I’ve been a loyal customer of Wells Fargo for over a decade. For lots of good reasons. Over the long President’s Day weekend was the first time I’ve received a call from them saying that one of the vendors I’ve paid recently has had a data breach and leaked my credit card information.
I couldn’t resist one last homage to classic rock. This time Lou Reed sings “everybody had to pay and pay; a hustle here and a hustle there…hey babe, take a walk on the wild side” while we chat about the right, wrong and wild side of the dreaded audit.
One of the blogs we like to read is the so called “Security Warrior”, who recently wrote a great summary and counterargument to a discussion on logging in the cloud that includes links to some of the industry’s back and forth.
A few weeks ago in my blog, I mentioned a critique regarding targeted vulnerability assessment and its ability to not identify rogue devices. Anytime you have definitive host list (by host name or from Active Directory for example), or a fixed set of IP addresses (versus ranges) you can potentially miss devices connected to your…
In the great debate of how to secure the desktop from the misuse of privilege, nothing is more contested then the approach: kernel versus user mode. Every vendor will postulate on their approach as the best methodology for eliminating desktop admin rights and fostering a least privilege environment, but how do you separate the marketing BS from the technical realities?
Depending on your generation (read “age”), you either know this as a classic David Bowie song and album (yes, vinyl did exist once) or an incrediblesong by Nirvana during their MTV Unplugged performance. Since I’m on a classic rock roll (pun intended) and just saw yet another article on an insider selling corporate assets, I thought I should write a bit more about the temptations of the “over privileged”.
One of the many challenges that every IT administrator faces is ensuring that confidential company information stays within the corporate network. The network is scanned for vulnerabilities, patches are deployed, perimeter firewalls are in place, and endpoint protection products are installed – all in the battle to maintain a secure infrastructure. With all these measures…
Last year in a survey conducted at VMWorld, we established that while some respondents were willing to wear a tutu ( or even cut off their arm) for $20 million, far more (35% of those polled) were willing to leak information to a competitor. So, what happens when insiders misuse their privilege? Just ask Microsoft.
In the on-going debate of best rock band ever between the Beatles and the Rolling Stones, I have, and will ever, fall into the Stones camp. With that said, this is a least privilege forum so I need to endeavor to stick to the subject at hand as Keith’s guitar wails in the background and Mick’s vocal starts “Oh, a storm is threatening.”
Wednesday’s car ride prompts a Classic Rock play list on the iPod and what do you know… Bill Wither’s “Use Me” spawns yet another blog courtesy of the line “Cause I sure am using you to do the things you do.” Without privilege identity management, your users will be used to do the things you don’t want them (or anyone) to do.