To most marketers, this is an age-old axiom: emotions drive brands. And emotional motivators, like pixie dust, are sprinkled by the likes of Apple, Harley, Lego, and Patagonia to create a frenzied devotion that, on a good day, can give the Star Trek fandom a run for its money. But how does one create pixie […]
An interview I did with E-commerce Brasil published online today in Portuguese. I’ve been getting requests for it in English so I thought I’d post it here. Happy reading! 1. “The State of Retail eCommerce in Brazil” series gave us an intereting look at eCommerce in Brazil during a difficult economic situation in the country. […]
The Whole Foods acquisition by Amazon weeks ago was only the latest milepost in the latter’s inexorable march to the top of retail. The company sold $136 billion worth of products in 2016 – more than any other online retailer (and just over a third of what Wal-Mart did). And we find that Amazon is big and gaining […]
The many automated “out of office” messages that return when I send emails each day are a sure sign that summer vacations are in full swing. Whether people are enjoying life unplugged or preparing for a seasonal destination, one topic seems to dominate thoughts and conversations: the leisure getaway. The conversation that occurs between friends […]
IBM and Automation Anywhere (AA’s) today announced a collaboration (note-not a formal partnership yet) to integrate (AA’s) Robotic Process Automation (RPA) platform, used to create software bots to handle repetitive, task-based work, with IBM’s portfolio of digital process automation software, that includes IBM Business Process Manager and Operational Decis […]
So, my formal area of coverage at Forrester is “digital operations.” But what does this mean? We think of “operations” in terms of NASA mission control: trained professionals intently scrutinizing monitors, looking for signals of interest. Or we think of the stereotypical shop floor assembly line. Business schools offer degrees in operations, and businesses […]
With apologies for paraphrasing Mr. Twain, pundits have sounded VMware’s death knell for years. Whether it be the continuous pressure of public cloud offerings, potentially losing the management tools game, or tech professionals evolving past their current offerings, the company faces some very real, critical threats. Even so, VMware continues to succeed. In […]
Is curiosity as important as intelligence when it comes to handling complexity? Some new thinking from HBR suggests that it is — especially when handling ambiguity and change. Apparently people with a high curiosity quotient (CQ) are better at producing simple solutions to complex problems. (Hmm. Sounds like a good characteristic for an analyst to have.) It’ […]
Today Vendavo announced its acquisition of Endeavor Commerce. This move brings together Vendavo’s price management and price optimization capabilities with the configuration and quoting capabilities of Endeavor Commerce. You’re probably ready to ask me “John, there have been a lot of acquisitions in the CPQ space in recent years. What makes this one so diffe […]
Every day I hear more about the pressure I&O organizations are under to accelerate the delivery of applications and services and the pressure it is placing on the existing resources. As organizations transition, DevOps, formally the purview of unicorns, is now transitioning to mainstream. DevOps, which started as a grassroots approach by development or […]
Technology continuously introduces huge amounts of security challenges and risk factors, which we keep blaming employees for not handling correctly. Blaming people for not handling poor technology correctly is - in my opinion - simply wrong.
by Martin KuppingerToday, Adobe announced that Flash will go end-of-life. Without any doubt, this is great news from an Information Security perspective. Adobe Flash counted for a significant portion of the most severe exploits as, among others, F-Secure has analyzed. I also wrote about this topic back in 2012 in this blog. From my perspective, and as stated […]
by John TolbertAuthorization is one of the key concepts and processes involved in security, both in the real world as well as the digital world. Many formulations of the definition for authorization exist, and some are context dependent. For IT security purposes, we’ll say authorization is the act of evaluating whether a person, process, or device is allow […]
by Martin KuppingerUnter der Bezeichnung Magenta Security werden alle Angebote für Dienstleistungen und Managed Services des Telekom - Konzerns gebündelt. Magenta Security liefert ein sehr umfassendes Portfolio an Dienstleistungen und zählt damit zu den ersten Adressen für Unternehmen, wenn es um die Unterstützung und insbesondere Managed Services im Bere […]
by John TolbertGigya provides a complete solution for Consumer Identity and Access Management. Entirely cloud - based, Gigya delivers advanced consumer identity and marketing service functionality for enterprise customers.
Consumer identity and access management solutions have emerged in the recent years to meet evolving business requirements. CIAM is bringing value to the organizations regarding higher numbers of successful registrations, customer profiling, authentication variety, identity analytics, and marketing insights. Companies and public-sector organizations with depl […]
While many (but not enough) organizations have finally begun preparing for GDPR compliance, there are still important steps to take. When in May 2018 the upcoming EU GDPR (General Data Protection Regulation) comes into force, the requirements for managing personal data will change.
