by Rebeca | Oct 20, 2014 | News
Companies are no longer tolerant of security-and-compliance teams telling them they cannot go to the cloud. The benefits of cloud technologies are too many to ignore in a business strategy: commodity pricing, flexible scaling, low staff needs, and (for SAAS) a rent-to-own model.
Risk teams must learn how to adapt to the cloud environment, which means changing how they measure and respond to risk in cloud situations. Risk leaders who refuse to make this change are likely to find themselves irrelevant in their organization, suffering not only career immobility but also standing on the sidelines as they watch their company take on increasing risk with little or no care for mitigation.
Complete article by Isaca
by Rebeca | Oct 8, 2014 | News
Stolen account credentials played a part in the recent Target Corporation payment card data breach. With approximately 40 million customers’ credit and debit card information exposed, stolen credentials from a third party vendor highlighted the weak security that often surrounds internal passwords.
A recent report from Clearswift in fact found that 58% of all data security threats come from the extended enterprise (employees, ex-employees and trusted partners).
Reaction to this news included Dr Anton Chuvakin, research director for Gartner Inc. He said that enterprises are bound to encounter attacks using legitimate stolen credentials, regardless of the proactive security measures put in place to ensure credentials are safe.
Complete article by IsDecisions
by Rebeca | Oct 8, 2014 | open source
Open-source components are available for core identity and access management functions. IAM leaders can avoid proprietary software purchase costs; however, software maintenance and support contracts will likely be needed.
In the last research of Gartner the theme was Open-source options for Identity and Access Management. Our solution is present and their analysts Gregg Kreizman and Felix Gaehtgens value us as:
· Functionality — Medium to High.
Soffid has one the most comprehensive list of IAM features of products reviewed.
It is also the only product that includes ESSO and PAM functionality.
· OSS Maturity — Low.
Soffid IAM has a «freemium» model that is licensed under GPL v3 and is being used by a small community. There is a free community license and an officially supported version. It is under active development by the company Soffid.
Research: «Open-source options for Identity and Access Management»
by Rebeca | Oct 8, 2014 | News
As business leaders become more ‘cyber aware’ concerns over data security shift from awareness to action. Organisations around the globe are increasing security spending, but have they prioritised budgets correctly or are they just throwing money at the problem?
There are many opportunities and benefits provided by doing business in a hyper-connected word but they come with risks. I read a report by the World Economic Forum recently that draws some interesting conclusions about information security practices and risk budgets.
Increasing threats
High profile security breaches, data loss and hackings hit headlines on a regular basis. We are doing business in world where a large organisation can be targeted by 10,000 attacks a day and the resulting costs are growing. Cyber Risk is a global priority and both large and small organisations are encouraged to act now.
Complete article by Information Security Buzz.
by Rebeca | Apr 10, 2014 | News, Resources
In an era of Edward Snowden and other high-profile data exfiltration incidents, such as last year’s Saudi Aramco breach, perhaps it’s unsurprising that only 9% of businesses in a recent survey from Ovum said that they feel safe from insider threats.
Insider threats are no longer only made up of traditional insiders with legitimate access rights who abuse their positions to steal data for personal gain. Privileged users who maintain systems and networks are now an additional concern, as their roles typically require access to all data accessible from systems to perform their work.
In the study from industry analyst Ovum, nearly half of UK-based respondents (42%) acknowledged it is these privileged users (system administrators, database administrators, network administrators, and so on) who pose the biggest risk to their organizations.
Complete Article by InfoSecurity
