Connect with us

OTHER

How to defend against evolving cybersecurity threats

Published

on

Cloud Computing News

Rik Chorus, Kyndryl’s director of security and resiliency & networking and edge, Benelux, discusses how the firm is helping organisation’s navigate their way through an ever-changing tech and business landscape.

Can you tell us a little bit about Kyndryl and what you do at the company?

There are a few things that I think are really interesting and that set Kyndryl apart from everything I’ve seen in the market so far. One of the things is that Kyndryl, as the world’s largest IT infrastructure services provider, is really focusing on very complex, large infrastructures. And one of the things that we do really well is, in all that complexity and all the fragmentation that we see in the landscape, we try to build better innovations and more efficiency. We create a lot of simplification, creating systems in a lot of new ways for our clients by drawing on the technologies of partners such as Microsoft, Google Cloud  and Nokia.

That’s something we excel at, as well as the people. The people in our organisation, the skills and the knowledge that we can deliver to organisations is absolutely formidable.

We’re very strong on the co-create side. We do a lot in co-creation with clients. We’re not just enforcing solutions onto any organisation. We’re really trying to build and innovate in ways that bring value to the client, and also make sense to them. Through collaborative co-creation with our customers, we support them in unleashing innovations that are essential for their ongoing success.

Advertisement

We have several practices that we build along and two of the practices are in my domain, which is the security and resiliency part, and the network and edge part. But we also do data and AI. We work on the application, the mainframe. We work on various other topics with our clients and one of the really important ones is the digital workspace. So there are several things that we help clients with from various perspectives.

So it sounds like you’re involved in a bit of everything. What are the main tech trends that you’ve seen developing?

Let’s start with my own practice. In cybersecurity, we see it is becoming more of a business problem. And it’s also being viewed by the business instead of just being seen as an operational problem. We see a shift that is moving from cybersecurity to cyber resilience.

And that has a lot to do with ransomware, for example, because that really changed the way we needed to look at cybersecurity and how we were capable as organisations to overcome those types of threats. It really is key in every industry as it is no longer the question whether a security breach will happen, but when and how big the damage is. A proactive – versus reactive – approach to secure applications and mission-critical systems is a matter of survival. Because of this, we offer a wide range of services that enable our enterprise customers to quickly detect and effectively respond to and recover from cyberattacks.

AI and machine learning, of course, continue to be a huge trend. At Kyndryl, AI plays an important role. We both apply AI in our operations and enable our customers to use AI in their business. AI is also providing us with more opportunities to help customers with their data architectures and manage their infrastructures, all of which can enable them to operate more efficiently.   But also AI ethics, responsible AI solutioning is important. We need to address issues, such as trust, risk and security. We need transparency. When it comes to AI models, we now see a lot of generative AI like ChatGPT. But what are those models based on? What was the trustworthiness of them? What data is being inputted? These models are so significantly large when it comes to the data that’s in there, that it’s really important to consider the AI ethics that we need to uphold. With the amount of data available, it’s more important than ever to ensure it’s used correctly with a modernized data architecture.  

You see trends around data and AI, data observability. It will be key for scaling AI in any business. There’s definitely a lot going on on the data and AI side.

Advertisement

Cloud, of course, is still a trend. It’s been here for a long time already but I still think that the cloud will be able to drive a lot of innovation. We’ve seen, for example, with the COVID pandemic, that companies were storing a lot of data and doing business in the cloud. We’re much faster in adopting the new way of working with all the remote workers etc.

Other trends are around 5G. You see a lot of 5G networks popping up, and we’ll see more of that throughout all industries. For example, retail, right where companies want to enhance the customer experience.

You probably speak to a lot of customers or potential customers. What do they tell you are the big challenges they’re facing?

They’re facing numerous challenges. For me, it’s specifically more on the cybersecurity and resiliency side, but they’re having to deal with a variety of other challenges. For example, with data silos that you see in organisations. Trying to share data and have that comprehensive view as an organisation tends to be really hard. One of the things we help customers with is data modernisation and trying to remove those barriers and silos inside an organisation, so that you can more easily share and collaborate.

