The increasing use of cloud vendors and third-party providers has made advanced IT infrastructure and expertise available even to smaller organizations. It has also created an interconnected ecosystem of businesses, government agencies, utility firms and managed service providers (MSPs) that can potentially compromise security across multiple systems. 

If you’re a managed service provider, it’s your responsibility to ensure that your systems are secure, that your partnerships are equally secure, and that you maintain continuing risk management and monitoring against all services. 

Read More

Managing cybersecurity threats is a full-time job, and most cybersecurity specialists rely on shared knowledge between experts in the field to combat these threats. The Common Vulnerabilities and Exposures (CVE) database provides a starting point for this kind of knowledge, centralizing an index of known security vulnerabilities in the wild. 

The CVE program recently joined with the Cybersecurity and Infrastructure Security Agency (CISA), which then feeds into new directives for federal agencies and cloud service providers (CSPs). One of these directives, Binding Operational Directive 22-01, establishes this new list and several other requirements for regulated organizations and is trickling down into other security requirements, including FedRAMP. 

Read More

PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems. 

Many organizations seek their PCI compliance certification to cover their bases with payment processing and data storage. As these enterprises collect card data, payment information, and other data types, this compliance helps them maintain good standing with the credit card companies and their customers. 

Learn the basics of PCI compliance and auditing in this article. 

Read More