Today’s Predictions for Tomorrow’s Internet: How To Keep Your Smart Devices Safe

When you first hire a personal assistant, they’re not all that helpful. Over time, they learn your daily routine, your needs and desires, and with that information, they make your life easier. Now, consider that your smart phone has morphed into your own mini personal assistant. Today’s smartphones are filled with potent sensors that collect data about you. Audio and image sensors, touch sensors, acceleration sensors, light, proximity, and location sensors all help your smartphone to get to know you and your habits. It knows where you go, when you go and how long you stay. It knows who you…

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

How to Protect Against Insider Threats: 3 Tips from HBO’s Game of Thrones’ “LittleFinger”

“I did warn you not to trust me.” (Spoiler Alert: for those of you still binge watching Game of Thrones seasons 1-6) For Game of Throne fans, Lord Baelish’s (otherwise known as Littlefinger) fate was only somewhat surprising, inevitable and a gratifying finale for the nefarious character. A master of manipulation, Littlefinger’s enterprising ways led him to acquire both wealth and key intelligence on his political rivals — a classic example of a malicious insider. As his relevance in the storyline grew over the seasons, his underhanded and power grabbing methods gained momentum. Photo credit: 7strongest (cc by 2.0) So,…

Gartner Privileged Access Management Market Overview 2017

Gartner just published their 2017 Market Overview guide for PAM, and it is a great read! The drivers for PAM are similar to last year’s, with a new emphasis on the need for “a comprehensive cybersecurity defense strategy, specifically for critical infrastructure.” Here’s Gartner’s list of drivers, and we believe they are spot on in terms of what we are hearing from our customers and how we’ve delivered capabilities to help solve these issues: The risk of breaches and insider threats The need to prevent, isolate and limit malware attacks that leverage privileged accounts An increase of operational efficiency for…

The Multi-factor Authentication (MFA) Debate

A recent FCW article authored by Derek Handova provides expert opinions from experienced and well respected “identity” professionals: Paul Grassi, Sr. Standards & Technology Adviser at NIST, Jeremy Grant former Sr. Executive Advisor for Identity Management at NIST and now Venable’s managing director for technology business strategy.  Mr. Terry Halvorsen, former CIO for the Department of Defense and Army Col. Tom Clancy, Identity and Asset Management lead for the Department of Defense CIO’s office also provide their thoughts and ideas regarding multi-factor authentication. Their comments, along with other industry experts interviewed by Handova, were thoughtful and worth keeping in mind…

6 Reactions to the Cisco 2017 Midyear Cybersecurity Report: Part 1

When reading this year’s “Cisco Midyear Cyber Security Report,” a few things jump out that bear discussion. Vendor Consolidation First, one of the key findings is related to the “fragmented security toolbox,” and from it, having so many point solutions solving for security gaps actually creates problems. If they are layered effectively, integrated fully and managed appropriately, point solutions are a winning approach. But when you look at the number of separate solutions that need individual attention to stay effective, the administrative burden deters from incident response plan. This leads to the report’s conclusion that consolidation of vendors limits this effect….

Post-Brexit Data Flows: Why There’ll be No Place for UK Firms to Hide from GDPR

As with most aspects of the EU, unhindered cross-border data flows are something most U.K. firms just take for granted these days. Thanks to the cloud, huge volumes of corporate data is stored in third party providers’ data centres, frequently not even in the UK. Aside perhaps from those in highly regulated sectors, corporate users don’t think twice about accessing that data, and sending it to and from partners and customers on the continent. However, the U.K.’s departure from the world’s biggest trading bloc raises new questions about the legality of such transfers. In a new report, the House of…

Four Things You Don’t Know About Cybersecurity… That You Should

Ponemon Institute recently conducted a survey, sponsored by Centrify, designed to more deeply understand the current state of cybersecurity. The Impact of Data Breaches on Reputation & Share Value: A Study of U.S. Marketers, IT Practitioners and Consumers examines differing perspectives across a number of security topics. I’d like to focus on IT professionals at this time, as I believe the results are enlightening, to say the least. 43 Percent of IT practitioners said their organization had a data breach involving sensitive customer or business information in the past two years. This tells us that more than one in five organizations…

Racing Towards a Zero Trust Access Control Model

Drag racing. From 0 to 60 in less than 2 seconds. It’s all about controlled speed. Success depends on maximizing power, minimizing weight and drag, and no obstacles in the way! In IT when the pressure’s on, admins also want to avoid obstacles. They need to get the job done fast whether it’s an OS refresh, new corporate apps rolling out, or fixing a network outage. For this, they too need power (accounts like “root” or “administrator” with superuser rights). SO, just give your admins full rights all the time. Minimize obstacles, bureaucracy, red tape, friction. Jobs get DONE super…

Centrify Wins PC Magazine’s 2017 Identity Management Solutions Editor’s Choice Award

PC Magazine recently published a review of the top 2017 Identity Management Solutions and we are pleased to announce that Centrify was one of only three vendors that received the Editors’ Choice Award! The Editors’ Choice is awarded annually to products/services that rise above similar products in their categories and the products under consideration have been reviewed by expert analysts in PCMag Labs. Specific features that were commended by PC Magazine were capabilities such as robust reporting, easy to use on-premises app, quick integration with user identities from social networks, and our risk-based authentication that leverages machine learning. Our user…