|
By Anirban Banerjee
In today’s business ecosystem, data exchanges are critical for operations. From APIs to FTP connections, Electronic Data Interchange (EDI), and Virtual Desktop Infrastructure (VDI), data transfers happen continually, each using specific protocols and requiring authentication to ensure security and confidentiality. These interactions rely on a vast array of identities, keys, and credentials that need consistent management and periodic rotation to maintain security.
|
By Anirban Banerjee
API calls are the backbone of modern software, enabling applications to communicate and share data seamlessly. However, with this integration comes the challenge of understanding and managing the identities used in API calls. These identities, often tied to authentication and authorization mechanisms, are crucial for determining what data is accessed and exchanged.
|
By Anirban Banerjee
Federal Risk and Authorization Management Program (FedRAMP) and State Risk and Authorization Management Program (StateRAMP) are pivotal frameworks for securing cloud services used by federal and state governments, respectively. These programs mandate stringent security protocols, emphasizing the need for organizations to manage and disclose third-party involvement in delivering software services to the government.
|
By Anirban Banerjee
With the release of iOS 18, Apple has continued to expand its integration of AI technologies, positioning the iPhone as a powerful personal assistant capable of smart recommendations, advanced text and image analysis, and even predictive suggestions. Leveraging on-device machine learning, iOS 18’s AI features tap into user data to provide a personalized experience.
|
By Jackson Harrower
The legal department plays a crucial role in enhancing enterprise security profiles. Historically, legal and cybersecurity departments have been siloed from one another in organizations both large and small. With security now a concern at the Board level, legal’s role in enterprise risk management – advising on threats and potential liability – must include the impact of data security threats.
|
By Anirban Banerjee
Prompt injection attacks exploit vulnerabilities in natural language processing (NLP) models by manipulating the input to influence the model’s behavior. Common prompt injection attack patterns include: 1. Direct Command Injection: Crafting inputs that directly give the model a command, attempting to hijack the intended instruction. 2. Instruction Reversal: Adding instructions that tell the model to ignore or reverse previous commands. 3.
|
By Jackson Harrower
Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.
|
By Anirban Banerjee
India's Securities and Exchange Board (SEBI) has introduced a new regulatory framework called the Cyber Security and Cyber Resilience Framework (CSCRF). The regulation aims to tighten cybersecurity and data governance for capital market participants. As cyber threats increase globally, the CSCRF is poised to create a stronger defense line for organizations operating in India’s capital markets.
|
By Jackson Harrower
Clients can empower their employees to securely leverage any browser-based AI tool. The Riscosity browser extension will scan and block prompts with sensitive information in real time. Admins can use the intuitive Riscosity dashboard to set RBAC rules and keep a pulse on any AI tools being used – including any attempts to share sensitive information. The bottom line… we’re providing an AI firewall for your company, without the headaches of difficult deployment.
|
By Anirban Banerjee
Saudi Arabia's Personal Data Protection Law (PDPL), enacted in 2021, marks a significant step in regulating the processing of personal data in the Kingdom. The PDPL aims to protect individuals' privacy by setting out clear rules on how personal data can be collected, processed, stored, and shared. As more businesses undergo digital transformations, the PDPL holds companies accountable for safeguarding data and ensuring transparency in their handling of personal information.
|
By Riscosity
Welcome to the first installment of Riscosity’s Lightning Interview Series. We'll be sitting down with industry leaders for informative and to-the-point conversations. In this episode, we chat about the present and future of internal audit and data security with Nauzer Gotla, Vice President of Internal Audit at Nextracker (NASDAQ:NXT), a dominant player in solar tracking solutions with revenues north of $2.5B.
|
By Riscosity
In today's ever-evolving digital landscape, teams must have a strong understanding of the security measures that will work best for their environment and how to implement them. During this event, we explore the benefits of utilizing SAST scans and DFPM (Data Flow Posture Management) tools to create robust security guardrails for your organization. Hear from Anirban Banerjee, CEO and Co-founder of Riscosity, and Milan Williams, Sr. Product Manager at Semgrep, as they dive into how teams can approach security investments starting with SAST scans and data flow security.
|
By Riscosity
A wonderful conversation with two amazing security leaders! We talk about compliance, security programs, API security, Software supply chain, strategies - and oh so much more. A true treat for security lovers.
|
By Riscosity
In this video we talk with two security leaders, very well known, from the Bay Area - Mike Hamilton and Barak Engel. A variety of topics, including software supply chain, data governance and APIs amongst many are discussed.
|
By Riscosity
An amazing conversation with Peeyush Ranjan, Engineering VP at a Fortune 50 organization. Peeyush coined an amazing term - "Diffused Responsibility" - this is the reason why we all, in different silos, development, security, GRC, legal have to try harder and pull towards the same goal. In fact the example used - of a sports team, getting the pigskin over the line is a very apt one.
|
By Riscosity
We chat about the Health-tech space. What are the challenges of building a Healthtech company, where are the roadblocks, what should you look out for - very introspective feedback from Punit! A must hear for entrepreneurs..
|
By Riscosity
In this episode of Securing the Digital Supply Chain we talk with terence Jackson, CISO at Microsoft for State and Local Government customers! We have a great time talking about the trends in the Software Supply Chain area as well what can CISOs focus on to get quick wins for their organizations. Terence brings a wealth of experience from small to medium scale to large enterprise organizations and applies them to various security challenges to effectively solve them.
|
By Riscosity
Yaser is a veteran in the construction industry and in this session we learn about what technologies are used in the construction technology sector, what are some of the gotchas that industry leaders should pay attention to and the various types of organizations that are there on the landscape..
|
By Riscosity
In this episode of Securing the digital supply chain we talk with two extremely accomplished security thought leaders from the Bay Area - Prasad Ramakrishnan, who is currently the CIO of freshworks and Drew Daniels who is a seasoned security savant and currently a senior member of SVCI. Both our guests have storied pasts in many well known companies, from startups to IPOs. We discuss SDLC, how to create successful security programs, the ins and outs of software supply chain management and some easter egg nuggets for vendors on how to approach CIOs and CISOs!
|
By Riscosity
In this episode of Securing the digital supply chain we talk to one of the luminary stars in IT, security from the Bay Area - Sai Kalur. Sai talks about SDLC, software development processes, best practices, the considerations that drive pharma and health-tech companies. A great discussion for CISOs, CIOs, and security thought leaders.
- November 2024 (5)
- October 2024 (7)
- September 2024 (2)
- August 2024 (5)
- July 2024 (1)
- June 2024 (2)
- May 2024 (1)
- April 2024 (2)
- March 2024 (3)
- February 2024 (3)
- January 2024 (3)
- December 2023 (4)
- November 2023 (4)
- October 2023 (2)
- August 2023 (1)
- June 2023 (3)
- March 2023 (1)
- January 2023 (1)
- October 2022 (3)
- April 2022 (1)
- March 2022 (1)
- February 2022 (5)
- January 2022 (5)
- November 2021 (1)
Riscosity enables full control, visibility, and compliance for data going to third parties and AI tools. Deployed on-prem and in your private cloud.
Riscosity is the data flow security platform that empowers teams to have full visibility of third party data in transit and automate the redaction or redirection of sensitive data simplifying how companies meet security and privacy standards.
How it works:
- Monitor: Track and pinpoint any data being sent to a third party API.
- Track: Easily map data sub processors and the information shared with them.
- Remediate: Automatically replace detected sensitive data with redacted inputs.
- Comply: Continuously monitor and block APIs from sending the wrong data to the wrong place.
Deploy Riscosity in your production or development environment to monitor, identify, redact, and secure all third party APIs.