Technically Speaking

Working from home is not for everyone. A lack of space, dodgy internet connections, distractions, can all make for an unproductive experience. Employers are struggling too. Few organizations are fully ready to support a remote workforce. Providing employees with laptops and a VPN connection doesn’t go far enough. Yet, organizations, particularly those in the public sector, have traditionally failed to put plans in place to expand their remote employee management infrastructure.

Software-as-a-service (SaaS) adoption is growing in government. Today, a majority of agencies use SaaS applications such as Microsoft Office 365 and Google Cloud G Suite for at least 30% of their mission-critical resources. Yet confusion still reigns around about the data protection in the cloud.

Cloud governance shouldn’t be an afterthought. Indeed, it should be a foundational element of any cloud security strategy. Why? Because the cloud is enormous – it’s software, hardware, developer tools and platforms, and more. All delivered by a host of vendors.

Election security is a big topic, but it resembles a many-legged centipede. Federal contractors face the reality that elections are the purview of state, county and municipal officials. The technical and managerial abilities of these entities vary from what you might expect in a tiny hamlet to what you might encounter in a million-person suburban county.

DHS recently published version 3.0 of the Trusted Internet Connection (TIC) architecture. A response to changing IT conditions, Executive Orders, and OMB mandates, the new architecture seeks to support IT modernization through cloud adoption while keeping security as a top priority. The comprehensive set of documents includes an overview, a catalog of security capabilities, a reference architecture, guidance for pilot programs, advice for service providers, and a very helpful set of use cases relevant to agency needs.

The Threat Risk is a function of likelihood times impact.  When it comes to zero-day exploits, particularly those that use return-oriented programming (ROP) or one of its many cousins the likelihood is high, and the impact is higher.  How do these attacks work, and what is the industry doing to stop them?  More importantly, what can you do to stop them?  Is it possible to stop a zero-day without patching or updating systems?  Let’s explore these questions. How ROP Works