April 20, 2024
The importance of identity and access management in the modern digital enterprise cannot be denied. These programs ensure employees have timely access to the resources needed to complete their work, while simultaneously protecting those resources against unauthorized use and other security risks. They integrate provisioning, authorization and deprovisioning processes with HR management systems and generally ensure that the modern workforce functions effectively and securely.
While traditional IAM plays a vital role in every enterprise, it often leaves behind a critical group of stakeholders: the customers. Insiders benefit from advanced IAM technology, but customers are often left with simplistic tools that fail to meet their needs. At the same time, business leaders are left unable to use customer data to better market products and services.
Published January 2021 in SearchSecurity
Read the full article: Select a customer IAM architecture to boost business, security
Cybersecurity training programs play a crucial role in keeping employees informed about the changing threat landscape and about their personal role in protecting the organization and its stakeholders. Unfortunately, these programs often suffer from a lack of attention, resulting in dull and potentially outdated content that doesn’t effectively engage employees and, therefore, fails to achieve its cybersecurity objectives.
We’ve all been there: subjected to some sort of mandatory corporate training program that is outside our field of expertise and a distraction from the work we desperately need to finish. When the third nagging email lands in our inbox, threatening to notify our boss if we don’t complete the training program by the end of the day, we follow basic instinct. We open the 45-minute video in a new tab, press play and immediately turn our attention back to our work. If the sound stops in the background, we go back to the hidden tab and answer some simplistic quiz question with an obvious answer to get the video to continue.
Published December 2020 in SearchSecurity
Read the full article: Cybersecurity training for employees: The why and how
Network security architectural best practices are undergoing a dramatic shift. The long-forecasted move away from perimeter protection as a primary focus of network architectures seems to finally be underway as two new buzzwords shift into the consciousness of cybersecurity professionals: zero-trust network access and Secure Access Service Edge.
Simply put, the old network security method of using a drawbridge and moat to protect the castle doesn’t cut it nowadays. Virtualization, cloud computing and remote workers have shifted the placement of the moat, and the moat doesn’t necessarily protect against risks from inside the castle itself.
Published December 2020 in SearchSecurity
Read the full article: Why it’s SASE and zero trust, not SASE vs. zero trust
Coding is an essential skill across almost every technological discipline today, and cybersecurity is no exception. Cybersecurity professionals must understand coding concepts in order to correctly interpret the activity of malicious actors on their networks, and they must be able to write code to perform their own work more efficiently and effectively. While not every cybersecurity job explicitly includes coding skills as a job requirement, it’s hard to imagine any cybersecurity career that wouldn’t benefit from the ability to knock out at least a few lines of code every once in a while.
Cybersecurity pros who want to learn coding for the first time face a somewhat daunting question: Which language should they learn? There are dozens of popular programming languages in use today, and choosing a starting point can be an overwhelming task. There are five that I consider important elements of the modern cybersecurity toolkit:
Published December 2020 in SearchSecurity
Read the full article: 5 essential programming languages for cybersecurity pros
Encryption is one of the cornerstones of cybersecurity. Organizations rely on this technology to protect data while it is in transit over a network or when it is stored on a disk. Encryption relies on mathematical algorithms that perform intense computations that obscure data so it cannot be retrieved without access to the appropriate decryption key. That decryption key essentially serves as a password for the data. Thus, whoever holds the decryption key may unlock the data, while preventing access to those without it.
If encryption is good for data protection, double key encryption must be twice as good, right? Well, not necessarily. Performing encryption twice does not inherently add value in every situation. Organizations using an encryption algorithm with a strong key to protect data will likely not significantly improve security by encrypting data twice with double key encryption technology.
Published December 2020 in SearchSecurity
Read the full article: Weighing double key encryption challenges, payoffs
There’s a new security solution in town and it’s rapidly gaining traction. As with many security technologies that have come before it, XDR platforms currently exist in the gray area that lies somewhere between revolutionary new tech and a rebranding of existing solutions.
But what is XDR, and is the timing right for your organization to consider deploying it?
Before we get into the capabilities of XDR systems, it’s notable that the term XDR is itself the source of some confusion. What everyone agrees on is that XDR is meant to be the next step in endpoint detection and response platforms. However, some say XDR is an acronym for “extended detection and response,” while others say the X represents “anything,” just as XaaS is “Anything as a Service.” Still others simply use XDR as a noun, avoiding any expansion of the term.
Published October 2020 in BizTech Magazine.
Read the full article: XDR: The Next Evolution in Endpoint Detection and Response?
Around the world, academic researchers have turned their focus to combating the novel coronavirus. From medical schools to biology labs, researchers are working nonstop to better understand the virus, develop therapeutic treatments and create a vaccine that could lift the pandemic’s shadow.
Collaboration across higher education is bringing the world’s best minds to bear on COVID-19. The resulting intellectual property could have tremendous public health benefits. But it also has massive potential commercial value, and few things are more attractive to would-be cybercriminals than other people’s valuable ideas.
Published October 2020 in EdTech Magazine.
Read the full article: 4 Tips For Protecting Intellectual Property In Academia
When technology leaders encounter the term “zero trust” for the first time, they often find it off-putting. In a cybersecurity context, zero trust sounds like a paranoid approach, embracing the “trust nobody” philosophy that forms the basis for many negative stereotypes of cybersecurity teams.
The reality couldn’t be further from the truth. Zero-trust approaches to cybersecurity actually empower employees to work more effectively and remove barriers to efficiency created by legacy security controls.
Published October 2020 in EdTech Magazine.
Read the full article: The Fundamentals of Zero-Trust Security for Schools
For more than a decade, analysts and security pundits have declared the firewall era over and said that organizations had likely already signed their last firewall-related contract. First, it was the fact that mobility was rendering the perimeter irrelevant. Then they said the cloud was going to eliminate firewalls. Now there is talk that zero-trust security approaches will cause the firewall’s demise.
Yet, despite these bold predictions, few security professionals have removed all firewalls from their computing environments. Ignoring the shade thrown at them, firewalls soldier on.
Indeed, changes in technology and business led to significant evolutions in the firewall world. A shift has taken place from simple, stateful inspection technology to next-generation firewall offerings.
Published September 2020 in SearchSecurity
Read the full article: Top 4 firewall-as-a-service security features and benefits
Quick, find a copy of your agency’s cybersecurity incident response plan. Pull that binder off the shelf or call up an electronic copy. OK, now that you have it, let me ask you a few questions.
How long did it take you to find it? Did you have dust off the physical binder? When was the digital copy last accessed? And, most important, if you were about to launch into an incident response effort right now, how confident would you be with that plan by your side?
If that quick exercise left you with an uneasy feeling in the pit of your stomach, you’re not alone. Many agencies have very outdated incident response plans that haven’t been opened in months or years.
Published August 2020 in FedTech Magazine.
Read the full article: 5 Ways to Update An Agency?s Incident Response Plan