As a veteran of enterprise IT, there’s a difference between “hybrid by design” and “hybrid by accident.” Let’s be frank: you are probably doing hybrid by accident – just about everybody is. Hybrid by accident is: Integrating public cloud with on-premises tech without standardizing on a common infrastructure-as-code practice Shadow IT cloud “experiments” that […]
This week, Google announced the acquisition of key HTC assets. This will give them some of the hardware technology expertise, the design skills and the experience in smartphone retail distribution they badly need. Due to Android’s massive fragmentation, Google needs to control the distribution of its services, to reduce its traffic acquisition costs and to [ […]
This Year’s Winning EA Initiatives, Brought To You By Forrester And Infoworld, Drive The Customer-Obsessed Digital Business Any enterprise architects worth their salt can tell you how strategic enterprise architecture is, but the fact is that most EA programs struggle. The problem? Getting the enterprise to act strategically in the face of the need for […] […]
As will be no surprise to advertising industry watchers, the duopoly of Google and Facebook once again demonstrated its dominance of the ad market following the release of their Q2 2017 earnings results. According to Forrester’s just launched Digital Marketing Tracker report, Google and Facebook accounted for 74% of both ad revenue and growth among […]
If you’ve ever encountered virtual or augmented reality in the business world it was likely at an event or tradeshow where a company had an AR/VR demo at their booth to draw in “traffic.” While this is certainly a valid marketing use case, it’s not all this technology has to offer B2B marketers. Although related, […]
I hope that nobody in your organization needs convincing that you should join us at the B2B Marketing Forum in Austin, Texas, this year (October 5 and 6, 2017). We have an incredible agenda with a fantastic lineup of inspirational speakers. What’s unique is that we’ve designed the agenda to help B2B marketing leaders succeed at […]
Do you currently have someone in your organization who fits this job description? If not, then it’s time you do. In the past year, we’ve seen a spike in inquiries on the topic of product managers, primarily from brands that are considering embedding this role into their organization for the first time. Why now? The […]
Fresh off a successful event in Washington, DC last week, we’re gearing up for Forrester’s Privacy & Security Forum Europe in London on 5-6 October. Forrester is gathering experts in cybersecurity, privacy, customer experience, regulatory compliance, identity management, personalization, blockchain, and a range of related topics. Together, Forrester ana […]
On October 6, 2014, Flipkart launched Big Billion Day, an event that occurs within India’s festive season — a holiday period that accounts for 40% of the total sales of key brands in India. Now in its fourth year, Big Billion Day has expanded from a one-day event to five days. In 2014, Snapdeal launched […]
Why is journey analytics such a hot topic? Because it can help firms move the needle on customer obsession. That’s why after months of research — including in-depth briefings, demos, and customer references — we’re excited to announce the release of not one but two Forrester Wave’s focused on customer journey analytics platforms! Customer journey […] […]
Heather Flanagan talks about the confidence that is needed to accelerate the digital economy and now business and governments can work together toward that common goal of growing the economy. Digital ID is how we get the confidence as a platform to grow the economy.
In a world full of uncertainties and data breaches, Identity and Access Management (IAM) must deliver more than ever, faster than ever, for businesses to succeed at building trusted relationships and delighting customers at every interaction. With such large-scale breaches becoming commonplace, it is more important than ever to integrate threat intelligence […]
GDPR will apply to all types of systems where personal data resides. That goes beyond traditional database, CRM or Identity Management systems: Emails, spreadsheets and text documents, PDFs and images, web pages and data collected from social media are only a few examples, and they are everywhere in the organization. All of this might and will contain PII (p […]
Organizations are under pressure to change in the current age of Digital Transformation. One of the key differentiators of innovative digital business models and thus new revenue streams is the profoundly changed relationship to customers and consumers. Creating innovative consumer services, collecting and managing better customer information and even just o […]
by John TolbertLast week we completed the opening dates on the Consumer Identity World Tour in Seattle. To kick off the event, the Kantara Initiative held a one-day workshop to showcase the work that they do. Kantara is an international standards organization which develops technical specifications promoting User Managed Access, Consent Receipt, Identities […]
Relational databases are still the most widespread technology for storing and managing business-critical digital information. Manufacturing process parameters, sensitive financial transactions or confidential customer records - all this most valuable corporate data must be protected against compromises of their integrity and confidentiality without affecting […]
Date: Wednesday, September 20, 2017Author: Jeff Kukowski, CEO Today, we are excited to announce that SecureAuth and Core Security are merging to become one company. Core Security is a leader in vulnerability discovery, identity governance, and threat management, which is highly complementary to the identity security technology SecureAuth pioneered and conti […]
Date: Tuesday, September 12, 2017Author: Mike Talon A Quick Guide to the Top 12 Acronyms in Identity Management Newcomers and old hands alike can feel a little lost in the alphabet soup of acronyms in the identity management and protection arena. Some of the acronyms might seem fairly straightforward, but hidden complexities can lead to confusion or misunde […]
Date: Monday, September 11, 2017Author: Jeff Nolan, CMO The news of the massive Equifax data breach broke last week, and the collective shrug of yet-another-data-breach was deafening. The fact that it happened to a credit reporting service that is known for offering identity protection in the wake of other people’s data breaches is ironic, but beyond that, […]
Date: Thursday, September 7, 2017Author: Damon Tepe It’s no surprise that Office 365 has become the most widely-used cloud service in the world: Users love that it’s convenient, accessible from anywhere, on any device, at any time and IT loves it because there is no updating, patching or hardware concerns. But recent reports from Skyhigh Networks and Micros […]
Date: Wednesday, August 23, 2017Author: David Ross, VP Research - SecureAuth The week before last, I confessed to password tweaking. Recently Troy Hunt released 320 million hashed passwords collected from breaches (https://haveibeenpwned.com/Passwords) so I thought I’d run an experiment on that data based on common password tweaking techniques. I wanted to […]
Date: Monday, August 14, 2017 We're honored to announce that the Orange County Business Journal has named SecureAuth one of the 2017 Best Places to Work in Orange County! This county-wide competition, managed by independent research firm Best Companies Group, was designed to identify and recognize the best places of employment in Orange County, Californ […]
Date: Friday, August 11, 2017Author: David Ross I have a confession to make. For over twenty years, I’ve been using the same password for most everything. And the worst part is, I thought I was being smart about it. A long time ago (in the same galaxy but far, far away from where I am now), I was told to come up with a phrase that meant something to me, tak […]
Date: Monday, August 7, 2017Author: SecureAuth It’s 2017, and data breaches are occurring at a record pace. It’s no wonder, then, that Americans are becoming increasingly anxious about their online security. Our recent report with Wakefield Research says Americans are much more likely to be concerned with their online personal information being stolen (69 p […]
Date: Wednesday, August 2, 2017Author: SecureAuth Our recent survey, conducted in conjunction with SC Magazine, shows that organizations are moving towards a passwordless future. The results show that while 36% of IT decision makers believe they will no longer rely on passwords 5 years from now, concerns remain around the complexities involved with rolling- […]
Date: Monday, July 31, 2017Author: Jeff Hickman If you’re an IT pro, you’re likely aware of the very real damage that can result from even one user’s credentials being compromised. Once attackers have a foothold in your systems, they can linger for months, steadily increasing their permissions until they find and steal your most valuable data. Many organiza […]
