Risk aware IAM for an insecure world

Yet another data breach has fallen upon us. This time at the popular cloud Identity-as-a-Service (IDaaS) provider, OneLogin, which spooked more than a few executives because, well, the cloud is more secure than on-prem right?

What we know about the OneLogin data breach so far: OneLogin is used by more than 2000 enterprise customers worldwide. AWS API keys were compromised (stolen) by the attacker(s) surely resulting in unprecedented access to sensitive data. According to OneLogin, the attacker “gained access to database tables containing information about users, apps, and various types of keys.” It may be assumed that, with the API keys being compromised, sensitive customer data and account credentials were also compromised.

Read more at – Risk aware IAM for an insecure world