Another one, of course, is legacy systems. We still see a lot of legacy. If you look at it from a security perspective, that’s even harder because you don’t want to touch legacy systems with new kinds of security solutioning because they probably will end up dying on you.

If you install an antivirus client on the mainframe that’s been sitting there for 20 years, it will not be able to process it. But legacy systems tend to be slow, rigid and usually very expensive also to maintain. So it’s making it difficult for organisations to integrate them with the newer technologies.

Advertisement

I see a lot of issues on the cybersecurity side, from the advancing threat landscape. If you look at all the IoT, the sensors, OT, all the different things that we’re connecting, and the way that the complete attack surface is expanding, it’s very significant. That would give a lot of new opportunities to people with malicious intent into organisations because their attack surface is expanding so rapidly. And a lot of organisations have a complete view of all the IoT and OT that they have within their environment. So it’s going to be very challenging to make sure that you have the proper security on that.

And, from a cybersecurity perspective, also the regulatory compliance that organisations need to uphold. We have already seen GDPR with regard to privacy in Europe. Now we’re also seeing new legislation coming from the European Union around the NIS2 directive, and the DORA, which is the Digital Operation Resiliency Act for financial institutions. So there’s a lot of attention coming from governments, and we need to make sure that our cyber security and cyber resiliency is updated.

How do you see the cybersecurity threats evolving? And how do you expect that the change in the future?

The threats are becoming a lot more sophisticated? Just look at phishing. We still see there’s a high rate of these types of attempts that are successful, because there’s always somebody that didn’t see that it wasn’t a proper email or that it was something malicious.

There’s always the human factor that we need to include when it comes to cybersecurity. So it will still be simple things that will be leveraged to attack organisations, but you also see a lot more sophisticated attacks on organisations. There are well thought out attacks that leverage, for example, AI or leverage machine learning. You cannot make a distinction between if it is real, or if it is not real. There are emails coming in that are so sophisticated, that you think it’s the real thing.

I think we will see more deepfake. If you look into deepfakes that we’re seeing now, they’re very hard to distinguish from reality. And then you see that individuals or the media are being influenced by types of deepfakes. It’s really hard to get a clear understanding of what’s real and what isn’t anymore.

Advertisement

Is there any advice that you could give companies that want to improve their cybersecurity?

One of the best books I’ve been reading recently is around cybersecurity first principles. It talks about us now having all the solutions, all the fragmented landscapes and all these different frameworks. But what’s really important to your organisation? First, you need to define what it is that you’re trying to achieve with cybersecurity, because sometimes we really lose sight of the goal, and we’re just extinguishing fires that pop up in an organisation and we’re putting in new technology. Then something else happens and we’re adding more technology, more complexity and more fragmentation to the environment. So really looking at what are my key essentials, what are my risks, then defining a good, proper, solid framework. It’s really about doing the fundamentals in cybersecurity.

And then, unfortunately, ‘zero trust’ has become a buzzword in the industry and I see so many approaches to zero trust. I see some vendors saying if you implement this box then you have zero trust and that’s not the case. Zero trust is actually a really good thought. It’s a philosophy, it’s a thought. It’s not a solution. It’s not something that you implement. It’s really about changing the mindset of your organisation and doing things in a different way.

And if you look at the future with quantum computing, AI etc, having a good and solid zero trust strategy will be key for any organisation. You really want to move away from that defence in depth and perimeter defence, to ‘I’m just not trusting anything’. I’m going to decide, based on what I’m seeing from you and how I can identify you, what type of trust I’m going to give you. But we need to push that forward a lot more even, for example, in segmentation. I see a lot of organisations say ‘yeah, we do segmentation’, and then you drill down and it’s just VLAN segmentation. While you should also be looking at, for example, micro segmentation.

If I look at an application, why should somebody sitting at the front desk have access to the financial reports of an organisation? It makes no sense. But usually that happens because there is no segmentation on the application side. There are lots of things that you can actually leverage when it comes to the zero trust strategy. There are some great tactics for zero trust. For example, you do vulnerability assessments, you look at your assets in your organisation, you identify, you do segmentation or micro segmentation, there are many good steps that you can actually take.

