Successes

Network Segmentation in the Zero Trust Era

Published February 13, 2019 | By Dan Blum

There is still a need for network segmentation in the zero trust era, but it needs to be software-defined. Otherwise, traditional network segmentation will be over-whelmed by the growing number of access and component interactions today’s applications require. Late… Continue reading →

Posted in Dan Blum, Successes | Tagged IAM, identity management, microssegmentation, network segmentation, zero trust

An Enterprise Authorization Framework Requires Identity and Context

Published December 18, 2016 | By Dan Blum

We recently completed a consulting engagement to create an authorization framework for a large financial services organization. As illustrated, the framework has three dimensions: Runtime authorization patterns, policy models, and governance structures.

The “runtime authorization patterns” describe the components, interfaces,… Continue reading →

Posted in Dan Blum, Successes | Tagged ABAC, authorization, IAM, identity management

Optimizing Security Investment Through a Business Case (Part 2)

Published April 17, 2016 | By Dan Blum

Optimizing security investment? Every organization needs at some point to determine whether a particular security investment (or expense) is justified by a business case. As discussed in Part 1 of our security business case series, even quantifying expected losses… Continue reading →

Posted in Dan Blum, Successes | Tagged breach, business case, DLP, security business case

Security Business Case for Breach Risk Reduction (Part 1)

Published April 13, 2016 | By Dan Blum

Security business case justification is always a complex task for two reasons. First, security earns its keep by reducing risk of losses, not by producing revenues. Second, estimating both the size of losses to security incidents, and the extent… Continue reading →

Posted in Dan Blum, Successes | Tagged breach, business case, DLP, security business case