Today’s release of the White House’s National Cybersecurity Strategy is the result of more than a year of government and industry collaboration that sets new boundaries for the government approach needed to improve global cyber defenses. The strategy clearly represents a shift away from decades-old voluntary compliance regimes to a more aggressive regulatory construct that seeks to shift cyber burdens onto providers/developers and owners and operators of critical infrastructure.
OAuth (Open Authorization) is a modern, open authorization standard designed to allow cross-application access delegation – for example, allowing your application to read data from your Facebook profile. Combined with the proper extensions, OAuth can also be used for authentication – for example, to log into your application using Google credentials. Since its first introduction in 2006, OAuth has gained tremendous popularity.
Active Directory (AD) is the foundation of managing identities, provisioning users and issuing permissions to network resources. These permissions range from the lowest levels of access to the highest levels of admin rights for privileged users. While having control over these permission levels is useful, organizations can open themselves up to serious vulnerabilities if they don’t manage the permission levels carefully.
