Breach: Facebook Exposes Personal Photos

Posted by Michael Bissell on Dec 14, 2018 11:48:36 AM

Facebook disclosed a new breach today which (according to their disclosure) “may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.” It’s unclear how many European users were affected but this is a clear GDPR violation even when we don’t consider the potential embarrassment of personal photos being presented to the wrong people.

Read More

Topics: security, IAM, Identity

PSD2: Banking on the Edge

Posted by Michael Bissell on Nov 29, 2018 3:53:18 PM

Europe keeps influencing data privacy around the world… first there was GDPR and now we have PSD2, the new phase of Europe’s Payment Services Directive. And as with any new compliance, there’s a lot of confusion about what it does, what you have to do and what it all means.  You can basically sum it up like this:

PSD2 forces banks to make data available.

Read More

Topics: security, Identity, IAM

ACL, RBAC, ABAC, PBAC, RAdAC and a dash of CBAC

Posted by Michael Bissell on Nov 8, 2018 11:41:55 AM

As the title of this posting probably tells you, there are a LOT of acronyms out there talking about Access Control.  To level set, here are a few translations:

Read More

Topics: Identity, security, IAM

Unexpected Security Breaches

Posted by Michael Bissell on Nov 2, 2018 6:52:45 PM

Hackers are extremely creative.  It’s not just phishing and knocking, hackers will try every crevice, every small hole, even things you would never think of as a way into your data center.  The reason you need Zero-trust security is because you never know how they’re going to slip behind the scenes and gain access to what you thought was an innocent little system.

Read More

Topics: security

Board Advisor

Posted by Yong-Gon Chon on Oct 29, 2018 3:23:09 PM

 

Over the last 20+ years, if you didn’t offer an open API as a software maker, you were not invited to sit at the cool kids table.  The culture of interconnected software has rapidly fostered tech prosperity & business growth to the point that the API has become the new database.  Just imagine the possibilities, if you will, of an API so data rich that I can expose a decade of personal information for millions of users...what could possibly go wrong?

Read More

Topics: security, Identity

The Physical Impossibility of “Migrating to the Cloud”

Posted by Michael Bissell on Oct 2, 2018 11:42:01 AM

Ask most companies today about their application strategy and they’ll say, “We’ve got it covered, we’re moving to the cloud.”  To which I ask, “What are you moving to the cloud?”

Read More

Topics: IAM, devops, security, Identity

The Cost of Ignorance -- Why You Need a Chain of Evidence not just logs

Posted by Michael Bissell on Sep 10, 2018 11:23:44 AM

You may have seen my posting on East/West is the New North/South.  The bottom line is that traditional API Gateway models simply don’t provide the level of security we need in modern microservice architecture.  The problem is that only 20% of the traffic (that is the inbound traffic up until the gateway) is secure, everything inside the data center is “trusted.”

Read More

Topics: IAM, security, devops, Identity

Infrastructure, Legal and EMBARRASSMENT -- Why we Secure Our Systems

Posted by Michael Bissell on Aug 9, 2018 5:37:06 PM

In computer technology we talk about security breaches and how to prevent them, but honestly, we have different kinds of breaches and different reasons to want to prevent them. Sure we hear the stats like “60% of small companies that suffer a cyber-attack are out of business within six months” but what is it about those attacks that cripple and destroy companies? And how can we create better security policies and implement those policies so we don't suffer attacks?

Read More

Topics: Identity, IAM, devops, security

Developer Self Service for Identity and API Security.

Cloudentity provides enterprise application developers with a suite of microservices that seamlessly integrates Identity and API Security. Accelerate the DevOps processes with a service mesh that reduces time to market and development cost by 30%.

Download the whitepaper

 

Try the Cloudentity API Security Trial

Or refer it to an Enterprise Developer in your company.

TRY FOR FREE

 

Subscribe Here!

Recent Posts