Andre Durand, CEO, kicked CIS 2013 (#cisNAPA) off with “Identity – the Enabler of Next” – and if I don’t entirely like where “next” is going, that’s not his fault. Anyway, I’ll share Andre’s 9 observations and 1 AHA moment… Continue reading
In a previous post, “REST Uneasy: Do we need to Worry about OAuth 2.0?” I raised a question which I’ll now attempt to answer in some detail.
The OAuth 2.0 protocol is designed to improve security in scenarios where,… Continue reading
As an information security officer, you don’t want to wait until you’re in the middle of a serious security breach to discover that the forensics, incident reporting and incident responses processes of a cloud service provider (CSP) you’re depending on… Continue reading
Reading the IETF OAuth 2.0 authorization API specifications and generally investigating similar social login protocols over the past couple of months has been fascinating. While the journey is far from over, I’ve come far enough to gain perspective on the… Continue reading
Having covered the Cloud Security Alliance (CSA) while at Gartner, I’ve kept track of their work on cloud security assessment criteria ever since. This week I got a request from Kari Walker and Jack Luciano to review their new… Continue reading