According to see.V, an Israel-based tech placement company, DevOps, machine learning, cyber security and blockchain has been rising in popularity more than ever this year.

According to an analysis of the demand for professional workers in the first quarter of 2018, the report found the demand for cyber security professionals has increased by 49%.

The post The need for DevOps, machine learning, cyber security and blockchain rises in Israel appeared first on DevOps Online North America.

An overwhelming number of IT security professionals believe securing an environment starts with protecting privileged accounts – 89%  stated that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured.

IT security respondents also indicated that the proportion of users who have local administrative privileges on their endpoint devices increased from 62% in our 2016 survey to 87% in 2018 — a 25% jump and perhaps indicative of employee demands for flexibility trumping security best practices.

Legally-required basics

The survey findings suggest that security inertia has infiltrated many organisations, with an inability to repel or contain cyber threats – and the risks that this might result in – supported by other findings:

• 46% say their organisation can’t prevent attackers from breaking into internal networks each time it is attempted
• 36% report that administrative credentials were stored in Word or Excel documents on company PCs
• 50% admit that their customers’ privacy or PII (personally identifiable information) could be at risk because their data is not secured beyond the legally-required basics.

The automated processes inherent in cloud and DevOps mean privileged accounts, credentials and secrets are being created at a prolific rate. If compromised, these can give attackers a crucial jumping-off point to achieve lateral access to sensitive data across networks, data and applications or to use cloud infrastructure for illicit crypto mining activities. Organisations increasingly recognise this security risk, but still, have a relaxed approach toward cloud security.

Built-in security capabilities

The survey found that:

• Nearly 50% of organisations have no privileged account security strategy for the cloud
• More than 68% defer on cloud security to their vendor, relying on built-in security capabilities
• 38% stated their cloud provider doesn’t deliver adequate protection

Overcoming cyber security inertia necessitates it becoming central to organisational strategy and behavior, not something that is dictated by competing for commercial needs. According to the survey:

• 86% of IT security professionals feel security should be a regular board-level discussion topic
• 44% said they recognise or reward employees who help prevent an IT security breach, increasing to nearly 74% in the USA
• Just 8% of companies continuously perform Red Team exercises to uncover critical vulnerabilities and identify effective responses.

Today’s attacks

Matthew Brazier, regional director at CyberArk: “Attackers are constantly evolving their tactics, but by rarely changing their security strategy to keep up, organisations are making the attackers’ jobs that much easier.

“Organisations need to be more proactive in securing themselves against today’s attacks. This requires understanding the growing privileged account security attack surface and how it puts companies at risk. Strong leadership and accountability are required to overcome this inertia, as well as a clearly communicated security strategy that takes into account the attacker’s mindset.”

The survey was conducted by Vanson Bourne among 1,300 IT security decision makers, DevOps and app developer professionals and line of business owners, across seven countries worldwide.

Written from press release by Leah Alger

The post Cloud providers ‘don’t deliver adequate protection’, says report respondents appeared first on DevOps Online North America.

Security First

Cyber threats are becoming more sophisticated and increasing in volume. In addition, remote working or working across multiple sites and multiple devices, together with an increasing reliance on cloud-based applications, have all served to weaken traditional perimeter-based security.

Traditional firewall technology is no longer enough. Anyone designing or planning a new network deployment in 2018 must adopt a ‘Security First’ mantra, with security being embedded into the network elements and design.

When a network has security inherently built into it, operates alongside other security platforms, and is managed with consistent, properly enforced policies, it becomes the security defence.

Video demands bandwidth

Organisations are embracing the web, video conferencing, and unified communication and collaboration tools to improve productivity among employees. This means enterprises will need to ensure they are building networks with enough capacity to support these new applications.

Bandwidth requirements will continue to increase in 2018, driven by the adoption of advanced video collaboration and applications in the enterprise.

SD-WAN comes of age

Software Defined Wide Area Network (SD-WAN) will finally come of age in 2018, with SD-WAN adoption gathering pace in the enterprise.

