Jack Shepherd

Infrastructure as a service—also known as cloud infrastructure services—refers to a business model where cloud providers host space on their servers for others to store core computing, networking, and other resources. With IaaS, businesses and individual users rent infrastructure for their apps and operating systems on demand.  For organizations…

Cloud security is a set of controls, policies, procedures, and technologies that protect data, infrastructure, and systems that are stored in cloud environments.  Cloud security measures give businesses the processes and tools they need to keep their data safe, meet their regulatory compliance requirements, protect their customers’ privacy, and…

Zero Trust is a security framework based on the belief that every user, device, and IP address accessing a resource is a threat until proven otherwise. Under the concept of “never trust, always verify,” it requires that security teams implement strict access controls and verify anything that tries to connect to an enterprise’s network. Coined in…

SAML stands for Security Assertion Markup Language, an open standard that passes authorization credentials from identity providers (IdPs) to service providers (SPs). Put simply, it enables secure communication between applications and allows users to gain access with a single set of credentials. Before we can dive too deeply into what SAML is used…

Privileged access management (PAM) is a way of authorizing, managing, and monitoring account access with a high degree of administrative permissions. This is done to protect an organization’s most critical systems and resources. These “super user” accounts are isolated within an encrypted repository or vault. The access of these systems is…

Earlier this week, Apple joined the likes of Amazon, Facebook, and Google on the list of board members at the FIDO alliance. An acronym for “Fast IDentity Online”, FIDO is committed to eliminating the need for passwords, strongly endorsing the adoption of trusted devices via standards like WebAuthn as a password alternative. But what could Apple’s…

In 2018, hackers stole half a billion records—an increase of 126% on the year prior, which translates to 3.8 million records per day. Ransomware is an ever-increasing threat, geopolitical tensions are being played out online, and corporate and government security systems are struggling to compete with the sophisticated modern cybercriminal. To…

Today consumer-facing service providers have a stark choice—to offer robust security or an easy user experience. But for many organizations, missing the mark on either of these elements can seriously damage their user engagement and retention rates—and by extension, their bottom line. To address this, we have now made Risk-Based Authentication…

At RSAC19, The Cloud Security Alliance hosted a discussion titled, “The Approaching Decade of Disruptive Technologies,” featuring security leaders from Duo, Centrify, Onapsis, and Okta’s own Executive Director of Cybersecurity Strategy, Marc Rogers. IOActive CEO Jennifer Steffens led the session with the intent of discussing what disruptive…

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In this post, we will explore the shortcomings of current…