Selections from the top news items this week in the world of identity and application security.
Europe's New Privacy Law Will Change The Web, And More
From WIRED: On May 25, the power balance will shift towards consumers, thanks to a European privacy law that restricts how personal data is collected and handled. The rule, called General Data Protection Regulation or GDPR, focuses on ensuring that users know, understand, and consent to the data collected about them. Under GDPR, pages of fine print won’t suffice. Neither will forcing users to click yes in order to sign up.
Mark Zuckerberg’s Reckoning: ‘This Is a Major Trust Issue’
From the New York Times: For much of the past week, Facebook has been embroiled in a controversy involving Cambridge Analytica, a political consulting firm with ties to Donald J. Trump’s 2016 presidential campaign, and how the firm improperly obtained and exploited personal data from 50 million Facebook users. On Wednesday, following widespread questions about his whereabouts, Mark Zuckerberg, the chief executive of Facebook, spoke with two New York Times reporters, Sheera Frenkel and Kevin Roose, about the controversy and the steps he was taking to make the social network less prone to abuse.
McKinsey research shows how to leverage the public cloud, securely
From CSO Online: In understanding trade-offs and benefits of any business opportunity, McKinsey frameworks are often considered the gold standard. The Firm’s “C level” global reach, their insightful questions, analysis and development of objective frameworks is unparalleled.
Artificial intelligence key to do 'more with less' in securing enterprise cloud services
From ZDNet: Security professionals in the enterprise are facing an uphill battle to maintain control of corporate networks. Data breaches and cyberattacks are rampant, sensitive information belonging to both companies and individuals is spilling unchecked into the underbelly of the Internet, and with the emergence of state-sponsored threat actors, it is becoming more and more difficult for organizations to keep up.
Orbitz says a possible data breach has affected 880,000 credit cards
From The Verge: Travel booking website Orbitz has announced that it discovered a potential data breach that exposed information for thousands of customers, as reported by Engadget. The incident, discovered by the company on March 1st, may have exposed information tied to about 880,000 credit cards.
Victoria adopts Australia Post digital proof-of-age card
From ZDNet: Victorians will be able to use a digital proof-of-age card to enter a pub for a cheeky beverage, following the announcement by the Victorian government that licensed premises will accept the digital version of the Keypass card. The task of taking the proof-of-age card in the digital realm was completed by Australia Post, which has added the card to its Digital ID app. The app is claimed to use an on-screen animation that prevents replication and creates a temporary QR code that can be scanned.
Identity and access management: A how-to for the modern enterprise
From Information Age: Identity and Access Management (IAM) may be one of the most important security programmes an organization can implement in the fight against cybercrime. This is for the simple reason that the ultimate goal for hackers is to appear like legitimate users within the organization. They want to log in and be undetectable whilst doing bad things, stealing data or pilfering intellectual property.
Why Identity and Access Management is Crucial for Digital Transformation
From CSO Online: For organizations taking up the challenge of digital transformation, the good news is that there’s a light at the end of the tunnel. The even better news is it’s a train—the oncoming digital ecosystem express train, as new Gartner research calls it. You have to be technology-ready to get onboard, and identity and access management technology is a key component of that readiness.
Don't Treat Your Customers Like Criminals: Three Ways Companies Can Improve Customer Experience
From Forbes: Identity is now a critical way to access online services. Unfortunately, many solutions require customers to jump through more hoops online, and verification can take hours, or even days, during the account opening process. We all hate it, including banks, and that’s why 40% of people who open an account online never get around to completing the process. Companies must balance risk with the user experience.
SD-WAN needs software-defined security
From Computer Weekly: By 2021, the majority of IT decision makers will have started to adopt software-defined networking (SDN). With this figure alone, it is clear that we are on the cusp of a significant software-defined shift in the wide area network (WAN) space – as traditional WAN is being outstripped by its software-defined younger brother.
The security concerns of cloud cryptomining services
From TechTarget: Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one. One of the more interesting news stories over the last year has been the rise -- and, currently, the fall -- of cryptocurrencies. Bitcoin is the best-known variety, but other cryptocurrencies, such as Litecoin, Ripple, and Ethereum, also saw dramatic increases in their worth during 2017. While some of this value dropped off in the first few weeks of 2018, there exists significant value in these currencies.
From TechTarget: Hackers are always on the lookout for vulnerabilities in IT systems, and enterprises need to be on guard. While there are many tools to help protect data and detect threats, there is one cloud security risk these tools can't always account for: the human factor.
Internet Society: Cryptocurrency probably not an identity system
From The Register: Too many cryptocurrency people are trying to force-fit blockchain technology into identity solutions when ID needs its own solutions. That's the opinion of Steve Wilson of Lockstep Consulting, who this month co-authored a paper on identity for the Internet Society: Do Blockchains Have Anything to Offer Identity? with Steve Olshansky and contributor Robin Wilton, both of the Internet Society.
62% of enterprise IT leaders say on-premises security is better than cloud
From TechRepublic: Virtually every organization is moving workloads to the cloud, but many remain wary of its security, according to a Thursday report from Barracuda Networks and Dimensional Research. Some 56% of the 608 IT security decision makers surveyed for the report said that their on-premises security is superior to what they could find in the cloud. This number was even larger—62%—for those in enterprises with more than 5,000 employees, the report found.
Azure Guest Agent Design Enables Plaintext Password Theft
From Dark Reading: The design of the Microsoft's Windows Azure Guest Agent could let hackers steal plaintext administrator passwords from target machines, researchers at Guardicore reported this week. If abused, the flaw could enable a cross-platform attack affecting every machine type Azure provides.