“Once we choose distributors, we inform them we’re not going to situation a password or perhaps a token or a key, these are all examples of static authenticators,” he says. “However we’re additionally practical, so if there’s a product we want that requires passwords, then we require passwords to be rotated incessantly. For us, the usage of static credentials has turn out to be the exception, not the rule.”
2. Obligatory scheduled penetration testing
Though not a particular security device, however necessary scheduled pen testing is cited by some as an outdated technique.
Attila Torok, CISO at tech firm GoTo, for one, believes these once- or twice-a-year penetration checks finished to fulfill regulatory or vendor necessities don’t successfully consider a company’s true security posture. Reasonably, he says they seize solely a snapshot of the surroundings’s security at one date in time.
