Researching and writing about identity and access management over the last three years has made one thing clear: This is a horrifically fragmented market. Lots and lots of vendors who assemble a bunch of pieces together to form a ‘vision’ of how customers want to extend identity services outside the corporate perimeter – to the cloud, mobile, and whatever else they need. And for every possible thing you might want to do, there are three or more approaches. Very confusing.
We originally recorded this episode on St. Patty’s Day and thought it would be nice to send off Windows XP with a nice Irish wake, but Google had a hiccup and our video was stuck in Never Never Land for an extra day. To be honest, we thought we lost it, so no complaints.
It’s really funny and gratifying to see your kids growing up. Over the weekend XX1 took her first solo plane trip. I checked her in as an unaccompanied minor, and she miraculously got TSA Pre-check. Of course that didn’t mean I did with my gate pass. So the TSA folks did their darndest to maintain the security theater, and swabbed my hands and feet.
We are always pretty happy-go-lucky around here, but some days we are really happy.
Today is one of those days.
Hey everyone,
I mentioned it on Twitter but also wanted to post it here. Tomorrow I will be giving a webinar on What Security Pros Need to Know About Cloud, based on the white paper I recently released.
Back in 2013, volumetric denial of service (DoS) attacks targeting networks were all the rage. Alleged hacktivists effectively used the tactic first against Fortune-class banks, largely knocking down major banking brands for days at a time. But these big companies adapted quickly and got proficient at defending themselves, so attackers then bifurcated their attacks. On one hand they went after softer targets like public entities (the UN, et al) and smaller financial institutions. They also used…
Forrester’s Rick Holland makes a great point in the epic Target Breach: Vendors, You’re Not Wrestlers, And This Isn’t The WWE post. Epic mostly because he figured out how to work the WWE and a picture of The Rock into a security blog post.
Attacks keep happening. Breaches keep happening. Senior management keeps wondering what the security team is doing.
The lack of demonstrable progress [in stopping malware] comes down to two intertwined causes. First, devices are built using software that has defects attackers can exploit. Nothing is perfect, especially not software, so every line of code presents an attack surface. Second, employees can be fooled into taking action (such as installing software or clicking a link) that enables…
Rich here,
As technology professionals we always place bets with our careers. There is no way to really know, for certain, which sets of skills will be most in demand down the road. Yet, as with financial investments, we only have so many resources (time and brain cells) to allocate at any given time. Invest too much too early and your nifty new skills won’t be in demand. Too late and you miss the best opportunities, and are stuck playing catch-up if that’s even possible.
The ritual is largely the same. I do my morning stuff (usually consisting of some meditation and some exercise), I grab a quick bite, and then I consult my list of things that need to get done. It is long, and seems to be getting longer. The more I work, the more I have to do. It’s a good problem to have, but it’s still a problem.