An introduction to just in time, next generation authorization vendor sgnl.ai
Over a 4 week period I asked the preferred deployment model option for four key identity and access management services: consumer identity, workforce access management, identity governance and administration and privileged access management. The results where subtle and nuanced.

Passwordless authentication is often described as improving both the usability and security aspects of both the employee and customer identity journeys. Many approaches to passwordless have emerged over the last 5 years - including hardware, software, biometric and standards based initiatives.

In November 2021, The Cyber Hut released a 61 page buyer guide for passwordless authentication, describing the vendor capabilities, requirements, integration options, B2E and B2C use cases and planning recommendations for migration.

A brief snapshot of questions to consider, when engaging software based solution providers in this space is described here.

Our latest LinkedIn poll on September 27th was focused on understanding the role and impact of artificial intelligence and machine learning (AI/ML) technology on the general identity and access management industry.
Security starts when authentication ends. It's a line I have used a few times over the years as it is one I actually quite believe in. In an era where firewalls are derided as being pretty toothless in the fight against omnipresent complex cyber attacks - and the concept of trusted networks quite rightly become obsolete in the world of "zero trust" - it always seemed odd to me, to put such a large emphasis on stringent authentication services. Clearly authentication is hugely important don't misunderstand, but my point really was that authentication (even with a strong MFA component) becomes less relevant if a) it is not continuous and b) not part of a more holistic approach focused on the access control of services, data and APIs.

A long read post investigating the evolution of decoupled authorization platforms – including use case and capability analysis and brief vendor review including Axiomatics, PlainID, Styra and Scaled Access.

This post is only available to members.
Vendor introduction report covering oort.io - an emerging vendor in the Identity Threat Detection and Response sector.

A review of authorization related features added to Microsoft Azure Platform between 2019-2022.

This post is only available to members.
Do we need a "Chief Identity Officer"? What might drive the need for this and can existing business operating models satisfy the need for identity centric metrics?
Some items that have hit The Cyber Hut intelligence inboxes this week. State of Passwordless Authentication 2022 HYPR HYPR, a provider of passwordless authentication, recently released their updated passwordless authentication report (sign up required). The commissioned report focuses on describing the weaknesses associated with existing authentication components. The basic username and password is under increasing […]