Ten things we learned about cybersecurity from the GRC Summit London 2018

This year’s Governance, Risk, and Compliance Summit focused largely on cybersecurity; could it be the next crisis?

Cybersecurity Summit

Cybersecurity Summit

Cybersecurity Summit- On 12 and 13 November, this year’s Governance, Risk, and Compliance (GRC) Summit came to London and a key takeaway was the importance of talking about cybersecurity.

The National Cyber Crime Unit’s Paul Edmonds gave a detailed talk around the subject and here are ten key points we think you should know about in the cyber space.

1. Cybersecurity is a tier one threat

While it may not seem like one of the largest and most dangerous threats of current times, cyber-attacks are a serious risk to the UK and everyone living in it.

So much so that they have been ranked as a tier one threat, which puts them on a par with war, terrorism, and natural disasters.

The takeaway? Every single business must prioritise protecting themselves from cyber-attacks.

2. Good security is not enough

Edmonds said: “Good security is no longer enough”.

In the interconnected world that we live in today, we are all vulnerable to cyber-attacks. These vulnerabilities will be exploited as attackers get more and more intelligent.

Prevention strategies like firewalls and antivirus software are not sufficient on their own. Your business also needs detection tools – automated detection technology – such as continuous monitoring and automated alerting to put it in the best position against possible cyber-attacks.

3. There are 2 key types of threat

The two threat types every business should be aware of are breaches and malware.

Data breaches, and their cousin, data exposure, have both been quite prominent in 2018. Data exposures are when data is stored and protected badly so it is exposed on the internet and available to anyone who comes across it. A recent example of one is when firm Exactis exposed about 340 million records on a publicly accessible server.

Malware is when what’s known as malicious software operates on the victim’s computer and often the user doesn’t know anything about it until it’s too late. For example, there was the WannaCry ransomware attack of May 2017 which attacked Windows computers by encrypting data and then demanding ransom payments via cryptocurrency. It was estimated to impact more than 200,000 computers in 150 countries around the world.

4. Attack vectors are changing

People used to be the only target of a cyber attack, but attack vectors are changing and changing quickly.

Now attackers are moving to focus on the supply chain which is likely a reaction to businesses tightening security on their own systems.

Portable devices are also a target as they can easily be stolen or infected via easy-to-implement remote attacks.

5. There are four types of cyber criminal

Cyber criminal profiles are always changing, but the key groups businesses must be aware of today are:

  • Serious organised criminals – these groups have a clear financial motivation and are highly professionalised and specialist in the way they perform attacks.
  • Young offenders – these are predominantly teenagers and male (though there are exceptions). They often commit the crimes by being part of hacking forums and can be vulnerable individuals who are being influenced by others online.
  • The cyber ‘as a service’ user – this can literally be anyone who decides to perform an attack.
  • Near state actors – these are in hard-to-reach jurisdictions, for example the North Korean programmer who was part of the famous hacking group behind the Sony Pictures and Wannacry hacks. They will often go to extreme lengths to avoid being caught.

Read More Here

Article Credit: AA

Go to Source

Japan’s New Cybersecurity Minister Has Never Used a Computer

Japan Cybersecurity

Japan Cybersecurity

Japan Cybersecurity- Worried that you’re under-qualified for a promotion? Channel the can-do attitude of recently appointed Japanese minister Yoshitaka Sakurada, who said Wednesday that he wasn’t going to let the minor detail that he’d never once used a computer stand in the way of his new job—heading cybersecurity for Japan.

That’s right. The man who Japanese prime minister Shinzo Abe tapped last month to defend the nation against hackers told reporters that he has never used a computer in his life, explaining, “I’ve been independent since I was 25 and have always directed my staff and secretaries to do that kind of thing,” according to a Reuters translation.

Although Sakurada assured press that he had no need for devices to effectively fulfill his tech-heavy role, the New York Times reports that his confusion over basic questions — he didn’t know if nuclear power plants allow USB drives, and may not know what a USB drive is generally — left other lawmakers concerned.

“I can’t believe that a person who never used a computer is in charge of cybersecurity measures,” opposition lawmaker Masato Imai told the Times.

Granted, Sakurada, who also oversees overall operations for the Tokyo Olympics in 2020 and the Paralympics, isn’t the only leader who is wary of computers and outsources technological tasks. During his 2017 New Year’s Eve party, Trump warned reporters, “No computer is safe. I don’t care what they say.”

