Testing the Foundation for Secure Access to SaaS Products

Chris Williams SaaS, Security, SMB, SME

Encryption is the first line of defense for data accessed through publicly accessible web applications. That’s why it’s so important to validate that your public web applications are configured as securely as possible when it comes to SSL and TLS. The good news is that Qualys SSL Labs offers a free, easy to use web-based tool that tests public web servers for SSL, TLS and PKI configuration issues. The service has been around since 2009 and continues to quickly incorporate checks for known vulnerabilities like Heartbleed. Chances are that your customers are using similar tools to perform non-intrusive checks against …

Automating the Management of Local Admin Passwords with Microsoft LAPS

Chris Williams Security, SMB, SME

Effectively managing local admin passwords across hosts is a common challenge for IT Departments. This drives the reuse of passwords across hosts and makes local admin passwords a highly valued target for attackers to use in attacks like Pass-the-Hash (PtH). This can lead to privilege escalation and access to higher valued assets in the domain. The good news is that Microsoft offers a free, easy to deploy solution that simplifies the management of local admin passwords across domain joined computers. LAPS is built on Active Directory infrastructure so there’s no need for third-party applications. The agent is a Group Policy …

10 GDPR Resources for the Budget Constrained (Part 1)

Chris Williams Executive, GDPR, News, Security, SMB

The General Data Protection Regulation (GDPR) continues to be a major source of concern for IT staff across the US. It’s pushing these IT organizations outside their relative comfort zones and forcing them to adopt higher security standards. This includes many common sense best practices. Being found in non-compliance means paying dissuasively large penalties which could cripple SMBs. Organization’s with security programs that include information security audits and ongoing security program development will have a solid foundation of policies, controls and practices to build upon. For those still working towards GDPR compliance, there are some free tools and services that can be very helpful. Don’t get …

Information Security out of Necessity

Chris Williams Executive, Security

I was a Chief Information Security Officer. Not a virtual one. A human one. My name is Chris Williams. I’m a founder and Managing Partner at Perpetually Geek. My passion for information security grew out of necessity. Having worked at a document management firm where we began developing and hosting SaaS applications starting in the late ‘90s, we were considered cutting edge. We had strong executive vision and leadership, were attracting venture funding, building an impressive client book of top companies in the world, hiring top talent, and building our company for the future. All was right in the world. At that time, we were building out our infrastructure, including our own private cloud, and architecting our data centers for resiliency as we expanded our geographic footprint. It was …

The SaaS Provider Dilemma

Chris Williams Executive Leave a Comment

It used to be that SaaS providers could deal with security and compliance related items a couple times a year with limited focus and effort while attempting to check the most common customer-facing Information Security check boxes. This learned behavior evolved more out of necessity than anything else. Many SaaS providers can’t afford the cost to hire dedicated security personnel so existing IT staff are expected to take on Information Security responsibilities, in addition to their existing duties, with little to no further training or mentoring. This is “that” topic neither side wants to talk to the other about. Management …