2018 is going to be a hell of a year for nearly every organization operating within the European Union. Not only the dreaded General Data Protection Regulation (GDPR) will finally take effect next July, introducing massive changes to the way companies will have to deal with personal information (not to mention hefty fines for violations), January 2018 also m […]
by John TolbertThe General Data Protection Regulation (GDPR) and Revised Payment Service Directive (PSD2) are two of the most important and most talked about technical legislative actions to arise in recent years. Both emanate from the European Commission, and both are aimed at consumer protection. GDPR will bolster personal privacy for EU residents in a nu […]
by Almir KolariSignicat offers cloud-based services for secure access to applications, identity proofing, electronic signing, and long-time archiving of signed and sealed documents. Recently, their portfolio has been expanded to include a mobile authentication product to help customers meet PSD2 requirements.
by Martin KuppingerIn a response to the EC Commission, the EBA (European Banking Authority) rejected amendments on screen scraping in the PSD2 regulation (Revised Payment Services Directive) that had been pushed by several FInTechs. While it is still the Commission’s place to make the final decision, the statement of the EBA is clear. I fully support the pos […]
Date: Tuesday, July 25, 2017Author: Jeff Hickman Maybe you opened an email that, upon reflection, seems suspicious. Maybe you used someone else’s device, such as a friend or colleague’s mobile phone, to log into your bank website or email provider. Or maybe you haven’t done anything out of the ordinary. But one day, you go to access your bank’s website or e […]
Date: Thursday, July 20, 2017Author: David Ross In my last blog post, I sounded the death knell for indicators of compromise (IOCs) — attributes that implicate an item as being associated with cybercrime. IOCs written for one environment rarely transfer into new environments without lots of false positives and false negatives because what’s abnormal (and th […]
Date: Tuesday, July 18, 2017Author: David Ross For over a decade, the security industry has relied on indicators of compromise (IOCs) — attributes that implicate an item as being associated with cybercrime — to spot threats. Since anything observable, such as a file name, a checksum, a registry entry or an email subject line, can be an IOC, IOCs are easy to […]
Date: Monday, July 17, 2017Author: Jeff Hickman The target of the latest breach to hit the news is Verizon, who announced last week that the data from over 14 million customers was leaked online -- leaving phone numbers, names, and most critically, account PIN codes publicly exposed. Any subscriber who has called Verizon customer service in the previous six […]
Date: Monday, July 3, 2017Author: Danielle Jackson, CISO, SecureAuth Countries around the globe are putting policies in place to strengthen security and protect their citizens and business from cyber attacks. These pushes for new regulations are further proof of the increasing concern around the repercussions of data breaches as new high-profile security i […]
Date: Thursday, June 29, 2017Author: Ryan Rowcliffe On the heels of the WannaCry ransomware assault comes PetyaWrap, an evolution from WannaCry that uses techniques to break into a network and spread from computer to computer. While encrypting computers, it looks for credentials in session to steal, and going one further moves laterally looking in cache fo […]
Date: Wednesday, June 28, 2017Author: Damon Tepe It’s been almost a year since we introduced the industry’s first adaptive Identity-as-a-Service (IDaaS) solution: SecureAuth Cloud Access. By combining adaptive and multi-factor authentication (MFA) with single sign-on (SSO), Cloud Access is the most secure way to manage enterprise SaaS adoption while control […]
Date: Tuesday, June 27, 2017Author: Diego Mejia Check out this screenshot. Even though this e-mail is recent, I've been getting this same style of e-mail for the last 20 years. The anatomy is the same: a recognizable logo, some sort of request telling me that I need to fill out some form, or pay the "site" a visit to update information, and o […]
Date: Friday, June 23, 2017Author: Brian Bowden Last year I wrote an article discussing recommendations from the Mandiant/FireEye M-Trend’s 2016 report. I thought it only prudent to discuss the 2017 report as well; however, this year’s look will focus on one key area of the report, “email”. Email has long plagued IT professionals. In the early 2000’s we […]
Date: Tuesday, June 20, 2017Author: Robert Block The brand new Gartner Magic Quadrant for Access Management was just released. As a recent addition to SecureAuth’s leadership team and a huge advocate for our vision in preventing the misuse of stolen credentials, I didn’t expect to see us in the Niche portion of the MQ. At first I thought, how could this b […]
The move to Agile and DevSecOps development processes has fostered a lot of attention on the need to shift security testing left in the development cycle. And this is absolutely a pivot in the right direction. Moving security testing into the realm of the developer makes security testing faster, easier, more effective and less expensive. However, it’s import […]
Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Eur […]
We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or […]
Veracode recently partnered with ESG to conduct a survey of 400 IT, cybersecurity and developer professionals regarding their take on the benefits of AppSec for contemporary software development and deployment. The survey results revealed some positive trends, including the fact that many developers are focusing on security for security’s sake, rather than s […]
Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software de […]
While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens based on the u […]
They don’t make apps like they used to. DevOps has moved away from rows of specialists handling their own tiny segment of code, advancing to a more comprehensive Full Spectrum Engineer. Today’s developers need to have a breadth of skills that can take an idea from inception to production – with one person and no handoffs. What we’re seeing is the natural ebb […]
There is a scene in the movie Jurassic Park where we witness just how smart the velociraptors are. In order to find a way out of their enclosure, the carnivorous dinosaurs are systematically testing the electric fences for weaknesses, making note of where the fences are weakest and where they are strongest. Once a vulnerability is found in the system (in thi […]
In my recent blogs, I have announced the upcoming Veracode Community, which will provide our customers, and others looking for application security information, with resources and the ability to collaborate on best practices. I am excited to highlight one of the features that will help you integrate security into your environment to support continuous integr […]
Prevention is often derided as a naïve, outdated notion in information security. Today, the talk in security often centers around the idea of “detection and response.” The thought around this approach is that we must assume attackers will get into our networks – it is not a question of “if” but “when.” Therefore, the only good security is to detect them insi […]
RED Systems Management can quickly block access to the files NotPetya intends to use to infect you. With patented Access Control List (ACL) management technology, RED Systems Management can lockout NotPetya from executing on client systems. The post Battling the NotPetya (Petna) Ransomware appeared first on Identity Week.
It’s been said that speed kills. But in cyber warfare, speed heals. That’s because with today’s advanced cyber attacks, you need to move faster than the attackers to minimize damage. The post In Cyber Warfare, Speed Heals appeared first on Identity Week.
Stolen passwords are the leading cause of hacking-related data breaches. To discuss what can be done to mitigate this security vulnerability, Identity Week spoke with Steve Tout, CEO of VeriClouds. The post Protecting Against Stolen Passwords – a Q&A with Steve Tout of VeriClouds appeared first on Identity Week.
Two years removed from the announcement of the attack, we can now take a look at the lessons we learned from the OPM data breach. The post Lessons Learned from the OPM Data Breach – Two Years Later appeared first on Identity Week.
The security of your entire network is only as good as your least secure server. And, relegating the Unix/Linux infrastructure to a status of any lesser degree is the attack surface that hackers are looking to exploit. The post Securing Identities – Don’t Forget Unix and Linux Servers appeared first on Identity Week.
Watch this FedScoop video interview of IT security expert Philip Lieberman to find out how federal government agencies can redesign their networks for better resilience against cyber attacks. The post Video: Cyber Defense for the Federal Government appeared first on Identity Week.
Now we’ll take a look at the three practices we regularly see in the most mature Privileged Identity Management programs. The post Best Practices in Privileged Identity Management – Part Four appeared first on Identity Week.
Your organization has been breached. What do you do now? Philip Lieberman explains in this 4-minute Game Changers Silicon Valley interview. The post Video: Cyber Security Detection appeared first on Identity Week.
Here are four ways to make your Privileged Identity Management platform the keystone of your proactive cyber defense strategy. The post Best Practices in Privileged Identity Management – Part Three appeared first on Identity Week.
This morning I read a short article stating, “Arizona businesses lead the nation in malware detections.” Wouldn’t you know — Arizona leads the nation — but not in some fun way like an NBA Championship. I immediately thought of another dubious distinction for our state – the Arizona bark scorpion is the most venomous scorpion in North America. […] […]
Lots of nostalgia this week … yesterday and today, my meetings have been on the Oracle Santa Clara Campus. It is always enjoyable to come here and remember the many meetings I attended here prior to the Oracle acquisition of Sun Microsystems in 2010 and with Oracle colleagues since then. It is fun to meet in the […]
This week, I am staying in the Santa Clara Marriott hotel for a few days while attending some corporate meetings. As I drove to Santa Clara from the San Francisco Airport yesterday, I began to reminisce about times in my early career when I spent a lot of time in this part of the world. I […]
60 years ago, on May 12, 1957, when I was just four years old, AJ Foyt won his first professional motorsports race, in a midget car, in Kansas City, Missouri. From that inauspicious beginning, he went on to became the only driver to win the Indianapolis 500 (four times), the Daytona 500, the 24 Hours of Daytona, and the […]
On this day 148 years ago, in 1869, the presidents of the Union Pacific and Central Pacific railroads met in Promontory, Utah, to drive a ceremonial last “Golden Spike” into a rail line that connected their railroads, forming a Transcontinental Railroad line. Is this how it would work today?
