News

Hiring Crunch Hits IT

Posted in: Blogs, Careers, Hiring, hiring challenges, IT hiring, IT hiring challenges - Aug 20, 2021

A number of factors are combining to make IT hiring more difficult. This includes a COVID-19 induced reticence about returning to work, insistence from companies that employees return to the office, and of course, a skills shortage.

Teams Are Struggling

A surge of cyberattacks has companies scrambling to step up security and IT hiring. Yet these resources are becoming difficult to find, according to a study by Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). It found that 57% of the nearly 500 organizations surveyed noted a worsening cybersecurity skills crisis.

“For business and cybersecurity professionals, the data should be seen as a set of guidelines for maximizing cybersecurity investment, improving cybersecurity job satisfaction, and aligning cybersecurity with the business mission,” said Jon Oltsik, an analyst at ESG.

Among the study’s key findings:

• 62% respondents experienced rising workloads for the cybersecurity team
• 38% have unfilled open job positions
• 38% also noted high levels of employee burnout
• 95% said the skills shortage has not improved over the last few years
• 44% said the skills shortage worsened

Skill Shortages Abound in IT Hiring

There are general shortages of personnel within IT and cybersecurity. But there are acute shortfalls when it comes to cloud security, analytics, security investigation, and application security. The sad part of the situation is that while businesses are well aware of the shortages, they aren’t investing or acting in a way to remedy it.

Read more: How a Cybersecurity Incident Hurts Your Brand

“There is a lack of understanding between the cyber professional side and the business side of organizations that is exacerbating the cyber skills gap problem,” said Candy Alexander, Board President, ISSA International. “Both sides need to re-evaluate the cybersecurity efforts to align with the organization’s business goals.”

The study found that almost two thirds of respondents felt their organization could be doing more to address the cybersecurity skills shortage. To emphasize the lack of effective action, 38% said failure to offer competitive levels of compensation was the biggest factor in the skills shortage, with three quarters of organizations confessing to difficulties in recruitment.

To make matters worse, a third of CISOs said they would be willing to bail on their current organization if someone offered more pay.

HR Issues

A disconnect between HR and IT seems to lurk behind some of the hiring and skills shortage woes. In the survey, 39% believe more investment in cybersecurity training for candidates and new hires could help ease the situation. The vast majority of organizations failed to pay personnel for the recommended 40 hours of training per year.

Job postings, too, were problematic. Some felt that HR tends to aim to high in requirements, demanding too much from experience, qualifications, certifications, and specific technical skills. Yet such lofty requirements often don’t marry up with the annual salaries offered to applications. The result is long waits before anyone is hired.

Read next: Are Your Containers Secure?

The post Hiring Crunch Hits IT appeared first on CIO Insight.

top

The Future of IT Is Hybrid: Four Tips for CIOs to Find Success

Posted in: Blogs, hybrid workforce, Leadership, remote teams, remote work, remote workforce - Aug 18, 2021

A major lesson most CIOs have learned in the past 18 months is the importance of being agile and open to change. The teachings of this lesson will remain important as we head into the rest of 2021. However, one business trend that probably won’t change is employees’ receptiveness to hybrid work.

Hybrid Work Is the Next Normal

According to a study we conducted in partnership with Pulse, the majority (52%) of IT and engineering leaders anticipate that their team structures will follow a hybrid model until the end of the year. Close to a third (31%) believe their team structure will continue to be fully remote, while only 17% believe they’ll be in-office full time.

While the majority of organizations will continue to operate remotely for the remainder of 2021 in one way or another, enabling a “digital-first, remote-first” mentality is critical for success. It’s also clear that “anywhere operations” models remain vital for organizations to retain talent.

According to a Morning Consult survey, almost 40% of polled Americans would quit their job if their bosses weren’t flexible about their organization’s work-from-home policies. Similarly, an April survey by FlexJobs found that 58% of 2,100 respondents would “absolutely” look for a new job if they couldn’t continue remote work in their current role. Only 2% of its respondents said they wanted to work in the office full-time.

The Great Resignation is upon us. Here are four things for CIOs to consider as they empower their organization for hybrid work and retain (and gain) great IT talent into the next normal.

Your Team and the Power of the Cloud

It’s easy to peg remote work as a trend or fad caused by the pandemic, but the technology behind it is something IT teams have leveraged for years to support colleagues in different offices or countries.

Companies and their IT functions have done this by using cloud platforms, virtual desktop interfaces (VDIs), and collaboration tools and apps that can be accessed from anywhere that has a secure internet connection, allowing for “business as usual” — even in unusual circumstances.