Go to Source

The Cybersecurity 202: Trump set to make a new DHS agency the top federal cyber cop

Cybersecurity 202

Cybersecurity 202

Cybersecurity 202- The Department of Homeland Security plans to apply the lessons it learned from the 2018 midterm elections on cybersecurity to other critical infrastructure, and will be helped by the imminent elevation of its responsibility for civilian cybersecurity throughout the government.

“That serves as a model for how we’re going to partner to protect the grid, to protect the banks,” DHS cybersecurity chief Chris Krebs told private industry leaders on Thursday. “We’ve made a significant amount of progress, and going forward we have to look to how we can replicate those sorts of engagements.”

Krebs’s comments come as he is expected to take over as director of the Cybersecurity and Infrastructure Security Agency [CISA]. Congress passed a bill earlier this week that will create the new unit within DHS — which will cement the agency’s leadership on civilian cybersecurity and rank on the same level within the department as the Federal Emergency Management Agency or Secret Service. President Trump is expected to sign the bill into law as early as Friday.

The new agency will elevate the cybersecurity mission within DHS, Krebs said, and it will be responsible for coordinating with other government entities and the private sector on cybersecurity and critical infrastructure programs. The legislation is intended to make it easier for the private sector to work with government on cybersecurity threats. DHS’s cybersecurity work is currently housed under the National Protection and Programs Directorate. Krebs told the Cybersecurity 202 earlier this year that the unit needed to be rebranded to reflect what it actually does.

“It was one of my top priorities since I came to DHS,” Krebs told me in an interview yesterday.

Krebs’s remarks came at a meeting with members of the Charter of Trust, an initiative including global companies such as Siemens and IBM. DHS also hosted the first supply-chain security task force uniting government entities with technology and communications companies.

CISA is the result of a long-fought battle to consolidate DHS’s authority on cybersecurity matters. An effort to create such an agency has been underway since the Obama administration, but it was hampered by lawmakers who felt the 14-year-old agency was not as equipped to deal with cyber threats as the National Security Agency or FBI. Earlier this week, the bill moved through the House with unanimous support — signaling lawmakers’ view on DHS’s role in handling civilian cybersecurity is evolving.

Edna Conway, Cisco’s chief security officer for its global value chain, said thinks CISA will help companies and federal agencies with collaborate better on cybersecurity.

Read More Here

Article Credit: WP

Go to Source

Cybersecurity: Eight Ways You Can Boost Employee Buy-In

Cybersecurity Employee

Cybersecurity Employee

Cybersecurity Employee- Cybersecurity threats are an ongoing problem, and one that’s growing: It’s hard to go a month without some organization reporting a breach or other problems. There were, for instance, more reported instances of data breaches in the U.S. during the first half of 2018 than in all of 2013, according to a report on Statista.

Yet, no matter how extensive cybersecurity measures are, the human element is a regular issue: Specifically, how well employees comply with the new procedures, sometimes handed down from people far removed from the employees’ department, who don’t necessarily understand all the ins and outs of how those employees do their daily work. A well-thought-out plan can go sideways, for instance, if team members ignore some of the steps involved to save time or avoid hassles — something quite possible, if they don’t understand why a task exists in the first place.

So how do you ensure individual buy-in, in order to keep your organization protected against data breaches or other security issues? Below, eight members of Forbes Technology Council share their preferred methods for boosting cybersecurity buy-in, as well as discuss why the approaches work. Here’s what they said:

1. Make Understanding A Priority

Security and compliance actually have two separate goals. A compliance program should focus on the minimally invasive way to meet all public policy and industry rules to prevent fines or other sanctions. Security is about providing the correct level of protection to make an asset an unattractive target for a criminal. When employees understand the objective and outcome, you create buy-in. – Bret Piatt, Jungle Disk

2. Lay Out All Of The Facts

It has become abundantly clear in the last 12 months in the world of cutting-edge technology companies, that customer data must be protected and respected to a massive degree. Such behavior does not merely grant your firm a competitive advantage. Rather, it is singularly pivotal to your firm’s very survival in the digital age. Make this fact clear to your teams on day one, and every day after. – Zia Yusuf, Velocity

