What are the best practices for identity and access management you’ve implemented that have been most effective for improving your overall security posture?

Identity & Access Management (IAM)Risk Management
5.6k viewscircle icon1 Upvotecircle icon9 Comments
Sort by:
VP of Information Security7 months ago

password rotation for service account and use of vault.

VP of Information Security7 months ago

Integration with ITSM tool for common source of request, avoid duplicate digital identity for same person(human), unique identity for each human, enable MFA, access policies based Need to Know fundamentals are few key best practices.

IT Manager in Construction7 months ago

Start from a zero trust approach everywhere. It should lead your mind and mindset.

Director of Systems Operations in Healthcare and Biotech7 months ago

MFA, Account / Access Review, Account Time Outs.

Lightbulb on1 circle icon1 Reply
no title7 months ago

Agreeed + PAM and SSO.

VP of Information Security in IT Services8 months ago

Zero Standing Privileges

1 Reply
no title7 months ago

+1

Content you might like

AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

Read More Comments

In response to Microsoft's Sharepoint vulnerability, will you push for stricter contract terms from vendors regarding "zero day" attack response times, transparency, and customer notification?

Yes, will try to add SLAs around zero day attacks14%

Maybe, waiting to see how this incident resolves86%

No, current contract terms are adequate

View Results

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

Non-human identities (NHIs), such as API keys, service accounts, and tokens, outnumber humans by 25 to 50 times and often go ungoverned. From Entro’s 2025 report:
• 90% have excessive permissions
• 44% are exposed in the wild
• 91% of stale secrets are never revoked

What helped us: inventory, assign owners, right-size access, monitor behavior, and test continuously.

How mature is your NHI program? Biggest barrier, tooling, ownership, or adoption?

Are you confident your org is tracking/reporting the right cyber metrics?

Completely confident (we’re tracking all necessary metrics)18%

Very confident (only minor improvements needed)53%

Mostly confident (some gaps to be addressed)21%

Sort of confident (significant room for improvement)8%

Not confident (major changes required)

View Results