Many Australian enterprises are getting their cloud security strategies wrong. While they are lowering infrastructure costs and introducing efficiencies by moving to flexible multi-cloud platforms, building the right level of security throughout their agile software development lifecycles is becoming difficult.

Almost two-thirds (61 per cent) of respondents to research questions posed by Cybersecurity Insiders, on behalf of Check Point, had integrated their DevOps toolchain into cloud deployments, but are still struggling with a lack of expertise that bridges security and DevOps. Only 16 per cent have comprehensive DevSecOps environments in place.

Senior technology executives gathered for a roundtable luncheon in Sydney recently to discuss why enterprises are often getting their cloud adoption strategies wrong, particularly when it comes to securing their infrastructure, as well as challenges around cloud compliance. The conversation, ‘Cloud tales: Lessons from a cyber incident response team’ was sponsored by Check Point Software Technologies.

Checkpoint

Ashwin Ram, cyber security evangelist Office of the Chief Technology Officer at Check Point Software Technologies, says there are multiple factors at play when it comes to getting cloud strategies right.

Firstly, many organisations don’t understand or appreciate how dynamic cloud ecosystems are – a simple misconfiguration or security oversight can expose an organisation, he says.

“Cloud providers are innovating extremely rapidly and as such, it is difficult for cloud security teams to keep pace. The current cyber skills shortage is also a contributing factor as organisations struggle to find the right expertise to address the steep learning curve to bridge security and DevOps,” Ram says.

Further, he says, COVID-19 forced many organisations to rush their remote working and cloud projects in order to be more agile. This has resulted in many cloud projects being rushed through without proper assurance processes.

“Check Point’s Cloud Security Report 2022, 76 per cent of organisations have a multi-cloud strategy, which makes it difficult to implement consistent security. Organisations are struggling to implement the same security settings and policies on all clouds and ensure this is maintained to provide continuous consistency,” he says.

John Powell, principal security consultant at Telstra Purple, adds that it’s very easy to think of the cloud as reducing administration and providing more flexibility.

“But the truth is that there is a lot more to get right up front so that ‘business-as-usual’ is smooth as well as secure. The responsibility for security is shared according to what is outsourced to the cloud provider.

“This means that contractual arrangements are extremely important to make sure the boundary in the shared model is crystal clear. The need for legal expertise and even a cyber/legal mix of expertise is not often considered when moving systems and services to the cloud,” Powell says.

Meanwhile, John Boyd, group chief information officer at The Entertainment and Education Group (TEEG), says the organisation has adopted a hybrid cloud approach, which has provided the best of both worlds.

On-premise infrastructure provides stability for its venues, especially those in very remote locations. But when the business demands agility, the organisation turns to the cloud to meet these demand requirements, Boyd says.

“As for security, our team are testing at every stage of the software development lifecycle. Security is always at the forefront of our team’s mind and during application development, we adopt best practices such as educating staff, and outlining requirements clearly so [they] can focus on the most important issues,” he says.

Why cloud misconfigurations happen and what to do

The misconfiguration of cloud resources remains the most prevalent cloud vulnerability that can be exploited by criminals to access cloud data and services.

Check Point’s Ram says these misconfigurations happen because cloud teams are pushing out incredible amounts of code and building infrastructure at a rapid pace so mistakes are bound to happen.

Ram says that organisations with mature cloud security capabilities are using cloud security posture management tools to gain situation awareness of their cloud ecosystems in real time to automatically remediate misconfiguration.

“In addition to misconfiguration, organisations should also be aware of identity and access management role assumption attacks, which look to elevate privileges after initial entry. These attacks continue to be a significant concern,” he says.

Ram recommends that organisations invest in a tool that can visualise and assess cloud security posture by detecting misconfigurations, while automatically and actively enforcing gold standard policies to protect against attacks and insider threats.

Telstra’s Powell adds that exploiting the poor configuration of cloud resources is often much easier than exploiting software or hardware vulnerabilities or running a phishing campaign against privileged users.

“Misconfiguration is the most prevalent cloud vulnerability because it is often the lowest hanging fruit,” he says.

According to Powell, the configuration of cloud environments provides several technical security controls. He says that measuring technical security controls is best achieved by using technology tools.

“To this end, a cloud security assessment, with an associated tool, can be used to achieve this goal either as a once off or better still, as a regular check.”

TEEG’s Boyd says that the organisation’s resources are hosted exclusively within Azure and the team use Microsoft Cloud Service to proactively manage the security posture of the entire platform.

“Conducting regular assessments and reviewing any new recommendations help to strengthen the security configuration of our cloud resources,” he says.

Getting cloud compliance right

The ongoing technology skills shortage has made it difficult for organisations to find the right staff with skills to complete cloud-related audits and risk assessments.

Telstra’s Powell suggests that first up, organisations should “let machines do what they are good at and let people do what people are good at.’

“Technology controls can be tested and assessed with technical solutions and if this process is automated, then the compliance of the technical controls can be checked with high regularity so that any movement away from compliance is noticed and amended quickly.

“Assessing the actions of people or the flow of process is best assessed by a skilled security auditor and when human resources are scarce, they need to be used where they are most effective,” Powell says.

Secondly, if enterprises don’t have resources available internally to audit security controls or to design and build monitoring systems required to constantly test and assess these controls, then they should reach out to a partner, he says.

“It’s very difficult to retain specialised cyber security skills, so rather than continuing to train new cyber security staff, rely on the people who are already specialists and can provide that service,” he says.

TEEG’s Boyd says that compliance is an ongoing focus for his team, which is operating a business in seven regions, all with their own set of unique regulatory requirements. This requires the organisation to be aligned on its approach to compliance and execution.

