The federal government leans more heavily on technology providers, including cloud computing platforms that support data storage, processing, and office application solutions. Accordingly, the question of data security is live, and the government’s response is to implement the FedRAMP authorization requirement. 

Like many other government programs, FedRAMP can threaten to bury the under prepared provider under a mountain of documents. Here, we’ll briefly cover the basics of FedRAMP documents and required reporting.

Read More

In the financial industry, fraud is a natural and ever-present challenge. Digital banking and international finance have only compounded this problem, and anti-money laundering and fraud laws in the U.S. have evolved to address these issues.

In modern times, the overlap of identity management, authentication, and identity assurance has led to more comprehensive forms of authentication. These verification forms can differ based on the customers, the jurisdiction or industry, or even the technology used to make a payment or secure funds. But, all forms of authentication are purpose-built to ensure that technological systems can resist unauthorized access to financial information.

Read More

Security frameworks and regulations will inevitably dictate that organizations have the capabilities to deny access from unauthorized users. This facet of cybersecurity is so fundamental to compliance more broadly that it’s essentially impossible to engage in proper security without considering access control.

This article will discuss access controls and authorization as part of a larger approach to Identity and Access Management (IAM). 

Read More