Tag: security

What is IAM (Identity and access management)?

Identity and Access Management Identity and Access Management (often abbreviated IAM) is a combination of technologies, techniques, and policies employed by companies to manage conditional user access across elements of their tech stack. The form IAM takes can vary widely across different enterprises, but the two primary objectives of Identity and Access Management are undeniably

Thumbnail

Doing the Math: Why strong authentication for every employee makes sense

By now, it’s an all-too-familiar routine… Step 1: Organization suffers an expensive and embarrassing security breach.  Step 2: Organization hastily introduces multi-factor authentication (or steps up its efforts to mandate its usage).  Oftentimes, it takes a breach to make organizations fully embrace strong authentication. But why? We know that usernames and passwords alone cannot provide sufficient security, and we know that SMS two-factor authentication (2FA) has been deprecated time

Thumbnail

Wrapping up 2020: A year where technology and internet security prevailed

Never has the world been more dependent on the internet, and never has it been more attacked than in 2020. In fact, it proved to be a year where trust in many of our systems was challenged. Yet I remain an eternal optimist and believe that we can transform the hard lessons learned in 2020

Thumbnail

4 things ‘Among Us’ can teach security professionals about authentication

You’re making good progress on this task. One more data upload and then you’re out of here. But right before you can complete the upload, a klaxon blares. There’s been an attack! Time to head to the meeting room for the usual finger-pointing and scapegoating before the team decides who to jettison from the ship.

Thumbnail

Lessons from the SolarWinds incident

Last week, a large and expertly run espionage operation was made public — one that began no later than October 2019, and which had been actively exploiting victims since at least early 2020. This incident is particularly interesting for several reasons: for the breadth of sensitive global government and industry targets, for misuse of a

What is FIPS 140-2?

What does it mean to be FIPS 140-2 Certified/Validated? To be FIPS 140-2 certified or validated, the software (and hardware) must be independently validated by one of 13 NIST specified laboratories, this process can take weeks. The FIPS 140-2 validation process examines the cryptographic modules. Level 1 examines the algorithms used in the cryptographic component

Two-factor authentication (2FA)

What is two-factor authentication? Two-factor authentication (also known as 2FA or two-step verification) is a method to confirm a user’s claimed online identity by using a combination of two different types of factors. A password is typically considered one factor, and with 2FA that is combined with another factor to increase login security. Factors used

Thumbnail

Jul 15, 2020

4 reasons to consider a security-first approach to product development

The internet is a powerful invention. It was originally built for collaboration, but it’s far surpassed the capabilities anyone could have expected, and has become a core function of society. As developers, we contribute to these incredible advancements every day, but it’s also our job to help protect and preserve the future of the internet.

Thumbnail

Security and Privacy During COVID-19

Join Dr. Dan Boneh, Stanford University, to explore security & privacy during the COVID-19 pandemic.

Thumbnail

Credential Theft: Common Mitigations vs. Attacker Behaviors

Attacker objectives are as diverse as human ambition.