Are EU Privacy Regulators Starting to Find GDPR Consensus?
Even though GDPR enforcement is more than two years old, attorney Rocco
Panetta, the founder and managing partner of Panetta & Associates in Rome,
predicts that it will take at least two more years - if not more - for
enforcement and sanctions efforts to gain greater consistency, not just
between EU member states but also inside any given country. Such consistency
would also provide more predictability for organizations facing sanctions.
"The EU regulation gives a range of values without imposing any
standardization," says Panetta, who's also on the board of directors of the
International Association of Privacy Professionals. "If anything, the issue is
mostly about the difficulty facing companies that try to predict the potential
consequences of a GDPR breach," he tells Information Security Media Group. "As
a data protection officer and legal consultant for local and multinational
enterprises and groups of companies, I'm getting to witness such difficulty
more and more frequently." One major change brought about by GDPR is that it
made data protection a law. Previously, EU member states were subject only to
a data protection directive - specifically, Directive 1995/46/CE - that each
nation transposed as it saw fit into its own, national law.
Key Sprint Metrics to Increase Team Dependability
With Sprint Flow, you can track how your work is flowing throughout the Sprint
and easily spot any delays or bottlenecks emerging that may potentially put
your commitments at risk. One of the most common pitfalls we see with scrum
teams is work being signed off at the end of the sprint. This delay backloads
risk and makes it difficult for teams to address any feedback by the end of
the sprint, which in turn cannibalises capacity in the next sprint and can
create a nasty snowball effect. A feature of successful sprints is the tight
feedback loop between the user (often represented by the PO) and the team, and
work is being signed off as early as possible. Some of the most common
challenges to this feedback loop are: work is slow to start at the beginning
of the sprint, a backlog is forming with the QA team, and the PO has limited
availability to review and sign-off work. It’s essential that all member of
the team, but particularly a Scrum Master, have visibility of these potential
delays, which is why Sprint Flow is an incredibly powerful metric to review in
daily stand-ups and retros. ... The challenge we see with this approach is
that burn-downs and burn-ups are binary in their analysis; they only
differentiate between incomplete and complete
Key Application Metrics and Monitoring for Developers
As a developer, it's all too easy to fall into the habit of what I call
reactive firefighting, or responding only or primarily to reported issues or
bugs. These issues are easy to prioritize, as it is clear that a user is
already experiencing an issue or downtime. However, while you are busy
fighting the fire, the fire is continuing to damage application downtime or
cause some other issue. Proactive monitoring is the best way to reduce the
number of fires that start in the first place. In essence, you need to monitor
your metrics on a regular basis. This is proactive because it requires you or
your team to look at your application response time, error rate, and slow
transactions before users report any issues. By reviewing your metrics on a
regular basis, you can identify issues before users report them, and you can
proactively address errors or bottlenecks that could become larger problems.
Additionally, monitoring your metrics regularly will give you a sense of what
is “normal” and what is abnormal for your application. As mentioned earlier,
metrics are the most helpful in illuminating relative rather than absolute
performance.
2021 will overburden already stressed infosec teams
Dis- and misinformation impacts businesses and the public at large in a myriad
of ways. False or misleading claims can have a major impact on a businesses’
bottom line, not to mention turning the tide of public opinion. In 2021, every
organization and individual will face three challenges: The need to
discern what is real from what is fake; The need to determine what
sources are credible; and The need to verify information. Disinformation
becomes a cybersecurity issue because cybercriminals thrive on uncertainty.
According to OpenText research, one in five people (at least) have received a
COVID-19 related phishing email as of this fall. That number will surely grow.
We’ve also seen spikes in phishing campaigns around fake COVID-19 stimulus
offers, fake streaming media links, etc. We can expect trends specific to
COVID-19 to continue. More generally, as trust in media and institutions is
threatened, cybercriminals will have more opportunities to exploit the
resulting uncertainty. The good news, cybersecurity teams are used to dealing
with a level of disinformation. If you think about it, what is a phishing
campaign if not an active disinformation attack?
Use predictive analytics in manufacturing to gain insight
Predictive analytics in manufacturing relies on collecting sensor data
across the manufacturing process, Leone said. If this happens, manufacturers
can uncover trends, forecast outcomes, improve and ensure product quality
and optimize asset allocation and capacity utilization. In addition, a
predictive manufacturing system doesn't just come in handy during one step
of the manufacturing process. A predictive manufacturing system has many
roles in a factory, said Forrester analyst Paul Miller. For example, it can
help when a manufacturer is striving for reliability or searching for the
most cost-effective energy mix or the ideal materials. "Potentially,
for a complex industrial asset, there could be thousands and thousands of
combinations to consider," Miller said. However, adopting a predictive
manufacturing system doesn't come without its growing pains. A key barrier
to adopting predictive manufacturing is internal resistance, Miller
said. "People will say, I have been running this operation for 30
years and I know how to do it," Miller said. However, some companies have
been pleasantly surprised by the results, he said. "Siemens found that
with their gas turbines, they were able to get significantly better
performance than their best engineers because the computer can try so many
options all at once," Miller said.
