What are some best practices for integrating an AAA framework with existing IT infrastructure (directory services, identity management systems, access control mechanisms)?

Process ManagementIdentity & Access Management (IAM)Security Strategy & Roadmap+1 more
1.4k views2 Comments
Sort By:
Oldest
Managing Partner in Miscellaneousa year ago
This is way way harder than it should be. Okta and something like Azure AD seems to be the best overall solution. I would also consider the broader topics around log analytics, anomaly detection, SEIM, end user compute, MDM etc. as a part of any AAA discussions and plans. Too often those are treated separately and not part of a comprehensive solution.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Head of Cyber Security in Manufacturinga year ago
Know your goal, from on-premise to cloud to physical access how can identity be backed in that its end to end seamless. The tighter the integration the less friction the business faces. (if you got a yubikey or smartcard people can logon within 5-15 seconds, if you got e-mail+password+mfa it skyrockets for many people to more than 1 if not 2 minutes case they need to type way more)

Dont forget to get started with IGA where you can hand over due care tasks of access assignment/re-certification to people who have the proper authority, IT/Security is in most cases the wrong place.

In regards to logging, it eases life in case of failures/problems/breaches. In best case you got phishing resistant authentication mechanism so the log would be the last resort in case something did go wrong or in case you need to verify of bad insider/lost key fob simililar.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

Single sign-on (SSO) increases the chance of a major network security breach.

Single Sign-On (SSO/SAML)Identity & Access Management (IAM)Third Party Risk Management (TPRM)

Strongly agree4%

Agreee59%

Neutral23%

Disagree12%

Strongly disagree1%

View Results
3.8k views2 Upvotes3 Comments

I am trying to understand what are the key skills on the ground that would be pivotal for moving our company to a digital first organization? Have you trialed anything in your organization? What are the skills and trainings you recommend that would be beneficial for the CDIO function at a high level to at least be prepared for the digital disruption in the next two years?

Process Management
Banking Platform Transformation Lead in Finance (non-banking)8 days ago
 Not knowing the current state of your organization, it is difficult to say definitively what skills and training are required for the CDIO function. However, based on my experience of working on multiple digital transformation ...read more
1
Read More Comments
1.6k views7 Comments

Google recruiters have recently begun requesting written proof of rival job offers for tech roles before considering upping their own offer. Does this give Google a competitive edge when it comes to salary negotiations?

People & LeadershipProcess ManagementNews+1 more

Yes, this allows Google to see competitor compensation package structures and improve their own.81%

No, offer letter reviews should be standard industry practice.18%

2.7k views2 Upvotes8 Comments

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments