The Multi-factor Authentication (MFA) Debate

A recent FCW article authored by Derek Handova provides expert opinions from experienced and well respected “identity” professionals: Paul Grassi, Sr. Standards & Technology Adviser at NIST, Jeremy Grant former Sr. Executive Advisor for Identity Management at NIST and now Venable’s managing director for technology business strategy.  Mr. Terry Halvorsen, former CIO for the Department of Defense and Army Col. Tom Clancy, Identity and Asset Management lead for the Department of Defense CIO’s office also provide their thoughts and ideas regarding multi-factor authentication. Their comments, along with other industry experts interviewed by Handova, were thoughtful and worth keeping in mind…

Game of Thrones Hack: Winter Has Come for Passwords

The recent security breach at HBO of confidential data including Game of Thrones scripts, cast personal details and administrator passwords highlights the vulnerability of password-only protection. The breach involved hackers stealing about 1.5 terabytes of data from HBO systems — more than seven times as much as the 200 gigabytes taken in the 2014 Sony hack — including scripts for five Game of Thrones episodes and two unreleased episodes of Ballers and Room 104. Passwords Alone Are Not Enough to Stop the Breach The hackers have reportedly released numerous confidential documents, including one with a list of personal phone numbers,…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 2

Last week, I discussed the first three reactions I had to the “Cisco 2017 Midyear Cybersecurity Report.” I discussed how vendor consolidation is increasing, how spyware is being branded as malware and how detection of threats is continuously improving. DevOps as a Target In the Vulnerabilities section of the document, Rapid7 describes how DevOps is a target and vulnerability for many companies that may use things like AWS, Azure, or Docker frameworks for development. When these resources are built, they are not always deployed in a secure state and often are left behind to run indefinitely. Identity management tools that…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 1

When reading this year’s “Cisco Midyear Cyber Security Report,” a few things jump out that bear discussion. Vendor Consolidation First, one of the key findings is related to the “fragmented security toolbox,” and from it, having so many point solutions solving for security gaps actually creates problems. If they are layered effectively, integrated fully and managed appropriately, point solutions are a winning approach. But when you look at the number of separate solutions that need individual attention to stay effective, the administrative burden deters from incident response plan. This leads to the report’s conclusion that consolidation of vendors limits this effect….

Driving Cloud-Based Agility at Rémy Cointreau with Centrify

Business requirements and information security priorities have always had a tough time aligning. It’s even become something of a cliché these days to say that security is a block on agility, productivity and growth. Yet it doesn’t have to be that way. Rémy Cointreau’s recent collaboration with Centrify is a great example of how, when implemented correctly, security can actually support the business: in this instance, our move to a more agile, cloud-based infrastructure.  On the opening day of Infosecurity Europe in London, I explained to a packed audience exactly how the Centrify Identity Service is helping our employees work…

Mobile Device Management: Your Phone or Mine?

My phone currently sits in my pocket, and as I write this blog, it vibrates silently — reassuring me that I have not lost it, providing updates from friends and family and reminding me of emails and chats I still need to respond to. Because of the inherent convenience and increased productivity they provide, our phones have become indispensable. It’s no wonder company leadership typically embraces the idea of a mobile-enabled workforce. However, mobile access should be tempered by the current security landscape, where the perimeter has shifted to the cloud. Security teams should take note that even with large investments,…

Time to Ditch Passwords: Taking the Centrify Message to Infosecurity Europe

London Olympia will again be the venue this week as experts from around the world flock to the capital for the annual Infosecurity Europe show. With over 13,000 visitors expected over the three days, this is one of the biggest industry events around. Centrify will be there on Stand C65 to share why we think our range of advanced identity services are the only way IT leaders can secure their hybrid enterprise against modern threats. Attendees also have a great opportunity to hear first-hand from customer Remy Cointreau on the challenges of becoming a more secure and agile organisation through…

What are CDM and CRED?

The Continuous Diagnostics and Mitigation (CDM) Task Order for CREDMGMT provides guidance and tools to federal civilian agencies to fulfill the Manage Credentials and Authentication (CRED) Function. This functional area is designed to prevent the binding of credentials the use of credentials by anyone other than the rightful owner (person or service). The approved tools provide careful management of credentials, preventing attackers from using hijacked credentials to gain unauthorized control of resources, especially administrative rights. The CRED capability ensures that account credentials are assigned to, and used by, authorized people or services. This solution relies on the results of the…

Controlling Access is the Key to Cyber Security

Access is the greatest opportunity and the greatest threat for businesses engaging with the online economy. Increasingly, our business systems gather, digest and disperse data throughout our operations, including confidential details about customers, employees and business partners. Mature cyber security processes are vital to protect this confidential information from unauthorised access, which can expose businesses to punishing and potentially lethal brand damage. In fact, even a cursory review of 2016 cybersecurity breaches — including the Yahoo! billion-user revelations, the DNC hack during the U.S. presidential election and the $81 million malware attack against a Bangladeshi bank — reveal their unprecedented…

How Can User Behavior Analytics Kill the Password?

Last time, I wrote about adaptive authentication and briefly touched on behavior analytics being an integral part of adaptive authentication. For true behavior analytics, you need some smart AI powered multi-factor authentication (MFA). Now, if you think about it and put the pieces of the puzzle together you might be able to kill passwords altogether. Wouldn’t that be nice? You no longer need to remember any passwords and all you need is access to one of your MFA tools when authenticating. With the increased use of smart phones and other devices for MFA, businesses now more than ever have the…