|By David Canellos||
|February 7, 2014 08:45 AM EST||
A newly released report from McKinsey & Company, Risk and Responsibility in a Hyperconnected World: Implications for Enterprises, highlights the findings of a year's worth of McKinsey research conducted in partnership with the World Economic Forum. Based on the interviews with over 200 enterprises and organizations the findings highlight the importance of protecting online proprietary data and information and puts forth 7 ideas for how to protect the enterprise.
The report first observes that with the rise of new and novel ways to access information via mobile devices, data security risks have dramatically increased. Despite the billions of dollars spent to secure data, cybercriminals have proven themselves to be a highly adaptable, sophisticated, well-funded crew, equipped to take advantage of any weaknesses in an enterprise's security technology. Recent examples of large breaches at Target and Adobe could potentially really just be the tip of the iceberg.
As I mentioned, the research sets forth seven practices for executives tasked with battling cybercriminals; here is the list with a few observations on each:
1. Prioritize information assets based on business risks.
At PerspecSys, we've long championed this idea as an important part of any cloud security strategy. It enables a smooth, risk-based strategy for protecting the corporation and helps prioritize IT activities on the most impactful security technologies/processes. It is amazing how quickly things can happen when risks are well understood (see #6 below). Which leads directly to the next tenet...
2. Provide differentiated protection based on importance of assets.
This is especially relevant when choosing where and how enterprises select their cloud computing environment (public, private or hybrid cloud) and what obfuscation technologies to deploy (tokenization, encryption, location and ownership of keys, etc.).
3. Deeply integrate security into the technology environment to drive scalability.
This strategy helps better protect assets while staying a step ahead of both cybercriminals and competition. And as I stated in my predictions of what we'll see this year, the solutions that pull ahead in the marketplace will provide strong security, leverage existing data center investments and scale without disrupting usability of the cloud.
4. Deploy active defenses to uncover attacks proactively.
No organization can afford to wait for evidence of attacks. Technologies and processes should be in place to preemptively search out and stop any vulnerability. For example, an enterprise can proactively keep its most sensitive assets out of the cloud without adversely impacting their end user's cloud experience, by using a product such as ours.
5. Test continuously to improve incident response.
Testing is a key part of cybersecurity and we've seen with recent attacks that response matters - led by the IT department, but including all major departments. Solutions like those from Co3 Systems can help an organization be prepared if and when the time comes.
6. Enlist frontline personnel to help them understand the value of information assets.
The end users often feel the impact of cybersecurity choices the most and need to be up to speed on what is at stake with certain data assets - especially important with the rise of mobility and BYOD in the workplace.
7. Integrate cyber-resistance into enterprise-wide risk-management and governance processes.
Cybersecurity is clearly not just an IT department issue, but a decision and process that should involve multiple teams within the enterprise.
There was some disagreement in the survey about the issue of cybersecurity regulations and there was also some division by industry (which makes sense given the disparity in regulations already in place by industry sector). We believe regulation will continue to grow and be increasingly complex, making full awareness and compliance with any and all applicable industry regulations a must by security solution providers - whether PCI DSS, HIPAA or others.
Finally, we agree that this is a C-Suite and boardroom issue - the viability of institutions depend on proactively removing enterprise risk and threat.
I strongly recommend you download and read the full report. I look forward to future updates from McKinsey and the World Economic Forum.
PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit www.perspecsys.com or follow on Twitter @perspecsys
In his session at DevOps Summit, Bryan Cantrill, CTO at Joyent, will demonstrate a third path: containers on multi-tenant bare metal that maximizes performance, security, and networking connectivity.
Oct. 9, 2015 01:00 AM EDT Reads: 125
JFrog has announced a powerful technology for managing software packages from development into production. JFrog Artifactory 4 represents disruptive innovation in its groundbreaking ability to help development and DevOps teams deliver increasingly complex solutions on ever-shorter deadlines across multiple platforms JFrog Artifactory 4 establishes a new category – the Universal Artifact Repository – that reflects JFrog's unique commitment to enable faster software releases through the first platform-agnostic approach to storing and sharing binary artifacts.
