Waverley Labs Blog
Security and Compliance is a Two-way Street
As high profile security breaches increase, Chief Information Security Officers (CISOs) continue to come under attack as they are typically held responsible for ensuring their organizations' security and compliance with FISMA. A new GAO report released Sept. 15...
ULs Cyber Insurance Should Look to Digital Risk Management
UL’s cyber assurance program (CAP) was recently discussed at OWASP’s AppSecUSA Security Conference in Washington, D.C. Consumers rely on UL listings to certify the safety and reliability of products such as light bulbs, batteries and smoke detectors. UL conducts...
Play offense and defense to win the security game
I want to congratulate my friends at MITRE who were recently recognized as a finalist for the GCN DIG IT Award in the category of CyberSecurity. The GCN Dig IT Awards celebrate discovery and innovation in government IT. MITRE was recognized won for their Adversarial...
Black Cloud (with silver lining) on the horizon
Everyday there are new stories about major security breaches and an ever increasing number of attacks on government and commercial enterprises. And while companies continue to compound complexity by deploying security tools upon security tools, they are starting to...
Software Defined Perimeters Emerging and Proven to be “Impregnable”
Waverley Labs is pleased to see increasing industry awareness of Software Defined Perimeters (SDPs) as a game changing solution that may have dramatic impact on solving a myriad of IT security challenges. Government Computer News published an article Software-defined...
Agency Trust + Risk Reduction = FedRAMP Ready!
An article in FCW, FedRAMP Ready or FedRAMP Irrelevant? examined the current FedRAMP authorization environment and how delays are exacerbated when the process has be repeated by multiple agencies for an already proven solution. It noted … No matter how many...
WANTED – Security solution for workflows across multiple cloud APIs
A recent article in Government Computer News, Agencies push for open standards across cloud services, addressed the problems being posed by lack of industry standards for workloads across multiple clouds. The article was generated from discussions at a MeriTalk...
New IG must shift Agencies focus to better understand risk profiles to protect their critical assets and infrastructure
Earlier this summer, FCW reported how Sen. Sheldon Whitehouse (D-R.I.) was proposing a major shift from the current practice of having each federal agency’s inspector general (IG) handle security inquiries. Whitehouse recommended that there be a single inspector...
2016 Ron Knode Service Award
Wow! It is an incredible honor to be recognized as a 2016 Ron Knode Service Award recipient. This award from the Cloud Security Alliance is a wonderful tribute to Ron Knode's passion for volunteerism. As a member of the CSA, he was the creator of the CSA Cloud Trust...
FedRAMP should look at connection-based, application-centric architecture to simplify compliance capabilities
FedRAMP continues to evolve with expectations for process improvements fanning a raging debate depending upon your perspective. The intent of FedRAMP, to modernize and streamline best practices and standards for the secure adoption of the cloud in the government...