Tag: cloud security

Lessons Learned from LinkedIn

Users are making it too easy for hackers. If we take a closer look at the 6.5 million hashed LinkedIn passwords that leaked we find a large swath of the user population are ignoring warnings of overly simplistic and obvious passwords. Would you believe the most common word or phrase found in a 160K sampling of the list was “link”? And would you further shake your head in disbelief that “1234” and “12345” followed close behind. Rounding out the top 10 were “work,” “god,” “job,”

Casting Light on Shadow IT and ID

It’s not a new term or concept. You probably recognize that it’s happening within your own organization. Shadow IT is the appropriation and use of IT assets and applications without organizational approval.  And it happens more than you know. Sally the sales rep gets a label template design application, Marco from HR downloads software that manages inbound resumes. Kelsey in marketing signs up for a WordPress page and social media accounts. All too often, employees are not going through corporate channels to get what they

The Genie, The Bottle and BYOD

It’s safe to say the genie is out of the bottle. The rise of employees (and other credentialed users) using their own smartphones, tablets and other personal devices is rising and there’s little to nothing  IT can do about it…or is there? In the past weeks I’ve written about BYOD and password management, but I want to approach the subject from a slightly different perspective. Administrating access management and identity management from the cloud is a cost-effective and nearly-instantaneous way to quickly create, manage and

In Cloud We Trust

It wasn’t too long ago the very thought of security in the cloud was a challenging barrier to adoption. How can you secure a thing so vaporous and intangible? It scared off a lot of companies (especially SMBs and midsized) that would have felt the immediate financial savings and productivity gains from the various applications and solutions that were deployed from this nebulous place called the cloud. That barrier is cracking. Earlier this week Microsoft released a study of SMBs that found the move to

Identity Management in the Cloud: A Matter of Function, Control, Cost

I was flipping around the 320 channels on TV yesterday and came across an old episode of Seinfeld. It’s the one where Jerry is asked to fill in as a doorman for a high rise. While standing sentry, he lets various people through and finally leaves his post only to find the lobby couch was stolen. It got me thinking about how many companies simply leave the proverbial front door open and practically let anyone access data on their network without secure authentication. User identities

If a tree falls in your network, does anybody hear?

When I started scribbling notes as to what to write about this week, my first thought was to address some of the claims that cloud wasn’t “ready for prime time,” by a some survey done by Wisegate. Everyone is entitled to an opinion, and those who wish to turn a blind eye to the maturation of the cloud do so at their own risk. Before I move on to the subject at hand, I will simply remind doubters that these same voices were shouting the

The Challenge of BYOD

“Don’t care how…I want it now!” -Veruca Salt (Willy Wonka and the Chocolate Factory) We live and work in a world of immediate gratification. In the name of greater productivity if you need to check inventory from a supplier’s warehouse…click there it is. Share a file on Dropbox, no problem. Add detail about a meeting in the sales database… click! Update your Facebook or LinkedIn status. Email a white paper to a potential client…click, click. Want to see that flying pig meme…well, you get the

Shooting from the HIPAA… compliance in the cloud

As an IT professional, what visuals are conjured when you hear the phrase “HIPAA compliance;” Is it Sisyphus having to push a heavy boulder up a mountain only to have it roll back down? Is it some hapless character from a Kafka novel caught in some endless bureaucratic labyrinth of requirements? Or is it just a giant hippopotamus sitting on your lap? Compliance is the necessary evil of any IT strategy. It has the best of intentions, and in many cases, it ensures the right

A Job for Man or Machine?

A Chief Technology Officer for a Midwest banking holding company made a very interesting observation earlier this week. In commenting about the needed increase in fraud fighting resources, he warned about the perils of overemphasizing technology while ignoring training staff in using manual fraud-detection processes. Most of what he says is spot on in terms of ensuring the proper prioritization, risk analysis and the blind reliance on technology to identify and neutralize threats and breaches. In fact, as an officer in a technology company, I