Daily Tech Digest - October 13, 2022

Information overload, burnout, talent retention impacting SOC performance

John Lodge, SOC Manager at Socura, says alert fatigue is a particular problem. “As well as causing fatigue for the analysts, repeating false positives also draws attention from and potentially delays responses to real active threats,” he tells CSO. The main solution to this is with effective tuning, he adds. “Key challenges to overcoming this are getting investment from analysts to ensure tuning opportunities are exploited as soon as possible. In cases where tuning is not possible, automation should be used so as much manual work is taken off the analyst as possible. Again, the challenge here is making sure the initial effort is put in to automate these actions before the false positives build up.” First-time fix challenges are also significant, Lodge says. “When escalating an incident, we ideally we want to be able to have resolved the incident with the tools and information at our disposal. In some cases, this is not possible as further context is required.” The challenge is to ensure that, in all cases, we have carried out as much investigation and response as possible. 

Cybersecurity’s too important to have a dysfunctional team

Teamwork is an essential part of working in a business and this is just as true of cybersecurity teams. Due to the constant vigilance required, it helps cybersecurity professionals to know they have people around them, with whom they can share the workload. There are five fundamental qualities that make every team great: communication, trust, collective responsibility, caring and pride. Everyone individually is important, but it is in coming together that they become unbeatable. Effective teamwork begins and ends with communication. It does not always occur naturally, but it must be taught and practised in order to bring everyone together as one. Along with a strong and functional team, a good leader is essential. Cybersecurity teams have stressful jobs, with the whole company looking to them in times of crisis (which can be heighted during economic instability). For this, the cybersecurity team requires a capable leader under pressure to help engender trust across their staff. They must also be able to advocate for the team if some are burnt out or require further training.

12 things every CIO must get done in year one

Dr. George F. Claffey Jr., CIO and interim vice president of Institutional Advancement and Strategic Partnerships at Central Connecticut State University, says he, too, focuses on listening and building relationships. He sees building trust as an essential extension of that work. “No one is going to have confidence in your agenda if you can’t be trusted,” he says. To build trust, Claffey acknowledges others’ challenges and works to fix them. “We find the win for them,” he says, adding that he also attends meetings held by other departments and demonstrates a genuine interest in their goals so they see “I’m interested in not just IT but everything that’s happening.” ... To have a successful CIO shop from the start, Jim Hall, CEO of consultancy Hallmentum, says CIOs “need to have the right people doing the right things at the right time, and they have to have the right skills.” To ensure they have that, CIOs should assess their teams early on to identify skill gaps in individuals and across teams, and then determine what measures are needed to get in place the right people and skills doing the right thing at the right time.

5 Factors to Weigh When Building Authorization Architecture

As you succeed, you will inevitably want to start winning some larger enterprise customers. This means working with a whole new set of authorization challenges. When working with a transnational business — and, specifically, working with a single department of it at first — reflecting the organizational structure in your permissions quickly becomes a sticking point. New requirements emerge, such as:Users should only be able to access resources and data within their department and geography. Managers in the London office should be able to access everything in the other U.K. offices. Heads of departments globally should be able to do everything in all regions. Company vice presidents want to see everything but don’t really know how things work, so they should only have view access. Sally in the Paris office is our superstar employee who also does work now and again for the U.S. team, so she should have access to their account every 3rd Tuesday if it is a full moon (might have exaggerated a bit here).

9 out of 10 banks still use mainframes. Google Cloud wants to reduce that.

Google Cloud plans to introduce what it’s calling a simpler, more risk-averse way for enterprises to move their legacy mainframe estates to its cloud with a new service built on technology originally developed by Banco Santander. That service is Dual Run, and it enables parallel processing, allowing enterprises to make digital copies of their legacy mainframe systems and run them simultaneously on Google Cloud Platform. The service addresses a big challenge with mainframes: the tight coupling of data to the application layer. It allows real-time testing by customers to ensure their cloud workloads are performing as expected, running securely, and meeting regulatory compliance needs — without stopping an application or negatively impacting their end-user experiences — before transitioning to GCP as their primary system. “This is a simple concept, but hard to implement — hasn't been done so far,” Nirav Mehta, Google Cloud’s senior director of product management for cloud infrastructure solutions and growth, told Protocol.

