Uncategorized

Synchronization enforces control for cloud integrated IDaaS and Access Management (SSO)

When Olympic rowers glide across the water’s surface at speeds of more than 25 mph, it’s because all the crew are in synch with one another. It’s a collaborative effort. As appropriate…if you are of a certain age and watched films from in science class and the guy in the lab coat was speaking but his words would burble out a second of two later. Not only is this synch off, but the power of the message of symbiosis is gone too. And in cloud

Mirror Mirror: the difference between Identity Management & Access Management

One of the biggest misconceptions in cloud security is the perception that identity management (IDaaS) and access management (SSO) are the same thing. They’re not. And it took a viewing of the famous Star Trek episode called Mirror Mirror for me to best illustrate and articulate the difference between the creation and management of a user account and credentialed rights and the funneled applications that entity is allowed to see. For those unfamiliar with the episode, it’s the one where Kirk is transported into an

Integrated provisioning and access: He said it was too good to be true

It’s no covert fact that my secret identity is that of a mild-mannered cloud security executive. And as such, I don’t try to directly promote or discuss any specific solutions my firm offers. However, I was showing a recent upgrade of an access and identity management integration to a CIO of a large medical management company and he offered up the best compliment I could hope for: “This is too good to be true.” What he was alluding to was the successful demonstration of a

Can your company afford to lose $400 million?

Of course not. But that’s the dollar figure companies stand to lose in terms of consumer trust when security protocols are breached according to a new study by the research firm Ponemon. In terms of dollars and cents on a risk analysis spreadsheet, it is easier to put a value on a particular asset than the potential recurring value of a client, customer or even partner. Beyond lawsuits and capital and operational expenses to repair a mea culpa, weak cryptography, hack defenses or shoring an

Do you want to know what you don’t know?

In my experience there are two types of enterprise IT departments -those that maintain the status quo and those looking to continuously explore and improve. It is truly unfortunate how many fall into the former category.  But the problem with IT security is that it’s an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep. I

FFIEC’s recognition of cloud security advantages is good for modest financial orgs

Last month the Federal Financial Institutions Examination Council (FFIEC) shared an opinion on the viability and security of cloud computing. In the four-page statement, the interagency body empowered to prescribe uniform principles, standards, stated that cloud computing is “another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing.” What they are offering is a back-handed endorsement of cloud computing with the caveat that if you perform your due diligence and the solution passes the security smell

Do you leave your keys in the car too?

I heard the sky was falling. Well, at least the cloud was plummeting groundward. And all it took was one tech journalist to get his iCLoud account (and essentially his entire digital footprint) hacked. “The cloud is just like the Wild Wild West. No rules, no laws, no protection” “Just can’t trust the cloud.” I’ve seen those forum posts lately. Even the reigning high priest of computing Steve Wozniak (co-founder of Apple) voiced concern “I really worry about everything going to the cloud. I think

The DNA of Cloud Security

Just like the Boston Red Sox and lo-cal deserts and hybrid cars, everybody loves a bandwagon. We get caught up in the hype. Business concepts are not immune. Cloud and cloud-centric computing have been getting a great deal of play in business media and the blogosphere, and most companies are quickly moving to adopt various cloud platforms. So much so that that many solutions that claim to be cloud, really are nothing but server-based enterprise applications wrapped in a browser experience. Just because you access

A preposition makes all the difference in/of/for/from the cloud

No, this isn’t 7th grade English…I promise. With all the important decisions IT departments make, what’s the big deal whether cloud security means from the cloud, in the cloud, of the cloud or for the cloud. Well, a lot. Amongst the various media, blogs, professional chatter, webinars, conferences and the like, the concept of cloud security is getting a significant amount of airplay. However, the difference in the application of a simple preposition completely alters the scope and meaning of these conversations to that of

Are the costs of cloud security to good to be true?

What is it they say…you get what you pay for, right? In most cases, that is a spot on assessment but in terms of the cloud-based security, the numbers tend to add up towards the benefit of the user. But let’s get the whole idea of numbers down straight. It’s all relative. What is pricy for one organization is downright affordable to another, so in terms of costs let’s look squarely at the moving target of return on investment. What makes cloud security compelling is