The Requirement for Security Independence in a Virtualized (or Cloud) (or Virtual) World

As we evolve more and more to complete self-contained services like the mainstream Cloud services of Microsoft, Amazon, IBM and Google, I often express concerns about the Cyber aspects being coupled.  Enterprises and users are, if they haven’t already, getting more and more comfortable with giving up their physical/virtual servers, applications and storage but are not, and should not, be comfortable giving up control of their sensitive data.  The shared responsibility models of Cloud Services Providers (CSPs) delineates between the physical aspects (network, disks, memory, etc.) and the responsibility of what resides in the storage and computer.

Future Leaders of Tomorrow Doing Great Stuff Today

Recently, I got the opportunity to be a judge at the Nahani-Glenforest Lego Robotics Competition. This is a competition where groups of grade 1 and 3 students from Nahani Way Public School work with high school students from Glenforest Secondary School to build and program Lego robots to do specific tasks. For yours truly, this was an opportunity to give back to the community and inspire the next generation who will take up careers in science, technology, engineering and mathematics (STEM). This was a high profile event as in attendance was Mississauga Mayor Bonnie Crombie as well as Navdeep Bains who is the Minister of Innovation, Science and Economic Development for the Government of Canada.

Overcoming Weak Password Compliance

Have you taken the #LayerUP pledge? It’s an ingenious way to get people’s attention on a topic that might be considered frivolous, but which could result in some rather costly consequences if not followed – and that topic is Password Compliance.  In enterprises, getting all of the employees to adopt password best practices on a consistent basis can be very difficult – especially since its human nature to use repetitive patterns or familiar phrases as passwords. Why? Because password requirements are everywhere, and the demand from IT departments to make them lengthier and more complex continue to grow and well, let’s be honest, the more passwords you have, the more likely you are to forget them.

SEDs, Sleep and Hibernation

I have written about the security implications of using sleep with encrypted drives in the past  and have offered both short term and longer term solutions that would allow users to use sleep under some conditions and not risk (too much) a data breach.   Today I am writing to offer another, common sense, alternative: Just don’t use sleep because you don’t really need it.

Approaches Canadian SMBs Are Taking to Become Secure

One of many common denominators that modern corporations face regardless of size, industry vertical and revenue is technical vulnerability. Without reiterating the monetary impact and disruption to business that IT attack’s result in, taking a proactive and engaged approach is your best defense. The reality of the starting point is that Canadian small and medium businesses are faced with obstacles right off the bat such as:

Harnessing BitLocker’s Full Potential: Introducing the BitLocker Toolkit

Being a security professional can be tough it you don’t have the right tools. And some of the tools in your arsenal are native encryption solutions, like BitLocker, which provide a strong first step in data security. But with your IT environment growing ever more complex – having multiple devices, operating systems, and strapped resources – it’s time to start managing your environment the smartest way.

HIPAA in 2017: failing to plan equals planning to fail

Another day, another breach. In a relatively unsurprising start to 2017, healthcare breaches are on track to reach new heights (or is it depths?). In what has become a somewhat satirical annual tradition, analysts forecast upcoming breach trends for the notoriously hard hit healthcare industry, and title each year with a fitting name. In 2015, it kicked off with the Year of the Healthcare Breach. In 2016, it was the Rise of Ransomware. So as I was reading about yet another breach in April, a question came to mind, what will “Year of the” be for 2017?

Why Average Handle Time is not a Good Customer Experience

Have you ever called a contact center within a company because you had an issue, and felt like you were being “hurried” off the phone? If you’ve had that experience, there’s a reason for you feeling that way. Which is that the contact center that you were calling is actually trying to “hurry” you off the phone. Let me give you the inside scoop as to why you are being “hurried” to hang up from a contact center.

5 Qs Security Professionals Should ask as they Move to the Cloud

Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it.  But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.

Full Disk Encryption, UEFI, Secure Boot and Device Guard

It has been a while since I have written about UEFI, Secure Boot and their impact on Full Disk Encryption (FDE) pre-boot authentication (PBA) so it’s time for an update on what is new in this area, but first here is a recap because this is a bit of an arcane technical subject. UEFI stands for “Unified Extensible Firmware Interface”. The UEFI specification defines a standard model for the interface between personal-computer operating systems and platform firmware.   It provides a standard environment for booting an operating system and running pre-boot applications such as the PBA for FDE.   It replaces the traditional legacy BIOS interface that was used with Windows 7 and older systems.   Now that Windows 10 is being widely adopted I expect to see UEFI used on almost all new machines.