David Strom

David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld, and other publications. He can be reached through his web site, or on Twitter @dstrom.

How to hack 2FA: 5 attack methods explained

How to hack 2FA: 5 attack methods explained

As two-factor authentication becomes more widespread, criminals seek novel ways to subvert it. Here's what you need to know.

What is IAM? Identity and access management explained

What is IAM? Identity and access management explained

IAM is a set of processes, policies, and tools for controlling user access to critical information within an organization.

Top 7 security mistakes when migrating to cloud-based apps

Top 7 security mistakes when migrating to cloud-based apps

As organizations rush key apps to the cloud to support remote workers, they often create opportunities for attackers. These are the most common mistakes to avoid.

Homomorphic encryption tools find their niche

Homomorphic encryption tools find their niche

Current homomorphic encryption offerings require fewer specialized skills and are proving themselves effective in some use cases.

10 common cloud security mistakes that put your data at risk

10 common cloud security mistakes that put your data at risk

Yes, the cloud offers many security advantages over on-premises, especially for smaller organizations, but only if you avoid these mistakes around cloud configuration, monitoring and patching.

Securing Microsoft Teams: The options are limited

Securing Microsoft Teams: The options are limited

The popular messaging and video conferencing platform comes with security and privacy risks. These are your limited native and third-party options for protecting users and data.

What is application security? A process and tools for securing software

What is application security? A process and tools for securing software

Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Checking for security flaws in your applications is essential as threats become more potent and prevalent.

Is now the time to deploy passwordless options?

Is now the time to deploy passwordless options?

Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.

How to evaluate a CASB

How to evaluate a CASB

All cloud access security brokers share core functionality, but they deliver it differently and they all have unique feature sets. Here's what you need to know before buying one.

5 trends shaking up multi-factor authentication

5 trends shaking up multi-factor authentication

Universal adoption of multi-factor authentication (MFA) is hindered by technical limitations and user resistance, but its use is growing. Here's why.

The top 5 email encryption tools: More capable, better integrated

The top 5 email encryption tools: More capable, better integrated

Most of the email encryption solution vendors have broadened the scope of their products to include anti-phishing, anti-spam, and data loss prevention (DLP).

What is a CASB? What you need to know before you buy

What is a CASB? What you need to know before you buy

Cloud access security brokers have come a long way in a few years and can be an effective way to manage authentication and encryption across cloud and on-premise systems.

Single sign-on solutions: How 9 top tools compare

Single sign-on solutions: How 9 top tools compare

SSO can reduce the risk of weak passwords and administrative overhead associated with managing account access. These are the top single sign-on solutions to consider.

Evaluating DNS providers: 4 key considerations

Evaluating DNS providers: 4 key considerations

DNS attacks are increasing, Is your Domain Name System implementation up to snuff? Here's what you need to know to make sure you have the provider right for you.

How to prepare a SOC-as-a-service RFP

How to prepare a SOC-as-a-service RFP

Here's how one company structured its SOCaaS request for proposal document. Key takeaway: Don't be afraid to ask for too many details.

How to improve container security

How to improve container security

Securing your Docker and container infrastructure will take a combination of policies, explicit tools and careful examination of your apps. Here’s how to do it.

What are DMARC, SPF and DKIM? How to master email security with these protocols

What are DMARC, SPF and DKIM? How to master email security with these protocols

The three main email security protocols complement one another, so implementing them all provides the best protection. That’s easier said than done, but these tips can help.

How polls are hacked: What every business should know

How polls are hacked: What every business should know

The recent revelation that Michael Cohen paid to rig a presidential primary poll underscores the risks they present to business. Here's how to identify and prevent poll rigging.

Building your forensic analysis toolset

Building your forensic analysis toolset

Every security team should have these types of digital forensics tools available. Many are free, and there are enough options to find one that suits your skills and approach.

How to set up a successful digital forensics program

How to set up a successful digital forensics program

The time to set up a digital forensics program is before you have a breach. Here are the decisions you need to make.

Load More