The program hopes to get agencies on the same page when it comes to implementing security and resilience practices when utilizing cloud services.

Knowing how to properly share information around cyber events like data breaches can help warn other organizations and prevent them from falling victim to a similar attack.

Organizations need to keep in mind international data protection law developments and how they affect compliance demands.

The campaign is part of what the FBI calls "a concerted effort to target US election officials."

As part of new legislation, a new commission would assess the current state of health data privacy and lay the groundwork for modernizing HIPAA.

The FBI's annual look at phishing, scam, and personal data breach statistics is out.

The ransomware-as-a-service group continues to target critical infrastructure in the U.S.

Organizations should enforce MFA for all users but avoid default MFA protocols that can be abused to steal sensitive data.

New guidance from the FBI contains IOCs and technical details on how the ransomware spreads.

The Director of HHS OCR called on healthcare organizations this week to strengthen their cyber posture in 2022.

From the start, our mission at Digital Guardian Secure Collaboration was to build the trusted platform for securing and sharing any kind of business information. By taking a data-agnostic and storage-independent approach to information security, we’ve built a product that helps hundreds of thousands of people working on critical enterprise content work more confidently and safely. Today, we're excited to announce that we’ve launched into the second stage of that journey with the introduction of our newest products, the Digital Guardian Secure Collaboration API and SDK. Through these tools, we’re giving our enterprise customers and developers access to our Information Rights Management (IRM) and data security platform as a service, empowering them to build encryption, tracking, policy enforcement, and access control into their applications. By delivering IRM as a cloud-based service, we’re making it possible to protect any data, generated by any application, inside and outside of an organization. In the past, attaining this vision was very difficult, because IRM was designed as an add-on, an application- or file-specific implementation. Because data controls could only be applied to specific file types, in specific locations, and inside managed networks, it severely limited the value and adoption of legacy IRM tools. Now, that’s all changed. With our IRMaaS platform, businesses can operate more confidently and securely, backed by the knowledge that Digital Guardian Secure Collaboration is there, serving as the standard security fabric connecting users, devices, applications, and critical business properties. Delivered as both a client-based SDK for endpoint- and server-based applications and a REST API for access from any platform, Digital Guardian Secure Collaboration IRMaaS gives our customers the ability to add seamless, invisible security to sensitive information without impacting the process or employee productivity. “It’s our job to ensure that our customers can protect any kind of information, within any application, anywhere it travels. And even more importantly, we need to make sure that working with that secure data is as simple and seamless inside any application.” – Ajay Arora, CEO. Our customers and partners are already building some very compelling applications on top of this new platform. From server workflows that generate millions of PDF files for external consumption, to integrating Digital Guardian Secure Collaboration into custom engineering and design applications, they’re establishing our product as their de facto standard for protecting sensitive files, managing access to proprietary information, and tracking the flow of data across their organizations. It’s IRM-as-a-Service, and we’re excited to have customers and partners like Skyhigh Networks and Dropbox weave our IRM and data security into a fabric connecting their entire ecosystem. The opportunity this creates is to expand access of strong, invisible data security across more kinds of information, making new use cases and business processes secure in the process. This is a project we’ve been working on since before we launched Digital Guardian Secure Collaboration publicly early last year, and we intentionally built our own products on top of this same secure, scalable platform. I’m excited to invite you in to review the API, experiment with the SDK, and share your ideas for integrating security across your own applications.

The board will investigate breaches and vulnerabilities to find out why they happened and how to prevent them from happening again.

The cost is skewed by massive fines but a new survey shows there was still a steady increase in the number of GDPR fines across the EU last year.

The Linux PolicyKit bug, $770 million lost in social media scams, and more - catch up on the infosec news of the week with the Friday Five!

