Waverley Labs Blog
Interoperability for Software Defined Perimeters is almost here!
Cisco was in the news recently when it announced the purchase of IAM company Duo Security for $2.3 billion. The move fortified Cisco’s ability to provide IAM and other security features to customers at a time when cloud and mobile computing have all but erased the...
The IoT and the Threat to Physical Security
Look beyond testing and compliance As the IoT and thousands of new IP devices grows exponentially, so do the security risks in variety of critical areas including physical security controls. An article in FCW recently outlined increasing risks posed by doors,...
Voting and Election Security – Desperately Seeking the Security Savior
A recent NPR story outlined alarming election security issues on a variety of fronts. The story recounted individual security incidents impacting private companies specializing in products and services ranging from election systems and technologies to voting machines...
Effective Election Security Requires MFA
Recently the Senate Select Committee on Intelligence released a set of recommendations to combat efforts by hostile states to interfere with U.S. elections. The committee' draft recommendations cover six areas and include guidance on deterrence, information sharing,...
Zero Trust, as defined by Forrester, does not provide complete security (Part 2)
In Part 1 last week, I made the case that Forrester’s concept of Zero Trust has key limitations and that only through the use of SDPs can Zero Trust be truly effective. Part 2 of 2 A software-defined perimeter (SDP) dynamically creates one-to-one connections between...
Zero Trust, as defined by Forrester, does not provide complete security (Part 1)
Part 1 of 2 In 2010, Forrester introduced the concept of the “The Zero Trust Network.” Essentially Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must...
True Risk Reduction Requires an “Authenticate-First” Solution
In an effort to bring enterprise-wide security to all its agencies, and in conjunction with its migration of services to the cloud, leaders in Pennsylvania's Office of Administration recently deployed a risk-based multi-factor authentication (RBMFA) system for...
Federal IT Security …. It’s About the Applications, Not Compliance
An FCW article (White House hints a new cyber policies) recently reported that the White House is preparing to act on recommendations from its first cybersecurity directive issued last May. But it also noted concern from lawmakers who have been questioning gaps in...
Will Increased Focus on CUI Lead to GDPR-like Controls in the US?
A recent FCW article, GSA signals new cyber rules for contractors, examined GSA plans to further bolster cybersecurity protections and reporting requirements for contractors. Currently, the new NIST specification NIST 800-171 provides guidelines for all DoD...
Waverley Labs unpacks FedRAMP in new BrightTALK webinar
Waverley Labs’ Founder & CEO Juanita Koilpillai recently participated in a BrightTALK webinar on FedRAMP and its role in increasing cloud security. Juanita is also the former CTO of one of the first FedRAMP Third Party Assessors (3PAOs). The webinar titled...