What neither team thought through … Continue reading Access Layer Authentication Does Not Extend to Data Exfiltration Controls.

When did your MDM platform last produce a complete list of every application installed on every enrolled device? Not the applications you deployed through the MDM. Every application currently installed on each managed device, including what was installed after enrollment, outside the managed profile, or through channels your deployment policy did not account for. For … Continue reading Device Enrollment State and Device Application Inventory Are Two Different Datasets.

A security incident investigation is three days in. A privileged user accessed a production database server on a Tuesday afternoon. Something changed on that server that caused a downstream service failure two days later. The authentication log shows the login event. Username, timestamp, source IP, session duration. 23 minutes. The session ended cleanly. Nothing else … Continue reading SSH Session Logging and Authentication Logging Are Not the Same Control.