recentpopularlog in

jonerp : security   226

« earlier  
To Change or Not to Change: The Decision to Stay on the Green Screen
"Let’s consider a few reasons why you may not want to replace your legacy system, just yet:

They simply don’t break: Like your Grandad’s 1992 Honda or Swiss watch, the thing will pretty much run forever. The technology behind the old IBM mainframes is simple and sturdy, and as long as it is cleaned and maintained it will work. Cloud ERP systems, on the other hand, are only as reliable as your users’ internet connections.
Your business has not changed: We find many scenarios where companies have been doing the same thing for 30 years, and with good reason. Consider a company that manufactures a niche supply part for an industrial manufacturing segment. It may be specialized enough that the barriers and cost of entry is too great for competitors to chase and they have consistent clientele. With no desire to expand, there may be no reason to change what’s working."
digital  strategy  erp  software  selection  cloud  cyber  security  cybersecurity  failures  independent  consultants  top  10  systems  for  2020 
13 days ago by jonerp
10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence
"Track, trace and find lost or stolen devices on or off an organizations’ network in real-time, disabling the device if necessary. Every device, from laptops, tablets, and smartphones to desktops and specialized use devices are another threat surface that needs to be protected."
business  featured  posts  technology  software  trends  &  concepts  absolute  persistence  platform  resilience  software’s  2019  endpoint  security  report  asset  intelligence 
28 days ago by jonerp
Why Businesses Should Start Prioritising Cybersecurity
"Ransomware attacks on such a massive scale seem to happen at least once a month nowadays. The entire American city of Baltimore was “held hostage” in May. A similar incident happened in Greenville, North Carolina the previous month.

Massive attacks aside, cybercriminals tend to target small businesses due to fewer investments in their cybersecurity infrastructure. It’s predicted that a new organization will be affected by such an attack every 11 seconds as soon as 2021."
"blogs  breaches  cyber  security  cybersecurity  hacking  proprivacy  ransomware  smb  sme  vpn  wi-fi  wpa2 
4 weeks ago by jonerp
The Hidden Cost of Ransomware: Wholesale Password Theft
"Christianson said several factors stopped the painful Ryuk ransomware attack from morphing into a company-ending event. For starters, she said, an employee spotted suspicious activity on their network in the early morning hours of Saturday, Nov. 16. She said that employee then immediately alerted higher-ups within VCPI, who ordered a complete and immediate shutdown of the entire network."
a  little  sunshine  ransomware  the  coming  storm  alex  holden  hold  security  karen  christianson  mark  schafer  ryuk  sva  consulting  vcpi 
6 weeks ago by jonerp
What’s New On The Zero Trust Security Landscape In 2019
"The latest Forrester Wave adds in and places high importance on Zero Trust eXtended (ZTX) ecosystem advocacy, allocating 25% of the weight associated with the Strategy section on the scorecard. Forrester sees Zero Trust as a journey, with vendors who provide the greatest assistance and breadth of benefits on a unified platform being the most valuable. The Wave makes it clear that Zero Trust doesn’t refer to a specific technology but rather the orchestration of several technologies to enable and strengthen their Zero Trust framework. Key insights from what’s new this year in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 include the following.."
business  featured  posts  technology  software  trends  &  concepts  cybersecurity  forrester  wave™:  zero  trust  extended  ecosystem  platform  providers  louis  columbus'  blog  mobile  security  mobileiron  mobility  q4  2019 
12 weeks ago by jonerp
Does Disney need a security princess after claims Disney+ hacked?
"The same is true of hacking attacks. It really doesn’t matter who is at fault. The immediate response to blame the victims is not what customers would have expected. Disney will now have to prove that it was not at fault and do so quickly. Using a third-party forensics team to establish what happened is a must. So is finding some way to help those customers regain access to their accounts."
latest  news  security  cybercriminals  disney  forensics  hacking  malwarebytes  ralph  streaming  service 
november 2019 by jonerp
Facebook admits to circumventing GDPR
"Facebook claims that it is no longer bound by GDPR because of the way it changed its terms and conditions. It is relying on Article 6(1)(b) of the GDPR which states: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”
business  latest  news  security  advertising  eu  facebook  gdpr  libra  noyb  privacy 
november 2019 by jonerp
Improving Endpoint Security Needs To Be A Top Goal In 2020
"Cyberattacks are growing more complex and difficult to prevent now and will accelerate in the future, making endpoint security a top goal in 2020. Cybercriminals are using structured and unstructured machine learning algorithms to hack organizations’ endpoints with increasing frequency. Endpoint attacks and their levels of complexity will accelerate as cybercriminals gain greater mastery of these techniques."
