News

Biggest Challenges & Rewards of Enterprise SaaS

Posted in: Big Data, data managment, Enterprise Apps, Infrastructure, IT Management, SaaS, SaaS applications, SaaS security, Security, software security - Sep 10, 2021

Major enterprises are increasingly turning to Software-as-a-Service (SaaS) solutions to drive greater agility and cost efficiency throughout the business. However, the path to results has been paved with more than a few challenges, including systems integration, data migration, and most significantly, new security concerns.

Adaptive Shield’s SaaS Security Survey Report 2021 examines a variety of issues related to SaaS adoption, but primarily focuses on the different types of security and the role stratifications enterprises often overlook in SaaS management. Read on to learn about the security challenges many organizations face in their SaaS development, as well as the rewards these organizations can reap when SaaS is handled with care.

Also Read: Why Is Risk Management Important?

Optimizing Your SaaS Experience

SaaS Security Survey Report Demographics

In May 2021, Adaptive Shield surveyed 300 InfoSecurity professionals from North America and Western Europe, focusing on companies with 500+ employees. Although there was some diversity in the roles of people surveyed, the majority of survey participants fell into one of the following job categories:

  • Cybersecurity/InfoSec
  • IT
  • SecOps
  • Cloud Security Architects
  • SaaS Security Architects
  • Security Engineers
  • Risk Assessment Vendors
  • Forensics Experts

Some other important metrics to note from the study:

  • Companies of all sizes, starting with at least 500 employees, were surveyed; however, smaller enterprises made up the majority of the surveyed population, with 41% of survey participants falling in the 500 to 1,000 employee count range.
  • Over half of all participants surveyed were from the United States, with additional participants from Canada and the United Kingdom.
  • The survey primarily targeted executives within these businesses, with most participants holding a manager position or higher.
  • The five industries most heavily represented by these results are financial services, technology, e-commerce and retail, energy and utilities, and industrials.

User-Based Security Ideas: Access Control Security Best Practices

SaaS Security Survey Report Findings

Adaptive Shield’s survey mostly discusses a newer security solution that many companies are looking to adopt: SaaS security posture management (SSPM). Cloud security posture management (CSPM) and cloud access security broker (CASB) tools have been a key part of cybersecurity models for many years. But SSPM is working to fill a gap in security directly at the SaaS application level, rather than at the greater cloud and cloud-to-application layer levels.

In this study, Adaptive Shield identifies SaaS application misconfiguration as one of the biggest problems organizations face. Consequently, SSPM is a solution many companies are selecting to help them better monitor and detect problems with application configurations. 

An SSPM tool’s main goals are to assess security risks, identify misconfigurations across SaaS applications, and provide deep visibility and detection for security hygiene maintenance. Although SSPM solves many of the major misconfigurations that organizations face, mismanaged SaaS applications and company roles continue to be a problem for cloud and application security.

The Biggest Challenges of Enterprise SaaS

According to the report, 85% of surveyed companies believe SaaS misconfiguration is one of three top security threats to their organization. Interestingly though, only 27% of surveyed companies check for SaaS configurations on a weekly basis, while 73% check monthly or even less. 

A trend found within this study: the more SaaS applications your organization manages (50+), the less likely you are to monitor their security status on a weekly basis. Although the infrequency of SaaS application monitoring in major enterprises seems paradoxical, there are several reasons for the seeming cognitive dissonance: 

Large Companies and Stratified Roles

Companies with highly stratified specialties and roles may not feel the need to dedicate security personnel to SaaS maintenance specifically. They instead turn to sales, marketing, and product owners who are familiar with the SaaS tool. However, these personnel are likely unfamiliar with important security maintenance requirements for these apps.

The Speed of SaaS Development and Adoption

SaaS apps have grown dramatically in variety and functionality, and many companies have bought into them at an equally rapid rate. As the number of apps to manage grows, unless a focused SaaS security automation tool is in place, it becomes increasingly challenging for internal teams to audit a large portfolio of SaaS tools on a regular basis.

