Understanding the journey of breached customer data
It’s known that hackers often use the names of the breached organisation when
marketing, selling or leaking their stolen data. So, it’s worth deploying a
system that monitors for supplier names, as well as your own, on forums and
ransomware sites. This includes searching for common typos and variants of these
names. There are, however, some limitations to this method, as these searches
could lead to lots of false positives. Security teams need to filter through the
data to find matches, but this can take time. Businesses can use database
identifiers to improve monitoring efficiency. These take the form of unique
strings within databases, such as server names and IP addresses. Teams can then
match metadata included in a data leak when searching through database dumps.
Patterns within data, including account numbers, customer IDs and reference
numbers, are also useful for identification. Another technique is ‘watermarking’
data by adding synthetic identities to a data set. Unique identifiers are used
in your data sets or those you share in your digital supply chain so you can
confirm if a breach includes data from your business or a supplier.
Top 12 Cloud Security Best Practices for 2021
In a private data center, the enterprise is solely responsible for all security
issues. But in the public cloud, things are much more complicated. While the
buck ultimately stops with the cloud customer, the cloud provider assumes the
responsibility for some aspects of IT security. Cloud and security professionals
call this a shared responsibility model. Leading IaaS and platform as a service
(PaaS) vendors like Amazon Web Services (AWS) and Microsoft Azure provide
documentation to their customers so all parties understand where specific
responsibilities lie according to different types of deployment. The diagram
below, for example, shows that application-level controls are Microsoft’s
responsibility with software as a service (SaaS) models, but it is the
customer’s responsibility in IaaS deployments. For PaaS models, Microsoft and
its customers share the responsibility. ... To prevent hackers from getting
their hands on access credentials for cloud computing tools, organizations
should train all workers on how to spot cybersecurity threats and how to respond
to them.
How to Deploy Disruptive Technologies with Minimal Disruption
A disruptive technology can have a particularly hard impact on end users.
“Discuss change, and the human reaction to it, as part of your educational
process, acknowledging that it’s hard and everyone at every level of the
organization must go through it,” says Tammie Pinkston, director of
organizational change management at technology research and advisory firm ISG.
“We recently held a client training [program] where individuals used a sticker
to show where they were on the change curve, mapping themselves each day with
indicators so we could see movement.” If a disruptive technology will impact
multiple departments, all parties should be involved in the rollout process.
“One of the reasons it's important to assess all the different interactions and
impacts is to bring in the right expertise and oversight,” Lightman says. This
may, for instance, require seeking input and support from HR and security teams.
“It's better to be overly cautious than to have an issue arise later when you
didn't include representation from a department,” he notes. Still, despite best
efforts, it remains possible to overlook some technology stakeholders.
Update on .NET Multi-platform App UI (.NET MAUI)
.NET Multi-platform App UI (.NET MAUI) makes it possible to build native
client apps for Windows, macOS, iOS, and Android with a single codebase and
provides the native container and controls for Blazor hybrid scenarios. .NET
MAUI is a wrapper framework and development experience in Visual Studio that
abstracts native UI frameworks already available – WinUI for Windows, Mac
Catalyst for macOS/iPadOS, iOS, and Android. Although it’s not another native
UI framework, there is still a significant amount of work to provide optimal
development and runtime experiences across these devices. The .NET team has
been working hard with the community in the open on its development and we are
committed to its release. Unfortunately, .NET MAUI will not be ready for
production with .NET 6 GA in November. We want to provide the best experience,
performance, and quality on day 1 to our users and to do that, we need to slip
the schedule. We are now targeting early Q2 of 2022 for .NET MAUI GA. In the
meantime, we will continue to enhance Xamarin and recommend it for building
production mobile apps and continue releasing monthly previews of .NET
MAUI.
8 top cloud security certifications
As companies move more and more of their infrastructure to the cloud, they're
forced to shift their approach to security. The security controls you need to
put in place for a cloud-based infrastructure are different from those for a
traditional datacenter. There are also threats specific to a cloud
environment. A mistake could put your data at risk. It's no surprise that
hiring managers are looking for candidates who can demonstrate their cloud
security know-how—and a number of companies and organizations have come up
with certifications to help candidates set themselves apart. As in many other
areas of IT, these certs can help give your career a boost. "Cloud security
certifications can set professionals up for long-term career success in
designing, operating, and maintaining secure cloud environments for today’s
enterprises," says Joe Vadakkan, senior director of services alliances at
Optiv. "In addition to the process being a fun learning experience, each
certification offers a unique benefit to understanding the security controls,
associated risks, and dynamic needs of cloud operating models."