business  featured  posts  technology  software  trends  &  concepts  absolute  absolute’s  2019  endpoint  security  report  cyberattacks  cybersecurity 
november 2019 by jonerp
How Zero Trust, Service Meshes and Role-Based Access Control Can Prevent a Cloud-Based Security Mess
"“All data breaches are the exploitation of the old broken trust model. And almost all cybersecurity incidents exploit the trust model as well,” said John Kindervag, founder of the Zero Trust Model and field Chief Technology Officer at Palo Alto Networks.

The Trust Model is the perimeter-centric approach to security. Bordered by firewalls, you trust internal traffic by default. As a former penetration tester, Kindervag contends that, for most orgs, once you get inside the Level 3 layer network — and he says there’s always a way — then you have access to almost everything because of “that broken trust model.”
cloud  native  containers  security  feature 
october 2019 by jonerp
Armis warns of unpatchable vulnerabilities in critical hardware
"IoT security company Armis has revealed more medical and manufacturing device vulnerabilities linked to its URGENT/11 disclosure at Black Hat. The details were released in a coordinated vulnerabilitiy disclosure from Armis, the FDA, DHS and BD Alaris, a manufacturer of medical devices. It also reveals six more Real-Time Operating Systems (RTOS) are affected. For some devices the vulnerabilities are so severe that they are considered unpatchable."
latest  news  premier  partners  security  armis  dhs  fda  healthcare  manufacturing  ntt  limited  rtos  vulnerabilities  vxworks 
october 2019 by jonerp
5 Key Insights From Absolute’s 2019 Endpoint Security Trends Report
"Endpoint security controls and their associated agents degrade and lose effectiveness over time. Over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction or have error conditions or have never been installed correctly in the first place. Absolute found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year.'
business  featured  posts  technology  software  trends  &  concepts  absolute  security  cybersecurity  endpoint  louis  columbus'  blog 
september 2019 by jonerp
Hunting botnets and Chinese hackers targeting finance
"Cooperation between security companies and industry bodies is delivering significant benefits in the fight against cybercriminals. Country after country is introducing its own cyber force for good and for bad. This raises the stakes considerably in terms of the types of attacks.

Law enforcement is likely to be heavily reliant on private companies going forward. The question is how much intelligence will governments share to help detect attacks. As our coverage of Zerodium from yesterday shows, the lines of share and use are very blurry."
latest  news  ntt  security  premier  partners  apt41  botnets  china  cms  drupal  finance  gtic  joomla 
september 2019 by jonerp
Why Manufacturing Supply Chains Need Zero Trust
"Supply chains are renowned for how unsecured and porous they are multiple layers deep. That’s because manufacturers often only password-protect administrator access privileges for trusted versus untrusted domains at the operating system level of Windows NT Server, haven’t implemented multi-factor authentication (MFA), and apply a trust but verify mindset only for their top suppliers. Many manufacturers don’t define, and much less enforce, supplier security past the first tier of their supply chains, leaving the most vulnerable attack vectors unprotected."
business  featured  posts  technology  software  trends  &  concepts  centrify  privileged  access  management  cybersecurity  louis  columbus'  blog  zero  trust  privilege  security 
september 2019 by jonerp
Mobile Identity Is The New Security Perimeter
"89% of security leaders believe that mobile devices will serve as your digital ID to access enterprise services and data in the near future according to a recent survey by IDG completed in conjunction with MobileIron, titled Say Goodbye to Passwords. You can download a copy of the study here. Mobile devices are increasingly becoming the IDs enterprises rely on to create and scale a mobile-centric zero trust security network throughout their organizations."
business  featured  posts  technology  software  trends  &  concepts  cybersecurity  louis  columbus'  blog  mobileiron  smartphones  zero  trust  network  security 
september 2019 by jonerp
The Truth About Privileged Access Security On AWS And Other Public Clouds
"In short, native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud, and more provides enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments."
