Users Can Be Just As Dangerous As Hackers

Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat.

But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad.

Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding.

However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce.

All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of protecting against outside attackers. However, e2ee also resists internal governance and compliance programs.

Even more troubling, these features don’t integrate into existing user-management tools. An existing member of a group needs to be removed from any group communications inside the organization, but with these ad-hoc consumer tools, this management is nearly impossible to guarantee.

One often-maligned technology that offers hope to resolve the tension of e2ee and governance is blockchain-based solutions. Bitcoin, which originally put blockchain in common parlance, is known for slow commits (~10 minutes), low transaction throughput, and high monetary and environmental costs.

But this blockchain technology has not stood still. Thankfully, newer designs offer options that do away with the shortcomings of bitcoin while still offering trustless operation.

SpiderOak is a pioneer in using cryptography to protect data not only from criminals but also from the company, meaning that not even the company can read the information users store on their servers.

With its CrossClave application, SpiderOak uses a custom-built blockchain to manage identity and access while adhering to end-to-end principles. This lets users have policy-based access controls, simple user management, and one-click off-boarding without trusting us. On top of that, SpiderOak also added e2ee in order to provide a total end-to-end solution to team collaboration.

Tools such as CrossClave that are built on blockchain now offer the best of low-friction, mobile collaboration, and what organizations are in dire need of management, compliance, and control.

Note: This article is written by Jonathan Moore, the chief technology officer of SpiderOak, a secure-communications data and aerospace company.

Source link

[email protected] (The Hacker News)

Get worry-free complete website cleanup and protection

Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.

Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.

Share your love