Eight years ago this month, I posted a short article on this blog entitled, Passwords and Buggy Whips. Quoting Dave Kearns, the self proclaimed Grandfather of Identity Management: Username/password as sole authentication method needs to go away, and go away now. Especially for the enterprise but, really, for everyone. As more and more of our personal data, [ […]
The most intriguing work in the Identity world today is the potential application of Blockchain/Distributed Ledger technology for user-focused Identity Management. I am certainly not a blockchain expert, but I believe these concepts have the potential to solve several nagging problems that have been facing us for many years, including: Individual users can c […]
This morning, I watched the launch webcast for the Oracle Identity Cloud Service a cloud native security and identity management platform designed to be an integral part of the enterprise security fabric. This short video, shown on the webcast, provides a brief introduction:
This morning, I spent a while watching some old videos about transformation in the telephone industry. Way back before my time, the growing telephone network depended on thousands of young women working as telephone operators (boys didn’t work out so well). The need for telephone operators was so great that AT&T produced a movie “Operator!” […]
Oh, how far technology has come in the last century! As related by History.com, on August 20, 1911 (105 years ago today) a dispatcher in the New York Times office sent the first telegram around the world via commercial service. The Times decided to send its 1911 telegram in order to determine how fast a commercial […]
What if I say that your cute, smart robotic vacuum cleaner is collecting data than just dirt? During an interview with Reuters, the CEO of iRobot, the company which manufactured Roomba device, has revealed that the robotic vacuum cleaner also builds a map of your home while cleaning — and is now planning to sell this data to third-party companies. I know it […]
Earlier this year, China announced a crackdown on VPNs and proxy services in the country and made it mandatory for all VPN providers and leased cable lines operators to have a license from the government in order to use such services. Now, Russia is also considering to follow a similar path. The Russian Federation Council has just approved a bill that would […]
Chinese authorities have recently initiated a crackdown on the operators of a massive adware campaign that infected around 250 Million computers, including Windows and Mac OS, across the world earlier this year. The adware campaign was uncovered by security researchers at Check Point last month after it already infected over 25 million computers in India, 24 […]
Finally, Adobe is Killing FLASH — the software that helped make the Internet a better place with slick graphics, animation, games and applications and bring online video to the masses, but it has been hated for years by people and developers over its buggy nature. But the end of an era for Adobe Flash is near. Adobe announced Tuesday that the company would s […]
Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries. The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed report published by resear […]
An unnamed 29-year-old man, named by authorities as "Daniel K.," pleaded guilty in a German court on Friday to charges related to the hijacking of more than one Million Deutsche Telekom routers. According to reports in the German press, the British man, who was using online monikers "Peter Parker" and "Spiderman," linked to doma […]
Yes, even Mac could also get viruses that could silently spy on its users. So, if you own a Mac and think you are immune to malware, you are wrong. An unusual piece of malware that can remotely take control of webcams, screen, mouse, keyboards, and install additional malicious software has been infecting hundreds of Mac computers for more than five years—and […]
More Ethereum Stolen! An unknown hacker has just stolen nearly $8.4 Million worth of Ethereum – one of the most popular and increasingly valuable cryptocurrencies – in yet another Ethereum hack that hit Veritaseum's Initial Coin Offering (ICO). This incident marks as the fourth Ethereum hack this month and second cyber attack on an ICO, following a thef […]
Biohacking could be a next big thing in this smart world. Over two years ago, a hacker implanted a small NFC chip in his left hand right between his thumb and his pointer finger and hacked Android smartphones and bypassed almost all security measures, demonstrating the risks of Biohacking. At the end of the same year, another hacker implanted a small NFC chi […]
Not all hacking is bad hacking. How would you feel if you are offered a six-figure salary to hack computer networks and break into IT systems legally? Isn't career with such skill-set worth considering, right? With hackers and cyber criminals becoming smarter and sophisticated, ethical hackers are in high demand and being hired by almost every industry […]