Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. Phishing attacks are starting to evolve from the old-school faking of login pages that harvest passwords to attacks that abuse widely-used identity systems such as Microsoft Azure Active Directory or Google Identity, both of which utilize the OAuth authorization protocol for granting permissions to third-party applications using your Microsoft or Google identity.

This blog series expands upon a presentation given at DEF CON 29 on August 7, 2021. In Part 1 of this series, we provided an overview of OAuth 2.0 and two of its authorization flows, the authorization code grant and the device authorization grant.

Teleport has been instrumental in helping our clients achieve difficult security and compliance requirements, and today we are proud to announce that our Cloud offering is now SOC2 Type II compliant. Last year our on-premises product was SOC2 Type II certified, and we published an overview on our blog helping explain what SOC2 is and why it has become table stakes for B2B SaaS companies.

Last year’s IDC’s Cloud Security Survey found that nearly 80 percent of companies polled have suffered at least one cloud data breach in the past 18 months.

Step 3: Know the flow of the data through the ecosystem—be the inspection point between the user and the data.

It seems as if everything is happening in the cloud now — whether I’m sharing a document with a colleague or backing up family photos. This is happening in cybersecurity as well, where the storage flexibility and computing power of the cloud have enabled new ways to secure organizations.