Daily Tech Digest - August 30, 2019

Cybersecurity Readiness: A Must-Have For Digital Transformation Success

On the flip side, digital transformation greatly expands the cyberattack surface, providing more potential targets for cybercriminals and nation-state adversaries. One estimate from Juniper Research shows that cybercrime will cost businesses a total of over $8 trillion by 2022. The unfortunate reality is that crime does pay, and techniques used to capitalize on technology vulnerabilities or the inherent trusting nature of humans are constantly being refined. As more devices and applications connect to the enterprise and workforces continue to become more globally widespread, potential pathways to successful infiltration will increase. Digital transformation requires solid security. Security is the enabler of successful digital transformation. It’s a veritable catch 22 -- forgo digital transformation and risk falling behind or fully embrace it and risk greater instances of compromise. As an experienced leader of many organizations, I can tell you ignoring technological progress is never a good option -- it's actually a quick way for seemingly innocuous competitors to capture marketshare. So how should businesses tackle digital transformation in relation to cybersecurity?

How to mitigate IoT security risks to tap business benefits

By far, one of the most effective IoT security services that any business can invest in, says Burns, is mobile device monitoring. “While end-to-end encryption and siloed networks are essential, there’s nothing more crucial than knowing the current status of all your IoT devices in real-time,” he says. While there “countless ways” IoT devices can benefit modern businesses, Burns says that in the light of potential IoT device vulnerabilities, it is important for enterprises to identify the risks and challenges to ensure that all internet-connected devices are secure  Surveying 950 IT and business decision makers globally, Gemalto found that companies are calling on governments to intervene, with 79% asking for more robust guidelines on IoT security, and 59% seeking clarification on who is responsible for protecting IoT. Despite the fact that many governments have already enacted or announced the introduction of regulations specific to IoT security, most (95%) businesses believe there should be uniform regulations in place, a finding that is echoed by consumers, with Gemalto research indicating that 95% expect IoT devices to be governed by security regulations.

Weigh infrastructure as code risks against the benefits

Infrastructure as code creation is not a step-by-step process detailed in a textbook. IaC development depends as much on business needs and processes as the infrastructure engineer who writes it. Infrastructure code functions similarly, but its development is unique to its writer. Personalized or specialized code isn't problematic for an IT organization -- unless the code writer leaves the company before it retires. Then, a new admin must make sense of an unfamiliar, highly personal code base. Once again, the problem lies in scope and effect. To take over an application role or server role is a challenge, but something with which most IT admins have some level of familiarity. It isn't the code itself that proves problematic for fresh eyes, but rather its construction and documentation. And, because of its ultimate range of effect, odds are slim that a new admin will be able to run trials in a sandbox before the code is needed in production.

What Is Cyberthreat Intelligence, and Why Do You Need It?

Along with providing your company the proper tools to stymie any cyberattacks, cyberthreat intelligence can determine if you've already had a security issue. Through the use of indicators of compromise (IOC), intelligence analysts can determine whether your systems have been hit with malware that, if left undetected, could spell trouble in the form of stolen sensitive data. One type of malware that's commonly used is spyware, which can be installed on a system without your knowledge to obtain internet usage data and other sensitive information. In a business setting, this could be credit card information, customers' and employees' personal information, and other valuable data. Malware can become a costly problem for any business. For example, one piece of malware named Ryuk caused major headaches for some organizations throughout the United States at the end of 2018 and early 2019. As a piece of ransomware, which locks systems down before demanding payment for the user to gain access, Ryuk specifically targeted organizations that run on strict timetables ...

What is SAFe? The Scaled Agile Framework explained

What is SAFe? The Scaled Agile Framework explained
The Scaled Agile Framework encompasses a set of principles, processes and best practices that helps larger organizations adopt agile methodologies, such as Lean and Scrum, to develop and deliver high-quality products and services faster. SAFe is particularly well-suited for complex projects that involve multiple large teams at the project, program, and portfolio levels. The current version, SAFe 4.6, focuses on five core competencies that help enterprises to “successfully navigate digital disruption and to effectively respond to volatile market conditions, changing customer needs, and emerging technologies,” according to Scaled Agile, the framework’s provider. ... While SAFe focuses on alignment, teamwork, and provisioning across a large number of agile teams, there are other popular frameworks for scaling agile at larger organizations, including Large-Scale Scrum (LeSS) and Disciplined Agile Delivery (DAD). It is important to understand each of these frameworks so that your organization can select the best option for your projects.

