Cloud Security Basics, Best Practices & Implementation

Cloud security is a set of controls, policies, procedures, and technologies that protect data, infrastructure, and systems that are stored in cloud environments.  Cloud security measures give businesses the processes and tools they need to keep their data safe, meet their regulatory compliance requirements, protect their customers’ privacy, and…

What is Zero Trust Security?

Zero Trust is a security framework based on the belief that every user, device, and IP address accessing a resource is a threat until proven otherwise. Under the concept of “never trust, always verify,” it requires that security teams implement strict access controls and verify anything that tries to connect to an enterprise’s network.   Coined in…

What Is SAML and How Does It Work?

SAML stands for Security Assertion Markup Language, an open standard that passes authorization credentials from identity providers (IdPs) to service providers (SPs). Put simply, it enables secure communication between applications and allows users to gain access with a single set of credentials. Before we can dive too deeply into what SAML is used…

What Is Privileged Access Management?

Privileged access management (PAM) is a way of authorizing, managing, and monitoring account access with a high degree of administrative permissions. This is done to protect an organization’s most critical systems and resources. These “super user” accounts are isolated within an encrypted repository or vault. The access of these systems is…

Apple Joins FIDO Alliance: Why this Matters for the Future of Passwords

Earlier this week, Apple joined the likes of Amazon, Facebook, and Google on the list of board members at the FIDO alliance. An acronym for “Fast IDentity Online”, FIDO is committed to eliminating the need for passwords, strongly endorsing the adoption of trusted devices via standards like WebAuthn as a password alternative. But what could Apple’s…

What is an Offensive Security Team?

In 2018, hackers stole half a billion records—an increase of 126% on the year prior, which translates to 3.8 million records per day. Ransomware is an ever-increasing threat, geopolitical tensions are being played out online, and corporate and government security systems are struggling to compete with the sophisticated modern cybercriminal. To…

How to Boost User Retention with Risk-Based Authentication

Today consumer-facing service providers have a stark choice—to offer robust security or an easy user experience. But for many organizations, missing the mark on either of these elements can seriously damage their user engagement and retention rates—and by extension, their bottom line. To address this, we have now made Risk-Based Authentication…

CSA Summit Panelists Talk Disruptive Technologies at RSA19

At RSAC19, The Cloud Security Alliance hosted a discussion titled, “The Approaching Decade of Disruptive Technologies,” featuring security leaders from Duo, Centrify, Onapsis, and Okta’s own Executive Director of Cybersecurity Strategy, Marc Rogers. IOActive CEO Jennifer Steffens led the session with the intent of discussing what disruptive…

What is WebAuthn?

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In this post, we will explore the shortcomings of current…

5 Ways to Continuously Mitigate Risk at Your Organization

We’re living in a landscape where risks are prolific, diverse, and often unanticipated. Organizations are under immense pressure to implement strong security measures and avoid cyber attacks from highly specialized threat actors looking to capitalize on the smallest oversight. In this post, we’ll look at some strategies you can leverage to manage…