business  featured  posts  technology  software  trends  &  concepts  amazon  web  services  aws  cybersecurity  security  centrify  louis  columbus'  blog 
august 2019 by jonerp
Netflix Discovers Severe Kubernetes HTTP/2 Vulnerabilities
"Taking a look at how the internet’s HTTP/2 protocol works, Netflix engineers discovered a set of vulnerabilities in Kubernetes. The main issue was found in the net/https library of the Go language. Because it was found in this particular library, every version and every component of Kubernetes is affected. These two issues have been assigned base scores of 7.5 (which earns a high severity) by the Kubernetes Product Security Committee."
kubernetes  networking  security  news 
august 2019 by jonerp
Shifting Zero Trust Left with Cloud Native Software
"The substantial scope of software supply chain risk is to trust no one and nothing, and to expand the notion of Zero Trust to include other risk vectors. While Zero Trust is an excellent place to establish a baseline of security, it must be done in a way that does not compromise the business’ agility or innovation."
devops  security  contributed 
august 2019 by jonerp
FBI seeks to monitor Facebook, oversee mass social media data collection
"Plans to track social media activity will potentially clash with existing privacy policies."
security 
august 2019 by jonerp
Your Mobile Phone Is Your Identity. How Do You Protect It?
"Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  louis  columbus'  blog  mobileiron  zero  trust  privilege  security 
august 2019 by jonerp
How To Deal With Ransomware In A Zero Trust World
"Ransomware attackers are becoming more sophisticated using spear-phishing emails that target specific individuals and seeding legitimate websites with malicious code – it’s helpful to know the anatomy of an attack. Some recent attacks have even started exploiting smartphone vulnerabilities to penetrate corporate networks, according to Dr. George."
business  featured  posts  technology  software  trends  &  concepts  centrify  privileged  access  management  cybersecurity  louis  columbus'  blog  zero  trust  privilege  security 
august 2019 by jonerp
Capital One’s Cloud Misconfiguration Woes Have Been an Industry-Wide Fear
"Developers and IT decision-makers should not be surprised by the recent Capital One data breach: Misconfigurations have long been the top cloud security concern. A new StackRox survey of IT decision-makers supports this finding as 60% of respondents are more worried about misconfigurations or exposures, as compared to attacks and generic vulnerabilities."
cloud  services  security  research 
july 2019 by jonerp
Taking Advantage of the Public Cloud without Compromising Security
"The challenge is that cloud consumers often have a misconception about the security provided in a public cloud, mistakenly believing that cloud providers deliver security services natively. The reality, however, is that cloud providers are only obligated to secure the underlying cloud infrastructure shared by all customers. However, and despite the fact that cloud providers also offer customers security services to attach to their applications, securing corporate data, web applications, and compute resources are the responsibility of the client."
cloud  services  security  contributed 
july 2019 by jonerp
Roadmap To Zero Trust For Small Businesses
"Small businesses and startups run so fast there’s often a perception that achieving greater security will slow them down. In a Zero Trust world, they don’t need to spend a lot of sacrifice speed for security. Following a Zero Trust roadmap can protect their systems, valuable intellectual property, and valuable time by minimizing the risk of falling victim to costly breaches.

Here’s what small businesses and startups need to include on their Zero Trust roadmaps"
business  featured  posts  technology  software  trends  &  concepts  centrify  privileged  access  management  cybersecurity  louis  columbus'  blog  zero  trust  privilege  security 
july 2019 by jonerp
Passwords Are The Weakest Defense In A Zero Trust World
"These and many other fascinating insights make it clear that passwords are now the weakest defense anyone can rely on in a Zero Trust world. Two recent research studies quantify just how weak and incomplete an IT security strategy based on passwords is, especially when the need to access mobile apps is proliferating. Combined, these two MobileIron reports pack a one-two punch at passwords, and how they’re not strong enough alone to protect mobile devices, the fastest proliferating threat surface in a Zero Trust world."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  louis  columbus'  blog  mobileiron  zero  trust  security 
july 2019 by jonerp
Security Metrics that Actually Matter in a DevOps World
"Deployment metrics measure the health of the deployment process and provide leading indicators of application stability.
Examples of deployment metrics: time-to-deploy, deployment frequency, deployment success/failure, time spent fixing failed releases, and environment configuration drift.
