I guess you picked the wrong god-damned rec room to break into, didn’t you?!

With the recent high-profile breach of Global Payments, information is finally coming to light as to the cause of the breach. Sadly, it seems that ineffective security around authentication was to blame this time. This is in-line with my post the other day about how internal security policies need to educate employees about why passwords and verifying content is so important to maintaining a strong security posture. Unfortunately, it looks like an employee was impersonated through authentication verification questions, giving the unauthorized user access to confidential information including several million credit card numbers. So how can this type of solution be avoided, and more importantly, what kind of cloud solutions exist to help with this challenge? Continue reading

One Ring To Rule Them All…

With more and more organizations starting to move internal services to cloud and web based portals, the complexity of managing employee login credentials (from both the IT administrators and end users point of view) increases.  The natural reflex for users is to start creating simplified passwords for all the different systems or save them in easily accessible places.  Unfortunately, this ends up causing more work for administrators as the resources required to manage requests for password resets and maintain the individual credential systems.  This is why if you Google “Single Sign-On” every single security and IT manufacturer suddenly seems to have a solution. Continue reading