Organizations need to implement technologies and infrastructure that allow work to continue seamlessly.

Leveraging this technology beyond IT and across the organization will allow teams to continue to be productive. Organizations need to implement technologies and infrastructure that allow work to continue seamlessly, even outside a physical office.

Cloud-based systems that securely centralize customer information and internal tools are just an example of operations that will allow for business to be accessed, delivered, and enabled from anywhere.

Finally, it will be imperative for CIOs to provide team members with tools powered by cloud technology to enable effective and efficient collaboration. That way, everyone is on the same page whenever there’s an issue. Beyond the scope of work, these collaboration tools also empower team members to connect more effectively with each other, promoting engagement and connection in a remote or hybrid working environment.

Read more: Cloud Cost Management: Tips & Best Practices

The IT Help Desk

According to Gartner, 25% of customer service operations will involve a chatbot or other virtual assistant daily by the end of 2021, further creating a world in which businesses aren’t limited by “regular” hours of operation. Automating support services (such as IT and HR inquiries) with the use of chatbots may be the key to getting team members the support they require swiftly, with 24/7 availability, as we work remotely.

When we implemented a chatbot to support password resets and account unlocks on behalf of our IT service desk, our team members were able to access their accounts in half the time while their IT service desk colleagues were able to focus on taking on more complex tasks.

Further to this, we also saw that our IT service desk team members were more engaged post-chatbot implementation, largely due to their ability to focus on more challenging work, and we experienced reduced attrition levels overall.

The Importance of Security

Security in the remote age is tricky, no matter the industry. Each business, depending on the output, will deal with security differently. At TELUS International, a key part of our work-from-home approach is leveraging a virtual desktop interface (VDI) to securely connect employees to work on any device from anywhere that has a secure internet connection.

As the VDI is hosted in a secure cloud environment, it can be deployed quickly and easily through a unified approach, thereby streamlining the workload on IT teams during the deployment process and beyond.

While the ability to work from anywhere is possible, security should never be an afterthought.

CIOs should be aware of their team members’ place(s) of work in this new hybrid-work world. While the ability to work from anywhere is possible thanks to cloud solutions, security should never be an afterthought. Technology leaders must educate themselves and their teams on the dangers of weak security.

Teaching safety and security best practices such as always locking computers, keeping network passwords encrypted, and ensuring devices (personal or not) are up to date with the latest security updates can be the difference between a normal and a very bad day at work. Take the time to implement these learnings — your staff and end-users will thank you in the long run!

Read more: How a Cybersecurity Incident Hurts Your Brand

Conduct Frequent Check-Ins

If the wellbeing and engagement of your entire team was a top priority before the pandemic, it should be even more so now. Technologies accessed through the cloud and supported by the IT team can allow the rest of the global team to feel connected to one another despite the distance.

Now that many aren’t in a physical workspace, it’s important to offer opportunities to connect virtually and develop closer connections. Don’t underestimate the value and impact of a virtual coffee chat!

Having leadership that cares for its team has never been more important as we continue to work remotely. We conducted a study in 2020 that found that the vast majority (90%) of U.S. workers agree that someone can be a great leader whether in-person or virtually.

According to respondents, these are the top components of a thoughtful remote check-in from a manager or company leader:

• A manager asking how they can help the employee (60%)
• Sharing updates on the state of the business (51%)
• Creating employee development plans and suggesting new learning opportunities (47%)

As we embark on this next normal, ensuring your team knows where to find you will help them remain connected and engaged at work. And in turn, this will motivate them to provide thoughtful and helpful support to one another as well.

CIOs Must Be IT Cheerleaders

For companies to be successful in the future of work (and life), they must equip their IT teams with technology that will support their work, no matter their location. CIOs must act as their IT teams’ cheerleaders, gauging what technology is working well, and which isn’t working, to effectively enable their teams.

As the world continues to be impacted by the COVID-19 pandemic, brands should take this opportunity to create a workforce strategy that encompasses the best of different technologies (and the workstyles they empower) to better prepare for the future.

Read next: 9 Key Considerations When Building a Global Data Science Team

The post The Future of IT Is Hybrid: Four Tips for CIOs to Find Success appeared first on CIO Insight.

top

Top Business Continuity Software for 2021

Posted in: business continuity, business continuity management, business continuity planning, continuity, disaster recovery/business continuity, IT Strategy, Security - Aug 17, 2021

There is a lot of complexity and technology that goes into business continuity planning (BCP) software and tools. Whereas disaster recovery (DR) products are involved with recovering data and applications following a massive data loss, cyberattack, or disaster, BCP tools take things a stage further.

BCP software and tools encompass DR and all the aspects of continuity planning, including the documentation of recovery plans, personnel organization, the processes and procedures to be followed, and a whole lot more.

Read more: How a Cybersecurity Incident Hurts Your Brand

Core Functions of Business Continuity Solutions

There are certain core functions that should be in place for business continuity planning. These include:

Backup

The traditional approach is to always maintain two backup copies of each cycle: one copy onsite and one offsite. The sole reason for the onsite copy is to service fast restores. When called upon, the backup sets protect against two different needs: operational restore and disaster restore.

RPO and RTO

It is important to align Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) with ongoing data expansion, as well as economics. It is all very well to set severe RPO and RTO targets, but there comes a point when the cost spirals out of control.

Business Continuity Planning

Executives and key stakeholders should be involved in the planning phase, along with department heads. Ideally, the plan should ensure the business can keep employees safe and operations running in the event of fire, cyberattack, trouble with a vendor, or anything else that could occur.

The plan must address questions such as:

• How much downtime can the business afford?
• If equipment fails, how much data can the business afford to lose?
• What actions must the company take following a disaster, and what are the objectives?

The plan should make it possible to cope with a large disaster, a major data breach, an interruption of the line of succession, or the closure of a critical vendor.

Read more: How to Create a Business Continuity Plan

Documentation

Someone must gather the key pieces of information on the plan, ensure it is documented, and lay down the appropriate protocols and procedures clearly. In terms of employees, the documented plan should assign who does what, how they can be contacted, and what their role is if something goes wrong.

Vendors need to have a fallback if something goes wrong. The workings of all equipment and their dependencies should be diagramed out. The plan must encompass desktops, servers, and more. Standard operating procedures, too, must be created.

Testing

Schedule time to test scenarios and ensure what has been planned is actionable and functional. This includes fire and earthquake drills, as well as testing backup and recovery plans to ensure servers and other critical equipment can be restored promptly.

Top Business Continuity Software

There are plenty of options for server business continuity software. CIO Insight selected the following, in no particular order:

Arcserve Business Continuity Cloud

Value Proposition

Arcserve Business Continuity Cloud is cloud hosted. It combines backup, availability, and email archiving to eliminate downtime and data loss from applications and systems in any location. Its goal is to solve all data protection challenges as a single vendor, with a broad data protection portfolio that can protect any environment, small or large.

Key Differentiators

• Prevents downtime
• Restores SLAs
• Automatically tests
• Safely moves data without draining bandwidth
• Restores data under any circumstance
• Scales as you grow
• Supports corporate compliance
• Multi-cloud and cross-cloud data protection
• Live cloud migration without downtime
• Integrated cybersecurity protects on-premises and in-the-cloud environments from data loss and ransomware
• Manage explosive data growth with scale-out storage solutions protected by immutable snapshots

Quantivate

Value Proposition

Quantivate Business Continuity Software reduces the time spent managing and maintaining plans. It enables the organization to develop implementable business continuity and disaster recovery plans, keeps plans up to date, and increase the availability of critical operations. It uses a repeatable methodology that removes single points of failure in processes and technology. This ensures quantifiable risk measurement capabilities and allows business continuity and disaster recovery data to be harnessed for the greater governance, risk, and compliance (GRC) good.

Key Differentiators

• Understand connections and dependencies across the organization through integrated data-sharing
• Guided processes to develop a complete continuity program, rather than disconnected activities and data silos
• Digitize and centralize BC/DR plans and other documentation
• Record organizational procedures for disasters, emergencies, and other unexpected incidents
• Built-in tools to identify critical processes, analyze risks and their impact, test the efficacy of plans, and respond to incidents
• Access plan templates, a built-in editor tool, and optional consulting services

FalconStor StorGuard

Value Proposition

FalconStor StorGuard is a heterogeneous continuous replication software that operates between the application servers and target storage systems to protect the data. It logs every write to the server and enables a single RPO across the stack. It operates on-premise, in cloud, and on tape backups, and offers IT the ability to find the right mix of backup, security, and business continuity. FalconStor’s StorGuard and StorSafe are heterogeneous software that enable organizations to standardize their process and knowledge bases, achieve security, and avoid vendor lock-in.

