Devops teams should specifically tailor planning, release, and deployment communications or collaborations to their audiences. For service desk and customer support teams, communications should focus on how the release impacts end-users. Devops teams should also anticipate the impact of changes on end-users and educate support teams. When an application’s user experience or workflow changes significantly, bringing in support teams early to review, understand, and experience the changes themselves can help them update support processes. ... Let’s consider two scenarios. One devops team monitors their multicloud environments and knows when servers, storage, networks, and containers experience issues. They’ve centralized application logs but have not configured reports or alerts from them, nor have they set up any application monitors. More often then not, when an incident or issue impacts end-users, it’s the service desk and support teams who escalate the issue to IT ops, SREs (site reliability engineers), or the devops team. That’s not a good situation, but neither is the other extreme when IT operational teams configure too many systems and application alerts.
Most school districts now acknowledge that things will not be back to normal this fall, and they are planning hybrid learning solutions for the school year. Hackers are delighted with this development since distance learning is often implemented using Microsoft's Remote Desktop Protocol (RDP), one of the prime targets for cybercriminals, aiming for quick gains. Their primary tactic: install ransomware that locks up data until ransoms are paid. Recently, in June 2020, the University of California San Francisco School of Medicine paid a ransom of over $1 million to regain access to important scientific data. While a K-12 school or school district may not have data worth millions, cybercriminals know that schools often lack the resources large corporations deploy to guard against cyberattacks, which makes them prime targets. One specific attack vector the FBI has warned about is Ryuk ransomware, which is deployed via RDP endpoints, specifically students, parents, and teachers in the K-12 environment. Ryuk uses a sophisticated type of data encryption that targets backup files. Once the end user has been infected, that person can propagate the virus to the school's servers, where it can cause havoc.
"The risk with Arm going forward is Arm works because I can source Arm IP, and I know that Arm will not compete with me. Some of Arm's other customers might compete with me, but my supplier will not compete with me because they do not sell chips," he said. "We're moving to a scenario now where there's a potential that if I'm sourcing IP from a company that will compete with me for product -- the selling of chips -- that's obviously going to cause concern for quite a few companies that may also raise antitrust or anti-competitive issues in terms of closing the deal as well." And this is before the situation with Arm China enters the equation. Arm China is a joint venture -- the style of arrangement many western companies enter into to do business in the Middle Kingdom -- and in July, Arm sought to fire the CEO of that venture, Allen Wu, for running another company that invested in Chinese Arm customers on the side. That would normally be a pretty straight forward case of conflict of interest, except Wu has Arm China's registration documents and company seal and he has not given them up, Bloomberg reported in July. Arm China also posted a public letter signed by 176 of its employees imploring Beijing to protect it from the UK parent company.
Check Point’s POC attack was that an image would be messaged to a victim over a popular platform—iMessage, Android Messages or WhatsApp, and the content of the image would tempt the victim to save the photo to their device. It’s easily done—most of us do it all the time, even if just to share the image on a different platform, rather than forward the message we have received. Check Point’s Ekram Ahmed told me that this should serve as a warning. “Think twice before you save photos onto your device,” he told me, “as they can be a Trojan horse for hackers to invade your phone. We demonstrated this with Instagram, but the vulnerability can likely be found in other applications.” That’s almost certainly the case—the issue was with the deployment of an open-source image parsing capability buried within the Instagram app. And that third-party software library is widely installed in countless other apps. ... The issue comes when you save that to the album on your internal phone’s storage or an external disk. We saw this last year, with WhatsApp and Telegram exposed to an Android vulnerability where images were saved to an external disk. That said, earlier this year, Google’s Project Zero team warned that the image handling by messengers themselves on iOS could be defeated when an unusual file type was handled.
Data intensity won’t happen overnight. It’s a journey that brings together the right technology, best practices, and infrastructure foundation. The first step is to start with proven available technologies. Open Source offerings may tempt us with the latest technical bells and whistles, but they aren’t always the solution that aligns best with our business objectives. One reason that IT projects fail so often is that people choose the wrong technology. As you evaluate the tooling you will use with your data, consider whether you need some of the scale and complexity that comes with these technologies. Not every company is a Facebook or a Google. Choose the technology that lines up best to your own use case and your platform, not merely the flavor of the month. Don’t be afraid to purchase the technology and tools you need, rather than build it yourself. Maximizing data literacy is another key step toward data intensity. It starts with establishing a common way to talk about data, using a baseline set of knowledge, such as SQL. Understanding the data is more important than understanding the technology behind it. Even the best solution won’t do you any good if you can’t bring it into production.
