In This Issue
- Verizon Data Centers
- Commission Report
- Success Up to Trump
- Report from the CEO
- Warn of Botnet Threat
- FCC Abandons Rules
- States and Utilities
- Liable Software Flaws
- Children’s Toys Spy
- Cybersecurity Talent
- Competition Heats Up
- Cloud Risk Ownership
- 10 Mind Blowing Stats
- File Sync and Share
- Cloud & Data Center
- Cloud Holds Future
- Coming DCIA Events
Redwood City, CA based Equinix will get 24 Verizon customer-facing data sites, which include 29 data center buildings across 15 metro areas in the US and Latin America.
Data centers typically store large amounts of data on hard drives.
However, the transaction doesn’t affect Verizon’s managed hosting and cloud offerings, or the New York-based company’s data center services delivered from 27 sites in Europe, Asia-Pacific, and Canada.
The transaction is expected to close by mid-2017, the companies said.
After starting the trading day higher, shares of Equinix closed down nearly 0.8% at $329.49 Tuesday.
Verizon shares closed 1.2% higher at $50.36.
Verizon has shifted its corporate focus to mobile video and advertising as it moves toward completing its $4.83 billion deal for Yahoo… Read More
The Presidential Commission on Enhancing National Cybersecurity submitted its final report to President Obama Friday afternoon.
The commission’s report covers six emerging threats and offers potential solutions.
It is intended as a transition document to help the next administration.
The commission itself was created by executive order in February and has since convened six public meetings on cybersecurity.
It is composed of twelve experts from varying backgrounds, including former National Security Agency and Cyber Command head General Keith Alexander.
It also includes current and past executives from MasterCard, IBM, and the information security firm Crowdstrike, as well as professors from Georgia Tech and Stanford
The Obama White House has had to reckon with cybersecurity like no other presidential administration in history, from China’s 2009 hack of Google, to the Office of Personnel Management breach, to the rise of botnets built from dangerously insecure “internet-of-things” devices.
Now, in the waning days of Obama’s presidency, his team has a new plan to shore up America’s protections from digital threats.
Whether any of it happens, though, is up to Donald Trump.
Late Friday afternoon last week, the White House’s Commission on Enhancing National Cybersecurity released the results of a nine-month study of America’s cybersecurity problems.
Its recommendations, in a hundred-page report, cover a lot of ground.
It proposes fixing the shambolic security of internet-of-things consumer devices like routers and webcams, re-organizing responsibility for the cybersecurity of federal agencies, and fostering a new generation of skilled American cybersecurity experts… Read More
It’s no secret that the expanding universe of connected devices comprising the internet of things (IoT) increasingly represents a primary target for malicious cyberattacks.
The National Institute of Standards and Technology (NIST) has now released guidelines on how organizations can utilize cybersecurity measures to protect IoT devices, and why an engineering approach for building security into IoT technology is recommended.
The report notes that system security across every aspect of networked product activities needs to be addressed in order to achieve an acceptable level of trustworthiness.
Trustworthy systems must meet specific security requirements in addition to meeting other critical requirements, and the integration of systems security engineering within the overall process covering systems engineering is the best approach for achieving this result.
The report states that systems security engineering not only reduces system defects, but also “helps to ensure that the appropriate security principles, concepts, methods, and practices are applied during the system life cycle to achieve stakeholder objectives for the protection of assets – across all forms of adversity characterized as disruptions, hazards, and threats.”
Examples of the areas covered within a robust systems security engineering regime include protection for computers; communications; transmission; anti-tampering; electronic emissions; physical integrity, information, software, and hardware assurance; and technology specialties such as biometrics and cryptography.
System life cycle processes provide for flexibility and adaptation in the face of event-driven issues, variances, and changes that are encountered during the engineering effort.
If you are involved in any aspect of the IoT, The DCIA encourages you to familiarize yourself with this important NIST report. Share wisely, and take care.
The next US administration should take immediate steps to prevent and, when possible, eliminate computer attacks like one that recently crippled some of the key systems that run the internet, a presidential commission recommended on Friday.
The report by the Commission on Enhancing National Cybersecurity, which included wide-ranging suggestions on a host of security problems, drew particular attention to the threat posed by the “Internet of Things.”
That is the name for an array of internet-connected devices-including household appliances, toys, and the computers that regulate electrical grids – which hackers can commandeer into online armies known as botnets.
An attack in October by a still unknown group used a massive botnet composed of baby monitors, webcams, and other common devices to overwhelm internet infrastructure, leading to widespread outages and congestion.
The commissioners – a bipartisan group of 12 computer security experts, technology company executives, and former US national security officials – recommended that the Commerce Department lead an effort with businesses to reduce the threat from botnets.
Among their recommendations was ensuring that the devices cannot be hooked up to the internet without resetting their default passwords… Read More
Following the shock election result, the Federal Communications Commission (FCC) has put on hold proposed new rules to ensure the security of connected devices in the Internet of Things (IoT), according to an agency letter and work plan released Monday.
