With the recent high-profile breach of Global Payments, information is finally coming to light as to the cause of the breach. Sadly, it seems that ineffective security around authentication was to blame this time. This is in-line with my post the other day about how internal security policies need to educate employees about why passwords and verifying content is so important to maintaining a strong security posture. Unfortunately, it looks like an employee was impersonated through authentication verification questions, giving the unauthorized user access to confidential information including several million credit card numbers. So how can this type of solution be avoided, and more importantly, what kind of cloud solutions exist to help with this challenge? Continue reading →