Daily Tech Digest - July 30, 2021

Five steps towards cloud migration for a remote workforce

Reducing costs is one of the key reasons many businesses move to the cloud, with a Microsoft survey identifying this as a top benefit of cloud migration. However, the cost of the migration project itself also needs to be taken into consideration. Some businesses will undertake this exercise in-house if they have an IT team that is big and experienced enough to take on the project or to keep costs low. But if your internal IT support team is small or you already take out managed IT services, we recommend utilising a third-party provider. A business with expertise in cloud consultancy will manage the entire process for you and ensure that your migration goes as smoothly as possible. Their extensive experience in deploying cloud solutions and cloud migrations means you’ll experience a smoother journey to cloud computing. While carrying out this project in-house may seem more cost-effective on the face of it, cloud experts will help you to reduce costs by considering every possibility and mitigating any potential risks. Moving workloads to the cloud is an essential step for businesses that are looking to reduce IT operating costs, increase security, and improve efficiency and productivity.

Cloud Security Basics CIOs and CTOs Should Know

Cloud environments have proven not to be inherently secure (as originally assumed). For the past several years, there have been active debates about whether cloud is more or less secure than a data center, particularly as companies move further into the cloud. Highly regulated companies tend to control their most sensitive data and assets from within their data centers and have moved less-critical data and workloads to cloud. On the flip side Amazon, Google, and Microsoft spend considerably more on security than the average enterprise, and for that reason, some believe cloud environments more secure than on-premises data centers. "AWS, Microsoft, and Google are creators of infrastructure and application deployment platforms. They're not security companies," said Richard Bird, chief customer information officer at multi-cloud identify solution provider Ping Identity. "The Verizon Database Incident Report says about 30% of all breaches are facilitated by human error. That same 30% applies to AWS, Microsoft, and Google. [Cloud] cost reductions don't come with a corresponding decrease in risk."

How To Defend Yourself Against The Powerful New NSO Spyware Attacks

Unlike infection attempts which require that the target perform some action like clicking a link or opening an attachment, zero-click exploits are so called because they require no interaction from the target. All that is required is for the targeted person to have a particular vulnerable app or operating system installed. Amnesty International’s forensic report on the recently revealed Pegasus evidence states that some infections were transmitted through zero-click attacks leveraging the Apple Music and iMessage apps. This is not the first time NSO Group’s tools have been linked to zero-click attacks. A 2017 complaint against Panama’s former President Ricardo Martinelli states that journalists, political figures, union activists, and civic association leaders were targeted with Pegasus and rogue push notifications delivered to their devices, while in 2019 WhatsApp and Facebook filed a complaint claiming NSO Group developed malware capable of exploiting a zero-click vulnerability in WhatsApp. As zero-click vulnerabilities by definition do not require any user interaction, they are the hardest to defend against.

Distributed DevOps Teams: Enabling Non-Stop Delivery

An important element of most DevOps teams is cultural integration; learning about and from each other, establishing the psychological safety within the team to fail in front of your peers, the proverbial finishing of each other’s sentences… it’s simply harder to establish this level of cultural cohesiveness when you are working in distributed teams. Leaders are also challenged; how do they recognize when a team member needs help, needs to be prompted, or requires clearer direction without the body language cues or without any interaction at all, if they are in completely different time zones? As a leader, recognizing when to intervene, when to support, and when to engage is challenging when the team is delivering outside of view. Trust becomes crucial between all team members. This particular organization is currently considering "time zone rotation" so that team members can establish working relationships and trust outside of their own normal working time group.

Building A Secure Cloud Infrastructure For Strong Data Protection

Sometimes the terms “security” and “privacy” are used interchangeably, but it is vital to understand the nuances between the two when building a secure cloud infrastructure. Data privacy is associated with ensuring that personally identifiable information (PII) stored in the cloud is hidden. Privacy regulations, such as the EU’s GDPR and the California Consumer Privacy Act (CCPA), dictate what data is considered private and that the data remains pseudonymized at all times. Data security, on the other hand, pertains to specific protections that have to be built into the infrastructure to prevent data from being stolen. Building a secure cloud infrastructure is predicated upon understanding the right mix of privacy and security measures, which can vary based on an organization’s industry and the specific regulations to which it must adhere. Many organizations aren’t clear on how to protect data in the cloud. The natural assumption is that the cloud provider will handle security, but that is not the case. When migrating to the cloud, most providers lay out a shared responsibility model for protection, meaning the provider is responsible for specific security areas and the company is responsible for others.

