Every week, dozens of data breaches are reported with some reaching into the tens, or even hundreds of millions of individuals impacted. Customers and regulators alike are increasingly concerned about the information security programs of organizations and how they plan to prevent security incidents and safeguard sensitive data.

The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems still mandate these complexity requirements for passwords. What gives?

Regulatory compliance monitoring is a key component of any cybersecurity program. But it's becoming increasingly difficult to ensure you are meeting your regulatory requirements. Driven by an increasing web of complex extraterritorial laws, industry-specific regulations, and general data protection laws. This is not a valid excuse for non-compliance. Regulators and lawmakers will impose significant fines on organizations that aren't able to align their cybersecurity and compliance programs.

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a backdoor in third-party accounting software. To safeguard North America’s electricity supply, the North American Electric Reliability Corporation (NERC) has issued several critical infrastructure protection (CIP) standards.

Previously we published an article discussing some of the best practices surrounding cloud security, in this article, we will discuss cloud a little more specifically by focusing on one in particular provider Google. Google offers several different solutions for customers known as GCP or the Google Cloud Platform. GCP is set infrastructure tools and services which customers can utilize to build environments they need in order to facilitate a solution for their business.

In the previous posts of this series, we discussed how you can secure your infrastructure at scale by applying security policies as code to continuously monitor your environment with the Config Validator policy library and Forseti. In this article, we’ll discuss how you can reuse the exact same policies and Terraform Validator to preventively check your infrastructure deployments, and block bad resources from being deployed in Google Cloud Platform (GCP).

The Sarbanes-Oxley Act of 2002 (SOX) is a law that implements regulations on publicly traded companies and accounting firms. SOX was created to improve the accuracy and reliability of corporate disclosures in financial statements and to protect investors from fraudulent accounting practices.

Vendor risk management is the practice of governing third-party access to company data. This is a critical aspect of an organization since vendors view your business information when providing their services. For some, this can turn into a severe vulnerability that can lead to data breaches. In fact, in the past five years, vendors like Home Depot and Target were responsible for those incidents, as reported by Forbes.

No two Google Cloud environments are the same, and how you protect them isn’t either. In previous posts, we showed you how to use the Config Validator scanner in Forseti to look for violations in your GCP infrastructure by writing policy constraints and scanning for labels. These constraints are a good way for you to translate your security policies into code and can be configured to meet your granular requirements.

What do healthcare, banking, and the insurance industry all have in common? RISK! Regardless of industry, having an application, or system compromised could mean the exposure of extremely sensitive information. If such information became public knowledge your business could suffer tremendously. For many companies, a data breach is the worst possible situation imaginable. How does an organization work to reduce the impact of a system being compromised?