Daily Tech Digest - November 23, 2022

What's coming for cloud computing in 2023

Enterprises often move to multicloud on purpose, but way more often multicloud just happens as enterprises strive to find and leverage best-of-breed cloud services with no plan for what to do with those services after deployment. This leads to too much cost and not enough return of value to the business. Old story. This cloud complexity problem can be solved through the strategic use of technology and better approaches to manage the complexity. Most important is reducing redundancy by using a common layer of technology above the public cloud providers as well as above any legacy or edge-based systems. This layer includes common services, such as a single security system, a single data management system, finops, a single cloud operations system, etc. We’re not attempting to solve every problem within the “walled garden” of each public cloud provider; this technology should exist within a common layer, aka supercloud or metacloud. This strategic cloud trend not only solves the complexity problems by leveraging common services and a common control plane, it also helps get cloud costs under control through a common finops layer that handles cost monitoring, cost governance, and cloud cost optimization.

Best practices for implementing a company-wide risk analysis program

The first step is determining what is critical to protect. Unlike accounting assets (e.g., servers, laptops, etc.), in cybersecurity terms this would include things that are typically of broader business value. Often the quickest path is to talk with the leads for different departments. You need to understand what data is critical to the functioning of each group, what information they hold that would be valuable to competitors and what information disclosures would hurt customer relationships. Also assess whether each department handles trade secrets, or holds patents, trademarks, and copyrights. Finally, assess who handles personally identifiable information (PII) and whether the group and its data are subject to regulatory requirements such as GDPR, PCI DSS, CCPA, Sarbanes Oxley, etc. When making these assessments, keep three factors in mind: what needs to be safe and can’t be stolen, what must remain accessible for continued function of a given department or the organization, and what data/information must be reliable (i.e., that which can’t be altered without your knowledge) for people to do their jobs.

What Is Data Virtualization?

The process of data virtualization is quite simple. Data is accessed in its original form and source. Unlike typical “extract, transform, and load” (ETL) processes, virtualization doesn’t require data to be moved to a data warehouse or data lake first. Data is aggregated in a single location, known as a virtual data layer. Using this layer, enterprises can develop simple, holistic, and customizable views (also known as dashboards) for accessing and making sense of data. Using these tools, users can also pull real-time reports, manipulate data, and perform advanced data processes such as predictive maintenance. Data is easily accessible via dashboards from anywhere. ... While data is critical to the decision-making process, not just any data will do. The data used must be accurate, up-to-date, and logical. It must also be displayed in a way that all stakeholders can understand, whether a user is a data scientist or a C-level executive. Data virtualization enables stakeholders to access the specific data they need when they need it. Because data isn’t just a replication from any given time, all data is accurate to the minute. 

LockBit 3.0 Says It's Holding a Canadian City for Ransom

LockBit operators posted screenshots showing files of different departments and other data as a proof for their claim, but Information Security Media Group was unable to immediately contact the municipality and confirm the authenticity of the documents. The attack comes on the heels of a new National Cyber Threat Assessment 2023-2024 by the Canadian Center for Cyber Security. The report, which says ransomware is "the most disruptive form of cybercrime facing Canadians," adds that ransomware benefits significantly from the specialized cybercrime economy and the growing availability of stolen information. "So long as ransomware remains profitable, we will almost certainly continue to see cybercriminals deploying it," the report says. The city of Westmount's official website was not affected by the attack, and the municipality says any updates on the recovery will be communicated on the site. The mayor assured residents that data security is its "top priority" and so "is the protection of our residents' and employees' information."

A brief history of industrial IoT

Most early networking technologies were wired: Connection required cables that physically linked your device to the network. Network bandwidth — the amount of data that can be conveyed in a period of time — for 10BASE-T Ethernet connections, one of the most widely used standards established in the late 1980s and early 1990s, allowed for as much as 10 Megabits of data per second. In contemporary times, wired networks support connections of 1,000 Megabits of data per second (1000BASE-T or 1 Gigabit) or even 10 Gigabits of data per second (10GBASE-T) for modern Ethernet connections. Wireless and cellular networking, which eliminated the need for a cable to each device, was a significant shift for IIoT. Standardized in 1999, 802.11b was one of the first standards supported in products from many manufacturers and was a predecessor to the Wi-Fi 6E standard established in 2020. Modern Wi-Fi devices not only offer speeds anywhere from 50 to 800 times as fast as earlier equipment, but the devices may also perform reliably in much more dense radio environments than their predecessors.

