Entries by Lawrence Strauss

The visibility gap on the way to CMMC Compliance

by
In a small business with a million and one things to do – At the end of last year, a machine shop that had been supplying small parts to a defense contractor was audited on its handling of CUI (Controlled Unclassified Information). CUI is not classified military intelligence; it’s working documents like technical drawings, specs, contract pricing and supplier information. The audit showed that the shop couldn’t fully account for how CUI was being handled. The situation had to be remedied immediately or the contract was in jeopardy. No one had been intentionally negligent, and this needn’t have been an emergency — if the machine shop had understood the importance of being able to show its work … [6 min. read; audio available]

Admin access

by
How much thought goes into IT when a business is starting out? Most organizations begin with a single person or a group of like-minded people. That group then expands as business needs evolve and become clear.

Whether or not the organization has IT staff, speed usually wins – it’s rare to give computer use more thought than as a tool for getting work done, storing data, and driving sales.

Reasonable, for sure. But there is one issue that has been wrestled with in computing circles since just about its inception: how much access to give users. Too much, and the system becomes vulnerable in ways that aren’t obvious until something goes wrong. Too little, and access controls start to feel like they’re getting in the way of working … [5 min. read; audio available]

Leaving the key under the doormat? SSO can fix that

by
At the very least the current AI-dominated climate has made attacks more relentless and deceptive.

That means the fundamentals of security need to be in order. If your employees have questionable password practices like easy-to-guess passwords or passwords being reused or if they change passwords just the bare minimum, or are using vulnerable SMS texts as the second security factor, you should consider Bryley’s Single Sign-On (SSO) offering that’s been showing high-adoption because it’s easy to use with a simple interface … [5 min. read]

“Even increased efficiency can create new problems”

by
AI goes fast. And because of this it amplifies the challenges to data security. For one example I saw on the way to posting this interview: in a joint Boston-area-school study of the recent surge in OpenClaw – an autonomous agent intended to take over a machine and work on behalf of the machine’s owner – the variety of security troubles the agent got in surprised even the researchers who were anticipating some problems.

And this brings us to the fundamentals, that brings us to my talk with Masters Academy International (Stow, Mass) data analyst and Bryant University adjunct professor Brian Degon. Previously Brian spent twenty-three years as a data and process analyst for WPI in Worcester, Mass … [5 min. read]

An Uptime Mindset Gives You A Better Way to Think About AI

by
It has been shown that AI models in real-world contexts do not always perform as expected [based on pre-deployment] testing environments. Post deployment issues include … hallucination, sycophantic behavior, security exploits, and false claims … models have been found to detect when they are being evaluated … the variability introduced by AI models, coupled with the many system components … and user interactions, forms a large attack surface –NIST, Trustworthy and Responsible AI

This month the National Institute of Standards and Technology (NIST) issued a report about the challenges of post-deployment testing of AI systems in organizations. Real-world testing has been a standard practice of any tech installation. But AI tools present new challenges.

The report confirms areas of concern NIST raised in its 2023 publications, but with M365 Copilot and other newly mainstream business-use AI, the attack surface has grown … [6 min. read]

The Invisible Infrastructure Report

by
Download Bryley’s report, The Cost of Outsourced IT. It’s available to download with no obligation. The report presents a look at:

Outsourced IT costs depend on your business size, industry requirements, current infrastructure, and growth plans.

For instance what works for a regulated business might be overkill for a startup, while a low price may mean unwanted gaps in protection … [6 min. read]

BYOAI?

by
McKinsey’s 2025 report “Superagency in the Workplace” shows that employers are aware of only one-third of their employees’ AI agent use. And MIT last year showed 90% of workers used AI for their work and only 40% had organization-sanctioned tools. The studies show that employees are not waiting: they’re using personal or unsanctioned AI accounts for their work.

And this creates risk … [4 min. read]

When Passwords Are on the Dark Web

by
At times when Bryley has proposed its Dark Web Monitoring service to clients one thing that shows up for clients a lot is old passwords that haven’t been used in years.

On the surface that may feel like a relief, but that’s not the whole story.

That old password in the report comes associated with a company email address. If that address is active, criminals have the start of a dossier … [5 min. read]

2025: milestones met through collaboration

by
In 2025 Bryley increased its R&D spending and as a result bolstered clients’ AI-powered defenses, deploying products that do different and specific tasks, but with some overlap, an emerging part of a layered defense approach.

AI defenses work along the general premise that when an action occurs or data is accessed in an unexpected way, the action can be halted and a human investigator notified to learn if the action was benign or malicious. These tools are helpful as criminal attacks have been developed that can shape-shift to evade the standard means of detection … [7 min. read]