“Cloud Computing: Who is in Control?” This was one of my all-time favorite posts from more than four years ago. Then at Burton Group, I’d become the cloud security analyst just as the technology industry, still reeling from the Great… Continue reading
In the age of the advanced persistent threat (APT) – a euphemism for China, the NSA, cybercrime Mafia groups or your bogeyman of choice – security pros are telling enterprise customers to “Assume you’re already compromised.” I’m in… Continue reading
About a year ago, I read an article in Wired by Mat Honan called “How Apple and Amazon Security Flaws Led to My Epic Hacking.” At the time I was working as one of Gartner’s two main anti-malware… Continue reading
You thought you heard a click behind that site’s “Sign in with Facebook” button. But did you also hear the inaudible sigh of your personal data disappearing into the maw of yet another application?
Social login is the ability to… Continue reading
I recently developed a “history of federated identity” diagram and marveled at how it was similar, in many ways, to slides I created while working at Burton Group in 2004. Let’s take a look at a few diagrams and see… Continue reading
OAuth 2.0 has its advantages. It’s been written to accommodate multiple client environments from the real world. Whether you have a mobile application, just a browser or want to use a web service there’s an OAuth flow for you. But… Continue reading
“I’m sorry if I’m inconveniencing you and the teachers, but I will not allow a networked computer system to be placed on the ship while I’m in command,” said Commander Adama as I watched the first episode of… Continue reading