The GCA toolkit provides small businesses a way to address these risks with free tools and resources that they can implement themselves. For government and industry, the toolkit is a valuable resource that can be provided to help secure their supply chain and vendors. “Helping small businesses address cybersecurity challenges requires that we meet them where they are, with resources designed to match their resources and expertise. We worked with partners and stakeholders to develop the GCA Cybersecurity Toolkit for Small Business more than a year ago and since that time have evolved the toolkit to be even easier to use, either all at once or a step at a time,” said Philip Reitinger, GCA’s President and CEO. “This revision of the toolkit is a significant step forward on this front, and we are pleased to share it to further assist small businesses reduce cyber risk.” Since its initial launch there have been more than 105,000 visits to the toolkit. Key to the success of the toolkit has been partnerships with organizations such as Mastercard, ICTswitzerland, and the Swiss Academy of Engineering Sciences (SATW), the latter two of which resulted in the German translation of the toolkit and makes an important contribution to the implementation of the National strategy for Switzerland’s protection against cyber risks (NCS).
Low-code platforms are far more open and extensible today, and most have APIs and other ways to extend and integrate with the platform. They provide different capabilities around the software development lifecycle from planning applications through deployment and monitoring, and many also interface with automated testing and devops platforms. Low-code platforms have different hosting options, including proprietary managed clouds, public cloud hosting options, and data center deployments. Some low-code platforms are code generators, while others generate models. Some are more SaaS-like and do not expose their configurations. Low-code platforms also serve different development paradigms. Some target developers and enable rapid development, integration, and automation. Others target both software development professionals and citizen developers with tools to collaborate and rapidly develop applications. I selected the seven platforms profiled here because many have been delivering low-code solutions for over a decade, growing their customer bases, adding capabilities, and offering expanded integration, hosting, and extensibility options. Many are featured in Forrester, Gartner, and other analyst reports on low-code platforms for developers and citizen development.
Discussions of cloud security are often complicated because different people have different ideas of what constitutes cloud computing and what their personal roles and interests are, Riley said. It's incumbent on organizations to focus their attention on aspects of cloud security they can control: identity permissions, data configuration, and sometimes application code. Most cloud security issues that organizations face fall under these three areas. "The volume of cloud usage is increasing, the sophistication is increasing, the complexity is increasing, [and] the challenge is learning how to better utilize the public cloud," Riley said. A growing dependence on the cloud will also force businesses to rethink the way they approach network security, said Lawrence Orans, research vice president at Gartner, in a session on the subject. The future of network security is in the cloud, and security teams must keep up. The changes related to cloud adoption extend to the security operations center, which analysts anticipate will take a different form as more businesses depend on the cloud, adopt cloud security tools, and support fully remote teams. These shifts will demand a change in thinking for security operations teams.
Dropping all logs into a SIEM spikes costs, so oftentimes only a portion is collected, which creates fragmented or incomplete pictures and impacts security monitoring and incident response. CLMs lift the burden of having to hire staff, provide training and support for SIEMs. CLMs also reduce the costs organizations would incur with their SIEM providers, as well as the risk of endangering the SIEM infrastructure by storing unmanaged logs. Fragmented data collection can become a unified data collection with a data highway. Organizations can now filter unruly data and deliver only what you need. This helps overcome the age-old strategy of letting separate teams have their own sources of data, which could instead be directed to the appropriate team via your data highway. The data highway lets you collect once and use it many times, where it’s needed. ... One example of superfluous information is the timed mark that many applications add into the log of their system to show they are online. Unless a security auditor will need to see this, there is no reason why an organization should be paying to store it in their SIEM. Administrators are even able to filter out all extraneous text and add parsing for specific events.
With critical systems, it can be a good idea to first run experiments in your dev/test type environments to minimize both actual and perceived risk. As you learn new things from these early experiments, you can explain to stakeholders that production is a larger and more complex environment which would further benefit from this practice. Equally, before introducing something like this in production, you want to be confident that you can have a safe approach that allows for you to be surprised with newer findings without introducing that additional risk. As a next step, consider running chaos experiments in a new production environment before it is handling live traffic by generating synthetic workloads. You get the benefit of starting to test some of the boundaries of the system in its production configuration, and it is easy for other stakeholders to understand how this will be applied and that it will not introduce added risks to customers, since live traffic isn’t being handled yet. To start introducing more realistic workloads than you can get from synthetic traffic, a next step may be to leverage your existing production traffic.
Quote for the day:
"Challenges in life always seek leaders and leaders seek challenges." -- Wayde Goodall