DATA SECURITY

Lack of Remote and Hybrid Work Policies Put Education Industry at Risk for IT Security Issues

Apricorn | July 23, 2021

The leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, Apricorn, has announced various findings for the education sector from the Apricorn Global IT Security Survey, 2021. The survey says the education industry lacks concern about security threats from employees and, due to limited IT security policies related to remote work, has a greater risk for cybersecurity breaches and data loss than other industries. For example, 69.4% of respondents say, as targets that attackers can use to access data, employees at their organizations don't think of themselves,  compared to 37.5% in information technology (IT).

The survey was to compare cybersecurity policies of various industries about hybrid and remote work. More than 400 respondents completed the survey. Unfortunately, the education industry constantly lags behind many other healthcare, manufacturing, IT, and financial services when executing lost/stolen devices and data security policies. Remarkably, compared to 55% in IT, only 26% of respondents in the education industry agreed that they have policies regarding lost/stolen devices.

Many education institutions, in the Fall, will be returning to in-person instruction; however,  in the education sector, most survey respondents (90.77%) said a hybrid work option exists. Organizations in education demonstrated a trend of allowing employee choice when it comes to policy adherence when asked about policies and procedures that have been put in place regarding transporting data and devices. Compared to an average of 52% for other top industries, only 20% of education organizations require encrypted hardware. More than half of EDUCATION organizations permit the use of personal USB devices.

About Apricorn

Founded in 1983, Apricorn is a leading provider of secure storage innovations to prominent companies in education, healthcare, finance, and government throughout North America, EMEA, and Canada. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Under the Apricorn brand, numerous award-winning products and patents have been developed.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Axonius Successfully Completes the Australian Information Security Registered Assessors Program (IRAP) Assessment

Globenewswire | May 04, 2023

Axonius, the leader in cybersecurity asset management, today announced the successful completion of the Australian Information Security Registered Assessors Program (IRAP) assessment, giving the Australian public sector confidence in the security of the Axonius Cybersecurity Asset Management solution. The Australian government recently made changes to the Securing of Critical Infrastructure Act. One of the core focus areas for the Act is Risk Analysis, which is impossible without comprehensive asset visibility. By aggregating and correlating data from all deployed IT tools, Axonius provides a holistic view of each unique asset, and the ability to more accurately assess the Risk associated with that asset. The Information Security Registered Assessors Program (IRAP) enables Australian government customers to validate that appropriate controls are in place and determine the appropriate responsibility model for addressing the requirements of the Australian government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC). “Axonius continually monitors both hardware and software assets, giving government agencies the asset visibility and intelligence they need to accelerate their security programs,” said Vern Fernhout, Country Manager, Australia for Axonius. “With the IRAP assessment complete, Australian government agencies can now confidently adopt Axonius to discover security gaps and enforce security policies – two critical components of complying with new and existing government security requirements.” Axonius already works with several Australian government agencies on both the state and federal level, and completing the IRAP assessment will accelerate its ability to serve additional customers in the space. In addition to IRAP, Axonius has also been certified by the National Information Assurance Partnership (NIAP)having passed Common Criteria validation in the United States, further emphasising its commitment to the public sector. The completion of both assessments enables Axonius to help government agencies improve their cybersecurity posture and gain more visibility into their IT and security environments. To learn more about Axonius, visit the website or request a demo. About Axonius Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world. For more, visit Axonius.com.