The Growing Attack Surface

Beyond the growth of actual SaaS tools in companies, there’s also the sprawl of users and company tools across the globe. The attack surface of enterprise networks has grown with remote work, turning more users into vulnerable access points for attacks as they move further away from company data centers and traditional protocols. 

When users who aren’t security professionals receive unmitigated access to SaaS applications and their management, organizations run a high risk of application misconfiguration, as well as potential phishing and unauthorized access. In larger organizations with thousands of employees, it becomes nearly impossible for the security team to actively monitor vulnerabilities across all users and devices each week.

More on remote work and security: VPNs, Zero Trust Network Access, and the Evolution of Secure Remote Work

The Biggest Rewards of Enterprise SaaS

When SaaS applications are managed well, they offer a variety of benefits to the organizations that use them:

  • SaaS apps are typically easier for non-technical users to understand, which further democratizes IT across an organization.
  • Unlike many traditional applications, SaaS apps are hosted on the cloud, which offers all of the benefits of cloud access to company users — like real-time collaboration, updates, and cloud security offerings.
  • Third-party hosts typically manage SaaS application platforms. So even if your internal team lacks technical expertise, resources from the third-party company help your team use tools optimally.
  • Most software-based and on-premises applications require a lump-sum purchase model. But with the cloud-based structure of SaaS, companies can subscribe to the tools, often in a pay-as-you-go model.

The rewards associated with SaaS are numerous, but their consequences can be even greater if your organization and third-party providers don’t take the necessary steps to protect SaaS tools. 

Talk to your SaaS providers about the security options they provide, ensure that internal SaaS users learn to work with security best practices, and consider investing in tools like SaaS security posture management to provide extra protection and support for your SaaS applications.

Read Next: Best Threat Intelligence Platforms & Tools for 2021

The post Biggest Challenges & Rewards of Enterprise SaaS appeared first on CIO Insight.

top

What Is Fully Homomorphic Encryption (FHE)?

Posted in: big data security, data security, encryption, FHE, fully homomorphic encryption, IBM, News & Trends - Sep 10, 2021

Company leaders are continually looking for ways to keep data safe without compromising its usability. Fully homomorphic encryption (FHE) could be a step in the right direction.

What Is Fully Homomorphic Encryption?

Fully homomorphic encryption allows the analyzing and running of processes on data without needing a decryption method. For example, if someone wanted to process information in the cloud but did not trust the provider, FHE would allow sending the encrypting data for processing without providing a decryption key.

Read more: Creating a Cloud Strategy: Tips for Success

How Does Fully Homomorphic Encryption Work?

FHE is like other encryption methods that require using a public key to encrypt the data. Only the party with the correct private key can see the information in its unencrypted state. However, FHE uses an algebraic system that allows working with data without requiring decryption first. In many cases, information is represented as integers, while multiplication and addition replace the Boolean functions used in other kinds of encryption.

FHE uses an algebraic system that allows working with data without requiring decryption first.

Researchers first proposed FHE in the 1970s, and people became interested back then. However, it has taken substantial time to turn these concepts into feasible real-world applications.

A researcher showed it was plausible with his 2009 published study. However, working with even a tiny amount of data proved too time-intensive. Even now, FHE can require hundreds of times more computing power than an equivalent plaintext data operation.

What Advantages Does FHE Have Over Other Types of Encryption?

Data is at a higher risk of becoming compromised when it’s not encrypted. FHE keeps the information secure by not requiring decryption to occur for processing to happen.

In one recent example, Google released an FHE-based tool that allows developers to work with encrypted data without revealing any personally identifiable information (PII). Google’s blog post on the subject gave the example of FHE allowing medical researchers to examine the data of people with a particular condition without providing any personal details about them.

Encryption takes private information and makes it unreadable by unauthorized third parties. However, something that makes people particularly excited about FHE is that it eliminates the tradeoff between data privacy and usability, making both present at a high level.

Read more: Data Collection Ethics: Bridging the Trust Gap

Is Fully Homomorphic Encryption Safe?

