What's coming for cloud computing in 2023
Enterprises often move to multicloud on purpose, but way more often multicloud
just happens as enterprises strive to find and leverage best-of-breed cloud
services with no plan for what to do with those services after deployment. This
leads to too much cost and not enough return of value to the business. Old
story. This cloud complexity problem can be solved through the strategic use of
technology and better approaches to manage the complexity. Most important is
reducing redundancy by using a common layer of technology above the public cloud
providers as well as above any legacy or edge-based systems. This layer includes
common services, such as a single security system, a single data management
system, finops, a single cloud operations system, etc. We’re not attempting to
solve every problem within the “walled garden” of each public cloud provider;
this technology should exist within a common layer, aka supercloud or
metacloud. This strategic cloud trend not only solves the complexity
problems by leveraging common services and a common control plane, it also helps
get cloud costs under control through a common finops layer that handles cost
monitoring, cost governance, and cloud cost optimization.
Best practices for implementing a company-wide risk analysis program
The first step is determining what is critical to protect. Unlike accounting
assets (e.g., servers, laptops, etc.), in cybersecurity terms this would include
things that are typically of broader business value. Often the quickest path is
to talk with the leads for different departments. You need to understand what
data is critical to the functioning of each group, what information they hold
that would be valuable to competitors and what information disclosures would
hurt customer relationships. Also assess whether each department handles trade
secrets, or holds patents, trademarks, and copyrights. Finally, assess who
handles personally identifiable information (PII) and whether the group and its
data are subject to regulatory requirements such as GDPR, PCI DSS, CCPA,
Sarbanes Oxley, etc. When making these assessments, keep three factors in mind:
what needs to be safe and can’t be stolen, what must remain accessible for
continued function of a given department or the organization, and what
data/information must be reliable (i.e., that which can’t be altered without
your knowledge) for people to do their jobs.
What Is Data Virtualization?
The process of data virtualization is quite simple. Data is accessed in its
original form and source. Unlike typical “extract, transform, and load” (ETL)
processes, virtualization doesn’t require data to be moved to a data warehouse
or data lake first. Data is aggregated in a single location, known as a virtual
data layer. Using this layer, enterprises can develop simple, holistic, and
customizable views (also known as dashboards) for accessing and making sense of
data. Using these tools, users can also pull real-time reports, manipulate data,
and perform advanced data processes such as predictive maintenance. Data is
easily accessible via dashboards from anywhere. ... While data is critical to
the decision-making process, not just any data will do. The data used must be
accurate, up-to-date, and logical. It must also be displayed in a way that all
stakeholders can understand, whether a user is a data scientist or a C-level
executive. Data virtualization enables stakeholders to access the specific data
they need when they need it. Because data isn’t just a replication from any
given time, all data is accurate to the minute.
LockBit 3.0 Says It's Holding a Canadian City for Ransom
LockBit operators posted screenshots showing files of different departments and
other data as a proof for their claim, but Information Security Media Group was
unable to immediately contact the municipality and confirm the authenticity of
the documents. The attack comes on the heels of a new National Cyber Threat
Assessment 2023-2024 by the Canadian Center for Cyber Security. The report,
which says ransomware is "the most disruptive form of cybercrime facing
Canadians," adds that ransomware benefits significantly from the specialized
cybercrime economy and the growing availability of stolen information. "So long
as ransomware remains profitable, we will almost certainly continue to see
cybercriminals deploying it," the report says. The city of Westmount's official
website was not affected by the attack, and the municipality says any updates on
the recovery will be communicated on the site. The mayor assured residents that
data security is its "top priority" and so "is the protection of our residents'
and employees' information."
A brief history of industrial IoT
Most early networking technologies were wired: Connection required cables that
physically linked your device to the network. Network bandwidth — the amount of
data that can be conveyed in a period of time — for 10BASE-T Ethernet
connections, one of the most widely used standards established in the late 1980s
and early 1990s, allowed for as much as 10 Megabits of data per second. In
contemporary times, wired networks support connections of 1,000 Megabits of data
per second (1000BASE-T or 1 Gigabit) or even 10 Gigabits of data per second
(10GBASE-T) for modern Ethernet connections. Wireless and cellular networking,
which eliminated the need for a cable to each device, was a significant shift
for IIoT. Standardized in 1999, 802.11b was one of the first standards supported
in products from many manufacturers and was a predecessor to the Wi-Fi 6E
standard established in 2020. Modern Wi-Fi devices not only offer speeds
anywhere from 50 to 800 times as fast as earlier equipment, but the devices may
also perform reliably in much more dense radio environments than their
predecessors.
How to Avoid Risks Before Implementing Industrial IoT Solutions
Industrial IoT solutions are often implemented at Enterprises with a high
proportion of machine manufacturing. For a well-funded company, it is often
easier to implement the IoT ecosystem using modern equipment. But for some, it
would be too expensive to replace legacy manufacturing systems. Therefore,
companies often choose to adapt existing equipment and enhance it with sensors,
smart devices, and gateways. However, when choosing to implement IoT technology
in an enterprise equipped with old machines, the company has to ensure protocols
are understandable for all the devices to connect disparate data stores, and
solve all the compatibility issues. According to McKinsey, a company moving to
EIoT has to solve compatibility issues for about 50% of all devices. If
compatibility issues are not solved appropriately, the solution may not function
as intended, or even at all. The wrong algorithm or incorrect integration can
lead to hardware malfunctions and equipment damages, overheating, explosion, or
system failure.
How remote working impacts security incident reporting
The risks of an impeded reporting process due to remote working are
significant. When incidents go unreported, reports are delayed/miscommunicated
or follow-up actions/responses are hindered, it can leave vulnerabilities
exposed and/or buy attackers time in the system to infiltrate more of the
network before the security team can detect and contain threats and malicious
activity, Chavoya warns. This can not only exacerbate the severity of
incidents and attacks but can also damage both the reputation of a business
and its ability to meet certain data protection regulations which stipulate
strict rules surrounding disclosure. These could lead to loss of customer
confidence and large monetary penalties. It is therefore paramount for
security teams to update their reporting policies and processes to account for
the security implications of remote working. “The home and hybrid working
trend is here to stay, so it is incredibly dangerous for security teams to
rely on policies and processes designed for a bygone era when most, if not
all, employees were based in a controlled office environment,” says
Holyome.
IT leadership: 5 ways to create a culture of gratitude
Expressing gratitude is an integral part of a healthy culture. I think it
starts with a leader maintaining healthy personal humility and respect and
empathy for their staff, so that gratitude is coming from a genuine place.
Thank-yous should be prompt, specific, and connect the accomplishment to its
impact on our mission of educating students. Thanking a team for finishing a
project, as in: “Your team successfully implemented this project, which I
really appreciate” is more powerful when it adds, “The new UI will help our
students better determine what classes they still need to take in order to
graduate.” It’s helpful to give customer feedback as well, such as “I talked
with an adviser who says this will really help her more accurately advise
students.” IT teams always see a steady stream of problem tickets, so hearing
how their work is impacting students and faculty, and/or hearing verbatim
feedback from delighted users, can be very encouraging. In addition to
thanking employees individually, department emails and all-staff meetings and
parties should all include recognition and gratitude for recent
accomplishments, and a little free food and swag never hurts, either.
5 pitfalls to avoid when partnering with startups
For Bedi, it came as a rude shock when he found out a startup he was working
with on a project didn’t have an internal development team and instead relied
on a third party for its deliverables. “We had partnered with a startup on a
customer onboarding project. A delay of 15 to 20 days is acceptable but alarm
bells ring when there is a significant overrun of timelines. In our case,
there was a delay of more than two months,” says Bedi. “Not only a lack of
bandwidth but also the brief that the startup receives from the enterprise and
passes to the third party gets lost in translation. It doesn’t help that the
startup didn’t read the detailed business requirements document.”
Unfortunately, it’s tough to cut this risk altogether, Bed says. “There are
few IT leaders who verify the credentials of a startup to the extent of asking
the CVs of their team members. Even if some do so, some startups resort to
‘body shopping,’” he says, referring to the practice of recruiting workers to
contract their services out on a tactical short- to mid-term basis. So, what’s
the way out? The best approach is to open a clear line of communication with
the startup and ensure transparency.
Implications of Emerging Technology on Cyber-Security
Proper understanding of the new technologies is very important; this includes
risk assessment and evaluation of the new technology, followed by proper
planning for implementation and risk mitigation. Risks are changing much
faster than organisations can mitigate them. Unfortunately, there is no silver
bullet for cyber-security, but there are three areas that must be carefully
planned: Organizations must ensure they understand the risks of any new
technology they install, as this will be key to properly securing it. As a
result, training and education on the new technology is a cornerstone to build
on, and this is not just for technology people but for everyone involved who
works with critical data and new technologies. Although ultimate
accountability will still rest with the organization’s senior management, the
information security team has the responsibility to study the new technology
well and evaluate the associated risks. The primary goal is to foster an
organisational culture that encourages both risk-based decision making and
innovation and new technology adoption.
Quote for the day:
"Leadership does not always wear the
harness of compromise." -- Woodrow Wilson
No comments:
Post a Comment