Ta kontakt med oss

TEKNOLOGI

why expired machine identities represent a growing business risk

Publicerad

A 'way out' sign.


Kevin Bocek, VP of security strategy and threat intelligence, Venafi, explains how cloud complexity and multicloud is increasing the number of outages.

Spotify users recently experienced an event that is becoming all-too familiar to digital consumers. They were left unable to listen to their favourite podcasts for hours after an TLS certificate at the streaming giant expired. Although certificates, or ‘machine identities’, like these are intended to provide a backbone of trust across the online world, they are also increasingly challenging for organisations to manage. Digital transformation is driving an unprecedented expansion of machine identity volumes across the globe. That’s bad news for the security teams tasked with managing them. When even one expires, it can lead to chaos.

Spotify is certainly not the first big-name brand impacted in this way. And it definitely won’t be the last. The message is clear: brands need a more efficient, automated way to manage these identities if they want to optimise cybersecurity and service uptime.

An expensive challenge

While human identity is authenticated and secured via usernames and passwords, machine identities use keys and certificates to validate the legitimacy of information flowing between authorised machines. They can be used to secure privileged access, DevOps assets and web transactions, authenticate software code, and enable secure, remote access to enterprise networks.  But what happens when those identities expire? A certificate-related outage of the sort that recently affected Spotify, creates downtime and security risks until it is resolved.

That could end up having a major financial and reputational impact. Exactly how much is open to debate, as accurate data is difficult to come by. A Gartner study from years ago puts the figure at $5,600 per minute of IT downtime. A more recent study from ITIC claimed that just one hour of server downtime totals $300,000+ for 91% percent of SMEs and large enterprises. Over two-fifths (44%) of respondents said an hour costs over $1m. That’s not to mention the impact of poor customer experience, reduced worker productivity, diminished brand value, supply chain disruption and other factors highlighted in this research.

Getting worse

The bad news is that machine identity management is becoming more challenging for security teams as their organisations embark on a proliferation of digital initiatives. Research reveals that two-thirds (65%) of businesses increased technology spend during the pandemic. They invested in IoT systems to streamline business processes, laptops and mobile devices for hybrid workers, and new internal and customer-facing apps and websites to improve user experiences. In the cloud, containers, APIs and more help to drive DevOps and greater business agility. But all of these new assets need machine identities to help secure them.

Research reveals that the average business used nearly 250,000 machine identities at the end of 2021. Yet it’s predicted that they’ll double this inventory to at least 500,000 by 2024. With so many certificates to issue and manage, it’s no surprise that some slip through the cracks.

The challenge is made that much harder by separate trends occurring in the marketplace. Leading browsers are demanding that organisations change their machine identities every year, which will accelerate the frequency with which they must rotate certificates. What’s more, Let’s Encrypt, now the world’s leading certificate authority (CA), and many of its peers, are now only issuing machine identities for 90 days. They’re doing this to limit any potential damage from key compromise and mis-issuance. But forcing more frequent renewals makes missed expiration dates more likely. This doesn’t just increase the risk of outages, it can create additional security risks, by exposing websites to man-in-the-middle and phishing attacks.

It’s time to automate

This is a situation that can no longer be managed manually. Even organisations with modest digital transformation plans will soon find the number of keys and certificates they need to keep track of spiralling out of control. The answer is to invest in a control plane which enables automated management of machine identities throughout their lifespan.

There are several ways that intelligent automation of this kind can benefit organisations and their security administrators. First, they can be set to intuitively discover all corporate certs across cloud, virtual and physical assets, and then catalogue them in a centralised repository. That will provide continuous visibility. Next, control tools can be deployed to automatically verify security compliance: ensuring all certificates have the right owners, attributes, and configurations no matter which CA issued them. Finally, and most important for mitigating the risk of expiration, tools can help teams continuously monitor all of their certs, alert them when one is about to expire and even automatically renew.

Being able to install, configure and validate certificates proactively before they expire, and in seconds, not only reduces security risk and the threat of financial and reputational damage that stems from outages. It also frees up security staff to work on high value strategic tasks. In a world where security talent is in increasingly short supply, that’s yet another reason to automate away the challenges of machine identity management.



Källlänk

Klicka för att kommentera

Lämna ett svar

Din e-postadress kommer inte publiceras. Obligatoriska fält är märkta *

TEKNOLOGI

4 Activities that Automakers Can Digitize Now

Publicerad

4 Activities that Automakers Can Digitize Now

Digital automaking is supported by technology-driven trends, consumer needs and new developments in artificial intelligence.

Manufacturing, procurement of raw materials, marketing and sales are factors involved in this change.

Digital automaking is a process that combines simulation, three-dimensional visualizations, analytics and several tool partnerships to make automotive manufacturing easier. Since the automotive industry has been undergoing a digital transformation primarily driven by intelligent mobility, it has encouraged the market to adopt new technology and software for modern vehicles. There has also been a growing need to increase industrial processes’ sustainability, environmental friendliness and adaptability. All of this has made automotive digitalization extremely important.

Automotive digitization helps to keep precise control over business operations, which is made possible using modern technologies like ML (machine learning) and AI (artificial intelligence) to improve short- and long-term performance. 

