Understanding Data Security Posture Management for Protecting Cloud Data
To help organizations protect their data from data loss, a new approach emerged
in 2022 in the form of data security posture management (DSPM). Today it is
proving to be a critical tool for effective data security because of its laser
focus on the data layer. DSPM allows organizations to identify all their
sensitive data, monitor and identify risks to business-critical data, and
remediate and protect that information. To get a better handle on this new
approach and what it does, let’s consider what DSPM is not. ... DSPM’s ability
to autonomously discover, monitor, and remediate risk creates an effective tool
for an organization’s security posture. Beyond that, your DSPM solution of
choice needs to operate in a manner that doesn’t require deployment of agents
everywhere. Your DSPM should be easy to get up and running and allow you to
quickly realize benefits by mining meaningful amounts of data to deliver
visibility into what's going on within your environment from a risk perspective.
DSPM solutions are proven to deliver accurate results and offer significant ROI
for organizations.
Arctic Wolf CEO on Incident Response, M&A, Cyber Insurance
Many organizations struggle with preparing for a security incident even if they
have an internal security team and have procured cyber insurance, Schneider
says. Businesses often haven't prepared their systems or documented escalation
paths or how their environment is set up, which makes it nearly impossible to
quickly get information over to an incident response provider in the event of an
attack, Schneider says. "The less time that you're spending on compiling
information, the more time you're able to spend on remediating the threat and
the less time you've taken between an incident occurring and the beginning of a
response," Schneider says. Most companies don't know what they need to have
documented or prepared in the event of a security incident and therefore end up
reaching out to their insurance provider or incident responder while an attack
is taking place to see what questions they have, Schneider says. Although the
answers to these questions are relatively static, he says it takes a lot of time
to gather the information needed to respond
UK government introduces revised data reform bill to Parliament
“Co-designed with business from the start, this new bill ensures that a vitally
important data protection regime is tailored to the UK’s own needs and our
customs,” said science, innovation and technology secretary Michelle Donelan.
“Our system will be easier to understand, easier to comply with, and take
advantage of the many opportunities of post-Brexit Britain. No longer will our
businesses and citizens have to tangle themselves around the barrier-based
European GDPR [General Data Protection Regulation]. “Our new laws release
British businesses from unnecessary red tape to unlock new discoveries, drive
forward next-generation technologies, create jobs and boost our economy.” The
government added the revised bill will also support increased international
trade without creating extra costs for businesses already compliant with
existing data protection rules, as well as boost public confidence in the use of
artificial intelligence (AI) technologies by clarifying the circumstances in
which safeguards apply to automated decision-making.
Municipal CISOs grapple with challenges as cyber threats soar
"The diversity of our business services and the corresponding diversity of
systems is unparalleled in that no organization does what our municipal
government does," Michael Makstman, CISO for the City and County of San
Francisco and co-chair of the Coalition of City CISOs, tells CSO. "We fly
planes, we pave roads, we provide public safety services," Makstman says. "We
operate one of the largest, if not the largest, trauma centers on the West
Coast. We support many legal professionals for some of the largest legal firms
in the country. At the same time, we make sure that vulnerable populations have
access to food and care. We have an outstanding municipal transportation
network. We have buses and subways and our world-famous cable car." ... CISOs of
municipal organizations of all sizes are required to deftly handle the politics
of the governments they serve and the individual service providers themselves,
Hamilton says. CISOs are not always welcomed into agencies that do not directly
employ them.
Decoding Digital Twins: Exploring the 6 main applications and their benefits
Although the roots of digital twins go back to NASA’s Apollo program in 1970,
the concept of creating digital replicas of physical assets and
visualizing/simulating/predicting in a virtual world is extremely suitable for
companies that are trying to make Industry 4.0 a reality or are aiming toward
future industrial metaverse projects. Make no mistake: While the definition of a
digital twin may be straightforward, its applications are numerous. In 2020, we
published our first market research on the topic and showcased that there may,
in fact, be 200 or more different types of digital twins. The feedback we
received from you was that classification helps to ensure apple-to-apple digital
twin comparisons, but questions remain about the hotspots of activity.
Therefore, as part of our new 233-page Digital Twin Market Report 2023-2027, we
classified 100 real digital twin projects along the three dimensions and found
six main areas of activity. These six digital twin application hotspots cover
two thirds of all digital twin projects we analyzed.