The burgeoning technology has shown remarkable growth in recent years with IDC predicting the SD-WAN market will be worth US$8billion by 2021. It has driven digital transformation projects that deploy the cloud, big data, analytics, and mobility – which all increase network workloads and require end-to-end reliability.

NPM and APM growth

The workforce today is mobile, often working across numerous devices, from any location. Employees commonly use applications hosted in the cloud. They expect ongoing availability of whatever network they are connected to. Network management, therefore, can be complex, with the need to manage application and network performance more important than ever.

Network Performance Management (NPM) and Application Performance Management (APM) will become the norm for enterprises in 2018, with a focus on user experience, resolving application and network performance issues proactively and quickly, and improving productivity.

WLAN upgrades

WLAN deployment upgrades will grow faster than ever in 2018, driven by the rapid speeds of 802.11AC and the fast-evolving analytics engines and applications that provide insight and intelligence to end users and devices

In addition, the explosion in Internet of Things (IoT) endpoints will also fuel the growth of WLAN technology. It is estimated there will be 20.4 billion connected things in use worldwide by 2020, and analysts at Dell’Oro predict that there will be an installed base of nearly a billion WLAN network devices within five years, which will be the primary way that most IoT devices connect to networks.

Written from press release by Leah Alger

The post Nuvias: Top 5 networking trends for 2018 appeared first on DevOps Online North America.

The rise of AI

2018 will see artificial intelligence (AI) drive a transformational change among organisations and impact on cloud use.

ICT isn’t getting any simpler, and businesses are being forced to move faster as their customers’ requirements become more demanding. This is driving innovation in areas like AI, but automation of past processes won’t be enough to keep up with the “need for speed” in business agility.

We will see lots more AI projects and initiatives in 2018; it will be the cornerstone of change in automation of ICT. Proactive, automated, non-human decisions are now a necessity. Are the robots coming? Yes, they are – but we still need to develop the Intellectual Property (IP) to drive them.

IP will be key

With emerging technologies like AI becoming more prominent in 2018, organisations are demanding bespoke software and solutions that solve their specific business problems.

As a result, companies are increasingly working with cloud service providers to gain a competitive advantage – this includes using public cloud providers to power their IP-centric solutions. Investment in infrastructure development is diminishing, replaced by a need for specific business-driven solutions that require unique software to bring these solutions to life.

From partnering to strategic alliances

IP is the key, but many end users don’t have the time, resources or in-house skills to create their own unique solution that gives them the business advantage they require.

As such, they are forging long-term business relationships with technology service providers who understand their need for change, and develop specific IP or software which utilises public cloud services, embraces AI, and most importantly which solves a business or specific customer problem.

Public cloud providers also need these strategic partner alliances to ensure there is a shorter time to value in moving workloads to the cloud, and providing solutions that move beyond Infrastructure-as-a-Service (IaaS) to fully utilising Platform-as-a-Service (PaaS).

PaaS as the basis for digital transformation

We are starting to see the Software-as-a-Service (SaaS) players now extending into PaaS in response to customer demand.

Customers that are using a SaaS kingpin like CRM want to extend that platform into other use cases and requirements. It’s been a long time coming but as the world moves to a cloud-first strategy, the complexity in integrated public clouds is driving companies to explore PaaS.

Secure cloud services get board visibility

Cloud services have been a safe bet in the Boardroom in recent years, but now the question is, are they truly secure? Decisions to utilise cloud services have been a relatively easy Boardroom decision, due to their known cost and agility. But with more and more high-profile data breaches, questions are now being asked around cloud security at a Board level within businesses.

The damaging nature of cyber attacks is now clearly in the line of sight of Board members. GDPR will also raise more questions at this level, making cyber security in the cloud a Board level priority.

Written from press release by Leah Alger

The post 2018: Top 5 cloud services predictions appeared first on DevOps Online North America.

The global leader in digital transformation accomplished a 25% growth rate over the last year, with revenues in 2016 exceeding £170million.

Growth of Atos’ specialist digital services combined with the Econsultancy recognition is a significant endorsement of Atos credentials.