How to Avoid Risks Before Implementing Industrial IoT Solutions

Industrial IoT solutions are often implemented at Enterprises with a high proportion of machine manufacturing. For a well-funded company, it is often easier to implement the IoT ecosystem using modern equipment. But for some, it would be too expensive to replace legacy manufacturing systems. Therefore, companies often choose to adapt existing equipment and enhance it with sensors, smart devices, and gateways. However, when choosing to implement IoT technology in an enterprise equipped with old machines, the company has to ensure protocols are understandable for all the devices to connect disparate data stores, and solve all the compatibility issues. According to McKinsey, a company moving to EIoT has to solve compatibility issues for about 50% of all devices. If compatibility issues are not solved appropriately, the solution may not function as intended, or even at all. The wrong algorithm or incorrect integration can lead to hardware malfunctions and equipment damages, overheating, explosion, or system failure. 

How remote working impacts security incident reporting

The risks of an impeded reporting process due to remote working are significant. When incidents go unreported, reports are delayed/miscommunicated or follow-up actions/responses are hindered, it can leave vulnerabilities exposed and/or buy attackers time in the system to infiltrate more of the network before the security team can detect and contain threats and malicious activity, Chavoya warns. This can not only exacerbate the severity of incidents and attacks but can also damage both the reputation of a business and its ability to meet certain data protection regulations which stipulate strict rules surrounding disclosure. These could lead to loss of customer confidence and large monetary penalties. It is therefore paramount for security teams to update their reporting policies and processes to account for the security implications of remote working. “The home and hybrid working trend is here to stay, so it is incredibly dangerous for security teams to rely on policies and processes designed for a bygone era when most, if not all, employees were based in a controlled office environment,” says Holyome. 

IT leadership: 5 ways to create a culture of gratitude

Expressing gratitude is an integral part of a healthy culture. I think it starts with a leader maintaining healthy personal humility and respect and empathy for their staff, so that gratitude is coming from a genuine place. Thank-yous should be prompt, specific, and connect the accomplishment to its impact on our mission of educating students. Thanking a team for finishing a project, as in: “Your team successfully implemented this project, which I really appreciate” is more powerful when it adds, “The new UI will help our students better determine what classes they still need to take in order to graduate.” It’s helpful to give customer feedback as well, such as “I talked with an adviser who says this will really help her more accurately advise students.” IT teams always see a steady stream of problem tickets, so hearing how their work is impacting students and faculty, and/or hearing verbatim feedback from delighted users, can be very encouraging. In addition to thanking employees individually, department emails and all-staff meetings and parties should all include recognition and gratitude for recent accomplishments, and a little free food and swag never hurts, either.

5 pitfalls to avoid when partnering with startups

For Bedi, it came as a rude shock when he found out a startup he was working with on a project didn’t have an internal development team and instead relied on a third party for its deliverables. “We had partnered with a startup on a customer onboarding project. A delay of 15 to 20 days is acceptable but alarm bells ring when there is a significant overrun of timelines. In our case, there was a delay of more than two months,” says Bedi. “Not only a lack of bandwidth but also the brief that the startup receives from the enterprise and passes to the third party gets lost in translation. It doesn’t help that the startup didn’t read the detailed business requirements document.” Unfortunately, it’s tough to cut this risk altogether, Bed says. “There are few IT leaders who verify the credentials of a startup to the extent of asking the CVs of their team members. Even if some do so, some startups resort to ‘body shopping,’” he says, referring to the practice of recruiting workers to contract their services out on a tactical short- to mid-term basis. So, what’s the way out? The best approach is to open a clear line of communication with the startup and ensure transparency. 

Implications of Emerging Technology on Cyber-Security

Proper understanding of the new technologies is very important; this includes risk assessment and evaluation of the new technology, followed by proper planning for implementation and risk mitigation. Risks are changing much faster than organisations can mitigate them. Unfortunately, there is no silver bullet for cyber-security, but there are three areas that must be carefully planned: Organizations must ensure they understand the risks of any new technology they install, as this will be key to properly securing it. As a result, training and education on the new technology is a cornerstone to build on, and this is not just for technology people but for everyone involved who works with critical data and new technologies. Although ultimate accountability will still rest with the organization’s senior management, the information security team has the responsibility to study the new technology well and evaluate the associated risks. The primary goal is to foster an organisational culture that encourages both risk-based decision making and innovation and new technology adoption.

Quote for the day:

"Leadership does not always wear the harness of compromise." -- Woodrow Wilson

No comments:

Post a Comment