Daily Tech Digest - November 06, 2023

Business Continuity vs Disaster Recovery: A Guide to Key Differences

Business continuity is like an umbrella, covering every aspect of your business that could be impacted by disruptions – not just technology. Think of it as the master plan that keeps your entire operation functioning when faced with challenges. In contrast, IT disaster recovery is more specific; its focus lies in restoring systems, applications and data after an interruption occurs in tech infrastructure due to any number of causes – natural disasters, cyber-attacks or human error. The first major difference between these two concepts comes down to their scope. While business continuity covers all areas affected by potential disruptions, IT disaster recovery focuses on ensuring technological infrastructures remain functional following crises. Secondly, they have different end goals: while business continuity aims at maintaining essential functions across the organization during a crisis situation till normalcy returns; IT disaster recovery’s objective is getting systems back up and running post-interruption. A third distinction lies within timeframes: A Business Continuity Plan often has longer-term solutions compared to quicker response times expected from an effective Disaster Recovery Plan.

Unlocking the power of multi-cloud

In the era of digital transformation and widespread cloud migration, ensuring robust data security has become a paramount concern for enterprises. The introduction of regulations, such as the Digital Personal Data Protection Act 2023, extends the scope of compliance to smaller businesses, emphasizing the need for comprehensive data protection strategies. End-to-End Data Security Platforms: To address the evolving landscape of data security, businesses are advised to adopt full end-to-end data security platforms. These platforms serve a multifaceted role, helping organizations discover, protect, monitor, and respond to threats across on-premises and cloud environments. Structured and Unstructured Data Management: Platforms should enable the discovery and classification of both structured and unstructured data, providing a comprehensive view of data assets. This capability is crucial for effective data management and compliance efforts. Continuous Monitoring for Risk Mitigation: Implementing continuous monitoring practices is essential for reducing the risk of data breaches. This involves vigilant oversight of data access across on-premises and multiple cloud environments.

Shadow IT use at Okta behind series of damaging breaches

Okta CISO David Bradbury said: “The unauthorised access to Okta’s customer support system leveraged a service account stored in the system itself. This service account was granted permissions to view and update customer support cases. “During our investigation into suspicious use of this account, Okta Security identified that an employee had signed into their personal Google profile on the Chrome browser of their Okta-managed laptop. “The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device,” he said. Bradbury added: “We offer our apologies to those affected customers, and more broadly to all our customers that trust Okta as their identity provider. We are deeply committed to providing up-to-date information to all our customers.” Okta said its investigation had been complicated by a failure to identify file downloads in customer support vendor logs. 

Getting Aggressive with Cloud Cybersecurity

The best way to get started is by evaluating vendors that offer proactive cloud security tools and determining their capabilities, Dalling advises. He also suggests reviewing the existing cloud-native inventory and security techniques. “Work with your organization’s security operations center to determine the most effective way to integrate a proactive cloud security tool into their monitoring and incident response workflows,” Dalling adds. By adopting a proactive cloud security approach, organizations can safeguard themselves against security threats, ensure compliance, and increase customer trust, says Ravi Raghava, vice president of cloud solutions at technology integrator SAIC via email. “This approach is often more cost effective than dealing with the aftermath of a security breach, which can result in substantial financial and reputational losses.” He notes that business partners are more likely to trust organizations that prioritize the protection of their data through proactive security steps.

Lessons From 100+ Ransomware Recoveries

Your data retention policy is how long you keep data for regulatory or compliance reasons, and how you remove it when it’s no longer needed. Ransomware attackers have evolved their methods. They know you are less likely to pay out if you can quickly switch over to Disaster Recovery systems. They are now delaying detonation of ransomware to outlast typical retention policies. This is the limitation of DR solutions. While they are the fastest way to recover, they have a limited number of versions or days you can recover to. For one of our manufacturing customers – using both our BaaS and DRaaS products – the ransomware was present on their systems for around three months. That meant that every DR recovery point was compromised, and we had to recover from backups. The Recovery Time Objective (RTO) was a day. We recovered from backups, so it took longer than DR but relatively speaking, it was a fast recovery. The Recovery Point Objective (RPO), however, was from three months prior. The challenge that the organisation then faced was how to re-create that lost data. 

