News
TDWI Checklist Report | Building Resilient Supply Chains with Multidomain MDM
Posted in: Master Data Management - Jun 08, 2021This checklist offers six key steps for developing a multidomain MDM strategy to improve supply chain resilience.top
Five Steps to Increase Business Insight Velocity
Posted in: Business Intelligence - Jun 07, 2021Speed is not a vanity metric when it comes to business intelligence because data is only as valuable as it is fresh, accurate, and actionable.top
Cloud Computing Thinks Small (and Medium Sized Business)
Posted in: cloud, Cloud Virtualization, Innovation, IT Management, SMB - Jun 05, 2021Cloud computing, the offloading of company data functions to offsite cloud providers, has been hailed as the tool that’s enabled the decentralization of business during the COVID economy. It’s also become utterly mainstream in business, with Cisco reporting that 92 percent of data workloads were handled in 2020 by cloud computing. The same report also showed that the United States led the globe in cloud computing workloads.
How can cloud computing benefit small- to medium-sized business?
If you’re a small- to medium-sized business, you may be wondering how you make the transition to local data operations to the cloud. Is it right for your business? For an increasing number of growing companies, the answer is yes. They’re finding Software as a service (SaaS), data storage solutions, cloud-based security, ERP, customer service, and more can be migrated to the cloud quickly and affordably. As the pace of business continues to quicken, many small businesses are finding that cloud computing offers unprecedented flexibility and efficiencies of scale that can help them achieve their growth goals, for less.
Procoders-Ukraine CEO Oleg Kopachovets works extensively with cloud-based services in his work for overseas clients.
“I often tell clients that using cloud services is a lot like the cost-shifting benefits you get from hiring an IT consulting firm. You shift the cost of your data center, or the software, or the service, or whatever you’re buying from the cloud from being a hard internal cost to a regular, monthly fee.”
“This can be a really wonderful thing for a small to medium sized business,” Kopachovets adds. “You don’t have to worry about the cost of upgrading equipment, or costly updates that create work slowdowns for your staff. There’s a reason why we’ve reached a tipping point for companies migrating their business to the cloud. It’s just good business.”
Advantages of cloud computing in the SMB setting
Lowered equipment costs
What’s cheaper? Purchasing racks of servers or simply paying one monthly subscription fee to put it all in the cloud? For most companies, that’s not hard math. When compared with the cost of handling all IT functions on site, cloud computing nearly always saves a company money. In fact, KPMG reports that most companies they surveyed were saving between 30 to 40 percent as a result of migrating to the cloud.
Less money spent on maintenance
When you offload to the cloud, you offload not just equipment costs, but the costs of employees to run and maintain that equipment. You also reduce the need for the square footage to house, cool and maintain your equipment, too.
Less money spent on software
Software-as-a-Service has become so common most companies aren’t bothering with purchasing user-by-user software packages anymore. When you purchase software (SaaS) services through the cloud, you also offload the service around those programs, and never have to worry about complicated system wide updates. All that is handled for you, automatically.
Improved security and disaster recovery
According to a latest survey by Sophos, the average ransomware attack can cost a company up to $2 million. Despite this liability, the majority (54 percent) of the IT security experts surveyed said their companies didn’t have the inhouse expertise to deal with this kind of high-level security risk.
Offload your data storage and software operations to the cloud reduces your exposure to hackers significantly. After all, it’s a lot harder to hack Amazon or Google than it is an individual company. And when floods, or power outages or wildfires threaten your business, you can rest easy knowing that your cloud-based business can still work, decentralized from your data center. Why not take advantage of the resources the big players can offer your small business?
Unlimited scalability
Perhaps one of the biggest things small businesses struggle with is how to scale up their operations quickly. Making equipment purchases, housing equipment and paying people to keep internal functions running can get expensive quick. Cloud computing eliminates that problem completely, allowing you to purchase what you need, and only what you need, for a simple flat fee. And if you pivot your business plan, no worries. You can drop whatever services you’re using and move onto the next one.
Planning your migration
Whether you are integrating software as a service, platform as a service, infrastructure as a service or security as a service, the decision to invest in cloud computing may have to do with the cost of making the migration.
“When you’re bringing in cloud computing, the first consideration a business must take is an inventory of all the applications they use—everything that a CEO uses to the time keeping software the receptionist might be using,” said Sitima Fowler, partner at national IT services firm Iconic IT.
“Migration is a process.”
“Then an evaluation should be done to determine whether these applications can run in the cloud optimally. Chances are, not everything can be move to the cloud at once. It’s a journey and we generally to do it one by one, starting with the main line of business software and email. After that we implement a central identity management system to authenticate every user. We give them access to only to the applications they need to get their job done, optimizing the process for how users work and their respective security levels. Migration is a process.”
