The Ins and Outs of Data-Centric Security

We’ve said it many times before, but it is worth emphasising; organizations need to be doing more about securing their data from the inside-out. Currently, as has been the case for numerous years, organizations are spending too much on perimeter security (which is, of course, important) and forgetting to focus on the thing that matters the most, the data itself. We speak to many organizations that … [Read more...]

What’s the Difference Between Share and NTFS Permissions?

Both share and NTFS permissions serve the same purpose within Windows environments; namely, to help you prevent unauthorized access to your critical folders. However, there are some critical differences between the two that will determine which one you use. In this blog we will learn about what share permissions and NTFS permissions are, what the differences between the two are and the best … [Read more...]

Does HIPAA Compliance Actually Help Protect Sensitive Data?

Back in 2009, the Health Insurance Portability and Accountability Act (HIPAA) was combined (or updated) with the Health Information Technology for Economic and Clinical Health Act (HITECH) to increase its strictness in line with social and technological advances. Despite this, many still claim that HIPAA does not go far enough to secure patient data, and the increasing regularity with which we see … [Read more...]

5 Active Directory Changes You Need to Audit

Active Directory is a critical part of any organization’s IT infrastructure. Unwanted changes in Active Directory could result in potentially disastrous consequences for the security of data. Changes to user accounts, passwords, group memberships and more could lead to excessive permissions and increased risk of privilege abuse. For those reasons, and more, it is essential that you continuously … [Read more...]

Are Organizations Failing When It Comes to the Principle of Least Privilege (PoLP)?

The idea of Least Privilege has been floating around for many years now, and most IT/Security teams are well versed in why it is important and what it takes to implement. However, recent data breaches suggest that simple least privilege principles are not followed by a significant proportion of organizations. If you want your data to be secure, you need to have implemented a strict least privilege … [Read more...]

Active Directory FSMO Roles: What Are They and What Do They Do?

Active Directory (AD) is pretty much the go to domain authentication services for enterprises all over the world and has been since its inception in Windows Server 2000. Back then, AD was pretty unsecured and had some flaws that made it particularly difficult to use. For example, if you had multiple domain controllers (DCs), they would compete over permissions to make changes. This meant that you … [Read more...]

Privileged Access Management (PAM): Where to Start

Privileged Access Management (PAM) is something that many organizations still struggle with on a day to day basis. One of the biggest reasons that this happens is because organizations do not prepare their Active Directory environment properly before starting their PAM project. What is Privileged Access Management (PAM)? Privileged Access Management (PAM) solutions usually center around an … [Read more...]

Focusing Solely on Regulatory Compliance Could Make Your Data Less Secure

Of course, complying with data protection regulations is necessary if you want to avoid hefty fines and costly lawsuits; however, many organizations hold on to the belief that if they are compliant, they are automatically immune from cyber-security threats. Since the threat landscape is dynamic and continuously evolving, our approach to dealing with security threats must reflect this and adapt … [Read more...]

We Can’t Comply with the GDPR if We Can’t Manage Our Unstructured Data

It is crucial that companies across the globe understand the difference between structured and unstructured data, if they want to remain compliant with the many data protection laws and regulations that govern them. Structured data, as the term would suggest, is data that is structured in a deterministic fashion. An obvious example of structured data would be a database, where each record has a … [Read more...]

How HIPAA Affects the Newest Healthcare Trends

Compliance mandates are (intentionally) stringent and difficult to meet. The reasons behind this are to force organizations to apply the strictest data security policies to ensure that customer data is secure. The Healthcare Insurance Portability and Accountability Act (HIPAA) is no exception to this rule. In many ways, due to the evolving use of technology in the healthcare industry, HIPAA … [Read more...]