Hey like the new name My Zero Trust Predictions are largely more of the same.  It's a desired state, but it requires other IAM prerequisites before it should be attempted or proclaimed.  I've described these as a three-legged stool before: 1 Passwordless 2 Least privileged…

The internal/external domain controller approach could be the right way to go. The internal must already be in place, right?  Microsoft Active Directory (hopefully migrating to Azure Active Directory). Microsoft is the clear market share leader for identity systems so I…

What's the issue, expense?  How does one eliminate risk if they can't positively identify who's logging into the network?  Depending upon the devices (endpoints) in use, I'd recommend steering them toward a push MFA solution (Duo is an example).  A lot of companies will add…

There are two types of passwordless activities going on right now. A lot of vendors will allow you to register a device - yes using an initial password - and then rely on biometrics later. There are a few that will generate this initial password for you. The second never…

It's safe if you have good authentication for your session certificate. Good insights and advice below.

It also depends upon what capabilities are required in your environment. Is the basic need for an access control product? This is what ITOps did back in the days before there were security teams.  Do you require advanced authentication capabilities or privileged user…