The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Sho […]
As software increasingly plays a critical role in how organizations conduct business, we are seeing two trends emerge: 1. Organizations want more software produced faster. 2. Cyberattackers are finding software a more attractive target. For developers, all the above means that their jobs are changing. The need to get software out the door faster has led to a […]
We’re pleased to announce that our colleague Colin Domoney, a consultant solutions architect for Veracode, was recently nominated for a Security Leader of the Year award. Organised by Information Age, Tech Leaders Awards is Britain's flagship celebration of tech leaders, honouring those at the forefront of disruption and innovation and playing a central […]
The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The securi […]
I’d read about social engineering for a few years before I first stepped into the Social Engineering Village at DEF CON 20. But I didn’t grasp the power of this type of attack until I watched a live call during which employees of major companies simply offered up all the information needed to breach their systems – no technology required. I was hooked. In ca […]
My name is Laurie Mercer, and I have introduced a security vulnerability into software. The year was 2004. As I travelled to work, Franz Ferdinand and The Killers blared on my cool new iPod. I was a developer, my first proper job after graduating with a degree in computer science and moving to the big city. Responsible for implementing functional changes, I […]
The EU Global Data Protection Regulations (GDPR) go into effect in May 2018, and will introduce stark new data security requirements for any organization in the EU, or doing business in the EU. The requirements in this regulation surrounding data retention and personal information are unprecedented, and so are the fines for non-compliance. How will this play […]
At Jenkins World on Aug. 31, Veracode’s Pete Chestna (@PeteChestna) will join fellow industry experts, including DevOps.com’s Alan Shimel and Forrester’s Robert Stroud, to address the hurdles organizations face as they try to create a DevSecOps culture. DevSecOps adoption is on the rise – and there’s no doubt that the practice can cause some friction and hin […]
The Veracode Application Security Platform integrates seamlessly with the development, security and risk-tracking tools you already use. And, our flexible API allows you to create your own custom integrations or use community integrations, built by the open source community and other technology partners. But what do these integrations mean for a security pro […]
Roles shifting can be disconcerting. Having a clear role and understanding your responsibilities and tasks is comforting. But getting too comfortable can be dangerous. Take parenting for example. Parents wouldn’t be doing their kids any favors by continuing to feed and dress them as if they were 4 when they’re 10. As children age, they start to do these basi […]
Leverage next generation cyber security technology to curtail lateral movement should hackers gain a foothold inside your network. The post Limiting Losses from Cyber Attacks with Privileged Identity Management appeared first on Identity Week.
RED Systems Management can quickly block access to the files NotPetya intends to use to infect you. With patented Access Control List (ACL) management technology, RED Systems Management can lockout NotPetya from executing on client systems. The post Battling the NotPetya (Petna) Ransomware appeared first on Identity Week.
It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyber attacks, you need to move faster than the attackers to minimize damage. The post In Cyber Warfare, Speed Heals appeared first on Identity Week.
Stolen passwords are the leading cause of hacking-related data breaches. To discuss what can be done to mitigate this security vulnerability, Identity Week spoke with Steve Tout, CEO of VeriClouds. The post Protecting Against Stolen Passwords – a Q&A with Steve Tout of VeriClouds appeared first on Identity Week.
Two years removed from the announcement of the attack, we can now take a look at the lessons we learned from the OPM data breach. The post Lessons Learned from the OPM Data Breach – Two Years Later appeared first on Identity Week.
The security of your entire network is only as good as your least secure server. And, relegating the Unix/Linux infrastructure to a status of any lesser degree is the attack surface that hackers are looking to exploit. The post Securing Identities – Don’t Forget Unix and Linux Servers appeared first on Identity Week.
Watch this FedScoop video interview of IT security expert Philip Lieberman to find out how federal government agencies can redesign their networks for better resilience against cyber attacks. The post Video: Cyber Defense for the Federal Government appeared first on Identity Week.
Now we’ll take a look at the three practices we regularly see in the most mature Privileged Identity Management programs. The post Best Practices in Privileged Identity Management – Part Four appeared first on Identity Week.
Your organization has been breached. What do you do now? Philip Lieberman explains in this 4-minute Game Changers Silicon Valley interview. The post Video: Cyber Security Detection appeared first on Identity Week.