Listen up: To dive deeper into trends surrounding cloud computing hear what other IT leaders are doing in the cloud in 2021 with this recent Datamation podcast.
The post Cloud Computing Thinks Small (and Medium Sized Business) appeared first on CIO Insight.
topYou Really Can’t Do Enough Security Training
Posted in: Security, training - Jun 04, 2021When it comes to security training in the era of near-daily phishing and ransomware attacks, can your company ever be over-prepared?
Solution spending grows, but investment in people must as well.
Organizations spend a huge amount on security these days. Some large banks, for example, are now allocating as much as a billion dollars annually on cybersecurity – and two thirds of finance executives expect cybersecurity budgets to keep rising. The economics behind it are simple. Cybercrime is costs more than $3 trillion a year and that amount is expected to double in 2021. But much of this money goes on technology and implementation.
Not nearly enough is directed toward the people and process side. Security training in particular is an area in need of improvement according to a new report by Computer Economics on Security Training Adoption and Best Practices 2021.
Security training certainly needs to improve how it accomplishes the in-depth and continuing training of IT personnel. It isn’t enough to train and update IT security staff. All of IT, and very definitely including developers, must become well-versed in security threats and technologies.
But perhaps the biggest weakness is how organizations address the issue of ensuring that all personnel become well-trained in security. In an era of phishing and ransomware, you really can’t do enough security training of general personnel.
Policy education alone is not enough.
In some companies, the security training given to staff only goes as far as insisting all users sign off on reading organizational security policies and procedures. But how much of it are they likely to retain? It is one thing to devise robust security policies and another thing to have them applied. Policy is of little value if IT personnel and users violate them or fail to be diligent in their application.
The Computer Economics report emphasizes that sound security policies must be supported by formal and consistent training of staff. They must become knowledgeable on the various threats they face, how to respond, and how to avoid being fooled by the latest phishing or social engineering ruse. They must understand that short cuts that circumvent security policies invite danger.
Recent ransomware scares have emphasized the need for heightened security. But Computer Economics surveys reveal that too few organizations consistently and formally conduct security training. What this means, in effect, is that many organizations may have implemented some form of security training. But it is often doing it in a haphazard or hit-and-miss fashion. The report calls for organizations to evaluate existing training programs to determine where they can be improved. By raising the quality and comprehensiveness of security training initiatives, the number of breaches and attacks can be decreased.
Security training strengthens the human firewall.
Security training can help establish what might be considered a human firewall i.e. every employee is sufficiently clued in that they are actively on the alert for attacks, know when they face suspicious traffic, and apply peer pressure to knock out any sloppy security behavior they see around them. They realize that one inattentive person is all it takes to open the door to online predators.
The face that the Computer Economics survey found that 86% of companies performing security training in 2020 stands in sharp counterpoint to the alarming rise in the number of security breaches of late. It takes more than technology to thwart cybercriminals and it is this human factor that must be addressed more forcefully via training.
It isn’t hard to train personnel into a greater awareness of the threats they face. Read them in on the various forms of phishing and the other insidious practices employed by cybercriminals. And keep reading them in until IT no longer has to put out phishing fires on a regular basis. Companies such as Living Security and KnowBe4 offer programs that can set organizations on the road to heightened security via the building of a human firewall.
Next-generation firewalls not withstanding, the weakest point in your security infrastructure is invariably going to be your people. While your company may conduct a fire drill every year, a data breach is a much more likely scenario than a four-alarm blaze. Which is why frequent security training needs to be a frequent enterprise-wide undertaking.
The post You Really Can’t Do Enough Security Training appeared first on CIO Insight.
topAre Air Gapped Networks Secure?
Posted in: air gap, air gapped, air gapped network, air-gapped systems, colonial pipeline hack, cybersecurity, Infrastructure, IT Management, malware, network audit, network infrastructure, network security, Security, security breach, Stuxnet, Stuxnet worm - Jun 04, 2021Ours is a deeply interwoven and breachable world, which often means trouble for enterprise security. According to IBM’s 2020 Cost of a Data Breach Report, the average cyberattack costs a business $3.86 million, and the United States’ average cost per breach has reached $8.6 million. There is some good news though: businesses that are investing in better network security infrastructure and policies, such as incident response and security automation, are saving anywhere from $2 million to $3.58 million when a breach does occur. Although it won’t work for every business model, air gapped networks can provide one of the highest levels of security to enterprise infrastructure when they are managed closely, stopping many potential breaches in their tracks.
Readers also Read: End-to-End Encryption: Important Pros and Cons
Taking a Look at Air Gapped Networks
- What is an Air Gapped Network?
- How Do You Air Gap a Computer?
- How Secure are Air Gapped Networks?
- Why Air Gapped Networks are Important
What is an Air Gapped Network?