“We rely on the expertise of our internal team in conjunction with key vendors that provide us with subject matter advice on risk assessment and establishment of clear policies and controls,” Boyd says.

Who is responsible with a breach occurs?

Attendees at the roundtable also discussed what enterprises need to be aware of when negotiating cloud contracts, particularly who is responsible for what when a breach does occur.

Telstra’s Powell says organisations need to make sure that the clauses of a contract with a cloud service provider defines the scope of what the provider is responsible for and what they are not.

Powell adds that this doesn’t apply only to a breach situation, but to everything that goes before a breach and the recovery from the breach.

“Be sure to include a clause of what can and can’t be tested within the cloud environment. Ask, ‘can we view the cloud service provider’s threat profile, risk assessments and risk register?’

“Most importantly, you cannot outsource accountability so don’t be too quick to believe that your risk is reduced because you are not responsible for the infrastructure that underpins your systems and services.”

Check Point’s Ram adds that most organisations will do well to understand the shared responsibility model as a first step.

“It’s important to note that the responsibility changes depending on the type of cloud resource you consume from infrastructure-as-a-service to platform-as-a-service to software-as-a-service offerings.

“The shared responsibility model is very specific on who is responsible for what as we saw with the Capital One breach.”

Cloud Architecture

Pandemic-era ransomware attacks have highlighted the need for robust cybersecurity safeguards. Now, leading organizations are going further, embracing a cyberresilience paradigm designed to bring agility to incident response while ensuring sustainable business operations, whatever the event or impact.

Cyberresilience, as defined by the Ponemon Institute, is an enterprise’s capacity for maintaining its core business in the face of cyberattacks. NIST defines cyberresilience as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”

The practice brings together formerly separate disciplines of information security, business continuity, and disaster response (BC/DR) deployed to meet common goals. Although traditional cybersecurity practices were designed to keep cybercriminals out and BC/DR focused on recoverability, cyberresilience aligns the strategies, tactics, and planning of these traditionally siloed disciplines. The goal: a more holistic approach than what’s possible by addressing each individually.

At the same time, improving cyberresilience challenges organizations to think differently about their approach to cybersecurity. Instead of focusing efforts solely on protection, enterprises must assume that cyberevents will occur. Adopting practices and frameworks designed to sustain IT capabilities as well as system-wide business operations is essential.

“The traditional approach to cybersecurity was about having a good lock on the front door and locks on all the windows, with the idea that if my security controls were strong enough, it would keep hackers out,” says Simon Leech, HPE’s deputy director, Global Security Center of Excellence. Pandemic-era changes, including the shift to remote work and accelerated use of cloud, coupled with new and evolving threat vectors, mean that traditional approaches are no longer sufficient.

“Cyberresilience is about being able to anticipate an unforeseen event, withstand that event, recover, and adapt to what we’ve learned,” Leech says. “What cyberresilience really focuses us on is protecting critical services so we can deal with business risks in the most effective way. It’s about making sure there are regular test exercises that ensure that the data backup is going to be useful if worse comes to worst.”

A Cyberresilience Road Map

With a risk-based approach to cyberresilience, organizations evolve practices and design security to be business-aware. The first step is to perform a holistic risk assessment across the IT estate to understand where risk exists and to identify and prioritize the most critical systems based on business intelligence. “The only way to ensure 100% security is to give business users the confidence they can perform business securely and allow them to take risks, but do so in a secure manner,” Leech explains.

Adopting a cybersecurity architecture that embraces modern constructs such as zero trust and that incorporates agile concepts such as continuous improvement is another requisite. It is also necessary to formulate and institute time-tested incident response plans that detail the roles and responsibilities of all stakeholders, so they are adequately prepared to respond to a cyberincident.

Leech outlines several other recommended actions:

Be a partner to the business. IT needs to fully understand business requirements and work in conjunction with key business stakeholders, not serve primarily as a cybersecurity enforcer. “Enable the business to take risk; don’t prevent them from being efficient,” he advises.Remember that preparation is everything. Cyberresilience teams need to evaluate existing architecture documentation and assess the environment, either by scanning the environment for vulnerabilities, performing penetration tests, or running tabletop exercises. This checks that systems have the appropriate levels of protections to remain operational in the event of a cyberincident. As part of this exercise, organizations need to prepare adequate response plans and enforce the requisite best practices to bring the business back online.Shore up a data protection strategy. Different applications have different recovery-time-objective (RTO) and recovery-point-objective (RPO) requirements, both of which will impact backup and cyberresilience strategies. “It’s not a one-size-fits-all approach,” Leech says. “Organizations can’t just think about backup but [also about] how to do recovery as well. It’s about making sure you have the right strategy for the right application.”

The HPE GreenLake Advantage

The HPE GreenLake edge-to-cloud platform is designed with zero-trust principles and scalable security as a cornerstone of its architecture. The platform leverages common security building blocks, from silicon to the cloud, to continuously protect infrastructure, workloads, and data while adapting to increasingly complex threats.

HPE GreenLake for Data Protection delivers a family of services that reduces cybersecurity risks across distributed multicloud environments, helping prevent ransomware attacks, ensure recovery from disruption, and protect data and virtual machine (VM) workloads across on-premises and hybrid cloud environments. As part of the HPE GreenLake for Data Protection portfolio, HPE offers access to next-generation as-a-service data protection cloud services, including a disaster recovery service based on Zerto and HPE Backup and Recovery Service. This offering enables customers to easily manage hybrid cloud backup through a SaaS console along with providing policy-based orchestration and automation functionality.

