The DoD’s XaaS Gamble: Why Identity is the First and Most Critical Service to Get Right Before delivering “Anything-as-a-Service,” ensure you aren’t exposing Everything-as-a-Risk. The Future Arrived Fast And Brought Its Own Security Shadow It started with a success. A new logistics tool was deployed via a Defense agency’s XaaS initiative… faster than anything they’d […]
DoD’s XaaS Identity Risks: Securing Innovation at Scale Read More »
In today’s ever-evolving cybersecurity landscape, contractors working with the U.S. Department of Defense (DoD) face increasing pressure to protect sensitive data and ensure the integrity of their systems. With the growing threat of cyberattacks and the potential for data breaches, the Cybersecurity Maturity Model Certification (CMMC) has become a crucial standard for any organization looking
Identity access management is the first layer for any viable zero-trust strategy, as it should be. The NIST 800-63-4 Digital Identity Guidelines revision coming out in draft at the end of the year should accommodate innovative authenticators while maintaining HSPD-12 security and interoperability goals and encourage stronger, centralized identity management. Hopefully, that means PIV-D will
PIV-D needs to die. But then what? Read More »
How important is identity management and authentication for securing Federal networks? It depends on who you ask. If you ask me, it’s critical. The fact is, the perimeter is no longer the enterprise network firewall. Rather the identity of every person or device accessing corporate workloads and data. Ask Federal IT decision makers, and they
Identity Management is More Important than CISOs Think Read More »
In the ever-evolving cybersecurity landscape, the recent Microsoft key compromise incident is a stark reminder of the importance of customer-controlled encryption keys and SaaS tenant log transparency. This incident, attributed to the Chinese threat actor Storm-0558, involved the acquisition of a private encryption key (MSA key) and its use to forge access tokens for various
When the White House hosted its symposium on modernizing authentication earlier this week, our team was pleased to participate as thought leaders contributing our thoughts on the last 20 years of HSPD12 and Identity Management in the US Federal Government. This discussion marked a significant milestone as pioneers in simple, secure, user-friendly multifactor authentication. Let’s
This Week’s White House Multifactor Authentication Symposium Read More »
We are excited to announce that UberEther’s IAM (Identity and Access Management) Advantage platform has successfully achieved a Department of Defense (DoD) Impact Level 5 (IL5) Authorization to Operate (ATO). This groundbreaking achievement positions UberEther as a trusted and reliable partner to the DoD, providing secure and compliant IAM solutions that meet the rigorous security standards
UberEther’s IAM Advantage Platform Secures DoD Impact Level 5 Authorization to Operate Read More »
Last night I went to the local ISACA event where Google was talking about their 6-year journey towards their BeyondCorp / ZeroTrust model for security. As we move away from the traditional walled castle of security design to support the federated SaaS and cloud provider models I genuinely believe BeyondCorp is the best solution to
No BeyondCorp or ZeroTrust Without the Fundamentals Read More »
We do a lot of work with the Oracle Identity and Access Management Suite and many of our customers do not have a ton of experience with the Oracle Database, nor do they want a huge Oracle infrastructure. What they do want is high availability and reliability on the platforms underpinning their IAM solutions. Over
Oracle Exadata 1/8 Rack vs. Oracle Database Appliance ODA Read More »
I was getting intimate with the latest(11.1.2.1.0) version of Oracle API Gateway aka OAG pka Oracle Enterprise Gateway aka OEG and ran into a speed bump. In my case, I was automating the installation process and needed to register the gateway and node manager as services. Here are the given options(among the others) for accomplishing
Oracle API Gateway Silent Install bug Read More »