Author: David Treece

Thumbnail

Laying the groundwork for continuous authentication

Continuous authentication is an emerging concept—a future ‘nirvana’ state of security that would provide the capability to validate a user’s identity in real-time as they maneuver between systems, applications, and devices. In theory, continuous authentication solutions would use risk signals from a variety of monitoring sources to authenticate users, identify potential threats and proactively remediate

Thumbnail

White House declaration: act now for cybersecurity attack protection

Last week, President Biden made a statement that couldn’t have been clearer in its message regarding cybersecurity attack protection to the private sector: “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year

Thumbnail

Security considerations for the top 8 mobile device-restricted workplaces

When looking at enterprises and organizations, there are many different business scenarios that can be present when addressing secure authentication. Whether those be shared workstations, remote workers, or even privileged accounts, there is one in particular that introduces its own difficulties: mobile device-restricted workplaces.  It’s safe to say that there will always be workplaces which,

Thumbnail

Supply chain security in 2022

The SolarWinds and Colonial Pipeline security breaches are two (of many) incidents that have made supply chain attacks go mainstream. The primary challenge for businesses is that supply chain defense isn’t easy given the hundreds, if not thousands of entry points that need to be monitored along the way. But there are best practices that

Thumbnail

In passwordless authentication, who is holding the keys?

Strong authentication practices are based on validating a number of authentication factors to a relying party (RP) or identity provider (IDP) to prove you are who the RP expects. Examples of relying parties could be Dropbox or Salesforce. Identity providers, who can also be a relying party that interacts with the authenticator, include Microsoft Azure,

Thumbnail

Mitigation and incident response plans to help prevent ransomware attacks

We’ve all grown accustomed to a flood of ransomware attack  news almost every week, with no end in sight. The recent arrest of two Ukrainian ransomware attackers demonstrates that the White House is serious about going on the offensive against ransomware distributors. But often enforcement could end up being a game of whack-a-mole — hit

Thumbnail

Zero Trust is the new regulatory minimum for Federal agencies: what does that mean for authentication?

The deadline is looming for federal agencies to implement impersonation-resistant multi-factor authentication (MFA), just one of the new stronger security requirements under President Biden’s new cybersecurity executive order (EO 14028). The EO puts security front and center to address some of the worst cyber attacks against the federal government, setting up new federal compliance expectations

Thumbnail

Seven tips if you’re still scratching your head after reading Biden’s cybersecurity executive order

Yubico works with a lot of federal agencies and contractors, as well as with customers in regulated industries, so we understand the challenges new compliance regulations can bring. The executive order that was released May 12 can be seen as the federal government fully embracing the move toward multi-factor authentication (MFA) for use cases where

Thumbnail

Quick Take: Executive Order on Improving the Nation’s Cybersecurity

With the recent number of attacks that have had significant impact on critical systems, a new executive order on improving the nation’s cybersecurity has been released, covering many key areas that need to be addressed to protect critical digital infrastructure. This is one of the most detailed U.S. executive orders on cybersecurity and we welcome

Thumbnail

Yubico Simplifies Smart Card Deployment in the Enterprise

In the enterprise, smart cards simplify login to computers, VPNs, and online applications. Smart cards are also used for digitally signing emails and documents. While smart cards are known for delivering strong authentication, they are not simple to deploy. For example, to use a smart card in an enterprise setting, an admin must install client