Oct. 9, 2015 12:30 AM EDT Reads: 628
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction. The problem is there are a lot of moving parts in these designs; this makes assuring performance co...
Oct. 9, 2015 12:00 AM EDT Reads: 188
IT data is typically silo'd by the various tools in place. Unifying all the log, metric and event data in one analytics platform stops finger pointing and provides the end-to-end correlation. Logs, metrics and custom event data can be joined to tell the holistic story of your software and operations. For example, users can correlate code deploys to system performance to application error codes.
Oct. 9, 2015 12:00 AM EDT Reads: 212
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how business and development users can collaborate – each using tools appropriate to their expertise – to buil...
Oct. 8, 2015 10:45 PM EDT Reads: 276
Chris Van Tuin, Chief Technologist for the Western US at Red Hat, has over 20 years of experience in IT and Software. Since joining Red Hat in 2005, he has been architecting solutions for strategic customers and partners with a focus on emerging technologies including IaaS, PaaS, and DevOps. He started his career at Intel in IT and Managed Hosting followed by leadership roles in services and sales engineering at Loudcloud and Linux startups.
Oct. 8, 2015 10:30 PM EDT Reads: 188
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
Oct. 8, 2015 10:00 PM EDT Reads: 588
The last decade was about virtual machines, but the next one is about containers. Containers enable a service to run on any host at any time. Traditional tools are starting to show cracks because they were not designed for this level of application portability. Now is the time to look at new ways to deploy and manage applications at scale. In his session at @DevOpsSummit, Brian “Redbeard” Harrington, a principal architect at CoreOS, will examine how CoreOS helps teams run in production. Attendees will understand how different components work together to solve the problems to manage applicatio...
Oct. 8, 2015 09:45 PM EDT Reads: 1,249
The APN DevOps Competency highlights APN Partners who demonstrate deep capabilities delivering continuous integration, continuous delivery, and configuration management. They help customers transform their business to be more efficient and agile by leveraging the AWS platform and DevOps principles.
Oct. 8, 2015 09:30 PM EDT Reads: 233
Containers are revolutionizing the way we deploy and maintain our infrastructures, but monitoring and troubleshooting in a containerized environment can still be painful and impractical. Understanding even basic resource usage is difficult - let alone tracking network connections or malicious activity. In his session at DevOps Summit, Gianluca Borello, Sr. Software Engineer at Sysdig, will cover the current state of the art for container monitoring and visibility, including pros / cons and live demonstrations of each method. Special emphasis will be put on sysdig, an open source troubleshoo...
Oct. 8, 2015 09:30 PM EDT Reads: 207
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Oct. 8, 2015 09:15 PM EDT Reads: 220
Manufacturing has widely adopted standardized and automated processes to create designs, build them, and maintain them through their life cycle. However, many modern manufacturing systems go beyond mechanized workflows to introduce empowered workers, flexible collaboration, and rapid iteration. Such behaviors also characterize open source software development and are at the heart of DevOps culture, processes, and tooling.
Oct. 8, 2015 09:00 PM EDT Reads: 1,091
DevOps is gaining traction in the federal government – and for good reasons. Heightened user expectations are pushing IT organizations to accelerate application development and support more innovation. At the same time, budgetary constraints require that agencies find ways to decrease the cost of developing, maintaining, and running applications. IT now faces a daunting task: do more and react faster than ever before – all with fewer resources.
Oct. 8, 2015 06:00 PM EDT Reads: 379
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approach. NoOps enables developers to deploy, manage, and scale their own code, creating an infrastructure...
Oct. 8, 2015 06:00 PM EDT Reads: 138
In their session at DevOps Summit, Asaf Yigal, co-founder and the VP of Product at Logz.io, and Tomer Levy, co-founder and CEO of Logz.io, will explore the entire process that they have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. They will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the architecture accomplishes these requirements. Lastly, they will review the gory details of the technolo...
