In my recent travels which spanned the globe and included stops in Hong Kong, Singapore and New Orleans, I had the pleasure and opportunity to network with a wide range of technology, security and audit professionals. In addition to all of the great networking, I was honored to speak at the InfoSec and the ISACA sponsored conferences.Keep Reading
I recently attended the 24th National HIPAA summit in Washington, DC and had the opportunity to mingle and catch up with my compliance peers. I walked away realizing that the HIPAA/HITECH compliance tidal wave is not letting up any time soon. Listening to healthcare industry leaders and members of the private and government sectors left me to believe that we have a long and tough path to compliance ahead of us.Keep Reading
Cloud adoption is gaining momentum in Hong Kong, driven by both the governmental and private sectors. The rapidly growing cloud adoption does however pose some security concerns. How to, for example, address the monitoring of encrypted privileged access in the cloud is a key concern for many.Keep Reading
A Little Bit of History (2014 – Today) You don’t have to go back very far to discover common trends occurring across information security areas in all industries and government agencies as they relate to cybersecurity. The primary driving factor can be attributed to the never ending spate of breaches which have impacted nearly every type of business regardless of size or sophistication. This has led to governing agencies or associations to take notice and begin to issue guidance/rules. Here are just a few which come to mind:Keep Reading
Internet sources cite Vladimir I. Lenin as the origin of the quote in the title. My history knowledge is not deep enough to tell what was the context of the utterance but I am rather certain that the father of the Russian Revolution was not thinking of allowing trusted third-parties access to his ICT infrastructure.Keep Reading
This blog is a continuation of my earlier blog “Plug and Play or Plug and Pain” on Privileged Access Management (PAM), posted on December 16, 2015. I will dive a bit deeper now into the problem of shared account password and key management and give pointers how SSH’s CryptoAuditor and Universal SSH Key Manager solutions address it.
Shared Account Password Management (SAPM) is a product category of Privileged Access Management (PAM) recognized by many analysts, vendors, and customers.Keep Reading
So you have a problem with privileged access? Whether it is your own employees accessing critical production systems on a daily basis, or third-party system vendors who need occasional access to maintain the systems, or whether it is machine identities that use privileged accounts for running automated jobs, the underlying problem is the same: Privileged accounts, exactly because of their higher privileges, present a risk and the access to them needs to be controlled and monitored. This is also mandated by several laws and industry regulations.Keep Reading
In October, SSH Communications Security joined two conferences in Singapore: GovernmentWare and Cloud Expo Asia. The hot topics at both events were around Smart Nation, aligning with cloud adoption. Singapore’s Smart Nation vision seeks to improve living, transport, healthcare, environment and business, as well as address growing urban challenges powered by ICT, networks and big data.