Exploring the global shift towards AI-specific legislation

It is vital that the public – but moreover, all stakeholders – be involved in discussions around AI. The technology companies developing AI, for example, are likely the best placed to understand the technology fully and can help guide any such discussion. Those organizations deploying the technology must also be closely involved, as they have a particular viewpoint to offer. Governments also need to be a part of the discussion. The position of various nations can offer value and help steer the decision-making of all those governments represented in this context. Finally, let’s not forget the general public, the individuals whose data will likely be processed by the technology. All play valuable yet different roles and will come with different viewpoints that should be aired and considered. ... Legislation or any form of regulation is often seen as restrictive: by its very nature, it comprises a set of rules that govern. That is often interpreted as “restrictive” and hinders development, innovation, and technological advancement in this context. That is a generalist, simplistic, and somewhat dismissive view.

The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now

With the work-from-home revolution continuing, the risks posed by workers connecting or sharing data over improperly secured devices will continue to be a threat. Often, these devices are designed for ease of use and convenience rather than secure operations, and home consumer IoT devices may be at risk due to weak security protocols and passwords. The fact that industry has generally dragged its feet over the implementation of IoT security standards, despite the fact that the vulnerabilities have been apparent for many years, means it will continue to be a cyber security weak spot – though this is changing. ... Two terms that are often used interchangeably are cyber security and cyber resilience. However, the distinction will become increasingly important during 2024 and beyond. While the focus of cyber security is on preventing attacks, the growing value placed on resilience by many organizations reflects the hard truth that even the best security can’t guarantee 100 percent protection. Resilience measures are designed to ensure continuity of operations even in the wake of a successful breach. 

Andrew McAfee – ‘Human beings are chronically overconfident’

All of us, as human beings, are chronically overconfident. It’s the most common cognitive bias. That means that your brain children are going to be very, very dear to you, to the point that you’re probably unable to see the holes and the flaws. So that’s a problem. The solution is other people. This is how science works. This is why I describe one of the great geek norms is simply as “science”. Science is really subjecting your ideas to the scrutiny of other people, and then having evidence-based discussions about the merits of those ideas. Is this good? Is this correct or not? One thing you can absolutely start doing is being a little less fond of your own ideas and stress testing those ideas early and often with other people. Another thing we can do is acknowledge other people’s good ideas. Just start saying, “That’s a really good idea, thanks. I hadn’t thought of that. Maybe we should take a different approach here.” Those kinds of statements are super powerful, especially when they are coming from leader in an organisation, because as humans we are wired to take are cues from the people who have high status in an organisation. especially coming from leaders in an organisation. 

IT leader’s survival guide: 8 tips to thrive in the years ahead

With so many disruptive technologies emerging at once, and IT leaders pulled in to solving so many more business challenges, it’s easy to get caught up in the fervor. But in addition to embracing change, IT leaders need to develop a multifaceted approach to navigating current technology and business challenges, says Sanjay Srivastava, chief digital strategist at Genpact. “IT leaders need to adapt by adopting a holistic approach that focuses on resilience, agility, diversification, and collaboration,” Srivastava says. “In this evolving IT investment landscape, the definition of risk has not changed, but the timeframe for response has shortened.” ... It can be difficult to adapt quickly as technology advances, while working to comply with varying regulations across state lines and borders. “The challenge is that the technology footprint — and our understanding of potentials and pitfalls — is still maturing, for instance with generative AI. It’s understandable and expected that regulations will evolve, and working through the changes coming in an otherwise long-term tech stack will be key to getting it right,” he says.

Empowered Agile Transformation – Beyond the Framework

The Executive team could be working 10 to 20 years out of date, because their expertise and experience that got them to their current position has lost its relevance in a world of accelerated change. Their approach can be to apply past experience to current problems. Their 20-year-old solutions are incompatible with contemporary problems. They need to retrain to adopt flexible systems that adapt to new challenges. Otherwise, the workers are constrained by the level of understanding of group executives, and progress is inhibited. They are impeding their teams’ potential. We have all the tools to work contemporaneously today. We have the technology, tools, and experience to leverage agility in delivering value. It is now the executive leaders and company boards fighting the new way; a more collaborative way to generate value for businesses and their customers. The solution is to understand their current customers’ problems, and identify threats to their business models, while gaining the skills and competencies to apply contemporary ways of working.

Quote for the day:

"The most difficult thing is the decision to act, the rest is merely tenacity." -- Amelia Earhart

No comments:

Post a Comment