A discussion about security

This week, we’ve sat down with Dave Lewis for a conversation about security that found it’s way onto forbes.com.  In the article Dave asks: “How would you best advise people on addressing access control in today’s networks.”  Our answer went as follows:

Know your business (process), your assets, your interactions, your people. This is hard to do well. Many manage to understand one, but few all. The other challenge is making sure any additional controls identified map to business need and are seen as an enabler rather than a restriction or pure cost. Removing passwords altogether is desirable for example – NIST and NCA UK advise to stop mandating password changes every 90 days gave many users hope that this would stop the world of password1, password2 etc.

Solution such as SafePass – good passwords in the first place – and Duo – let’s make sure that authentication attempt is really you are key tools – both being very easy to use – almost frictionless. Any solution needs to be frictionless and fast deployed – the security industry has done itself no favors with complex solutions.”

Adrian Mahieu, Threat Condition

To read the whole article, click the link below.