Monthly Archives: August 2013

Cloud Security: The Essential Question

Published August 30, 2013 | By Dan Blum

“Cloud Computing: Who is in Control?” This was one of my all-time favorite posts from more than four years ago. Then at Burton Group, I’d become the cloud security analyst just as the technology industry, still reeling from the Great… Continue reading →

Posted in Dan Blum | Tagged cloud computing, cloud security, governance

Trust No One (Device)

Published August 28, 2013 | By Dan Blum

In the age of the advanced persistent threat (APT) – a euphemism for China, the NSA, cybercrime Mafia groups or your bogeyman of choice – security pros are telling enterprise customers to “Assume you’re already compromised.” I’m in… Continue reading →

Posted in Dan Blum | Tagged anti-malware, APT, endpoint security, IOS security, malware, mobile security, Windows security

Account Recovery May be the Weakest Link

Published August 26, 2013 | By Dan Blum

About a year ago, I read an article in Wired by Mat Honan called “How Apple and Amazon Security Flaws Led to My Epic Hacking.” At the time I was working as one of Gartner’s two main anti-malware… Continue reading →

Posted in Dan Blum | Tagged cloud security, endpoint security, identity management, personal protection

Social Login Systems May Share too Much

Published August 20, 2013 | By Dan Blum

You thought you heard a click behind that site’s “Sign in with Facebook” button. But did you also hear the inaudible sigh of your personal data disappearing into the maw of yet another application?

Social login is the ability to… Continue reading →

Posted in Dan Blum | Tagged facebook, federated identity, identity management, privacy, social login

Speaking at the User-Centric ID Live Conference in Washington, DC

Published August 16, 2013 | By Dan Blum

The conference User-Centric ID Live program is now up at http://www.ucentricid.com, where the copy describes it as “a comprehensive forum to address business challenges and commercial opportunities surrounding user-centric identity. The time is now. The products and services are… Continue reading →

Posted in Dan Blum | Tagged identity management, personal cloud, user-centric identity

Back to the Future (of Federation)

Published August 15, 2013 | By Dan Blum

I recently developed a “history of federated identity” diagram and marveled at how it was similar, in many ways, to slides I created while working at Burton Group in 2004. Let’s take a look at a few diagrams and see… Continue reading →

Posted in Dan Blum | Tagged authentication, authorization, federated identity, identity management, privacy, Shibboleth, social login

OAuth 2.0 and RESTful Protocol Security Testing Challenges

Published August 13, 2013 | By Dan Blum

OAuth 2.0 has its advantages. It’s been written to accommodate multiple client environments from the real world. Whether you have a mobile application, just a browser or want to use a web service there’s an OAuth flow for you. But… Continue reading →

Posted in Dan Blum | Tagged cloud security, OAuth

Restricted Zones Redux

Published August 9, 2013 | By Dan Blum

“I’m sorry if I’m inconveniencing you and the teachers, but I will not allow a networked computer system to be placed on the ship while I’m in command,” said Commander Adama as I watched the first episode of… Continue reading →

Posted in Dan Blum | Tagged de-perimeterization, network security, security architecture, zoning

Monthly Archives: August 2013

Subscribe to Blog Notifications... HERE