API Security

Featured image for eCBSV: new consent-based SSN verification service

eCBSV: new consent-based SSN verification service

Following worldwide trends of governments providing new and better identity and privacy services to consumers and banks, the Social Security Administration (SSA) is implementing a new fee-based Social Security number (SSN) verification service known as Electronic Consent Based Social Security Number Verification (eCBSV). This service follows worldwide privacy directives aligned with Open Banking, requiring data...
Read More
Featured image for Identity Management Day 2022: Are Your Digital Identities Secure?

Identity Management Day 2022: Are Your Digital Identities Secure?

Hosted by the Identity Defined Security Alliance and National Cybersecurity Alliance, Identity Management Day aims to provide education about the dangers of casually or improperly managing and securing digital identities, raising awareness and sharing best practices across the industry.   According to Gartner, APIs are expected to be the most frequent attack vector in 2022, and...
Read More
Featured image for Making Dynamic Authorization an Essential Pillar in Federal Government Zero Trust Architecture Strategies

Making Dynamic Authorization an Essential Pillar in Federal Government Zero Trust Architecture Strategies

Author: Brook Lovatt, Chief Product Officer of Cloudentity The government’s focus on Zero Trust has risen in the past year, as shown by the Biden Administration's May 2021 and January 2022 executive orders and the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. CISA’s Zero Trust Maturity Model is one of many roadmaps...
Read More
Featured image for Aligning Cloudentity Components with XACML Terminology

Aligning Cloudentity Components with XACML Terminology

Cloudentity is frequently asked how our components and features align with those of the legacy XACML (eXtensible Access Control Markup Language), including Policy Administration Points (PAP), Policy Decision Points (PDP), Policy Information Points (PIP), and Policy Enforcement Points (PEP). In this article, we will describe what the Cloudentity components are and how they align with...
Read More
Featured image for The Perimeter has Disappeared: Why Zero Trust and IAM are Essential to Secure the Modern Enterprise

The Perimeter has Disappeared: Why Zero Trust and IAM are Essential to Secure the Modern Enterprise

In the conventional, on-premises IT infrastructure, organizations worked within the boundaries of their well-defined enterprise network perimeter. In this setting, on-premises security tools like virtual private networks (VPNs) were mostly sufficient to secure users and devices within the perimeter walls. However, with the increase in remote work and cloud computing, organizations are leveraging various apps...
Read More
Featured image for Identity and Authorization At Cloud Scale

Identity and Authorization At Cloud Scale

The future has a lot to answer for. For decades we’ve been promised super-cool inventions that we still haven’t received - flying cars, jetpacks and IAM platforms that provide security, scale and manageability- all with wrapped up with 21st century automation. George Jetson’s job had two settings ("Start" & "Stop") and the computer did the...
Read More
Featured image for Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

Comprehensive Reporting and Insight of your APIs. Powered by Machine Learning.

APIs are the lifeblood of modern web applications. They’re crucial elements of any digital transformation as the provide the sinew that allows data to flow freely between internal development teams and external customers with agility and speed. But, their usage comes with a tradeoff, as their complexity can lead to security, risk, and privacy nightmares...
Read More
Featured image for ACL, RBAC, ABAC, PBAC, RADAC, and a Dash of CBAC

ACL, RBAC, ABAC, PBAC, RADAC, and a Dash of CBAC

As the title of this posting probably tells you, there are a LOT of acronyms out there talking about access control. To level the set, here are a few translations: ACL: Access Control List This is your basic gatekeeper. ACL has a list of users and a simple yes/no function, like a doorman at an...
Read More