3. Clearly Define Policies

Often employees are left guessing “what’s our policy?” The ISO Compliance regime allows companies to clearly define those policies or rules, and then audit. Employees aren’t left guessing, for example, whether they can connect their personal Bluetooth fitness tracker. Employees need to feel good about their role in security, model good behaviors, and to be the sentinels when things don’t look right. – Phil Quade, Fortinet

Read More Here

Article Credit: Forbes

Go to Source

UK Cloud Infrastructure Spend Outstrips Legacy IT Spend for the First Time

UK Cloud

UK Cloud

UK Cloud- “There’s a willingness to adopt these technologies [but] businesses are challenged by supply-side issues in the channel”

Cloud infrastructure spending has surpassed spending on on-premises legacy IT infrastructure amongst UK-based organisations for the first time.

That’s according to a new report by the Cloud Industry Forum this week, based on a survey conducted by Vanson Bourne.

It found that UK organisations devote 19 percent of their IT budgets to cloud infrastructure, just ahead of the 18 percent spent on on-premise, and that by 2022, just 12 percent of IT budgets will be spent on legacy technology, as cloud usage increases.

cloud spendingGap Set to Widen

“This gap is set to widen significantly over the next three years as organisations decommission their legacy IT and ramp up their investments in next generation technologies,” the CIF said.

The news comes as one UK police force is next week set to unveil the UK’s first cloud-based police control room (watch this space for more), and five years after the government introduced a “cloud first” policy for all public institutions.

“When procuring new or existing services, public sector organisations should consider and fully evaluate potential cloud solutions first before considering any other option. This approach is mandatory for central government and strongly recommended to the wider public sector”, the policy says.

Multi-Cloud Also on Rise

The results further revealed that UK organisations are adopting multi-cloud strategies, with 75 percent of cloud users deploying two or more cloud-based services, and that 84 percent will increase their use of cloud in 2019 in pursuit of digital transformation.

Alex Hilton, CEO of CIF, said in a release: “UK businesses clearly recognise the need for transformation and are gradually leaving legacy technologies behind in favour of next generation technologies as they pursue competitive advantage. Cloud is critical to this shift, thanks not only to the flexibility of the delivery model, but also the ease with which servers can be provisioned, which reduces financial and business risk. Furthermore, cloud’s ability to explore the value of vast unstructured data sets is next to none, which in turn is essential for IoT and AI.”

He added: “However, it’s clear that the majority of UK organisations are right at the start of this journey and many are being prevented from exploiting IoT, blockchain and AI due to skills shortages, a lack of vision, and, indeed, a lack of support from vendors. The research further supports this idea as 15 percent of respondents reported they would struggle to find the right partner to assist in the implementation process, suggesting that while there’s a willingness to adopt these technologies, businesses are challenged by supply-side issues in the channel.”

Read More Here

Article Credit: CBR

Go to Source

Will Autonomous Database Entice Big Business To The Cloud?

Cloud Business

Cloud Business

Cloud Business- In Andy Mendelsohn’s line of work, people tell him their data problems and their hope and fears for moving to the cloud.

Mendelsohn, Oracle’s executive vice president for database server technologies, hears from CIOs under the gun on data security, IT managers pushed to cut costs and deliver services faster, and DBAs overworked on those IT teams. But when the remedy of cloud computing comes up, those same people would hesitate. The benefits, it seemed, didn’t yet outweigh the risk of moving essential IT operations to the cloud at a lot of big companies.

Lately, however, Mendelsohn has seen a shift. “Once we started offering autonomous database technology,” in March of this year, he says, people are looking up from their daily grind and asking lots of questions.

“All the customers I talk to tell me they aim to be data-driven, and that data is the key asset for their company,” Mendelsohn says. “So as they modernize their infrastructure and move workloads to a cloud environment, I remind them to look past vanilla compute and storage,” and begin to think more ambitiously about what the cloud can do for them. Mendelsohn shared his insights from the Oracle OpenWorld main stage.

Oracle’s autonomous database starts with the core Oracle Database technology that hundreds of thousands of companies use to manage their data. The autonomous capability makes it self-driving, self-securing, self-repairing, and designed to eliminate error-prone manual data management. It makes it easy to deploy new databases or move existing transaction-processing databases and data warehouses to a powerful and scalable cloud, so customers can start getting more value from their data.

