The government is never going to fix its cybersecurity problem until it fixes its procurement problem!
Shockingly, there are no NAICS, SIC or SIN CODES for cybersecurity products on the GSA Schedule. As a California Certified Small Business owner who offers multi-factor authentication (MFA) products on the GSA Schedule, this is a serious problem.
Without cybersecurity procurement codes, government agencies and departments are unable to find, let alone implement, targeted products and services to keep our nation’s electronic data secure. Current procedure involves a keyword search on the GSA Schedule. If the exact keyword is not typed or listed, no match is found. An agency’s only recourse then becomes generating expensive and time consuming RFIs, RFPs and RFQs. Cybersecurity NAICS, SIN and SIC codes are designed streamline the entire process, save money and ensure fast cybersecurity implementations. Read More→
Data Security first starts with Data Privacy
Last week I had meetings with aids of Senator Boxer (D-CA), Senator Feinstein (D-CA), Congressman Becerra (34th Dist., CA), Deputy Secretary Bruce Andrews (U.S. Dept. of Commerce), and finally the leadership for the U.S. House Small Business to discuss my concerns about data privacy and why I support the LEADS (Law Enforcement Access to Data Stored Abroad) Act of 2015. Read More→
Know your Password Manager
Last week the cybersecurity industry was a buzz about the Boston-based company LogMeIn, Inc purchasing LastPass for $125M. In the different news articles some interesting facts were quoted:
- Only 10 percent of knowledge workers today use a password manager
- Only 37 percent of survey participants use passwords that contain both letters and numbers
- Nearly 64 percent of people who use the Internet deploy the same password for most websites
- Nearly 80 percent of cloud-based services and apps have monitored, sensitive or private information
- 35 percent intend to adopt a password manager in the next 12 months
While these are staggering statistics, it’s the last one I want to address. That’s because not all password managers are the same. You need to understand the differences before you deploy. Read More→
Biometrics give a false sense of security.
On Sept 23, 2015, Office of Personnel Management (OPM) revised the number of stolen fingerprint files to 5.6 million! Why should you care?
Some security pundits believe that biometrics are far more secure than passwords. They argue that since everyone has unique identifiers like their voice, iris, face and fingerprints, why not use these to authenticate a user in to a computer network? Sounds logical and from a theoretical perspective, it’s true. But major flaws become apparent during implementation. Read More→
Every day I read another post, hear another news story, or have another conversation that passwords are insecure and that PKI and digital certificates must replace passwords. Comparing passwords to certificates, or PKI, is not correct because:
- A passwords is a single component within multifactor authentication.
- Certificates and PKI are a complete infrastructure made up of many different components.
- What keeps certificates secure is how their keys are safeguarded, generated, protected, and managed