Andy Harris

Chief Technology Officer

In a long and distinguished career, including being Technical Director at Integralis, Andy has invented many leading-edge technologies including IP Network Translation Gateway, Print Symbiont Technologies for LANbased printers and Disaster Master, a technique of continuously updating a backup site with mirrored data. As one of the Co-Founders and CTO of MIMEsweeper, Andy was the creator of the world’s first content security solution which became the default product in its space. Andy went on to start WebBrick Systems which was one of the pioneering Home Automation technologies, also a forerunner to what we know as IOT devices today. As Engineering Director, Andy has created and patented several core components in the Osirium product family.

Andy Harris

's posts

Andy Harris
19
July 2022

Ransomware Payload Types Including Brickers and Wipers

Ransomware covers many different types of attack, the latest being "Brickers" and "Wipers" find out more and how to defend against them in this blog.

Andy Harris
25
March 2022

How Does Privileged Process Automation (PPA) Work?

Privileged Process Automation (PPA) can be transformative for IT Process Automation, find out how ....

Andy Harris
21
January 2022

AutoCAD and Local Admin Accounts - the risk and resolution

Removing the risk of local admin without impacting AutoCAD users

Andy Harris
14
December 2021

Apache Log4j Vulnerability

A critical vulnerability has been found in Log4J - Osirium products are not affected, find out why ...

Andy Harris
1
December 2021

Passwordless Authentication for PAM with Authlogics

Passwords are not a great way to protect systems used by human beings. With Authlogics, PAM access can be secure without passwords. Learn more ...

Andy Harris
14
June 2021

Implementing Zero Trust with Osirium products

Zero Trust architecture is the best way to protect against infection by ransomware or malware, but needs careful planning. Learn more in this blog.

Andy Harris
21
April 2021

Supply Chain Threats And MSPs

Many organizations depend on MSPs and MSSPs. This article discusses why MSP security is critical to protect themselves and their clients.

Andy Harris
8
April 2021

Ransomware: The threat and blocking lateral movement

Understanding the threat and blocking lateral movement from ransomware

Andy Harris
5
February 2021

What is Privileged Access Security?

At Osirium, we believe that Privileged Access Security is a combination of three fundamental functions that use three foundation technologies

Andy Harris
2
February 2021

Are PAM and IAM the same? Let us explain the difference

Both IAM and PAM are critical areas of cyber security delivering protection to different audiences, but what are the differences are they both needed?

Andy Harris
12
January 2021

Protecting backups with PAM

Backups are absolutely so need careful protection. That's why you must use PAM to access backup management systems like PAM. Find out more ...

Andy Harris
10
November 2020

Cloudifying Multi-Factor Authentication for PAM with RSA

The combination of Osirum Privileged Access Management (PAM) with RSA Identity Provider makes a powerful and flexible cloud-based privilege access solution.

Andy Harris
27
October 2020

IAM v PAM - best option for user security?

IAM and PAM may seem like duplication or in competition but in reality, they're both needed for a single pane of glass security posture. Find out why.

Andy Harris
9
September 2020

Patch Tuesday Made Easy - With Privileged Process Automation

Managing patches to an estate of Windows is a major effort. Privileged Process Automation (PPA) can accelerate and simplify the whole process, see how ...

Andy Harris
3
September 2020

Adaptive Authorisation vs Adaptive Authentication

Automation is great but it has to be smart to decide when changes are safe and when more review and approval is needed. See how PPA does Adaptive Authorisation

Andy Harris
15
July 2020

Privileged Access Security - A Deeper Dive

Privileged Access Security should be a priority. Osirium CTO, Andy Harris, explains why and lays out the roadmap for a solution.

Andy Harris
29
June 2020

Some Inconvenient Truths About Credentials and Remote Access

In general VPN access is more risky than office based access, and there are some uncomfortable truths about humans and credentials.

Andy Harris
27
April 2020

PIM, PUM and PAM explained

Here’s a quick rundown of all these terms, what they do, and which bits of the Platform performs them:

Andy Harris
2
April 2020

Managing Developer's Systems with PEM

Developers need to install and configure Visual Studio and various add-ins to do their work. PEM lets them do their work without needing local admin rights

Andy Harris
11
October 2019

Instant Internal Auditing with PAM, SIEM and Slack

For many organisations, Slack has become the central core of communications between processes and people.

