High-Integrity Internet-Scale Device Authentication

Security is a perennial challenge in Internet of Things (IOT) scenarios. Suppose a sensor network has been deployed to a factory that manufactures cutting-edge electronics. In the interest of protecting trade secrets and business reputation, it’s critical that the sensors – including motion detectors, video cameras, and quality and industrial control related devices – be […]

Security Trends and Guerilla Tactics for Conference Attendees in 2015

It is incumbent upon IT professionals to keep their skills current. This is tough because, while there are basic principles that don’t change, the shelf life of technology-specific skills gets shorter each year. The good news is that most conferences are designed specifically to inform attendees what’s new. For example, the RSA 2015 security conference […]

Data Security and the Internet of Things

We all have secrets we keep on our mobile devices: passwords, customer data, strategic plans. And yet high-profile cyber-attacks – Home Depot, NSA, Sony, Target – continuously remind us of the risks posed to enterprise systems by sophisticated adversaries, trusted insiders, insecure hardware, and single-factor authentication. Those publicized security incidents notwithstanding, there is a body […]

Hardware integrity for Mobile Device Management

Two trends are in conflict in the enterprise, endpoint protection and bring your own device (BYOD) to work. Mobile Device Management (MDM) seeks to fill the gap, but current solutions fail in that they cannot assure the integrity of the mobile device. This means that the identity of the mobile user and the protection of […]

Security as a Business Enabler: StrongNet Secure Admin

This post describes how the JW Secure StrongNet Secure Admin solution enables your business by protecting high-privilege network accounts, even on unmanaged mobile computers. IT Security is a Business Enabler The “bring your own device” trend allows employees to work when they want, how they want, and where they want. This flexibility increases the speed […]

Accelerating enterprise cloud adoption, safely

Many thanks to the organizers of Seattle Technical Forum, and to the sponsor of last night’s Side by Side of Cloud Computing (IV) event in Bellevue, WA, UnifyCloud (in particular, kudos to host Marc Pinotti for keeping the event on schedule). The main theme that emerged from the sessions is that, while enterprise IT and […]

Enterprise security is all about people

When it comes to planning and executing projects to improve enterprise security, I find that IT security practitioners are frequently focusing on the wrong things. First, don’t focus on computers and network routers when you should be focused on the data that traverses them. For example, are you putting the same amount of effort into […]

Cloud Computing and Internet of Things: what’s actually new

By now, you’ve heard about cloud computing. Your email server lives in some rural datacenter. Your IT operations team has had a shrinking budget for 10 years straight. You are living and breathing cloud computing. You’ve probably heard about the “internet of things” (IoT) buzz/trend, too. Your refrigerator should be able to order milk from […]

Session recordings from Cloud Developers Summit

Many thanks to the organizers of the Cloud Developers Summit and Expo 2014 last month in Austin. The conference was enjoyable and educational. And it’s always a huge bonus when conference content is made availability electronically for posterity. To that end, the full archive is here. I’m looking forward to the next CDSE!

Securing Online Payments

There are three principles to securing online payment transactions: Protect user payment account identity Securely express user intent Detect fraud The next sections summarize considerations for addressing each principle. Protect User Payment Account Identity Magnetic stripe cards aren’t cutting it from a security perspective: see the recent incidents involving Target, Home Depot, and PF Chang’s. […]