by Rebeca | Apr 14, 2025 | News, soffid
At Soffid, we take another step forward in our commitment to cybersecurity by obtaining both ENS-ALTO and Common Criteria certifications for our IAM and PAM solutions. These achievements reinforce our technical and strategic vision, and strengthen the trust placed in our platform by organisations that manage critical infrastructures.
Soffid is now the only European company to simultaneously hold the ENS High-Level (ENS-ALTO) certification and the internationally recognised Common Criteria (ISO/IEC 15408) standard—two of the most rigorous frameworks in the field of information security.
Dual validation with real-world impact
The ENS-ALTO certification, granted by Spain’s National Cryptologic Centre (CCN), confirms that our solutions comply with the highest standards of the National Security Framework (ENS), which is mandatory for public sector systems handling sensitive or classified information.
Meanwhile, Common Criteria is a global benchmark for IT product security, recognised by over 30 countries through the Common Criteria Recognition Arrangement (CCRA). Earning this certification means successfully passing a demanding, independent evaluation process—something that only a small number of vendors achieve.
Together, these certifications validate our ability to secure highly regulated environments across both the public and private sectors, including government agencies, healthcare institutions, financial services, energy providers, and telecommunications firms.
Security that goes beyond compliance
Rather than a final destination, these certifications are a natural outcome of our long-term technical strategy. As our CTO, Gabriel Buades, puts it:
“These certifications are the result of a long-term technological strategy—not a race to tick boxes.”
Since day one, we’ve embraced a clear vision based on three key principles:
- High-level security
- Operational simplicity
- Efficiency in identity lifecycle management
This approach allows us to deliver a robust, flexible platform that integrates seamlessly into complex architectures and facilitates regulatory compliance without adding unnecessary friction to our clients’ processes.
European technology for a global landscape
As Europe strengthens its focus on technological sovereignty, having a solution like Soffid—designed and developed entirely in Europe—is more important than ever. It’s not only about meeting today’s requirements but about building a future-ready identity governance model.
We’re proud to support organisations on that path with a solution that brings together innovation, trust, and strategic vision.
by Rebeca | Apr 8, 2025 | News, soffid
From April 28 to May 1, Soffid IAM will take part in one of the world’s leading cybersecurity events: RSA Conference 2025, held at the Moscone Center in San Francisco (USA).
Under the theme “Many Voices. One Community”, this year’s edition is expected to gather more than 41,000 attendees, 600 startups, 650 international speakers, and nearly 400 specialized media outlets, consolidating its role as a key meeting point for innovation, strategic reflection, and global collaboration in the sector.
A meeting place for the voices building the future of cybersecurity
This year, Soffid will be part of the Spain Pavilion, coordinated by ICEX and INCIBE, in collaboration with 21 companies that represent the technological strength of the Spanish cybersecurity ecosystem.
You’ll find us at Booth S-0642, in the Moscone South Expo Hall, where our team will showcase the capabilities of our Identity and Access Management (IAM) platform — a robust, flexible, and fully European solution that enables public and private organizations to simplify access management and ensure regulatory compliance with complete security.
European technology, global vision
Our participation in RSAC reinforces Soffid’s position as a world-class IAM platform, implemented by governments, critical infrastructures, and large enterprises across the globe. We will be sharing how our technology contributes to European digital sovereignty, reduces operational complexity, and provides full control over the identity lifecycle.
In an increasingly demanding global environment, IAM solutions must be able to adapt to heterogeneous systems, integrate multiple data sources, and respond quickly to any threat. At Soffid, we’ve been helping our clients achieve this for over two decades.
See you in San Francisco
If you’re attending RSA Conference 2025, we’d love to meet you in person.
📍 Booth S-0642 – Spain Pavilion
📍 Moscone South Expo Hall
📍 San Francisco, California (USA)
Let’s talk identity. Let’s meet at RSAC.
by Rebeca | Apr 1, 2025 | cybersecurity, iam, soffid
In the world of cybersecurity, small mistakes can lead to big consequences. And when it comes to identity management, even a minor bug—or a human error—can escalate into system-wide disruptions, affecting thousands of users or critical infrastructure.
At Soffid IAM, we believe that simplifying identity governance means eliminating errors before they become vulnerabilities.
Identity management: when a bug becomes a breach
A software glitch in a video game might be a harmless quirk. But in IAM, it can result in locked-out users, excessive access rights, or uncontrolled privilege escalation. In sectors like healthcare, finance, or public administration, these issues can lead to operational risks, data loss, or compliance failures.