Many people familiar with FHE and its potential applications agree that it seems safer than other methods of data protection, which require decrypting data for processing. It could be particularly widely embraced in certain sectors. After all, cloud computing brings in $250 billion per year.

Experts believe FHE will emerge as a compelling option in tightly regulated industries.

People are continually interested in how to keep their data safe when stored in the cloud. Some experts also believe FHE will emerge as a compelling option in tightly regulated industries because it could become a better safeguard against breaches.

“Past solutions to either completely anonymize data or restrict access through stringent data use agreements have limited the utility of abundant and valuable patient data,” IBM notes on its site. “FHE in clinical research can improve the acceptance of data-sharing protocols, increase sample sizes, and accelerate learning from real-world data.”

What Are the Business Use Cases of FHE?

Fully homomorphic encryption could forever change how companies use data. That’s crucial, especially considering how many businesses collect it in vast quantities at a time where many consumers feel increasingly concerned about keeping their details safe.

For example, FHE allows keeping information in an encrypted database to make it less vulnerable to hacking — without restricting how owners can use it. That approach could limit an organization’s risk of regulatory fines due to data breaches and hacks.

It also permits secure data monetization efforts by protecting customers’ information and allowing services to process people’s information without invading privacy. In such cases, individuals may be more forthcoming about sharing their information, knowing in advance that business representatives cannot see certain private aspects of it.

Using an FHE-based solution also enables sharing data with third-party collaborators in ways that reduce threats and help the company providing the information comply with respective regulations. Thus, this kind of encryption could support research efforts where people across multiple organizations need to work with sensitive content.

Read more: Data Analytics vs Data Science: What’s the Difference?

Which Companies Offer FHE Products?

Fully homomorphic encryption is not widely available in commercial platforms yet. However, some companies offer products based on homomorphic encryption that could eventually work for the use cases discussed earlier.

For example, Intel has such a product that allows segmenting data into secure zones for processing. Similarly, Inpher offers a product with an FHE component. It primarily uses secure multiparty computation, but applies FHE to certain use cases.

IBM says FHE is now adequate for specific use cases.

Beyond those examples, IBM has a fully homomorphic encryption toolkit that it released for iOS in 2020. That progress primarily occurred after IBM’s experts took it upon themselves to make FHE more commercially feasible, addressing the time and computing power that it previously took to use this type of encryption.

The company’s representatives say FHE is now adequate for specific use cases and suggested the health care and finance industries as particularly well suited to it.

Fully Homomorphic Encryption Shows Potential

Since FHE is not widely available via commercial platforms yet, interested parties should not expect to start using it immediately. However, that could change as organizations become increasingly concerned about striking the right balance between data security and usability.

The ideal strategy for businesses to take now is to explore the options currently on the market. They can then determine if any of those options check the boxes for helping them explore fully homomorphic encryption, including what it might do in the future and what capabilities exist now.

Read next: AI vs Machine Learning: What Are Their Differences & Impacts?

The post What Is Fully Homomorphic Encryption (FHE)? appeared first on CIO Insight.

top

Tips for Implementing Scrum Best Practices

Posted in: agile manifesto, agile scrum practices, best practices, IT Strategy, Project Management, Scrum, scrum definition - Sep 10, 2021

Agile development is all about continuous improvement, and scrum — an iterative and incremental agile software development framework — helps get it done. Here are 10 tips for implementing scrum best practices.

Read more: Best Agile Project Management Tools for 2021

Agile Transformation Takes Time

Moving to an agile framework changes not only the way projects are implemented, but also an organization’s culture from managing contracts to delivering maximum business value in the shortest time. This shift will be gradual, but don’t let the time it takes discourage you from reaching your goal.

Principles Facilitate Scrum Best Practices

Successfully performing agile techniques means fully embracing agile principles and focusing on people, interactions and culture. This cultural shift will make the practices more sustainable in the long run.

Keep Your Rollout Simple

Agile tools shouldn’t be overemphasized. Don’t spend time getting a tool up and running instead of focusing on getting people to work together. The Agile Manifesto values individuals and interactions more than processes and tools.

