Selections from the top news items this week in the world of identity and application security.
Mastercard Files Patent To Use Blockchain To Protect Identity Data
From PYMTS: Mastercard has filed a patent that reveals it might utilize blockchain as a way to protect identity data. The application, which was originally filed in September 2017 and was released by the U.S. Patent and Trademark Office last week, describes how a semi-private or private blockchain could be used to receive and store identity data, including a “name, a street address, tax identification number” and more. “The use of a blockchain for the storage of identity and credential data may provide for an immutable storage of such data that can provide an accurate verification thereof and also prevent the fabrication of such data,” wrote Mastercard in the filing.
Austin is piloting blockchain to improve homeless services
From TechCrunch: The city of Austin is piloting a new blockchain platform to improve identity services for its homeless population, as part of a competitive grant awarded by the Mayor’s Challenge program sponsored by Bloomberg Philanthropies. Austin was one of 35 cities to be awarded pilot grants, and the top city from that group will ultimately be awarded $5 million.
Exclusive: Facebook to put 1.5 billion users out of reach of new EU privacy law
From Reuters: If a new European law restricting what companies can do with people’s online data went into effect tomorrow, almost 1.9 billion Facebook Inc users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company’s international headquarters in Ireland. Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25.
From NSTIC to improved federal identity, credential and access management
From CSO Online: Seven years ago this month, the Obama Administration published the “National Strategy for Trusted Identities in Cyberspace (NSTIC)”. NSTIC called for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” Fast forward to 2018. On April 6, the White House Office of Management and Budget (OMB) published a draft for public comment titled “Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management.” The new policy incorporates “Digital Identity Risk Management into existing processes.
Whois is dead as Europe hands DNS overlord ICANN its arse
From the Register: The Whois public database of domain name registration details is dead. In a letter sent this week to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.
Report: 1 in 4 public cloud users has had data stolen
From ZDNet: Among organizations that keep data in the public cloud, as many as one in four has experienced data theft there, according to a new survey from McAfee. This shouldn't come as a huge surprise to anyone keeping track of the countless headlines regarding unprotected servers. In spite of the risks involved, just about all organizations are plowing ahead with cloud adoption.
The cybersecurity skills gap caused 40% of IT pros to stall their cloud migrations
From TechRepublic: Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with a cloud-first strategy dropped from 82% in 2017 to 65% in 2018, the report found.
Compromised cloud credentials still plaguing enterprises
From TechTarget: Why are enterprises still struggling with identity and access management in the cloud? Experts at RSA Conference discuss the issue and the risks posed by compromised credentials. Sami Laine, director of technical marketing at Okta, said "identity used to be a boring IT problem," but that's no longer the case. "You're still going to have all those [security] investments that you made your moats and sharks with lasers," he said, "but now everything outside of that really comes down identity and authorization events."
Five reasons your business data isn't secure
From ITPro: Those General Data Protection Regulations (GDPR) are coming into effect soon – and there's still a lot of uncertainty over what they'll really mean. That means the time is now to apply some scrutiny to your whole relationship with data – not just personal customer details, but also any sort of data that's important to your business, and which would cause serious trouble if it were to leak or get lost.
Top cloud security risks for healthcare
From Information Age: The healthcare industry has always been preoccupied with data security. Healthcare organisations have to store enormous amounts of sensitive data and are subject to stringent compliance regulations. They have little choice but to make security a top priority.
How to secure hybrid clouds: What IT pros need to know
From TechRepublic: Public and private organizations have determined that moving data and software platforms to the cloud is not an all-or-nothing proposition. IT departments are learning to run a mix of on-premise private-cloud and third-party public-cloud services. Creating a hybrid-cloud platform allows workloads to move between private and public clouds as computing needs and costs change, giving businesses greater flexibility and more data-deployment options.
Security Experts Warn of New Cyber-Threats to Data Stored in Cloud
From eWeek: New cyber-attack techniques are evolving that threaten computer systems that IT security administrators may have considered relatively safe. That was the message of a panel of SANS Institute cyber-security experts at the 2018 RSA Conference. For example, cloud computing is often lauded for its security and a way for companies to offload the infrastructure and investment costs of owning and maintaining on-premises data centers.