Elite performers in this category can deploy on demand;
Lead time metrics measure the capacity of the organization to respond to change and deliver business value (i.e. the time it takes to design and deliver requested security features).
Examples of lead time metrics: individual productivity/velocity, rework time, cycle time, time-to-value trends.
Elite performers in this category typically have average lead times <1 hour;"
devops  monitoring  security  contributed  sponsored 
june 2019 by jonerp
Google’s Maya Kaczorowski on Where Responsibility for Container Security Begins and Ends
"Google’s view of container security falls under three categories: infrastructure security, which involves how organizations’ container development environment is secure, Kaczorowski said. This involves network policies, user-identity management, secret management and other similar policies. The second category is what Google calls the “software supply chain,” which covers making sure organizations’ containers are built and deployed securely,” Kaczorowski said. In this way, the second category involves “knowing where your images are coming from scanning them for vulnerabilities and checking that they meet your requirements before you deploy them into your into your environment,” Kaczorowski said. The third category applies to container runtime security and “making sure that your containers are secure to run,” Kaczorowski said."
containers  security  podcast  sponsored  the  new  stack  makers 
june 2019 by jonerp
Machine Learning Is Helping To Stop Security Breaches With Threat Analytics
"Immediate visibility with a flexible, holistic view of access activity across an enterprise-wide IT network and extended partner ecosystem. Look for threat analytics applications that provide dashboards and interactive widgets to better understand the context of IT risk and access patterns across your IT infrastructure. Threat analytics applications that give you the flexibility of tailoring security policies to every user’s behavior and automatically flagging risky actions or access attempts, so that you’ll gain immediate visibility into account risk, eliminating the overhead of sifting through millions of log files and massive amounts of historical data."
business  featured  posts  technology  software  trends  &  concepts  cybersecurity  louis  columbus'  blog  privileged  access  management  verizon  zero  trust  privilege  security  ztp 
june 2019 by jonerp
How to Improve Privileged User’s Security Experiences With Machine Learning
"Every business is facing the paradox of hardening security without sacrificing users’ login and system access experiences. Zero Trust Privilege is emerging as a proven framework for thwarting privileged credential abuse by verifying who is requesting access, the context of the request, and the risk of the access environment across every threat surface an organization has."
business  featured  posts  technology  software  trends  &  concepts  centrify  louis  columbus'  blog  machine  learning  zero  trust  privilege  security  ztp  zts 
june 2019 by jonerp
HEAD IN THE CLOUDS: Week 8
"This week’s issue discusses Microsoft’s up-selling practices and the often-found and detrimental inconsistent messaging enterprises communicate to their cloud vendors during cloud negotiations."
cloud  hitc  microsoft  negotiation  tactics  ecs  enterprise  suite  mobility  +  security  365  office  secure  productive  spe  windows  10 
may 2019 by jonerp
CIO’s Guide To Stopping Privileged Access Abuse – Part 2
"Enterprise security approaches based on Zero Trust continue to gain more mindshare as organizations examine their strategic priorities. CIOs and senior management teams are most focused on securing infrastructure, DevOps, cloud, containers, and Big Data projects to stop the leading cause of breaches, which is privileged access abuse."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  enterprise  gartner  top  10  security  projects  for  2018  louis  columbus'  blog  privileged  access  abuse  management 
may 2019 by jonerp
Enterprise hits and misses – cybersecurity leaks, privacy falters, and Google Cloud raises their enterprise bet
"This week, in a travel version of hits/misses - cybersecurity stats that startle, and privacy gaffes that irritate. Plus: Google Cloud ups their enterprise game - and analysts weigh in. Your whiffs include the triumph of fussy babies in flight.
cloud  platforms  -  infrastructure  and  architecture  data  privacy  diversity  hits  misses  security 
april 2019 by jonerp
Oktane19 – Okta sets out its stall as an identity platform
"Opening its Oktane19 conference today, Okta extends its identity platform with new customization options and more support for developers"
governing  identity  privacy  and  security  infrastructure 
april 2019 by jonerp
Enterprise hits and misses – HR takes on AI, and machine learning raises the enterprise security stakes
"This week - A big change in tone for HR and AI. Debate - are AI and machine learning assets to enterprise security? And: the unknown unknowns of digital transformation. Your whiffs include highly personalized LinkedIn job offers."
