Snowden: A “Trust but Verify” Story Gone Wrong

Snowden Movie Night Oliver Stone has brought “Snowden” to the big screen. Blimey. I’d finally stopped culling my social networks to the bone, put Mr. Robot hoodies in a box in the garage and stopped checking behind the shower curtain before getting in. Oh well. With hindsight and better insight, let’s reflect on some steps the government could take to mitigate this kind of situation happening again. In this blog, though, for a change, I’m going to start with the human angle instead of diving headlong into the technology. I want to highlight first the “people” in “people, process and…

Cybersecurity Best Practices in 2016 — Start by Securing Your Identity

Each year the folks at FireEye release the M-Trends report compiled by their Mandiant Consulting arm. This outlines what last year’s IT security trends were and what we should anticipate in the coming year. While this year’s M-Trends 2016 validates what many of us have experienced firsthand, it really brings to the forefront how critically important securing identity will be this year. Within the 48-page report, there are 21 sections directly related to identity. Not to mention, a few infographics that invoke identity questions. After taking out the filler pages, identity is mentioned in almost every page. It will be…

Secure Windows Administration and Eliminate Dual Active Directory Accounts for Administrators

I’ve seen many environments lately where the Windows administrators have two Active Directory accounts, one that they use for their normal end user activities, such as reading email, and the other they use for any administrative duty. This creates several very real problems: a) the admin now has two different accounts with a password that he must now maintain over time, probably not a huge problem but just a pain for the admin; b) you still have to trust the admin where he will use the second admin account and hope that he doesn’t use it for normal daily activity…

Top 10 IT Productivity Gains with Centrify Privileged Identity Management

Wouldn’t it be nice for a change to deploy an IT security solution that doesn’t sacrifice usability and productivity for security? I’m sure many of you have had the experience of introducing a new security product that, while solving a real security problem, just makes life hell for users. These can create new hurdles, introduce complexity, and generally take a toll on uses’ day-to-day productivity. Maybe you’re a user on the receiving end, not sure why IT has ‘decided’ to make your life hard. Then again maybe you’re the administrator more aware of the security benefits, but nonetheless, you are…

Another Breach! Security Controls Shouldn’t be that Hard!

I just read an interesting article in NetworkWorld about a breach at a major financial institution. The article pointed out that breach resulted from a lack of deploying adequate security controls on the corporate servers. The article goes on to state, “Strong access management policies and network segmentation are key to limiting the extent of damage that attackers can do once they gain a foothold inside a network. However … implementing uniform security controls across their vast networks can be difficult because they often have to integrate large numbers of new systems with different levels of security as a result of acquiring other companies.”

Compliance to the DHS CDM Program with Centrify

My first years out of college were spent as a Unix administrator, during which time I learned many amusing acronyms, such as sed, NAWK, and PEBCAK. One of my favorites was Yacc, which stands for Yet Another Compiler Compiler. After many years now in IT Security I’ve created my own ‘YAC’:  Yet Another Compliance. It seems there’s a new compliance mandate hiding around every corner, with most offering little in terms of new insights and existing merely to waste time and resources proving the same thing in a different way. But every now and then a promising new compliance program…

Five Reasons Traditional Enterprise Security is no Longer Good Enough

Targeted attacks and security breaches continue to steal the headlines on a daily basis, and no person or organization is immune to the threats. Instances in which personal information is compromised have now become commonplace, as security threats have become increasingly complex, sophisticated and targeted. Unfortunately, with today’s mobile culture and BYOD workforce the threat landscape has broadened. And while the nature of attacks and threat vectors are evolving, traditional security is no longer a match for these attacks. IT departments do not have the resources to address each and every threat as it arises. As such, new technologies provide the…

Enterprise Mobile App Challenges, Part 1

First let me say what I mean by Enterprise Mobile App: an app running on a smart phone or tablet that is used by company employees and partners as part of their job. Probably custom built. Probably accessing a mix of existing LOB back-ends, some new back-ends and some commercial services (storage, analytics,…). Back-ends on-prem and in the cloud. I am sure that definition misses some things (I will return to a few obvious ones later) but I am sure that it hits a huge number of projects. So what does it take to build, deploy, manage and maintain an…

Centrify for Mac 2014 – Continuous improvement in centralized management for Macs in Business

Centrify is 10 years old this month (You can read about our history and company milestones along the way http://www.centrify.com/aboutcentrify/overview.asp). I was thinking that it wasn’t that long ago when we first heard from customers who needed to integrate Macs into their business, which drove us to deliver our first Active Directory integration for the Mac running OS X 10.4 Tiger back in 2005 (http://www.centrify.com/news/release.asp?id=2005060602). This was way before Macs were even using Intel processors. Remember the Power PC processor? Our first Mac customers were trying to find a way to support the few executives who brought in Macs and wanted…