DDoS Attacks Spiked, Became More Complex in 2020
Threat actors launched more DDoS attacks this year than ever before. Much
of the increase was tied to the large-scale shift to remote work as a
result of the global pandemic. Adversaries perceived more opportunities to
attack organizations that suddenly were forced to support large
distributed workforces and employees logging in from weakly protected home
networks. "As a result of the pandemic, we saw an unprecedented number of
systems going online, with corporate resources now in less-secure home
environments, and a massive increase in the use of VPN technology," says
Richard Hummel, threat intelligence lead at Netscout. Netscout's current
projections forecast more than 10 million DDoS attacks in 2020, the most
ever in a single year. In May 2020 alone, Netscout observed some 929,000
DDoS attacks, the largest ever in a 31-day period. During the height of
the pandemic-related lockdown between March and June, the frequency of
DDoS attacks increased 25% compared with the previous three-month period.
The attacks consumed huge amounts of network throughput and bandwidth and
increased costs for both Internet service providers and enterprises.
Enterprise architecture tools could be acquisition targets
The adoption of enterprise architecture tools is increasing as organizations
advance their business models to meet changing customer needs, pursue
digital transformation and build a "composable enterprise" using
interchangeable building blocks. He said some EA teams mistakenly limit
their scope to cataloging their existing IT systems, applications and
technologies when they should take the opportunity to capture their
organization's business architecture and strategy. Gartner's latest Magic
Quadrant on EA tools reflects a shift to features that enable users to drag
and drop objects and classes, get context-sensitive help, and use
collaboration tools such as Microsoft Teams and Slack. Other key
capabilities in many of the EA tools featured in the report include guided
navigation, autogenerated views, smart search and virtual assistant support,
Jhawar said. Avolution, Bizzdesign, Mega International and Software AG
"sustained excellence in both execution and vision" to hold their positions
as leaders in the 2020 Magic Quadrant for EA tools, just as they were in
2019, according to the Gartner report. But Gartner now lists a longer group
of challengers behind them, with BOC Group, LeanIX, Orbus Software and
QualiWare.
5 Emerging DevOps Trends to Watch in 2021
As Infosec continues to evolve, security is coming to the forefront of all
teams. No company wants to deal with business and financial effects of a
breach, and many companies are now working hard to secure their digital
systems. As companies educate their teams on how to keep information and
systems secure, DevOps is no exception. As the core team responsible for
deploying and maintaining infrastructure as well as configuring and storing
the secrets for applications that are deployed, DevOps teams must continue to
keep security top of mind. We see DevOps not as an obstacle to secure
workloads but as an enabler. Both Security and DevOps teams want clear
processes in place and tight configurations implemented on servers and cloud
access. These teams will continue to work together to make sure infrastructure
and applications are deployed in an increasingly automated, auditable, and
secure manner. With the focus on security, this may change the way DevOps
teams operate to be more of a balance between process and speed. Many
companies may evaluate if they really need to be deploying software many times
per day and if this keeps their security and compliance goals in mind.
Businesses to boost collaboration spending in ‘21 as remote work continues
With real uncertainty over when the pandemic might end and a sustained
global economic recovery could begin, many IT departments are likely to take
a wait-and-see approach when setting budgets for collaboration investments
in 2021. “What I hear a lot of is, ‘I’ve got three budgets for next year,’”
said Lazar. Those budgets include spending based on a worst-case scenario,
where financial markets tank and spending is “cut to the bone”; a “keep
everything steady” budget; and, finally, an optimistic budget where
economies are booming, and companies undertake a “massive expansion” in
spending, he said. ... “The need to empower collaboration in the enterprise
has clearly been a lesson learned in 2020,” said Wayne Kurtzman, research
director for collaboration at IDC. “2021 is the time to improve it, often
through software integrations and making [collaboration software] part of
the core IT stack and enabling all workers.” A 451 Research survey report
(Voice of the Enterprise: Workforce Productivity & Collaboration
Technology Ecosystems 2020), which tracks planned corporate technology
purchasing in the first half of 2021, paints a similar picture, with
collaboration spending largely protected as businesses tighten other areas
of their IT budgets.
How Will Biden Administration Tackle Cybersecurity?
While Biden and his transition team have not yet released specific
cybersecurity policies, he recently noted that it "may take billions of
dollars to secure our cyberspace," over the next several years and that those
who were responsible for the SolarWinds hack "can be assured that we will
respond and probably respond in kind." Besides SolarWinds, the new Biden
administration will face a host of other issues, including CISA, which has
seen its leadership hollowed out following the post-election firing of former
Director Christopher Krebs. Cybersecurity experts and analysts agree that how
Biden and his administration address these issues in the first critical weeks
is likely to set the tone for the next four years, as the nation faces several
security obstacles both foreign and domestic. Their suggestions range from
filling key leadership spots, such as the CISA director, to confronting
overseas adversaries to building deeper relationships with the private sector.
As the events surrounding the SolarWinds breach continue to unfold, how the
Biden administration responds during its first few weeks will likely shape a
large portion of the White House's cybersecurity policy going forward, says
Phil Reitinger
Quote for the day:
"Every day is a NEW beginning, take a deep breath and START AGAIN." -- Unknown
No comments:
Post a Comment