Ponemon 2017 Report: The Need for a New IT Security Architecture

It’s annual cybersecurity reporting season and first up in 2017 is the Ponemon Global Study, “The Need for a New IT Security Architecture” sponsored by Citrix. The study reveals global trends in IT security risks and reasons why security practices and policies need to evolve in order to deal with threats from disruptive technologies, cybercrime and compliance. Changes in the workplace and problems managing IT security are also increasing risks to the organization. This report surveyed more than 4000 global IT and security practitioners and discusses the findings that concern risks created by cybercrime, employee negligence and organizational dysfunction and…

RSA: Centrify Survey Reveals Almost Half of Respondents Lack Confidence in Their Company’s Cybersecurity Strategies

Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security! While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds…

Multi-factor Authentication Solutions: Only as Strong as the Weakest Link

I’m going to stray slightly from the teaching aspect of my blogs to some recent revelations in the technology industry, specifically regarding multi-factor authentication (MFA). Unfortunately, this technology has become necessary for the everyday person, not just for businesses. I say “unfortunately” because it usually creates extra hurdles for end users that they would rather not deal with every time they want to check their email or Twitter account.   First, I’m going to give you a small sampling of what problems we face, how we address it and then share the scary part that even extremely experienced folks may not realize. The World…

How to Protect Yourself from a Social Engineering Attack

Hackers are after you. Not just “you” as a consumer using your devices to shop. Not just “you” as an employee accessing your company network, e-mail or applications. They are after you. The more they know and can readily find out about you, the easier it is to impersonate you for purposes of further compromise. One of the most common ways this happens is through social engineering — psychological manipulation of people into performing actions or divulging confidential information. Social engineering has been around for a long time; in fact, one of the earliest examples cited was the original Trojan Horse made of wood! However,…

Why the New York Banking Cybersecurity Regulations Are Imperative and Timely

New York Governor Andrew Cuomo’s announcement of proposed new and far-reaching regulations to protect New York State banks, financial institutions and insurance companies against escalating threat of cyberattacks is both timely and imperative. The regulation requires institutions to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York’s financial services industry. The proposal is a landmark initiative to elevate the security posture and preparedness of New York’s thousands of financial institutions in combatting cyber-crime through a cybersecurity program that performs five core functions: Identification of cyber risks. Implementation of policies and procedures…

Top 3 Takeaways from the 2016 Cyber Security Study by Wells Fargo Insurance

Wells Fargo Insurance released their 2016 Cyber Security Study this week. Over 100 decision makers at companies with at least $100 million in annual revenue were surveyed to better understand perceptions of network security and data privacy vulnerabilities and related business exposures and risks. Three interesting takeaways from this study include: Takeaway #1: The Rise of Imposter Fraud Whether you call it CEO fraud, fraudulent inducement, social engineering fraud or business e-mail compromise scams, 21% of respondents have been targets of impostor fraud. Unfortunately, most suffered a financial loss, and often a significant one ($500k+). In fact, in April 2016,…

Securing Enterprise Identities For Dummies, Part 2

In part one of Securing Enterprise Identities For Dummies, we covered how the traditional network perimeter is inadequate for today’s apps and infrastructure which are increasingly cloud and mobile. We also covered steps to securing enterprise identities so that any user can obtain secure access to any resource. These steps included: Taking stock of your existing enterprise users, apps and infrastructure Considering the role of identity in cybersecurity Architecting security using identity Deploying an identity platform for security Part 1 of this blog concluded that an identity platform can provide you with a unified and integrated set of tools, auditing, reporting…

Cloud Access Security Broker (CASB) Model: A Simple Explanation for My 5 Year Old Niece

I had the pleasure of hosting a family gathering during the holidays and my five year old niece, Sophia, came up to me and asked me what I do while I sat in front of a computer all day. Having been a sales engineer for over 20 years, I never thought that the most challenging part of my career would be explaining what I do to my niece. As I thought about how to respond, I felt a little hand yank on my arm and her say, “Hello, Uncle, are you there?” I told Sophia, “Look at my screen and point at three things…

Centrify Joins Cloud Native Computing Foundation (CNCF)

2015 sure has been a banner year for cloud technologies! A major development has been the mainstream adoption of containers. Google’s Kubernetes project and Docker have helped the adoption with major open source contributions in these areas. Back in 2014, we knew that Google launches more than 2 billion containers a week! More recently Docker shared that more than 1.3 billion container image downloads had been issued until November of this year, up from just over 2.75 million a year ago.  Cloud adoption for enterprises may be sooner than we expect — 34% of enterprises will have greater than 60% of their applications on cloud platforms in the next 2 years. Choice to go…