Selections from the top news items this week in the world of identity and application security.
How Refugees Are Helping Create Blockchain's Brand New World
From Wired: Without legal proof of your existence, you can’t do many things. You can’t vote, and you can’t drive. You can’t start a bank account or access government services. Good luck getting into a bar. According to the World Bank, more than a billion people have no way to prove their identity. The un-verified include refugees, trafficked children, the homeless, and other people who slip through society without developing many institutional affiliations.
The world’s first blockchain-powered elections just happened in Sierra Leone
From Quartz: On Mar. 7, elections in Sierra Leone marked a global landmark: the world’s first ever blockchain-powered presidential elections. As president Ernest Bai Koroma leaves office after serving two five-year terms, the maximum allowed constitutionally, Sierra Leoneans have had to pick from a pool of 16 candidates including the ruling party’s Samura Kamara, the erstwhile foreign minister, and Julius Maada Bio, former military head of state and candidate of the main opposition party.
Judge rules victims of Yahoo data breach can sue
From Axios: A judge ruled today that anyone affected by the U.S. data breach can sue Verizon, who owns Yahoo, according to Reuters, because customers might have acted differently if they had known of the security weaknesses.
Six simple cloud security policies you need to know
From TechTarget: The IT operations team often overlooks cloud security policies and best practices when it implements workloads on top-tier public cloud providers. The most common example is an inability to secure Amazon Simple Storage Service buckets. The cost to fix a breach -- and the damage done to a high-profile brand due to the breach -- far outweigh the time it would have taken to implement proper precautions.
Who owns identity and access management?
From CSO Online: Speed, agility, responsiveness; these are all terms frequently bandied about when today’s businesses are talking about their needs. In the world of digital transformation, along with increasing competition, companies deal with a fickle customer base that expects your business to pivot quickly to meet their demands or else fail. For some businesses, the notion of speed is essential.
Postman announces new API development platform for the enterprise
From SD Times: This new release features Single Sign-on (SSO), allowing organizations to more easily and securely manage team members’ access to API development work within a Postman instance. Postman Enterprise already supports multiple SSO providers such as Okta, OneLogin, Duo, Ping Identity, ADFS, and GSuite. Going forward, the company plans to add new providers based on customer need. Postman will also be providing SAML 2.0-compliant identity provider support.
DOD Sheds Light on Cloud Future with its JEDI Project
From FedTech Magazine: The Defense Department has made it very clear: The commercial cloud is in its future. And now it's finally offered some clarity on how it's going to get there. On March 7, top DOD officials from the Pentagon's Cloud Executive Steering Group presided over a well-attended industry day in Arlington, Va., to offer the department's vision for its Joint Enterprise Defense Infrastructure or JEDI.
How Amazon GuardDuty could bolster enterprise cloud security
From TechTarget: Cloud environments, particularly infrastructure as a service, can be challenging to secure -- especially from a monitoring point of view. There are a few reasons why this is true. First, as enterprises share responsibility for operational security oversight with a service provider, many of the technical controls that already help monitor and defend devices in an on-premises environment may not have full -- or any -- visibility into cloud environments. As anyone who has tried to do it can tell you, tying something like a legacy SIEM, for example, to a commodity public cloud environment can be kludgy at best and impracticable at worst.
Are we there yet? An update on Citrix Workspace experience
From Brian Madden: Here we are with fewer than 60 days to Synergy 2018, waiting to see what Citrix will have in store for us. Last year, one interesting product that Citrix showed was the Workspace experience. (Also known as Workspace Service, as well as StoreFront++. Jack Madden used the term Workspace Service at the time, but now we’re told that the official name is Workspace experience.) You can read Jack's recap here, but this effort was intriguing because it opened up the possibility that Citrix was interested in the IDaaS space, which is currently occupied by other EUC vendors such as Microsoft, VMware, Okta, Ping, and Centrify.
Palo Alto Networks buys Evident.io, extends its cloud security solution
From CSO Online: Businesses are adopting public clouds to enable them to work faster and be more agile, which are both critical to success in the digital era. In fact, many organizations have adopted a “cloud first” approach, where the mandate is to move every new application to the public clouds. Along with the benefits of cloud computing — increased agility, faster time to market, and the ability to scale infrastructure — though, comes increased security challenges.
Netskope brings continuous assessment and monitoring to IaaS security
From BetaNews: Cloud access security specialist Netskope is launching an expansion of its Infrastructure as a Service security offering to add continuous security assessment and monitoring capabilities. With this release, customers can use Netskope for IaaS to continuously assess their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) configuration in AWS, with Microsoft Azure to follow soon.