Cloud Security

As important as it is to achieve SOC 2 compliance, the manual work involved, along with all the minutia required, often leaves CISOs and Compliance leaders feeling overwhelmed at the prospect of preparing for audits.  But preparing for, and ultimately achieving, SOC 2 compliance doesn’t need to be complicated or overwhelming. Today, organizations are starting […]

Open source projects are the embodiment of the core philosophy: ‘free internet and technology for everyone around the globe’. They can be created, changed and distributed to anyone by anyone and for any purpose. Contributing to an open source projects is an endorsement of this philosophy, that promotes digital literacy in technological and non-technological communities. […]

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source […]

While Okta and NS1 support SAML Authentication, Provisioning and de-provisioning users still requires manual work. We hate manual work, so here’s a way to automate the entire process, end-to-end, using Okta Workflows. Still unfamiliar with Workflows? Start here. Setting the Scene On NS1’s portal, Create an API Key for Okta Workflows. 2. On Okta Workflows […]

Have you shifted left yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does not […]

“Working from home 2021″ marks a massive shift away from common workspaces in response to the global pandemic. There is no more working remotely or working from home, there is just working. The axiom, “work is what you do, not where you go” has never before been so true. The possibility for the workforce to be location independent […]

On 14 July, 2020, Oliver Hough, a security researcher from Cyjax, published a report centered on a phishing campaign targeting banking customers in the United Kingdom, which evades two-factor authentication (2FA). On 16 December, 2020, researchers from the Global Threat Intelligence Team at WMC disclosed that they were tracking a threat actor who goes by the alias “Kr3pto”. […]

Overview Phishing continues to be a major attack vector, and it’s surprising just how many security incidents and breaches start with an employee clicking on a link in a carefully crafted phishing email (and sometimes doing the same with a not-so-well crafted phishing email — see this example).  There’s still a general perception that phishing attacks […]

Millions of people worldwide are still working remotely to support shelter-in-place requirements brought on by the pandemic. For many workers, a remote workstyle is a preference that will likely become a more permanent arrangement. Enterprises have responded by expanding their use of VPNs to provide remote access to the masses, but is this the right choice for long-term access?  Aside from enabling easy connectivity, […]

The global pandemic spurred a massive work-from-home (WFH) wave quite literally overnight. Hundreds of millions of people worldwide were told to stay home to stay safe, but they needed to keep working as best as possible. Enterprises responded to this sudden need for extensive remote network access by focusing on getting people connected—but connectivity often […]

Cloud security is a set of controls, policies, procedures, and technologies that protect data, infrastructure, and systems that are stored in cloud environments.  Cloud security measures give businesses the processes and tools they need to keep their data safe, meet their regulatory compliance requirements, protect their customers’ privacy, and establish authentication rules around all of […]

This year, the business community was forced to adapt to a new era of distributed work—and cyber threats have adapted right along with them. Between unsecured home WiFi networks and the rise in personal devices accessing company resources, the opportunities for data theft have risen as teams have dispersed. Implementing robust identity and access management […]