Stay Safe in the Current Cybersecurity Environment
How can you hope to keep yourself and your business safe when there are threats lurking around every corner of cyberspace? Stanford Advanced Computer Security Program Co-Directors Dan Boneh and Neil Daswani have the answer. The pair recently conducted an on-demand webinar to review some of the more noteworthy developments in cybersecurity and the best practices you need to follow to prevent a data breach.
Updating identity and access management controls
Identity and access management (IAM) has been around for decades, helping companies ensure that only authorized employees handle different files, systems and information. That's relatively straightforward on a closed network, but IAM providers are now faced with a much more difficult task: extending those same principles to publicly accessible websites, applications and platforms without disrupting the user experience or comprising security.
There are a few different approaches companies are using to revamp IAM for today’s online audience. For instance, WebAuthn allows websites to use two-factor authentication that doesn’t require SMS texts.
Any successful cybersecurity measure needs to balance privacy and security requirements, of course. One example is Google’s “Password Checkup” feature which allows users to submit personal passwords to see if they have been compromised. Google used cryptography to work around the inherent problem that submitting a password to its database would potentially compromise those credentials. Users can verify the effectiveness of their passwords without actually telling the remote database what their credentials are.
Accounting for the Internet of Things
The Internet of Things (IoT) has grown by leaps and bounds over the past several years. Many homes now have several IoT devices running around the clock, whether it’s a smart TV, speaker, camera, thermostat or refrigerator. We’re online all the time, and that means we’re more vulnerable to cybersecurity threats at all times.
Add the recent shift to remote work into the mix, and companies should be very wary of the potential for a network intrusion, data breach or other security threats. A cybercriminal could easily get onto a remote employee’s home network through an IoT device (say, taking advantage of unsecured factory settings) and then gain unauthorized access to company systems.
In response, a lot of organizations have embraced zero-trust security models, which deny access to every user as their default setting. When employees want to get onto the company’s cloud platforms, business applications or internal systems, they need to first verify their identities and level of authorization. This way, you don’t have to worry about an unknown user piggybacking off of a worker’s home network (or third-party vendor, for that matter) and breaking into your system.
Rethinking cloud security and data privacy
Pretty much from day one, cloud users have had reservations about running data and processes through hosted platforms. Cloud providers have done a good job alleviating security concerns over the years, and the latest technological updates will only push cloud security further. For instance, enclave-based cloud security solutions place data in encrypted containers, so not even the hosting provider can see or access it.
Another important development in cloud security is key rotation. Putting time limits on access keys and refreshing them at regular intervals prevents unauthorized users from using old credentials to access data. An even better approach is to use updatable encryption to handle that rotation without letting the cloud provider or platform see your data.
Boneh and Daswani share a host of other security updates in the webinar. They also cover the latest developments with network and infrastructure security, application security and blockchain. If you want to learn how to protect your network from the latest threats or hone your cybersecurity skills, watch the entire presentation.
In today’s digital landscape, knowledge is power. Consider enrolling in Stanford’s online cybersecurity program to up your game. The course material has been carefully curated to give you relevant lessons and knowledge that can be applied directly to your everyday work. Take your cybersecurity career to the next level by earning a professional certificate from Stanford.