The managed security services market has been valued at $47 billion and I heard that’s something Kyndryl is focusing on. What are the latest products and services that Kyndryl has introduced in this area?

Advertisement

When you look at the managed security services, it’s really about helping organisations solve a few problems. One of the problems is that they might not have the proper skills and resources. As an organisation, it’s very hard to get the right security people in your organisation. It’s very hard to even find them, because we have a significant lack of security personnel in that area.

Kyndryl has built and set up several Security Operation Centers (SOC’s) spread geographically in Spain, Italy, Hungary and Canada.. So we have several security operations centres that you, as a client, might be able to leverage. But the good thing is that we don’t just say ‘alright, we’re going to take over everything, and you’re going to get our security operations centre, and that’s it.

We’re going to be looking at what capabilities you are missing, and that you could leverage from us that we have in our security operations centres. What skills or certain capabilities are missing? How can we help you from that end? It might be that you need incident response capability, it might be that you need monitoring and analytics, it might be that you need threat hunting capability.

And what I’m seeing with a lot of customers is a bit of a shift from completely outsourcing all of those things to feeling that they just need certain capabilities. And that’s something Kyndryl is really addressing in a smart way, by co-creating, by leveraging those specific capabilities to an organisation in which we can really help them and perhaps lower the cost for them. But also help them with skills and the resources that they might need.

So there’s a lot of things happening on the managed side. We’re doing endpoint detection and response, and a lot of other managed capabilities, for example, around identity and access management or vulnerability management. There are tonnes of things that we are capable of already doing, which we have built up in a tremendously swift amount of time. It’s incredible how great the steps are that we have made in the past two years.

What plans does Kyndryl have for the year ahead?

Advertisement

We are in the year of acceleration. We will continue to advance and execute on our strategy to drive the growth of our business locally and worldwide. Also, we will continue working on strengthening our alliances and signing hyperscale contracts with local companies that are advancing in their digital transformation. 

In terms of cybersecurity and resiliency, we are pretty far ahead already on the resiliency side, because it’s something that organisations are now picking up on.

We have made great steps on really providing a full circle resilience solutioning for our clients, from helping them with consulting, to solutioning, to providing services. And if you look at the future, it’s really about the solution that we are building like Kyndryl Bridge, where we seamlessly integrate AI, operational data and our expertise to provide our customers with a new way to operate their systems and deliver improved business outcomes. For the next year, we want to support companies even more to have greater visibility and control over their complex IT operations, resulting in better returns on investment and fewer incidents.

Besides this, we focus on simplifying environments for our clients. We need to make sure that we leverage automation in the best way, so that we reduce the pressure of everything that’s coming into those organisations, and they might not be able to respond to them. Why not do it in an automated way? Why not leverage full automation capabilities, leverage, enrich, to integrate applications, to simplify, to innovate, to add a lot more business value and try to be more efficient?

So that’s where we’re heading. Better innovation, better integration, more simplification, and more automation for your organisation.

Check out the upcoming Cloud Transformation Conference, a free virtual event for business and technology leaders to explore the evolving landscape of cloud transformation. Book your free virtual ticket to deep dive into the practicalities and opportunities surrounding cloud adoption. Learn more here.

Advertisement

Tags: cybersecurity, Kyndryl

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

OTHER

Why Malia Obama Received Major Criticism Over A Secret Facebook Page Dissing Trump

Published

on

Why Malia Obama Received Major Criticism Over A Secret Facebook Page Dissing Trump

Given the divisive nature of both the Obama and Trump administrations, it’s unsurprising that reactions to Malia Obama’s alleged secret Facebook account would be emotional. Many online users were quick to jump to former President Donald Trump’s defense, with one user writing: “Dear Malia: Do you really think that anyone cares whether you and/or your family likes your father’s successor? We’re all trying to forget you and your family.”

