How to Write a Cloud Security Policy for Your Business

by Hannah Grace Holladay / November 21st, 2022

The major cloud computing platforms are more secure than the average on-premises infrastructure deployment. But “more secure” isn’t the same as “sufficiently secure.” Cloud security is a shared responsibility: cloud vendors provide the foundations, but it’s up to cloud customers to build secure systems. That’s unlikely to happen without a well-documented, comprehensive, and enforced cloud security policy (CSP). A cloud security policy sets security parameters for managers and employees, and…

Six Steps to a Bullet-Proof Disaster Recovery Plan (DRP)

by Hannah Grace Holladay / November 14th, 2022

Unfortunately in today’s modern threat landscape, it’s only a matter of time before your business faces a disaster. How would your organization cope if an employee deleted a production database? Could you continue to serve customers if a tornado took out your primary data center? How soon could you recover data encrypted in a ransomware attack or return to normal operations during a denial-of-service attack? Disaster recovery planning ensures your…

Notes from the Field: CIS Control 01 – Inventory and Control of Enterprise Assets

by Greg Halpin / October 3rd, 2022

The Center for Internet Security released Version 8 of its CIS Controls document in May 2021. If you are not familiar with the Center for Internet Security, it's a non-profit organization dedicated to making "the connected world a safer place..." The Controls document includes 18 information security controls that all organizations and information security professionals should understand and implement to protect their data, networks, systems, and other resources.  The clients I work with often…

DDoS Protection: How to Survive a Distributed Denial of Service Attack

by Hannah Grace Holladay / May 16th, 2022

You’re sitting at your desk when the first notification arrives. Uptime monitoring has detected unusually long response times for the servers hosting the business’s primary web app. Soon after, your manager calls to say customer support is getting complaints—many users can’t sign in and the app is slow for those who can.  You try to open the app to see for yourself, but the browser times out.  With increasing concern,…

Testing MFA Controls: Learning from the CISA Cybersecurity Advisory

by Hannah Grace Holladay / April 3rd, 2022

You thought you did everything right. You enabled multi-factor authentication (MFA) on all of your accounts and configured it so that all employees and customers are required to use it. You have automated checks set up to make sure MFA is still required. And yet you still experience a data breach. This is exactly what happened to the non-governmental organization (NGO) described in the Federal Bureau of Investigation (FBI) and…