Are you sure about that? My understanding is that the insurance company will only pay up to the level of coverage that you have. Anything beyond that is still your liability.

SAML repository for authentication so that we can treat it as much as possible like an extension of our general security stance with password attempt monitoring, rate throttling and attack blocking, user lockout, etc.

You sir, sound like you know what you are doing.

Do you ever have attempts coming back from any of your vendors?

Or is the vendor simply passing data back to you about when accounts from your site are used in failed logon attempts to the cloud apps, via whatever their presentation layer is?

A typical SaaS vendor has numerous clients, all with varying levels of sophistication in their password and identity management procedures.

As if the need to ensure tenant isolation does not put enough pressure on the architects, they also have to worry about how well their customers are securing their own staff. The smart ones are doing Federation for predictable data transfers, and two-factor to secure the application layer. Even then, the legal people still make them sign disclaimers that ultimately, data breaches due to compromised credentials are the responsibility of the authorized bearer of the credentials.

It sucks to have to secure a slew of web servers, especially for those who have to run LOB apps on Windows platforms. VDI is being used pretty heavily on that front prevent information leakages. It's cheaper to spin up a session for them via a webpage, than it is to trust that their client is secure. Not to mention easier to maintain and troubleshoot. Staff can shunt the user to a clean session, shadow it, hold the user's hand through whatever.

On the plus side, with a good cloud provider, when your datas get pwnt, it is replicated somewhere else. Maybe even on tape in some cold, humidity controlled warehouse. Because no matter how good security is, sooner or later, it will get compromised.

At that point though, it is all about RTO/RPO which is outside the scope of security. BTW even with LTO6, restore rates from cold storage still blow.

Step out from behind your fear, AC. It is easy to sling mud when nobody knows who you are.

I see the geo-engineering deniers are out in force today with their mod points.

Go ahead and ignore what is hanging above your heads. I have made my peace with it already.

I am not sure why people get so defensive whens someone points out that they are trying to make it rain over California, a state that is experiencing its worst drought in decades.

One would think that I was touting conspiracy theories about the Illuminati trying to poison the masses with aerial bombardments of bacteriological agents.

Some data where desalinization projects did not go through due to greed on the part of the incumbent water utility.

I am curious because I used to live in a city that used desalinization. I always wondered why it was not more widely adopted. Everything that I found led me to believe that the root cause was due to the cost of energy required to make the process work.

Do you have any data to back up those assertions?

How old are you?

How long have you been looking at contrails?

I am not sure desalinization is not viable due to the cost of the technology, or due to the infrastructure required to get the water from the coast, up over the mountains and into the Central Valley where all of the farmland is.

I call bullshit on "the first". I do not know what is going on in the rest of the world, or even the rest of the United States, but geo-engineering is happening nearly every day in California. Jets are creating clouds on a daily basis. Just search Google image for "Chemtrails" and you can see plenty of evidence, from the clouds themselves, to the interior shots of the planes with all of the tanks and pipes and systems for creating the clouds.

The results are real. Just last week we had tropical storm level winds and snow at less than 1000 feet. That is in Southern California, which is a desert climate.

I believe that they are doing everything that they can to keep the state's agricultural economy from cratering. Too much of the Western United States is dependent on California's agriculture. The drought has the powers that be more worried than they are letting on to.

Because life is not a TV and people who deal with the public for a living, especially detectives and trained investigators, know how to read people.

It is a combination of a previous back injury, a bunch of poor dietary and health choices, and a genetic predisposition to weight gain.

I have talked to him about it as much as I feel like I can. Like I said, I care about the guy. It is just that my hands are tied.

And, he's not a single point of failure, but the organization would feel the loss.

As a practical matter, a lot of valuable talent is not healthy.

This is so true. It is difficult to deal with as a boss and even more so as an employer. One of my guys is seriously over weight, and has a number of health complications that come with it. He is also highly intelligent and very capable. It is challenge because I want to be able to depend on him, and for the most part I can. But I also have to mitigate risk and make sure that there are people shadowing his projects and documenting his recommendations so that they can carry on if the time comes that he is no longer able to come into work.

As his boss, I want to have a legitimate, sincere conversation with him about his health and his value to the company. I also want to have it with him as a friend and someone who cares about him. But due to the way employment law works, I have to avoid the subject.

What is the risk of continuing to use passwords?

What is the cost to the business if the risk of continuing to use passwords is realized?

What is the cost of implementing an alternate system? Be sure to include the costs in training, process re-engineering, systems re-engineering, etc.

What value, if any, is generated by replacing passwords?

Unless the money you are going to spend is either going to generate more money for the business than the dozens of other projects that are competing for resources, you practically have zero hope of your change being embraced.

While some organizations are risk adverse to the point where they will act on them, more often than not unless you or your direct supervisor are liable for mitigating the risk, you are doing your career a disservice by raising the risk.

Guilty by association. Usually gang members who are not hard core / have not been charged with a crime before... yet always seem to be nearby when things are happening. See the above comments about 'uncooperative witnesses'. While freedom of speech protects a person's right to throw up gang signs and tell an officer to go fuck themselves, and dress just like the gangsters who are dealing drugs and breaking into apartments... we do have a system that still vaguely upholds the ideal of 'innocent until proven guilty'.

Think of petty crimes. Out after curfew for example. Police pick someone up for a curfew violation. District attorney has too many cases and refuses to prosecute. The person has 'broken the law' but 'not been charged'.