An air gapped network is a network that has been separated from other public and private networks with an effective “gap of air.” This means that the air gapped network is disconnected from the public internet, external email, and any other ways of directly communicating from one network to another.
Consider this visual: if two mountains are separated by a valley, the only way to make it to the other mountain is via a direct path or form of transportation, which could be anything from a bridge to a helicopter that will fly you over there. The bridges and helicopters in this scenario exemplify the external network connections, like public network access and email messages, that make it easier for hackers to latch onto and gain access to a private network.
But let’s say that these two mountains are in a highly isolated part of the world and there’s no form of transportation or other access to cross between the mountains. The valley between them is a gap of air, one that few travelers will want to take the time and risk to traverse. In the same way, adding a gap of air between your private network and other public networks wards off most attacks because the attack vector has been complicated through isolation.
Data movement in an air gapped network can only happen via external, non-network means: removable hardware or media like a USB drive can be used to transfer information in and out of an air-gapped network, and transient devices like laptops can be authorized to connect to the air gapped network, though with very specific permissions. Think of these as hidden paths or special access transportation that only authorized travelers can use to access your air gapped network. But these require a human with physical access to both machines, along with proper authentication credentials.
More on Enterprise Networks: Understanding VPNs: The Pros and Cons of IPSec and SSL
How Do You Air Gap a Computer?
Air gapped computers closely resemble air gapped networks, but they’re more focused on the device and personal use levels. The idea is to disconnect the individual device from any outside networks or information, and it can be used for reasons ranging from increased personal privacy to improved performance of non-network applications.
In order to air gap a computer, you’ll need to completely disconnect it from everything else. That means disabling WiFi and Bluetooth, disconnecting from the ethernet cable, and double checking that no other forms of communication or data transference are available. Air gapping a computer involves disconnecting cables and disabling all network hardware.
How to Stay Secure When You Can’t Air Gap: VPN vs. SDP vs. ZTNA: Who Won 2020?
How Secure are Air Gapped Networks?
Air gapped networks theoretically make up one of the highest forms of network security, because the increased levels of isolation make it difficult for information to be accidentally or purposely moved to and from that network. Most hackers only have the skill level or patience to perform a network-level attack from a distance, but air gapping almost necessitates that they gain direct in-person access to a network device. They cannot simply hop over from another network or get logins through phishing communications, so most malicious actors will stop before they ever breach your network.
However, there are valid and proven concerns about the actual physical security of air gapped networks, namely the transient devices that are allowed to connect to it. Who’s to say what happens to a USB drive or laptop before, during, and after its time connected to an air gapped network? What if an authorized user accidentally or purposely uses this hardware to carry information (or malware) to and from the network? The Stuxnet worm case from 2010 is a strong example of how network hardware can cause damage, as that particular strain of malware spread to Iranian industrial and nuclear plants via USB drives.
Network Policies to Secure Air Gapped Networks
Ultimately, air gapped networks are only as secure as your networking and security policies are willing and able to make them. They can be nearly foolproof if strict network policies are put in place and constantly overseen by network administrators. Consistent monitoring should especially be applied to removable media, transient devices like laptops and computers, modems, and VPNs.
Here are just a few steps that your network administrators should take to make their air gapped networks as secure as possible:
- Enforce strict policies about where air gapped network hardware can physically go, who can use it outside of designated physical areas, and how it can be used. It’s a good idea to limit these devices to upper-level management, power users, and anyone else who absolutely needs that level of access.
- Invest in strong network monitoring practices and tools so that you can immediately catch users and devices if they overstep in data access and sharing privileges.
- Develop a detailed network audit checklist that can help you to set and enforce policies for both devices and users on the network.
Why Air Gapped Networks are Important
Although there are some doubts about how effective air gapped networks currently are and how effective they’ll be as the growth of AI and IoT devices necessitates always-on communication between private and public networks, there are still many security and workflow advantages to be found in an air gapped network:
- Air gapped networks increase isolation and secrecy, thus increasing security in high risk scenarios and industries (i.e. government, military, etc.).
- You can easily protect and separate your highly secure programs that don’t need constant network access.
- Remote hacking is nearly impossible; you have to be onsite, which makes it more difficult for hackers to gain access.
- Payment and control systems can be kept separate from the rest of the public or private network(s) that your business uses.
In a world where security breaches are costing businesses millions of dollars every year and major security breaches hit the news on an almost weekly basis, air gapping your network is one of many choices you have to protect your data and users from a growing number of malicious actors.
Security Measures that Can Prevent Cyber Attacks: What Lessons Can CIOs Learn from the Colonial Pipeline Hack?
The post Are Air Gapped Networks Secure? appeared first on CIO Insight.
topDaman News and Events
This showcases our company news and upcoming events. Please check back as this page will change frequently.