Uncategorized

Passwords are dead (again), and that is good news for government

The Cybersecurity and Infrastructure Security Agency (CISA) recently announced that single-factor authentication – username and password – is now officially added to their catalog of bad practices – putting it to the list of things that actually help cyberattacks. To counter cyberattacks, a much better practice is to adopt multi-factor authentication, or MFA. This means the deployment of least two…

Read More

Say Goodbye to Passwords: Our Journey to Passwordless

Historically passwords have been the go-to method to secure information systems. However, as time has passed, they’ve become harder to memorize, create a lot of pain for IT to maintain, and are a significant source of daily frustration for billions of people. Remember this: Colonial Pipeline Cyber Attack: Hackers Used Compromised Password, or even CVS Health Faces Data Breach, 1B Search…

Read More

Zero Trust, Zero Compromise: Implement a Zero Trust Strategy

Zero Trust is becoming quite the buzzword these days, with organizations and government agencies releasing more guidance and strategies for their Zero Trust initiatives every day[1][2][3]. With so much new information being published all the time, understanding the core of what Zero Trust is can be a bit of a challenge for those new to the topic. So, let’s de-mystify…

Read More

Innovating Security Compliance Through Open Standards

I’ve been fortunate enough to have been involved with open standards and open source communities for most of my career, and I couldn’t be more excited to continue that tradition with Easy Dynamics. I’d like to give a little bit of background on my journey thus far, then give my take on our recent announcement around the Open Security Controls Assessment…

Read More

Four Things We Love About the Executive Order on Improving the Nation’s Cybersecurity

The security of the federal systems we support is our top priority at Easy Dynamics. So we were thrilled to see the recent Executive Order (EO) on Improving the Nation’s Cybersecurity capture some of the key security themes that we regularly promote, like information sharing, zero trust architecture, secure software development, and response capabilities. Given the recent string of high-profile…

Read More

Presentation Attacks: From Mission Impossible To The New Normal

It’s a staple of the Mission Impossible franchise – Tom Cruise and his crew use advanced latex 3D face masks to impersonate someone else and enter a building, vault, or other restricted areas. This used to appear so futuristic and truly only the stuff of Hollywood movies.  Tom and his crew were giving us all a glimpse at what an impersonation attack…

Read More

Stimulus Bill: How An Investment Of $300M In Digital Identity Could Help Americans

The ability of individuals to recognize and trust each other plays a fundamental role in our economic and social interactions. Prior to the digital age, identification systems relied on physical documents and face-to-face interactions, a system that came with a high level of assurance. However, the proliferation of internet-enabled devices has made it substantially easier for malicious actors to disguise,…

Read More

Three ways the Digital Identity Legislation can improve the identity status quo

When I recently applied for a new credit card, the issuing bank sent me a letter to verify my identity first. The options were to either visit one of their branches to show my ID, mail in a copy of my ID, or provide a recent utility statement. Not wanting to take time out of my day to visit a…

Read More

Key Considerations for Organizational Privacy 

As summer turns to fall, our world is settling into the rhythms of life under COVID-19, preparing for another season of sweatpants, existential dread, and peanut butter cups for lunch. The drumbeat of COVID life also involves skyrocketing rates of digital interaction, with all the privacy implications that go along with it. As an enterprise information security professional, you can’t…

Read More

Do You Really Need A Blockchain?

Blockchain is (still!) all the rage at identity and cybersecurity conferences. Blockchain sounds new and exciting, looks slick on marketing materials, screams “innovation!,” powers cryptocurrencies like Bitcoin, and has been billed as a cure-all for a variety of use cases. The US Federal Government faces so many technical challenges that it’s no wonder there’s interest in a magical cure! I…

Read More