Enterprise security can be a labyrinthine, complex beast with many moving
parts, dozen upon dozen of requirements, needs, implications, options and
But when we get down to the nitty gritty (the brass tacks if you will), cloud
security can be simplified by six simple questions:
WHO is logging in?
WHAT are they accessing/viewing?
WHERE is the device from which that person logs in?
WHEN was any asset changed/modified/moved
HOW are they authorized/credentialed?
WHAT is the impact of the event?
Now determining the answers to those questions might require a bit of
coordination, but in terms of initiative and priority, it is the answers to
the above questions that must drive any enterprise security initiative.
The concept of enterprise security is simple. Allow those who you want to see
and access data in, and everyone else out. Of course the addendum to that... (more)
One of the biggest misconceptions in cloud security is the perception that
identity management (IDaaS) and access management (SSO) are the same thing.
And it took a viewing of the famous Star Trek episode called Mirror Mirror
for me to best illustrate and articulate the difference between the creation
and management of a user account and credentialed rights and the funneled
applications that entity is allowed to see. For those unfamiliar with the
episode, it’s the one where Kirk is transported into an alternate universe
and meets evil Spock (the one with the beard)..... (more)
Every 4,000 miles or so I bring my car into have the oil changed, the brakes
checked and tires rotated. Why? Because I know if I leave it to chance, at
some point down the road something much more devastating will affect the car.
Many of us follow this simple preventive best practice.
Then why is it major corporations and modest enterprises alike wait until
their security is breached to address growing concerns of data theft, private
information leakage or worse? Many of these companies spend hundreds of
thousands of dollars in various security initiatives (especially those bound ... (more)
The modern enterprise is a fluid entity. As an IT construct it expands and
contracts (sometimes simultaneously), and many of the moving parts (like
users and applications) are themselves evolving and changing. This creates
unique challenges in operational efficiencies, core competency support,
compliance observance and risk management. The central theme to all these
challenges is establishing and maintaining control of applications which
serve as gateways to all the valuable data (personal, trade secrets and other
IP) on which an enterprise exists. Many companies have turned to ... (more)
Security is not an all-or-nothing proposition. And that’s part of the
problem. It creates blind spots; gaps in vulnerability. Partly because of the
inherent complacency that after a company institutes a new security
initiative that hackers will be held at bay, or the employees won’t be
tempted to make off with a database or a hundred other internal or external
I have long promoted that security is as much about planning and process as
it is about the various solutions that are deployed to protect networks,
data, and other assets.
Security is no longer a wall. Stick up ... (more)