To help organizations transition from traditional cybersecurity to more robust and holistic cyberresilience practices, HPE’s cybersecurity consulting team offers a variety of advisory and professional services. Among them are access to workshops, road maps, and architectural design advisory services, all focused on promoting organizational resilience and delivering on zero-trust security practices.

HPE GreenLake for Data Protection also aids in the cyberresilience journey because it removes up-front costs and overprovisioning risks. “Because you’re paying for use, HPE GreenLake for Data Protection will scale with the business and you don’t have to worry [about whether] you have enough backup capacity to deal with an application that is growing at a rate that wasn’t forecasted,” Leech says.

For more information, click here.

Cloud Security

In 2020, research found that nearly 90% of CISOs considered themselves under moderate or high levels of stress. Similarly, a 2021 survey by ClubCISO revealed that stress levels significantly increased among 21% of respondents over the last 12 months, adding to mental health issues.

Kerissa Varma

Two years on since the start of the pandemic, stress levels of tech and security executives are still elevated as global skills shortages, budget limitations and an ever faster and expanding security threat landscape test resilience. “In every cyber security team I’ve worked in, stress management is a common concern, says Vodacom group managing executive for cyber security, Kerissa Varma. “Some manage this better than others, but one of the most common questions I get asked about my job is how I’ve done it for so long, considering everything that it involves.”

Helen Constantinides, CIO at AVBOB Mutual Assurance Society, also understands these cyber stress and burnout trends all too well. “We need to remember that it’s not just about technology,” she says. “It involves people too.”

According to CIISec’s 2020/21 State of the Profession report, which surveyed 557 security professionals, stress and burnout have become major issues, with almost half (47%) working more than 41 hours a week, and some up to 90.

So what can CIOs do to mitigate against the long hours, heavy workloads and uncertainty in understaffed and underfunded environments? The experts share their four top tips below. 

1. Encourage your teams to slow things down

Seeing that hackers don’t work 9 to 5, IT and information security professionals generally don’t get enough rest, says Itumeleng Makgati, group information security executive at Standard Bank. “Our roles require us to be alert, productive and energized,” she says. “You can’t do all this if you don’t get enough rest,” adding that CIOs must be deliberate about helping people to pause, take breaks and recharge, which may sound counter-intuitive but greater demands require greater efforts to look after mental health. This can take the form of hosting team events, meet-ups or just enabling staff to take personal time off during down cycles. “I try to have in person meetings as ‘walking meetings’ in a nearby park, which ensure that I get my daily nature fix and also stimulate creative thoughts,” says Anna Collard, SVP content strategy and evangelist at KnowBe4 Africa, the world’s largest security awareness training and simulated phishing platform. 

Helen Constantinides

2. Encourage collaboration

Look to extend and complement your team by bringing in trusted partners like managed security services, recommends Constantinides. “It’s about collaborating locally and globally to create new thinking, expanding the talent pool and coming at things a little bit differently,” she says. As part of this, CIOs must ensure the right technologies are in place to protect their most critical vulnerabilities, and assess, rank and respond to risks in real time to alleviate stress across IT teams. Automation can help too considering the skills shortage burden for under-resourced teams, says Varma. “Automation is a great enabler to use limited resources in areas that add the biggest benefit,” she says. “It also greatly improves staff morale, as they are able to focus on more interesting work.”

3. Discourage multitasking

According to Makgati, CIOs and IT leaders need to encourage their teams to embrace “monotasking.” Clear, one-at-a-time task prioritization and defining milestones that don’t overlap can help teams minimize stress. Avoiding the trap of mistaking the urgent for the important is also a great way to mitigate unnecessary stress, she says.

Anna Collard

And according to Collard, multitasking and not being fully present actually makes a business more susceptible to social engineering. “I realised this when I failed one of our internal phishing simulation tests,” she says. “I fell for the phishing email, not because I didn’t know the dangers of social engineering or because I didn’t know how to spot red flags, but because I was distracted. I was multi-tasking and slightly anxious in that moment.” It’s critical for leaders to communicate what the most important items that need to be delivered are, says Varma.

Itumeleng Makgati

Failing to do so can cause confusion and lead to teams skimming the surface in a number of areas but never truly resolving things effectively. “Be clear to your teams and business on what you’re prioritizing within a time frame,” she says. “This is critical to allow your team to focus and execute in the fastest manner possible and for your business to understand any potential risks.”

4. Exercise empathy and compassion

“Having the right cyber thinking and decision making in a board room can have immense impact on preventing stressful situations down the road,” says Varma. Collard adds that building a security culture is more about human psychology and behavioral science than technology. So CIOs and IT leaders must understand people’s motivations, expectations and struggles, and create a support mechanism to maximize individual and team potential. “It’s clear that we’re all going through a lot and a little understanding will go a long way in helping our teams feel supported,” says Makgati.

Change Management, Identity Management Solutions

Cyber hygiene describes a set of practices, behaviors and tools designed to keep the entire IT environment healthy and at peak performance—and more importantly, it is a critical line of defense. Your cyber hygiene tools, as with all other IT tools, should fit the purpose for which they’re intended, but ideally should deliver the scale, speed, and simplicity you need to keep your IT environment clean.

What works best is dependent on the organization. A Fortune 100 company will have a much bigger IT group than a firm with 1,000 employees, hence the emphasis on scalability. Conversely, a smaller company with a lean IT team would prioritize simplicity.

It’s also important to classify your systems. Which ones are business critical? And which ones are external versus internal facing? External facing systems will be subject to greater scrutiny.

