The cloud has become ubiquitous in today’s IT infrastructure as most organizations have adopted it as an integral part of their infrastructure architecture, but it continues to be difficult to implement and setup properly.  While there are controls and specific settings that can be applied to your cloud resources, it is important to understand which ones and how to do it.  This begins with choosing the right service provider and developing an overall strategy on how it will be implemented within your company. Determining the Right Service Provider Zero Trust Access Management Endpo ..read more

​Companies and organizations continue to grow and develop, and as a part of that process, they end up acquiring other businesses through a merger or acquisition.  The question always comes, how do you integrate the diverse networks while still being secure?  This can be a complicated and difficult question to answer because of all of the variables and moving pieces involved in such a issue. Whether you are the VP of IT, or the Director of IT Security, there is just not one way to tackle this issue.  There are steps and some initial guidance on how this should be approached.&nbs ..read more

As the days continue to drag on with the most resent high-profile ransomware attack here in the US (Colonial Pipeline that started on May 6th 2021), the east coast and the south are feeling the brunt of the effects of this recent attack the most. This is not a new thing; ransomware has been around for a few years now and organizations of all sizes should be prepared for its potential effects on their business. ​ We have seen attacks against municipalities infrastructure and also governmental services as well.  Ransomware is indiscriminate in who or what they attack, and let’s be clear he ..read more

​Business Continuity Testing & Evaluation Scenarios When it comes to Business Continuity Planning (BCP), nothing makes an IT Security Pro more nervous than testing the plan they just created.  Whether you live in the Northwestern US, or in Europe, planning for a disaster or business interruption is an important aspect of evaluating the planning process.  Whether you are looking to perform a functional test, or just a table-top test, determining the type of scenario can be a daunting task, even scary to even contemplate. ​Testing & Evaluation As part of the evaluation proces ..read more

​As the investigation continues into the breach of the computer system for the Bruce T. Haddock Water Treatment Plant in Oldsmar, Florida on February 5th.  What is becoming clearer is that this hack was due to several different failures in security that led to the site to be compromised by attackers.  While the damage was little, it could have been a lot worse. Security Failures While this investigation into the breach of security is still ongoing at the time of this blog post, the common theme is that the facility was using older equipment with lax security protocols.  These ..read more

The use of Artificial Intelligence (AI) in IT Security is shaping up to be transformative in that it helps the IT Security Pro focus on the important aspects of the business, educating the end users.  While AI allows for extra source of intelligence in the field, the biggest fear is that it will replace IT Security Professionals and the industry. This is not the case, but there will be synergy between the human in the loop, and the machine in the response to potential threats to the corporate business network. AI vs. Machine Learning AI implies that there is adaptive learning involved ..read more

When developing policies and standards for any company, the question always comes up with Senior Management, “how will we manage all of these policies?”  This is a question that should be answered prior to starting any compliance project.  As various standards will have different requirements and the company may have to change its process to be compliant with those new processes.  Whether the company wants to streamline the process, or if they want to do their own thing, its important for the IT Security Pro to strike a balance. Compliance Requirements Compliance has many face ..read more

Protesters gather in front of a liquor store in flames near the police building in Minneapolis. Photo: AFP ​With growing unrest in the US, there is growing concern that there will be unrest in the country following the Presidential election in November of 2020.  While the country continues to deal with ongoing race riots and protests all over the country, it is important to remember that these may be localized to a particular city or even neighborhoods in which the protests are taking place. While it is important to listen to those that are protesting and what their concerns might be ..read more

Just when you thought things couldn’t get worse than they already are, the area that the business operates is stuck by a natural disaster while also dealing with the pandemic (COVID-19).  While IT Security is always looking for what could possibly impact the business, IT Security Pros can’t plan for everything.  While the pandemic has stretched resources and stressed the staff beyond all measure, just imagine adding another significant event on top of it all. Multiple Treats While IT Security has the ability to plan for the unforeseeable, being able to deal with multiple business i ..read more

We have seen a drastic increase in the number of companies and individuals that are working from home these recent weeks due to the outbreak of COVID-19 or the Coronavirus and the impact it has had on the global workforce.  It is not just the technical industries that are finding that they need to support this suggested defense strategy for dealing with the outbreak.  Being secure while working from home seems like a no-brainer, but in a corporate environment, you have more resources and security measures that are not available at home or that can be implemented.  Network Conn ..read more