SSO is fantastic and super convenient. But breaches happen. But we can mitigate these risks so that a breach of your SSO provider does not lead to a compromise of your targets.
When I first read the federal government’s memo on it’s “transition zero trust”, I was jumping out of my skin with excitement. There’s lots of great stuff in that memo (see my earlier blog post) but what excited me most was the memo’s stance on VPNs.
Yesterday, the Office and Management and Budget (OMB) released a memo:“Moving the U.S. Government Towards Zero Trust Cybersecurity Principles”. The memo advises the Federal Government on what steps each agency must take to improve its cybersecurity. It looks like the government is planning to position itself as a cybersecurity leader, while also pushing the private sector into a more robust cybersecurity posture. Also, if you get into it, this memo is actually about a lot more than zero trust.