IoT Application Provisioning for Security Using FDO and TPM

whitePaper | October 4, 2022

Organizational practices in the digital age are inevitably linked to the processing of data, and built upon the systems that support these efforts. Collectively, cybersecurity and privacy professionals are responsible for guiding and implementing organizational decisions that ensure data is collected, processed, protected and shared consistent with evolving norms.

whitePaper | March 14, 2023

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

whitePaper | December 20, 2022

The Nasuni Access Anywhere add-on service delivers high-performance, VPN-less file access for remote and hybrid users, integrates an organization’s file shares with Microsoft Teams, and provides productivity tools such as desktop synchronization and external file and folder sharing to enhance user productivity and provide access to files seamlessly from anywhere on any device. This white paper outlines the security elements of the Nasuni Access Anywhere service.

whitePaper | September 28, 2022

The present White Paper will focus on MEC (Multi-access Edge Computing) technologies and intends to explore security-related use cases and requirements with the aim of identifying aspects of security where the nature of edge computing results in insufficient industry approaches to cloud security. Edge computing environments are by nature characterized by a complex multi-vendor, multi-supplier, multi-stakeholder ecosystem of equipment including both HW and SW devices. Given this overall level of system heterogeneity, the areas of security, trust, and privacy are key topics for the edge environments. Finally, the advent of edge cloud federations and the presence of (far) edge devices, e.g., in Internet-ofThings environments, requires tackling MEC security with an end-to-end (E2E) approach by leveraging existing standards relevant in the area, as carefully selected to be applicable in edge computing systems.

whitePaper | September 27, 2022

The philosophy of Zero Trust security—“never trust; always verify”—has certainly struck a chord. It took decades for organizations to move past the basic castle andmoat security mindset, and to accept that in a cloud world, there is no perimeter to defend, and intruders are always on our networks.

whitePaper | April 28, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.