What’s Your Cloud Security Foundation?

What’s Your Cloud Security Foundation?

Cloud implementation and migration projects create ample opportunity for mistakes when it comes to the management of security controls in the new environment. This was demonstrated in dramatic fashion recently with the news that Viacom cloud configuration secrets had been exposed on the public internet due to misconfigured S3 bucket permissions.…

Read More
Application Security from the Inside Out: Part 2

Application Security from the Inside Out: Part 2

In my previous post, I addressed four coding policies that almost guarantee a data breach. This post will cover five solution strategies to shore up your application’s security. The guiding principle to correct these flawed policies (see Part 1) is to change the priorities that direct development and support of software applications.…

Read More
Application Security from the Inside Out: Part 1

Application Security from the Inside Out: Part 1

The recent data breach at Equifax is an unfortunate reminder of a long list of hacked sites (Target Stores, OPM, Sony, and others) that were caused by vulnerabilities in the application code. These companies seemed just as surprised as their customers by the attack and had to wonder, “how did this happen?” They did not need to look further than their own unintentional coding policies.…

Read More
Despite Heightened Attention To Cybersecurity Risks, Today’s Software Investors Don’t Feel Any Better Prepared

Despite Heightened Attention To Cybersecurity Risks, Today’s Software Investors Don’t Feel Any Better Prepared

During the first half of 2017, West Monroe and Mergermarket surveyed 100 senior private equity and corporate executives, all with organizations that have acquired at least one software firm over the past three years. Respondents cited various challenges to orchestrating a successful acquisition – one of the top among them being cybersecurity.…

Read More
When Information Security Begins at Swim Lessons

When Information Security Begins at Swim Lessons

In my role as leader of West Monroe’s Performance Services practice, I advise clients on how they can improve their infrastructure, application, and security management practices.  Increasingly, those conversations focus on improving overall security posture. We believe a strong security program begins with the business strategy – understanding the risks the business faces as it relates to...

Read More
Office 365 vs. G Suite: The dilemma of choosing between the behemoths and the benefits of Office 365

Office 365 vs. G Suite: The dilemma of choosing between the behemoths and the benefits of Office 365

Those who remember Microsoft’s Business Productivity Online Suite (BPOS) understand why there was such an interest in the release of Google Apps vs Office 365. Since their initial release, Google Apps has bloomed into G Suite and BPOS has evolved into Office 365. Both of which are capable of hosting a cloud based collaboration solution for companies of any size.…

Read More

Secure Against NetBIOS Name Service (NBT-NS) Poisoning Attacks with Group Policy

What is the NetBIOS Name Service, and Why is it Vulnerable to Poisoning Attacks? When reaching other systems on the network, we tend to think of DNS being the primary way that a Windows computer can translate a name to an IP address. However, there are several other methods available. One of the available name resolution services is the NetBIOS over TCP/IP Name Service (NBT-NS).…

Read More
More Data, More Problems… Leveraging the Azure Import/Export Tool

More Data, More Problems… Leveraging the Azure Import/Export Tool

In today’s market businesses are likely familiar with the enterprise services provided in Azure and have already started planning a cloud transition.  As Azure expands its core offering and more business transition to a cloud platform, the question becomes, “how does an organization move large amounts of data to the cloud, specifically to Azure?”  Introducing the Microsoft Azure Import/Export...

Read More
Unpleasant Discoveries: Cybersecurity Vulnerabilities Uncovered

Unpleasant Discoveries: Cybersecurity Vulnerabilities Uncovered

It’s every acquirer’s worst nightmare: you’ve spent countless hours vetting an M&A target, and after the deal goes through, you catch something. West Monroe Partners surveyed top-level corporate executives and private equity partners about their companies’ practices in order to better understand the state of cybersecurity diligence for M&A. The results provide a window into the trends...

Read More
The PCI DSS Cares about Disaster Recovery & Backups

The PCI DSS Cares about Disaster Recovery & Backups

In a separate post, we discussed Common Misconceptions around the Payment Card Industry Data Security Standard (PCI DSS). Building off those thoughts, this post will discuss an often-overlooked consideration when navigating the PCI DSS – disaster recovery (DR) and backups. West Monroe Partners has extensive experience conducting security due diligences for M&A transactions and helping...

Read More
Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons