Trending Articles

What is the most sensitive system in your organisation? Not the most technically complex. The one with the highest concentration of data that would cause the most damage if a former employee retained access to it after leaving. For most manufacturing, financial services, and retail organisations, the answer is SAP. The general ledger. Accounts payable. … Continue reading Your Offboarding Checklist Has a Gap. It’s Called SAP.

Here is a question worth asking your compliance team: how long would it take to produce the evidence package for your next ISO 27001 or SOC 2 audit if the auditor announced it today? If the answer is measured in weeks, your organisation is not compliant. It is compliant-looking, periodically, when someone assembles the evidence. … Continue reading Audit-Ready Organisations Don’t Prepare for Audits. They’re Already Ready.

Your BYOD policy permits employees to access corporate applications from personal devices. The security team agreed to this because blocking personal device access was creating friction that hurt productivity. The IT team agreed because enforcing full MDM enrollment on personal devices was operationally impractical and legally contested in some jurisdictions. What neither team thought through … Continue reading Access Layer Authentication Does Not Extend to Data Exfiltration Controls.

When did your MDM platform last produce a complete list of every application installed on every enrolled device? Not the applications you deployed through the MDM. Every application currently installed on each managed device, including what was installed after enrollment, outside the managed profile, or through channels your deployment policy did not account for. For … Continue reading Device Enrollment State and Device Application Inventory Are Two Different Datasets.

A security incident investigation is three days in. A privileged user accessed a production database server on a Tuesday afternoon. Something changed on that server that caused a downstream service failure two days later. The authentication log shows the login event. Username, timestamp, source IP, session duration. 23 minutes. The session ended cleanly. Nothing else … Continue reading SSH Session Logging and Authentication Logging Are Not the Same Control.

A provisioning record captures a point-in-time entitlement decision: this user was granted access to this application on this date. It records that the door was opened. It contains no information about whether anyone has walked through it since. An access usage record captures an event: this user authenticated and launched this application at this timestamp … Continue reading Provisioned Access and Accessed Access Are Two Different Datasets.

If your SSO platform had a service disruption at 2am tonight, how would your team find out about it? For most IT operations and security teams, the honest answer is: when the support tickets start arriving in the morning. Someone arrives at work, tries to log in, fails, and raises a ticket. By the time … Continue reading Authentication Visibility Stops Where Your Monitoring Stack Ends.

The IAM layer generates the earliest detectable signal of a credential attack. Before any account is compromised, before any privileged session is opened, before any data is accessed, the attack produces a pattern in the authentication event stream: MFA failure spikes across multiple distinct account identifiers, account lockout clusters on targeted identifiers, or anomalous recovery … Continue reading IAM Authentication Events Are Absent From Most SIEM Detection Pipelines.

Defensible audit evidence for an access grant has a specific technical definition. It is not a confirmation that the access exists. It is not a record that the access was provisioned. It is a structured record of a formal authorization decision: the identity of the person who approved the access, their authority to approve it, … Continue reading Informal Access Provisioning Produces No Defensible Audit Evidence.