In This Issue
- Cos Leading in Cloud
- Cloud Habits in 2017
- Security Concerns Top
- Report from the CEO
- GOP Changes at FCC
- Fed Govt and Mobile
- Trump Cybersecurity
- Senate Subcommittee
- 2017 Trends to Watch
- Skills Gap for Workers
- Using Threat Modeling
- Budget Cybersecurity
- Fin Svcs & Conundrum
- Big Data for Security
- 5 Ways to Secure IoT
- TPP Setback for Cloud
- Coming DCIA Events
The cloud-computing sector is one of the fastest growing sectors in technology, with the IDC predicting the sector will grow from $70 billion in 2015 to more than $140 billion by 2019.
With such rapid growth expectations, it is understandable why Wall Street is so bullish on the companies that have emerged as the leaders in the cloud.
We live in a world of big data.
Companies are not only storing more data than ever before, but they also face growing cybersecurity threats that are difficult and expensive to address.
Companies that are leaders in cloud computing offer customers a cheaper and more secure way to store and access their ever-increasing volumes of data.
Companies involved in the sector have enjoyed strong gains in recent years as customers realize the benefits of moving to the cloud, but the sector is still in its early stage, and there is plenty of room for these companies to grow… Read More
With cloud computing being embraced across all industry sectors, cloud is no longer “optional” for organizations looking to remain competitive.
As data growth continues to explode and as more organizations move critical business functions over to the cloud, expectations are high for how it will revolutionize the way organizations approach development and innovation.
As we put 2016 behind us, Victor Cheng, Managing Director, Asia South Region, Veritas, offers five predictions around cloud computing that will impact enterprises in 2017.
1. Continued acceleration toward the public cloud – Customers increasingly migrated to the public cloud in 2016 and this will only accelerate – both in speed and numbers – in 2017.
With more of their information in the cloud, organizations will look to better manage their data to maintain uptime, protection and governance.
They will also be on the lookout for tools that enable making sense of their data and extra value from it as a competitive advantage… Read More
This week a new Interop ITX Research Report entitled “2017 State of the Cloud” was published that explores the trends and challenges organizations face as cloud use continues to grow.
The report found some interesting insights and findings that Kelly Sheridan with Dark Reading summarized nicely.
“Interop ITX and InformationWeek polled 307 tech professionals at companies currently using, or planning to use, cloud computing to learn about their usage and optimization strategies.
Responses indicate a broad shift from private cloud technology to public cloud services.
The use of ‘virtualization or private cloud’ dropped from 52% in 2012 to 40% in 2016.
Infrastructure-as-a-service (IaaS), the public alternative, jumped from 30% to 57% in the same timeframe.”
Survey respondents also listed scalability, performance, and better access to resources among their reasons for switching to public cloud.
All are tough to achieve in traditional IT environments where companies must get servers and follow bureaucratic processes to use them… Read More
The DCIA commends the National Institute of Standards and Technology (NIST) for its Cybersecurity Framework, which offers plain language sound advice for enterprise adoption.
The framework helps bridge communication gaps between cybersecurity technologists and people working in other disciplines.
It is organized around an easily understood vocabulary: identify, protect, detect, respond, and recover.
“Identify” is an important starting point for cybersecurity approaches because of the tremendous quantity of new data created by businesses daily.
Business process, regulatory compliance, and customer behavior, as well as financial information, are vital components to performance improvement and innovation, and increasingly may be maintained in distributed storage environments.
Effective management demands knowing not only what data is being generated, but also its relative importance in a given business, and “identify” is therefore the essential first step in designing a sound cybersecurity strategy.
Prioritizing the importance of proprietary information will logically lead to determining and budgeting appropriate cybersecurity procedures such as virtualization, tokenization, or encryption for various types of data.
“Protect” is as important an element, and applies to software and data stored in the cloud as well an on-premises.
The implementation of improved firewalls and endpoint detection must be applied equally to remotely and locally stored information; and vulnerability assessments must be applied to supervisory control and data acquisition (SCADA) systems that run business operations.
