ArticlesC2 Winter 2021Data To bring strategy back into your security, turn to chess by Ramsés Gallego December 6, 2021 written by Ramsés Gallego In a game of chess, skilled players need to think in two ways at once. Tactically, they need to be able to respond to the immediate situation on the board, countering threats and finding ways of putting pressure on their opponent. Strategically, they need to see into the future and understand how their moves might open up vulnerabilities that their opponent can exploit later down the line, and make sure they have a plan in place to respond. In short, it’s as much about avoiding unintended outcomes as it is about achieving intended ones – and learning to see the board in this way doesn’t happen overnight. Over the last year, we’ve all been through a wave of rapid digital transformation which, for good reasons, has been more tactical than strategic. The pandemic created an existential threat to businesses that demanded immediate solutions. The need for flexible remote working led to a massive rollout of new devices and new permissions to access data. New applications were spun up to ensure continuity of business process and service for customers. More tools and more cloud capacity were added to organisations’ IT infrastructures to keep up with the demand. As the world starts to reopen this year, we’ll all have to take a fresh strategic look at our technology and find ways to solidify the benefits of this digitalization while mitigating the risks. Through it all, risk assessment has taken a back seat to keeping the lights on – but perhaps more importantly, all of these additional devices, applications, users, and data mean that businesses have a bigger attack surface than ever. There is now, in effect, a bigger board to play on, with more pieces moving on it in more complex ways. This all raises the risk of unforced errors as well as offering an opportunity to malicious actors: while every other sector has been knocked back by the pandemic, cybercriminals have always worked remotely, and they haven’t missed a day. Play your best moves with a helping hand These are still difficult times for businesses, and no organisation has the luxury of pausing operations in order to identify and fix potential problems in their IT infrastructure. The good news is that, with the right partner, they don’t have to stop and take stock. The strategic approach to digital transformation is to run and transform the business at the same time, bridging existing and emerging technologies while mitigating the risks that digitalization can create. Remote working, for example, isn’t just about handing out devices: it’s about giving staff secure access to systems they need, over the open internet. By now everyone is well-practiced with usernames, passwords, and multi-factor authentication – but what happens after access is granted to a system? Once data can be accessed from anywhere, a situation is created where a single breach might be enough to compromise large swathes of a business’s valuable data. A salesperson, for instance, might legitimately log in with a mobile device, not realizing that their device is compromised and can then be used by a malicious actor to find financial and personally identifiable information. Rather than building walls within the system, investing in a difficult process of siloing information and locking down identity privileges, the strategic move might be to implement a User and Entity Behaviour Analytics (UEBA) tool powered by unsupervised machine learning. These AI tools have the capacity to monitor all system activity in real-time, identifying anomalies and responding to risk. When our salesperson logs in with a compromised device, UEBA knows that they are unlikely to head to the human resources data to download employee addresses – and so it prevents it. This is context-aware computing: security that works with how employees work, rather than putting up barriers to productivity. We can also see the importance of the human angle in development teams. It’s tempting to think that the opposite of security is insecurity – leaving bugs unfixed, data unencrypted – but in truth it is complacency, assuming that nothing will go wrong. This is why software development demands vigilance, especially now, when many workers have been away from the office for nearly a year and team cultures of peer support are fading. At the same time, developers have been under more pressure than ever, working to build ways of keeping customers going without face-to-face interaction. We can build up DevSecOps processes that center on security and introduce tools like Runtime Application Self-Protection (RASP) which automate the detection and prevention of threats at the application layer, where the most severe data breaches often occur. The strategic move, however, might be to also see this as the culture challenge that it is, including HR in the response process and calling on business leaders to stimulate a sense of teamwork. Those understandable issues of staff complacency can also contribute to data security problems: mistakes like mis-delivery of emails and misconfiguration of cloud accounts caused 22% of breaches in 2019, and the last year has seen a huge growth in cloud usage. This form of risk is also heightened by the realities of remote, digital working. Staff need to share data, and if the officially-sanctioned tool for doing that presents a problem, they may turn to solutions like Dropbox, WeTransfer, or personal iCloud accounts, removing that data from security oversight in the