I am reading a fascinating book, “Identity is the New Money,” by David Birch. The book was published three years ago, but I find it extremely relevant today. I just read this paragraph: Identity becomes the key to transactions and a crucial individual resource that needs to be looked after by responsible organizations. We all need to […]
As I read a recent Risk Management Monitor article “Companies Must Evolve to Keep Up With Hackers,” I couldn’t help but think – at what cost? Perhaps you can calculate the amount a company spends on tools and processes to defend against cyberattacks, and perhaps even justify that expense by attempting to estimate the cost of a […]
Yesterday, I blogged about the inherent conflicts of interest that exist with most current or potential Identity Providers. Is it just coincidence that today I would read a post on LinkedIn by Gary Rowe, CEO/Principal Consulting Analyst at TechVision Research, highlighting the TechVision Research report, “Banking on Identity?” The report offers a compelling […]
After uploading yesterday’s blog post, I realized that I had again made a statement about a problematic “conflict of interest” inherent in many Identity providers. What do I mean by that? For many years, I have dreamed of the concept of a broadly used Identity Provider enabling each of us to leverage one set of […]
Following a blog post recommendation by Emma Firth, Communications Director of Digi.me, I just read an insightful article, “Transforming the Digital Identity Landscape,” in the June 2017 issue of Leo, an e-magazine published by Luxembourg for Finance. It was particularly interesting to read the viewpoints of four Digital Identity thought leaders who spoke at […]
How critical is Identity and Access Management to GDPR Compliance? The somewhat radical, but underlying philosophy of GDPR is that enterprises must enable individual data subjects (EU citizens) to control their own Personally Identifiable Information (PII), and grant or withdraw permission to store and use such data. Certainly, appropriate processes and tech […]
May 25, 2018 is bearing down on us like a proverbial freight train. That is the date when the European Union General Data Protection Regulation (GDPR) becomes binding law on all companies who store or use personal information related to EU citizens. (Check out the count down clock on the GDPR website). Last week, Oracle published a new white […]
This morning I read a short article stating, “Arizona businesses lead the nation in malware detections.” Wouldn’t you know — Arizona leads the nation — but not in some fun way like an NBA Championship. I immediately thought of another dubious distinction for our state – the Arizona bark scorpion is the most venomous scorpion in North America. […] […]
Lots of nostalgia this week … yesterday and today, my meetings have been on the Oracle Santa Clara Campus. It is always enjoyable to come here and remember the many meetings I attended here prior to the Oracle acquisition of Sun Microsystems in 2010 and with Oracle colleagues since then. It is fun to meet in the […]
This week, I am staying in the Santa Clara Marriott hotel for a few days while attending some corporate meetings. As I drove to Santa Clara from the San Francisco Airport yesterday, I began to reminisce about times in my early career when I spent a lot of time in this part of the world. I […]
Another day, another news about a data breach, though this is something disconcerting. Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found e […]
Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings. New research conducted by Russian security firm Doctor Web has […]
Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate? Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSp […]
This month has been full of breaches. Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced that its officials learnt last month that a previously detect […]
The group of unknown hackers who hijacked CCleaner's download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload. Earlier this week, when the CCleaner hack was reported, researchers assured users that there's no second stage m […]
Security researchers have recently uncovered a cyber espionage group targeting aerospace, defence and energy organisations in the United States, Saudi Arabia and South Korea. According to the latest research published Wednesday by US security firm FireEye, an Iranian hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting crit […]
Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers which are difficult to infiltrate. However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenarios that could compromise the […]
Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server. A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon We […]
Researchers have been warning for years about critical issues with the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Despite fixes being available for years, the global cellular networks have consistently be […]
The Recent discoveries of dangerous variants of the Android banking Trojan families, including Faketoken, Svpeng, and BankBot, present a significant threat to online users who may have their login credentials and valuable personal data stolen. Security researchers from SfyLabs have now discovered a new Android banking Trojan that is being rented on many dark […]