Businesses now require their digital efforts to have both security and usability at their core. If one is less than the other, it will be ultimately be surpassed.

Some people said it was the biggest startup to come out of Stanford since Google. After securing some seed funding from professors, and then raising $25 million in a party round, Clinkle was destined for greatness among startups. Clinkle was designed to become the payment service all of us could use to manage credit cards, banks, and cash from our smartphones. And yet, I’m guessing the majority of this blog’s readers have never heard of them. Why could that be? The rise comes before… Launched in 2011, Clinkle got a lot of hype. Big names like Richard Branson and Peter Thiel, and organizations like Intuit and Intel were among the investors. They were clearly excited about something. But Clinkle has[…]

This morning, the 2013 RSA Conference truly got kicked off. Conference attendees gathered by the thousands into the main keynote hall at the Moscone Center in San Francisco. First up was a rousing set of Queen hits by a Queen tribute band. Unlike past years where a popular song is performed using primarily security-related lyrics, this year the music stayed mostly true to form. “We Will Rock You”, “We Are The Champions”, and “This Thing Called Love” were performed, and only a few lines at the very end of the last number were changed to security-related lyrics. The lead singer of the tribute band (The Queen Extravaganza) was quite good! Art Coviello, Executive Chairman of RSA followed the band and[…]

I saw this article come across my news feed today, and I thought to myself “what a great idea for an article!” The title is The Petraeus Affair: Human Nature Beats IT Security Every Time. I was thinking the article was going to be how General Petraeus and Paula Broadwell out-foxed the IT security measures in place at their various organizations to engage in (what they thought was) clandestine electronic communication. I figured the CIA would block access to GMail for security reasons, and yet these individuals were so determined to communicate they would have found a way. After all, most security controls can only defend against those willing to play by the rules. Reading the article disappointed me because it[…]

It’s a little embarrassing to admit, but it seems that the mistakes of one person globally syndicated columnist have led to a rapid increase in the acceptance and use of two-factor authentication technologies for authentication. Within the last week, I have set up both my Dropbox account and this very blog with two-factor authentication. Mat Honan’s sordid tale did a lot to raise awareness of how passwords are imperfect as an authentication mechanism, as have the many password breaches that have occurred over the years. Most interesting, though, is how Google created and freely released Google Authenticator as an open source application and how quickly organizations have begun to embrace it. While I’ve traditionally been a PKI guy (I know,[…]

So, SOPA is the news of the day, in terms of the Internet and security; it has been for well over a month now. In case you’re not familiar, SOPA is the Stop Online Piracy Act. It will “authorize the U.S. Department of Justice to seek court orders against websites outside U.S. jurisdiction accused of infringing on copyrights, or of enabling or facilitating copyright infringement.” I won’t bore you with the typical arguments about how it’ll infringe on free speech, or weakens safe harbor, etc. These arguments have been made, and they may have some validity, but let’s talk technology. SOPA is the most recent in a long line of legislation intended to regulate the internet. Such legislation is doomed[…]