“We’ve hit on something that’s resonating” with all levels of the business, Mendelsohn says.

For example, “CIOs love how it can lower their cost and risk,” he says. “The self-driving database service takes over management of all the infrastructure, which can lower all their costs.”

“And they like that its self-securing,” because it constantly scans for threats and anomalies and applies patches with no downtime. “The CIO really doesn’t want to have to answer to the board of directors about why their organization did not have the latest patches applied, and that’s how the hackers got in and stole the data,” he says.

And finally, a self-repairing autonomous database keeps critical systems up and running all the time. “We’re going commit to that, and give the CIO real SLAs” (service level agreements) without all the caveats that other cloud providers insert, he says.

Developers and data analysts like that they can do their work on a powerful data management infrastructure, launching new capacity in minutes without having to ask database specialists to set anything up. And DBAs can now get more involved in capturing value out of the data, with less time spent on patching and upgrading. “This is the DBA’s opportunity to become even more valuable to their business,” Mendelsohn says.

Only Oracle

The autonomous capabilities are a major achievement, according to analyst firm IDC in a recent report. “Such functionality is hard to achieve in the database realm,” writes Carl Olofson, research vice president for Data Management Software research at IDC, “because databases are so complex, with many factors that affect operation and performance.”

Indeed, the successful delivery of autonomous database technology comes as the result of years of work, says Mendelsohn. “An autonomous database service doesn’t just appear out of nowhere” like a shiny new app, he says. “It’s not like we do some coding and voila, we’re in production. We’re building on technology that we’ve been developing for, in some cases, over 20 years.”

Read More Here

Article credit: Forbes

Go to Source

AWS vs Azure: Which Cloud Certification Is The Best Fit For You?

Cloud AWS Azure

Cloud AWS Azure

Cloud AWS Azure- The cloud computing landscape in India is one of the biggest revenue drivers as of now. Studies have shown that this increased usage is expected to add around one million jobs in cloud computing by 2022. The IDC also study highlighted how cloud computing will add 500,000 jobs in India alone and also add $4.2 billion in revenue to the country’s ecosystem by 2020. In fact, 83 percent of enterprise workloads are moving or adopting cloud now.

With the recent developments, this is the best time to jumpstart a career in cloud computing. A recent survey by Microsoft indicated enterprise architects and developers the most sought-after roles in cloud technologies. Developers and IT professionals understand the importance of cloud skills and key cloud vendors — AWS, Microsoft and Salesforce — are constantly upgrading their cloud offerings. With cloud computing driving job growth, the demand for cloud certifications has gone up significantly.

However, it is difficult to decide which certification holds more value — AWS or Azure. AWS is the dominant cloud player with a 49 percent increase in growth rate and has a 33 percent share of the market. But, despite its impressive revenue, Microsoft is quickly gaining ground on its rival with 13 percent market share and is also billed to be more enterprise-focused.

Meanwhile, the cloud computing market is expected to grow to $26 billion by 2021. Given the exponential growth which is driving cloud-related jobs, AWS vs Azure certification is a hotly-contested debate among IT professionals looking to add cloud skills to their portfolio.

The Roadmap

Before you dive into a vendor-specific certification, brush up on the basics of storage, compute and the basics of network, routing and VPN. It is important to have a good understanding of basic cloud computing architecture before deep diving into a vendor-specific technology.

AWS Certification

AWS Certified Solutions Architect is one of the most sought-after cloud certifications and employers are on a look-out for cloud professionals who can design and deploy applications on AWS infrastructure. To take the certification, one should have a minimum of two-year experience in designing applications with AWS technologies. The certification tests the candidate’s ability to make architectural recommendations for deployment and provisioning applications on AWS.

This certification can open a career pathway as an AWS Solutions Architect Associate. After clearing the AWS Solutions Architect exam, candidates go for Developer Associate exam.

The foremost reason to open for AWS is that it is the undisputed cloud leader with the largest enterprise base. There are also plenty of free resources to get one started, for example, A Cloud Guru with practice exams and IAAS Academy.  Most IT professionals are able to knock out the Solutions Architect certification easily and have a in-depth understanding of EC2, S3 and VPC. While the most popular AWS certification is for Solutions Architect, the other popular certifications are DevOps, Developer and SysOps. According to a news report, the average salary of AWS certified professional is around $100,000 with an annual 5 percent increase.

