Cloud Security: The Essential Question
“Cloud Computing: Who is in Control?” This was one of my all-time favorite posts from more than four years ago. Then at Burton Group, I’d become the cloud security analyst just as the technology industry, still reeling from the Great… Continue reading
Trust No One (Device)
In the age of the advanced persistent threat (APT) – a euphemism for China, the NSA, cybercrime Mafia groups or your bogeyman of choice – security pros are telling enterprise customers to “Assume you’re already compromised.” I’m in… Continue reading
Account Recovery May be the Weakest Link
About a year ago, I read an article in Wired by Mat Honan called “How Apple and Amazon Security Flaws Led to My Epic Hacking.” At the time I was working as one of Gartner’s two main anti-malware… Continue reading
Social Login Systems May Share too Much
You thought you heard a click behind that site’s “Sign in with Facebook” button. But did you also hear the inaudible sigh of your personal data disappearing into the maw of yet another application?
Social login is the ability to… Continue reading
Speaking at the User-Centric ID Live Conference in Washington, DC
The conference User-Centric ID Live program is now up at http://www.ucentricid.com, where the copy describes it as “a comprehensive forum to address business challenges and commercial opportunities surrounding user-centric identity. The time is now. The products and services are… Continue reading
Back to the Future (of Federation)
I recently developed a “history of federated identity” diagram and marveled at how it was similar, in many ways, to slides I created while working at Burton Group in 2004. Let’s take a look at a few diagrams and see… Continue reading
OAuth 2.0 and RESTful Protocol Security Testing Challenges
OAuth 2.0 has its advantages. It’s been written to accommodate multiple client environments from the real world. Whether you have a mobile application, just a browser or want to use a web service there’s an OAuth flow for you. But… Continue reading
Restricted Zones Redux
“I’m sorry if I’m inconveniencing you and the teachers, but I will not allow a networked computer system to be placed on the ship while I’m in command,” said Commander Adama as I watched the first episode of… Continue reading