Take Responsibility For Your Cloud Data Before An Attacker Does

As I have mentioned in previous blog posts, I spend a significant amount of my time talking to customers about their Cloud strategy, explaining to them about security controls they should consider when moving to Cloud, and, how Oracle addresses security within its own Cloud. One area that still surprises me in my discussions with organizations is the common mis-conception that a Cloud Provider is solely responsible for the security… Read More »Take Responsibility For Your Cloud Data Before An Attacker Does

Oracle, a security company? – InfoSec Europe 2017

A couple of weeks ago I spent 3 days exhibiting at InfoSec Europe 2017 in London, an event I have been attending as either an exhibitor or visitor for a number of years. This year definitely seemed to be the busiest I have seen with a good mix of your usual, large vendors, as well as some great presence from the smaller security companies, clearly spending their annual marketing budgets… Read More »Oracle, a security company? – InfoSec Europe 2017

Best Practice for IAM Projects

I was recently asked to provide some best practice advice for Identity Management projects. This got me thinking and led me to write down some recommendations. I thought it might be useful to share my thoughts. Identity Management has been delivering business value within organisations for many years. Over that time, thousands of deployment had enabled a number of lessons to be learned which can help organisations ensure that they… Read More »Best Practice for IAM Projects

Most Important Security Lesson

During a job interview several years ago, I was asked a question that has stuck with me ever since. The question was along the lines of: “If you could offer one piece of security advice to your customer, what would it be?” At the time, my immediate answer was “Education, education, education. Teach your employees about security as they are the weakest link in the chain.” Over the years since… Read More »Most Important Security Lesson

Protecting Children Online

Over the last two days I have had the privilege of participating in a summit of industry experts to look at innovative ways that technology can help prevent online sexual abuse of children. The event, organised by WeProtect, brought together over 80 individuals from around 40 companies to look at the threats and how they can be addressed. It was great to see so many competitor organisations putting their differences… Read More »Protecting Children Online

UK Govt – No preventative security measures for internal users. Are they mad??

Reading the Government Service Design Manual and especially the section on Security as an Enabler, I found an interesting paragraph in there, when talking about internal users, it states: “It is the intention of the Civil Service Reform Plan and the new Security Classification Policy that there is greater emphasis on user responsibility, reducing expensive and overbearing technical controls. This requires proper training to assist users in handling sensitive information,… Read More »UK Govt – No preventative security measures for internal users. Are they mad??

Now on Twitter

I have taken the plunge and decided that I should have a twitter account. Therefore, if you can’t think of anything better to do and want to follow me: http://twitter.com/paultoal

What makes a good presentation

Working in the field that I do I have to present and receive lots of presentations. A few months ago I started to get really frustrated with the poor quality of people’s presentations. Sometimes, this was their speaking, sometimes it was their slides or materials. I decided that I wanted to change the way that I approached the whole issue of presenting. Therefore, I have spent the last few months… Read More »What makes a good presentation

Authorisation comes full circle

I find it really interesting to look at access control of web-based applications to see how they have changed over the past decade. When I first started working with Identity and Access management back in 1998/1999, web applications were still emerging and there functionality was limited. At that time people were building silo’d applications containing all of the security within each application. Then along came the web access management (WAM)… Read More »Authorisation comes full circle