Empower Your Scrum Team

Allow people on your team to make mistakes. They are more likely to learn from their errors if they have a sense of ownership over their work. Scrum masters exist to serve their team — not the other way around.

Maintain an Updated Backlog

Keep your product backlog up-to-date and filled with plenty of relevant work for your team. Because agile development is iterative, there is almost always something to improve or refine. More work will get done if your team has a robust list of high-value features to develop.

Don’t Hide Behind the Scrum Master

Your team members know their problems better than anyone else. Encourage them to articulate their issues directly to the Product Owner. This will help build a flatter, more efficient team structure and reduce miscommunications.

Designate a Product Owner

Ensure that your product owner is involved in the day-to-day activity of the project team early. The more engaged they are, the fewer changes and revisions will have to be made later.

Hold Consistent Daily Standups

Keep standups consistent, to-the-point, and respectful of your team’s time. When done correctly, a good standup will help increase transparency and communication — preventing issues from snowballing.

Encourage Transparency

Open communication is the key to quick issue resolution. To encourage transparency, build a “free to fail” atmosphere in which team members feel safe enough to ask when they need help.

Conduct Retrospectives

Sprint retrospectives are not optional. Agile is about continuous improvement. Progress cannot be realized without reflecting on how we work, what we do well, and what we can do better.

Learn more about Agile best practices: Agile Project Management Methodology & Principles

The post Tips for Implementing Scrum Best Practices appeared first on CIO Insight.

top

Conducting Post-COVID-19 Analytics with Limited Data

Posted in: Business Intelligence - Sep 10, 2021

The past year left companies with a dearth of reliable information on their customers, but there are ways to make the most of what you do have.top

Best Malware Removal & Protection Software for 2021

Posted in: anti-malware, anti-malware software, anti-malware solutions, anti-virus/malware, avast, AVG, BitDefender, Cisco Umbrella, ESET, IT Strategy, malware, malware protection, Malware Removal Tool, malware threats, McAfee, Norton, Security - Sep 09, 2021

As a member of Senior IT, you want to select the best malware protection software for your organization. Whether it’s a zero-day exploit via adware, an attempted ransomware lockdown, or a trojan horse trying to run amok on your network, you want these malware bandits to be neutralized as fast as possible.

Time is of the essence to mitigate risk. The goal of malware protection tools is identifying suspicious files such as adware, keyloggers, spyware, trojan horses, worms, and viruses to quickly minimize potential damage to a business network’s devices. Malware is popular among cybercriminals and a constant threat, as it’s used to gain leverage over businesses for financial gain.

Table of Contents

Malware Protection Software Comparison

VendorCloud-Based
Protection
VPN ServiceAdware
Protection
Compatibility
with PC, Mac,
Android & iOS
Business Size
Cisco Umbrella with Secure Endpoint✅✅✅✅Midsize to Large
Avast CloudCare✅✅✅✅Midsize to Large
AVG Antivirus Business Edition✅✅✅❌Small to Midsize
ESET PROTECT✅❌❌❌Small to Midsize
Bitdefender GravityZone✅✅❌✅Small to Midsize
McAfee MVISION Cloud✅✅❌✅Midsize to Large
Norton Small Business✅✅❌✅Small

Remote and hybrid work environments are more prevalent today than ever. The need to protect an organization’s endpoint devices from malware attacks is essential. The comparison chart above lists a few of the many cloud-based malware protection tools available; each can provide remote malware protection as if the laptop were physically connected to the business network. When compiling our list of the best malware protection software, we included solutions appropriate for small, midsize, and large businesses.

Any malware protection software that did not offer USB scanning or scheduled scanning was not considered for review. Remote work locations offer an increased potential to introduce malware via the USB port; therefore, scanning a USB connected device at any time is paramount to minimizing any possible malware attack. The malware vendors we selected are strong candidates for protecting your network, with slight variations in the services offered based on your individual needs.

