Hot Take: Response to CPU bugs shows cloud is more secure

Hand wringing and confusion over the recently announced #Spectre and #Meltdown bugs are making the rounds. These bugs shake the foundational assumption of modern computing — that CPU privilege levels and virtual memory work as intended. This assumption is what makes multitenancy in the cloud possible. The spectre (get it?) of data leaking between cloud tenants should concern everyone who uses or operates multitenant service. Should I be scared? Maybe, but not about this. The major cloud…

Passwords Are The Problem (Not Your People)

In the past year, it seems there were more and more articles and surveys that place most of the blame for data breaches on people. Here’s a recent example from Harvard Business Review. While it is true that decisions and actions by end users play a vital role in security risk, blaming people seems unfair, especially when most security tools increase the friction they must endure just to get their jobs done. I would argue that passwords are the problem, not your people. A Brief Look at History…

How to Respond to Password Database Theft

There’s been some renewed interest in a database of passwords that was stolen from LinkedIn a few years ago. That got me thinking about how companies should respond when consumer password databases are exposed. Because it just keeps on happening. The Risk The risk is pretty straight forward: people re-use their passwords. And so the same person who used “cissp53176” as their password for LinkedIn probably also used “cissp53176” for Active Directory. The incident history, both public and not…

Five Ideas for Successful IT Transformation

If you lead an enterprise IT team, there’s an important assumption you should make: your market of internal users is no longer captive. Internal users can, and often do, get a second bid for technology services. Some examples include business units buying SaaS subscriptions or engaging digital agencies to develop custom applications. Today, most enterprises have many users operating largely outside the corporate perimeter. We’ve talked to dozens of IT & security leaders since launching Groove…

Rethinking Identity and Access Management

We founded Groove.id to help people and organizations be more secure and confident online. The rapid rise in adoption of cloud computing represents a once-in-a-career technology shift. Organizations of every size and in every industry are adopting cloud and mobile technologies to improve business results through increased productivity, faster time to market and reduced costs. The results are compelling and every corner of the tech industry is impacted. In particular, there’s been an explosion in…