Bringing together a blend of people and digital technologies, including notable clients: NS&I, BBC, Anglian Water, Aegon, etc.

Toby Goldblatt, senior vice president for digital services, said: “It’s great to see Atos’ work in customer-led digital transformation being recognised and we hope that this endorsement builds further market understanding of our capabilities.

“The market demands are changing and this year’s Econsultancy top 100 rankings highlights this – it’s now a more balanced mix of former ad’ and design agencies, consultancies and technology firms.”

The breadth of Atos digital transformation services includes customer experience strategy, application transformation, cloud infrastructure, Atos CODEX big data and analytics, SAP Hana integration, infrastructure and hosting, cyber security, digital payments and digital workplace solutions.

Written from press release by Leah Alger

The post Atos lands on list of largest digital service providers appeared first on DevOps Online North America.

With the cloud helping detect new threats, the network uses a continuous data exchange, including malicious programmes and websites that could pose a threat to a company’s security.

Kaspersky claimed that false positive rate detection is low because of platform process data being used by its users, insuring insights are accurate, and enabling businesses to act fast.

However, the company has developed a unique product that can be deployed on a private cloud, with a local copy of Kaspersky Security Network complying with data protection laws whilst serving businesses.

Anton Lapushkin, Head of Cloud Infrastructure Development at Kaspersky Lab, said: “Due to the role cloud computing and big data play in quick and accurate detection, services like Kaspersky Security Network are indispensable in cyber security.

“However, customers operating under strict regulations and data transfer policies are forced to disable cloud services like this, and therefore cut off a powerful protection layer.”

Written by Leah Alger

Read more from DevOps Online | Follow us on Twitter

The post Big data technology behind Kaspersky’s network appeared first on DevOps Online North America.

According to a Dow Jones spokesman, around 2.2 million subscribers records were affected, including customer names, emails, physical addresses, usernames and the last four digits on credit cards.

The Dow Jones spokesman said: “We immediately remedied the situation and have no reason to believe that any data was taken.

“The data did not include full credit-card or account-login information that could pose a significant risk for consumers or require notification.”

Cyber security firm UpGuard notified Dow Jones of the exposed data after discovering it.

Written by Leah Alger

Read more from DevOps Online | Follow us on Twitter

The post Dow Jones expose private records appeared first on DevOps Online North America.

The findings show that careless or uninformed employees are most likely to cause a cyber security incident, whilst malware is continuously becoming more sophisticated.

Studies show that a careless accountant could easily open a malicious file disguised as an invoice, as 28% of attacks were targeted on businesses throughout last year through social engineering and phishing.

“Cybercriminals often use employees as an entry point to get inside the corporate infrastructure. Phishing emails, weak passwords, fake calls from tech support — we’ve seen it all. Even an ordinary flash card dropped in the office parking lot or near the secretary’s desk could compromise the entire network — all you need is someone inside, who doesn’t know about, or pay attention to security, and that device could easily be connected to the network where it could reap havoc,” said David Emm, Principal Security Researcher at Kaspersky Lab.

It appears that staff would prefer to put its organisation at risk rather than report the problem, in case of embarrassment or punishment.

‘Careless employees cause 53% of incident’

The research shows that even where malware is concerned, careless employees cause 53% of incidents.

Slava Borilin, Security Education Programme Manager at Kaspersky Lab said: “The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments.”

Adding: “If employees are hiding incidents, there must be a reason why. In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears, and leave employees with only one option — to avoid punishment whatever it takes. If your cyber security culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious.”

35% of businesses are hoping to improve security through delivering training to staff, and 43% want to deploy more sophisticated software.

Written from press release by Leah Alger

Read more from DevOps Online | Follow us on Twitter

The post ‘Employees make businesses vulnerable’ says report appeared first on DevOps Online North America.

March 7, 2017. What will be the main themes of cyber security in the next twelve months? One thing is evident: We are in the midst of an era of significant data breaches. Frank Luzsicza, EVP, Information and Communication Technology at TÜV Rheinland, is convinced that “the amount and availability of sensitive information about people and connected systems will inevitably lead to increased pressure to update legacy cyber security risk strategies to the new attack surface”. The Cyber Security Trends of 2017 from TÜV Rheinland and OpenSky provides a deeper examination of these topics. They reflect the assessment of the current developments from its leading cyber security experts in North America, Europe and IMEA regions.