Read more: VPNs, Zero Trust Network Access, and the Evolution of Secure Remote Work

Back to top

Best Malware Removal & Protection Software

CISCO Umbrella

Cisco Umbrella protection starts with internet infrastructure devices, which are the network devices, web servers, internet servers, and transmission media to connect computers. Cisco Umbrella attempts to prevent any malware from penetrating the network at the frontline, internet infrastructure level using its interactive threat intelligence data.

CISCO Umbrella screenshot

Combining Cisco Umbrella with Cisco Secure Endpoint makes it a comprehensive business malware protection package. Secure Endpoint adds another layer of protection, should the malware get to any endpoint device. Secure Endpoint provides malware protection to cell phones, tablets, desktops, and laptops connected to the business network or remotely through the cloud.

Endpoint protection continually communicates with the most updated intelligence to mitigate any potential malware threats on endpoint devices. This comprehensive malware protection bundle is designed for large organizations, but very capable of supporting the midsize and small organizations that can afford it.

Avast CloudCare

Avast CloudCare offers a total cloud-based malware protection package with a couple of additional features. Avast adds an additional level of encryption for passwords you want to protect, along with a WiFi inspection. That tool scans your computer to minimize the chances of malware infiltrating a computer or network.

Avast CloudCare screenshot

Avast advertises its product for small businesses with a hundred employees or less, but it also says its CloudCare solution can support up to a thousand devices globally. Avast’s key features are customizable data protection modules and an updated application control interface.

Avast uses a concept called behavior, web, and email, shields to protect businesses against suspicious requests or malicious emails. Also, Avast employs a data shredder that overwrites any deleted files — making it impossible for anyone to recover files in a data breach. SharePoint safeguarding is used to scan for malware on any uploads or downloads on business servers. Evaluators of the CloudCare solution liked the anti-spam capabilities for email, the WiFi inspector, and the ability to remove bad plugins.

AVG Antivirus Business Edition

A key feature of AVG is its built-in artificial intelligence (AI) that detects and prevents a malware outbreak to the network. AVG uses behavioral analysis with statistical testing to provide ransomware protection.

AVG Antivirus screenshot

Another advertised feature of AVG is that this antivirus software provides identity protection. This product is designed for small businesses; it’s suitable for any small business that needs to protect clients’ personal information. The AVG cloud management console allows a business owner to remotely monitor threats, schedule scans or updates, and protect devices.

The ability to remotely manage devices is what evaluators liked most about AVG cloud solutions. The evaluators also complimented the safety rankings displayed for each web page opened.

ESET PROTECT

ESET provides malware protection services for small to midsize businesses. ESET addresses cybersecurity in a twofold process, offering cybersecurity training and a cloud-based malware protection solution. ESET recognizes that human error contributes to over 90% of malware breaches and thus offers extensive cybersecurity awareness online training.

ESET screenshot

Senior IT management can invest $1,625 to train 100 employees on cybersecurity best practices. Combining the user training with an ESET cloud-based malware protection solution is a good starting point for a business looking to improve its cybersecurity posture.

Some cybersecurity experts describe ESET as good, but not a top-of-the line cybersecurity solution. ESET is known to provide reliable detection against malware, and it’s touted as being effective against zero-day attacks. ESET’s Host Intruder Prevention System (HIPS) module has shown to be very reliable at recognizing ransomware attacks and neutralizing them. Further, ESET’s user-friendly graphical user interface (GUI) makes it easy to use and set up.

Bitdefender GravityZone

Bitdefender is reviewed as one of the better malware protection solutions. This vendor’s package creates several layers of protection before malware can attack a computer or server. Bitdefender uses risk analytics to highlight a device’s vulnerability to malware. From this same risk management dashboard, a cyber-technician can make changes to configuration settings to reduce device vulnerabilities.

Bitdefender screenshot

Bitdefender features advanced threat prevention that minimizes the need for manual intervention. The advanced threat security (ATS) module is an add-on that provides an additional method to discover hard-to-detect malware. ATS contains three sub-modules all designed to stop malware from fully executing:

  • HyperDetect: Uses machine learning to stop malware attacks before execution
  • Fileless Attack Defense: Inspects command code in memory, and prevents code from executing scripts using PowerShell or the Command prompt
  • Sandbox Analyzer: Fully executes malware files to be used in identifying other similar malware files

Evaluators of Bitdefender GravityZone like the easy-to-use interface, and the ability to manage user access to web sites and applications.

