We interviewed IT and security teams on what actually works in access control: shared ownership, data-first controls, enforce at change time, route approvals to app owners or automate, pre-approved groups for JIT access. https://oblique.security/blog/policies-report/

What *really* works in access control? We asked modern IT and security teams how they define and improve their policies — in reality, not in theory. Read the report: oblique.security/blog/policie...

The biggest scaling challenge for IT and security teams isn't technical — it's organizational. When you're managing access for thousands of employees and hundreds of applications, you need to know: who owns what? Read more in our latest post: oblique.security/blog/delegat...

You shouldn't build your internal tools in git unless you hate your users. Stop making me learn git. Stop trying to make git happen 💁‍♀️ oblique.security/blog/git-int...

If you're interested in learning more about what's happening in the IAM market — and who's competing with Okta and why — then you should read our cofounder @mayakaczorowski.com's latest post.

Your job title makes a bad RBAC role: what access does a Chief Happiness Officer need, anyways? A role in RBAC should represent what someone actually does in your environment. Your job title is your position, not your job function. Read more in our latest blog post: oblique.security/blog/rbac-ro...

Comms groups map to how people actually work, and often, access groups don't (but they should). But comms groups always become access groups. It's not a matter of if, but when. Read more in our latest post: oblique.security/blog/comms-a...

Check out our cofounder @mayakaczorowski.com's post on @frankw.bsky.social's Frankly Speaking on how modern security teams are scaling. Read the post for the new commandments of security teams: franklyspeaking.substack.com/p/the-new-co...

Check out the latest from our cofounder @ericchiang.bsky.social to learn about a neat Go type trick to avoid query injection in SQL builders.

Over the past 60 years, we've gone from reusing the same password everywhere to advanced biometric authentication like FaceID. Dive into the history of authentication in just 2 minutes!

Authentication has evolved from simple passwords to federated systems with passwordless logins, with a constant push and pull to balance security and usability. Deep dive into the evolution of authentication in our latest blog post! oblique.security/blog/history...

Instead of minting long-lived API keys, you can use GitHub Actions' OpenID Connect support for workload identity. Here's how we authenticate config-as-code workflows in Oblique without secret management headaches. Better security + Better developer experience 💟 oblique.security/blog/github-...

Check out this interview with our co-founder @mayakaczorowski.com on finding and solving problems that have real security impact - like why access management is a perennial issue for organizations. thesecuritywing.com/making-iam-l...

Most access request justifications are useless. "Please give me access" doesn't give you any context, it's just someone trying to get back to work. oblique.security/blog/justifi...

IT teams are afraid of removing access — what if something breaks? Even if you don't know why someone has access, you should be able to figure out if they're using it. Removing unused access isn't risky — never removing access is. Read more in our latest blog post: oblique.security/blog/chester...

Identity management has quietly become the primary security perimeter. But it's a mess — identity requires constant manual work that security teams burn out from. At Oblique, we're helping organizations make their access controls actually maintainable. Full post: oblique.security/blog/identit...