Volume 1, Issue 1 September 24, 2020
Being “on the same wavelength” suggests that miracle moment when two people are saying or thinking the same thing – sometimes without even speaking! Dynamic understanding.
Wavelength by Juanita Koilpillai
Industry analysts are predicting what the “new normal” in the post Covid world might look like for technology. The four trends that they highlight are cloud computing, integration, automation, and workforce enablement. Seems they overlooked one constant to enable the trends: information security. Admittedly, the trends are not “new”, and the priorities may be a little different for everyone. Here’s what we think – what do you think?
- Cloud Computing: We think that companies are moving from exploring cloud to doing the hard work of restructuring workflows so everyone can do more with cloud – faster.
- Integration: Nothing new here – all the pieces need to work together. We think the future success of integration will require technical know- PLUS the knowledge of how the business needs to work post Covid.
- Automation: AI and ML will enable more and smarter automation. We think safe automation will require additional security capabilities – like blockchain to protect automated procedures in contracting and logistics.
- Workforce Enablement: Remote workers can get the job done! The challenge is creating a culture of collaboration for remote workers. Vendors and analysts report rapid adoption of technology enabling collaboration and productivity, but these technologies will be highly dependent on providing secure connections for remote workers -wherever they are- to the services they need to do their work.
Information Security: We think authenticating and authorizing users and their devices to access the applications and services critical to their work must follow zero trust guidelines. Waverley Labs believes our API based software defined perimeter (SDP) is a way to enable this new normal by dynamically enforcing identity and access controls.
Wave to Wave
Join the dialogue! Here’s a post from our weekly blog. It’s a quick read then share your point of view!
David Linthicum @InfoWorld confirms multiclouds still not secure. Waverley responds to David in this blog outlining #SDP and how it enables #ZeroTrust https://bit.ly/3igwjHQBLOG What are your thoughts about the security of multi-cloud computing? Are we on the same wavelength?
Lambda is the symbol representing wavelength in scientific equations. It’s a monthly feature of the newsletter where we examine an attack vector that has the propensity to introduce risk. In this issue, we address privileged access and the practice of standing privilege.
Privileged access is special access to critical assets and systems above and beyond what any normal business user will have. Privileged might mean bypassing common access controls or allowing a user to change the configuration of security controls. In some cases, it may allow a service/application account to run various services or connect one service to another or a service to a database. With credentials theft at an all time high, the practice of privileged access and standing privilege are challenging to manage.
VPN-based solutions by themselves are unable to provide granular access to specific systems and applications, and often take an all-or-nothing approach. This can open doors for malicious activities. They do not effectively bridge the gap between security and productivity. Other PAM (privileged access management) tools are agentless and don’t require VPN tunneling, port forwarding or firewall configuration changes reducing some exposure.
What’s the future? Zero trust models and SDP (software defined perimeter) may change the practice of privilege – reducing risk and increasing staff productivity. Waverley believes that SDP may provide an avenue to change how IAM and PAM will work in the future.
Waverley Labs is a sponsor of the Digital Risk Management Institute. Listen to this BrightTalk session featuring a new take on defending DDOS Cyber Attacks.
David Morris interviews Juanita Koilpillai about the challenges of dealing with IoT vulnerabilities. Managing the 21 billion internet connected devices in use today will benefit from utilizing a zero-trust model to defend against DDoS cyber-attacks.