Selections from the top news items this week in the world of identity and application security.
IDENTITY + THE CLOUD
How to use Slack to onboard new hires
From Fast Company: Okta – which provides identity and access management, or in other words: secure access, authentication, and single sign-on to software applications – lets employees securely connect to the suite of tools and services that you use at your organization, including Slack. Enterprises use Okta to manage access to Slack and other applications, which increases security and maintains compliance across devices.
SaaS activity alerts can mitigate manual misconfigurations
From TechTarget: SaaS activity management is becoming more important for infosec teams to combat issues of insider theft and unintentional exposure of sensitive data, BetterCloud's David Politis says. Politis: “We have it fully integrated for Okta, Dropbox and Google. We're layering it in for Box and Salesforce, so over the next couple months we'll have the same functionality available across all the applications that we support.”
Nine essential elements for a strong privileged account management strategy
From CSO: There are a number of firms and security experts continuously lobbying for privileged access management (PAM). Gartner, at its Security and Risk Management Summit in June, laid out the top 10 security projects that chief information security officers (CISOs) should concentrate on in 2018, among which PAM stood first. However, despite these steady reminders, many privileged accounts still remain poorly protected, ignored, or mismanaged, making them easy targets. Your privileged account management strategy should support your strategy to control privileged access to your critical assets, which should support your identity and access management plan, and so on.
2020 Census Comes With New Technology, but Greater Risks
From The Wall Street Journal: The Government Accountability Office warns that the 2020 Census, which will employ new digital technologies such as cloud and mobile computing, faces a greater risk of cyberattack than did earlier, lower-tech efforts. Hackers interested in attacking the new census systems could undermine trust in the data, steal information for future attacks, or skew results with implications for democratic process in the U.S., say cybersecurity experts. An estimated 146 million housing units in the U.S. are due to be counted starting April 1, 2020.
Large organisations less confident over cloud security compared to smaller businesses
From Computer Weekly: A study has found larger enterprises are not as confident as smaller businesses about the security of their data in the public cloud. The survey found that the larger the organisation, the less likely they were to be using public cloud services. Some 46% of the smallest companies, with 250 to 499 employees, used the cloud; 42% of firms with 500 to 749 staff; 40% of those with 750 to 999 workers; but only 28% for businesses employing over 1000 people. The study showed a similar picture in attitudes to cloud security – 26% of the largest organisations were not very confident over the security of data with public cloud, but only 16% of the smallest respondents shared that view.
Here's what US adults actually know about cybersecurity
From Tech Republic: Even though cyberattacks are common place now, more than 20% of US adults have never heard of popular cybersecurity jobs, according to a recent survey from the University of Phoenix. The survey found that only one in 10 respondents were familiar with cybersecurity job titles, while 20% had never heard of them, according to the press release. US adults were most unfamiliar with penetration testers (52%), white hat ethical hackers, and computer security incident responders (46%). This unawareness and lack of knowledge on cybersecurity leaves Americans even more vulnerable to attack.
Equifax’s Security Overhaul, A Year After Its Epic Breach
From Wired: A year ago, the credit bureau Equifax saw signs of a problem on its network. Hackers had entered the company’s systems, stealing the personal and financial data of more than 147 million people in the United States, including Social Security numbers, dates of birth, home addresses, and some driver's license numbers and credit card numbers. In the year since the breach, the company has invested $200 million on data security infrastructure. A primary priority has been strengthening access control protections and identity management across the company.
Adopting a Zero Trust approach is the best strategy to control access
From HelpNetSecurity: A new study conducted by Forrester Consulting found that organizations powering Zero Trust Security with next-gen access solutions reported twice the confidence to accelerate new business models and customer experiences. The study of 311 IT decision-makers in North America and the UK finds that 67 percent of all enterprise resources are exposed to access-related risk, and that a Zero Trust Security approach is the best strategy to control access to enterprise resources.
Data privacy rules have big beneficiary: lawyers
From the San Francisco Chronicle: Salesforce is hunting worldwide for lawyers focused on data privacy. So is Google. Newly public Okta, a San Francisco software firm, also wants to hire a privacy-oriented lawyer. Same with cloud service Twilio. Data privacy, once a second-order subject in Silicon Valley, has rocketed to the fore thanks to a battery of new laws.
Zero trust security model boosts business confidence
From Computer Weekly: Organisations that assume no user or device can be trusted and combine this approach with next-generation access (NGA) tools report greater business confidence, reduced risk and lower security costs. That is a key finding of a study by Forrester Consulting commissioned by NGA provider Centrify. The study showed that 67% of all enterprise resources are exposed to access-related risk, and that a zero trust security approach is the best strategy to control access to enterprise resources.
Hitting the refresh button on the cybersecurity industry
From CSO: When a code red—or even a code yellow—hits an organisation, security teams are among the first to know. They troubleshoot. They firefight. They keep networks and other corporate assets secure. But when it comes to innovation and digital transformation, security professionals don’t always get a seat at the table. Security organisations can—and should—be leading the charge to tackle the riskiest problems in their organisations head-on. However, an ingrained culture of inertia and blame-shifting has gobbled up innovation. Thankfully, things are beginning to change.
DEVELOPERS + THE TECH INDUSTRY
DZone Research: How APIs Have Changed Application Development
From DZone: APIs have made the creation of applications faster, resulting in more flexible applications, while giving developers the opportunity to reuse code. To gather insights on the current and future state of API management, we talked to 17 executives who are using APIs in their own organization, as well as helping clients use APIs to accelerate their digital transformation and the development of quality applications. We asked them "How have APIs changed application development?"
Tech, data, privacy and time: It's a trade-off, but are we trading too much?
From MarketPlace: Between social media, election meddling, privacy concerns and fears of internet addiction, we are at a time when we are re-evaluating the grand bargain that we have made with technology. We've gotten used to trading personal information for tailored ads and letting devices into every part of our lives for convenience. But, as we develop these habits and make these trade-offs, what does it mean for our kids? Marketplace Tech host Molly Wood talked to Marcus Collins, chief consumer connections officer at the Doner creative agency, about how advertisers think about reaching kids and how this tech bargain is impacting the next generation.
DZone Research: How To Secure APIs
From DZone: To gather insights on the current and future state of API management, we talked to 17 executives who are using APIs in their own organization, as well as helping clients use APIs to accelerate their digital transformation and the development of quality applications. We asked them "What kind of security techniques and tools do you find most effective for securing APIs?”
Learn more about the topics in the news this week:
- Okta’s API Security ebook
- ScaleFT + Okta: Making Zero Trust a Reality
- Are You Prepared to Secure Your Millennial Workforce?
- According to Gartner, these are the Top 5 Trends in CIAM Solution Design
- Employee Onboarding and Offboarding: Is It Killing Your IT Admins