Shadowy cyber criminal and ransomware gangs may be scary. But your biggest cloud risk likely comes from people you already know: current and former employees with access to sensitive systems and data. When more than 450 virtual machines running Cisco’s WebEx Teams...
Risky identities: APIdentities
Attacks on APIs are on the rise. Organizations need to worry about the risk posed by API-linked identities within their environments. In our previous Risky Identities posts, we have talked about the threats posed to your organization by some of the “usual suspects,”...
Risky identities: Third parties
The concept of third party risk isn’t new. As far back as the 2013 hack of Target Stores, risks associated with third party access to enterprise environments were well understood. (That attack resulted in the theft of data on 40 million Target customers and began with...
Risky identities: orphaned accounts
More cloud applications and platforms means more orphaned accounts. We talk about why that’s a problem - and what to do about it. In August of 2017, unknown attackers compromised front-end workstations on Singapore Health’s (SingHealth’s) IT network. The attackers...
What you need to know about HIPAA access reviews
The Healthcare law is mostly known for its data privacy provisions. But HIPAA has a lot to say about monitoring user entitlements. Here’s a review. Every industry is under pressure to protect its confidential data these days. But the pressure to protect data is...
NetFlix’s tool fixes AWS permission whack-a-mole. (now for everything else!)
NetFlix isn’t just your favorite video streaming service. It is also a powerful development shop and technology “first mover” on many fronts - cyber security and privacy among them. That’s why the folks at Zilla have taken a particular interest in a new tool from...
Cloud access risks: What you need to know
Understanding cloud user access is about a lot more than cloud users. Here's what you need to know. Even before the COVID 19 came on the scene, digital transformation was accelerating across industries. Now, a year later, the global pandemic has put those initiatives...
The long deep reach of the SolarWinds compromise
The news about the compromise of SolarWinds has started to recede but it will remain a watershed event in the history of information security. If you haven't heard this podcast discussing the compromise and its consequences by the Andreessen Horowitz team at a16z, it...
The future of software is SaaS…so build your security foundation now
In August 2011, Marc Andreessen published a Wall Street Journal editorial that has proved prophetic: Software is eating the world. His point was that all the underlying technology was in place for software to transform, well, almost everything. From photography and...