Azure Certification

Meanwhile,  Microsoft offers three certifications for Azure. There is one aimed at architects, one for Linux and the other one for Visual Studio web developers. Experts peg that Azure cloud job postings are on a rise since enterprises across the globe are choosing Azure over other cloud vendors.

Azure has been growing at a steady rate and news reports indicate that Microsoft’s Intelligent Cloud Division, which comprises Azure posted $7.9 billion in revenue in 2018 quarterly earnings report. The growth is an indicator of Azure’s expanding market share and its enterprise footprint. The Redmond giant is giving healthy competition to AWS and Azure developer jobs are on the rise.

Read More Here

Article Credit: Analytics India

Go to Source


Eventually the cloud won’t be able to cope with the billions of devices seeking data storage, and more localised ‘edge’ tech will be adopted.



FUTURE OF CLOUD- Time travel to the UK in 2025: Harry is a teenager with a smartphone and Pauline is a senior citizen with Alzheimer’s who relies on smart glasses for independent living. Harry is frustrated his favourite online game is slow, and Pauline is anxious because her healthcare app is unresponsive.

Forbes predicts that by 2025 more than 80 billion devices, from wearables and smartphones, to factory and smart-city sensors, will be connected to the internet. Something like 180 trillion gigabytes of data will be generated that year.

Currently almost all data we generate is sent to and processed in distant clouds. The cloud is a facility that provides virtually unlimited computer power and storage space over the internet. This mechanism is already becoming impractical, but by the time billions more devices are connected, delays due to congested networks will be significant. Harry and Pauline’s frustrations will be the norm as apps communicate with distant clouds over a busy internet, becoming slower and less responsive.

Disruptive technology

After all, seconds matter. Harry will have a poor gaming experience if there is a 50 millisecond delay on his smartphone. Even a 10 millisecond lag between the movement of Pauline’s head and the appearance of processed information on the smart glasses will cause motion sickness.

To imagine another futuristic scenario, a delay of one-tenth of a second could prove disastrous for an autonomous car driving at 70 miles per hour. It is not inconceivable, therefore, that limitations in cloud provisions could lead to life-or-death scenarios. For cloud users to operate in real time, experiencing delays of no more than one millisecond – assuming networks worldwide can transmit data at the speed of light – data will need to be processed less than 93 miles from the user.

Edge computing is a disruptive new technology, still in its infancy, which offers a solution. Delays will be reduced by processing data geographically closer to the devices where it is needed, that is, at the edge of the network, instead of in a distant cloud. For example, smartphone data could be processed on a home router, and navigation guidance information on smart glasses could be obtained from a mobile base station instead of the cloud.

Will this really happen?

The value of edge computing is to make applications highly responsive by minimising delays. This compelling proposition has attracted significant investment from major companies, including Cisco, Dell and Arm, all of whom have a major global footprint. The market is headed towards embracing the edge, and researchers across universities are closely examining and developing this technology.

Read More Here

Article Credit: Independent

Go to Source




ORACLE CLOUD SERVICES- ORACLE has introduced new technologies into its cloud business applications and extended the capabilities that allow customers to build upon them.

The innovations includes intelligent process automation, an expense reporting assistant, as well as an intelligent payments, a supplier recommendations and intelligent performance management system along with, advance access control on its Software as a Service (SaaS) portofolio. The tech giant also introduced Oracle Enterprise Resource Planning (ERP) cloud and Enterprise Performance Management cloud (EPM).

Oracle Indonesia head of applications Imam Muhammed (pic, right) says that Artificial Intelligence (AI) and machine learning, natural language processing, blockchain, and IoT are embedded into the app to enhance productivity, reduce cost, and improve control.

“Compared to our legacy cloud platform, our new platform enables customers to better their maintenance and there is no longer a need to have their own data centre.”

Other innovations on its latets SaaS portfolio include Oracle Digital Assistant, New AI-powered Oracle Human Capital Management (HCM) cloud, and Oracle CX Unity (provides a comprehensive view into customer interactions across channels and applications).

Oracle embedded machine learning into its security offerings in order to help detect security threats. It also combined machine learning with decades of database optimisation to deliver a self-driving database.

Imam added that Oracle is now focusing on encouraging its existing customers to move from the legacy platform to the new, enhanced platform.

