What are the best practices for identity and access management you’ve implemented that have been most effective for improving your overall security posture?

Security Strategy & Roadmap Identity & Access Management (IAM)

5.7k views1 Upvote9 Comments

Sort by:

VP of Information Security8 months ago

password rotation for service account and use of vault.

VP of Information Security8 months ago

Integration with ITSM tool for common source of request, avoid duplicate digital identity for same person(human), unique identity for each human, enable MFA, access policies based Need to Know fundamentals are few key best practices.

IT Manager in Construction8 months ago

Start from a zero trust approach everywhere. It should lead your mind and mindset.

Director of Systems Operations in Healthcare and Biotech8 months ago

MFA, Account / Access Review, Account Time Outs.

1 1 Reply

no title8 months ago

Agreeed + PAM and SSO.

VP of Information Security in IT Services8 months ago

Zero Standing Privileges

1 Reply

no title8 months ago

Content you might like

I’m in the process of developing and formalizing the Risk Appetite Statement (RAS) for my organization, a public transport operator. Before we bring the draft to the Board, I’d appreciate your views on the best approach for engaging the Senior Leadership Team (SLT): Is 1:1 engagement more effective to gather candid input? Or would a group workshop be better to align perspectives and drive collective ownership? If anyone has experience developing a RAS specifically for a public transport or infrastructure-focused entity, I’d love to hear your lessons learned or key considerations. Appreciate any tips or tools!

CISO here at a large enterprise—between NIS2, DORA, the Cyber Resilience Act, and growing internal pressure around shadow AI and ransomware response, it feels like we’re constantly balancing compliance overhead with real operational risk. What’s the one thing you’re losing the most sleep over in 2025?

How soon after someone leaves your organization is their user account deprovisioned?

Immediately33%

Within a day53%

Within a week11%

More than a week1%

View Results

Which is best OAuth2 vs JWT?

OAuth274%

JWT25%

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

What are the best practices for identity and access management you’ve implemented that have been most effective for improving your overall security posture?

Sort by:

Content you might like

How soon after someone leaves your organization is their user account deprovisioned?

Which is best OAuth2 vs JWT?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

What sets us apart?

Take Your Insights On-the-Go

What are the best practices for identity and access management you’ve implemented that have been most effective for improving your overall security posture?

Sort by:

Content you might like

How soon after someone leaves your organization is their user account deprovisioned?

Which is best OAuth2 vs JWT?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.Has anyone implemented a "not relevant" risk tier in their model?This tier would apply to vendors posing genuinely negligible security risk.

What sets us apart?

Take Your Insights On-the-Go

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.