Advanced Microsegmentation Strategies for IT Leaders
Microsegmentation, and network segmentation in general, is a 50-year-old
cybersecurity strategy that “involves dividing a network into smaller zones to
enhance security by restricting the movement of a threat to an isolated segment
rather than to the whole network,” says Guy Pearce, a member of the ISACA
Emerging Trends Working Group. ... Moyle says that any segmentation (micro or
otherwise) can be “part of a security strategy based on use case, architecture
and other factors.” He notes that microsegmentation itself isn’t an end goal for
security, and that IT leaders should instead see it as “a mechanism that’s part
of a broader holistic strategy.” That said, many factors go into a successful
microsegmentation implementation, namely careful planning. Microsegmentation
goes hand in hand with setting up granular security policies. It also relies on
continuous monitoring, evaluation and user education awareness, Pearce says.
Successful microsegmentation also requires automation, incident response
orchestration and cross-team collaboration. None of that is sustainable without
a solid, well-maintained network architecture map.
Could DC win the new data center War of the Currents?
Fundamentally, electronics use DC power. The chips and circuit boards are all
powered by direct current, and every computer or other piece of IT equipment
that is plugged into the AC mains has to have a “power supply unit” (PSU), also
known as a rectifier or switched mode power supply (SMPS) inside the box,
turning the power from AC to DC. ... Data centers have an Uninterruptible Power
Supply (UPS) designed to power the facility for long enough for generators to
fire up. The UPS has to have a large store of batteries, and they are powered by
DC. So power enters the data center as AC, is converted to DC to charge the
batteries, and then back to AC for distribution to the racks. ... Data centers
are now looking at using microgrids for power. That means drawing on-site energy
directly from sources such as fuel cells and solar panels. As it turns out,
those sources often conveniently produce direct current. A data center could be
isolated from the AC grid, and live on its own microgrid. On that grid DC power
sources charge batteries, and power electronics which fundamentally run on DC.
In that situation, the idea of switching to AC for a short loop around the
facility begins to look, well, odd.
5 key metrics for IT success
When merged, speed, quality, and value metrics are essential for any
organization undergoing transformation and looking to move away from traditional
project management approaches, says Sheldon Monteiro, chief product officer at
digital consulting firm Publicis Sapient. “This metric isn’t limited to a
specific role or level within an IT organization,” he explains. “It’s relevant
for everyone involved in the product development process.” Speed, quality, and
value metrics represent a shift from traditional project management metrics
focused on time, scope, and cost. “Speed ensures the ability to respond swiftly
to change, quality guarantees that changes are made without compromising the
integrity of systems, and value ensures that the changes contribute meaningfully
to both customers and the business,” Monteiro says. “This holistic approach
aligns IT practices with the demands of a continuously evolving landscape.”
Focusing on speed, quality, and value provides a more nuanced understanding of
an organization’s adaptability and effectiveness. “Focusing on speed, quality,
and value provides insights into an organization’s ability to adapt to
continuous change,” Monteiro says.
The future of cybersecurity: Anticipating changes with data analytics and automation
In recent years, cybersecurity threats have undergone a notable evolution,
marked by the subtler tactics of mature threat actors who now leave fewer
artifacts for analysis. The old metaphor ‘looking for a needle in a haystack’
(to describe the detection of malicious activity) is now more akin to ‘looking
for a needle in a stack of needles.’ This shift necessitates the establishment
of additional context around suspicious events to effectively differentiate
legitimate from illegitimate activities. Automation emerges as a pivotal element
in providing this contextual enrichment, ensuring that analysts can discern
relevant circumstances amid the rapid and expansive landscape of modern
enterprises. The landscape of cyber threats continues to further evolve, and
recent high-profile data breaches underscore the gravity of the shift. In
response to these challenges, data analytics and automation play a crucial role
in detecting lateral movement, privilege escalation, and exfiltration,
particularly when threat actors exploit zero-day vulnerabilities to gain entry
into an environment.
Significance of protecting enterprise data
In a world where data fuels innovation and growth, protecting enterprise data is
not optional; it’s essential. The digital age has ushered in a complex threat
landscape, necessitating a multifaceted approach to data protection. From
next-gen SOCs and application security to IAM, data privacy, and collaboration
with SaaS providers, every aspect plays a vital role. As traditional security
tools and firewalls are no longer sufficient to detect and respond to modern
threats, next-generation security operations centres (SOCs) can play a proactive
role by leveraging technologies like AI, machine learning, and user behavior
analytics. They can analyse huge volumes of data in real-time to detect even the
most well-hidden attacks. Early detection and quick response are crucial to
minimise damage from security incidents. Next-gen SOCs play a pivotal role in
safeguarding enterprises by enhancing visibility, shortening response times, and
reducing security risks. Protecting applications is equally important, as in the
digital age, applications are the conduit through which data flows. Many
successful breaches target exploitable vulnerabilities residing in the
application layer, indicating the need for enterprise IT departments to be extra
vigilant about application security.