7 Best Soft Skills That Make a Great Software Developer

Everyone can talk, but not everyone can communicate. Being a software developer means understanding a whole new language: the language of code, with all the acronyms and technical terms that come with it. These terms may seem simple to you, but will all your colleagues understand them Work on your communication skills by considering carefully the language you use and tailoring it to your audience. Could you explain agile software testing to a computing novice, for example? By honing your communication soft skills you can reach out to more people. These first two soft skills go hand in hand: to be a great communicator, you also have to be a great listener. Remember that everyone you work with and speak to deserves to be listened to, and they may have information that will make your job easier. Put distractions to one side, and concentrate completely on the person who’s talking to you. Keep an eye out for non-verbal communication signs too, as they can often reveal as much as what a person is saying.

McAfee: Babuk ransomware decryptor causes encryption 'beyond repair'

"It seems that Babuk has adopted live beta testing on its victims when it comes to its Golang binary and decryptor development. We have seen several victims' machines encrypted beyond repair due to either a faulty binary or a faulty decryptor," Seret and Keijzer said. "Even if a victim gave in to the demands and was forced to pay the ransom, they still could not get their files back. We strongly hope that the bad coding also affects Babuk's relationship with its affiliates. The affiliates perform the actual compromise and are now faced with a victim who cannot get their data back even if they pay. This essentially changes the crime dynamic from extortion to destruction, which is much less profitable from a criminal's point of view." The typical Babuk attack features three distinct phases: initial access, network propagation, and action on objectives. Babuk also operated a ransomware-as-a-service model before shutting down in April. Northwave investigated a Babuk attack that was perpetrated through the CVE-2021-27065 vulnerability also being exploited by the HAFNIUM threat actor.

Cisco preps now for the hybrid workforce

The lasting impact of remote work is resulting in a reassessment of the IT infrastructure that shifts buyer requirements to demand work-anywhere capabilities, said Ranjit Atwal, senior research director at Gartner. “Through 2024, organizations will be forced to bring forward digital business transformation plans by at least five years,” Atwal said. “Those plans will have to adapt to a post-COVID-19 world that involves permanently higher adoption of remote work and digital touchpoints,” Digital products and services will play a big role in these digital transformation efforts, Atwal stated. “This longer strategic plan requires continued investment in strategic remote-first technology continuity implementations along with new technologies such as hyperautomation, AI and collaboration technologies to open up more flexibility of location choice in job roles,” Atwal stated. The hybrid workforce will need every technology from SD-WAN and SASE to a full stack collaboration suite--in Cisco's case WebEx--and best-in-class security and Wi-Fi and failover options, Nightingale said.

Silver linings: 7 ways CIOs say IT has changed for good

A positive change was the unbridled collaboration and coming together – without traditional borders or silos – to solve the exceptional challenges the pandemic threw at us. COVID-19 triggered physical social distancing while at the same time it bolstered digital connectedness and accelerated a culture shift to a more flexible work model. There was a pervasive focus on the wellbeing of each individual, and an intentional effort to hear from each person, which further diversifies input and insights to solve problems. The Sappi team came together in this manner and continues to carry forward those positive elements of inclusive and optimistic collaboration to navigate each effort with confidence that we will have a thriving future ahead. ... From the start of the pandemic, we leveraged these competencies and our fortitude to successfully solve business challenges and meet our goals and objectives. The demand for digital experiences and customers’ expectations for seamless digital offerings continues to increase, and MassMutual’s digital and technology advancements and digital-first mindset allow us to offer more modern tools at lower costs and provide an overall better customer experience.

What should IT leaders look for in an SD-WAN solution?

Delivering high performance, affordable SD-WAN solutions is not something everyone can do. For that reason, when an IT leader complains of connectivity speeds, the easier option is for providers to simply recommend more bandwidth. And, with the cost of circuits falling, it’s hard to push back on this apparent resolution. However, for many businesses, traditional networks will no longer be fit for purpose. We’re not all in the same network anymore, so it’s not a case of routing all the traffic into one place, through a huge firewall, and back out. The SD-WAN alternative sounds complex, and it really is – we’re talking an intelligent, responsive, end-to-end encrypted network with AI at its heart, after all. However, from the IT leader’s perspective, it is deployed with zero touch provisioning, no hardware installations, and self-configuration for ultimate ease. IT teams are here to deliver IT services, after all. They don’t want to be held back by infrastructure constraints. It’s about time that tech enabled them to do their jobs.

Quote for the day:

"Nothing is so potent as the silent influence of a good example." -- James Kent

No comments:

Post a Comment