My new book is out: “The Four Pillars of Endpoint Security”

My second book, The Four Pillars of Endpoint Security: Safeguarding Your Network in the Age of Cloud Computing and the Bring-Your-Own-Device Trend, is now available on Amazon. What are the four pillars of endpoint security? In short, a framework for analyzing and prioritizing security technology investment in the enterprise. The pillars are: Endpoint Hardening Endpoint…

How to protect your data with attribute based authorization

Suppose you’re a courier for MI6. Your mission is to deliver non-official cover documents to James Bond in Montenegro. It’s been a long trip from London. Unlike 007, you don’t ride first class in a luxury train car, then hop into the government’s Aston Martin. You take public transportation – coach all the way. There’s…

Threat Modeling Made Easy

Managing risk in the enterprise is of utmost importance. The good news is that threat modeling is easier than most people think and is an effective process for systematically identifying and mitigating risk. The objective is to consider the potential impact of external attacks against sensitive data, as well as the risk posed by insider…

Locking Down the Endpoint with Measured Boot and UEFI

The PPT deck from my ESD301 Cloud Security: Locking Down the Endpoint with Measured Boot and UEFI presentation at the Microsoft Security Development Conference 2013 in San Francisco yesterday can be found here. To all of the attendees – thank you! I heard later from the conference organizers that we had a better Q&A session…

Helping DARPA stay ahead on Cyber Security

Here’s a short and sweet blog post about DARPA’s need to stay ahead in cyber-security emerging technology. DARPA is the US Defense Advanced Research Projects Agency. JW Secure is proud contributor to DARPA’s mission to quickly deliver the latest cyber security technologies into the hands of users: our BIOS Integrity Measurements Heuristics Tool for DARPA…

What BYOD Security Means to the Business Decision Maker

What does the Bring Your Own Device (BYOD) trend in IT mean in terms of new security considerations for the typical enterprise? And what should the Business Decision Maker (BDM) be doing about it? In summary: embrace BYOD, enable your business, and allow your employees to be more productive anywhere and from any device. But…

Two-step account sign-in for Office 365 and Xbox

The announcement regarding optional multi-factor authentication to Microsoft online accounts, including Office 365 and Xbox, is a welcome one. Stolen passwords, whether via phishing, guessing, or accidental disclosure by the vendor, is a major threat against data security. In summary, the feature allows you to associate your cell phone number with your Microsoft account. Then,…

How do you know what’s secure?

Learn more about threat modeling in the March 2013 edition of the JW Secure Informer newsletter.

SecurEntity production release to CodePlex & NuGet

Excellent news for people who like to encrypt sensitive data: the JW Secure SecurEntity encryption library for Microsoft Entity Framework has been released to CodePlex and NuGet. The latest version, 1.3,  includes the following changes: Added thumbprint lookup capability for encrypted strings. Upgraded to Entity Framework 5.0 and .NET 4.5 Yes, this version gives you…

Solving BYOD Security

BYOD, or Bring Your Own Device, refers to the trend in enterprise IT to rely on users to supply their own computing hardware in the form of smartphones, tablets, and, to a lesser extent, laptops. While there is an ostensible cost savings to be had in capital expenditure, and businesses can realize productivity in making…