What causes identity-related errors—and how to prevent them
-
Lack of specialized training
IAM is not just another IT function. It requires deep knowledge of each organization’s processes, systems, and the identity platform itself. Without proper training, engineers miss critical dependencies. That’s why Soffid empowers customers and partners through continuous enablement.
-
Limited testing environments
Relying on production environments for testing is a dangerous shortcut. Many organizations skip realistic test setups due to budget or time constraints, exposing themselves to higher risks. At Soffid, we encourage investing in pre-production environments that mirror real systems.
-
Unexpected third-party changes
In the cloud era, integrations can break overnight if a provider modifies their APIs or policies. This is why identity governance must be a shared responsibility across all IT stakeholders—and must be monitored proactively.
-
Poorly designed test scenarios
A common trap: testing what’s supposed to work, not what might go wrong. Thorough unit, integration, and user acceptance testing are vital. We’ve seen real cases where a missing “WHERE” clause disabled every user account instead of just one. The solution? Smarter testing.
From chaos to control, with precision and purpose
Identity security leaves no room for improvisation. At Soffid, we build environments where stability, traceability, and automation reduce human error and strengthen every access decision.
Our approach:
-
Train constantly
-
Create robust test environments
-
Involve every stakeholder
-
And above all: test with intention
Security without complexity. Identity without friction. That’s how Soffid IAM delivers control without compromise.
by Rebeca | Mar 25, 2025 | iam, soffid
Identity management is no longer just a matter of security—it’s a strategic lever for increasing productivity and simplifying complex processes. At a time when organizations are facing fragmented technological environments, multiple tools, and ever-changing regulatory requirements, having full control over who accesses what, when, and how has become a competitive advantage.
At Soffid IAM, we believe that identity governance should never mean added complexity. When companies simplify their access management models, they free up resources, reduce operational errors, and streamline internal processes. Fewer barriers, less friction, more efficiency.
Automating the identity lifecycle—from onboarding to permission revocation—is key to avoiding bottlenecks. How much time do teams lose waiting for manual approvals? How many hours does IT spend managing access on a case-by-case basis? With Soffid IAM, those efforts are significantly reduced thanks to intelligent workflows and a unified interface that puts control in the hands of those who need it—without unnecessary intermediaries.
And productivity doesn’t stop there. A well-implemented IAM platform prevents operational disruptions, ensures that users access their tools securely and without delays, and frees up technical staff to focus on higher-value strategic tasks. Because when access is agile, work flows.
The key lies in a converged and flexible approach, one that adapts to each organization’s pace. Some may need a full-featured deployment (IGA, PAM, AM), while others may require only a specific module. In every case, Soffid provides a solution that reduces complexity, improves efficiency, and boosts productivity without compromising security.
From chaos to control, without shortcuts or complications. That’s how we understand productivity in the world of identity management. Ready to simplify the complex?
by Rebeca | Mar 19, 2025 | Ciberseguridad, iam, open source, PAM, soffid
Cybersecurity is no longer about protecting a fixed perimeter. Organizations now operate in hybrid environments, employees access systems from anywhere, and non-human identities manage critical processes. In this new reality, Identity & Access Management (IAM) must evolve to provide security, control, and flexibility—without friction.
The End of the Perimeter and the Rise of Dynamic Identities
Traditional security models assumed that anything inside the corporate network was safe, while anything outside needed verification. That model is now obsolete. Today, access happens across multi-cloud environments, unmanaged devices, and AI-driven automation.
✔ 85% of security breaches are linked to compromised identities.
✔ 45% of organizations still rely on manual processes for access management.
✔ AI agents and bots now represent 30% of identities within enterprise infrastructures.
The challenge is clear: how to manage, secure, and audit identities without slowing business agility.
Smarter IAM: Security Without Friction
The evolution of IAM lies in solutions that anticipate risks, automate controls, and simplify user experience—all while strengthening security.
- Borderless identity governance: Soffid IAM manages both human and non-human identities with dynamic access policies.
- Adaptive authentication: Security based on real-time context, risk, and behavioral analysis.
- Controlled privileged access: With Soffid PAM, high-risk permissions are granted on demand, under strict supervision.
- Identity orchestration: Automated IAM workflows that reduce response times and minimize human errors.
A Future Without IAM Barriers
Organizations need security without roadblocks, vendor lock-in, or unnecessary complexity. With Soffid IAM, enterprises can operate with the confidence that every access is protected, every identity is controlled, and every security decision is backed by advanced technology.
Discover how Soffid IAM is redefining identity security in a perimeterless world.
