A de-provisioning proverb: When a door closes, just make sure you don’t leave a window open

disgruntledA forensic analyst confirmed something that I long believed to be true. One of the greatest threats to an organization comes from within. Not everyone who exits a company leaves with a handshake and a gold watch. Often times there are hard feelings; that the employer wronged the former employee and that employee will exact a matter of revenge or feel justified to extract some sort of perceived compensation. Now this isn’t meant for you to look sideways at the person sitting in the next cubicle. However, access policies  needs to be a part of any company’s  internal risk assessment and security policy.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

Advertisements

Supporting CIO strategies and priorities from the cloud-Part 1

CIO strategyMost CIOs recognize that the future of enterprise IT lay not with sitting and writing code and patching servers, but rather one of strategic development and as an integrator of business goals: riding the sea change from a person plugging in cables to an analyst; from a compiler of stacks to a broker of business needs. Part 1 of 2

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

 

Sailing the 7 C’s of security monitoring

7 seas cloudOne of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal of resources to watch pots. Monitoring simply is the central component to any security initiative. But with all best practices, there are variables. How much to monitor? What priorities matter? Where are my greatest vulnerabilities? To this end, I have boiled down monitoring to 7 best practices…The 7 C’s of security monitoring:

READ THE ENTIRE ARTICLE ART THE NEW CLOUD ACCESS BLOG SITE: HERE

Adaptive Risk: Making sure you are who you say you are

mirrorImplement the predictive analytic process that is designed to assess/score risk attributes during authentication so that Access Management can determine whether to require the user to complete further authentication steps. Adaptive risk is the key engine in the unified Identity Management/Access Management (IAM) deployment.  It provides the smarts (or the means to collect the “fingerprints”) of possible identity breaches while closely controlling who gets to access what portions of your network.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

 

My Security Playlist: now playing Access Management

nowplayingThe Who asked ultimate Access Management question…”Who Are You?” So do we listen to Paul McCartney said and “Open the door and let ’em in” or kick them to curb as the Stones suggest…”Hey You, Get off of my Cloud” The answer is different for each organization because, not every employee, partner or customer is equal.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

So, just what is REACT? And why does it matter?

react2_smHaving all the security solutions–even if they’re cloud-based–doesn’t necessarily ensure holistic protection. In the modern enterprise, there are simply too many parallel silos of data. The key is to get the solutions not only to talk to each other, but to leverage one another’s capabilities…in real time. It’s about a unified approach: Think of it like an apple pie. You might have apples, dough crust, butter and spices. Each can be used on their own. However, when using each of the ingredients together, you create a tasty result that is more than the sum of its parts.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE

 

REACT to the Cloud: A tale of horror and unified security

Today’s is a cautionary tale. One that you’ve probably heard before, but I promise a new spin on making sure it won’t happen again. It’s a true story. It recently happened to a colleague’s friend’s business. It was a dark and stormy night…

Introducing a new security paradigm that leverages the cooperative functionality of various security tools. However, the key is still monitoring the results in real time; and the best case scenario (most efficient/effective means) for most companies to achieve this is via the cloud.

READ THE ENTIRE ARTICLE AT THE NEW CLOUD ACCESS BLOG SITE: HERE