Network Segmentation in the Zero Trust Era
There is still a need for network segmentation in the zero trust era, but it needs to be software-defined. Otherwise, traditional network segmentation will be over-whelmed by the growing number of access and component interactions today’s applications require. Late… Continue reading
An Enterprise Authorization Framework Requires Identity and Context
We recently completed a consulting engagement to create an authorization framework for a large financial services organization. As illustrated, the framework has three dimensions: Runtime authorization patterns, policy models, and governance structures.
The “runtime authorization patterns” describe the components, interfaces,… Continue reading
Optimizing Security Investment Through a Business Case (Part 2)
Optimizing security investment? Every organization needs at some point to determine whether a particular security investment (or expense) is justified by a business case. As discussed in Part 1 of our security business case series, even quantifying expected losses… Continue reading
Security Business Case for Breach Risk Reduction (Part 1)
Security business case justification is always a complex task for two reasons. First, security earns its keep by reducing risk of losses, not by producing revenues. Second, estimating both the size of losses to security incidents, and the extent… Continue reading