Where to Spend your Next Security Dollar

Strong Authentication

At least two kinds of evidence, at least one of which is resistant to replay.  Mandatory for all but the most trivial systems and applications.

Privileged Access Management

Limited number of uniquely identified, authenticated, accountable, and supervised privileged users (no sharing of IDs or passwords).  Mandatory for all large enterprises, recommended wherever there must be more than one privileged user.

Document Management System

a system, process, or database to capture, track and store electronic documents such as PDFs, word processing objects, and digital images of paper-based content, providing accountability for all content, changes, and access or use.  Mandatory for intellectual assets (IP), personally identifiable information (PII), client, customer, and employee relations, or financial records; recommended for all confidential or sensitive information.  

Structured Network

Layering of your network such that user to application, application to application, server to server, and server to file and storage system communications are isolated from one another such that any layer to layer communications require additional authentication and privileges or capabilities.  This can be implemented using wiring and "firewalls," or cryptography (e.g., VPNs, Software Defined Networks (SDNs).  Recommended for all large enterprises.  

Travel Guidance

 Canada, France, Germany, Denmark, and Ireland are issuing new guidance to their citizens traveling to the United States.

https://www.travelandtourworld.com/news/article/france-denmark-germany-and-ireland-join-canada-in-urging-travelers-to-use-burner-phones-at-us-borders-amid-digital-surveillance-and-detention-fears-new-update-you-need-to-know/

I have always cautioned business executives to use "disposable" devices when traveling abroad or crossing into the US.  No data, just clients for accessing business e-mail, data, and applications in the enterprise or cloud. This is because customs agents have extraordinary power to search and seize without cause or warrant. There have been abuses but mostly by over-zealous agents; no discernible pattern. I do not think that there is a policy but DHS has consistently refused to disclose whether or not they have given instructions to the agents.

 

All that said, if surveillance, seizures, and detentions have increased under the new administration, I have not seen any reports. This new guidance from these countries may result from nothing more than uncertainty, or it may even be political. Nonetheless, if there is a problem, I plan it to alert and advise you.  Watch this space.  

 

I am leaving the country in May and returning in June. All of my data is already in the cloud, mostly for device independence.  Just before returning,  I plan to erase the clients from my phone and tablet.  It will be simple enough to reinstall them from the app store after I clear customs.