A changing world requires CISOs to rethink cyber preparedness
A cybersecurity posture that is societally conscious equally requires adopting
certain underlying assumptions and taking preparatory actions. Foremost among
these is the recognition that neutrality and complacency are anathema to one
another in the context of digital threats stemming from geopolitical tension. As
I recently wrote, the inherent complexity and significance of norm politicking
in international affairs leads to risk that impacts cybersecurity stakeholders
in nonlinear fashion. Recent conflicts support the idea that civilian hacking
around major geopolitical fault lines, for instance, operates on divergent
logics of operations depending on the phase of conflict that is underway. The
result of such conditions should not be a reluctance to make statements or take
actions that avoid geopolitical relevance. Rather, cybersecurity stakeholders
should clearly and actively attempt to delineate the way geopolitical threats
and developments reflect the security objectives of the organization and its
constituent community. They should do so in a way that is visible to that
community.
AI-powered 6G wireless promises big changes
According to Will Townsend, an analyst at Moor Insights & Strategy, things
are accelerating more quickly with 6G than 5G did at the same point in its
evolution. And speaking of speeds, that will also be one of the biggest and most
transformative improvements of 6G over 5G, due to the shift of 6G into the
terahertz spectrum range, Townsend says. “This will present challenges because
it’s such a high spectrum,” he says. “But you can do some pretty incredible
things with instantaneous connectivity. With terahertz, you’re going to get
near-instantaneous latency, no lag, no jitter. You’re going to be able to do
some sensory-type applications.” ... The new 6G spectrum also brings another
benefit – an ability to better sense the environment, says Spirent’s Douglas.
“The radio signal can be used as a sensing mechanism, like how sonar is used in
submarines,” he says. That can allow use cases that need three-dimensional
visibility and complete visualization of the surrounding environment. “You could
map out the environment – the shops, buildings, everything – and create a
holistic understanding of the surroundings and use that to build new types of
services for the market,” Douglas says.
What distinguishes data governance from information governance?
Data governance is primarily concerned with the proper management of data as a
strategic asset within an organization. It emphasizes the accuracy,
accessibility, security, and consistency of data to ensure that it can be
effectively used for decision-making and operations. On the other hand,
information governance encompasses a broader spectrum, dealing with all forms of
information, not just data. It includes the management of data privacy,
security, and compliance, as well as the handling of business processes related
to both digital and physical information. ... Implementing data governance
ensures that an organization's data is accurate, accessible, and secure, which
is vital for operational decision-making and strategic planning. This governance
type establishes the necessary protocols and standards for data quality and
usage. Information governance, by managing all forms of information, helps
organizations comply with legal and regulatory requirements, reduce risks, and
enhance business efficiency and effectiveness. It also addresses the management
of redundant, outdated, and trivial information, which can lead to cost savings
and improved organizational performance.
The Future Is AI, but AI Has a Software Delivery Problem
As more developers become comfortable building AI-powered software, Act Three
will trigger a new race: the ability to build, deploy and manage AI-powered
software at scale, which requires continuous monitoring and validation at
unprecedented levels. This is why crucial DevOps practices for delivering
software at scale, like continuous integration and continuous delivery (CI/CD),
will play a central role in providing a robust framework for engineering leaders
to navigate the complexities of delivering AI-powered software — therefore
turning these technological challenges into opportunities for innovation and
competitive advantage. Just as software teams have honed practices for getting
reliable, observable, available applications safely and quickly into customers’
hands at scale, AI-powered software is yet again evolving these methods. We’re
experiencing a paradigm shift from the deterministic outcomes we’ve built
software development practices around to a world with probabilistic outcomes.
This complexity throws a wrench in the conventional yes-or-no logic that has
been foundational to how we’ve tested software, requiring developers to navigate
a variety of subjective outcomes.
Generative AI – Examining the Risks and Mitigations
In working with AI, we should be helping executives in the companies we are
working with to understand these risks and also the potential applications and
innovations that can come from Generative AI. That is why it is essential that
we take a moment now to develop a strategy for dealing with Generative AI. By
developing a strategy, you will be well positioned to reap the benefits from the
capabilities, and will be giving your organization a head-start in managing the
risks. When looking at the risks, companies can feel overwhelmed or decide that
it represents more trouble than they are willing to accept and may take the
stance of banning GenAI. Banning GenAI is not the answer, and will only lead to
a bypassing of controls and more shadow IT. So, in the end, they will use the
technology but won’t tell you. ... AI risks can be broadly categorized into
three types: Technical, Ethical, and Social. Technical risks refer to the
potential failures or errors of AI systems, such as bugs, hacking, or
adversarial attacks. Ethical risks refer to the moral dilemmas or conflicts that
arise from the use or misuse of AI, such as bias, discrimination, or privacy
violations. Social risks refer to the impacts of AI on human society and
culture, such as unemployment, inequality, or social unrest.
Quote for the day:
"In the end, it is important to remember
that we cannot become what we need to be by remaining what we are." --
Max De Pree