In many cases, budget or habit will prevent you from updating certain tools. If you’re stuck with a tool you can’t get rid of, you need to understand how your ideal workflow can be supported. Any platform or tool can be evaluated against the scale, speed and simplicity criteria.

An anecdote about scale, speed and complexity

Imagine a large telecom company with millions of customers and a presence in nearly every business and consumer-facing digital service imaginable. If your organization is offering an IT tool or platform to customers like that, no question you’d love to get your foot in the door.

But look at it from the perspective of the telecom company. No tool they’ve ever purchased can handle the scale of their business. They’re always having to apply their existing tools to a subset of a subset of a subset of their environment. 

Any tool can look great when it’s dealing with 200 systems. But when you get to the enterprise size, those three pillars are even more important. The tool must work at the scale, speed, and simplicity that meets your needs.

The danger of complacency

With all the thought leadership put into IT operations and security best practices, why is it that many organizations are content with having only 75% visibility into their endpoint environment? Or 75% of endpoints under management? 

It’s because they’ve accepted failure as built into the tools and processes they’ve used over the years. If an organization wants to stick with the tools it has, it must:

Realize their flaws and limitationsMeasure them on the scale, speed and simplicity criteriaDetermine the headcount required to do things properly

Organizations cannot remain attached to the way they’ve always done things. Technology changes too fast. The cliché of “future proof” is misleading. There’s no future proof. There’s only future adaptable.

Old data lies

To stay with the three criteria of strong cyber hygiene—scale, speed and simplicity—nothing is more critical than the currency of your data. Any software or practice that supports making decisions on old data should be suspect. 

Analytics help IT and security teams make better decisions. When they don’t, the reason is usually a lack of quality data. And the quality issue is often around data freshness. In IT, old data is almost never accurate. So decisions based on it are very likely to be wrong. Regardless of the data set, whether it’s about patching, compliance, device configuration, vulnerabilities or threats, old data is unreliable.

The old data problem is compounded by the number of systems a typical large organization relies on today. Many tools we still use were made for a decades-old IT environment that no longer exists. Nevertheless, today tools are available to give us real-time data for IT analytics.

IT hygiene and network data capacity

Whether you’re a 1,000-endpoint or 100,000-endpoint organization, streaming huge quantities of real-time data will require network bandwidth to carry it. You may not have the infrastructure to handle real-time data from every system you’re operating. So, focus on the basics. 

That means you need to understand and identify the core business services and applications that are most in need of fresh data. Those are the services that keep a business running. With that data, you can see what your IT operations and security posture look like for those systems. Prioritize. Use what you have wisely.

To simplify gathering the right data, streamline workflows

Once you’ve identified your core services, getting back to basics means streamlining workflows. Most organizations are in the mindset of “my tools dictate my workflow.” And that’s backward.

You want a high-performance network that has low vulnerability and strong threat response.  You want tools that can service your core systems, do efficient patching, perform antivirus protection and manage recovery should there be a breach. That’s what your tooling should support. Your workflows should help you weed out the tools that are not a good operational fit for your business.

Looking ahead

It’s clear the “new normal” will consist of remote, on-premises, and hybrid workforces. IT teams now have the experience to determine how to update and align processes and infrastructure without additional disruption.

Part of this evaluation process will center on the evaluation and procurement of tools that provide the scale, speed and simplicity necessary to manage operations in a hyper converged world while:

Maintaining superior IT hygiene as a foundational best practiceAssessing risk posture to inform technology and operational decisions Strengthening cybersecurity programs without impeding worker productivity

Dive deeper into cyber hygiene with this eBook.

Analytics

These are challenging times to be a CIO. It was all talk about digital transformation to drive post-pandemic business recovery a few months ago. Now, the goalposts have shifted thanks to rising inflation, geopolitical uncertainty and the Great Resignation. Meeting these challenges requires IT leaders to ruthlessly prioritize: taking action to mitigate escalating cyber and compliance risks by managing their attack surface more effectively amidst continued skills shortages.

For many, the key lies in choosing the right platform to drive visibility and control across the endpoint estate.

The ever-growing attack surface 

That pandemic-era digital spending was certainly necessary to support hybrid working, drive process efficiencies and create new customer experiences. But it also left behind an unwelcomed legacy as corporate attack surfaces expanded significantly. 

An explosion in potentially unmanaged home working endpoints and distributed cloud assets have added opacity at a time when CIOs desperately need visibility. Two-fifths of global organizations admit that their digital attack surface is “spiraling out of control.” Some organizations also exacerbate their challenges in this regard by rushing products to market, incurring heavy technical debt in the process. 

Attack surface challenges are especially acute in industries like manufacturing, which became the most targeted sector in 2021. The convergence of IT and OT in smart factories is helping these organizations to become more efficient and productive, but it’s also exposing them to increased risk as legacy equipment is made to be connected. 

Nearly half (47%) of all attacks on the sector last year were caused by vulnerabilities that the victim had yet to or could not patch. Like their counterparts in almost every sector, manufacturing CIOs are also kept awake at night by supply chain risk. An October 2021 report claimed that 93% of global organizations have suffered a direct breach due to weaknesses in their supply chains over the previous year.

Managing this risk effectively will require rigorous and continuous third-party auditing based on asset visibility and best practice cyber hygiene checks. The same approach can also help drive visibility at a time when supply chains are still under tremendous strain from the continued impact of COVID-19 in Asia and new geopolitical uncertainty.

Threat actors are ruthlessly exploiting visibility and control gaps wherever they can find them, most notably via ransomware. The average ransom payment rose 78% year-on-year in 2021, with some vendors detecting a record-breaking volume of attacks. Most are down to a combination of phishing, exploited software vulnerabilities, and misconfigured endpoints, particularly RDP servers left exposed without strong authentication.

