In the ever-expanding cosmos of cloud computing, the Federal Risk and Authorization Management Program (FedRAMP) is the primary standard for cloud service providers working with federal agencies. Recognizing this, the Office of Management and Budget (OMB) has released a draft memorandum to revitalize FedRAMP, signaling a pivotal transformation to enhance the program’s efficiency, agility, and responsiveness to modern security threats. 

This article will explore the newly proposed authorization paths for FedRAMP, how they differ from the previous standard, and what that might mean for cloud products and providers. 

Read More

Companies and data brokers, armed with sophisticated data collection techniques, amass vast amounts of personal data, often without the explicit consent or awareness of the individuals concerned. The urgency of the matter has propelled jurisdictions worldwide to enact stringent data protection laws. 

This article explores a new development in privacy law: the Data Delete Act. This law is just one in a longer (but recent) history of laws that include the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA).

Here, we’ll discuss the law, its relationship to more extensive privacy regulations, and what best practices affected organizations can take to comply with it. 

Read More

In an era where cybersecurity threats continuously evolve, organizations face many challenges to secure digital assets. Among these threats, a sophisticated and stealthy approach known as Living Off the Land (LotL) attacks has emerged, leaving a minimal footprint and often evading traditional security measures. 

This article discusses Living Off the Land attacks, highlighting real-world case studies from notorious APTs, and offering suggestions on how organizations can address these threats.

Read More