Blog by Paul Fisher

Blog
A New Pamocracy is Growing Inside Your Organization
by Paul Fisher
A New Pamocracy is Growing Inside Your Organization When you were not looking, the number of privileged identities you manage went from thousands to millions OK everybody is doing it right now, so I asked the analyst’s new best friend, Chat GPT , to define Privileged Access Management . Here is what it said: “Privileged Access Management (PAM) is a critical security discipline that provides a framework to manage and monitor privileged access to sensitive systems and data. PAM solutions aim to prevent unauthorized access, reduce the risk of cyberattacks, and ensure...
Read More
Blog
Stop attackers enjoying a pick ‘n’ mix attack surface
by Paul Fisher
We know that the way forward for business IT is to use multi-hybrid architectures for long term agility of operations. Such architectures will include multiple clouds for new services, on-prem stacks, edge devices, OT integration and much more. But while the need for multi-hybrid is clear, the resulting complexity of ad hoc deployment of multi-hybrid architectures can lead to serious security holes. Unmanaged complexity will invariably result in an enlarged attack surface that will encourage attackers to take a pick and mix approach to find and exploit vulnerabilities within your...
Read More
Blog
Complex Modern Business Needs Trusted IT Partners to Be Secure
by Paul Fisher
In today’s business environment, companies have three major challenges – making a profit, finding great people, and staying ahead of the competition. That’s quite enough, but they also have major operational challenges with IT, cyber security, and compliance. For example, IBM Security Services reports that it’s not unusual for clients to have more than 15 different cloud providers – and probably more they don’t know about. How do business and IT leaders deal with that when they don’t even know how many clouds there are, or what data resides on...
Read More
Blog
Microsoft’s Threat Intelligence Play is Good News for Customers in Fight Against Ransomware
by Paul Fisher
This week, Microsoft made official its agreement to acquire Threat Intelligence vendor RiskIQ in a deal rumoured to be worth around $500m. It is not an unusual event; Microsoft has absorbed five businesses already in 2021, and usually it is to acquire a discrete technology it deems useful or sometimes to push into emerging markets. This latest acquisition falls into both camps. While Threat Intelligence is not an emerging in the normal sense, it has acquired a new importance in the last 18 months as global cyber-attacks reached a new level of intensity. The fact this has run in parallel...
Read More
Blog
PAM Is Changing and You Need to Know Why
by Paul Fisher
What is left to say about PAM that has not already been said? Well in my opinion, quite a lot – as I hope you find out when you join me at the forthcoming KCLive Event, Operationalizing Privileged Access Management. I talk to PAM vendors all the time and I believe it is a truly exciting space to be covering and some of the innovations that vendors of all sizes are bringing to the table promise real progress in how we manage privilege access in the workplace – and, as you will discover, beyond the workplace.  Punching above its weight PAM is not by a long chalk...
Read More
Blog
Time CISOs Stopped Trying to Speak to the Board?
by Paul Fisher
I have been covering cybersecurity issues, first as a journalist then as an analyst, since 2006. In that 15 years I have heard the mantra that security is a boardroom issue hundreds of times. The subject has filled countless conference talks and media articles. It appears that the message is still not getting through if a speech by the new CEO of the UK National Cyber Security Centre (NCSC) anything is to go by. In her first public speaking engagement in March this year, Lindy Cameron, said, you guessed it folks, security must be given more attention in the boardroom....
Read More
Blog
AI and Healthcare
by Paul Fisher
AI's role in reducing the impact of future pandemics As the coronavirus spreads fear and panic across the world, it’s perhaps timely to take a step back and consider the future of healthcare and how AI will help. But first let’s consider that the coverage and spread of the virus shows us precisely just why reliable data is needed to help us cope with new diseases. At time of writing, most official advice on coronavirus is not based on hard data led evidence on how the virus spreads, the best way to contain it, who is most vulnerable, what is the incubation period and so on....
Read More
Blog
Moving Towards AI and IoT Solutions Beyond Machine Learning
by Paul Fisher
Microsoft is currently running ads extoling the virtue of AI and IoT sensors in helping farmers produce more and better crops, with less waste and higher yields. Elsewhere in manufacturing, supply chain management is being transformed with digital maps of goods and services that reduce waste and logistical delays. In Finland, a combination of AI and IoT is making life safer for pedestrians. The City of Tampere and Tieto built a pilot system that automatically detects when a pedestrian is planning to cross the street at an intersection. Cameras at intersections accessed algorithms...
Read More
Blog
PAM Can Reduce Risk of Compliance Failure but Is Part of a Bigger Picture
by Paul Fisher
The importance of privilege accounts to digital organizations and their appeal to cyber attackers has made Privilege Access Management (PAM) an essential component of an identity and access management portfolio. Quite often, customers will see this as purely as a security investment, protecting the company’s crown jewels against theft by organized crime and against fraudulent use by internals. More successful cyber-attacks are now enabled by attackers gaining access to privilege accounts. However, that is only part of the story. Organizations also must worry about meeting...
Read More
Blog
VMware’s New Idea for Fixing Cybersecurity: Intrinsic Security
by Paul Fisher
At VMworld Europe 2019, Pat Gelsinger, CEO of VMware said security is fundamentally broken and that the overabundance of vendors is making the problem worse. I’m not sure this is true. Gelsinger had some good lines: applications that are updated and patched on a regular basis should be illegal and outlawed by legislation, and that security is too threat-based. Making security less threat-focused is a good thing The solution, according to VMware, is simple: we need to build more security in the platform with the supreme goal of a single security agent running across the entire...
Read More
1 2 Next