The Government Cloud is Coming

If you’re like me, you’ve been hearing the phrase, “the cloud is coming” for years before you ever learned that winter was too. I never read any of the books, which first came out in 1996, so it wasn’t until the Game of Thrones TV series started in 2011 that I first heard the phrase “winter is coming.” So, when did I start hearing of the cloud’s inevitability? For me, the “cloud” started when people began insisting that it didn’t really exist, like Oracle’s Larry Ellison did back in 2008. And I distinctly remember thinking that ‘ol Larry had a point….

Last Hurrah for Yahoo? 500 Million Accounts Compromised

I have personally been on Yahoo email since it was released in 1997 (almost 20 years!). I remember how cool it was to have an email address that would live independently from my school, work and ISP accounts. This was especially cool because I lived in Silicon Valley and all three of those emails tended to change every few years. I have been a loyal user of Yahoo mail even when seemingly better or more popular alternatives were available (Gmail, AOL, me.com, Hotmail, etc.). Well, today is the day that I may finally consider making the move to another service. Turns out…

Centrify Provides Day One Support for macOS Sierra and iOS 10

Today Apple released macOS Sierra and once again Centrify has ensured that our customers are ready to embrace the new release and its exciting new features with day one support. Centrify’s day one support for Sierra is effective across the entire product line, including our Centrify Identity Service, Centrify Express for Mac and Centrify Express for Mac Smart Card offerings. In addition to supporting the latest macOS release, Centrify has also provided day one support for the recently released iOS 10 update. With support for both of the new releases from Apple our customers can rest assured that they can take…

Snowden: A “Trust but Verify” Story Gone Wrong

Snowden Movie Night Oliver Stone has brought “Snowden” to the big screen. Blimey. I’d finally stopped culling my social networks to the bone, put Mr. Robot hoodies in a box in the garage and stopped checking behind the shower curtain before getting in. Oh well. With hindsight and better insight, let’s reflect on some steps the government could take to mitigate this kind of situation happening again. In this blog, though, for a change, I’m going to start with the human angle instead of diving headlong into the technology. I want to highlight first the “people” in “people, process and…

How to Protect Yourself from a Social Engineering Attack

Hackers are after you. Not just “you” as a consumer using your devices to shop. Not just “you” as an employee accessing your company network, e-mail or applications. They are after you. The more they know and can readily find out about you, the easier it is to impersonate you for purposes of further compromise. One of the most common ways this happens is through social engineering — psychological manipulation of people into performing actions or divulging confidential information. Social engineering has been around for a long time; in fact, one of the earliest examples cited was the original Trojan Horse made of wood! However,…

Shared Account Password Management in the Federal Government: Then and Now

One of my first consultant jobs involved installing agents on Unix servers, a procedure which required root access. I still remember the first time I was onsite at a military base to help a customer install the software because it was also my first experience with a physical vault that stored computer passwords. When it came time to enter in the root credentials, my client made a phone call, and then this other person comes in from down the hall, opens up a wall safe using a memorized combination and pulls out a folder. This person verifies my client’s badge…

Why the New York Banking Cybersecurity Regulations Are Imperative and Timely

New York Governor Andrew Cuomo’s announcement of proposed new and far-reaching regulations to protect New York State banks, financial institutions and insurance companies against escalating threat of cyberattacks is both timely and imperative. The regulation requires institutions to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York’s financial services industry. The proposal is a landmark initiative to elevate the security posture and preparedness of New York’s thousands of financial institutions in combatting cyber-crime through a cybersecurity program that performs five core functions: Identification of cyber risks. Implementation of policies and procedures…

Russian Hackers Target World Anti-Doping Agency in Latest Breach

What Happened: A Russian cyber espionage group known by the name of Tsar Team, also calling itself Fancy Bear, were successful in illegally hacking the World Anti-Doping Agency (WADA). The Anti-Doping Administration and Management System (ADAMS) database was accessed using a compromised account provided to the International Olympic Committee for the Rio 2016 Games. A release by WADA indicates, “While it is an evolving situation, at present, we believe that access to ADAMS was obtained through spear phishing of email accounts.” Olivier Niggli, Director General, WADA states, “WADA has been informed by law enforcement authorities that these attacks are originating…

Top 3 Takeaways from the 2016 Cyber Security Study by Wells Fargo Insurance

Wells Fargo Insurance released their 2016 Cyber Security Study this week. Over 100 decision makers at companies with at least $100 million in annual revenue were surveyed to better understand perceptions of network security and data privacy vulnerabilities and related business exposures and risks. Three interesting takeaways from this study include: Takeaway #1: The Rise of Imposter Fraud Whether you call it CEO fraud, fraudulent inducement, social engineering fraud or business e-mail compromise scams, 21% of respondents have been targets of impostor fraud. Unfortunately, most suffered a financial loss, and often a significant one ($500k+). In fact, in April 2016,…

Centrify Privilege Service Deploys Everywhere: On-premises, Private Cloud or PIM-as-a-Service

I’m very pleased to announce that we’ve added a brand-new deployment option to Centrify Privilege Service, our enterprise-grade privileged identity management (PIM) solution for remote access, shared account password management, multi-factor authentication (MFA) and privileged session monitoring. Privilege Service is now the only product of its type available today that natively supports all three deployment models that enterprise customers need: on-premises, private cloud and public cloud. Privilege Service has been available as PIM-as-a-Service from day one, i.e. the public cloud deployment option. And now, you have the option to install, deploy and manage Privilege Service within your own IT environment….