One of the biggest misconceptions in cloud security is the perception that
identity management (IDaaS) and access management (SSO) are the same thing.
And it took a viewing of the famous Star Trek episode called Mirror Mirror
for me to best illustrate and articulate the difference between the creation
and management of a user account and credentialed rights and the funneled
applications that entity is allowed to see. For those unfamiliar with the
episode, it’s the one where Kirk is transported into an alternate universe
and meets evil Spock (the one with the beard)...but more about that soon.
Simply, IDaaS is the administrative function that creates and maintains a
user’s network identity. It segments their privileges by roles and rules.
This is called provisioning. Your starship just hired a new lieutenant to
communicate with new life and new civilizati... (more)
One byte at a time.
Now before you roll your eyes at my stupid pun, consider the deeper wisdom to
this IT twist on an very old adage.
Security is big. It encompasses a great many definitions, confronts a great
many issues and is addressed through a great many solutions using a great
many formats. For many organizations, it can be an overwhelming proposition.
Beyond the issues of data defense, regulatory compliance, traffic management,
identity regulation, archiving, reporting, access control, intrusion
detection, encryption, app administration, help desk assistance, there is the ... (more)
Every 4,000 miles or so I bring my car into have the oil changed, the brakes
checked and tires rotated. Why? Because I know if I leave it to chance, at
some point down the road something much more devastating will affect the car.
Many of us follow this simple preventive best practice.
Then why is it major corporations and modest enterprises alike wait until
their security is breached to address growing concerns of data theft, private
information leakage or worse? Many of these companies spend hundreds of
thousands of dollars in various security initiatives (especially those bound ... (more)
Over and over again I am confronted with disturbing statistics on how risk is
growing in disproportion to security readiness.
-91% of companies have experienced at least one IT security event from an
-90% of all cyber crime costs are those caused by web attacks, malicious code
and malicious insiders.
-40% reported rogue cloud issues (shadow IT) experienced the exposure of
confidential information as a result
-34% share passwords with their co-workers for applications like FedEx,
Twitter, Staples, LinkedIn.
These are real stats from studies by like Gartner, Forreste... (more)
Earlier this month I attended a local cloud developers group, and I met a
gentleman who consults with companies to engage in deep dive forensic
examinations of their networks. He looks for the virtual fingerprints of
misdeeds, fraud, and misdoings that can be used for e-discovery in legal
cases. He essentially gets down to the bits and bytes of how much information
flows to certain IP addresses to ascertain whether or not proprietary data
has been tampered or stolen.
He confirmed something that I long believed to be true. One of the greatest
threats to an organization comes from... (more)