Others pointed out the double standard held by those who condemn Trump for hateful rhetoric but praise people like Malia who speak out against her father’s successor in what they believe to be hateful rhetoric. Some users seemed bent on criticizing Malia simply because they don’t like her or her father, proving that the eldest Obama daughter couldn’t win for losing regarding the public’s perception of her or her online presence. 

The secret Facebook situation is not all that dissimilar to critics who went after Malia for her professional name at the 2024 Sundance Film Festival. In this instance, people ironically accused Malia of using her family’s name to get into the competitive festival while also condemning her for opting not to use her surname, going by Malia Ann instead.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

OTHER

Best Practices for Data Center Decommissioning and IT Asset Disposition

Published

on

By

Best Practices for Data Center Decommissioning and IT Asset Disposition

Data center decommissioning is a complicated process that requires careful planning and experienced professionals.

If you’re considering shutting down or moving your data center, here are some best practices to keep in mind:

Decommissioning a Data Center is More than Just Taking Down Physical Equipment

Decommissioning_a_Data_Center_is_More_than_Just_Taking_Down_Physical_Equipment.jpg

Decommissioning a data center is more than just taking down physical equipment. It involves properly disposing of data center assets, including servers and other IT assets that can contain sensitive information. The process also requires a team with the right skills and experience to ensure that all data has been properly wiped from storage media before they’re disposed of.

Data Centers Can be Decommissioned in Phases, Which Allows For More Flexibility

When you begin your data center decommissioning process, it’s important to understand that it’s not an event. Instead, it’s a process that takes place over time and in phases. This flexibility allows you to adapt as circumstances change and make adjustments based on your unique situation. For example:

  • You may start by shutting down parts of the facility (or all) while keeping others running until they are no longer needed or cost-effective to keep running.

  • When you’re ready for full shutdown, there could be some equipment still in use at other locations within the company (such as remote offices). These can be moved back into storage until needed again.

Data Center Decommissioning is Subject to Compliance Guidelines

Data center decommissioning is subject to compliance guidelines. Compliance guidelines may change, but they are always in place to ensure that your organization is following industry standards and best practices.

Advertisement
  • Local, state and federal regulations: You should check local ordinances regarding the disposal of any hazardous materials that were used in your data center (such as lead-based paint), as well as any other applicable laws related to environmental impact or safety issues. If you’re unsure about how these might affect your plans for a decommissioned facility, consult an attorney who specializes in this area of law before proceeding with any activities related to IT asset disposition or building demolition.

  • Industry standards: There are many industry associations dedicated specifically toward helping businesses stay compliant with legal requirements when moving forward with projects such as data center decommissioning.

  • Internal policies & procedures: Make sure everyone on staff understands how important it is not just from a regulatory standpoint but also from an ethical one; nobody wants their name associated with anything inappropriate!

Companies Should Consider Safety and Security During the Decommissioning Process

Data center decommissioning is a complex process that involves several steps. Companies need to consider the risks associated with each step of the process, and they should have a plan in place to mitigate these risks. The first step of data center decommissioning is identifying all assets and determining which ones will be reused or repurposed. At this point, you should also determine how long it will take for each asset to be repurposed or recycled so that you can estimate how much money it will cost for this part of your project (this can be done through an estimate based on previous experience).

The second step involves removing any hazardous materials from electronic equipment before it’s sent off site for recycling; this includes chemicals used in manufacturing processes like lead-free solder paste adhesives used on circuit boards made from tin-based alloys containing up 80% pure tin ingots stamped out into flat sheets called “pucks”. Once these chemicals have been removed from whatever device needs them taken off their surfaces then those devices can safely go through any other necessary processes such as grinding away excess plastic housing material using high pressure water jets until only its bare frame remains intact without any cracks where moisture might collect inside later causing corrosion damage over time due too much moisture exposure.

With Proper Planning and an Effective Team, You’ll Help Protect Your Company’s Future

Data center decommissioning is a complex process that should be handled by a team of experts with extensive experience in the field. With proper planning, you can ensure a smooth transition from your current data center environment to the next one.

The first step toward a successful data center decommissioning project is to create a plan for removing hardware and software assets from the building, as well as documenting how these assets were originally installed in the facility. This will allow you or another team member who may inherit some of these assets later on down the line to easily find out where they need to go when it’s time for them to be moved again (or disposed).