Andy Harris
17
September 2019

PAM - Fault-Tolerant and Highly-Available

We’re often asked about high availability and fault tolerance for Osirium PAM

Andy Harris
28
August 2019

Controlling AWS Costs with PPA

Controlling AWS costs usually needs an Admin account and specialist knowledge. With PPA, anyone with the right role can do it.

Andy Harris
9
August 2019

Auditing Privileged Access Management

Where would the investor confidence be without the governance...

Andy Harris
8
August 2019

Five Reasons Why You'll Sleep Better with Osirium's PAM

If you’re an IT manager or strategist, you want to spend your time developing systems and solutions that propel your business forward, in an ideal world …

Andy Harris
30
July 2019

Multi-Factor Authentication: Osirium PAM and OneLogin

Osirium PAM provides Privileged Access Management (PAM) using the principle of identity-in / role-out

Andy Harris
12
June 2019

Why you need PAM for Process Automation

In this post, we're going to look at some aspects of automating a privileged process

Andy Harris
31
May 2019

Privileged Access to Web Apps – A Magical Solution

One of the distinct advantages of Osirium PAM is its ability to deliver Privileged Access Management (PAM) to a very wide range of systems

Andy Harris
24
May 2019

Securing Third Party Access

There’s a lot of good that can be achieved when working closely with third parties, but there are also a lot of risks

Andy Harris
14
February 2019

The journey through PAM, PTM and onto RPA

Secure automation needs more than just robots, you need privileged process automation.

Andy Harris
11
February 2019

What is Privileged Robotic Process Automation?

Here, we are going to outline the differences between Robotic Process Automation (RPA) and the Privileged version (PRPA)

Andy Harris
8
February 2019

Privileged Access Management – Common Use Cases

PAM (Privileged Access Management) solutions are built to control access to Privileged Accounts to drive security. Here, we will outline some of the common use

Andy Harris
10
January 2019

Why NHS security needs a new approach to PAM

Osirium’s PAM is specially designed to stop cyber-attackers from hacking NHS operations

Andy Harris
10
December 2018

Privileged Pixel Management – A New Form of PAM

If your Christmas party needs its people separated from pixels then PPM is not a product that we ship. Of course you can use PAM Express :-)

Andy Harris
28
November 2018

Sharing Privileged Accounts With Third Parties

In this article, we'll look at customer, MSP and contractor sides of this issue. Outsourcing work to a third-party is a frequent occurrence.

Andy Harris
27
September 2018

IoT, Internet of Things is not a good term…

First off, the first main issue is the word 'Things', it is too general. Things break down into different categories

Andy Harris
27
September 2018

What are the different approaches to digital transformation

We're always intrigued by the wide range of descriptions of ‘digital transformation’ here are a few considerations

Andy Harris
21
September 2018

Osirium and RazorSecure Strategic Alliance

Strategic alliance means sharing ideas, code and pre-production demostrations along with modifications to our main products.

Andy Harris
9
August 2018

How to separate your business from cyber-attacks

The cybersecurity landscape is ever changing. New threats appear daily, and the techniques used by attackers continuously evolve.

Andy Harris
29
June 2018

Multi-factor Authentication in Osirium PAM 6.1.0

Since Osirium PAM is an 'Identity In - Role Out' product, the quality of identity proof is crucial in highly secure environments.

Andy Harris
27
June 2018

Using SSH Keys for Authentication in PAM

Osirium PAM can use both passwords and SSH Keys for the role-based connections where the device supports keys.

Andy Harris
18
June 2018

DevOps guide to Privileged Account & Credential Security

DevOps is hard enough, don't let the risk of exposing credentials make it worse.

Andy Harris
4
June 2018

Why PAM should be on every Operations Managers’ wish list

Operations Managers are at the centre of IT production, running the systems, applications and infrastructure that are the lifeblood of the organisation.

Andy Harris
13
May 2018

PAM Express Introductory Video Series

A new set of tutorial videos to get you up and running fast

Andy Harris
4
April 2018

Robotic Process Automation (RPA) and Task Automation

Robotic Process Automation (RPA) within our solutions for more than eight years in our Privileged Task Management module.