Missing talent

In fact, misconfiguration is one of the biggest sources of cyber risk today perpetuated by talent shortages and digital transformation, the latter creating new and complex IT environments which become more challenging to manage securely. The talent shortfall cuts across multiple sectors and is most acute in cyber with a gap of over 2.7 million professionals globally, including 402,000 in North America. The Great Resignation and workplace stress continue to take their toll. Nearly two-thirds (64%) of SOC analysts claim they’ll change jobs next year.

With talent in such short supplies and commanding such a high price, it becomes even more important to deploy it as efficiently as possible. Technology should be the CIO’s friend, yet a proliferation of IT and security point solutions is undermining productivity, not enhancing it. Our research shows that the average organization runs over 40 discrete IT security and management tools. They not only add licensing costs and significant administrative overheads but can also create visibility gaps that threat actors are primed to exploit. 

Tool bloat is even more likely in the public sector, where CIOs often lack a common security governance framework to guide purchasing strategies. Government IT leaders are also weighed down by the significant financial burden of license under utilization as they often lack the ability to discover, manage and measure their software assets.

The regulatory landscape continues to evolve

As if these challenges weren’t enough, CIOs must also prioritize compliance risk management. The EU’s GDPR set in motion a domino effect of copycat legislation around the world, which has raised the stakes for corporate data protection and privacy. But the landscape is also shifting in other ways. 

No longer is regulation solely for large organizations in healthcare, manufacturing or financial services sectors. New rules and policies are being drawn up and older ones are expanding in scope. Once the preserve of financial institutions, Sarbanes-Oxley will apply to all businesses that handle credit, beginning in December 2022. That means organizations as diverse as car dealerships, furniture sellers and retail stores will need to get SOX-compliant or face potentially significant financial consequences.

Start with visibility and control

As CIOs look to prioritize while economic headwinds gather strength, managing IT risk becomes even more critical. This is where best practice cyber hygiene can play an important role. It sounds simple in theory but can be challenging to achieve in practice.

Cyber hygiene is built on comprehensive visibility of the endpoint IT estate. That means understanding everything the organization is running and what is running on those endpoints at all times—whether it’s an on-prem server, a cloud container, a virtual machine or a home working laptop. 

It’s especially challenging, and critical, in dynamic and ephemeral cloud environments, which change second by second. Once this visibility has been achieved, organizations need technology that empowers them to run continuous scans and automated remediation activities to find and fix any vulnerabilities or misconfigurations—and to rapidly detect and investigate emerging threats.

This endpoint insight will not just help to mitigate risk but also optimize software license utilization and enhance regulatory compliance. Delivered from a single platform, it should help stretched IT teams do more with less and maximize their productivity. 

The hard work starts now.

Learn how to get complete endpoint visibility and control here.

IT Leadership

There’s a cyber security arms race happening right now – and the criminals are winning.

Estimates predict the cost of cybercrime will top $10.5 trillion by 2025, with financial institutions being particularly vulnerable. One study found the average cost of cybercrime to financial services companies was $18 million – 40% higher than the average cost for other sectors.

To counter this rising threat, companies need to spot problems before they occur, rather than simply sit back and hope their defenses can withstand the attack when it does inevitably come.

Plugging the dam

Trying to stop the cyber onslaught is akin to trying to plug holes in a dam, as cyber threats increase. Not only are organized criminals becoming more sophisticated, but state actors are also taking aim at financial institutions, too. Banks spend on average between 6% – 14% of their annual budgets on countering cyber threats. This includes both beefing up IT infrastructure and attracting the top cyber security talent.

But the number of incidents and the cost of those incidents continues to rise. It is not enough to build a security infrastructure that simply sits there and waits to be attacked. Companies also have to find the smaller clues to what may become a bigger problem: they must seal the cracks in the dam before the holes even develop. 

From detection to prevention

Cyber criminals leave clues as to where they may strike next, like footprints in the sand – but it takes sophisticated AI analytics to spot them.

Teradata’s technology allows companies to go from fraud detection to fraud prevention.

Providing a bird’s-eye view of operations down to granular details. It monitors and tracks all user interactions across digital channels – building identity graphs of individual users, creating contextual views of each transaction and acting in real time to only stop fraudulent transactions, not genuine ones.

This enabled companies to proactively detect, prevent, and address first and third-party fraud, money laundering and other financial crimes.

The £100m footprints

One such example of deploying this kind of analytics to tackle fraudsters, was when Teradata worked with a global top five bank which was under attack by remote access takeover fraud.

The problem grew by 15% during Covid, which brought not only financial losses but pressure from regulators. After deploying Celebrus and Teradata Vantage, the bank was able to establish a hyper-personalized behavioral fraud solution.

It worked by capturing digital interactions in real-time and analyzing the data for transactional and behavioral patterns, running millions of micro models to assess behaviors and deploying insights in sub-second response time. It detected over £100m in preventable fraud, with the bank now able to detect and prevent 70% of fraud cases.

Levelling up the arms race

The cyber fraud arms race is one of move and counter move, but by investing in analytics financial services can deploy a powerful new weapon in the fight against the fraudsters.

For more information on how to move from fraud detection to prevention click here.

Fraud, Fraud Protection and Detection Software

By Hock Tan, President and Chief Executive Officer, Broadcom

I recently visited Washington, D.C. to meet with policymakers and government customers to talk about the future of cybersecurity. Broadcom Software solutions secure digital operations across the federal government, and our Global Intelligence Network (GIN) evaluates and shares insights on the ever-evolving cyber threat landscape with U.S. law enforcement and intelligence agencies to ensure the safety and security of our critical infrastructure customers and the cyber ecosystem.