All connected appliances require visibility and secure communications among them, which in turn demands security-by-design in upfront planning for initial deployments of hardware, software, and firmware.
The “detect” element is especially important as it relates to the speed with which an organization can pinpoint a breach or the seeding of malware in its servers, networks, or end-user devices.
Finally, the “respond” and “recover” elements are essential for addressing inevitable cyberattacks through effective preparedness.
Being able to continue to function during adversity requires that all five aspects be integrated within a comprehensive cybersecurity defense plan.
By adopting the published NIST framework, which will continue to be updated during the year, for their specific circumstances, companies can minimize harm from cyberattacks. Share wisely, and take care.
Republicans are eager to turn the page at the Federal Communications Commission (FCC) after eight years of policies under President Obama that they say have stifled innovation and burdened the tech sector.
President Trump’s appointment of Ajit Pai as FCC Chairman has raised hopes that many of the rules and regulations enacted under Obama – including the controversial net neutrality rules – will soon be on the chopping block.
Pai fought against the enactment of former Chairman Tom Wheeler’s signature Open Internet Order, which codified net neutrality, the idea that all internet traffic should be treated equally.
Republicans like Pai denounced the FCC order for reclassifying internet service providers as utilities.
The move subjected internet providers to heavier regulation, with the FCC effectively taking over regulatory jurisdiction on issues like privacy from the Federal Trade Commission (FTC).
Congresswoman Marsha Blackburn (R-N), who tried to roll back the net neutrality order through legislation, said Republicans are deliberating how to tackle net neutrality now that the party is in charge of both the executive and legislative branches… Read More
The Presidential Commission on Enhancing National Cybersecurity and the Center for Strategic and International Studies (CSIS) both released reports recently that share a pressing message: the US government must address mobile security now.
“The days of employees working only at an office using an organization-issued desktop computer fully managed by the organization are largely over,” the Cybersecurity Commission states in its report.
“Mobile technologies are heavily used by almost every organization’s employees, yet security for mobile devices is often not considered as high a priority as security for other computing platforms.”
Employees in the public sector use mobile devices every day to get their jobs done, whether supervisors know about it or not.
Fully 40 percent of employees at agencies with rules prohibiting personal smartphone use at work say the rules have little to no impact on their behavior, according to a Lookout survey.
Further complicating the issue, 64 percent of IT security leaders say it is very likely that sensitive data is present… Read More
As top US intelligence officers state that Russia engaged in a major cyber campaign to influence the 2016 election, experts are mulling over how President Donald Trump will tackle cybersecurity issues during his administration.
During his campaign, Trump said cyber matters would be an immediate and top priority for his administration.
Trump plans to order an assessment of all US cyber defenses and vulnerabilities by a review team made up of individuals from the military, law enforcement, and private sector, he said on his campaign website.
“The cyber review team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats,” he said.
Trump also plans to beef up the nation’s offensive cyber capabilities to mitigate attacks from state and non-state actors and wants to “enhance” US Cyber Command.
In December, Trump appointed Thomas Bossert as his administration’s assistant to the president for homeland security and counterterrorism, which will have a heavy focus on cybersecurity… Read More
The Senate Armed Services Committee has a new subcommittee focused on cybersecurity, with Mike Rounds (R-SD), serving as Chairman and Bill Nelson (D-FL), as ranking member.
The Cybersecurity Subcommittee’s founding follows the historic publication of evidence by the U.S. intelligence community linking Russian government officials to an extensive hacking campaign aimed at US politicians, political organizations, think tanks and lobbying firms.
While Nelson has cosponsored a handful of bills loosely related to cybersecurity policy since taking office in 2001, Rounds, who is two years into his first term, will take the Chairmanship with limited relevant experience.
In early January, prior to the appointment, Rounds wrote an op-ed that appeared in Fox News’ opinion page about federal cybersecurity strategy:
It should be apparent to all Americans that the United States is not immune to damaging cyber-attacks from hostile foreign nations and other bad actors.
