Posts in Opinion

by Simon Moffatt
March 14, 2023

What Should Thoma Bravo Do With ForgeRock?

An opinion piece analysing the potential acquisition of ForgeRock by private equity firm Thoma Bravo.
0
read more
by Simon Moffatt
December 19, 2022

2022: A Year in Review

I wanted to wrap up 2022, with an anecdotal look at some of the key facts and figures that made up the bulk of The Cyber Hut's interactions, research and community engagement over the past year. It has been a great year professionally and personally, yet parts of the world are still being ravaged by the pandemic, conflict, economic turmoil and the cost of living crisis. Hopefully 2023 can start to stabilise some of those broader problems we will undoubtedly all feel in the coming months. I want to take a retrospective look back at 2022 in numbers, adding in a few stories and comments as I go. I hope you enjoy it and thank you to all of the global identity and access management community who have engaged with The Cyber Hut over the past 12 months.
1
read more
by Editor
December 15, 2022

The Network and Information Systems Regulations – The What and The Why

The next NIS-D directive is live in a second iteration and regulators of Critical National Infrastructure (CNI) across Europe are working to evaluate and adapt the directive to country specific regulations. Thus, the UK (through the Department of Culture Media & Sport) have issued their consultation outcome for regulation of managed service providers and updates to the NIS regulation.
0
read more
by Simon Moffatt
November 25, 2022

Comment: US Department of Defense Zero Trust Reference Architecture 2.0

Zero Trust has been with us for the best part of a decade - since the likes of the Jericho Forum, Google's Beyond Corp and ex-Forrester analyst John Kindervag have all promoted a view of moving the concept of "trust" from a location to a concept based on the identity, device and associated context. Version 2.0 of the US Department of Defence Zero Trust Reference Architecture has been cleared for public release and is a good, detailed read regarding an actual migration and implementation model. The document is available here.
2
read more
by Simon Moffatt
October 21, 2022

Authenticate 2022: A Review

This week saw the FIDO Authenticate conference take place in Seatle. I attended via the virtual remote route, going through the vast majority of the sessions from the comfort of the office. A few items that stood out for me.
0
read more
by Simon Moffatt
October 7, 2022

IAM Deployment Model Definitions

Even as many organisations are moving to a "cloud first" strategy for the consumption of new applications and services, the cloud line is blurred. Not all services can be consumed in a pure cloud setting, and not all "clouds" are the same.

Any analysis in the popularity, options or strategy with respect to IAM deployment should be firmly based against a set of basic definitions.

1
read more
by Simon Moffatt
September 2, 2022

Authorization: Why Now & What Next

Security starts when authentication ends. It's a line I have used a few times over the years as it is one I actually quite believe in. In an era where firewalls are derided as being pretty toothless in the fight against omnipresent complex cyber attacks - and the concept of trusted networks quite rightly become obsolete in the world of "zero trust" - it always seemed odd to me, to put such a large emphasis on stringent authentication services. Clearly authentication is hugely important don't misunderstand, but my point really was that authentication (even with a strong MFA component) becomes less relevant if a) it is not continuous and b) not part of a more holistic approach focused on the access control of services, data and APIs.
0
read more
by Simon Moffatt
August 25, 2022

Identity Trust: The Seen and Known Matrix

Trust within the identity world is a huge priority. Trust regarding the on-boarding and registration of external users via proofing (think assurance levels using identity validation and verification techniques) right through to creating trust labels for employees in order to monitor for malicious activity - that is either driven by external threat actors, insider threat or just unintentional bad user behaviour.
1
read more
by Simon Moffatt
July 12, 2022

From Automation to Autonomy: How Identity & Access Management is Changing

When on briefings and inquiry workshops there are often emerging themes that start to spring up repeatedly. Perhaps every few months, perhaps under different projects, using different terms and stories and perhaps from unexpected people or teams.

There has been one theme over the past 12 months or so that is difficult to ignore: not only how identity based security has left-shifted into the thinking of information leaders to being a first-class citizen in the technology arsenal, but how identity is moving into a new territory. The territory of autonomy.

1
read more
by Simon Moffatt
June 24, 2022

Identity Trends at Infosec 2022

This week saw the London edition of Infosec Europe - essentially a smaller version of the RSA Conference a few week ago in San Francisco. There were about 15,000 attendees and 300+ solution providers from a range of cyber and information security areas. Of course my primary interest was to get briefings and understand the viewpoint from an identity and access management perspective and see how far the tentacles of identity were now spreading into other orthogonal areas of security. It didn't disappoint and I had some thought provoking conversations...
1
read more

Registered in England & Wales as TCH Research Ltd 13188456. Registered Office: 7 Christie Way, Christie Fields, Manchester, M21 7QY, UK. Email: info@thecyberhut.com

© 2021 - 2024 The Cyber Hut.