During my visit, I had the honor of meeting two superb public servants working to secure our global information technology infrastructure: National Cyber Director (NCD) Chris Inglis and Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly. President Biden could not have selected two more talented and experienced leaders to work closely with the world’s leading IT security companies and IT-dependent government agencies that comprise our virtual and physical critical infrastructures.

JCDC Collaboration

It can’t be overstated: without public-private collaboration to secure our critical virtual and physical networks, economies and governments around the world would be at the mercy of bad actors. It’s in that commitment of collaboration to better protect critical infrastructures that I was proud to be nominated by the President of the United States to serve on the National Security and Telecommunications Advisory Committee (NSTAC), and why Broadcom Software was honored to accept Jen Easterly’s invitation to be one of the first private sector “alliance members” in CISA’s Joint Cyber Defense Collaborative (JCDC).

Formed in August 2021, the JCDC is an action-driven forum that brings together federal agencies and the private sector to strengthen the nation’s cyber defenses through better planning, preparation, and information sharing. The JCDC showed quickly it could make a difference:In February 2022, our threat hunters uncovered Daxin, a sophisticated malware being leveraged as an espionage tool. We discovered that Daxin was targeting foreign governments that were not our customers. Thanks to our engagements with CISA through the JCDC, we informed the CISA team of the threat, and they connected us with the appropriate officials from the targeted foreign governments. Together, we were able to detect the malware and remediate infected computer systems. Jen and the CISA team also issued a Current Activity alert that linked to a Broadcom-published blog, alerting other government and critical infrastructure networks about Daxin.  

The Future

Given the success of the JCDC, and Broadcom’s overall engagement with the federal government, you can imagine how thrilled and honored I was to meet Chris and Jen in person and talk about additional ways we can deepen an already creative, collaborative, and productive partnership.

As the NCD, Chris and his team are developing a national cyber strategy that they will be presenting to the President later this year. Chris has written that to better protect the cyber landscape, we will need to shift the burden away from individual end-users of IT products toward larger, better-resourced private and public organizations. Rather than leaving it to end-users to find and add security to the IT products and services they use on their own, Chris would like to see security developed and integrated into the overall IT infrastructure more holistically. We at Broadcom Software already have undertaken a number of initiatives designed to build-in security in the development, implementation, and maintenance of our products, ranging from supply chain hardening to Zero Day prevention and notification.  Not every vendor takes these types of proactive measures, which presents policymakers with important questions on whether it’s better to regulate or to incentivize this shift, or to use a combination of both. While there are no straightforward answers to these questions, Broadcom Software will continue to offer safe and secure products.

Chris and Jen also have been tremendous advocates to promote private and public initiatives to build a stronger cyber workforce.  And they are taking steps to do something about it.  The most important assets essential to the security of IT networks and law-abiding nations are the talented professionals who make cybersecurity their cause and calling. Yet, skilled IT workforce shortages require both expanding and upgrading our overall talent pipeline, as well as improving communications between and within governments and the private sector. Jen has been highlighting CISA’s Cyber Innovation Fellows initiative, where private sector employees can be “detailed” to CISA part-time for up to six months to better understand CISA and work to build stronger relationships between the public and private sector. Jen was inspired by a similar program run by the National Cyber Security Centre (NCSC) in the UK, which has been enormously successful.  And Chris recently hosted the National Cyber Workforce and Education Summit at the White House, which focused on building our nation’s cyber workforce by improving skills-based pathways to cyber jobs and educating Americans so that they have the necessary skills to thrive in our increasingly digital society.

While these are important initiatives, what resonated with me most in our meetings is the value of Broadcom’s partnerships with the public sector, and especially with leaders like Jen and Chris and their exceptional teams. Meeting them during my visit was an important milestone for Broadcom Software, but more meaningful to me and our team is the continued collaboration and positive impact we will have going forward to protect critical infrastructures across government and industry.

Hock Tan, President and Chief Executive Officer, Broadcom:

Broadcom Software

Hock Tan is Broadcom President, Chief Executive Officer and Director. He has held this position since March 2006. From September 2005 to January 2008, he served as chairman of the board of Integrated Device Technology. Prior to becoming chairman of IDT, Mr. Tan was the President and Chief Executive Officer of Integrated Circuit Systems from June 1999 to September 2005. Prior to ICS, Mr. Tan was Vice President of Finance with Commodore International from 1992 to 1994, and previously held senior management positions with PepsiCo and General Motors. Mr. Tan served as managing director of Pacven Investment, a venture capital fund in Singapore from 1988 to 1992, and served as managing director for Hume Industries in Malaysia from 1983 to 1988.

Data and Information Security, IT Leadership

A substantial shift has happened in the enterprise storage industry over the last 12 months that has changed the dialogue about storage. In past years, the first conversations with enterprise storage buyers were about cost efficiency and performance. However, today, the two most important things that come up first in storage conversations are cybersecurity and delivery time. This is a radical change that is redefining strategic planning and purchasing of enterprise storage solutions.

Storage has become part of a bigger conversation that an increasing number of decision-makers in enterprises are recognizing. It’s as if customers are waking up to a new reality – a new normal – that storage needs to be a core component of an enterprise’s corporate cybersecurity strategy, and lead times for delivery of products are longer or, at a minimum, vary by vendor.

One vendor may provide products in weeks, while another vendor will need to take many months to deliver complementary products for an end-to-end solution. Because of this, enterprise buyers and IT solution providers, who provide solutions to enterprise buyers, need to think differently.