How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks

When we talk about how we advanced in the cloud kind of over the last 10 years, we're talking about people that are transitioning to the cloud. We talk about people that are in the cloud, but when they want to build on top of the controls they have currently. So when you think about security protection, a lot of these are imposed upon us where I have a regulation that I have to meet. And so that's how I kind of take those business requirements, those security requirements, and I transferred that to the cloud. Well, now we have so much more tooling and cloud that we're saying, "Hey, there are ways to enhance that security posture with new tools that are cloud relative, things like DevOps methodologies," and that's where it starts. So now that we have more people that own the process, that own the security process, we can not just get to the executives that are trying to say, Hey, let's implement these security policies, but now we're getting to the developers, we're getting to practitioners, we're getting to even the compliance folks that need to be aware of security, aware of even privacy and how to implement that as we're building applications, as we're building tools within our organization.

How to build AR apps for the enterprise and beyond

How to build AR apps for the enterprise and beyond image
Selling the idea to key stakeholders can be the biggest challenge of the whole AR implementation process. Many see AR as an entertainment tool rather than a business one. It can be a hard convincing an organisation to change its current processes if they do not see the business value. Resistance to new technology is common; you must have a tangible “why” to present to your business. The key to success is knowing who your stakeholders are. We were lucky that our CEO and founder, Jon Oringer, welcomes and encourages innovation. He fully embraced the idea of introducing AR to our business, but not all stakeholders are quite as open to transformation. Not everyone will have basic background knowledge of the technology, so make the AR concept you are presenting digestible and visual – what you are selling is a visual concept, after all, so let it tell the story. I like to provide examples that stakeholders might not know about, such as the Pepsi bus stop or Microsoft’s partnership with BAE (see both videos below). Examples help stir the imagination of your stakeholder. Then, if possible, aim for the output of an AR implementation to be measurable. This will help develop the technology down the line and prove the benefits of the adoption to stakeholders.

Overburdened SOC Analysts Shift Priorities

It's a vicious cycle: Much of the stress in the SOC comes from analysts surrounded by too many security tools that don't work well together or that they don't have time or resources to fully master, as more alerts bombard their screens every day. They just don't have the time or expertise to master the tools, or stay on top of the alerts these systems pump out. "More security sensors and log sources containing more signatures of potentially malicious activity combined with exponential IT growth — and a dramatic increase in malicious attacks," Calvert explains. He says SOCs should measure the time and effort spent on false positives and automate the process where they can. The noise and overload of tools and alerts can escalate quickly, according to Larry Ponemon, president of the Ponemon Institute. "A lot of research studies find the whole issue of interoperability and scalability is largely ignored and as result, the technologies don't actually work together, and you have more [tools] than you need," Ponemon says. An overwhelmed SOC can result in dangerously long times to resolve and remediate an attack.

Buying a Windows laptop? Five must-have features for my next notebook

Most business-class laptops today are designed as if they were little high-definition TVs, with a widescreen display whose aspect ratio is 16:9. That's the optimal configuration if you're watching a full HD movie, but it feels unbearably cramped when you're trying to get work done. The much more productivity-friendly display option is the 3:2 aspect ratio found on every Microsoft Surface laptop since the Surface Pro 3. That design results in a taller screen that easily accommodates two documents snapped into side-by-side windows. I wish more manufacturers would embrace that design, but the economics of the PC business apparently make it cost-prohibitive; the only recent exception I could find is from is Huawei. ... The advantage really becomes obvious on a device equipped with an eSIM, which can be configured through software and doesn't require a physical SIM card (although that option is available). On the ARM-powered Lenovo Yoga C630 PC I've carried on several recent trips, I can switch in seconds between mobile carriers. That's especially useful when traveling overseas where high-speed mobile data might be unavailable or an expensive option from your service provider.

VMware touts hyperscale SD-WAN

SD-WAN  >  The concept of a visual transition from hardware cables to software code.
“The package is a much simpler way for customers to quickly set up a modern SD-WAN, especially for those customers who don’t have a lot of IT personnel to handle setting up and configuring an SD-WAN,” Uppal said. “Branch office networking can be complex and expensive, and this package uses subscription pricing, and supports cloud-like capabilities and economics.” Dell EMC and VMware also announced SmartFabric Director, software that can be part of the service offering. Director enables data-center operators to build, operate and monitor an open network-underlay fabric based on Dell EMC PowerSwitch switches. Accoding to Dell, organizations that have embraced overlay software-defined networks need to make sure their physical, underlay networks are tuned to work with the SDN. "A lack of visibility between the two layers can lead to provisioning and configuration errors, hampering network performance,” Dell stated. The Director also supports flexible streaming telemetry to gather key operational data and statistics from the fabric switches it oversees, so customers can use it in security and other day-to-day operations, Dell said.

Quote for the day:

"A lot of people have gone farther than they thought they could because someone else thought they could." -- Zig Zigler

No comments:

Post a Comment