Blog
SBOM - A First Step in Software Supply Chain Security (SSCS)
by Richard Hill
Software Bill of Material (SBOM) tools have come sharply into focus as a foundational component of any Software Supply Chain Security (SSCS) strategy, spurred on by the U.S. Executive Order to improve the security of the software supply chain. This was in response to a number of highly visible attacks on the software supply chain of some well knows software products and services, such as SolarWinds in 2020, as well as compromised open-source code and other backdoors embedded in routine maintenance updates. As part of the overall enhancement to SSCS, the Executive Order specifically...
Blog
In the Midst of Change, Somethings Remain the Same
by Richard Hill
Industry 4.0 is the fourth revolution in manufacturing. I won't bore you with the details of the prior iteration or versions and how we got where we are today, only that Industry 4.0 promises to take the interconnectedness of devices and machines to a new level. Smart or intelligent computing and autonomous systems using analytics and AI/ML techniques supported by big data are integral parts of the industry 4.0 paradigm. Industry 4.0, in short, is a significant change and will impact a manufacturing organization's digital transformation. A Bow Wave of Devices and Machines Since the...
Blog
IT Security Transformation Can Come from Unexpected Places
by Richard Hill
The Covid-19 pandemic accelerated IT transformation in many ways. Lessons learned, among other things, is that IT software architecture must be highly flexible and scalable to handle the unforeseen tsunami waves of network traffic and flexible enough to address cyber-attacks in areas least expected or prepared, such as potential vulnerabilities in communication applications like Slack, Zoom, Microsoft Teams, or Trello. Organization's sudden imperative to shore up cybersecurity systems such as Access Management became strikingly apparent. Zero Trust During the covid-19 pandemic, the...
Blog
IGA in a World of Zero Trust
by Richard Hill
Zero Trust is a key paradigm for cybersecurity today, used well beyond the security circles. The goal is building cybersecurity that “ never (blindly) trusts ”, but “ always verifies .” This traditionally meant verifying Who has access to What resource. In the past, the Who typically meant a human with a digital identity being given access to some application within an organization. Once the individual was given access to said application, that individual would be verified via an IAM tool’s authentication capability and then authorized based on policy...
Blog
When Cyber "Defense" is no Longer Enough
by Richard Hill
The days in which having just an Identity and Access Management (IAM) system on-premises are long gone. With organizations moving to hybrid on-premises, cloud, and even multi-cloud environments, the number of cyber-attacks is growing. The types and sophistication of these attacks are continually changing to get around any new security controls put in place. In fact, it is much easier for the cyber attacker to change tactics than it is for organizations to bring in new solutions to mitigate current attack vulnerabilities. Organizations must realize that they will never be 100% secure,...
Blog
Web Access & Federation
by Richard Hill
An organization’s need to support communication and collaboration with external parties such as business partners and customers is just as an essential technical foundation today as it has been in the past. Web Access Management and Identity Federation are two vital and inseparable technologies that organizations can use to manage access to and from external systems, including cloud services, consistently. While the core Web Access Management and Identity Federation technologies have been well established for years, organizations will still need a strategic approach to address the...