Securing APIs: Empowering Security
Posted under: Research and Analysis As discussed in Application Architecture Disrupted, macro changes including the migration to cloud disrupting the tech stack, application design patterns bringing microservices to the forefront, and DevOps changing dev/release practices dramatically impact building and deploying applications. In this environment, the focus turns to APIs as ... Read More
Securing APIs: Modern API Security
Posted under: Research and Analysis As we started the API Security series, we went through how application architecture evolves and how that’s changing the application attack surface. API Security requires more than traditional application security. Traditional application security tactics like SAST/DAST, WAF, API Gateway, and others are necessary but not ... Read More
Securing APIs: Application Architecture Disrupted
Posted under: Research and Analysis When you think of disruption, the typical image is a tornado coming through and ripping things up, leaving towns leveled and nothing the same moving forward. But disruption can be slow and steady, incremental in the way everything you thought you knew has changed. Securing ... Read More
Infrastructure Hygiene: Success and Consistency
Posted under: Research and Analysis We went through the risks and challenges of infrastructure hygiene, and then various approaches for fixing the vulnerabilities. Let’s wrap up the series by seeing how this kind of approach works in practice and how we’ll organize to ensure the consistent and successful execution of ... Read More
Infrastructure Hygiene: Fixing Vulnerabilities
Posted under: Research and Analysis As discussed in the first post in the Infrastructure Hygiene series, the most basic advice we can give on security is to do the fundamentals well. That doesn’t insulate you from determined and well-funded adversaries or space alien cyber attacks, but it will eliminate the ... Read More
Infrastructure Hygiene: Why It’s Critical for Protection
Posted under: Research and Analysis After many decades as security professionals, it is depressing to have the same issues repeatedly. It’s kind of like we’re stuck in this hacker groundhog day. Get up, clean up after stupid users, handle a new attack, fill out compliance report, and then do it ... Read More
Data Security in the SaaS Age: Quick Wins
Posted under: Research and Analysis As we wrap up our series on Data Security in the SaaS age, let’s work through a scenario to show how these concepts apply in a specific scenario. We’ll revisit the “small, but rapidly growing” pharmaceutical company we used as an example in our Data ... Read More
Data Security in the SaaS Age: Thinking Small
Posted under: Research and Analysis Our last post in Data Security in a SaaS World discussed how the use and sharing phases of the (frankly partially defunct) Data Security Lifecycle remain relevant. That approach hinges on a detailed understanding of each application to define appropriate policies for what is allowed ... Read More
Data Security in the SaaS Age: Focus on What You Control
Posted under: Research and Analysis As we launched our series on Data Security in the SaaS Age, we described the challenge of protecting data as it continues to spread across dozens (if not hundreds) of different cloud providers. We also focused attention on the Data Security Triangle, as the best ... Read More
Insight 6/2/2020: Walking Their Path
Posted under: Insight Between Mira and I, we have 5 teenagers. For better or worse, the teenage experience of the kids this year looks quite a bit different; thanks COVID! They haven’t really been able to go anywhere, and although things are loosening up a bit here in Atlanta, we’ve ... Read More