Juniper enables Mist to handle network-fabric management
Juniper Networks is embracing an open campus-fabric management technology
supported by other major networking vendors and at the same time making it
simpler to use by removing much of the manual work it can require. The company
is adding Ethernet VPN-Virtual Extensible XLAN (EVPN-VXLAN) support to its
Mist AI cloud-based management platform let customers streamline network
operations. EVPN-VXLAN separates the underlying physical network from the
virtual overlay network offering integrated Layer 2/Layer 3 connectivity as
well as programmability, automation and network segmentation among other
features. The open technology is offered in a variety of forms by most
networking vendors including Cisco, Arista, Aruba and others. “Many of today’s
campus networks leverage proprietary technologies and complicated L2/L3
architectures that weren’t designed to meet modern requirement,” wrote Jeff
Aaron, vice president of Enterprise Marketing at Juniper in a blog about the
announcement.
Dow CIO: Digital transformation demands rethinking talent strategy
When it comes to investing in digital, companies have many choices. There is a
lot you could do, but you need to focus on what you should do. One thing is
certain: You should invest in your people if you want to be successful with
your digital transformation. This is not just about the technology, but using
technology to change the way employees work. My IT organization continually
develops its tech skills with curricula on a variety of topics, including
cloud computing, machine learning, and the entire data space from architecture
to data storage and data visualization. We’re also refreshing our skills
around threat identification, user experience design, and expanding our
programming skills by learning different programming languages. But IT
organizations also need to grow their soft skills. This includes improving
employees’ business acumen, so they understand how their company works and how
it makes money. This not only helps organizations identify opportunities but
connects them to how the tools being implemented help drive value.
Ballerina has unique features that make it particularly worthwhile for smaller
programs. Most other scripting languages that are designed for smaller
programs have significant differences from Ballerina in that they are
dynamically typed and they don't have the unique scalability and robustness
features that Ballerina has. Problems in the pre-cloud era that you could
solve with other scripting languages are still relevant problems. Except now,
network services are involved; robustness is now more important than ever.
With standard scripting languages, a 50-line program tends to become an
unmaintainable 1000-line program a few years later, and this doesn’t scale.
Ballerina can be used to solve problems addressed with scripting language
programs but it's much more scalable, more robust, and more suitable for the
cloud. Scripting languages also typically don't have any visual components,
but Ballerina does.
Tech Nation welcomes tech companies to Net Zero 2.0 programme
For the first time, the Net Zero programme from Tech Nation is welcoming space
tech companies, with operations within the space gaining momentum. Satellite
imaging, for example, provides a way to observe large areas from space to
rapidly identify illegal activities such as deforestation or mining; monitor
supply chains; and verify nature-based solutions such as carbon offsetting.
This type of technology is gaining traction rapidly as countries across the
world look for innovative ways to combat climate change and as multinationals
seek to achieve their recently set net zero goals. Earth Blox is using
satellite data to identify deforestation or mining activities and monitor
supply chains and support nature-based solutions, while Sylvera uses machine
learning and satellite data to verify the carbon offsetting industry.
Additionally, Satellite Vu looks to measure the thermal footprint of any
building on the planet every 1-2 hours, helping to drastically increase the
energy efficiency of buildings, factories and power stations globally.
Travis CI Flaw Exposed Secrets From Public Repositories
The effects of the vulnerability meant that if a public repository was forked,
someone could file a pull request and then get access to the secrets attached
to the original public repository, according to Travis CI's explanation.
Travis CI's documentation says that secrets shouldn't be available to external
pull requests, says Patrick Dwyer, an Australian software developer who works
with the Open Web Application Security Project, known as OWASP. "They [Travis
CI] must have introduced a bug and made those secrets available," Dwyer says.
Travis CI's flaw represents a supply-chain risk for software developers and
any organization using software from projects that use Travis CI, says
Geoffrey Huntley, an Australian software and DevOps engineer. "For a CI
provider, leaking secrets is up there with leaking the source code as one of
the worst things you never want to do," Huntley says. Travis CI has issued a
security bulletin, but some are criticizing the company that it's insufficient
given the gravity of the vulnerability.
Quote for the day:
"Leaders must be close enough to
relate to others, but far enough ahead to motivate them." --
John C. Maxwell
No comments:
Post a Comment