Selections from the top news items this week in the world of identity and application security.
Bitcoin Hype Aside Blockchain For The 'Public Good' Comes To The Rescue
From Forbes: Projects like Substratum, a U.S.-based software development firm that has architected, developed and deployed software solutions for Fortune 100 companies such as Apple, Disney Facebook and HP amongst others, and the Decentralized Identity Foundation (DIF), which is building an open source decentralized identity ecosystem for people, organizations, apps and devices, aim to provide decentralization to network infrastructures and digital identity, respectively.
Facebook Data: Information Shared With Third-party App May Not Have Been Protected
From Newsweek: In the months following the revelations regarding the Cambridge Analytica data breach at Facebook, social media users have discovered additional ways in which their information may have been misused. A new investigation done by New Scientist magazine found that people who used the third-party quiz application called myPersonality may have been put at risk for even greater exposure.
Here, there, everywhere: How pervasive identity and access management transforms secure access
From CSO Online: When users are as likely to be working on the go as at their desks, and applications are as likely to be in the cloud as on-premises, you need identity and access management everywhere. This requires a single, standards-based authentication platform that spans all applications and access points.
White House Eliminates Cybersecurity Coordinator Role
From The New York Times: The White House eliminated the position of cybersecurity coordinator on the National Security Council on Tuesday, doing away with a post central to developing policy to defend against increasingly sophisticated digital attacks and the use of offensive cyber weapons.
Salesforce CEO Marc Benioff calls for a national privacy law
From CBS News: Amid continuing fallout from Facebook's massive user data scandal and increased scrutiny of how the tech industry handles consumers' information Salesforce CEO Marc Benioff is calling for a national privacy law in the U.S.
Pioneers Create Infrastructure for Self-Sovereign Identity Online
From Information Week: The General Data Protection Regulation (GDPR) and Facebook's data privacy leaks have focused greater attention on the issues around the data privacy of consumers. These headlines come at a time when plenty of organizations are collecting your data, and there is not a single set of rules about how that data must be handled. Do you own your own personal data about yourself? Can you even control it or know what's out there?
Census Bureau, contractor race to update identity management system for 2020
From Fedscoop: As the 2020 census approaches, the Census Bureau has issued a noncompetitive justification to allow a single contractor to continue handling the implementation of $9.5 million in upgrades to secure taxpayer information during surveying. The bureau released the justification on FedBizOpps on Friday, saying that it required Centreville, Va.-based IT contractor TriVir, LLC, to continue work on modernizing its identity and access management tool, the Census Public Access Security Systems (C-PASS) — which holds decennial census, economic census and other taxpayer-based data — to meet new Homeland Security Presidential Directive-12 data security requirements.
Overstock.com puts a lot of stock in blockchain
From Computerworld: More than four years ago, Overstock.com became the first major retailer to accept bitcoin as a form of payment for its goods. Today, it accepts more than 40 versions of the digital currency for online purchases. While bitcoin may have first caught the online retailer's eye, it's the technology behind the digital tokens – blockchain – that has really captured Overstock.com's investment wallet.
How GDPR Affects IAM Usage
From Security Boulevard: The European Union’s General Data Protection Regulation (GDPR) takes effect May 25 and aims to protect the identity of individuals. Unfortunately, its requirements are more complex than many realize, putting security teams potentially at increased risk of incurring huge penalties. “There are two issues that should concern security teams. The first is to stop conflating ‘personally identifiable information’ with GDPR’s actual definition of a data subject, which can be simplified to ‘information which can lead to the identification of a natural person,’” said Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies, a cybersecurity software company.
What Is Next-Generation Privileged Account Management?
From Security Intelligence: Privileged account management (PAM) is emerging as one of the hottest topics in cybersecurity — and it’s easy to understand why. Cybercriminals are relentless when it comes to finding and compromising their targets’ privileged credentials to gain unfettered access to critical assets.
Google Says Its Cloud Services Fully Comply With EU GDPR Rules
From eWeek: On Friday, Google listed the multiple measures the company has taken to ensure its cloud services comply with data privacy mandate. Among them are updates to the company's data processing terms and conditions, new data portability features and updated terms pertaining to breach disclosures and incident reporting.
Okta, BetterCloud forge integration pact
From ZDNet: Okta and BetterCloud have formed a partnership to blend software-as-a-service security and operations. BetterCloud, which offers a SaaS operations management platform, launched a connector for Okta to manage policies for identity, access, configuration and data management. According to the companies, the partnership will help enterprises better control SaaS sprawl. Okta and BetterCloud aim to cut manual processes and operational silos.
API security: gold rush or wild west?
From ITProPortal: In today’s world, being constantly connected to people and systems through devices is pretty much a normal state of affairs. While this opens up a world of opportunities, the downside is that more and more connections also mean more and more opportunities for attack and compromise. The good news is that many of these interactions rely on an API (Application Programming Interface) to communicate to an application or system somewhere in the world.
Sometimes employees follow cybersecurity best practices beyond company policies
From Help Net Security: According to a new survey of 1,000 full-time employees published by Clutch, most employees use passwords as the primary form of IT security at their company. Over three-fourths (76%) practice some form of password protection, the survey found. In addition, password update reminders are the most common cybersecurity policy employees encounter.
Protect Your Organization From Declining Cloud Security
From PCMag: RedLock Inc., a cloud security intelligence company, recently conducted survey and incident research that identified not only key cloud threats that have been known for a while but also a brand-new, up-and-coming one: cryptojacking. Over the last year, RedLock found that instances of cryptojacking—in which cybercriminals hijack cloud services to use as compute platforms for cryptocurrency mining—have tripled.
Digital Transformation: What’s Going Well?
From Medium: Enterprises have been spending more and more on technology for years, which might imply a sort of vision. But in reality, much of the spending could be interpreted as haphazard. Some businesses have been throwing money at mobile, as though that’s all that matters. Others have launched innovation centers that work on research projects but often fail to impact the core business. Others still have just bolted new solutions on top of whatever they already had. Sometimes, all of the above has been true within the same company.
Learn more about the topics in the news this week: