Digital transformation changes the perimeter. When organizations had all their applications on-premises, the network firewall kept the right users inside the gate and malicious actors outside. However, the move to the cloud changed all that. In today’s hyper-connected ecosystem, understanding the components and types of access control can help you strengthen security.

Insurance companies know how to protect their clients’ homes, cars, and businesses— but protecting the personal information of those customers is a bit harder to assure. While the insurance industry focuses on risk-based analyses for its own underwriting programs, firms also need to apply those same risk management processes to securing customer information.

A SOC 2 system description outlines the boundaries of a SOC report. It contains pertinent details regarding the people, processes, and technology that support your product, software, or service. As a reminder, the SOC framework stands for System and Organization Controls. It is a broad architecture that organizations can use to audit the internal controls of vendors and business partners before entering a relationship with those firms, to assess whether those firms have a robust security posture.

Many businesses are shifting workloads to the cloud in an effort to increase efficiency and streamline workloads. In fact, according to the Flexera 2021 State of the Cloud Report, roughly 90% of enterprises anticipate cloud usage will expand even further as a result of COVID-19. While cloud computing can offer organizations a competitive advantage, it is important not to rush into cloud adoptions without understanding the risks involved as well.

Good data governance can go a long way toward reducing business risk. If your content and your data are secure, you’ve eliminated danger to your customers’ information and secured your proprietary information. From a digital perspective, you’re ahead of the game. But data governance shouldn’t be your only concern.

The European Union’s General Data Protection Regulation applies to any organization that operates in the EU or that collects or processes the personal data of EU citizens. So if a business in the United States (or anywhere else in the world, for that matter) does handle such data — yes, the GDPR can apply to you. That said, the exact compliance requirements will vary depending on the size of your company and how you process and store the applicable data.

Third-party risk management (TPRM), also known as “vendor risk management” is the process of managing risks introduced to your business by your organization’s vendors, suppliers, contractors, and service providers. Any outside party that plays a significant part in your company’s ecosystem or supply chain is considered a third-party vendor.

SecurityScorecard’s Investigations & Analysis team conducted an investigation into the details surrounding the USAID.gov attack. As has been previously reported, the attack has been potentially attributed to the organization commonly known as Cozy Bear, but our investigation found that the campaign is likely much larger, and began much earlier than has been reported.

The data privacy regimes in Russia, China, and the United States are very different from the regimes elsewhere. The financial lure of selling to, or processing data on, EU residents is strong, which has led other countries to adopt the General Data Protection Regulation (GDPR) or something like it. Russia, China, and the United States are large enough for other forces to dominate, including the desire to have their citizens’ data stored locally, as we’ll see.