The Multi-factor Authentication (MFA) Debate

A recent FCW article authored by Derek Handova provides expert opinions from experienced and well respected “identity” professionals: Paul Grassi, Sr. Standards & Technology Adviser at NIST, Jeremy Grant former Sr. Executive Advisor for Identity Management at NIST and now Venable’s managing director for technology business strategy.  Mr. Terry Halvorsen, former CIO for the Department of Defense and Army Col. Tom Clancy, Identity and Asset Management lead for the Department of Defense CIO’s office also provide their thoughts and ideas regarding multi-factor authentication. Their comments, along with other industry experts interviewed by Handova, were thoughtful and worth keeping in mind…

Game of Thrones Hack: Winter Has Come for Passwords

The recent security breach at HBO of confidential data including Game of Thrones scripts, cast personal details and administrator passwords highlights the vulnerability of password-only protection. The breach involved hackers stealing about 1.5 terabytes of data from HBO systems — more than seven times as much as the 200 gigabytes taken in the 2014 Sony hack — including scripts for five Game of Thrones episodes and two unreleased episodes of Ballers and Room 104. Passwords Alone Are Not Enough to Stop the Breach The hackers have reportedly released numerous confidential documents, including one with a list of personal phone numbers,…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 1

When reading this year’s “Cisco Midyear Cyber Security Report,” a few things jump out that bear discussion. Vendor Consolidation First, one of the key findings is related to the “fragmented security toolbox,” and from it, having so many point solutions solving for security gaps actually creates problems. If they are layered effectively, integrated fully and managed appropriately, point solutions are a winning approach. But when you look at the number of separate solutions that need individual attention to stay effective, the administrative burden deters from incident response plan. This leads to the report’s conclusion that consolidation of vendors limits this effect….

Post-Brexit Data Flows: Why There’ll be No Place for UK Firms to Hide from GDPR

As with most aspects of the EU, unhindered cross-border data flows are something most U.K. firms just take for granted these days. Thanks to the cloud, huge volumes of corporate data is stored in third party providers’ data centres, frequently not even in the UK. Aside perhaps from those in highly regulated sectors, corporate users don’t think twice about accessing that data, and sending it to and from partners and customers on the continent. However, the U.K.’s departure from the world’s biggest trading bloc raises new questions about the legality of such transfers. In a new report, the House of…

Racing Towards a Zero Trust Access Control Model

Drag racing. From 0 to 60 in less than 2 seconds. It’s all about controlled speed. Success depends on maximizing power, minimizing weight and drag, and no obstacles in the way! In IT when the pressure’s on, admins also want to avoid obstacles. They need to get the job done fast whether it’s an OS refresh, new corporate apps rolling out, or fixing a network outage. For this, they too need power (accounts like “root” or “administrator” with superuser rights). SO, just give your admins full rights all the time. Minimize obstacles, bureaucracy, red tape, friction. Jobs get DONE super…

Centrify named “Overall Leader” in KuppingerCole IDaaS Leadership Compass

Centrify is pleased to announce that KuppingerCole Identity as a Service (IDaaS) Leadership Compass Report names Centrify “Overall Leader.” The report also highlights Centrify’s leadership in innovation, product features and market reach. KuppingerCole is a leading analyst covering Identity and Access Management (IAM). This report is the most current and comprehensive look at the IDaaS market, which is one of the fastest growing segments in the Security and Identity markets. According to Jeff Edwards of Solutions Review, The IDaaS market is exploding and it is predicted “that by 2020, 40 percent of IAM purchases will use the IDaaS delivery model,…

Driving Cloud-Based Agility at Rémy Cointreau with Centrify

Business requirements and information security priorities have always had a tough time aligning. It’s even become something of a cliché these days to say that security is a block on agility, productivity and growth. Yet it doesn’t have to be that way. Rémy Cointreau’s recent collaboration with Centrify is a great example of how, when implemented correctly, security can actually support the business: in this instance, our move to a more agile, cloud-based infrastructure.  On the opening day of Infosecurity Europe in London, I explained to a packed audience exactly how the Centrify Identity Service is helping our employees work…

Infosecurity Europe 2017: Workplace Distraction Is a Major Security Risk, So What Can We Do About It?

From Yahoo to TalkTalk, and Wonga to Kmart, wherever you look today data breaches dominate the headlines. In fact, organisations are urged to assume it’s a case not of “if” but “when” they’re hit, and plan accordingly. The repercussions could be disastrous: a recent Centrify study revealed that on average share prices tumble 5% following a breach, with a third (31%) of customers discontinuing their relationship with the affected firm. But where do these breaches stem from? Human error has long been pegged as a major contributing factor, so we decided to take a snap poll of attendees at Infosecurity…

Mobile Device Management: Your Phone or Mine?

My phone currently sits in my pocket, and as I write this blog, it vibrates silently — reassuring me that I have not lost it, providing updates from friends and family and reminding me of emails and chats I still need to respond to. Because of the inherent convenience and increased productivity they provide, our phones have become indispensable. It’s no wonder company leadership typically embraces the idea of a mobile-enabled workforce. However, mobile access should be tempered by the current security landscape, where the perimeter has shifted to the cloud. Security teams should take note that even with large investments,…