digital  transformation  -  frictionless  enterprise  hcm  and  the  future  of  work  hits  misses  iot  robotics  ai  machine  intelligence  security 
march 2019 by jonerp
The Possibilities of AI and Machine Learning for Cybersecurity
"While the experts are ready to consider Artificial Intelligence (AI) as the future of cybersecurity, it is essential to evaluate the promises against challenges posed by AI to become a key element in the scheme of things for internet security. Let’s admit here that in spite of all the advantages, AI offers considerable security threats for cyber systems as well."
application  security  machine  learning  contributed 
march 2019 by jonerp
Enterprise hits and misses – retail gets a once-over, and Facebook asks for a privacy do-over
"This week - retail strategy comes into focus in our retail content blowout. Facebook vows to take a privacy do-over, while the abuse of privileged credentials raises red flags for enterprise security. Your whiffs include a sublime series of bonehead alerts."
data  privacy  hits  and  misses  retail  e-commerce  the  omni-channel  security  social 
march 2019 by jonerp
74% Of Data Breaches Start With Privileged Credential Abuse
"Enterprises who are prioritizing privileged credential security are creating a formidable competitive advantage over their peers, ensuring operations won’t be interrupted by a breach. However, there’s a widening gap between those businesses protected from a breach and the many who aren’t. In quantifying this gap consider the typical U.S.-based enterprise will lose on average $7.91M from a breach, nearly double the global average of $3.68M according to IBM’s 2018 Data Breach Study."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  ibm  2018  data  breach  study  louis  columbus'  blog  privileged  access  management  in  the  modern  threatscape  report  credential  abuse  security 
march 2019 by jonerp
Exclusive – how Innovative Composite Engineering excels at manufacturing quality and security with IQMS
"Success in manufacturing is not for the timid or the laggards. But IQMS ERP customer Innovation Composite Engineering has found a winning formula. Here's what they told me about their keys to success, from traceability to security to business intelligence."
digital  enterprise  in  the  real  world  internet  of  things  security  use  cases  manufacturing 
february 2019 by jonerp
Getting closer to guidelines on ethical AI
"AI is moving fast enough that our ethical framework is falling behind. Here's a critique of four AI characteristics, and a new way of thinking about AI ethics."
governing  identity  privacy  and  security  machine  intelligence  ai  robotics 
february 2019 by jonerp
Facebook’s Tool for Automated Testing at 2 Billion Users Scale
"Recently downloaded Messenger, Instagram and other Facebook apps running on Android now are built with software that has been automatically repaired “using search on test cases using crashes that were automatically designed using search-based software testing,” he said. “An end-to-end process that was completely automated up to the point where the patch that was found was suggested to the developer, and then the developer is the final gatekeeper to say, ‘yes that will going to the codebase.’”
application  security  ci  cd  devops  software  testing 
february 2019 by jonerp
Facebook profits, revenues, users and advertisers all soar – what’s it going to take?
"Facebook's clean-up costs are soaring, but so are profits and revenues and user numbers and advertisers. Why change?"
content  marketing  data  privacy  digital  and  security  social  ux  application  design 
february 2019 by jonerp
The What and Why of a Unified Security Strategy
"Build a multi-layered defense. A multi-layered security system is one that secures multiple types of components — like storage, networking and application runtimes. Not only is multi-layered security critical in today’s complex environments, but it’s the only way to build a broad, unified security architecture. Some of your environments or infrastructure may not have all of the layers you secure; for example, a bare-metal containerized environment won’t have a virtualization hypervisor for you to worry about. But you should still focus on securing all layers so that you cover all layers that exist in all of your environments;"
application  security  culture  sponsored 
january 2019 by jonerp
Enterprise hits and misses – talking IoT and blockchain futures, while data privacy is bought and sold
"In our triumphant/petulant new year's return, hits and misses features the impact of IoT, blockchain and cleantech. Retail omni-woes are nudged off center stage by a slew of data privacy controversies. Your whiffs include an underwhelming war of the machines."
data  privacy  governing  identity  and  security  hits  misses  internet  of  things  machine  intelligence  ai 
january 2019 by jonerp
Security Worries Rise as Container Adoption Increases
"Of the 266 that have containers in production, 47 percent said the containers had vulnerabilities, with that figure rising to 58 percent for those with more than 100 containers in production. The percentage of those that “don’t know” if there are vulnerabilities declines as the number of containers running increases."