Key Differentiators

• Takes application-consistent snapshots of mission-critical servers so a user can recover all components of the application to a single RPO
• Can operate on a LUN-by-LUN basis from one disk array to another
• A second copy of data can be kept for safety, or used to migrate across arrays, data centers, colos, or public clouds
• StorGuard can copy entire sites of virtual machines and volumes to a new remote site, or even to a public or private cloud to failover
• FalconStor’s companion product, the StorSafe disk-based backup target, has deduplication rates of 20:1 or greater
• Copies can be made on tapes to be sent offsite, or copies can be run at a remote site or cloud
• All changes are continuously replicated from on-premise to remote copies
• All transmissions done over encrypted links, and all data at rest encrypted with AES256

Datadobi DobiProtect

Value Proposition

Datadobi DobiProtect deals with data protection, helping companies protect unstructured file and object data from cyber threats such as ransomware, accidental or malicious deletion, and file system bugs that can cause data loss. It enables users to make a copy of data between any NAS or object storage system on-premises or in the cloud.

Key Differentiators

• Copy can be isolated from the primary systems through an air gap via tape
• DobiProtect can use any system as a target, as it is vendor and protocol independent
• In the case of loss of data on the primary, the copy can be recovered to any storage system
• Select the most critical folders or files to restore first
• Where data is being stored on the same protocol (NAS-to-NAS or Object-to-Object), can failover users and applications to the copy
• Scales to any size system based on Datadobi’s unstructured data management engine
• Vendor neutral

StorCentric DMS

Value Proposition

The StorCentric Data Mobility Suite (DMS) empowers organizations to move data to where it needs to be. It offers the ability to copy and move data to the environment(s) that will ensure operations and business functions are not impacted by an outage or disaster. It provides vendor-agnostic file migration, replication, and synchronization across storage environments — including disk, tape, and public or private clouds. DMS is deployed on a non-proprietary server, integrates with current infrastructure, and makes data management and business continuity easier.

Key Differentiators

• Policies are configured for the organization’s requirements
• Supports S3-compatible clouds
• Seamless movement of data in and between heterogenous, hybrid, and cloud infrastructures
• Streamlines data movement onto new systems by ingesting legacy files with filtering and continuous incremental updates
• Tackles data flow requirements from any storage platform to another
• Enables files to be synchronized across multiple storage repositories, including disk and tape, as well as cloud providers
• Complete visibility and management control for replication and content distribution
• Includes an object storage cloud connector supporting Amazon S3, Google Cloud Storage, Backblaze B2, Wasabi, and IBM ICOS, and others

DH2i DxEnterprise

Value Proposition

DH2i DxEnterprise delivers enhanced high availability (HA) and DR capabilities to ensure business continuity. It was engineered to improve the performance and resilience of transaction processing workloads found in financial services, as well as other sectors running on top of Microsoft SQL Server. As such, it offers improved SQL Server database resilience, zero trust security, and scalability across private and public clouds, as well as between on-premises and remote locations.

Key Differentiators

• Cross-cloud, hybrid IT, and datacenter-to-datacenter clustering technology
• Enables high availability, distributed SQL Server clusters on Linux without the complexity and performance limitations of traditional clustering, replication, and VPN technologies
• Standardizes HA and DR by combining failover instances in a single DxE cluster
• Delivers scalable end-to-end multi-subnet automatic failover management for sub-15 seconds RTO
• Accelerates SQL Server performance with Express–tunnel technology
• SDP technology provides secure multi-site, multi-cloud network communications that eliminate VPN-associated lateral network attack surfaces
• Reduces costs by eliminating multiple clustering (WSFC or Pacemaker), replication, and VPN technologies
• Health and performance QoS monitoring, alerting, and orchestration
• Supports mixed Linux/Windows, Azure and AWS environments

StorageOS

Value Proposition

StorageOS is a software-defined, cloud-native storage platform for running containerized production applications in the cloud, on-prem and in hybrid/multi-cloud environments. Powering Kubernetes persistent storage, enterprises can run any services and stateful applications on any infrastructure. It scales with application demand, delivering market-leading performance, high availability, data security, and business continuity.

Key Differentiators

• StorageOS aggregates storage across all nodes in a cluster into a pool
• Allows volumes to be provisioned from the pool and for containers to mount those volumes from anywhere in the cluster
• Transparently redirects reads and writes to the appropriate volume, so the container is unaware of whether it is accessing local storage or remote storage
• Volumes are thin provisioned to avoid consuming disk space unnecessarily
• Labels can be passed to StorageOS via PersistentVolumeClaims (PVCs) or applied to volumes using the StorageOS CLI or GUI
• Ensures high availability and rapid recovery for critical applications wherever they are running
• Run applications faster than other storage solutions, with low latency for stateful applications

Vcinity Ultimate X

Value Proposition

Vcinity’s Ultimate X (ULT X) family of products provides a horizontal technology that enables applications and data to perform over any WAN as they do over the LAN, eliminating distance or latency. In addition to the ability to reach and execute on data directly over long distances, the technology also provides the fast migration of data for BC/DR workloads. Whether acting on data directly, or moving it in the more traditional sense, ULT X achieves this without the use of any compression or de-duplication.