Andy Harris
28
March 2018

Database Task Automation for Asterisk (AsteriskNOW)

Like most sales managers, our internal sales manager needed access to the Call Record Database of our AsteriskNOW implementation.

Andy Harris
16
March 2018

Using Elastic Stack with Osirium PAM

Here’s the How-To video for using Osirium PAM with Elastic Stack.

Andy Harris
15
March 2018

Implementing the Dual Account model with Osirium PAM

The Dual Account model has long been best practice amongst SysAdmins and DevOps. This blog explores what the model entails.

Andy Harris
26
February 2018

Benefits for the Board when you choose Osirium’s PAM

Osirium's PAM provides many business benefits that will keep the Board happy.

Andy Harris
26
February 2018

Meeting significant GDPR needs using Osirium’s PAM

Here’s the problem for Osirium; Every cyber security company out there is suggesting that they address GDPR requirements.

Andy Harris
22
February 2018

Responding to the unique needs of M(S)SP’s

Managed Security Service Providers face differing challenges to other industries we serve. With GDPR on the horizon, we discuss these unique needs.

Andy Harris
21
February 2018

Building a coping mechanism for data breaches

Breaches may be daily news, but they will always be a significant worry for business stakeholders

Andy Harris
21
February 2018

Cybersecurity – Making it everyone’s business is futile

Let’s discuss the value of the cloud and outsourcing, not regarding cost, but security

Andy Harris
8
February 2018

NHS Cybersecurity #2: People and Passwords

NHS seeks to improve, the outsourcing of IT contracts has increased, and data security controls that should protect staff and patients

Andy Harris
1
February 2018

Least Privileged Model with PAM

Least Privileged Model – It’s accepted knowledge that a least privileged model are good for security. They limit what a person, system or code base can do

Andy Harris
24
January 2018

MAP Server – Protecting legacy applications

At Osirium, we created our Management Application Proxy Server (MAP Server)

Andy Harris
11
January 2018

Cybersecurity in the NHS #1: Protecting the NHS

A colossal 40% of malware attacks in the UK are made against public sector institutions

Andy Harris
14
October 2017

When your biggest problems solved, you look to the next one

The difference between what the Osirium PxM Platform is purchased for, and what our longstanding customers actually do with our products

Andy Harris
14
August 2017

So What’s Wrong with Blacklisting Commands?

For example, your organisation thinks it is a good idea to blacklist the ‘rm’ command. Let’s consider the difference between these command sequences

Andy Harris
7
April 2017

Notes from the Fraud Tube Spring Event

With a new format covering the best part of the day and into the night, there was an eclectic mix of presentations prompting us to really think about...

Andy Harris
7
April 2017

World Economic Forum Rates Cyber Attack Risk

We’ve reworked the data to show both the risks in terms of impact and probability along with the trends

Andy Harris
28
March 2017

Privileged Task Management – Busy Work versus Thinking Work

In the world of DevOps there are two types of work, ‘busy work’ and ‘thinking work’. Your staff will be very clear about which they prefer doing

Andy Harris
9
March 2017

Osirium PAM ServiceNow Integration

Taking Privileged Access Management (PAM) one step higher in security and compliance

Andy Harris
28
October 2016

Creating resilience through security cells

Osirium believe that the following issues are the main contributors and share with you how our PxM Platform combats them

Andy Harris
22
September 2016

The Cost of Uncertainty

Today we’re hearing about the aftermath of an attack

Andy Harris
6
September 2016

Two Ideas

We’ve heard a couple of deployment ideas recently

Andy Harris
19
May 2016

Early versus late data breach outcomes

We spent some time looking at the outcomes for companies that were the victims of cyber breaches

Andy Harris
20
April 2016

IAM Round Table Notes

Yesterday we attended a round table session about building effective Identity and Access Management solutions

Andy Harris
12
November 2015

The JPMorgan Breach and the Problem with Passwords

Earlier this week US investigators charged three men after a multi-year cybercrime campaign

Andy Harris
5
November 2015

The year of the weekly data breach

Data breaches have fast become the scourge of modern enterprise

Andy Harris
23
October 2015

Separating people from passwords

Rigorous password policies are creating the exact opposite of their intended outcome

Andy Harris
6
October 2015

Osirium as an Identity Federator

The identity market has been getting stronger, it needs to get stronger as more and more business functions migrate to the cloud.

