Entries by Lawrence Strauss

Admin access

by
How much thought goes into IT when a business is starting out? Most organizations begin with a single person or a group of like-minded people. That group then expands as business needs evolve and become clear.

Whether or not the organization has IT staff, speed usually wins – it’s rare to give computer use more thought than as a tool for getting work done, storing data, and driving sales.

Reasonable, for sure. But there is one issue that has been wrestled with in computing circles since just about its inception: how much access to give users. Too much, and the system becomes vulnerable in ways that aren’t obvious until something goes wrong. Too little, and access controls start to feel like they’re getting in the way of working … [5 min. read; audio available]

Leaving the key under the doormat? SSO can fix that

by
At the very least the current AI-dominated climate has made attacks more relentless and deceptive.

That means the fundamentals of security need to be in order. If your employees have questionable password practices like easy-to-guess passwords or passwords being reused or if they change passwords just the bare minimum, or are using vulnerable SMS texts as the second security factor, you should consider Bryley’s Single Sign-On (SSO) offering that’s been showing high-adoption because it’s easy to use with a simple interface … [5 min. read]

“Even increased efficiency can create new problems”

by
AI goes fast. And because of this it amplifies the challenges to data security. For one example I saw on the way to posting this interview: in a joint Boston-area-school study of the recent surge in OpenClaw – an autonomous agent intended to take over a machine and work on behalf of the machine’s owner – the variety of security troubles the agent got in surprised even the researchers who were anticipating some problems.

And this brings us to the fundamentals, that brings us to my talk with Masters Academy International (Stow, Mass) data analyst and Bryant University adjunct professor Brian Degon. Previously Brian spent twenty-three years as a data and process analyst for WPI in Worcester, Mass … [5 min. read]

An Uptime Mindset Gives You A Better Way to Think About AI

by
It has been shown that AI models in real-world contexts do not always perform as expected [based on pre-deployment] testing environments. Post deployment issues include … hallucination, sycophantic behavior, security exploits, and false claims … models have been found to detect when they are being evaluated … the variability introduced by AI models, coupled with the many system components … and user interactions, forms a large attack surface –NIST, Trustworthy and Responsible AI

This month the National Institute of Standards and Technology (NIST) issued a report about the challenges of post-deployment testing of AI systems in organizations. Real-world testing has been a standard practice of any tech installation. But AI tools present new challenges.

The report confirms areas of concern NIST raised in its 2023 publications, but with M365 Copilot and other newly mainstream business-use AI, the attack surface has grown … [6 min. read]

The Invisible Infrastructure Report

by
Download Bryley’s report, The Cost of Outsourced IT. It’s available to download with no obligation. The report presents a look at:

Outsourced IT costs depend on your business size, industry requirements, current infrastructure, and growth plans.

For instance what works for a regulated business might be overkill for a startup, while a low price may mean unwanted gaps in protection … [6 min. read]

BYOAI?

by
McKinsey’s 2025 report “Superagency in the Workplace” shows that employers are aware of only one-third of their employees’ AI agent use. And MIT last year showed 90% of workers used AI for their work and only 40% had organization-sanctioned tools. The studies show that employees are not waiting: they’re using personal or unsanctioned AI accounts for their work.

And this creates risk … [4 min. read]

When Passwords Are on the Dark Web

by
At times when Bryley has proposed its Dark Web Monitoring service to clients one thing that shows up for clients a lot is old passwords that haven’t been used in years.

On the surface that may feel like a relief, but that’s not the whole story.

That old password in the report comes associated with a company email address. If that address is active, criminals have the start of a dossier … [5 min. read]

2025: milestones met through collaboration

by
In 2025 Bryley increased its R&D spending and as a result bolstered clients’ AI-powered defenses, deploying products that do different and specific tasks, but with some overlap, an emerging part of a layered defense approach.

AI defenses work along the general premise that when an action occurs or data is accessed in an unexpected way, the action can be halted and a human investigator notified to learn if the action was benign or malicious. These tools are helpful as criminal attacks have been developed that can shape-shift to evade the standard means of detection … [7 min. read]

There’s maybe an AI for that

by
Before 1960, postal employees cancelled stamps strictly by hand. When commercial mail volumes exploded, the post office introduced automated cancelling. It was poorly received – replacing people and that sort of thing.

Recently the post office announced it’s changing the date-stamping part of its automation. It now makes more sense to the USPS to hand-stamp the few pieces that still need today’s date recorded on the mailpiece. Automation routines are not permanent – it only makes sense when the volume justifies the complexity.
You may have looked around your place of business and thought, ‘there must be waste in the routine and manual.’ Three years ago ChatGPT arrived with an influx of automating-promising AI tools. Because of the endlessness and variety of internet promises, it’s easy to not think strategically about what AI can realistically do for your organization … [4.5 min. read]