The Microsoft-Cisco Teams collaboration could create an interoperability revolution

Cisco is a telecom company. It should get, even better than Microsoft, why things in its space need to interoperate and how to differentiate on features, capabilities, and price without locking out competing solutions. Embracing Teams doesn’t mean it's abandoning Webex, but Webex will need to find a path to third-party hardware or it will lose ground against options like Teams. Cisco seems to get this, based on the statement yesterday from Jeetu Patel, executive vice president and general manager, security and collaboration at Cisco: "Interoperability has always been at the forefront of our hybrid work strategy, understanding that customers want collaboration to happen on their terms — regardless of device or meeting platform,” said Patel. “Our partnership with Microsoft brings together two collaboration leaders to completely reimagine the hybrid work experience.” This should help drive Cisco toward a future where Webex and Teams could interoperate, as well, which might mean the end of products like Zoom.

The future of low-code governance with Managed Environments for Power Platform

While the low-code concept has been around for decades, there has been an evolution in governance capabilities and offerings. In the initial era of low-code development, employees would build solutions in Microsoft Excel, Microsoft Access, Microsoft InfoPath, and other tools, often hidden from their IT departments and all governance strategies or policies. As technology matured, many of these solutions became cloud-based and were built using a variety of standalone providers. As each provider offered different governance capabilities, organizations needed to face the challenge of overwhelming low-code solution development and the expertise, specialized resources, and additional time to train the admins on the governance tools that must be implemented. Microsoft Power Platform allows organizations to move to the next era of low-code governance with a central low-code platform that allows makers to enjoy shared components and experiences. 

Distributed cloud computing and its rising importance for businesses

Distributed systems mitigate these drawbacks in cloud computing by adequately allocating the workload to pre-selected servers, typically the ones physically nearest to clients. Soon, augmented reality, virtual reality, and the Internet of Things (IoT) will all be used with data networks. They typically have low latency and primarily benefit from the distributed cloud’s CDN/caching feature. Distributed cloud computing reduces the overall resource requirements for the central infrastructure and speeds up latency for users that need it by keeping certain computations, data delivery, and storage local. It increases the overall solution’s effectiveness for all users. Distributed cloud benefits with cloud computing distributed systems include being open for purchase, allowing users to request that some data remain within particular zones or that a specific performance target for latency or throughput is fulfilled. These are discussed between the client and the cloud provider in Service Level Agreements (SLA).

CIOs sharpen their mainframe exit strategies

Spangler advises IT leaders to “take an economic view” of what to migrate given that there are still “tremendous technology capabilities” that exist on the mainframe. “It can’t be a theoretically thing,’’ he says. “We just know for our environment, because we’re more than a 40-year-old company … we have old technologies we were replacing anyway, and when we looked at our enterprise strategy, it just made sense.” Spangler says IT leaders should also keep the principles of engineering and architecture in mind. “A lot of people are so focused on getting rid of their mainframes they end up with mess,” he says, adding that strong engineering and architecting upfront will help make sure you end up with something that is modern, world-class, expandable, secure, and modifiable. Lastly, Spangler recommends that IT leaders “continuously update your plan because it’s a battle. It’s hard. Brutally hard. We literally zero-base our business case on this every quarter and build from the bottom up.’’

CISO: A day in the life

While engineering and technical disciplines are at the core of our profession, we must effectively communicate with executives and boards of directors to keep our companies, customers, and partners safe. We must communicate the latest threats and regulations in the business context. Understanding potential business risks are essential to prioritizing cybersecurity – and all – risks accordingly. During my time as a cybersecurity consultant for a food company, I highlighted the risk associated with credit card theft. One executive asked how that compared to the risk the company faced if it experienced a salmonella outbreak and a customer died of food poisoning. At the time, I had no good answer to this question. This example shines a light on our role as business enablers. Cybersecurity professionals are tasked with enabling our colleagues to pursue opportunities and innovation. As guardians and protectors of our business, we perform best by embracing that ethos within business operations, with an eye always focused on risk management.

Quote for the day:

"I think the greater responsibility, in terms of morality, is where leadership begins." -- Norman Lear

No comments:

Post a Comment