process. Likewise, staff need to access data day after day and may save down copies in multiple places to avoid passing through security checks every time. All of this creates a growing mass of shadow data: potentially sensitive or valuable information which lives on the fringes of IT systems, inside the organisation but outside of its data policies – and you cannot, ultimately, protect data if you’re unaware it exists. While continued digital transformation might reduce the attractiveness of non-sanctioned data practices, the strategic move might be to also put data discovery tools in place, automatically shining a light on shadow data and bringing it back under the influence of your security strategy. Checkmate in three Your business is the King you must protect. In chess, finding your King in check means that the only move possible is to eliminate the danger, and in business, any threat to continuity needs to be answered immediately. The best strategy, however, is often to avoid check in the first place – and here, security is the Queen that keeps your business safe. December 6, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021DataData Security Getting Started with Data-centric Security by Dan Simmons December 6, 2021 by Dan Simmons December 6, 2021 With a proliferation of cyber-attacks throughout the pandemic, data-centric security has been pushed to the forefront of many organizations’ cybersecurity strategy. Even companies with mature security programs are vulnerable to breach, and since data is a valuable asset, it is crucial to properly protect it. The importance of securing … 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021CloudDataData StorageEdge-to-CloudHPE GreenLake HPE GreenLake edge-to-cloud platform brings the cloud to you by Flynn Maloy December 6, 2021 by Flynn Maloy December 6, 2021 After years of working in cloud environments, we’ve come to expect some basics that we collectively refer to as the “cloud experience.” For example, scalable capacity that’s ready when you need it, and the ability to easily click and spin up new instances. In short, we expect a point-and-click … 0 FacebookTwitterPinterestEmail
AIAI-driven infrastructureArticlesArtificial IntelligenceC2 Winter 2021DataData Security Democratization of AI in the Enterprise by Frederic Van Haren December 6, 2021 by Frederic Van Haren December 6, 2021 The democratization of Artificial Intelligence (AI) makes it easier for organizations to transform their business with AI. It wasn’t that long ago that applying AI to transform a business required a lot of technical expertise and hiring resources from a scarce talent pool. Let alone the expensive infrastructure to … 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021DataData SecurityData Storage Getting the most from your data-driven transformation: 10 key principles by Hewlett Packard Enterprise December 6, 2021 by Hewlett Packard Enterprise December 6, 2021 Best practices like determining what makes data valuable and creating company cultures that promote data sharing will enable businesses to embrace data in the modern enterprise. 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021DataData Security How to Safeguard Your Data & Applications from Ransomware by Cohesity December 6, 2021 by Cohesity December 6, 2021 It’s ugly out there. Each week, we all see the news reports about more and more companies and organizations falling victim to ransomware and the trend is accelerating. No doubt, you or your colleagues work in or are aware of organizations that have been hit by ransomware over the … 1 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021CloudData The Year in Review Around the Storage Block by Calvin Zito December 6, 2021 by Calvin Zito December 6, 2021 Wow, what happened to 2021! You’d think all the time spent at home over the last 20 months would mean 2021 would crawl by but that’s not the case. I’m particularly reflective as I write this article because today I’m also celebrating my 38th work anniversary with HPE. The … 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2020CybersecurityDataFBI A Cybersecurity Sit-Down with Former FBI Computer Scientist James Morrison by Shannon Gillenwater September 21, 2021 by Shannon Gillenwater September 21, 2021 $10.5 trillion…with a ‘T’. That’s roughly a 75% increase from the $6 trillion that cyber criminals and hacker organizations are already costing us in 2021. Hence why cybersecurity, unpleasant a topic of conversation as it may be, needs to be discussed and dealt with in every boardroom across the … 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021DataData SolutionsSecurity Payments Apps and Database Security. It’s Business as Usual. Until it’s Not. by Steve Tcherchian September 21, 2021 by Steve Tcherchian September 21, 2021 CashApp, Zelle, Venmo, ApplePay, Square – the payments industry is growing and expanding into areas we hadn’t imagined. Everyone relied on it before the pandemic – now it’s critical infrastructure and embedded into our everyday habits. 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2021DataZero Trust Security Mapping HPE’s Zero Trust Efforts To The Current Cyber Threat Landscape by Matt Kimball September 21, 2021 by Matt Kimball September 21, 2021 The latest ransomware attack on the market was a doozy. Just a few weeks ago, the Russian hacking group known as REvil attacked MSPs (Managed Service Providers) that utilize Kesaya’s VSA software, holding them hostage for a total ransom of $70M. The cyberattack affected 800 and 1,500 organizations, disrupting … 0 FacebookTwitterPinterestEmail