Solving the InfoSec Risk Equation

Written by Daniel Deter on Thursday, November 15th 2018 — Categories: IT Operations, Security

With all the talk about cloud security threats, it’s important to remember that no matter where your data and applications reside, you should consider your data insecure.

Fundamentally, security isn’t a hyper-complex enterprise; It’s not, as they say, rocket science. It often feels that way, because the discipline is so broad in scope; encompassing both disparate technologies and governance frameworks. But, the vast majority of risk can be mitigated through adhering to basic foundational security.

More to know: A review of breaches outlined within the Verizon 2017 Data Breach Investigations Report (DBIR) against the Center for Internet Security (CIS) top 20 critical security controls found that:

• Adopting the first 5 controls could mitigate 85% of attacks, and
• Adopting all 20 controls could mitigate 97% of attacks.

That basic foundational security can be expressed in one essential formula, which boils down what is under your control as an IT security professional and what is outside your purview. That equation is as follows.

Continue Reading...


Understanding and Preventing SQL Injection (SQLi), One of the Most Common Attack Vectors

Written by Daniel Deter on Wednesday, October 17th 2018 — Categories: Cloud Storage, Security

Your data is your business. Your databases, and the data-driven applications that leverage them, should be regularly audited for vulnerabilities. One of the top risks facing your data today is SQL injection (SQLi). According to the 2018 Verizon Data Breach Incident Report (DBIR), SQLi was the second most common form of hacking varieties within information breaches, exceeded only by stolen credentials.

This attack vector involves the exploit of programmatic weaknesses in applications to run unintended code to manipulate your backend SQL databases, and thus access information or even gain administrative access and credentials.

Any application that uses SQL could be subject to this type of attack, from simple websites to SaaS apps like your CRM and ERP — even VoIP systems. This attack is also not limited to applications exposed to the internet. Internal applications are prime targets for attackers who have breached your external boundary (e.g., through phishing).

Continue Reading...


Hurricane Florence Preparations

Written by Daniel Deter on Wednesday, September 12th 2018

The Green House Data team is closely monitoring Hurricane Florence as the storm approaches landfall and will continue to monitor the storms’ progress. We've taken the following steps and precautions for the storm.

Continue Reading...

Chat Now