Layered Security: Using Attributes to Spot Bad Actors

Learn more about layered security, defense in depth, and The Case For Attribute-Based Authorization, in the July 2013 edition of the JW Secure Informer newsletter.

Business Value Proposition for Cloud Identity Management

As businesses expand their mobile and cloud services, the increased complexity of identity management represents both development costs and security risks. Each new service costs developer time and requires secure management of that application’s identity concepts. Redundantly implementing identity management strategies also requires excessive maintenance, and each instance potentially introduces flaws which lead to security…

The Value Proposition of Bring Your Own Device (BYOD) Security

Introduction A major component of cloud computing strategy is the support of service-connected devices in a variety of scenarios, including entertainment (e.g. the Apple App Store and Netflix) and productivity (e.g. Microsoft Office 365). The intersection between elastic cloud computing services and widely available, sophisticated smartphones and tablets is the origin of the bring-your-own-device (BYOD)…

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

Oh, yes! I’m speaking at DefCon again… The topic this time is Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust. And as an added bonus, unlike last year, it looks I won’t be speaking opposite General Alexander, head of the NSA, in the next room. My new talk builds on the previous…

My new book is out: “The Four Pillars of Endpoint Security”

My second book, The Four Pillars of Endpoint Security: Safeguarding Your Network in the Age of Cloud Computing and the Bring-Your-Own-Device Trend, is now available on Amazon. What are the four pillars of endpoint security? In short, a framework for analyzing and prioritizing security technology investment in the enterprise. The pillars are: Endpoint Hardening Endpoint…

How to protect your data with attribute based authorization

Suppose you’re a courier for MI6. Your mission is to deliver non-official cover documents to James Bond in Montenegro. It’s been a long trip from London. Unlike 007, you don’t ride first class in a luxury train car, then hop into the government’s Aston Martin. You take public transportation – coach all the way. There’s…

Threat Modeling Made Easy

Managing risk in the enterprise is of utmost importance. The good news is that threat modeling is easier than most people think and is an effective process for systematically identifying and mitigating risk. The objective is to consider the potential impact of external attacks against sensitive data, as well as the risk posed by insider…

Locking Down the Endpoint with Measured Boot and UEFI

The PPT deck from my ESD301 Cloud Security: Locking Down the Endpoint with Measured Boot and UEFI presentation at the Microsoft Security Development Conference 2013 in San Francisco yesterday can be found here. To all of the attendees – thank you! I heard later from the conference organizers that we had a better Q&A session…

Helping DARPA stay ahead on Cyber Security

Here’s a short and sweet blog post about DARPA’s need to stay ahead in cyber-security emerging technology. DARPA is the US Defense Advanced Research Projects Agency. JW Secure is proud contributor to DARPA’s mission to quickly deliver the latest cyber security technologies into the hands of users: our BIOS Integrity Measurements Heuristics Tool for DARPA…

What BYOD Security Means to the Business Decision Maker

What does the Bring Your Own Device (BYOD) trend in IT mean in terms of new security considerations for the typical enterprise? And what should the Business Decision Maker (BDM) be doing about it? In summary: embrace BYOD, enable your business, and allow your employees to be more productive anywhere and from any device. But…