Andy Harris
26
September 2015

Want to Follow GCHQ’s Best Practise Password Advice?

If the documents leaked by NSA whitsleblower Edward Snowden are anything to go by, GCHQ knows a thing or two about exploiting security weaknesses.

Andy Harris
16
September 2015

US 30-Day authentication sprint points the way

The US OPM hack exposed – potentially to a nation state

Andy Harris
3
August 2015

Highlighting the weakness of human generated passwords

Passwords are one of the biggest threats to enterprise data security around today

Andy Harris
28
July 2015

How to present Cyber Security issues to the Board

If you’ve never attended a board meeting before I’ll try to give you a flavour of what happens

Andy Harris
27
July 2015

Why do IT administrators want Identity & Access Management?

IAM provides a wealth of operational conveniences alongside its security benefits

Andy Harris
23
July 2015

CISO Message to the Board about Breaches

Influence is often limited in the face of perceived business requirements

Andy Harris
8
July 2015

Another Reason to Ditch Out-of-Date Password System

At Osirium, we believe in the need for a new approach to authentication

Andy Harris
26
June 2015

What We Can Learn From the OPM Breach

Why are account credentials from privileged users so sought-after by attackers?

Andy Harris
26
June 2015

How Osirium defends against real world attacks

Dealing with the Insider and Third Party threats

Andy Harris
26
June 2015

How Osirium PAM defends against real world attacks

There is a serious threat against privileged accounts

Andy Harris
17
June 2015

Protecting POS: Guarding Privileged Remote Accounts

Hackers have infiltrated POS systems via third party providers

Andy Harris
21
May 2015

Solving PuTTY Threats with Privileged Access Management

IT leaders must consider their department as a major target for advanced attackers and take appropriate steps to mitigate that risk

Andy Harris
20
April 2015

Research Points Out Perils of Password Shoulder Surfing

The results should give IT managers plenty to think about

Andy Harris
17
April 2015

What is Shoulder Surfing?

Shoulder surfing, as the name suggests is the nefarious art of reading a sensitive piece of information over a user’s shoulder.

Andy Harris
26
March 2015

GCHQ - Privileged Account Abuse

Much of the talk in IT security circles over the past week has been centred around new guidance for businesses from the UK’s spy agency.

Andy Harris
9
March 2015

Targeted Attacks: Fight Back with password management

Targeted attacks have been around for probably a lot longer than many people think

Andy Harris
3
February 2015

Passwords aren’t the problem – people are

When the passwords meet people that the security breaks down

Andy Harris
22
August 2014

Osirium is great for meeting MAS/TRM compliance

Since the Monetary Authority of Singapore issued their Technology Risk Management Guidelines they have achieved a lot of traction with compliance officers.

Andy Harris
25
July 2014

Why do IT administrators want automation?

So why did a large proportion of administrators think that automation would make their life easier?

Andy Harris
22
April 2014

Where Osirium fits into the Cyber Security Market

In today’s hybrid-cloud era, the privileged insider and outsider have become inter-changeable

Andy Harris
1
April 2014

Usability

Osirium’s focus on Workflow usability means that organisations can benefit from security and productivity in tandem.

Andy Harris
10
March 2014

Protecting MSSQL from the Insider threat

IT Security is a very wide ranging subject. At Osirium we like to think of its application to the business stack.

Andy Harris
11
December 2013

Have I been pwned?

How to check if your password has been "pwned"

Andy Harris
26
July 2013

Why do IT administrators want centralised management?

Why do IT administrators want centralised management?

Andy Harris
25
July 2013

UK businesses need to review privilege policies

UK businesses warned to urgently review privileged credentials policies

Andy Harris
12
June 2012

UK businesses admit to over-privileging IT staff

UK businesses admit to over-privileging IT staff - find out why it's not a good idea!

Andy Harris
9
May 2012

Delegation failures suffocating UK businesses

Delegation failures suffocating UK businesses

Andy Harris
3
April 2012

Back-up protocols often ignore security devices

Review back up policies that extend beyond file servers and user access devices.

Andy Harris
28
September 2011

Deceptive IT practises put Audits at risk

Osirium has today released findings from a new, independent, security focused research report.

Authors

Andy Harris
Carlos Ruiz
David Guyatt
Mairi Chisholm
Mark Warren
Osirium
Tom Hills