Most organisations don’t experience security as a single, dramatic failure. What they experience instead is a gradual accumulation of doubt. A vague sense that things are probably fine -- until one day they very clearly aren’t -- and, awkwardly, no one can quite point to the moment when “fine” became “concerning”. Security decisions are usually made in good faith and with the best information available at the time. Licences are procured, solutions deployed, policies agreed upon. Then the...

Anyone who has ever been responsible for identity knows one thing: this is not a quiet corner of IT. Identity teams do heroic work every day, often with tools that were never designed for the speed or complexity of modern organizations. If there were medals for “things that only break when everyone is already busy,” identity would take gold every year. Identity teams don’t get enough credit for how much they hold together with sheer determination and caffeine. They deal with the kind of...

Every organization has an IAM problem. Most just haven’t stumbled into it yet.....