¿Innovación o Seguridad?

¿Innovación o Seguridad?



Throughout 2021, global news seemed to ricochet between the rapid spread of new iterations of COVID-19 and cyber criminality — both becoming increasingly creative and disruptive as they mutate in a battle for survival; both interlinked as cybercriminals profit from rapid digitalization forced by COVID-19 lockdowns. In a recent interview, a prominent cybersecurity executive pointed out that alongside birth, death and taxes, the only other guarantee in our current lives is the exponential growth of digital threats.

Because security is not built into new technology from the ground up, cyber criminals quickly get a foothold and cause untold damage before we can catch up.

Much has been said about the cybersecurity skills shortage. Millions of cybersecurity positions are unfilled, and this is causing serious problems at many organizations. Cybercriminals the magnitude of the skills shortage is based on a specific model of doing security. This model is reactive rather than proactive and takes a labor-intensive, “brute force” approach to threat response. We need more bodies in cybersecurity because our methodology is to “throw more bodies at the problem.”

For example, rather than doing threat modeling and building strong, proactive controls as they develop an application, organizations scan for vulnerabilities, manually analyze the scans and manually remediate the problems — or else let the vulnerabilities accumulate. Cybercriminals this consumes a lot of resources and ultimately does not leave an organization significantly safer than if it had done nothing.

Moving Beyond Brute Force


While most people may see the logic in moving beyond this scattershot approach, it has an incredibly strong gravitational pull. IT governance policies at many organizations require the use of antiquated security technology and processes when other approaches would provide better protection using fewer resources. At the same time, the rapidly evolving marketplace means that development teams face continual pressure to crank out applications even faster than they do today. This makes it easy to rush into development rather than taking the time to architect an application to be secure before coding even begins.

But what if we were to break from the gravitational pull of reactive security and refocus on what really matters? We could build security into new technologies as they are developed, rather than adding it as an afterthought. We could become consistent, prioritized, focused, structured and strategic in the use of people, processes and tools. help developers learn to write safer code by providing real-time feedback.

At the same time, we need to be making security more visible. If users had an idea which software was safer and which was less safe, they would choose accordingly. The White House issued an executive order in May that can potentially move us in this direction. For example, it requires software vendors to provide a “Software Bill of Materials”. Something of an “ingredients list” for an application. We need dramatically more information about why we should believe something. Secure before we trust it with important things — like elections, finances and healthcare, for example.

Proactive cybersecurity strategies

Aggregate a multitude of perspectives, which brings the benefit of innovation, problem-solving and consensus-building.

From the growing adoption of distributed cloud to the proven benefits of remote mobile workforces. The attack surface for bad actors is ever-widening. This means the requirements for network security have also evolved with the growing threats of increasingly distributed systems.

Security should not take a backseat to innovation in digital businesses. Of course, innovation and speed will require businesses to build secure systems, which means we can no longer afford to implement security only at the service level. We need to apply adaptable solutions from the architecture level that will change with digital business requirements.

See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let us know how we can help you

(1) Forbes
(2) Information Week

¿Cómo beneficia a tu organización la gestión de Cuentas Privilegiadas?

¿Cómo beneficia a tu organización la gestión de Cuentas Privilegiadas?



Management and authentication of identities

Management and authentication of identities

While IAM controls provide authentication of identities to ensure; that the right user has the right access as the right time. PAM layers on more visibility, control, and auditing over privileged identities. Management and authentication of identities is really important.

In a Tuesday session, titled «Security Leader’s Guide to Privileged Access Management,» Gartner research director Felix Gaehtgens said privileged access management is a crucial component of any security program because of the increasingly large scope of IT environments, users, administrative tools, and IAM data such as passwords, and certificates.

Organizations face multiple challenges on Management and authentication of identities:

More over, insufficient oversight and auditing: Most organizations lack adequate controls to regulate the privileges and use of highly privileged accounts. However, but regulations such as Sarbanes-Oxley (SOX), J-Sox and GLBA dictate that organizations must demonstrate who has access to what data and resources, when, why and who approved such access and defined rights.

Importance of Auditing over privileged identities

Shared access to account IDs and passwords;  The typical problem with shared accounts is that everyone uses the same ID and password, which creates compliance challenges, as it is impossible to determine who has access to the accounts and who actually performed a specific action.

So, inadequate segregation of duties: IT resource personnel who use and maintain privileged; accounts are often the largest access holders in any organization. Certain highly privileged accounts, also especially those designed for emergency operations and incident management; can allow misuse to go virtually undetected or leave no traceability. Organizations must choose between compliance and the ability to recover or resolve problems quickly.

It is a pleasure to invite you to our new webinar we are celebrating today, 23rd June.

During the webinar we will discuss about how PAM is emerging as one of the hottest topics in cybersecurity; and why it must be a part of your overall IAM strategy.


Join now our webinar!