We must update our national security policies to deter such attacks before a future debilitating attack occurs… Read More
Today, North American households play host to an average of 13 internet connected devices.
It’s at times like these when parties of all sizes should be relying on the expertise of IT professionals – however, a recent report showed that more than 80% of cybersecurity experts say there’s a deficit of skilled workers in the sector, and nearly as many said this has a serious impact on the compromising of devices and applications by cyberattacks.
That’s the theme of the new year we’re in: no device nor individual is safe from the wrath of cyberattacks.
Take a look at the cybersecurity trends that started in 2016 and are expected to continue to make news throughout the new year.
Cybersecurity issues have been, and will continue to be, dominated by the rise in botnets targeting Internet of Things (IoT) devices with Distributed Denial-of-Service (DDoS) attacks.
In 2016, we saw hackers harnessing the power of smart devices to take down large domains and internet providers, affecting thousands of websites, including Twitter and Spotify… Read More
US companies, girding for an expected clampdown by the Trump Administration on hiring foreign IT workers, are facing fierce competition for cybersecurity professionals at home, according to a report by job-search site Indeed.com.
Jobseekers nationwide responded to just 66.7% of all cybersecurity jobs posted on the site between July and September last year, suggesting demand outweighs supply, the report said.
That’s up from 60% over the same period in 2014, but below a 68.7% rate for similar job postings in Canada.
The results are based on aggregated and anonymized data from jobseeker and employer behavior on the site, researchers said.
Among all 10 countries analyzed in the report, the U.S. and Canada were the only two where jobseeker interest exceeded more than 50% of employer demand.
Yet a “skills gap” of varying degrees was found in every country, the report said.
Jobseeker interest in the UK, Brazil, and Germany were all below 35% of posted jobs, while Israel had the worst response rate, at 28.4%… Read More
Do you threat model? If so, when and how do you use it? If not, why?
Imagine a way for technical and business leaders – without a formal background in security – to rapidly assess threats against their minimum viable product.
That’s a key first step, early in the process, to building security in.
Asking about threat modeling is how I met Archie Agarwal.
Our initial discussion was packed with passion and energy.
Archie Agarwal is the Founder, CEO and Chief Technical Architect of ThreatModeler.
He has leveraged his more than ten years of real-world experience in threat modeling and threat assessment to help numerous Fortune 1000 companies in setting up their threat modeling process.
Archie has also created numerous threat models for web, mobile, cloud, IoT, SCADA, drone, aircraft, and various other systems… Read More
As CFOs settle into the new year, routine concerns about cybersecurity readiness are being compounded by non-traditional, “nimble” technology-enabled competition, rapid globalization, and significant political changes in major markets, including ones stemming from the US Presidential election and the UK Brexit decision.
Despite the financial demands triggered by those uncertainties, some CFOs show signs of boosting their cybersecurity spending this year.
That’s encouraging, considering that information-security budgets were essentially flat in 2016.
They registered a barely perceptible 1% dip last year, according to PwC’s Global State of Information Security Survey 2017.
Overall, IT spending this year may be wavering. Research firms Gartner and IDC recently issued a slight downward revision in forecasts for global IT spending in 2017.
While the outlook for IT and security spending is indistinct, one thing is certain: CFOs today are more involved in cybersecurity budget discussions and decisions… Read More
Depending on your source, UK cloud adoption rates are currently anywhere between 78% and 84%, and while cloud is no longer a new phenomenon, its importance to not only the CIO but also the full c-suite of decision makers such as CEOs, CMOs, and CFOs, is paramount as they jostle to gain a competitive advantage over competitors.
It has been argued that cloud adoption heralds the largest disruption in enterprise computing since the advent of the PC, with many industries embracing cloud-based platforms to not only cut costs but also drive efficiency.
Despite this, there has been a certain amount of trepidation from the financial services sector to make the transition and fully embrace cloud and its many advantages.