The plan, which lays out the FCC’s “risk reduction program” for IoT, says the agency should “Issue a notice of proposed rulemaking (NPRM) to examine regulatory measures the FCC could take to help address cyber risks that cannot be addressed through market-based measures.”
The workplan was attached to a letter sent to Senator Mark Warner (D-VA), by FCC Chairman Tom Wheeler.
It’s the first time the agency has publicly disclosed that it was working on regulations for IoT device cybersecurity.
Previously, agency officials have stressed that, as Wheeler’s letter states, FCC’s net neutrality rules “enable Internet Service Providers (ISPs) to take measures to protect their networks, and those with which they interconnect, from harmful devices” – for instance by disconnecting them en masse.
The plan states that the FCC could use “existing legal authorities” for the NPRM, such as its power to certify wireless devices… Read More
Michigan utility commissioners have issued an order to try and ensure that utilities there are doing their utmost to prevent hacks.
Like a lot of regulators, they fear that a cyber invasion could shut down the grid there and cost their state millions of dollars in lost commerce.
The move is a harbinger of things to come.
Cyber invasions can take many forms. But the end result is that anyone with bad intentions – whether they be a nerdy kid or a foreign government – can wreak havoc on utilities.
Because electricity is the lifeblood of an economy, such nefarious actions could devastate businesses, both big and small.
The renewed emphasis on cyber security is coming at a time when all all utilities and especially US nuclear energy companies are informing regulators how they are safeguarding their “critical digital assets.”
With more cars and medical devices connecting to the internet, what happens if automakers and health care companies don’t start prioritizing digital security?
Many cybersecurity experts worry that faulty code in the so-called Internet of Things (IoT) won’t just cause systems to malfunction and freeze. Instead, they say, flaws inside connected cars or pacemakers could lead to serious injury or death.
As a result, leading digital security experts are calling on US policymakers to hold manufacturers liable for software vulnerabilities in their products in an effort to prevent the bugs commonly found in smartphones and desktops from pervading the emerging IoT space.
But can that strategy work? Or will more government regulation stifle innovation?
Those were the big questions at an event Wednesday at the Atlantic Council in Washington. Passcode was a media partner of the event. Here are a few things we learned.
1. Everything is a computer. Act like it… Read More
Is your child’s favorite toy a spy in disguise? Complaints filed by consumer watchdogs in the United States and Europe claim that so-called smart toys are in violation of privacy and data protection laws.
Toys including My Friend Cayla, i-QUE Intelligent Robot and Hello Barbie are the target of the watchdogs, who claim the internet-connected devices targeted to kids are recording and collecting audio without limitations.
The issues being raised come from the European Consumer Organization BEUC and U.S. groups including the Electronic Privacy Information Center (EPIC), which have filed their complaints to authorities in France and across Europe as well as with the U.S. Federal Trade Commission.
“The toys subject young children to ongoing surveillance and are deployed in homes across the United States without any meaningful data protection standards,” the complaint from EPIC and other U.S. watchdogs said. “They pose an imminent and immediate threat to the safety and security of children in the United States.”
In its own letter, BEUC cited research conducted by the Norwegian Consumer Council that found the toys lacked basic security measures and used user agreement terms that are in violation several privacy directives put in place by the European Union. Read More
What do the FBI, Trump’s hotel chain, Sony, and JP Morgan Chase all have in common?
They are all companies that were hacked in 2014 and 2015, each one a reminder to the rest of us that no one is immune to the threat of criminal hackers. Just this October, a cyberattack disrupted PayPal, Twitter, Spotify, and multiple other websites.
Cyberattacks damage not only a company’s reputation, but also its bottom line.
One study suggested the average cost of a data breach in 2015 was $3.8 million. As the costs of data breaches climb, so too does the demand for cyber security experts.
Unfortunately, too many companies are coming up short in their search for skilled professionals to help protect them from cyberattack.
A study conducted by Intel Security with the Center for Strategic and International Studies (CSIS) found more than 80% of IT organizations in eight countries face a shortage of workers who specialized in cybersecurity… Read More
Competition is intensifying among foreign and local technology firms in South Korea’s market for cloud computing as the market is expected to grow at double digit annual rates in coming years.
Cloud computing is an Internet-based computing service that rents data storage and computing power to individual users or corporate customers.
It allows users to save and process their data using a remote server, instead of using their local server or personal computers.
According to a recent study by the National IT Industry Promotion Agency (NIPA), the Korean market for cloud computing jumped 46.3 percent on year to $657.1 million last year.
Last year, only 6.4 percent of Korean firms used cloud computing services, according to the report. This year, about 10 percent of local firms are expected to use the service and as many as 30 percent of local firms are forecast to use the service in two or three years.
Cloud computer services have become one of the core infrastructures for Internet of Things (IoT) technology… Read More
Companies want to use cloud-based services and applications; thus, security teams need to assess the risk and come up with controls that work in cloud environments.