Cloud-based access control allows your employees to work remotely while still maintaining control over who has access to what information. What is Cloud Access Control? Cloud-based access control is a way to remotely control who has access to your company’s documents, data, and information. The controls can be changed from anywhere and can be gated quickly because of the cloud-based nature. The fundamental purpose of access control is to prevent unauthorized access to an environment with valued resources. An access control system, whether it’s based locally or on the cloud, is geared to judiciously apportion access to certain resources, especially data, and hold people accountable through logs and audit trail mechanisms. Many organizations are migrating their systems to cloud-based technologies, so it makes sense that cloud-based access control is top of mind these days. This article focuses on cloud access control but to fully grasp its ramifications, a broad understanding of the concept of restriction of access in general is needed. First, a Peek Behind Access Control in General As its name implies, access control is a process that regulates and controls who can use, view, or otherwise gain entry to a computing environment. It enables organizations to manage access to corporate networks and resources such as data, programs, and processes. It’s also vital because it is a fundamental part of data security; however, it extends beyond the digital realm and includes procedures to limit physical access to data centers, server rooms, and buildings, too. Access Control and Authentication Access control uses authentication mechanisms to identify users and authorization to determine their level of access to information. These typically include login credentials such as user ID and password combinations. Others include security tokens and biometric scans which use a person’s physical characteristics like fingerprints or retina eye scans for identification. Most organizations now implement multi-factor authentication (MFA) that compels users to provide two or more verification factors before they are allowed to gain access. The Difference Between On-site Access Control and Cloud Access Control Unlike on-site access control, which regulates an on-site server, cloud-based access control operates entirely in the cloud environment. So, you can change user permissions remotely instead of physically going to a server room. With cloud-based access control, the software is stored and hosted in third-party data centers, relieving the organization of the burden of cost and maintenance. What’s more, cloud service providers (CSP) leverage their economies of scale to employ top-notch cybersecurity and IT experts. This typically results in more reliable restrictions of access systems with software upgrades and patch management handled by the CSP. However, both on-premise and cloud-based access control systems share some similarities in how they operate. Access control, whether on-premise or in the cloud, requires five major phases listed below: Authentication: This involves verifying the identity of the user, device, or entity that seeks to gain entry or access to resources. Authorization: After authentication, access control systems determine whether the user has the requisite permissions to access the resource(s) requested. Eventual Access: Once authentication and authorization are complete, if successful, access is subsequently provided to the resource requested. Managing Access: Access control is a dynamic process, so users are routinely added and removed from privileges to various resources. Access control systems streamline the management process, even syncing users with Azure Active Directory or G Suite. Auditing Access: Access control systems often need to provide and prove compliance, so they must be audit-friendly. This includes applying the least privilege to user access to minimize risk and removing access entirely when employees are no longer with the organization. Here are some of the advantages of Cloud-based Access Control Reduced Upfront Costs: Cloud-based access control provides visibility and central management while saving you the cost and complexity of overseeing traditional physical access. Reduced Manpower and Overhead: The cloud reduces the need for manpower, especially for dedicated cloud architectures, eliminating the need for overhead. Convenient, Anywhere Accessibility: Everything can be done remotely. You no longer need to visit or interact with an on-site server physically. As long as you have a device with an internet connection, you manage, monitor, and provision access rights across multiple locations and devices. Patch Management: The cloud service provider handles security features like automatic software upgrades. This saves the business the headache, hassles, time, and energy of keeping track of software patch management. Central Management: Offers a centralized and streamlined restriction of access platform that provides administrators with improved visibility, along with easy changes to user permissions. It typically includes database management features that provide central storage with improved data protection and data normalization capabilities. ROI Increase: Cloud-based access control solutions tend to be innovative, flexible, and relatively inexpensive, in turn yielding better results and a return on investment, especially due to reduced in-house IT workload. Faster Deployment: Cloud-based access control systems are browser-based and incorporate APIs that facilitate single-click installation and deployment processes. How Do I Know If a Cloud Access Control Solution is Right for My Company? Before you make a decision on an access control or embark on a cloud transition, you need to first weigh the options available. In order to make this evaluation, businesses should be cognizant of the restriction of access options available to them. The traditional option entailed storing data and computing resources locally. Cloud-based computing solutions require deciding whether to opt for self-service or fully managed models. Here is a breakdown of the basic access control solutions available: 1. On-Premise, Local-Access Control Systems These are for companies that have basic computing needs, which usually constitute small businesses. Likewise, their access control systems reflect this simplicity with only basic features. System and network administrators require physical access to maintain the system. However, if the organization wants to limit physical access to the servers while providing a measure of convenience, they can install remote desktop software so system administrators connect remotely via a web browser. By their very nature, these systems are self-managed. However, the cost of the hardware is expensive since it is borne by the organization. Apart from this sunk cost, there’s little overhead and ongoing costs incurred in this setup. However, it is sorely lacking in more sophisticated features. Due to its relatively pedestrian setup and configuration, it isn’t as reliable as its cloud-hosted counterparts. 2. Self-managed, Cloud-Based Access Control Systems Generally, the cloud operates more efficiently, effectively, and reliably than local access control systems. Self-managed cloud services typically cost less to get started and maintain. It requires no hardware, only an online portal to use the access control systems. The cloud service provider’s responsibility will include the setup, and maintaining routine software upgrades for the access control portal. However, the organization has the freedom to implement user permissions, along with the leeway to determine the configuration of its security settings. Cloud-based access control systems provide better convenience, reliability, and affordability. Self-managed cloud hosting is generally not a good fit for organizations that boast an in-house team of experience and highly qualified IT personnel. 3. Fully-managed, Cloud-Based Access Control Systems The fully managed model is a dedicated cloud computing paradigm that assumes complete management and control of a client’s cloud platform. As a result, everything is done for the client so they don’t need to perform any maintenance or management operations like setup, provisioning, migration, patching, optimization, backup, and so on. Fully managed cloud operations enable organizations to free their teams to focus exclusively on their core business functions. It is also relatively cost-effective because it provides all the benefits of a cloud computing environment without the need to hire a team of cybersecurity experts. Because it’s managed by experts, this type of cloud-based access control tends to be quite innovative while drastically reducing operating costs without compromising standards. Cloud-based Access Control that Suits Your Business Needs Organizations have unique business goals so there’s no one-size-fits-all approach to their access control needs. However, Digital Guardian Secure Collaboration’s expertise in document rights management positions it to help your business design cloud-based access control options to best suit your individual circumstances.

Business email compromise scams have cost companies billions over the past several years. How can businesses best protect themselves against a BEC scam? We asked a panel of experts.

A recent report said that almost half of data breaches involve an insider element. In this blog we define what constitutes an insider threat and give you nearly 50 examples to help illustrate the threat further.