Why Relying on Phones for Online Authentication Is a Bad Idea

In 2022, the US Government released memorandum M-22-09 addressing the requirements for achieving zero-trust security. This introduction has sparked a new standard of cybersecurity for organizations that are looking to stay a few steps ahead of cybercriminals. Zero-trust security requires an on-guard approach where “no actor, system, network, or service operating outside or within the…
Device-Level Signals: Framework of Zero Trust Security

Device-Level Signals: Framework of Zero Trust Security

The U.S. government is tightening the reins, requiring agencies to comply with Zero Trust architecture (ZTA) by the end of September 2024. This strategy is targeted toward thwarting increasingly sophisticated and persistent cyberattacks. Zero Trust protocols are essential to safeguarding federal, medical, financial, and other high-risk industries. In the words of the U.S. government, “To…
Cyber Security Insurance & MFA

Cybersecurity Insurance & MFA

Situation Many companies have found the evolving threat landscape has made cybersecurity desirable, and some companies even require their suppliers have an adequate amount of cybersecurity insurance in place before doing business with them. If you are applying for cybersecurity insurance for the first time or are renewing, you will find an increased level of…
Implementation of user authentication strategies

A Revolutionary Innovation in User Authentication

For as long as organizations have used the internet to conduct business, online security threats such as phishing emails, credential theft and malware attacks have been an unfortunate and ever-present shadow over their digital operations. One of the foundational defenses against these threats has been the implementation of user authentication strategies. Quite simply, these involve…
How Zero Factor Authentication Is Securing the Future

How Zero Factor Authentication Is Securing the Future

Too often, the weight of ensuring an organization’s digital security falls on the shoulders of the poor end user. Burdened with the responsibilities of remembering multiple passwords, juggling countless devices that receive codes and keys, and trying their best not to lose their laptops, it’s no wonder there are so many security breaches in the…

What is passwordless and why does it take a journey to get there?

Let’s start the journey with the destination in mind.   In a passwordless world you will no longer need to remember a complex string of letters, numbers, and special symbols for each site or server you connect to.  In a passwordless world you will no longer need to type or enter these passwords. In a passwordless…
Encryption and Authentication at the endpoint

Encryption and Authentication at the endpoint

Introduction In this blog I explain why it makes sense to use the same endpoint security solution for both encryption for data at rest on the device and authentication to servers and web services such as SaaS. First; what are the core attributes of a good endpoint encryption solution? By endpoint encryption I mean Full…

FDE and the Opportunistic vs Dedicated Adversary (Do a Risk Assessment)

I have always been a proponent of doing a security risk assessment in order to determine the amount and depth of controls required to protect information appropriately.   Risk is a function of the probability and the impact of a successful attack.   The higher the probability, and the higher the impact, the higher the risk. For…

Linux Servers and Encryption – the Need and the Solution

In the past, I have tried to make the case for encrypting physical servers on premises.  The argument for not needing to encrypt them is that these servers usually run for weeks, months, or even years without being brought down. And, that they are physically protected within a well-fortified data center.  The protection that Full…