Sounds simple, right?
Securing cloud assets presents numerous challenges, however — from controls that don’t translate well to lack of transparency from cloud providers.
And one of the most pressing concerns sits squarely with the CISO: pushing for more ownership of cloud risks within the business.
CISOs juggle a lot of security responsibilities, including overseeing technical project teams and communicating cloud risks and possible resolutions to other executives and board members.
Unfortunately, it’s a common misperception that the information security organization “owns” the risks of IT projects, whether on premises or in the cloud… Read More
In a previous article, I explained some of that jargon and highlighted three key cloud stocks — Amazon, Microsoft, Salesforce.
Today, I’ll review 10 key industry stats that should give investors a better grasp on the growth of the cloud computing market.
1. The worldwide cloud computing market grew 21% to $110 billion in 2015 according to Synergy Research Group.
That total includes cloud infrastructure services, software services, and hardware.
2. 17% of enterprises run over 1,000 VMs (virtual machines) in the public cloud, compared to 13% in 2015, according to RightScale’s State of the Cloud survey.
That’s great news for public cloud leaders like Amazon and Microsoft.
3. Worldwide spending on public cloud services could double from almost $70 billion in 2015 to over $141 billion in 2019, according to research firm IDC… Read More
The cloud-based file sync and share market is a fast-growing opportunity for solution providers helping businesses find a way to add enterprise control to employees’ communications which, if not carefully managed, could result in compromised data.
It is also a fragmented market, one characterized by a wide range of vendors — from a handful serving corporate users with tools providing file access and collaboration tools tailored to a business’ policies to a multitude serving either end-user consumers or business users who cannot wait for their IT teams to put corporate policies in place.
Enterprise file synchronization and sharing is an on-premise or cloud-based offering that allows users to synchronize files or share them with others via PCs and mobile devices, either within or outside a business, depending on how it is deployed.
It is a key part of business’ mobility plans as it allows mobile users to ensure they have access to updated business documents and are able to share them based on corporate policies.
It is the kind of market where a solution provider has an opportunity to make a huge difference for customers of all sizes, especially smaller companies struggling to take advantage of the cloud, said Larry Velez, founder and chief technology officer at Sinu, a New York-based managed services provider… Read More
Investments in cloud computing will continue aggressively in 2017, but many organizations will opt for multi-cloud environments in their data centers.
That is the prediction of Avinash Lakshman, Chief Executive Officer at Hedvig and creator of Apache Cassandra.
Avinash spoke with Information Management about what the New Year will hold for data and IT professionals. He sees five key trends for the cloud and storage markets.
“With many companies making investments in public and private cloud services, 2017 will see more businesses committing to multiple cloud providers at the same time,” Lakshman predicts.
“For example: there will be fewer and fewer Amazon Web Services-only businesses; rather dual-source public cloud services will be used instead to avoid vendor lock-in.
The challenge will come in making data services easy and productive across multiple clouds.
Without this function, enterprise deployments will be as inefficient as they were when they were using tape… Read More
With digital transformation, organizations across the industries have been steadily shifting towards cloud-first strategies.
Most of the technology innovation has become cloud-centric today.
This shift has brought in operational agility for the businesses with growing or fluctuating demands.
The ease of setup and management of IT hardware seems to be simplified with the pay as you go model offered by cloud.
In addition, collaborating with teams, editing and sharing documents, and remote accessing has become much easier.
Cloud has driven offerings also take care of corporate data security and other aspects like providing sustainable solutions.
According to Gartner, there will be continual and rapid growth of cloud adoption, trending towards public cloud.
The public cloud service market is expected to grow 17.2 percent in this year.
In fact, cloud application services that cater one of the largest segments in the global cloud services market is expected to grow 21.7 % to reach $38.9 billion… Read More
CES 2017 — January 5th-8th in Las Vegas, NV. More than 3,800 exhibiting companies showcasing innovation across 2.4 million net square feet, representing 24 product categories.
Industry of Things World USA — February 20th-21st in San Diego, CA. Global leaders will gather to focus on monetization of the Internet of Things (IoT) in an industrial setting.
fintech:CODE — March 16th-17th in London, UK. A new international knowledge exchange platform bringing together all DevOps, IT, and IoT stakeholders who play an active role in the finance and tech scene. Key topics include software development, technical challenges for DevOps, DevOps security, cloud technologies and SaaS.
retail:CODE — March 16th-17th in London, UK. 20 real-life case studies, state-of-the-art keynotes, and interactive World Café sessions, 35+ influential speakers will share their knowledge at the intersection of the retail and technology sectors.
Delivery of Things World — April 24th and 25th in Berlin, Germany. Over 400 IT executives will discuss what DevOps really means for business. This event brings together all stakeholders to share their experience and expertise.
Security of Things World — June 12th and 13th in Berlin, Germany. A world class event focused on the next information security revolution. Security concerns that preoccupy enterprise customers today and pragmatic solutions to threats.