Oct. 8, 2015 05:00 PM EDT Reads: 399
DevOps has often been described in terms of CAMS: Culture, Automation, Measuring, Sharing. While we’ve seen a lot of focus on the “A” and even on the “M”, there are very few examples of why the “C" is equally important in the DevOps equation. In her session at @DevOps Summit, Lori MacVittie, of F5 Networks, will explore HTTP/1 and HTTP/2 along with Microservices to illustrate why a collaborative culture between Dev, Ops, and the Network is critical to ensuring success.
Oct. 8, 2015 04:45 PM EDT Reads: 129
Saviynt Inc. has announced the availability of the next release of Saviynt for AWS. The comprehensive security and compliance solution provides a Command-and-Control center to gain visibility into risks in AWS, enforce real-time protection of critical workloads as well as data and automate access life-cycle governance. The solution enables AWS customers to meet their compliance mandates such as ITAR, SOX, PCI, etc. by including an extensive risk and controls library to detect known threats and behavior and usage analytics to identify unknown risks.
Oct. 8, 2015 03:00 PM EDT Reads: 209
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud without worrying about any lock-in fears. In fact by having standard APIs for IaaS would help PaaS expl...
Oct. 8, 2015 02:30 PM EDT Reads: 652
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Oct. 8, 2015 02:00 PM EDT Reads: 337
For almost two decades, businesses have discovered great opportunities to engage with customers and even expand revenue through digital systems, including web and mobile applications. Yet, even now, the conversation between the business and the technologists that deliver these systems is strained, in large part due to misaligned objectives. In his session at DevOps Summit, James Urquhart, Senior Vice President of Performance Analytics at SOASTA, Inc., will discuss how measuring user outcomes – including how the performance, flow and content of your digital systems affects those outcomes – ca...
Oct. 8, 2015 12:00 PM EDT Reads: 436
As a company adopts a DevOps approach to software development, what are key things that both the Dev and Ops side of the business must keep in mind to ensure effective continuous delivery? In his session at DevOps Summit, Mark Hydar, Head of DevOps, Ericsson TV Platforms, will share best practices and provide helpful tips for Ops teams to adopt an open line of communication with the development side of the house to ensure success between the two sides.
Oct. 8, 2015 12:00 PM EDT Reads: 576
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
Oct. 8, 2015 11:00 AM EDT Reads: 728
Clutch is now a Docker Authorized Consulting Partner, having completed Docker's certification course on the "Docker Accelerator for CI Engagements." More info about Clutch's success implementing Docker can be found here. Docker is an open platform for developers and system administrators to build, ship and run distributed applications. With Docker, IT organizations shrink application delivery from months to minutes, frictionlessly move workloads between data centers and the cloud and achieve 20x greater efficiency in their use of computing resources. Inspired by an active community and trans...
Oct. 8, 2015 10:45 AM EDT Reads: 493
Enterprises can achieve rigorous IT security as well as improved DevOps practices and Cloud economics by taking a new, cloud-native approach to application delivery. Because the attack surface for cloud applications is dramatically different than for highly controlled data centers, a disciplined and multi-layered approach that spans all of your processes, staff, vendors and technologies is required. This may sound expensive and time consuming to achieve as you plan how to move selected applications to the cloud, but smart organizations are actually reporting an improved security posture, accel...
Oct. 8, 2015 05:00 AM EDT Reads: 694
The modern software development landscape consists of best practices and tools that allow teams to deliver software in a near-continuous manner. By adopting a culture of automation, measurement and sharing, the time to ship code has been greatly reduced, allowing for shorter release cycles and quicker feedback from customers and users. Still, with all of these tools and methods, how can teams stay on top of what is taking place across their infrastructure and codebase? Hopping between services and command line interfaces creates context-switching that slows productivity, efficiency, and may le...
Oct. 8, 2015 04:00 AM EDT Reads: 483