Digital Transformation and Security: Protecting Endpoints and DXPs

… incident detection and response.

Cingo’s Scott Madsen

“Many cloud platforms provide an API that allows MSSPs to pull metrics and SIEM info that can then be presented to customers in an organized and easy-to-understand format,” said Scott Madsen, CEO of Cingo Solutions, a provider of advanced cybersecurity solutions for vulnerable industries. “In addition, moving locally hosted services and applications to a private cloud – when done properly – provides increased physical site security, granular access control, and often better backup and disaster recovery options.”

But all the security systems in the world can’t protect MSSPs from the mistake of an undertrained employee.

“Training your workforce to recognize and avoid certain risks has proven to be priceless,” Madsen said.

FIPS 140-2, Digital Transformation and Security

If an MSSP contemplates providing digital transformation and security solutions via DXPs while protecting endpoints, they may want to support FIPS 140-2, the U.S. government Federal Information Processing Standard that defines cryptographic module security requirements. Among other defensive measures, FIPS 140-2 calls for 128- to 256-bit AES encryption. The most popular and widely adopted encryption standard, AES (Advanced Encryption Standard) is the federal gold standard for unclassified but sensitive data networks. Demand among government and private customers for this baseline endpoint security standard just might bring DXPs into the mainstream.

Based on Google search engine results, among DXP providers Acquia seems one of the few 2019 Gartner Magic Quadrant for Digital Experience Platforms vendors – if not the only one – to offer FIPS 140-2 compliant solutions.

With FIPS 140-2 cryptographic libraries, the Acquia Experience Platform DXP can protect data in motion from endpoint to endpoint as well as data at rest, according to a blog by Meagan White, director of marketing programs at Acquia. Recently, Acquia also updated its algorithms to assure its DXP cloud platform maintains continuous support for FIPS-compliant digital transformation and security.

Credential Screening, Digital Transformation and Security

According to the Verizon 2019 Data Breach Investigations Report, 43 percent of all breaches occurred at small- and medium-size businesses (SMBs). And because many SMBs rely on MSSPs to help protect them, their digital transformation and security, they must carefully screen credentials of users.

“Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value,” the Verizon team wrote. “Consequently, there’s been a corresponding increase in hacking cloud-based email servers via the use of stolen credentials.”

Therefore, compromised credential screening for online accounts can help MSSPs protect business customer targets who have online user accounts. Security experts say account takeover and fraud are significant threats that organizations with online accounts must tackle every day, for which credential screening can work quietly behind the scenes.

Enzoic’s Michael Greene

“Without creating additional friction for the end user, the API is integrated into the login, password reset or new account form so when a user logs in, the API checks a backend database of billions of credentials in milliseconds,” said Michael Greene, CEO of Enzoic, cybersecurity and fraud prevention specialists. “It will flag which credentials are compromised, and the MSSP or customer can determine next steps — forced password reset, step-up authentication, sensitive information hidden [and so on].”

For customers with Active Directory environments, password screening can help MSSPs protect employee or internal accounts from account takeover, according to Greene.

“MSSPs or their customers can configure it so when an account is found using a bad password, they can flag the account, prompt a password reset, then reset it the next time the user logs in,” Greene said.