Microsoft announced they had closed their internal investigation of the SolarWinds attack. The Microsoft Security Research Center (MSRC), which has shared learnings and guidance throughout the Solorigate incident, confirmed that following the completion of their internal investigation, Microsoft has seen no evidence that Microsoft systems were used to attack others. There was also no evidence of access to Microsoft production services or customer data.
With work from home becoming the norm, employees are likely letting their guards down, allowing people in the same household, whether family or visitors, to have access to work-related content. That is why a good cybersecurity strategy starts with people—and a zero trust approach.
With millions of people working from home at present, and likely into the future, the enterprise perimeter has all but dissolved. In the process, organizations are struggling to ensure security in this "zero-trust" and remote era.
Just as you would imagine based on its name, Zero Trust requires authentication of each touchpoint connecting to an organization’s network, aiming to transform it into an impenetrable fortress. Regardless of its benefits, even Zero Trust has its limitations and can create friction unnecessarily, which could have a lasting effect on employee productivity and an overextension of security resources. Are there any alternatives? Is there another remedy that can provide a similar level of security as Zero Trust without the friction? Zero Trust 2.0 is the answer.
Dr. Chase Cunningham, a recipient of Security magazine's Most Influential People in Security, has joined Ericom as its Chief Strategy Officer. In this role, he will shape the company's strategic vision, roadmap and key partnerships. Dr. Cunningham previously served as vice president and principal analyst at Forrester Research, providing strategic guidance on Zero Trust, artificial intelligence, machine learning and security architecture design for security leaders around the globe.
As organizations continue to adapt to life in the age of COVID-19, smartphones are set to take on additional responsibilities – even as the security limitations of these devices become ever more evident. Below, I’ve highlighted five key trends that are set to shape mobile security in 2021.
One Identity released global survey results that revealed that 37% of IT professionals rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity management team. Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments.
One lesson that is underscored by the disruption of COVID and the resulting transformation of business operations is the importance of IT modernization. Here, we know that business leaders understand its significance, but we also see evidence that failing to embed security into the strategies and plans for IT modernization may be a difference-maker.
Content-centric solutions that evaluate each message based on how likely it is to be bad create a gap through which identity-based email attacks can slip. A zero-trust email security model is vital to closing that gap. Zero-trust may also be characterized as zero-assumption.
Basketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!).