Key Differentiators

• Executes applications on-prem, in another cloud region, or in a completely different cloud
• Expedites backup directly to an off-site location with the option to eliminate requirements for an on-premises copy
• Ensures real-time access to data at a remote site
• Recovered applications immediately work on remote backed up data with the same performance and user experience; RTO is near zero
• Instant LAN performance when working with remote data

Read next: Top Disaster Recovery-as-a-Service Solutions

The post Top Business Continuity Software for 2021 appeared first on CIO Insight.

top

Are Your Containers Secure?

Posted in: application containers, Blogs, container, container security, Docker container virtualization, Docker Kubernetes, Security - Aug 16, 2021

Container technology adoption has experienced a rapid upward surge over the past few years. But now that it has gained a serious foothold in the enterprise, questions are beginning to arise about container security.

Perhaps the fundamental question is, just how secure are containers?

Read more: How a Cybersecurity Incident Hurts Your Brand

Stop Assuming You’re Protected

Most seem to think containers are secure; that they somehow contain magical powers when it comes to malware protection. But Dan Walsh, a Senior Engineer at Red Hat, says IT managers need to stop assuming that Docker and the Linux kernel protect you from malware.

Unfortunately, few appear to have heeded that warning. The 2021 Cloud Native Security Survey by Aqua Security found only 3% of respondents recognized that a container, in and of itself, was not a security boundary. Only 24% of respondents had plans in place to deploy the necessary building blocks for runtime security.

The default security capabilities of containers are overestimated.

And despite reports showing the increased sophistication of cloud-native attacks, only 18% of respondents realized they are at risk for zero-days in containerized environments. This indicates that the default security capabilities of containers are overestimated by many.

“When practitioners fail to implement a holistic approach with protecting their workloads at runtime, they are opening up their environments to attackers, since even the most complete ‘shift left’ vulnerability and malware detection cannot prevent zero-day attacks and administrator errors,” said Amir Jerbi, cofounder and CTO at Aqua.

Containers Are Not a Strong Security Boundary

Part of the confusion on container security may be due to the concept of what constitutes a security boundary. “A security boundary provides a logical separation between the code and data of security domains with different levels of trust,” according to Microsoft. “For example, the separation between kernel mode and user mode is a classic and straightforward security boundary.”

Red Hat believes that while containers provide some access restrictions, they cannot be considered a strong security boundary. Cybercriminals can negotiate their way around these restrictions.

Read more: How to Create a Disaster Recovery Plan

What many in IT fail to realize is the various container runtime security layers don’t overlap precisely. Some gaps remain, which make it relatively straightforward to bypass container isolation.

Differences between popular container environments such as Docker and Kubernetes can also confuse IT. A safeguard may be available on one platform, but disabled by default in another. Thus, there is no room for complacency when it comes to container security.

According to Aqua, attackers have become proficient in hiding their methods and evading techniques such as static scanning as container-based environments have become more prevalent and more dangerous. Aqua numbers show honeypots being attacked 17,358 times over a 6-month period, a 26% increase compared to the previous six months.

Supplement Container Security With DiD

Aqua recommends the implementation of holistic cloud-native security — including runtime protection — to protect against attackers who evade detection and have access to a production environment.

“Holistic cloud-native security is not just about runtime security or any other one focus area, it is about ensuring the entire application lifecycle is covered, from the build to the infrastructure and the workloads,” said Jerbi.

Containers offer some security protections, as do firewalls. But no one is foolish enough to rely on a firewall.

Like everything else in security, the sensible approach is defense in depth (DiD). Containers do offer some security protections, as do firewalls. But no one in IT is foolish enough to rely solely on a firewall. Nor should they be naïve enough to trust everything to the built-in security features of containers.

Just as everyone had to learn that the security provided by cloud providers was not foolproof, so people are learning to supplement container security with a standard DiD approach to comprehensive security.

Read next: How to Handle Security Incidents and Data Breaches

The post Are Your Containers Secure? appeared first on CIO Insight.

top

How to Develop a Data-Literate Workforce

Posted in: Business Intelligence - Aug 16, 2021

These three fundamental approaches will guide you as you implement data literacy across your enterprise.top