This week my guest is Ann Cavoukian, Distinguished Expert-in-Residence, leading Privacy by Design Centre of Excellence at Ryerson University.
Ann and I talk about privacy, GDPR and the concept of privacy by design, which Ann created. Privacy by design was recognized by the International Data Protection and Privacy Commissioners as an essential component of fundamental privacy protection and it is a core part of the European Union GDPR regulations. Continue reading →
It’s no secret that most Internet users believe Secure Sockets Layer (SSL) encryption is the ultimate in network traffic security, especially since it has the blessing of Google, Microsoft and other tech giants… Wired: Half the web is now encrypted.
The trouble is that hackers are exploiting confidence in SSL to penetrate corporate networks. Since it has become very easy for anyone to obtain a legitimate SSL certificate at little or no cost, cybercriminals have realized they too can use them. Under the cover of SSL, malware payloads can be slipped into the traffic stream to roll right past even the most rigorous IT defenses. The reason: SSL traffic is often waved through because it is considered as coming from a legitimate source with no need for further examination.
Another troubling issue is a recently discovered hole that opens up during the exchange of certificates, which could permit new methods of attack.
These gaps point to the need for stricter handling of SSL traffic by network security tools. Instead of allowing SSL traffic a free pass onto the corporate network, network security tools must be re-tuned to give SSL traffic the same careful inspection and handling as non-encrypted traffic.
For those in need of such technology, SonicWall offers Deep Packet Inspection, whereby the SSL traffic is decrypted transparently, scanned for threats, re-encrypted, and sent along to its destination if no vulnerabilities are found.
A proper implementation of this technology by RedZone will help guard your network against these emerging SSL threats. To speak to a member of my team contact: (410) 897-9494, or firstname.lastname@example.org.
How do I secure data in third-party integrated systems? This is a great question and it came out of the last innovation luncheon.
It’s important to look at the Cloud as an architecture and design platform. Looking at third parties right now is basically looking at identity management systems and at your identity management strategy.
Major Takeaways from this Security Tip video:
Look at the Cloud as an architecture and design platform
Implement Microsoft’s Active Directory on its Azure cloud platform
Work with third-party application developers to ensure Active Directory integration
How can small-to-medium sized businesses handle more stringent audit and compliance regulations?
A couple big things came out at the last CIO Innovation Insider meetings. It’s coming down stream right now from audit and compliance departments in small-to-medium businesses. I knew this was coming, but I just want you all to be aware of this different strategy and how you can handle audit and compliance.
When I’m talking small-to-medium sized businesses – I’m talking 100 to 2,000 employees. This is where I’m seeing that the audit committee is wanting proof and they are wanting more of a governance style approach to security. This is happening with two companies that I just met with this morning where governance is being required of the IT group.
How Secure are Cloud-Based Systems and Services – more precisely, security of the cloud-based platform?
Everybody considers themselves “cloud” because that’s the marketing buzz word. But whether it’s a hosting or truly a cloud service provider, we have to assume the security of the cloud-based platform is not secure.