Use Professional Data Center Decommissioning Companies

In order to ensure that you get the most out of your data center decommissioning project, it’s important to use a professional data center decommissioning company. A professional data center decommissioning company has experience with IT asset disposition and can help you avoid mistakes in the process. They also have the tools and expertise needed to efficiently perform all aspects of your project, from pre-planning through finalizing documentation.

Proper Planning Will Help Minimize the Risks of Data Center Decommissioning

Proper_Planning_Will_Help_Minimize_the_Risks_of_Data_Center_Decommissioning.jpg

Proper planning is the key to success when it comes to the data center decommissioning process. It’s important that you don’t wait until the last minute and rush through this process, as it can lead to mistakes and wasted time. Proper planning will help minimize any risks associated with shutting down or moving a data center, keeping your company safe from harm and ensuring that all necessary steps are taken before shutdown takes place.

Advertisement

To Sum Up

The key to a successful ITAD program is planning ahead. The best way to avoid unexpected costs and delays is to plan your ITAD project carefully before you start. The best practices described in this article will help you understand what it takes to decommission an entire data center or other large facility, as well as how to dispose of their assets in an environmentally responsible manner.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

OTHER

Massive Volatility Reported – Google Search Ranking Algorithm Update

Published

on

Google Logo Exploding Cracking

I am seeing some massive volatility being reported today after seeing a spike in chatter within the SEO community on Friday. I have not seen the third-party Google tracking tools show this much volatility in a long time. I will say the tracking tools are way more heated than the chatter I am seeing, so something might be off here.

Again, I saw some initial chatter from within the SEO forums and on this site starting on Friday. I decided not to cover it on Friday because the chatter was not at the levels that would warrant me posting something. Plus, while some of the tools started to show a lift in volatility, most of the tools did not yet.

To be clear, Google has not confirmed any update is officially going on.

Well, that changed today, and the tools are all superheated today.

Google Tracking Tools:

Let’s start with what the tools are showing:

Semrush:

Advertisement

Semrush

SimilarWeb:

Similarweb

Mozcast:

Mozcast

SERPmetrics:

Serpmetrics

Advanced Web Rankings:

Advancedwebranking

Accuranker:

Accuranker

Wincher:

Advertisement

Wincher

Mangools:

Mangools

SERPstat:

Serpstat

Cognitive SEO:

Cognitiveseo

Algoroo:

Algoroo

So most of these tools are incredibly heated, signaling that they are showing massive changes in the search result positions in the past couple of days.

SEO Chatter

Here is some of the chatter from various comments on this site and on WebmasterWorld since Friday:

Advertisement

Speaking of, is anyone seeing some major shuffling going on in the SERPs today? It’s a Friday so of course Google is playing around again.

Something is going on.

Pages are still randomly dropping out of the index for 8-36h at a time. Extremely annoying.

Speaking of, is anyone seeing some major shuffling going on in the SERPs today? It’s a Friday so of course Google is playing around again

In SerpRobot I’m seeing a steady increase in positions in February, for UK desktop and mobile, reaching almost the ranks from the end of Sep 2023. Ahrefs shows a slight increase in overall keywords and ranks.

In the real world, nothing seems to happen.

yep, traffic has nearly come to a stop. But exactly the same situation happened to us last Friday as well.

USA traffic continues to be whacked…starting -70% today.

In my case, US traffic is almost zero (15 % from 80%) and the rest is kind of the same I guess. Traffic has dropped from 4K a day to barely scrapping 1K now. But a lot is just bots since payment-wise, the real traffic seems to be about 400-500. And … that’s how a 90% reduction looks like.

Something is happening now. Google algo is going crazy again. Is anyone else noticing?

Since every Saturday at 12 noon the Google traffic completely disappears until Sunday, everything looks normal to me.

This update looks like a weird one and no, Google has not confirmed any update is going on.

What are you all noticing?

Forum discussion at WebmasterWorld.

Source link

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

Trending

Follow by Email
RSS