The Security Ledger Podcast

The Security Ledger Podcast


Episode 146: Elections Loom, Political Parties struggle with Cyber Security and Securing Cloud with Aporeto’s Amir Sharif

May 22, 2019

In this week’s episode, #146: we speak with the researchers behind a new analysis of more than 20 political parties in the US and Europe showing that many suffer from poor cyber security. Also: DEV-OPS methodologies are transforming the way organizations are creating and consuming software. But security technology is stuck in the past. In our second segment, we speak with the  Amir Sharif of the firm Aporeto*, a provider of identity-based access control for the cloud. 

It’s the Cyber Security, Stupid!

There is ample evidence that nations like Russia, China and Iran are interested in inserting themselves into elections in the West as a way to influence the outcome in their favor. Whether or not they will succeed depends, in part, on the cyber security of political parties in the U.S. and Europe. That’s why a new study from the firm SecurityScorecard is reason for concern. 

The survey of more than 20 political parties in the EU and four major political parties in the U.S. found indicators of poor security hygiene in almost all political parties. Those ranged from expired web site certificates to insecure web applications and evidence of malware and botnet infestations. 

Still – the news wasn’t all bad. To get a better sense of what political parties are getting wrong (and right) we invited two of the study’s authors in to speak with us. Jason Casey is the CTO  and Paul Gagliardi is the director of threat intelligence  at Security Scorecard. 

In this conversation, Paul, Jason and I talk about their survey of political party cyber security hygiene and how weak party cyber security can contribute to disinformation campaigns designed to undermine public faith in the election system. 

Cloud is the Future, so why are Security Tools stuck in the Past?

Change is afoot in the enterprise. The embrace of DEV-OPS methodologies is fast replacing monolithic software stacks with more nimble, distributed architectures. At the same time, organizations are swapping out physical data centers and moving workloads to both public and private clouds. 

But all that change brings with it cyber risk and security technologies are generally stuck in the past: assuming more static environments with on premises, physical IT assets.

In our second segment, we’re joined by Amir Sharif, the co-founder of the firm Aporeto which provides identity based access control for users and applications in hybrid on premises and cloud environments. In this conversation Amir and I talk about how DEV OPS and cloud are transforming risk – and security – for enterprises.  

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher,