Temporary Workarounds Shouldn’t Last Longer Than Permanent Solutions
You’ve got frustrated users, availability and confidentiality issues. All from a temporary workaround that wasn’t fixed when it was relatively easier. Welcome to technical debt and the interest is accruing. Where non-kludged systems can be patched and upgraded within regular service windows without the entire IT department on call, fixing this monster will require serious planning.
WannaCry as the Regulatory Brown M&M
If you were under a rock for the last few weeks, WannaCry is one of those cyber-security events that made it into regular news. If it hits NPR, that means everyone who knows me or at least strikes up a conversation at the bar will ask me my opinion.
Roll for Initiative
I had the privilege of being at the Microsoft Security Response Center during the formation of their incident response planning. It’s a challenging thing to create as well as maintain. The concept of removing people from the equation and supplying a base level playbook is integral to the difference between a security incident bouncing bad or bouncing to a level where it can be handled.
Compliance as a Cost of Customer Acquisition
If you're like many of our clients, you're in customer acquisition mode. You've spent a bunch of money to build your product or service, and the marginal cost to support a new customer is relatively small. They're buying the same thing everyone else is, so there's some additional load you need to meet.
On Changing Password Guidance: A Good First Step From Microsoft
Passwords, as a security solution, have become untenable. Whereas 15 years ago you might only have needed to remember two passwords, your ISP or your work password, now we have a plethora of passwords to keep track of.
U.S. Regulatory Outlook for 2017
I don't want to bring up politics but this is the first U.S. election where cybersecurity had sustained, serious attention by the press and the candidates.