application  security  containers  research  this  week  in  numbers 
january 2019 by jonerp
2018 – the year ‘Big Tech’ lost its innocence
"It’s taken more than a decade but government regulators and lawmakers have finally figured out how Google and Facebook make obscene amounts of money by gathering personal data from millions of users. They aren’t happy about it."
data  privacy  governing  identity  and  security  regulation 
december 2018 by jonerp
Gender, GDPR and tooling up for the cyber-wars – thought leadership from Barbara Endicott-Popovsky
"IT security guru Barbara Endicott-Popovsky on the major hurdles the West faces in the cyber-war - and why she loves GDPR."
digital  skills  and  training  diversity  future  of  work  security 
december 2018 by jonerp
Open Source Vulnerabilities: Minding Your Blind Spots
"While some headlines might make it seem like any open source vulnerability is cause for alarm, the reality is that not all vulnerabilities are critical. Determining which vulnerabilities require the most immediate attention is a challenge for development teams, especially since prioritization is another strategy with no standard best practice across the software development industry"
application  security  contributed  open  source 
december 2018 by jonerp
Facing up to the need for regulation – Microsoft recognises Big Brother potential
"George Orwell’s 1984 is arriving about 40 years behind schedule. Microsoft and other concerned technologists believe we’re running out of time to create new government regulations to deal with the dangers of facial recognition and other new surveillance technologies."
analytics  planning  and  data  analysis  privacy  governing  identity  security  regulation  social 
december 2018 by jonerp
US military to tech protestors – ‘We’re at war; pick a side’
"The revolt by thousands of Google workers against working with the Pentagon is drawing fierce pushback from the military, rival companies like Amazon and Microsoft, and even some fellow workers."
iot  robotics  and  ai  machine  intelligence  security 
december 2018 by jonerp
Enterprise hits and misses – Marriott stinks, Quora is questionable, and the omni-channel is elusive
"This week: As the holiday season rolls on, retailers's omni-channel woes persist. Plus: I blow a couple gaskets rounding up advice after the Marriott and Quora breaches. Then, there is an AI article whiff to reckon with."
hits  and  misses  retail  e-commerce  the  omni-channel  security 
december 2018 by jonerp
“That may be good for the world, but it’s not good for us” – Zuckerberg, Facebook and your data
"The UK Government released its seized Facebook documents yesterday and their contents confirm a lot of fears."
data  privacy  governing  identity  and  security  regulation  social 
december 2018 by jonerp
Marriott data breach shows cyber security risks of mergers
"The company also admitted that the information also includes payment card numbers and payment card expiration dates. While it claims the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128) it also admits that the keys to decrypt those payment cards may also have been stolen. If so, this makes the breach significantly worse as it shows the hackers had complete access to all company information."
latest  news  security  data  breach  due  diligence  forrester  gdpr  hackers  ico  m&a  marriott  nominet  starwood 
december 2018 by jonerp
Misrepresentation and technical nuances – Facebook’s answers to legislators questions under fire
"The UK Information Commissioner and the former Chief Technologist of the Federal Trade Commission have problems with Facebook's evidence to international legislators."
data  privacy  governing  identity  and  security  regulation 
december 2018 by jonerp
What the Marriott Breach Says About Security
"For companies, this principle means accepting the notion that it is no longer possible to keep the bad guys out of your networks entirely. This doesn’t mean abandoning all tenets of traditional defense, such as quickly applying software patches and using technologies to block or at least detect malware infections."
a  little  sunshine  data  breaches  security  tools 
december 2018 by jonerp
Break-even in sight for Box as enterprise deals increase in size and number
"Break-even may finally be in sight for Box, but it's a case of steady growth and lowered losses for now..."
cloud  platforms  -  infrastructure  and  architecture  collaboration  sharing  digital  productivity  governing  identity  privacy  security  machine  intelligence  ai  regulation 
november 2018 by jonerp
Zuckerberg ‘sends his cat’ as 9 governments slam Facebook CEO for not talking to 447 million people
"Zuck didn't show but the representatives of 9 governments and 447 million people did turn up to grill the latest Zuckerberg avatar."
data  privacy  digital  and  content  marketing  governing  identity  security  regulation  social 
november 2018 by jonerp
Zuckerberg vs the Serjeant-at-Arms – no contest as Facebook documents are seized by UK Government
"Obscure Parliamentary procedure was used to get hold of Facebook documents. Now the fun begins..."
data  privacy  digital  and  content  marketing  governing  identity  security  regulation 
november 2018 by jonerp
Facebook’s 2018 crises mean it’s time to unfollow its ‘sorry’ CEO
"'Sorry' has become a word that falls easily from the lips of Facebook's upper management; if only I believed they meant it..."
data  privacy  governing  identity  and  security  regulation  social 
november 2018 by jonerp
Could the new kingmakers turn us into puppets?
