Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement

We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind, and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.

The Resilience of Humanity

“Multi-factor authentication and passwordless technologies help to protect our digital identities and account credentials from theft or impersonation. This matters just as much to an individual using a hardware key to access their online bank as it does for a corporate employee using facial recognition to access a privileged administrative account.”

– Kayne McGladrey, IEEE Senior Member

2021 IT priorities require security considerations

2020 was the year no one could have predicted. IT and security teams had to quickly adapt to shutdowns that brought remote workforce security issues, COVID-19-related phishing campaigns, ransomware attacks on schools and hospitals, and more. Now, as enterprises begin 2021, there are three more pandemic response challenges to potentially contend with: securing a hybrid remote and office work structure; securely reopening offices and facilities; and adapting to a permanent remote working environment. Kayne McGladrey, IEEE senior member and security architect and governance, risk and compliance practice lead at Ascent Solutions, outlined the most significant challenges each scenario presents and how security teams should prepare for them now to thwart potential security issues.

Opening keynote speech at the Seattle Electrical Conference

“I hope that you want to create safe products that benefit individuals and society, that make life better.

That you want to reverse course, and can advocate for security in face of lean IT, DevOps, and less money and less time and less people.

IEEE code of ethics includes the phrase “disclose promptly factors that might endanger the public or the environment”.

Not as strong as language as the other code of ethics I’m bound to follow as a CISSP, to “protect society, the common good, necessary public trust and confidence, and the infrastructure”

Regardless of which code of ethics you’re following, we have responsibility to society to turn this around.”

Telehealth’s emergence and the keys to security in 2021

Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits.

Unfortunately, bad actors have shown a lack of morality in their pursuit of illegal profits and have continued to attack medical organizations. Ransomware attacks, for example, can cripple a hospital’s abilities to provide high-quality patient care by denying access to key computer systems, which would force medical professionals to have to treat patients based on memory and paper-based records.

The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.