In the past, customers and prospective customers who were interested in buying storage solutions were quick to talk about capacity, speed, IOPS, workloads, and application profiles. Storage cybersecurity would not even be discussed until the eighth conversation or later. Yet, in 2022, the first three conversations are laser-focused on cybersecurity and how storage is a critical element of an overall corporate cybersecurity strategy.

The realization that primary and secondary storage are integral to a strong enterprise cyber security posture, including immutable snapshots, fast recovery, fenced-in forensic environments, and more, casts a wide net for the one thing that keeps C-level executives and IT leaders up at night – cyber resilience (or, rather, the lack of it).

If an enterprise does not have the proper level of cyber resilience built into its storage and data infrastructure, there is a huge gap. This is why, on average, it takes an organization nearly 300 days to figure out if they have even been infiltrated by a cybercriminal.

In the work that Infinidat has done to help large enterprises increase their cyber resilience, we have learned what it takes to bring storage and cybersecurity together for an end-to-end approach.

Of course, consolidation and its dramatic impact on capital and operational expense structures are still part of these conversations in the storage market, too. As enterprises upgrade to improve their cybersecurity, they are also using the opportunity to consolidate from a high number of arrays to Infinidat’s petabyte-scale arrays.

Instead of having 50 arrays that have been built up over time, they can consolidate and use a few Infinidat arrays, while getting greater capacity, better availability, unmatched real-world application performance, and higher storage cybersecurity. Consolidation is also a major factor in advancing green IT efforts – less use of power, cooling, floor space, and resources.

Partners need to talk about storage cyber resilience and consolidation with customers, hand-in- hand. But they also need to tackle the other big conversation-starter glaring at all of us in the face – namely, the supply chain challenge that is affecting delivery times.

Customers and partners must embrace the mindset that strategic planning needs to be done earlier, and decisions will need to be made quicker. My message to customers and partners – for their own benefit – is this: talk to their suppliers earlier than they previously have.

Infinidat customers have been benefitting with us. Infinidat has been doing a superb job managing the supply chain and being able to deliver storage solutions faster than suppliers of other types of IT products, such as servers or switches.

But since the supply chain crunch has its ups and downs for all companies (as no vendor is totally immune to vicissitudes), it is smart to talk to us and your other suppliers earlier, so you will not get hit head-on with a supply chain issue.

While Infinidat is able to deliver in a matter of weeks, a server vendor may be saying it will be nine months before the new servers will arrive. The storage platforms cannot be utilized until the servers are installed. So, this is where a partner can step up and find practical solutions to get servers from another source in, for example, a third of the time.

Customers should be working closely with their partners and suppliers to be creative about how to speed up delivery timelines. It may sound like very hard work, but it will actually help prevent bigger problems down the road. There are customers ordering products now, but those products won’t arrive until Q4. They are thinking ahead. They are accelerating decisions as they map out and fulfill their strategic plans.

The functioning of their business depends on these technical and business decisions. You don’t want to have to face an irate CEO who wants to know why you can’t get IT products that are necessary to support the next phase of the company’s digital transformation initiative or elevation of DevOps or help them thwart malware and ransomware threats.

You don’t want to have to explain to the Board of Directors why the data infrastructure could not scale. You don’t want to have to face fines from a government for failure to ensure cyber resilience, leading to the exposure of sensitive data.

Don’t get caught digitally flat-footed.

To learn more, visit Infinidat.

Data Management, Master Data Management

CIOs of large enterprises have pain points that are complex, underscoring the need for suppliers to listen intently and understand their predicaments. The challenges of managing data, the lifeblood of any enterprise, are continuously evolving and require attention because ignoring them only makes the “pain points” worse.

CIOs and their teams look to the tech industry to solve their problems, develop new, cost-effective technology solutions, and make implementation of new solutions smooth and easy, with built-in flexibility. This article explores three examples of how listening to the concerns, and changing the requirements and needs of CIOs, has resulted in viable technological solutions that are now widely in demand.

The need to improve cybersecurity by increasing cyber resilienceThe need for the lowest latency, while delivering the highest real-world application performanceThe need to incorporate AI operations (AIOps) and development operations (DevOps) as part of a modern IT strategy

As the chief marketing officer of Infinidat, I continually hear customer input and feedback, which feed into a strong cycle of continuous improvement. Product strategy must align with not only today’s needs but the anticipated, evolving needs of the future. A new product must help address or eliminate one or more pain points. Otherwise, what is its value?  This is the story of Infinidat’s comprehensive enterprise product platforms of data storage and cyber-resilient solutions, including the recently launched InfiniBox™ SSA II as well as InfiniGuard®, taking on and knocking down three pain points that are meaningful for a broad swath of enterprises.     

The need to improve cybersecurity by increasing cyber resilience

Cyber resilience is among the most important and highly demanded requirements of enterprises today to ensure exceptional cybersecurity and combat cyberattacks across the entire storage estate and data infrastructure. In comprehensive surveys by Fortune and KPMG in the last 12 months, cybersecurity has been cited as the No. 1 concern of CEOs. The continuous attempts at comprehensive theft and hostage-taking of valuable corporate data can be overwhelming. 

This naturally puts immense pressure on CIOs and CISOs to deal with the rapidly expanding threat landscape – and it’s much more than securing network connections. It now extends to the people at their desks or at the edges of the company network, creating weak points. Industry data confirms the average dwell time for an enterprise-level cyberattack is up to 287 days. The C-suite is rightly concerned about this shroud of secrecy and how eerily “patient” cyber criminals are, taking systematic approaches and looking for the tiniest of cracks to exploit. 

