Businesses @ Work (from Home): The Finance Edition

As the COVID-19 pandemic and shelter-in-place regulations continue to keep people at home, businesses around the world have adapted to new ways of operating—with many looking to quickly deploy solutions to keep large remote workforces connected, productive, and secure. Organizations in the banking and finance industries are no different—and with…

How SaaS and Cloud Storage Is Shifting Your Security Perimeter

Modern organizations have embraced Software as a Service (SaaS) in a big way—and for good reason. Cost savings, increased efficiency, and boosted productivity are just some of the benefits of outsourcing IT solutions like email, app hosting, and data storage to independent third parties. In fact, solutions offered by cloud providers like Microsoft…

The Evolution of Zero Trust: Next Gen Access

The Zero Trust security framework was first developed by John Kindervag in 2009 while he was at Forrester Research. Zero Trust challenged the traditional security model of a firewall forming a perimeter between a trusted internal network and an untrusted external one. This security approach breaks down if a threat actor is able to penetrate that…

A Brief History of Zero Trust Security

The Forrester Zero Trust model, which has been around since 2009, argues that organizations should regard all network traffic as untrusted, regardless of where it’s coming from. The idea of a trusted internal perimeter leaves the organization at risk if that perimeter is compromised or an insider turns malicious. Of course, the situation has…

Two Months In: How Are Companies Being Impacted by the GDPR?

Online data privacy has always been a controversial topic. The fact that users store data with third parties has demanded increased transparency on how these platforms actually store and process personal data. Data breaches resulting in compromised personal information have added fuel to the fire, proving that privacy concerns are warranted. These…

Replace RSA SecurID with Modern MFA

Defense in depth, the coordinated use of multiple security layers to protect system and data integrity, is a multi-layered strategic approach which is deployed to minimize the risk of compromise. The basic premise is that if one security countermeasure is defeated, there is another to ensure your systems remain secure. MFA – Defense in Depth for…

It’s a New World with WebAuthn: Passwordless Authentication Goes Primetime

The vision of a secure, passwordless experience on the web has long been on the minds of security professionals and password-fatigued users. An open standard called Web Authentication (or “WebAuthn”) is rapidly progressing towards achieving that vision after hitting a major milestone this week. Specifically, on April 10 the World Wide Web…

5 Identity Attacks That Exploit Your Broken Authentication

Traditional authentication methods that rely on usernames and password integrity are widely considered to be broken. In fact, “Broken Authentication” sits at #2 in the OWASP Top 10 for application security risks. As organizations begin to move more sensitive data to cloud apps to take advantage of the productivity gains, the traditional perimeter…

What is Continuous Authentication?

Authentication is undoubtedly one of the most crucial aspects of cybersecurity today, but our understanding of how to verify users and their actions has been largely unchanged for decades. It always works the same: the user provides something they know (password), have (ID), or are (fingerprint) and if this input matches what the system knows…