The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems still mandate these complexity requirements for passwords. What gives?
In an ever-evolving security world, we to need to secure more with even fewer resources. While the cybersecurity skills gap increases, leaving “350,000 U.S. cybersecurity jobs unfilled yearly,” it is vital to work together to protect our environments and educate others. Creating a customer community can do just that.
GraphQL is a query language for APIs and a set of tools that enable sending and processing queries. While originally developed at Facebook, it has since grown beyond the social network's specific use case. Essentially, the client describes the type of data they want, and the server delivers only that data. At Bearer, we use GraphQL internally to drive our dashboard.
System and Organization Controls for Service Organizations 2 (SOC 2) compliance isn’t mandatory. No industry requires a SOC 2 report. Nor is SOC 2 compliance law or regulation. But your service organization ought to consider investing in the technical audit required for a SOC 2 report. Not only do many companies expect SOC 2 compliance from their service providers, but having a SOC 2 report attesting to compliance confers added benefits, as well.
Thinking about launching a new website? You’ll want a domain to go with that, as well as a brand spanking new email address. But here’s the thing: Before all the fun and excitement of creating a new website can begin, you first have to decide whether or not you want to host your domain, email, and website together with the same provider, or whether you want to keep them all separate.
From maintaining electronic health records and generating medical reports, to carrying out robot-assisted surgeries and setting up online doctor-patient communication portals, the healthcare industry is becoming increasingly reliant on technology to effectively carry out day-to-day operations. While incorporating advanced technology assists healthcare professionals in providing better care for patients, it also increases the attack surface for cybercriminals looking to exploit sensitive data.
Today, we are excited to announce the release of Gravity 7.0! Gravity is a tool for developers to package multiple Kubernetes applications into an easily distributable .tar file called a “cluster image”. A cluster image contains everything an application needs and it can be used for quickly creating Kubernetes clusters pre-loaded with applications from scratch or loading applications contained within an image into an existing Kubernetes cluster like OpenShift or GKE.
Regulatory compliance monitoring is a key component of any cybersecurity program. But it's becoming increasingly difficult to ensure you are meeting your regulatory requirements. Driven by an increasing web of complex extraterritorial laws, industry-specific regulations, and general data protection laws. This is not a valid excuse for non-compliance. Regulators and lawmakers will impose significant fines on organizations that aren't able to align their cybersecurity and compliance programs.
If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to business-level security related certifications are ISO/IEC 27001 and ISO/IEC 27002.
Photo by nik radzi on Unsplash In the previous article, we discussed the significance of identity mapping for authorization and its importance within the Egnyte Platform. In this article, we will describe a mechanism that will make it possible to implement uniform ID-mappings across multiple appliances.