"Developers as the new kingmakers is now an established meme. But they should not be the arbiters of what is ethical programming. That debate has to be much wider."
devops  nosql  and  the  open  source  stack  digital  transformation  -  frictionless  enterprise  governing  identity  privacy  security  ethics 
november 2018 by jonerp
Zuckerberg’s annus horribilis continues as Facebook growth slows
"A "tough year" for the Facebook CEO - and 2019's not looking that much better..."
data  privacy  digital  and  content  marketing  governing  identity  security  social 
november 2018 by jonerp
Tim Cook calls for Bloomberg to retract controversial chip story
"Apple's chief executive is hoping Bloomberg will "do the right thing" and formally retract its Chinese spy chip story."
security 
october 2018 by jonerp
Huawei Connect 2018 – the smart police are coming
"A final report from Huawei Connect in Shanghai, as the vendor pushes a vision of smart safety and security."
cloud  platforms  -  infrastructure  and  architecture  collaboration  sharing  digital  productivity  iot  robotics  ai  machine  intelligence  regulation  security 
october 2018 by jonerp
Enterprise hits and misses – making sense of the Chinese server sabotage allegations, as silly season rolls on
"In this streamlined, “Jon feels the road burn” version of hits and misses, he picks the highlights from the week’s biggest shows, the best of the enterprise web, and, as always – your weekly whiffs. And: an anti-whiff!"
governing  identity  privacy  and  security  hits  misses 
october 2018 by jonerp
MikroTik vulnerability climbs up the severity scale, new attack permits root access
A bug previously deemed medium in severity may actually be as "bad as it gets" due to a new attack technique.
security 
october 2018 by jonerp
Dreamforce 2018 – What do digital governments need? Rebels that can rebuild trust.
"Salesforce’s SVP of Government Solutions, Casey Coleman, gives us her view on the state of government transformation globally and what it takes to get the job done."
governing  identity  privacy  and  security  df18 
september 2018 by jonerp
AI, edge and security share top billing at Microsoft Ignite
"Microsoft Ignite opens this morning with a blizzard of announcements, with special focus on advances in AI, IoT and edge, tempered by security"
infrastructure  internet  of  things  machine  intelligence  and  ai  productivity  security 
september 2018 by jonerp
Has GDPR changed marketing?
"GDPR is a wakeup call to marketing and beyond - and not just those with business ties to Europe. Barb Mosher Zinck muses on fresh data from the CMO Council and looks at where we go from here."
crm  and  customer  experience  data  privacy  digital  content  marketing  governing  identity  security  gdpr 
september 2018 by jonerp
Europe deals the open internet a blow as controversial copyright rules take a step closer to law
"Europe just dealt the open internet a blow - and probably undermined its own Digital Single Market economy plans in the process."
digital  and  content  marketing  governing  identity  privacy  security  regulation  social 
september 2018 by jonerp
It’s a mad, mad, mad IoT world – protecting America’s power grid from common household appliances
"The Internet of Things is a network comprised of billions of devices that connect to the internet through sensors or Wi-Fi. Mostly invisible and often unsecured, they are a potential goldmine for hackers and evildoers."
internet  of  things  security 
september 2018 by jonerp
Enterprise hits and misses – big data falls, blockchain rises, and security trusts no one
"This week - a look at Google's big data fall from grace - an opening for blockchain, or not? Also: security's weak link, and the zero trust imperative. Ideas versus execution, data silos, and whiffs-a-plenty."
governing  identity  privacy  and  security  hits  misses  machine  intelligence  ai  blockchain 
september 2018 by jonerp
Identities Are The New Security Perimeter
"18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.
