Featured

Cloud(ed) Judgment: OneLogin’s Breach Continues to Fuel the Security Debate

By | Date posted: June 26, 2017
cloud images

When it comes to the next big data breach, it’s never a matter of if, but a discussion of when.

This time, the target was identity and access management firm OneLogin, which recently shut down its U.S. data center due to compromised Amazon Web Services (AWS) keys. With the company serving more than 2,000 enterprises across 44 countries, the incident has been referred to as a “massive leak” and once again raised questions about cloud security.

As we continue to learn, everything that the cloud represents is great… until it’s not.
Read more

The President’s New EO Gets the Gist of NIST

By | Date posted: June 8, 2017

President Trump introduced his long-awaited Cybersecurity Executive Order last month. While some focused on its similarities to EO 13636 issued by the Obama administration more than four years earlier, we were more concerned with, and quite frankly, excited by, the fact that it (rightly) cast a renewed spotlight on the National Institute of Standards and Technology (NIST) Framework.

Read more

Trust, but Verify: The Missing Link in IAM

By | Date posted: May 18, 2017
Security-Breach

Identity and Access Management (IAM) is well-entrenched in enterprise and government infrastructures.

However, in our API-driven world, merely establishing a “trusted user” – e.g., a device or a person – and granting them access to information provides an incomplete security profile. Lacking the ability to inspect the bidirectional flow of data traversing our modern computing architectures, IAM technologies cannot answer the two most critical questions about trusted users:

What information are they bringing into the network?

What information are they removing from the network?

Read more

FCW: Why the CDM program needs an overhaul

By | Date posted:

In this article, Jason Macy – CTO of Forum Systems, highlights the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program and how the initiative aims to streamline processes and simplify risk management.

 Applying best practices is indeed a laudable approach, but if you are practicing for the wrong game, what’s the point? Best practices need a strategy, and CDM needs to be augmented to focus on existing industry technologies such as API security gateways and others that are already solving cybersecurity problems.

Read the full article

 

Forum Systems to Share API Security Insights at KuppingerCole’s European Identity & Cloud Conference

By | Date posted: May 2, 2017
News-Icon

CTO Jason Macy to Lead Workshop on Achieving Compliance with PSD2, Open Banking Standards, and GDPR

BOSTON, May 2, 2017 – Forum Systems Inc. today announced that CTO Jason Macy will explore API security best practices and establishing compliance with emerging API-based industry standards at the European Identity & Cloud Conference 2017 (EIC).

Now in its 11th year, the KuppingerCole event will take place May 9-12 at the Dolce Ballhaus Forum Unterschleissheim in Munich, Germany and cover topics related to identity and access management (IAM), governance, risk management and compliance (GRC) and cloud security. At EIC 2017, Forum Systems will also showcase its award-winning Forum Sentry API Security Gateway in Booth #W8.
Read more