Oracle chief executive officer Mark Hurd, said, “We had a great fourth quarter with total revenues of more than US$200 million above our constant currency forecast. Our strategic Fusion ERP and HCM SaaS cloud applications suite revenues grew over 50% in the fourth quarter, and we expect continued strong growth from our Fusion SaaS suites throughout FY19.”

Changing the perspective

In Indonesia, Oracle has worked extensively with a number of local enterprises that have implemented a combination of Oracle Applications including ERP and Oracle Cloud Platform to power their businesses, namely Serba Mulia Auto, Bizzy Commerce (startup), and Kalla Group.

Imam explains that the company faces challenges in changing mindsets in terms of implementing cloud.

“Conventional businesses tend to think that they will lose ownership of data once they move onto the cloud. We need to build their trust and let them know it is even more secure and manageable if its on the cloud.”

Imam says it is easier for technology-driven companies rather than conventional businesses to move onto the cloud since they are ready with the ecosystem.

Read More Here

Article Credit: DNA

Go to Source

IBM Raises The Bar For Storage, Again

IBM storage

IBM storage

IBM storage- The big news in the technology world this past week was IBM Corporation’s purchase of Red Hat RHT +0.53% in one of the largest software company acquisitions in history. While that is a foundation-shaking move for both IBM and Red Hat, it will not impact the day-to-day lives of most working IT professionals.

IT professionals focus on delivering consistently reliable and quality service to their customers.  While the Red Hat integration will take a while to yield updated product and technologies roadmaps for the new combined company, IBM’s recent plethora of storage announcements is much more critical when thinking about your IT organization’s needs.

I love covering IBM’s storage announcements. The storage group, while sitting within an unquestionable behemoth of a technology company, moves with the pace and agility of a much smaller organization. It is an organization that has palpable energy within it.

This agility and pace has allowed the IBM storage team to deliver a cadence of impressive new technology and product announcements. What I find fascinating about this team is its steadfast alignment towards a compelling vision of how enterprise data should be managed.

IBM’s storage story focuses on how data is generated, managed, and consumed within an enterprise. It is that understanding that generates a set of technologies that can be leveraged to deliver a cohesive solution to any IT organization.

Would you have guessed that IBM now has the broadest portfolio of NVMe and NVMe-over-fabric enabled products in the industry? It surprised me. I wasn’t surprised to learn that IBM is the world leader in tape archive solutions, given that I started in this industry by changing nine-track tapes for gas money. IBM and tape are permanently cemented in my mind. At the same time, a portfolio that reaches from arguably the fastest storage arrays in production to the lowliest tape drive is quite a span.

All about software

IBM has always been about delivering cohesive software-first solutions to IT, which it closely couples with well-engineered hardware. This has been true since IBM delivered its first mainframe seventy years ago, continuing today with its broad range of offerings in compute and storage that span on-premises and cloud architectures.

As IT organizations move from tape to cloud for data protection and archival storage, and as data comes alive with the rise of AI-driven analytics and edge-driven compute, managing that data becomes a logistical challenge. Knowing where data is, what it’s used for, and what the organization’s requirements are in protecting that data is what drives long-term technology choices.

Managing the flow of an organization’s data, while delivering insights on the characteristics of that data, is what IBM’s Spectrum Storage suite is all about. There are IBM Spectrum Storage products that manage data in virtualized environments, provision storage into hybrid-cloud deployments, manage the complexities of data-protection and backup, and that provide software-defined storage solutions for file, block, and objects.

IBM’s recent announcements included a flurry of new features across the Spectrum Storage line, including a new solution for SAP HANA installations that leverages IBM storage, IBM Spectrum Protect, and IBM Spectrum Copy. It’s a big list, but two software-related announcements dominated my attention.

IBM Storage Insights

IBM Storage Insights is a cloud-based management tool that leverages IBM AI technology to detect storage networking performance issues and proactively generate support cases to help IT before issues become problems. This class of capability is rolling out from vendors across the IT industry and is fast becoming table stakes for selling storage solutions into the enterprise.

I’m glad to see IBM release this product. Given IBM’s heritage in artificial intelligence, combined with its half-century-long institutional legacy in supporting datacenter technology, it could become something special.

Read More Here

Article Credit: Forbes

Go to Source