Moving to the Cloud? Six Best Practices for AWS Security

When moving to an AWS infrastructure, responsibility for security is shared between Amazon and your organization. Amazon’s Shared Responsibility Model clearly shows where both parties’ responsibilities begin and end. AWS secures the lower layers of the infrastructure stack, while the organization is accountable for everything else up to and including the application layer. Six security best practices for organizations moving to AWS Extend your common security model Conventional security and compliance concepts still apply in the cloud. Whether we’re talking about existing apps migrating to the cloud or new ones being built there, they must be secured and good practices…

How the Uber Data Breach Could Have Been Prevented

Background on the Uber Breach History is replete with examples of individuals and organizations turning manageable problems into serious crises simply by trying to hide the truth. While the Uber data breach was large in terms of the 57M customer and driver records lost, if Uber had followed standard breach protocol by notifying authorities and impacted users, remediated the problem and laid out steps that they were taking to avoid future breaches, the impact would have been much less. Uber was under a legal obligation to notify regulators and to the impacted users and drivers. Instead they took extreme measures…

A Leader! Forrester Wave Names Centrify Leader For Identity-as-a-Service

Today Forrester Research released The Forrester Wave™: Identity-As-A-Service, Q4 2017. Evaluating the “seven vendors that matter”, Forrester named Centrify a Leader. Here at Centrify, we believe this is a strong validation of Centrify’s zero-trust approach to securing access to apps and systems. A complimentary version of this report is available for download here. Centrify provides the industry’s only single platform to secure each user’s access to apps and infrastructure through the power of identity services. With this recent report from Forrester, Centrify becomes the only identity services provider to be evaluated in and positioned as a leader in both IDaaS…

Zero-Trust Model: Never Trust, Always Verify

“Never trust, always verify” is the lingo floating around in the security world. It succeeds the traditional belief of “trust, but verify,” which places a fair amount of trust in the people and devices accessing resources within a protected network. Surely, with massive data breaches happening regularly, we know that network perimeters are not as robust as we once thought. Attackers use weak or stolen credentials to gain access a network as a legitimate user. When an attacker has breached the network perimeter, we also know they are able to move laterally to more valuable assets and data that are…

How To Lower Cyber Insurance Premiums

According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion. Given that, it’s no surprise that an increasing number of businesses are adding cybersecurity coverage to their liability insurance. But as businesses rush to insure, what exactly these policies cover, as well as the cost of premiums, is coming under scrutiny. A key question is whether or not non-malicious human activity is covered. On one hand, cybersecurity policies that do not cover human error —  which would include falling victim to sophisticated phishing schemes, visiting Trojan-infected sites, or even deferring patches…

A Culture of Excellence

Today at CyberConnect, we announced our contribution to the American Red Cross’s hurricane and wildfire relief funds. We have employees and customers located throughout the continental U.S., and many of them have been affected by the recent natural disasters. Whether it be those affected by Hurricane Harvey in Texas or those recovering from the wildfires that have plagued California, we believe it is important to provide employees with a culture of support both in the office and in their communities. As our CEO, Tom Kemp, says, “It is important that Centrify gives back — be it our local schools, our…

A Beginner’s Guide to Cybersecurity

Many people worry that cybersecurity involves a dark and dangerous domain full of unpredictable terrors and threats over which they have little control. The fact is that the greatest risks in the digital space result from the same causes as security vulnerabilities in the real world — poor habits. How many people do you know who leave their doors or windows unlocked at night or hide a spare key under a pot plant near the back door? In effect, they are prioritising convenience over security — a lax practice that many people emulate online by using easy-to-remember passwords or using…

Cybersecurity Awareness Month: Protecting Critical Infrastructure from Cyber Threats

It is interesting and at times bewildering, that in the many years following the failures of 9/11, we still have not found a way to share threat intelligence information without exposing classified information which may compromise the source. Look at these five primary pieces of infrastructure, which exist in every modern society, consider the interdependencies, and how a persist threat or disruption to one dependency can cascade throughout these infrastructure dominos. Primary Role: Electrical Power Generation/Distribution Dependencies on: Above and below ground electrical distribution wires. Network Access to connect power generation and distribution systems. Backup generation systems for internal systems….