The force of cyber attacks is increasing. Who is responsible?

Additional waves of attack will follow, but there will be an increased strength behind these attacks. This raises central questions about the protection of networked devices, IT/OT networks, and connected infrastructures: Who is responsible when cyber security measures are not sufficient? Do organisations need to further tighten their requirements and governance controls?

IoT requires mandatory security standards

Smart devices are becoming increasingly popular – simultaneously the protection of consumer privacy is becoming more urgent. Manufacturers of networked devices will have to introduce higher security standards. Voluntary or mandatory cyber security verification and certification for IoT devices will become more likely before their market launch.

2017 will be the year of cloud security solutions

Customer sensitivity to integrated cloud services and IT network security is increasing. Security solutions that monitor the network traffic between the cloud service client and the cloud service provider are in increasingly high demand. Furthermore, the cloud becomes increasingly the source for security solutions including real-time security analysis and the detection of anomalies by artificial intelligence (machine learning), but also for security data analytics managed services and incident response advisory services.

The new perfect couple: IAM and the cloud.

IAM and the cloud are becoming the new organizational perimeter. Cloud strategies will be closely interwoven with the fields of law, access and password management. The result is a consistent user and authorizations management, using roles in addition to a secure and user-friendly authentication.

Preferred targets: Patient records and medical devices.

Hackers will target the healthcare sector with increasing frequency in 2017. Medical facilities will need convincing answers to the questions surrounding improved protection of networked medical devices and sensitive patient data. Additionally, as data protection requirements in Europe continue to tighten, manufacturers of medical devices will continue enlisting independent third parties for security audits.

Managed security services: You won´t protect your organisation without them.

Many organisations still view the subcontracting of cyber security to external partners with a critical eye. In light of the continuing lack of talent, trust in competent cyber security partners will become one of the most important success factors to protecting organizations, due in part to the growing number of internal offenders.

Industry 4.0: Integrating functional safety and cyber security

Now more than ever, the unauthorised access exposes industry systems and critical infrastructures to safety and security risks. Since IT is an essential part of manufacturing, functional safety and cyber security will have to work together to secure data exchange, and to ensure availability and reliability of networked systems. Networked industry (Industry 4.0) organisations, in particular, will have to consider the safety and security of their products across the entire life cycle and continuously monitor them for potential risks.

Key factor endpoint security

Terminal devices, such as servers, laptops, mobile phones and tablets, desktop computers, etc. are among the easiest gateways for attackers to capture. Solutions limited to filtering suspected malicious content (i.e. Anti-Virus, Anti-Malware) at the endpoint, no matter how “intelligent”, will not suffice. Gaining visibility into real-time threats by monitoring and correlating with other events across the enterprise will offer superior protection against potential attacks.

The end of the silo mentality? eGRC and IT GRC are coming together

The integrated view of IT and business risks does not only improve the regulatory reporting; it allows for an unbiased view of actual risk exposure and the protected organisation’s values. Additionally, integrating eGRC and IT GRC enables management to achieve a higher decision quality within the organisation. These tactics are of vital importance to organisations when considering tightened legal requirements, such as the EU data protection basic regulation, and the protection of intellectual property.

At TÜV Rheinland and OpenSky, we believe senior management plays a key role in securing their organisations from both internal and external threats. According to Tom Hazen, President at OpenSky, “Cyber security must be part of each business case and cannot be viewed only as a pure cost driver. Ideally, cyber security becomes a risk consultation and also a business enabler”.

Edited for web by Jordan Platt.

The post The year of cyber security appeared first on DevOps Online North America.

Chris Wysopal, Veracode CISO & CTO and Adrian Lane, Securosis CTO, discuss pragmatic best practices for embedding security into agile SDLC and DevOps processes.

The post Secure agile and DevOps appeared first on DevOps Online North America.