Tag Archives: cloud security

Recently, I was talking to a system administrator who said “We’re moving to the cloud. They’ll be responsible for security.” I was a bit startled to hear this. Not because of the first sentence; because of the second.

Posted in Cloud Security, Info Security Mgmt | Tagged , , , , , | Leave a comment

I recently had the opportunity to help a customer implement a web services interface that relied on SAML for authentication. Doing so provided a couple of insights that I found interesting.

Posted in Authentication | Tagged , , , , , | Leave a comment

It’s that time of year again. Budgeting for next year means that you need to figure out how much you’re going to spend on security projects and products.  Of course, in order to determine how much money you need to … Continue reading

Posted in Info Security Mgmt, Information Security, Security Breach | Tagged , , , , , , , , , , | Leave a comment

A hot debate over the inherent security benefits of open source software — or lack thereof — has been raging (again) since the “heartbleed” bug came to light last spring. So…..from a security expert’s point of view (yes, mine!), is … Continue reading

Posted in Botz Blog, Cloud Security, Compliance, Encryption, IBM i Security, Info Security Mgmt, Information Security, Mobile Security | Tagged , , , , , , , , , , , , , | 2 Comments

Or…How a security expert can fall for a phishing scheme Think no one will target your business with phishing attacks?  Think again… This confession is a bit hard for me. Just recently I was the target of a phishing attack.  … Continue reading

Posted in Botz Blog, Cloud Security, IBM i Security, Info Security Mgmt, Information Security, Mobile Security, Social Engineering | Tagged , , , , , , , , , , , , | Leave a comment

Have you ever encountered a situation where a user needed to use an application that displayed all of the rows in a file, but the user really should be restricted from seeing certain rows in that file?

Posted in Announcement, Botz Blog, Compliance, IBM i Security, Info Security Mgmt, Information Security, Mobile Security | Tagged , , , , , , , , , , , , | Leave a comment

OR….. How Jobs Get Authority to Objects Words have consequences. Saying things like “we’re going to tighten security” or “we’re going to remove public (or default) authority” or “we’re going to remove direct access to data” will almost invariably lead … Continue reading

Posted in Botz Blog, IBM i Security, Info Security Mgmt, Information Security, Mobile Security | Tagged , , , , , , , , , , | Leave a comment

Recently I’ve written several blog posts about biometric authentication in IT Shops (see “Target Attack Leads to Discussion of Biometric Authentication“, “IT Shop Requirements for Exploiting Biometrics“, “Biometrics and SSO“).  This post discusses a couple of secondary factors.

Posted in Biometrics, Botz Blog, Cloud Security, IBM i Security, Info Security Mgmt, Information Security, Mobile Security, Single Sign-On (SSO) | Tagged , , , , , , , , , , , , , , | Leave a comment

In a recent post I noted that the Target breach once again raised the idea of biometric authentication as means of improving the protection of corporate data. Yet for all of its benefits, adoption of biometric authentication within the IT … Continue reading

Posted in Biometrics, Botz Blog, Cloud Security, IBM i Security, Info Security Mgmt, Information Security, Mobile Security, Single Sign-On (SSO) | Tagged , , , , , , , , , , , , , , , , , , , | 1 Comment

I find this authentication mechanism for accessing Web sites and which was proposed in October 2013 very interesting.  The main reasons it’s interesting are that it would be so much easier to register at Web sites, authentication is based on … Continue reading

Posted in Botz Blog, Encryption, IBM i Security, Info Security Mgmt, Information Security, Mobile Security | Tagged , , , , | Leave a comment