Why the Path Towards Zero Trust Starts with Next-Gen Access

Zero Trust Security has gained a lot of popularity over the last six months. Almost daily you can read articles about this security strategy (e.g., TechRepublic, CSO, Security Current). Both analysts (e.g., Forrester) and security professionals acknowledge the benefits it offers in the context of establishing effective ways to minimize the risk of falling victim to a cyber-attack. The reason why so many embrace Zero Trust Security is most likely anchored around its simplicity ― with today’s porous network perimeter, untrusted actors already exist both inside and outside the network. However, when it comes to developing the necessary blueprint on…

GDPR and Privacy: How to Earn the Trust of Your Customers and Keep Regulators Happy

Customer data is the lifeblood of any organisation and the key to unlocking sales and growth. But the data you hold and how you use it is about to come under intense scrutiny, thanks to new European privacy rules. The EU General Data Protection Regulation (GDPR) is the biggest shake-up to the region’s laws in this area in almost a generation, introducing sweeping new rights for consumers and potentially onerous obligations for organisations. To avoid hefty fines, whilst retaining the trust of your customers and prospects, you’ll need to pay special attention to the new rules and make lasting changes…

Centrify for NIST 800-171 MFA Compliance

I often speak with Federal System Integrators (FSIs) who need to implement Multi-Factor Authentication (MFA) as part of their NIST 800-171 compliance. Specifically section 3.5.3 of this NIST guide states, “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.” Many of these FSIs have already implemented smart cards in their environment, at least partially, while others have no form of MFA at all. Either way, the Centrify Identity Platform can provide this MFA compliance, along with many other features required for a secure, Zero Trust environment. (Centrify’s detailed compliance note on…

What do Equifax, HBO, Uber and Yahoo All Have in Common?

A consumer ratings agency, a cable network, a transportation company and a web services provider. What ties them together? Sure, they were all impacted by very high-profile security breaches. But, if you dig a little deeper, you’ll find these organizations had a lot in common before, during and after their respective breaches. And those commonalities can teach us valuable lessons. A quick recap Equifax became the latest poster child for cybersecurity after it announced criminals had gained access to the financial data of 143 million people. The massive breach led to 23 class-action lawsuits, a $4.3 billion loss in market…

Centrify Predicts: Cybersecurity in 2018

As we start 2018, we have continued to see major breaches across industries, only last year we witnessed at least two companies — Uber and Equifax — opt to hold off on alerting the public to their respective cybersecurity breaches and make them public at a later, more convenient date. Whether a coincidence or a trend in the making, time will tell. What we do know is that these were among a handful of security “events” that will help shape the year to come. Here are our predictions for 2018. Organizations will respond to the current threat landscape with a…

What To Consider While Selecting a Single Endpoint Security Vendor?

Whenever I speak about IT security vendor consolidation, I am encountered by confusion-ridden looks from the business fraternity. Businesses are grappling with the challenge of selecting an appropriate security vendor(s) in such an ever-changing IT environment — zero-ing on single vendor’s capabilities does not appear to be the right approach! Information technology has come a long way, and the development has been paralleled with security considerations. For each IT capability there is a security layer to top it up with. Multiple vendors support is like multiple mini IT Security workshops, running 24×7, following their own innovative trouble shooting when a…

What is Adaptive Multi-factor Authentication (MFA)?

In 2016 over $80B have been spent on Security, yet 66% of companies were still breached and 81% of breaches involved compromised credentials in the form of either stolen or weak passwords. I covered in one of my previous blogs the cost of protecting yourself, which according to a study by Ponemon Institute in 2015, the mean annualized cost for 58 benchmarked organizations is $15 million per year. So, now that we understand how expensive it is to get hacked (which many of us probably knew along), I want to state the obvious: In today’s IT world, relying on simple…

Zero-Trust Model: Never Trust, Always Verify

“Never trust, always verify” is the lingo floating around in the security world. It succeeds the traditional belief of “trust, but verify,” which places a fair amount of trust in the people and devices accessing resources within a protected network. Surely, with massive data breaches happening regularly, we know that network perimeters are not as robust as we once thought. Attackers use weak or stolen credentials to gain access a network as a legitimate user. When an attacker has breached the network perimeter, we also know they are able to move laterally to more valuable assets and data that are…

How To Lower Cyber Insurance Premiums

According to Lloyd’s of London, a massive global cyberattack could result in economic losses as high as $53 billion. Given that, it’s no surprise that an increasing number of businesses are adding cybersecurity coverage to their liability insurance. But as businesses rush to insure, what exactly these policies cover, as well as the cost of premiums, is coming under scrutiny. A key question is whether or not non-malicious human activity is covered. On one hand, cybersecurity policies that do not cover human error —  which would include falling victim to sophisticated phishing schemes, visiting Trojan-infected sites, or even deferring patches…