Security

You have IAM controls defined - now what?

To implement security measures efficiently, organizations should start with the definition of policies and procedures and then focus on implementation projects.

One of the critical security measures is to enforce IAM controls throughout your organization.  In the course of working with hundreds of clients over the years, we’ve found that most organizations lack appropriate IAM policies and procedures, thus creating security deficiencies. 

Read More
By Dan Legault on Jun 21, 2017 3:26:42 PM
Security

Are your privileged accounts under control? – Part Three: Who’s watching the watchers?

In previous blogs under the theme “Are your privileged accounts under control?”, the discussion focused on establishing foundational services to address privileged access and creating a prioritized and strategic two-year roadmap. But what about year three? Once you’ve got your foundational services in place and humming, next you can start looking at the advanced capabilities of privileged access management, and focus on “who is watching the watchers?” Who is keeping an eye on the keepers of high-risk accounts such as administrators?

Read More
By Dan Legault on Apr 28, 2017 4:32:41 PM
Security

Are your privileged accounts under control? - Part Two

In our last blog, we introduced and expanded our analysis of how organizations keep their privileged accounts under control. We exposed the magnitude of the sensitivity of these accounts and the capabilities that may be required by them. Then, we introduced leading practices to get the accounts under control, mainly by executing a sound strategy. Now we will continue the discussion and reveal what the strategy should cover as well as how to manage its success.

Read More
By Dan Legault on Mar 24, 2017 3:39:59 PM
Security

Taking an IAM View of Verifone's Breach

Another major breach was disclosed on this week’s Krebs blog by acclaimed cybersecurity reporter Brian Krebs. He reported that Verifone is investigating a breach of its internal computer networks.  According to the article, it appears to have impacted several companies running Verifone’s point-of-sale solutions. The company says the extent of the breach was limited to its corporate network and that its payment services network was not impacted. It also appears that social engineering tactics were employed to gain initial access.

Read More
By Dan Legault on Mar 9, 2017 5:24:15 PM