XACML is an OASIS standard for implementing declarative authorization policy. It was intended to be a widely adopted technology that would move authorization policy decisions out of application code and into a specialized Policy Decision Point (PDP). The terms often used in the OPA world, such as PDP, PIP (Policy Information Point) and PEP (Policy Enforcement Point) all come from the XACML standard. You can read more about XACML in Anders Ecknert’s blog post on architecting authorization.

Machine Identities, Zero Trust….how do these relate to your IoT project? Today’s PKI vendors have specific solutions for managing non-human identities – machines – like servers, laptops, software applications, API’s and other assets found within a corporate network.

What is a Trust Champion? A Trust Champion is the person who helps their organization measure and meet its internal compliance obligations. Their actions support revenue-generating activities, protect their organization from legal and contractual liabilities, and enable the organization to confidently and transparently showcase an intentional, robust, and differentiated culture of trust. Arun Nagarajan – Co-founder & CTO – has led the compliance journey at BigSpring.

To grasp the concept of a Kubernetes Deployment and Kubernetes Deployment strategy, let’s begin by explaining the two different meanings of the term “deployment” in a Kubernetes environment: Kubernetes Deployment allows you to make declarative updates for pods and ReplicaSets. You can define a desired state and the Deployment Controller will continuously deploy new pod instances to change the current state to the desired state at a controlled rate.

This is the third part of a three-blog series on startup security. Please have a look at part one and part two. New companies often struggle with the question of when to start investing in information security. A commonly heard security mantra is that security should be involved since the very beginning and at every step along the way. While this is obviously true, it is quite detached from reality and provides little practical guidance.

We talk extensively about the impact of inbound cybersecurity attacks and the devastation they can cause, but what about outbound data loss? According to an IBM study, human error is the leading cause of 95% of cybersecurity breaches. That means 19 in 20 breaches could be avoided entirely if not for a person introducing risk either through human error, deliberately breaking security protocol, or malicious behavior.

Kroll has observed an increase in two social engineering tactics known as “vishing” and “smishing.” These tactics use phone calls, voice altering software, text messages and other tools to try to defraud unsuspecting people of valuable personal information such as passwords and bank account details for financial gain. These types of attacks use similar techniques to the common infection vector, phishing.

Security transformation doesn’t succeed without network transformation. The two go hand-in-hand when it comes to building the secure access service edge (SASE) architecture of the future, and if security degrades the network experience, or the network experience bypasses security, each of those trade-offs introduces more risk to the enterprise—it doesn’t have to be that way.

Over the past few years, the awareness of privacy and personal security has taken a significant step forward. Typical users have now adopted far more suspicious practices when utilizing multiple PC or mobile device applications. This is a direct result of the constant attempts of cybercriminals to launch malicious campaigns aimed at gaining access to both credentials and internal systems.

As software companies grow, they start to see exponential growth in resources needed to support the business. A startup can quickly go from a few servers and a handful of databases to a sea of Kubernetes clusters. Managing access to all of these resources comes with a myriad of problems. One problem at scale is deciding who can access what resources and how to provide relevant access to those resources on-demand.