Garry McCracken, Author at WinMagic Data Security Solutions, Protection Services and Software

69 posts

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic.

Device-Level Signals: Framework of Zero Trust Security

The U.S. government is tightening the reins, requiring agencies to comply with Zero Trust architecture (ZTA) by the end of September 2024. This strategy is targeted toward thwarting increasingly sophisticated and persistent cyberattacks. Zero Trust protocols are essential to safeguarding federal, medical, financial, and other high-risk industries. In the words of the U.S. government, “To…

Cybersecurity Insurance & MFA

Situation Many companies have found the evolving threat landscape has made cybersecurity desirable, and some companies even require their suppliers have an adequate amount of cybersecurity insurance in place before doing business with them. If you are applying for cybersecurity insurance for the first time or are renewing, you will find an increased level of…

A Revolutionary Innovation in User Authentication

For as long as organizations have used the internet to conduct business, online security threats such as phishing emails, credential theft and malware attacks have been an unfortunate and ever-present shadow over their digital operations. One of the foundational defenses against these threats has been the implementation of user authentication strategies. Quite simply, these involve…

How Zero Factor Authentication Is Securing the Future

Too often, the weight of ensuring an organization’s digital security falls on the shoulders of the poor end user. Burdened with the responsibilities of remembering multiple passwords, juggling countless devices that receive codes and keys, and trying their best not to lose their laptops, it’s no wonder there are so many security breaches in the…

What is passwordless and why does it take a journey to get there?

Let’s start the journey with the destination in mind. In a passwordless world you will no longer need to remember a complex string of letters, numbers, and special symbols for each site or server you connect to. In a passwordless world you will no longer need to type or enter these passwords. In a passwordless…

Encryption and Authentication at the endpoint

Introduction In this blog I explain why it makes sense to use the same endpoint security solution for both encryption for data at rest on the device and authentication to servers and web services such as SaaS. First; what are the core attributes of a good endpoint encryption solution? By endpoint encryption I mean Full…

Choosing the right architecture to establish and maintain a user session with the “authentic” user.

The purpose of this blog is to examine the issues related to a Relying Party (RP) authenticating a user, establishing a user session with that user, and then maintaining confidence that the user at the other end of the session (the endpoint) continues to be the “authentic user” for the duration of the user session. …

FDE and the Opportunistic vs Dedicated Adversary (Do a Risk Assessment)

I have always been a proponent of doing a security risk assessment in order to determine the amount and depth of controls required to protect information appropriately. Risk is a function of the probability and the impact of a successful attack. The higher the probability, and the higher the impact, the higher the risk. For…

Linux Servers and Encryption – the Need and the Solution

In the past, I have tried to make the case for encrypting physical servers on premises. The argument for not needing to encrypt them is that these servers usually run for weeks, months, or even years without being brought down. And, that they are physically protected within a well-fortified data center. The protection that Full…

Full Drive Encryption, Key management and MBAM

(Microsoft announces end of mainstream support for MBAM as of July 2019) WinMagic’s CEO, THI NGUYEN-HUU, has blogged in the past about the ideal architecture for Full Drive Encryption, and Key Management (Separating Encryption and Key Management). By separating key management, which includes authentication, from the actual encryption layer, one is able to use a…