Testing the Foundation for Secure Access to SaaS Products

Chris Williams SaaS, Security, SMB, SME

Encryption is the first line of defense for data accessed through publicly accessible web applications. That’s why it’s so important to validate that your public web applications are configured as securely as possible when it comes to SSL and TLS. The good news is that Qualys SSL Labs offers a free, easy to use web-based tool that tests public web servers for SSL, TLS and PKI configuration issues. The service has been around since 2009 and continues to quickly incorporate checks for known vulnerabilities like Heartbleed. Chances are that your customers are using similar tools to perform non-intrusive checks against …

Automating the Management of Local Admin Passwords with Microsoft LAPS

Chris Williams Security, SMB, SME

Effectively managing local admin passwords across hosts is a common challenge for IT Departments. This drives the reuse of passwords across hosts and makes local admin passwords a highly valued target for attackers to use in attacks like Pass-the-Hash (PtH). This can lead to privilege escalation and access to higher valued assets in the domain. The good news is that Microsoft offers a free, easy to deploy solution that simplifies the management of local admin passwords across domain joined computers. LAPS is built on Active Directory infrastructure so there’s no need for third-party applications. The agent is a Group Policy …

10 GDPR Resources for the Budget Constrained (Part 1)

Chris Williams Executive, GDPR, News, Security, SMB

The General Data Protection Regulation (GDPR) continues to be a major source of concern for IT staff across the US. It’s pushing these IT organizations outside their relative comfort zones and forcing them to adopt higher security standards. This includes many common sense best practices. Being found in non-compliance means paying dissuasively large penalties which could cripple SMBs. Organization’s with security programs that include information security audits and ongoing security program development will have a solid foundation of policies, controls and practices to build upon. For those still working towards GDPR compliance, there are some free tools and services that can be very helpful. Don’t get …

What you don’t know…

Rob Blumer Executive, Security, SMB

Picture this: A meeting is called to review a deal the Sales team has been chasing for over a year. You are a Software-as-a-Service or SaaS provider, the deal is over $500K annual recurring revenue and have a 5-year contract. Needless to say, you really want to win. It’s down to your company and your number one competitor. In that meeting, the first question from CEO is, “How do we win this?” The SVP of Sales responses, “We’re well positioned, our coach says it’s ours to lose the only thing left is the Information Security review”. All eyes turn to …

A CTO at Ease

Don Cohen Security, SMB, Testimonial

As a CTO with too many years of experience to want to count, I’m often attracted to the next opportunity because my new company is looking to build a product that addresses a compelling problem. For example, I’m currently working on a “next generation” product to leverage voice recognition, mobile devices, smart watches and smart glasses in warehouses and distribution centers. A pattern that has repeated itself in my career is that I come into a new role exciting to attack this “new problem”, and then reality sets in. Among these realities is, how are we going to protect our …