Cyber resilience must be part of an enterprise’s overall corporate cybersecurity strategy. One example of cyber resilience is the ability to recover known good copies of the enterprise’s data. When you’re able to do it – and do it quickly – then the leverage that the cyber attackers thought they had is dramatically reduced, if not completely eliminated. To have end-to-end resilience, an enterprise needs to build it into primary storage for the most critical apps and workloads, as well as secondary storage to protect backup copies of data. 

Infinidat added cyber resilience on its InfiniGuard® secondary storage system during the past year and, at the end of April 2022, across its primary storage platforms with the InfiniSafe Reference Architecture, encompassing Infinidat’s complete portfolio. InfiniSafe combines immutable snapshots of data, logical air gapping, a fenced forensic environment, and virtually instantaneous data recovery, and is now extended into the InfiniBox SSA II, as well as the entire InfiniBox family. 

“With the InfiniSafe Cyber Resiliency Technology extending into the InfiniBox portfolio, we’re able to provide our customers the peace of mind they need in a time filled with cyberattacks and data breaches,” said Trent Widtfeldt, Chief of Engineering, Technologent, a female-owned global IT solutions provider. “Technologent is known for partnering with the best technology vendors to ensure we bring the most efficient solutions to our customers, and Infinidat has always been a key partner in this area.”

The need for the lowest latency while delivering the highest application performance

CIOs and storage administrators have asked whether a performance void in enterprise data infrastructure could be filled – a void that no storage vendor had been able to meet to their satisfaction. It is the ability to provide consistent, ultra-low latency, super-fast response times for virtually every I/O that they process, not just great latency for an overall average of their I/Os. If this could be delivered, they said, it would provide them with valuable competitive differentiation for their real-world applications and workloads.

Although CIOs already know, for the most part, that most storage vendors can meet or exceed their requirements for bandwidth and IOPs, what they are really pointing to is the “new” storage performance battleground, which is latency. They articulate to anyone who will listen, and in a position to make it happen, how they want consistent ultra-low latency.

To address this customer demand, Infinidat developed the InfiniBox SSA II, delivering unprecedented latency. Enterprises have seen real-world workloads hit performance as fast as only 35 microseconds for storage performance. This is not an artificial “hero” number that no real application has ever seen, but an observed performance from real, live, customer applications. This enhancement allows customers to not only have optimal application and workload performance, but also allows for substantial storage consolidation, dramatically transforming storage performance, increasing efficiency, and reducing total cost. 

“Infinidat is squarely targeting this market segment with its InfiniBox SSA, and the vendor’s updated capabilities, including in particular the ability to deliver latencies as low as 35 microseconds and the InfiniBox SSA II’s new InfiniSafe cyber resilience support, make it an excellent fit for tier 0 workloads in the enterprise,” said Eric Burgener, Research Vice President, Infrastructure Systems, Platforms and Technologies Group, IDC.

The need to incorporate AIOps and DevOps as part of a modern IT strategy

CIOs have conveyed a common reality that they are under pressure to deliver nonstop operations within budget constraints, limited headcount, and short-term deadlines. A strategy to manage such converging forces cannot be cookie-cutter. Each enterprise has its own unique operating requirements. The challenge is for the IT team to deliver new capabilities that are tightly aligned with the organization’s specific needs – and to do it rapidly and with low risk. 

A smart move for CIOs, and other IT executives, is to exploit the underlying capabilities of the installed infrastructure. This has led IT leaders to demand that their infrastructures have the highest levels of autonomous automation and intelligence, along with proven extensions to enable further operational integration. This integration includes both interoperability with incumbent IT consoles as well as simple, trusted access to unique functionality and the creation of new capabilities. Additionally, it is critical that outdated fly-by-wire management controls are replaced with infrastructure intelligence, automation, and proven solutions.

Earlier this year, Infinidat introduced InfiniOps™, a collection of extensive software capabilities that exploit world-class AIOps functionality and expedite DevOps activities. By harnessing the unique operational awareness of InfiniVerse, IT teams have streamlined storage oversight and management to unprecedented levels of set-it-and-forget-it simplicity at their local site and across the globe. Infinidat also works closely with data center AIOps vendors, such as ServiceNow and VMware, so that Infinidat’s storage platforms are integrated into their cross-data center AIOps toolsets. Additionally, a proven set of IT tools are available to further integrate InfiniBox capabilities into IT operations for standard and container application deployment environments – at no additional cost.

IT must build upon a foundation of the highest performing, most available, and most intelligent infrastructure. InfiniBox delivers on these requirements with 100% availability, microsecond latency, multi-petabyte scale, and its Neural Cache.

Newly introduced InfiniOps technologies include InfiniVerse, a solution that delivers application to storage insights as a secure, cloud-based service. IT staff can see their entire storage infrastructure across multiple sites, including key indicators such as system health, rate of capacity consumption, and SAN/WAN performance compared to internal latency measurements. InfiniOps also offers a wide variety of tools to streamline IT operations, accelerate solution deployment, and reduce internal solution development risks.

Our customers are looking for enterprise storage solutions that deliver the utmost in availability, reliability, and performance. With the InfiniBox SSA II, Infinidat has done that and more. The InfiniBox SSA II has added sophisticated AIOps technology and comprehensive cyber resilience to the solution. At the same time, the InfiniBox SSA II continued Infinidat’s powerful “set-it-and-forget-it” ease-of-use architecture. 

All of this provides our customers with a highly differentiated enterprise storage platform that provides not only strong technical values, but critical business value as well.

For more information, visit Infinidat here

Security