Cloud trends 2023: Cost management surpasses security as top priority
For the first time, since Flexera began its annual survey of cloud
decision-makers, security was not the top challenge reported by respondents. As
revealed in the Flexera 2023 State of the Cloud Report, released on March 8,
2023, 82% of respondents from across all organizations indicated that their top
cloud challenge is managing cloud spend, edging out security at 79%.These
shifting challenges may be the result of organizations becoming increasingly
comfortable with cloud security, while needing to manage the greater spend
associated with their increased reliance on cloud services. Lack of resources or
expertise was reported as a top cloud challenge by 78% of respondents, making it
the third major cloud challenge for today’s businesses. ... Cloud cost
management responsibilities are often spread across teams within an
organization. Year over year, vendor management and finance or accounting
teams have less responsibility for cloud expenses. Instead, initiatives are
shifting to finops teams. Finops, the practice of cloud cost management, is a
growing priority.
Why IT communications fail to communicate
If you prefer to communicate via documentation — and encourage everyone in your
organization to follow suit — four facets of communication are getting in your
way. Language: Every natural language, be it English, Latin, or even Esperanto,
is imprecise at best. Synonyms are approximate, not exact; words are defined by
other words, leading us down the path of infinite recursion; different people
bring different vocabularies and assumptions to their attempts to interpret what
they’re reading. ... Disambiguation: No matter how even the best writers might
try, they’ll never create a document that’s completely free of ambiguity and
entangled logic. In making the attempt, many find themselves trudging along the
literary path of a different profession for which ambiguity and the likelihood
of misinterpretation are equally problematic ... Disagreements: No matter how
well a business analyst (going back to our app dev example) describes their
design, the stakeholders they’ve worked with to create it aren’t always going to
agree on all points. Stakeholder disagreements unavoidably turn into design
compromises and, worse, inconsistent specifications.
Cloud Native Testing Trends for 2023
Testing in a cloud native environment can be challenging, as it involves testing
across multiple platforms and services, using a diverse set of tools that can
vary greatly across teams and workflows. The distributed nature of cloud native
applications means that testing must be performed on a larger scale, with more
components to be tested. DevOps teams must also consider the impact of the
underlying infrastructure on testing, as changes to the infrastructure can
affect the behavior of the application. To overcome these challenges,
organizations are adopting a cloud native testing strategy that incorporates
automation and integrates testing into the development process. ... DevOps
engineers are increasingly taking ownership of testing, and tools like Testkube
can help them easily integrate testing into their workflows. By taking a
collaborative approach to testing, DevOps engineers can ensure that testing is
done throughout the development life cycle, reducing the risk of bugs slipping
through to production.
Stress-Test Your Software to Prevent a Southwest-Type Calamity
Stress tests typically subject a software system to very large workloads in the
form of a high volume of requests or a high rate of failure in individual
components. “The idea is to simulate a worst-case scenario with potentially
unpredictable side effects,” Padhye says. Testing reveals how a system will
react to slowdowns, memory leaks, security issues, and data corruption. “Across
performance-based testing, stress tests must be paired with load tests,” Feloney
advises. “For example, spike tests examine how a system will fare under sudden,
high ramp-up traffic, and soak tests examine the system’s sustainability over a
long period.” Stress tests can either be performed in an isolated environment
designed for quality purposes, or directly on the live customer-facing
deployment. “While it sounds scary, testing a live deployment is far more
representative of a real extreme scenario, because it also incorporates the
human factor presented by users responding to the simulated events in a
hard-to-predict way,” Padhye explains.
Innovating in an economic downturn: 4 tips
During a downturn, you may lose the ability to hire full-time employees but
still have things to do and room in your budget. Finance might be more open to a
capital expense than an operational expense during these times. This is a
perfect opportunity to bring in outside help to take care of your distractions
so your team can spend time and energy on innovation. Distractions take a lot of
time and effort but aren’t core to what an organization does. For example,
organizations today spend a lot of time supporting their applications and
systems. As a result, many choose to hire outside firms to handle these
activities so that their internal teams can focus on innovation and projects
that grow their top line. ... Sometimes you simply don’t have internal resources
with an invention mindset or experience innovating. Consultants can help fill
the gap, facilitating discussions that drive innovation and partnering with your
teams to show them how to work through the innovation process. External experts
provide a critical outside perspective and facilitate conversations that drive
meaningful innovation.
Quote for the day:
"Leadership without mutual trust is a
contradiction in terms." -- Warren Bennis