At the mere utterance of the word ‘cloud’ we used to hear a plethora of reasons why financial services organizations could not make the leap.
There were concerns over regulatory compliance as well as the complexity of functional replacement, security, and control.
And, in an era where financial institutions are more highly regulated than ever before, one could forgive these organizations… Read More
Although current industry statistics may seem somewhat intimidating, data science experts and big data enthusiasts are excited and prepared for a future that’s becoming increasingly connected to the web.
Some techniques used to harness this raw information, such as data mining, help give us an insight into the future of cybersecurity and what areas may pique interest moving forward.
Unlike the various television personalities who claim to foresee the future and tragedies in our lives, big data gives us a real-world insight into the current state of affairs.
When processing the data from large social media platforms, we begin to notice various trends and key interest points within the population.
As a brief example: when political or governmental movements begin to occur in a certain country, we notice a movement in the general consensus of that population favoring one side of the argument as opposed to another.
Similarly, when we notice an uprising popularity in certain pieces of technology, we can use this information as a forecast… Read More
Don’t let your smart bulbs and thermostats fall prey to attack by bots.
Use these five tactics to secure your IoT devices.
Distributed denial of service (DDoS) attacks have been bad for years, but the widespread infection of the Internet of Things (IoT) has given bots a new power to DDoS.
Here are the top five ways to secure your IoT:
1. Keep your firmware updated. Smart devices are no different than Windows. New vulnerabilities crop up, and patches come out to fix them. If auto-update is an option, turn it on, otherwise make it your business to know you have the latest patches.
2. Change the default password. Newer devices are forcing you to choose one, but if your device doesn’t, make sure “admin” or “12345” are not the passwords for your devices. Don’t make it easy for the bots to get in.
3. Disable remote login. If you don’t need to turn off your lights from elsewhere, then don’t make that an option… Read More
On the heels of the news that President Trump has removed the United States from the Trans-Pacific Partnership (TPP), a massive trade deal that he blasted as a candidate, experts warned of the fallout for cloud-computing companies that have been advocating for policies to break down digital trade barriers that restrict the flow of data traffic across international boundaries.
Here at the annual State of the Net tech policy conference, the news was met with disappointment by a panel of experts, who said that the provisions of the TPP governing the activities of tech companies would have been an important step toward establishing international norms for trade in the digital age.
“Basically, it was the first step in terms of important international agreements that began to set a legal foundation for digital trade,” said Claude Barfield, Resident Scholar at the American Enterprise Institute, a conservative think tank.
“And now with the TPP being gone that has now been swept away.”
“So the Trump administration is starting from zero, as it were, in terms of digital trade rules with whatever else it does.”
Trump’s executive order canceling US involvement in the TPP was hardly a surprise… Read More
Industry of Things World USA — February 20th-21st in San Diego, CA. Global leaders will gather to focus on monetization of the Internet of Things (IoT) in an industrial setting.
fintech:CODE — March 16th-17th in London, UK. A new international knowledge exchange platform bringing together all DevOps, IT, and IoT stakeholders who play an active role in the finance and tech scene. Key topics include software development, technical challenges for DevOps, DevOps security, cloud technologies and SaaS.
retail:CODE — March 16th-17th in London, UK. 20 real-life case studies, state-of-the-art keynotes, and interactive World Café sessions, 35+ influential speakers will share their knowledge at the intersection of the retail and technology sectors.
Delivery of Things World — April 24th and 25th in Berlin, Germany. Over 400 IT executives will discuss what DevOps really means for business. This event brings together all stakeholders to share their experience and expertise.
Security of Things World — June 12th and 13th in Berlin, Germany. A world class event focused on the next information security revolution. Security concerns that preoccupy enterprise customers today and pragmatic solutions to threats.
Autonomous Systems World – June 14th and 15th in Berlin, Germany. An international knowledge exchange among top experts in the field, providing a unique glimpse into the fascinating world of autonomous robots, intelligent machines, and smart technologies.