Privileged credentials for accessing an airport’s security system were recently for sale on the Dark Web for just $10, according to McAfee."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  louis  columbus'  blog  next-gen  access  zero  trust  security 
august 2018 by jonerp
How Microsoft plans to save the Internet from bad actors with AccountGuard
"Microsoft is taking cybersecurity seriously - as it should. Does that make it the Internet's top cop?"
infrastructure  regulation  security 
august 2018 by jonerp
IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now
"The report is a quick read and the data provided is fascinating. One can’t help but reflect on how legacy security technologies designed to protect digital businesses decades ago isn’t keeping up with the scale, speed and sophistication of today’s breach attempts. The most common threat surface attacked is compromised privileged credential access. 81% of all breaches exploit identity according to an excellent study from Centrify and Dow Jones Customer Intelligence, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in)."
business  featured  posts  technology  software  trends  &  concepts  centrify  cybersecurity  enterprise  security  ibm  2018  cost  of  a  data  breach  study  louis  columbus  next-gen  access 
august 2018 by jonerp
Report analysis – AI and automation raises the stakes on IT security skills
"AI and automation will transform security, right? Not so fast. A new report indicates the problem comes back to a human skills gap. And, in my view, a culture problem. Here's my review of the data - and potential solutions."
digital  skills  and  training  governing  identity  privacy  security  machine  intelligence  ai 
august 2018 by jonerp
Federacy wants to put bug bounty programs in reach of every startup
"“We think that we can make the biggest impact by making the platform free to set up and incredibly simple for even the most resource-strapped startup to extract value. In doing so, we want to expand bug bounties from probably a few hundred companies currently — across Bugcrowd, HackerOne, etc. — to a million or more in the long run,” William Sulinski told TechCrunch."
developer  security  startups  bug  bounty  programs  federacy  ycombinator 
august 2018 by jonerp
Human Resources Firm ComplyRight Breached
"Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's thousands of clients on behalf of employees."
a  little  sunshine  data  breaches  tax  refund  fraud  complyright  breach  efile4biz.com  equifax  experian  ip  pin  security  freeze 
july 2018 by jonerp
Zero Trust Security Update From The SecurIT Zero Trust Summit
"Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords. Tom Kemp, Co-Founder, and CEO, Centrify, provided key insights into the current state of enterprise IT security and how existing methods aren’t scaling completely enough to protect every application, endpoint, and infrastructure of any digital business. He illustrated how $86B was spent on cybersecurity, yet a stunning 66% of companies were still breached. Companies targeted for breaches averaged five or more separate breaches already. The following graphic underscores how identities are the new enterprise perimeter, making NGA and ZTS a must-have for any digital business."
business  featured  posts  technology  software  byline=louis  columbus  centrify  cio  cso  cybersecurity  machine-learning  based  security  next-gen  access  nga 
july 2018 by jonerp
Over 20,000 Container Management Dashboards Are Exposed on the Internet
"A recent study by cloud security firm Lacework found over 22,000 publicly exposed container orchestration and API management systems, about 300 of which could be accessed without any credentials and gave attackers full control or remote code execution capability on containers."
news  technology  top  stories  containers  kubernetes  security 
july 2018 by jonerp
Analytics Are Empowering Next-Gen Access And Zero Trust Security
"Machine learning-based NGA platforms including Centrify calculate a risk score that quantifies the relative level of trust based on every access attempt across an IT infrastructure. NGA platforms rely on machine learning algorithms to continuously learn and generate contextual intelligence that is used to streamline verified user’s access while thwarting many potential threats ― the most common of which is compromised credentials. IT security teams can combine the insights gained from machine learning, user profiles, and contextual intelligence to fine-tune the variables and attributes that calculate risk scores using cloud-enabled analytics services.
business  featured  posts  technology  software  byline=louis  columbus  centrify  analytics  service  next-gen  access  nga  verizon  mobile  security  index  2018  report  zero  trust 
july 2018 by jonerp
Beyond Sapphire Now – DSAG on how SAP licensing must evolve
"SAP licensing and indirect access took a back seat at Sapphire Now. But as Andreas Oczko of DSAG explains, this is far from over. In this diginomica exclusive from Orlando, Oczko gave his view on SAP's document pricing announcements - and what needs to happen next."
digital  enterprise  in  the  real  world  transformation  -  frictionless  governing  identity  privacy  and  security 
june 2018 by jonerp
« earlier      
per page:    204080120160

Copy this bookmark:





to read