Stuck in Traffic – Incident Response learn from Firefighting

Archive for July, 2019

Dark Reading: OS, Authentication, Browser & Cloud Trends

Posted by

New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.

Excerpt from: OS, Authentication, Browser & Cloud Trends

Application integration is up across most key categories. The number of customers per cloud app is up 189% year-over-year, and the number of authentications per customer per app is up 56%.

The massive spike in cloud applications means any given employee has at least two or three cloud apps they use to do their jobs, says Wolfgang Goerlich, advisory CISO for Duo Security. “It was a big explosion of shadow IT,” he adds. “It really got away from a lot of the organizations.” Some people often use the same applications for personal and business use, driving the need for businesses to enforce their security policies for cloud-based applications and resources.

Read the full article:

Wolf’s Additional Thoughts

IT history repeats itself.

The organization moves slow to provide employees with tools and technology. Consumer tech fills in the gap outside of the office. People get savvier and more experienced with tech. People innovate with what they know, to get done what they need to get done.

The organization notices people doing things in an innovative yet ad hoc way. Work is done to standardize tech use. More work is done to secure the tech use. The wild ways of people, the wilderness of shadow IT, is tamed and brought into the light.

We’re at this point now. That’s what the numbers show. But tamed IT is slower than shadow IT. If the past has taught us anything, it is that the cycle will repeat.

This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category.

Stuck in Traffic – Sprint Breach by

Posted by

DevOps is measured by increasing velocity, by change. Security is measured by reducing risk, by stability. Perhaps we need to embed naysayers within stand-ups, pointing out abuse cases for new functionality in use cases. As an example, the “add a line” feature of the website that led to a Sprint breach.

Watch more videos on my YouTube channel.