Cyber Security that Pays for Itself in Australia

Centrify’s identity management platform is a unique product in the Australian cyber security market because of its ability to pay for itself through improved business productivity. Many customers are surprised to discover Centrify’s “secret sauce” — the value it releases through improved business process efficiency, which delivers a prompt payback. In fact, Centrify stands out as a leading identity management product that saves companies time and money in the on-boarding process, especially in relation to BYOD (Bring Your Own Device) use. In the cyber security space, when a CEO asks the age-old question, “is this product going to make me…

FedRAMP Compliance: Beyond the Letter of the Law

When I mention “compliance” to most people, I often get that cringe — the one that says “ugh, what a pain.” I’m empathetic to folks who are just trying to get the job done, and whose only interaction with compliance is being told somewhere along the line that they have got to jump through more hoops. But having lived information security for several years, and having previously had some experience with risk frameworks and compliance efforts, I’ve developed a different viewpoint. My colleagues in security immediately understand and connect with the statement that with compliance, “there is the letter of the…

Impact of Data Breaches on Reputation & Share Value (Hint: it’s HUGE)

Effective cyber risk management starts with the C-suite and belongs in the boardroom Wow, this last Friday and over the weekend we have heard about the massive cyber attack infecting thousands of organizations with ransomware in over 75 countries. In Britain, dozens of hospitals and National Health Service providers were crippled. While the ransomware was only demanding $300 worth of bitcoin the impact of the attack saw thousands of appointments canceled, phone lines down and patients turned away. Today, a brand new Ponemon study, sponsored by Centrify, was released and examines the impact of data breaches on reputation and share…

Strategically Moving Towards a Secure Hybrid IT

Owing to lack of strategic foresight or sheer laziness, security has traditionally taken a back seat in IT Systems integrations. Lack of security foresight in IT endeavors can impact businesses in the course of time, thus it is recommended to look into security related aspects from the very start — be it at the time of integration, upgrades or migration of IT tool or solutions. Nowadays, security considerations such as in Software Development Life Cycle are integrated into each layer of technology engagement. With that backdrop, security loopholes and cyber vulnerabilities are becoming complex, leading to obstructing identity, data and information…

Verizon 2017 DBIR: Key Takeaways

Summary The 2017 DBIR is an essential read for organizational leaders, cybersecurity practitioners and security industry professionals. The report provides clear information that helps cyber security practitioners and executives devise strategy, and implement tactical responses to the cyber battlefield of today. In this year’s 10th publication of Verizon’s Data Breach Investigation Report, data from nearly 2,000 confirmed breaches were submitted by IT professionals and analyzed by Verizon security experts. In the report, 88% (up from last year’s 83%)  of incidents fall into same industry categories that were first identified in the 2014 report. These attacks are further categorized into key…

PWN2OWN 2017 Outcome: Implement Multi-factor Authentication & Least Privilege

Zero Day Initiative, a security research program that offers rewards for successful hacks, reported that on last day of their recent “PWN2OWN 2017” competition, a team of contestants pulled off an unique and challenging feat: they compromised a virtual machine and managed to “escape” to the host system running the virtualization software.  The hack involved three distinct and challenging tasks: Compromising Microsoft’s Edge Browser Compromising the Guest Operating System (running Windows 10) Compromising the VMware Workstation virtualization software And this was all accomplished through a controlled website. Although this may not be the first time each individual layer was compromised, this…

More Thoughts on Vendor Consolidation in the Security Market

In my last blog post, I discussed a new major trend in the security market, which is that security buyers are increasingly looking to consolidate vendors and want more of a platform approach to security versus stitching together point solutions. Besides hearing this directly from customers over the last few months, I documented in the blog how two different analysts, who were both doing comprehensive security customer surveys, both independently found that around “70% of enterprise security buyers are consolidating vendors.”  In this blog post I want to further elaborate on this trend and share some additional data points that…

Federated Identity Management vs. SSO

Last time I wrote about how much it costs to protect yourself, so I want to follow up  with another topic that hits close to home: your wallet. Federated identity management (FIM) and single sign-on (SSO) are not synonymous — FIM gives you SSO, but SSO does not give you FIM. That minor detail is very important to understand, as you make the leap to the cloud and adopt more SaaS applications. While you will have some initial startup cost with FIM by building out an identity service provider (IDP), it is cheaper in the long run than using simple SSO with FIM….

Pass(word)ing the buck!

The start of the New Year is always an interesting time in the security community. Out come the statistics and stories about the worst passwords and the most common ones chosen by online users during the previous year. A recent story in the UK national press suggests that half of all online users worldwide use just 25 passwords between them — and of course, none of the passwords are very secure and hackers could easily crack them. In what seems like Groundhog Day the most common password is once again 123456, followed by 123456789 (so we can assume some popular…

Commission on Enhancing National Cybersecurity: Implement MFA

At the end of 2016, the Commission on Enhancing National Cybersecurity, a nonpartisan committee charged with developing actionable recommendations for securing and growing the digital economy, presented its report to then President Obama. While Obama has left office, the report still provides a valuable path towards ensuring cybersecurity, mapped out in a series of key action items. The most relevant for readers of this blog are found in Recommendation 1.3, summarized below. Recommendation 1.3: The next Administration should launch a national public–private initiative to achieve major security and privacy improvements by increasing the use of strong authentication to improve identity…