Read More

DATA SECURITY, ENTERPRISE IDENTITY, NETWORK THREAT DETECTION

ForgeRock is the First Identity Platform to Fully Eliminate Passwords

ForgeRock | March 21, 2023

ForgeRock®, a global digital identity leader, today announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s industry-leading, passwordless authentication portfolio for consumer and workforce use cases. Developed through ForgeRock’s strategic partnership with Secret Double Octopus, the new solution, integrated into ForgeRock Identity Platform, protects the most commonly used and vulnerable enterprise resources such as servers, workstations, remote desktops, and VPNs. It helps large enterprises proactively defend against costly cyber-attacks and unauthorized access by providing a passwordless experience to legacy applications, systems and services. In turn, organizations can deliver an employee experience that empowers people to access their information without needing to know a password. “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all - logging in,” said Peter Barker, Chief Product Officer, ForgeRock. “With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.” Organizations deploying ForgeRock Enterprise Connect Passwordless become a more secure enterprise by removing employee interaction with passwords, and reducing the risk of compromise. Benefits include eliminating employee account lockouts and reducing the volume of IT tickets, which can lower operational costs from help desk interactions, increase workforce productivity and enhance the user experience. Removing Passwordless Orchestration and Deployment Complexities ForgeRock Enterprise Connect Passwordless uses next generation identity orchestration capabilities that allow enterprises to easily design and implement passwordless login and access journeys tailored to their unique security and experience needs. With ForgeRock, organizations now have the freedom to move to passwordless at their own pace – without it being an “all or nothing” experience. “When an organization decides it wants to go passwordless to improve user experiences, that can be a heavy lift, made lighter when accompanied by user journey orchestration technology,” said Jay Bretzmann, Research Vice President, Security Products, IDC. “The ability to rapidly create login experiences tailored to groups of diverse individuals is an imperative for modern enterprises. Orchestration not only provides the tools to do this, but also the ability to ‘fine-tune’ journeys in real-time. What used to take programmers and developers weeks or months can now be accomplished by non-technical IT or identity staff for a fraction of the time and cost.” Available in Q2, Enterprise Connect Passwordless augments the company’s existing passwordless capabilities, adding to the ongoing work ForgeRock has been doing to eliminate consumer passwords for more than a decade. A History of Paving the Passwordless Path for Enterprises The ForgeRock Identity Platform has an extensive history of providing organizations several options to help deploy passwordless authentication for mobile and web applications to reduce fraud and improve the user experience. ForgeRock can accelerate passwordless deployment with integration for applications, support for identity standards, easy to use workflows to enable workforce and CIAM passwordless user journeys, and web-based passwordless authentication through a browser using passkeys in their mobile devices. ForgeRock already supports passwordless authentication capabilities through FIDO2 WebAuthn standards and passkeys within the ForgeRock Identity Cloud, low-code, no-code access orchestration with ForgeRock Intelligent Access and AI-driven threat protection within ForgeRock Autonomous Access. ForgeRock also has alliances with partners that have developed curated FIDO solutions for many different types of applications. About ForgeRock ForgeRock® is a global digital identity leader helping people simply and safely access the connected world. The ForgeRock Identity Platform delivers enterprise-grade identity solutions at scale for customers, employees, and connected devices. More than 1,300 organizations depend on ForgeRock’s comprehensive platform to manage and secure identities with identity orchestration, dynamic access controls, governance, and APIs in any cloud or hybrid environment.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Trellix Expands AWS Integrations to Provide Greater Data Security to Cloud Infrastructure Customers

Businesswire | May 02, 2023

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced expanded support for Amazon Security Lake from Amazon Web Services (AWS), designed to automatically centralize security data from cloud, on-premises, and custom sources into a purpose-built data lake. This offering is designed to enable simpler and faster delivery of Trellix XDR solutions along with increased data privacy for AWS customers. Trellix’s expanded support for Amazon Security Lake allows AWS customers to integrate their security data lake into the Trellix XDR security operations platform while also using the Open Cybersecurity Schema Framework (OCSF). Amazon Security Lake is a service that automatically centralizes an organization’s security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account so customers can act on security data faster. In addition, the OCSF schema enables Trellix customers to combine hundreds of data sources with Amazon Security Lake data. As a result, AWS and Trellix customers can seamlessly apply Trellix machine learning (ML), threat intelligence, and predictive analytics to gain important insights that allow for deeper detection and faster threat mitigation. “The amount of data available to any enterprise today is staggering,” said Britt Norwood, Senior Vice President, Global Channels & Commercial at Trellix. “Without a way to centralize the management and storage of that data, it’s difficult for customers to glean the insights needed to keep data safe. Our integration with Amazon Security Lake provides customers with more centralized visibility and quick resolution of their security issues.” “With security at the forefront, we are relentlessly focused on innovating to deliver new ways to help customers secure their cloud environments,” said Rod Wallace, General Manager for Amazon Security Lake at AWS. “Customers who leverage Amazon Security Lake and Trellix can collect a wide spectrum of security logs and findings in Amazon Security Lake and send them to Trellix for advanced analytics and incident response.” Trellix for Amazon Security Lake: Through new combined capabilities, customers can share security events across Trellix XDR and their Amazon Security Lake, getting complete detection and response capabilities for their AWS environments. By consolidating their security alerts into Amazon Security Lake using OCSF, security teams can spend their time protecting environments instead of performing the undifferentiated heavy lifting of managing their security data. Trellix and OCSF: Trellix is proud to be a contributing member to the opensource OCSF community which has built a framework promoting interoperability and data normalization between security products. Joining OCSF promotes collaboration with other industry organizations, further benefiting customers and the broader cybersecurity community. “Working with Trellix and AWS has made it so easy for us to manage analysis supporting our Hive-IQ platform,” said Laura Nolan, Executive Vice President, TeamWorx Security. “We are continuously impressed with how Trellix and AWS deliver new and innovative ways to help us stay secure within our cloud environments.” About Trellix Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security. More at https://trellix.com.

Read More