Blog posts by Warwick Ashford

If anyone in any organization was in any doubt about the importance of having a Disaster Operations Plan, that has surely changed since the outbreak of the Covid-19 pandemic. Some organizations have coped better than others, but every organization should either be working on developing a Disaster Operation Plan or on improving the one they already have by identifying where the plan did and did not work well. Design a plan based on resources you already have A Disaster Operation Plan is a crisis-specific plan that builds off what an organization should already have in place. The...

As soon as national lockdowns began to limit the spread of Covid-19 it was clear that the world would never be the same again, and last week’s Microsoft Build conference has highlighted what some of those changes will be, starting with the event itself being fully virtual for the first time. Remote working set to increase longer-term While remote working was becoming increasingly popular in the run-up to the Covid-19 crisis, few organizations were well equipped to accommodate this. In the past two months, however, just about every organization has had to find a way of enabling...

Working securely at home during the pandemic As more people are working from home than ever before, there is an increasing demand for communication services. But security needs to be a key consideration as businesses adapt to a new way of working, as my colleagues John Tolbert , Matthias Reinwarth , and Alexei Balaganski have pointed out in their recommendations on responding to the Covid19 pandemic. The move to cloud is obvious For many organizations, meeting the challenges presented by the pandemic means making a quick move to the cloud, but as Matthias points out, this...

Despite a Citrix warning in mid-December of a serious vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway (formerly NetScaler and NetScaler Gateway), thousands of companies have yet to put in place the recommended mitigations . In the meantime, several proof of concept (PoC) exploits have been published on GitHub, making it extremely easy for attackers to gain access to networks and impersonate authorized users. Thousands of Citrix systems still vulnerable Initial estimates put the number of vulnerable systems at 80,000 in 158 countries. Researchers...

Newly announced AWS offerings of Access Analyzer, Amazon Detective and AWS Nitro Enclaves discussed in my last blog post, further round out AWS’s security services and tools such as Amazon GuardDuty that continuously monitors for threats to accounts and workloads, Amazon Inspector that assesses application hosts for vulnerabilities and deviations from best practices, Amazon Macie that uses machine learning to discover, classify, and protect sensitive data, and AWS Security Hub, a unified security and compliance center. These new security capabilities come hard on the heels of...

The high proportion of cyber attacks enabled by poor security practices has long raised questions about what it will take to bring about any significant change. Finally, however, there are indications that the threat of substantial fines for contravening the growing number of data protection regulations and negative media exposure associated with breaches are having the desired effect. High profile data breaches driving industry improvements The positive effect of high-profile breaches was evident at the Amazon Web Services (AWS) re:Invent conference in Las Vegas, where the cloud...

As usual, Amazon Web Services (AWS) is making a slew of announcements at its reinvent conference in Las Vegas, and as expected, the key ones related to making it easier for organizations to move workloads to the cloud, keep data secure and get more value out of their data with services supported by Machine Learning. However, one of the most interesting points made in the keynote by CEO Andy Jassy was not the power of the cloud transform business, revolutionize industry sectors or the latest AWS server processor chip and services, but about the common, non-technical barriers...

The market shift to cloud-based security services was highlighted at the Ignite Europe 2019 held by Palo Alto Networks in Barcelona, where the company announced a few product enhancements in an effort to round out its offerings to meet what it expects will be growing market demand. A key element of its go-to market strategy is in response to market demand to reduce the complexity of security and to reduce the number of suppliers by adding cloud-delivered so Software-Defined Wide Area Network SD-WAN and DLP (data loss prevention) capabilities to its Prisma Access product. The move not...

Multifactor authentication and end-user education emerged as the most common themes at a CISO forum with analysts held under Chatham House Rules in London. Chief information security officers across a wide range of industry sectors agree on the importance of multifactor authentication (MFA) to extending desktop-level security controls to an increasingly mobile workforce, with several indicating that MFA is among their key projects for 2020 to protect against credential stuffing attacks. In highly-targeted industry sectors, CISOs said two-factor authentication (2FA) was mandated...

Nok Nok Labs has made FIDO certified multi-factor authentication – which seeks to eliminate dependence on password-based security - available across all digital channels by adding a software development kit (SDK) for smart watches to the latest version of its digital authentication platform, the Nok Nok S3 Authentication Suite . In truth, the SDK is only for the Apple watchOS, but it is the first - and currently only - SDK available to do all the heavy lifting for developers seeking to enable FIDO-certified authentication via smart watches that do not natively support FIDO,...