09.20.2017, Auditing, Security, by .

One specific concept we’ve been talking about a lot recently here at Lepide is the Principle of Least Privilege (PoLP). The principle of least privilege is the process of ensuring a ‘user should only be able to access the information and resources he or she requires for legitimate reasons’. Opportunity Knocks… It’s such an important concept to understand. When we analyse the root causes of data leakage incidents, there are … Read more

09.18.2017, Security, by .

With the advent of the new European Data Protection Regulation, all companies globally are required to adhere to the law if they are storing or processing personal information of any European Union citizens. This means that US companies doing business with European countries in theory must adhere to the law. If they do not the potential penalties are €20M, or 4% of the previous year’s gross global turnover, whichever is … Read more

09.14.2017, Active Directory, Auditing, by .

Are you able to instantly identify who has access to the sensitive data in your Active Directory? Sometimes, answering “who has access to what?” in your IT environment can be difficult. Knowing who has permission to what enables IT teams to ensure that the right users have the right levels of access to the right data. This is a critical part of ensuring the principle of least privileges, where users … Read more

09.12.2017, Security, by .

Here at Lepide we brand ourselves as an IT security and compliance vendor, which raises a really interesting question as to what IT security really is. Sure, while we have always offered solutions that enable users to audit, monitor and alert when potential security threats arise, you could arguably say that visibility does not necessary equal security. Just because someone knows about a potential issue does not in itself equate … Read more

09.08.2017, Security, by .

Back in May, the “WannaCry” virus started hitting computer systems across the globe. Spread via a simple E-mail phishing scam, the virus exploited a Microsoft vulnerability to hijack victims’ computers, locking and encrypting data so that it became impossible to access with a key. The cyber attack crippled massively sensitive servers worldwide, bringing amongst others, the UK’s NHS, FedEx and Germany’s rail systems to a grinding halt. All in all, … Read more

09.06.2017, Security, by .

To put it simply, in order to protect your sensitive data, you need to know exactly what data you are trying to protect. Data classification allows you to categorise information based on how sensitive certain data items are by injecting metadata into documents, emails, etc. This information can be used to alert users about the degree of sensitivity associated with the data they are handling. This is akin to putting … Read more

09.01.2017, Security, by .

Most of today’s malware could be stopped by following basic security best practices. But despite this, organizations either choose convenience over security or don’t enforce their own security policies. In a least privilege environment, users only have the rights required to carry out their job responsibilities. That’s a bit of an unhelpful definition because you could argue that many users need administrative privileges to fulfil their duties as a lot … Read more

08.30.2017, Auditing, by .

Separation of duties (SoD) – also referred to as “Segregation of duties” – is a critical, yet often overlooked area of IT security. Essentially, the purpose of SoD is to help organisations protect themselves from fraudulent behaviour by ensuring that no single individual can act alone to subvert a critical process for their own personal gain. SoD is an area that comes under close scrutiny during compliance reviews, and will … Read more

08.28.2017, Security, by .

The UK Government has announced a new data protection bill that is designed replace the forthcoming EU GDPR. The bill is essentially an update to the existing Data Protection Act (DPA), that was introduced in 1998. Why has the Government decided to make these changes? As of the 25th of May, 2018, the EU General Data Protection Regulation (GDPR) will come into effect, which sets out to “harmonize data privacy … Read more

08.25.2017, Security, by .

SIEM (Security Information & Event Management) software is designed to assist organisations in detecting and reporting suspicious activity within their environment. SIEM solutions aggregate data in real-time from multiple sources within an IT environment and present the information via a single dashboard. SIEM solutions are useful; however, they also have many drawbacks. SIEM solutions can be complex Collecting the data and organising it into anything that you can derive real … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.