McAfee MVISION Cloud

McAfee has expanded its services well beyond the typical antivirus software for home use. McAfee MVISION Cloud services allow a business to manage its cloud-based applications across multiple cloud computing services, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

McAfee screenshot

MVISION is a multi-cloud management solution that can enforce policies based on business content rules. Once MVISION is implemented, it can protect against any cloud threats across all cloud computing services. MVISION is omnipresent for a business network on any cloud computing service, with the ability to take control over data or cloud activity from any console.

MVISION can identify any potential insider threat through machine learning, as well as identifying suspicious user behavior. This McAfee product can identify inactive accounts or an account with elevated access that is not needed by the account holder. Based on behavior analysis, MVISION can identify malware and initiate on-demand scanning using real-time historical data to determine if the file is malware. McAfee’s MVISION has a plethora of state-of-the-art cloud options, making it very attractive for managing cloud-based business transactions.

Norton Small Business

Norton is a popular antivirus software package among consumers, but its business solution is also attractive. Norton Small Business reviews state it’s a very effective malware protection solution. For instance, Norton has a “find device” feature that can send alarms when a mobile phone or iPad is misplaced, pinpointing a user’s lost devices. With remote lock or wipe, Norton can prevent data on Android phones from being compromised.

Norton screenshot

The Norton Small Business package can support up to 20 devices at a reasonable cost. Norton helps keep costs low for small businesses by prorating the price for any new devices added throughout the annual cycle. Norton’s web-based management portal allows you to see all registered devices and identify any devices at risk. The Norton Small Business solution had favorable features and positive feedback from evaluators.

Back to top

How Do Malware Protection Tools Work?

To identify and remove malware, malware protection tools use three methods. First, Malware protection tools can use a definition file, known as a blacklist or malware signatures. The malware protection software then compares suspicious files against known operational behavior of files on the blacklist. It then flags the suspicious file for removal if the behaviors are the same. Antivirus also uses a similar signature-based detection to identify suspicious files.

The second malware protection methodology uses heuristics, or behavioral analysis, to identify suspicious files. A file can be identified as suspicious if it behaves in a manner that exhibits malware behavior, such as removing important files from a networked device. Anti-malware can isolate a file it has never seen before; conversely, antivirus software can never isolate a threat it has never before seen. The downside to heuristics is it can give false positives.

The last anti-malware method is called sandboxing, where a suspicious file is moved to a sandbox for further observation to determine if it’s malware.

Back to top

Malware Protection Software Features

Good malware protection tools provide the following protections for business devices:

  • Real-time malware protection: Any time a file is accessed, the file is scanned.
  • Vulnerability protection profiles: Prevents malware from exploiting system vulnerabilities and gaining access to devices. It also protects against illegal code execution and buffer overflows.
  • Scheduled scans: Flexibility to do impromptu scans helps mitigate potential zero-day attacks. Additional scanning options can be narrowing down to a specific file size, or excluding certain file extensions from being scanned.
  • Protecting remote devices: The software can issue password change reminders, use data encryption, test security, and limit data access to essential personnel only.
  • Anti-phishing protection: Software packages can contribute to employee education, as well as blocking suspicious emails and scanning email for any malicious content.

Back to top

Select the Best Malware Protection Software for Your Business

As you can tell, many of the good malware protection tools provide similar functionality to protect the network and its devices. One easy selection criterion is determining the number of employees or devices requiring protection. Another is cost.

What is a business willing to pay for a good malware protection tool? Identify your cybersecurity requirement in its totality, and then Senior IT needs to invest the dollar amount needed to meet that defined requirement.

Read next: Top Cyber Security Threats to Organizations

The post Best Malware Removal & Protection Software for 2021 appeared first on CIO Insight.

top

Daman News and Events

This showcases our company news and upcoming events. Please check back as this page will change frequently.