09.13.2019 - Using Context-Based Authentication and Authorization to Minimize Risk

One of the most exciting advances in identity protection today is context-based authentication and authorization. You may also hear it called “adaptive” authentication and authorization. Context-based access uses analytic data that an identity platform compiles as part of the authorization and authentication process to improve authentication methods. These analytic-enhanced authentication methods should be even more effective at enhancing consumer safety and reducing online fraud. ...

09.13.2019 - Authentication 101: Your Basic Guide to Authentication

password-authentication Do you know what Adobe, Apple, Sony, Yahoo and Twitter have in common? Hint: Yes, they are mega-companies making hundreds of millions of dollars annually, but that’s not it. Answer: They’ve all been hacked by cybercriminals who breached passwords. That’s right — passwords. How do they do it? How do hackers guess passwords containing uppercase letters, lowercase letters, numbers and symbols? Do they spend their every waking moment trying out new combinations? Are they psychic? It’s actually easy for expert hackers to guess passwords, especially if they are weak passwords such as “12345” or “letmein.” To breach stronger passwords, hackers use password “crackers,” or software that repeatedly creates millions of letter/number/symbol combinations until the correct password is found. One type of password attack is the “dictionary” attack. The other is a “brute force” attack. Dictionary attacks use software that scans huge word files until the correct password is detected. Brute force attacks scan lists of virtually every possible password character. Although brute force attacks may take ten times as long as a dictionary attack, it’s inevitable that targeted password authentication processes will be thoroughly breached. ...

09.13.2019 - What is a Virtual Directory Server?

Essentially, a virtual directory server is a way to visualize the data between applications that are fundamentally incompatible, as well as directory servers and data stores that are incompatible. A virtual directory server is a type of software application known as a middleware application, and it abstracts back-end data from client software applications, which makes it possible to change the presentation of the data dynamically. You can simply integrate new applications into your current identity infrastructure without needing to alter directory data – your data stays in its original format and place.  ...

08.15.2019 - 2019 Gartner Magic Quadrant for Access Management

According to Gartner, “Niche Players provide access management technology that is a good match for specific use cases. They may focus on specific industries or have a geographically limited footprint; however, they can actually outperform many competitors.” ...

07.9.2019 - Zero Trust: Organizations can begin to trust users, devices and transactions starting with a high level of IAM services and support.

A Zero Trust model begins with strong identity and access management (IAM) solutions. The challenge is how to balance between absolute assurance (thereby  promoting maximum security) and end-user productivity and usability. The user identity can be challenged in many ways – for example, by requiring a hardware token or asking the person to answer a series of security questions – but overtly challenging the user can cause frustration and lead to lost productivity. ...

04.26.2019 - Does My Business Need Cloud Security?

If you have a business with sensitive information to protect, you may be wondering, “should my business use cloud security?” What distinguishes ‘cloud security’ from ‘on-premise’ security. Cloud security is a term for security technologies that leverage the power of the cloud. These advantages could be based on cloud-scale (ability to immediately provision more units to bear on a problem), pattern recognition (using a form of complex algorithms and/or A.I. to discover some type of intelligence about an alleged attack), identity proofing (ability to verify the digital identity can verify who they are by comparing them to known identities on other trusted external databases and networks), authentication assurance (ability to confirm access to applications/resources based on multiple proofs of who you know, what you possess or who you are), etc. ...

02.18.2019 - Mergers, Acquisitions and Divestitures – How to Unite Your Active Directories

CIOs that are under pressure to bring two companies’ IT systems and applications together after a merger or acquisition can unify their directory services quickly and inexpensively with a Virtual Identity Server. This paper looks at three of the leading approaches to bridging disparate sets of directory services into one seamless directory following a merger or acquisition. Conversely, we’ll look at the aspect of a divestiture, in which one company must entirely split out from another. Here, too, directory services play a role in a clean and quick divestiture or spin-off. ...

02.6.2019 - European Identity & Cloud Conference Ticket Giveaway

Optimal IdM is giving away tickets to the conference! Win one of three free tickets to the entire conference and workshop sessions. Participation is free of charge and the closing date for entries is April 19, 2019. Winners will be notified by e-mail and/or by phone. ...


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.