A day in the trenches with IT operations: How to create a more seamless practice
Traditionally, IT operators are responsible for ‘keeping the lights on’ in an IT organisation. This sounds simple, but the reality is harsh, with much complexity behind the scenes. Furthermore, digital transformation trends are quickly changing the IT operations responsibility from ‘keeping the lights on’ to ‘keeping the business competitive’.
Google Cloud bolsters security offerings at RSA – as Thales report warns of more breaches
Google Cloud has beefed up its security offerings to include greater threat detection, response integration, and online fraud prevention.
The news, announced at the RSA Conference in San Francisco, focused predominantly on enterprise security product Chronicle, which was ‘acquired’ by Google Cloud last year having been a bet of the...
Human error and misconfigurations primary source of Kubernetes security snafus, report says
StackRox, a provider of cloud-native, container and Kubernetes security, warned in its previous report that the security implications for Kubernetes were beginning to spill over to adoption – and the release of its updated winter study have proved the company right.
The paper, the winter edition of its State of Container and Kubernetes Security Report, was put together alongside 451 Research and polled more than 500 industry...
Think of data as the new uranium rather than the new oil – and treat it like it’s toxic
In May 2017, The Economist famously ran with a front-page headline proclaiming that “The world’s most valuable resource is no longer oil, but data.” It focused on big tech’s collection and use of data and argued that the data economy demands a new approach to antitrust rules.
I agree with the idea that data is now about the world’s most valuable resource, but would suggest that...
Eradicate human error and make your cloud implementation a picnic
Sunshine, sandwiches, scenic views, and not a care in the world besides the occasional wasp. Everyone loves a picnic.
Unfortunately, the same cannot be said for PICNIC, an enduring acronym in IT circles standing for Problem In Chair, Not In Computer. The term, dating back to the 1980s, was first employed by frustrated IT professionals weary of dealing with computer problems arising from user error rather than any actual issues with the...
Capital One confirms data breach, cites cloudy approach as key to swift resolution
Capital One has confirmed a ‘data security incident’ which affected more than 100 million customers in the US and Canada – and while Amazon Web Services (AWS) has been identified as the receptacle in which the data was stolen, both customer and vendor appear not to be to blame.
Paige A. Thompson, otherwise known as ‘erratic’, was arrested on Monday and appeared in court in Seattle on a charge of computer fraud...
Google confirms network congestion as contributor to four-hour cloud outage
Google has confirmed a ‘network congestion’ issue which affected various services for more than four hours on Sunday has since been resolved.
A status update at 1225 PT noted the company was investigating an issue with Google Compute Engine, later diagnosed as high levels of network congestion across eastern USA sites. A further update arrived at 1458 to confirm engineering teams were working on the issue before the...
Doubling down on disaster recovery-as-a-service – for business continuity and beyond
The prospect of an IT outage is one of the key issues that keeps IT professionals awake at night. In the past two years, 93% of organisations have experienced tech-related business disruption and, as a result, one out of five experienced major reputational damage and permanent loss of customers. From natural...
Cloud providers are under attack - and sabotaged services will freeze operations
Over the next two years, cloud service providers will be systematically sabotaged by attackers aiming to disrupt critical national infrastructure (CNI) or cripple supply chains. Organisations dependent on cloud services will find their operations and supply chains undermined when key cloud services go down for extended periods of time.
Nation states that engage in a digital cold war will aim to disrupt economies and take down CNI by sabotaging cloud infrastructure through traditional physical attacks or by...
Companies' cloud security getting better - but slowly, argues SANS Institute
Cloud security best practices are improving - but there is still a long way to go, according to a new report from SANS Institute.
The study, which polled several hundred respondents across the IT spectrum, came about, as author Dave Shackleford put it, as the result of concerning news stories around the security space. IDC found back in April that worldwide IT security spending would hit $103.1 billion by the end of...
Why IT security solutions spending will reach $133.8 billion
Cybersecurity investment continues to be a top priority for most IT organizations. Worldwide spending on security-related hardware, software, and services is forecast to reach $103.1 billion in 2019 -- that's an increase of 9.4 percent over 2018. The pace of growth will continue as industries invest heavily in IT security solutions to meet a wide range of cyber threats.
According to the latest market study by International Data Corporation (IDC), worldwide spending on IT security solutions will achieve a...
The five key things every executive needs to know about identity and access management
- For new digital business models to succeed, customers’ privacy preferences need to be secure, and that begins by treating every identity as a new security perimeter.
- Organisations need to recognise that perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity and credential-based threats. Until they start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches.
- 74% of data breaches start with privileged credential...
Five ways to demystify Zero Trust security – and the vendors who are pushing it
Bottom line: Instead of only relying on security vendors’ claims about Zero Trust, benchmark them on a series of five critical success factors instead, with customer results being key.
Analytics, Zero Trust dominated RSA
Analytics dashboards dominated RSA from a visual standpoint, while Zero Trust Security reigned from an enterprise strategy one. Over 60 vendors claimed to have Zero Trust Security solutions at RSA, with each one defining the concept in a slightly different way.
RSA has evolved into one of the highest energy enterprise-focused...
Practical cloud considerations: Security and the decryption conundrum
Compute in the cloud may be cheap but it isn't free. Most of today’s apps are delivered via secure HTTP. That means TLS or the increasingly frowned upon SSL. It means cryptography, which traditionally has been translated to mean performance problems.
Thanks to advances in technology, CPUs are now incredibly fast and many client (and...
Check Point exposes yet more shared responsibility misunderstandings for cloud security
Almost one in five organisations polled by cybersecurity solutions provider Check Point Software say they have been victim to a cloud security incident over the past year, while more than a quarter still believe security is the responsibility of the cloud provider.
These and other worrying findings have appeared in Check Point’s latest study. The 2019 Security Report, of which this is the third instalment and combined...
Exploring a data-centric approach to data privacy as cloud workloads proliferate
If your organisation, like many others, is putting more and more data into the cloud, you will already know that it’s probably making your security team have kittens. Greater amounts of data being transported in real-time – not to mention the vastly increased number of mobile devices and attack vectors – means the chances for catastrophe have proliferated.
A new study from data protection provider Virtru has...
AWS launches new security offering which mitigates S3 misconfigurations – if customers get it right
Amazon Web Services (AWS) has announced extra steps to ensure customers’ S3 buckets don’t become misconfigured – but don’t assume responsibility has been taken away from the customer.
The new service, Amazon S3 Block Public Access, can work at the account level, on individual buckets, as well as future buckets created. Users can also block existing public access, or ensure public access is not available for...
As more companies put sensitive data in the public cloud – so the security threats increase
More organisations are putting their sensitive data in the public cloud – so it comes as no surprise that cloud threats, and mistakes in SaaS, IaaS and PaaS implementation are at an all-time high.
That is the key finding from a new report by McAfee, which argues the old bugaboo of shared responsibility continues to kick in and give organisations a kick in the teeth when it comes to cloud security.
Protecting your company’s crown jewels: Building cloud-based backup and DR into ransomware defence
It’s a sad fact of life that whenever someone owns anything of value, there’s someone else out there who wants to get their hands on it illegally. Today’s corporate crown jewels are the critical data on which organisations depend and the highwaymen are cybercriminals, who have built a lucrative industry from ransomware attacks that disrupt businesses, steal data and aim to extract payment from their victims.
Tackling this scourge is a critical challenge for IT managers on several levels, but...