One of the central pillars of the security model we built in our knowledge base at Burton Group was called “A Systematic, Comprehensive Approach to Information Security.” I’ve always found this model helpful to use in any security analysis so… Continue reading
At the Cloud Identity Summit (CIS) 2013 Andre Durand led off the morning keynotes, followed by Gunnar Peterson and Patrick Harding with strong presentations of their own. Patrick’s presentation “Modern Identity: Automated, Discoverable, Scalable” brought Andre’s conceptual framework (reviewed… Continue reading
Andre Durand, CEO, kicked CIS 2013 (#cisNAPA) off with “Identity – the Enabler of Next” – and if I don’t entirely like where “next” is going, that’s not his fault. Anyway, I’ll share Andre’s 9 observations and 1 AHA moment… Continue reading
In a previous post, “REST Uneasy: Do we need to Worry about OAuth 2.0?” I raised a question which I’ll now attempt to answer in some detail.
The OAuth 2.0 protocol is designed to improve security in scenarios where,… Continue reading
As an information security officer, you don’t want to wait until you’re in the middle of a serious security breach to discover that the forensics, incident reporting and incident responses processes of a cloud service provider (CSP) you’re depending on… Continue reading
Reading the IETF OAuth 2.0 authorization API specifications and generally investigating similar social login protocols over the past couple of months has been fascinating. While the journey is far from over, I’ve come far enough to gain perspective on the… Continue reading
Having covered the Cloud Security Alliance (CSA) while at Gartner, I’ve kept track of their work on cloud security assessment criteria ever since. This week I got a request from Kari Walker and Jack Luciano to review their new… Continue reading