Código Abierto. El valor de las ideas ha crecido

Código Abierto. El valor de las ideas ha crecido

Código Abierto

Today’s business leaders face enormous pressure from markets, competition, and the current pandemic, which is radically changing the way we do business and engage with customers. Organizations need to adapt, imagine new revenue models, innovate as never before, and attract a new generation of talent to fuel this evolution and help the business stay relevant.

In the last few decades, organizations large and small have started leveraging the benefits of open source at unprecedented levels. One of the benefits of working with open source technologies or projects is the free sharing of ideas. Open source brings people together to brainstorm and develop a common piece of technology.

business leaders face enormous pressure

The open source web frameworks offer an alternative that shifts the company focus from the centralisation of resources – which has become of little significance – to the adoption of more internationally widespread technologies. The technological exclusive and the supposed guarantees of a private supplier are exchanged for a transparent shared standard.

In the past technology ownership guaranteed a competitive edge over the competition and money could also be made from licensing.

With the growth of the web and the spread of technologies to support the online services, the IT sector has experienced the formation of a very fragmented situation.
In this scenario the big digital service companies have played an important role, at times determining with their economic weight the growth of some of these technologies and the consequent decline of others. New international standards have been set.

At the same time

Many cases of successful open source frameworks have emerged which have ridden the wave of the community-driven technologies, i.e. developed and maintained by international teams of independent developers.

business leaders face enormous pressure

In light of the success obtained by these frameworks, today privatising the technologies on which to base their services. Also and products means companies run the risk of reinventing the wheel, rather than concentrating on activities that create solid value.

Compared to open source frameworks the owned ones are more expensive; and risk becoming outdated more quickly in a world in constant evolution.

The value of ideas has increased

A shared technological standard on an international level, helped by an open source philosophy; has a superior value compared to the in-house alternatives. The ability to integrate programming languages and different tools effectively and using the resources already created; by other developers increases the competitiveness of the web-based platforms.

Considering the rise of open source frameworks the question is not how to centralise control over technology. But how to adapt these resources to our advantage, participating in their progressive enhancement while developing components for company use.
Technology is the tool that allows us to drive value; but this comes from positive ideas to digitalise the company resources available.

With freemium solutions like Soffid, the customer get all the benefits from both sides; from the traditional product and from the open source product. But they get a good support, they get a development roadmap and quick security fixes.

Soffid is one Single product, release like open source and including all the features; about Identity and access management, priviledge account management and identity governance.

Shall we talk? 

¿Es la Intranet de tu empresa segura?

¿Es la Intranet de tu empresa segura?

Intranets offer more than just avenues for communication within your company. They also present employees with a treasure trove of content and services, enabling them to perform better and become more effective.

On the contrary, when employers are forced to deal with unwieldy intranets, be it for lack of features or a cluttered UI, to manage their daily tasks, the negative impact on the company’s bottom line can be huge.

As such, implementing a robust intranet solution can give companies a competitive advantage. In fact, Deloitte research shows that companies with strong internal social and work networks are 7% more productive.

Yet, not all intranets are created equal, and some might not give you as many benefits as other, more consolidated, options.

Intranets were created to increase productivity in the physical workplace, but 2020 showed us that the workplace isn’t tied to a single location. The workplace has now become a concept rather than a specific site.

Yet, there is still the need for a centralized hub where employees can access company information and improve their communication. When employees don’t have access to a neural center to find what they are looking for, the company suffers. Plus, without an intranet, employees will start using their own tools, resulting in data silos and incompatible technologies.

These are some of the features you need to look for in a modern intranet in 2021:

  • Intuitive user experience: Intranets shouldn’t look different from other applications and software, and they need to be easy to use.
  • Integration with third-party applications: Modern intranets need to integrate with both corporate and consumer applications of all kinds.
  • Availability as a mobile application: Modern intranets need to be available as native apps or PWAs to reach employees truly.
  • Support for cloud office solutions: Be it Microsoft 365 or Google G-Suite, an intranet needs to work with the office suite your company uses.
  • Personalization-ready: Modern intranets need to be able to personalize messages for both departments and users at a granular level.

Intranets connect all of an organization’s teams, systems, and networks elevating your operations to a whole new level. But why open source? Simple, because you need a platform with flexible information architecture. A platform you can tweak as per your company’s needs and unique workflows.

The main benefits of an open source platform for intranets include:

  • Lower costs: Open source platforms tend to be more cost-effective than proprietary software.
  • Extensibility: An open source intranet can be built into and can be extended to maximize growth.
  • Integrability: The open source architecture enables developers to integrate with other platforms without the constraints of a proprietary solution.
  • Powerful search: A modern intranet needs powerful search capabilities to be able to sift through all the data enterprise businesses have.

Our new Soffid 3 provides the most intuitive and user-friendly interface, making the transition smooth and convenient and offering advantages for your team.

Shall we talk about your project?