More Perspective

A few main themes emerged from this year’s RSA Conference. Let’s discuss.

The concepts behind AI and Deep Learning are not new, but until recently the application of Artificial Neural Networks has been limited and impractical. What has changed over the past couple of years is we now have the data, use cases, Deep Learning software tools, and powerful, specialized hardware that allow for us to create AI applications never before possible.

Freshly installed operating systems and network-connected devices, by default, are usually configured for ease of deployment and ease of use. This means that the security controls are set to the least restrictive settings to ensure users experience little to no issues deploying their products. While this is great from the deployment perspective, it is not so great from the security perspective. Default admin accounts, unused protocols, and unnecessary pre-installed software can all be exploited in their default configuration.

Keeping your account information secure is the vital first step to good security hygiene. Below are some easy steps that can help keep your accounts safe. Much of the advice applies to both employees in an organization as well as to individuals’ personal online security.

Network endpoint growth is explosive due to the surge in mobility and Internet of Things (IoT) devices. In today’s always-on world, work/life lines have blurred thanks to smartphones, laptops, and other devices that can be used for work. Along the same lines, companies need to be able to host these devices — especially companies that have a bring-your-own-device (BYOD) policy — on their own networks and, in some situations, provide remote access, while keeping networks and data safe in the process.

Just because businesses are driven by mobile technology and the cloud doesn’t mean that every company can afford an extensive networking staff to support it. To meet escalating connectivity demands with limited resources, our team at ePlus recommends simplified, mobile-first network design that integrates advanced security and control from the start.

Today’s companies need the ability to accelerate application development in order to keep up with the competition. But that’s difficult to do with aging infrastructures filled with slow applications that bring workloads to a crawl. To have any chance at innovation, more and more companies are moving to a hybrid infrastructure.

Two-thirds of enterprises report that improving IT efficiency is a top business priority.[1] In addition, 68 percent of IT managers in the same Forrester Research study state that cutting costs is critical. So how does an organization improve IT efficiency and reduce spending?

Despite the frequent headlines and all the hype that goes with them, blockchain is a difficult concept for many people to understand. Is it a technology or is it a new currency? Is it reality or is it just hype? As with many new things in the technology world, it’s easy to get confused initially, depending on how much information and education is available in the beginning. Two things that I can tell you is that blockchain is becoming disruptive and a lot of industries (Financial, Insurance, Healthcare, Music Industry, Airline Industry and even governments) are adopting or testing it.

In my last blog post, I discussed the history of the CIS 20 Critical Security Controls and the relevance they hold for organizations today. In my second post on this topic, let’s dive a bit deeper in CSC 2 security control, which is very tightly aligned with CSC 1 (Inventory of Authorized and Unauthorized Devices) control.

I think we all agree that a successful cloud strategy is important today. In fact, for most organizations, it’s imperative. Global competition and rising costs are driving businesses large and small to explore ways to integrate more cloud services into their operations. In fact, according to Gartner, the public cloud services market will reach $246 billion in 2017, an 18% increase from 2016.

In 2017, the industry saw the birth of security automation. As it continues to grow from infancy into something more robust, now is a good time to reflect on what it is and what operational impacts it is having on our systems.

As most of you are aware by now, researchers have discovered a set of critical vulnerabilities in all Intel CPU hardware, currently impacting the vast majority of devices in the wild. These devices include desktops, servers, mobiles devices and appliances, regardless of Operating System and whether they are located in the cloud or on premises.

The modern world of information security can often be a confusing one. Security practitioners are continually inundated with a barrage of data coming from reports, alerts, security tools, threat feeds, and more. At the same time, they are trying to align this data with the multiple security requirements, regulatory mandates, best practices, and frameworks that define their environment. Unchecked, the sheer volume of information can easily paralyze an organization from taking action when necessary. The ‘Fog of More’ can essentially become the larger threat to the environment.

As we get closer and closer to ringing in the New Year, threat actors remain very busy attempting to intrigue us with phishing campaigns that promise great deals on products and services. In an effort to keep these final weeks of 2017 as joyful as possible, below are a few tips to stay ahead of the Grinch as he looks on with a malicious grin over your data.

“Big data.” “Data analytics.” “Big data analytics.” All of us are familiar with these terms, aren’t we? In fact, these words have been part of our vocabulary for long enough that they sometimes get used interchangeably. But that can lead us to make some false assumptions.

For nearly ten years, I’ve looked forward to the release of Verizon’s annual Data Breach Investigation Report (DBIR). With its analysis on the thousands of breaches and incidents from across the globe, occurring over its last full revolution around the sun, which cybersecurity pro among us does not look forward to such a treasure trove of insights and predictions to guide our focus for the coming year?

In looking at definitions of DevOps, I found a general consensus that DevOps is primarily about enabling “cultural shifts” and increasing “collaboration” among technology development and operations/infrastructure teams. A much smaller emphasis is placed on the automation processes around delivering software and infrastructure changes. While I know I’m going to ruffle some feathers with this view, I am going to say it: we need to stop confusing the process efficiencies needed to reach DevOps excellence with the need for broader (and important!) organizational change.

There is a veritable cloud gold rush occurring today. CIOs are declaring “cloud-first strategies” while companies are pasting “cloud” onto any and every product they have. Their hope is to hit pay dirt amid uncharted and widespread IT transformation. As with most euphoric and rapid endeavors, reality is setting in for those who have made the journey to the cloud. Big payouts require work. For the cloud, a lot of that work happens at the application level.

Organizations are inundated with the latest security solutions and “expert” opinions on what they should be doing. In many cases, it might make more sense to take a step back and decide on a framework to map your current security posture against and get back to basics in developing solid cyber hygiene. One of these frameworks would be the Critical Security Controls (CSC) published and maintained by the Center for Internet Security (CIS).