Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

DLP, Insider Threats, File Auditing and Reporting

The growth of the cloud, virtualization and the consumerization of IT continue to provide companies and end users with more flexibility. However, they also raise some challenges for IT departments. One such challenge that is commonly discussed is data loss prevention (DLP), or the ability to identify, monitor and protect sensitive corporate information.  While some…

Post by Morgan Holm February 13, 2012
, , , , , , ,

Don’t Ask, Don’t Tell!

Nope this is not a blog about sexual preference in the military. Nor is it a blog about what happened in Vegas during the last tradeshow you attended. It is a scary observation regarding what to do in the aftermath of a breach. A recent article titled “IT Pros Believe Data Breach Harm Assessment Is…

Post by Peter McCalister February 13, 2012
Win 7 logo

Beware The Risk Of The Vulnerable Corporate Desktop

Anyone who has spent any time at all in the cyber-security space knows that hackers and creators of malware don’t rest for an instant. The harder the IT security world works to stay ahead of the cyber-criminals (or, more accurately, to keep pace or catch up to them), the faster increasingly sophisticated attacks burst into…

Post by Peter McCalister February 10, 2012
tale of least privilege

What The Dickens Can I Do To Secure My Servers?

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness…” these opening words of A Tale of Two Cities (1859), a novel by Charles Dickens, have always stayed with me. While these words were written over 150 years ago they resonate…

Post by Peter McCalister February 9, 2012
Stones Cloud

Hey You Get Off Of My Cloud

Any Rolling Stones fans out there? Well I guess if you were singing along to this when it came out, then you didn’t know that you’d be a least privilege geek in 2012 either. Either way, as I was humming along to myself the other day I couldn’t help but think of the metaphor as…

Post by Peter McCalister February 8, 2012

And The Data Breaches Just Keep On Coming…

Recently two new data breaches were announced, one the result of an accidental misuse of privilege and the other the result of negligence by a third party vendor. First, the Department of Veterans Affairs announced it accidentally handed over the data of living veterans when complying with a Freedom of Information request from The…

Post by Peter McCalister February 7, 2012
villain trio

Who is To Blame When An Insider Breach Occurs?

As I’ve waded through the hundreds of published insider breaches from just the last two years, what was a clear recurring theme was that of the vagaries of human nature. Not meaning to wax poetic, but it was always an individual who misused their own, or some other insider’s, privileged access authorizations to IT systems…

Post by Peter McCalister February 6, 2012
Accidental Harm

But Users Aren’t That Savvy….NOT!

BeyondTrust has been doing Privilege Management for over 25 years. I’ve been with the company for over six of them. I’m constantly talking with people about the benefits of running their enterprise users as standard users, rather than administrative ones. Admin users are able to circumvent Group Policy or other security measures, such as installing…

Post by Peter McCalister February 2, 2012

Industry Experts Call Retina CS a ‘Flawless’ Best Buy

Yesterday Morey Haber gave our readers a sneak peek at what was to come with our soon-to-be-announced Retina CS 3.0 release. All of us here at eEye feel 3.0 will drive even greater distance between eEye and our competitors. Customers speak the loudest with regards to my backing up our claim of market and product…

Post by Mike Puterbaugh February 1, 2012
, , ,
guy tie

Database Security Risks Run Amok Without Oversight

As you can imagine, databases are in a class of data storage, organization, and management unto themselves. As such, the inherent security vulnerabilities in which a least privilege solution can help mitigate are also relatively unique. I’ve uncovered six that should be explored: Misconfigurations: Database schemas can be very temperamental and any misconfiguration error can…

Post by Peter McCalister February 1, 2012