Automotive digitization has also increased the capacity to monitor each component of the supply chain while lowering costs and risks. Digital automaking can offer automotive solutions in terms of better design, time efficiency, and many other industry solutions.

4 Activities that Can Be Digitized by Automakers Now

4_Activities_that_Can_Be_Digitized_by_Automakers_Now.png

1. Manufacturing

Customers desire tailored goods, but they don’t want to pay more than they would for items that are mass-produced. As a result, manufacturing must be more adaptable than ever, leading to mass customization. Thus, the design, fabrication, use and maintenance of products are changing as a result of the digitalization of manufacturing. It is also changing the operations, procedures and energy footprint of supply chains and more. Digital manufacturing enables firms to provide additional options that are tailored to individual customers. Businesses can better understand supply-chain challenges, including inventory levels, delivery status and demand cycles, thanks to digital manufacturing. 

The factories of the future will move from automation to autonomy, strengthening real-time communication between equipment, physical systems, and people. These factories are referred to as smart factories. The most notable advantages of a smart factory are its shop floor connectivity, advanced robotics, flexible automation, augmented and virtual reality systems, and efficient energy management. The general manufacturing sector’s global standards are established by the automotive industry.

Over the past two decades, the automotive sector has expanded tremendously. However, the main elements that will affect whether digitalization is successfully implemented are the significance of realizing a return on investment (RoI) and the willingness of employees at both the top-most and lowest levels of an organization.

2. Supply Chain

By removing the functional barriers that divide different areas, the digitization of the supply chain is a cross-functional process that spans the entire lifecycle of a vehicle or product and involves all company divisions. It allows for an ecosystem that connects all stakeholders, from raw material and component suppliers to logistics companies, dealers and customers.

Utilizing digital technology throughout the entire supply chain allows for real-time monitoring of all supply-chain stages, be it either procurement of raw materials or finished products ready to be delivered or purchased. The evaluation and management of each event’s impacts on the supply chain can help the automation of procedures and the avoidance of potential interruption.

3. Design

Design plays a significant role in the automotive industry. By digitizing design activity, design professionals can test multiple hypotheses before proceeding with the design phase. Digitalization in the designing of products has been enabled by a digital model known as Digital Twins, which represents tangible assets in 3D. Digital twins mirror the complete car or one of its components’ appearance and behavior. With great assistance from sophisticated software, businesses can collect information about configuration, sensors, inspection data, and other details to improve the product’s design.

Automobile manufacturers are among the many industrial firms that recognize digital twins’ possibilities and the potential it has to bring in the best in the business of automobiles. The design and production processes are simplified by 3D representations, improving vehicle performance and cutting costs for the manufacturers. The twin technology is quickly rising to the top of the list of software solutions used in contemporary auto manufacturing, with applications ranging from car design to predictive maintenance to boosting sales using digitally generated models.

4. Marketing

Any marketing strategy aims to tailor the right message to the right set of audiences at the right time. A marketing campaign that appeals to a 45-year-old countryside man might not affect a 23-year-old lady residing in an urban area. Therefore, the impact of marketing combined with the effectiveness of Artificial Intelligence (AI) can be the biggest boon to any business. The automotive industry can enormously benefit in how they market their brand/product by adding the power of artificial intelligence to their current data. It can lead to a strong possibility of purchasing your products early in the sales process, possibly before customers even begin looking for their new car, which is indicated by specific online activities. 

As a result of recent advancements in third-party cookies and mobile advertising identifiers, AI can now assist brands in finding new prospects much more quickly by utilizing data to identify customers with similar characteristics and behaviors. This strategy can potentially increase your prospective customer base and give you an advantage over your competitors. You can identify high-priority targets by identifying the demographic categories that overlap. These solutions don’t require cookies and are more likely to comply with escalating privacy requirements because they rely on behaviors rather than personal data.

The automotive sector has modified its strategy and is now embracing digitization. Digital transformation in the automotive industry still has a lot of gaps to be addressed, but the trend toward digitization is a sign that the stakeholders in the automotive sector will be properly supplied with digital solutions in the coming days. With intelligent technology, and operations across the entire company and all departments, including manufacturing, supply chain, marketing, and sales, digital automaking will help the automotive industry to flourish in this digital era. An increasingly digital supply chain will also dismantle established barriers and greatly enhance communication. Undoubtedly, businesses must adopt a more significant digital transformation to be ready in this competitive automotive industry.

Källlänk

Fortsätt läsa

TEKNOLOGI

The 10 Worst Cybersecurity Strategies You Need To Know

Publicerad

The 10 Worst Cybersecurity Strategies You Need To Know

Employees should be trained on basic cybersecurity practices and the dangers of phishing scams.

Granting too many privileges to user accounts can lead to security breaches. Failing to update software on time can leave vulnerabilities open to attacks. 

Organizations should have a disaster recovery plan in place to ensure quick recovery in the event of a cyberattack.

Counting down to the absolutely worst cybersecurity strategies. 

Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster. You know who you are…

Let’s count them down.  

10. Cyber-Insurance

No need for security, just get insurance. Transferring risk is better than mitigating it!

Famous Last Words: Sure, it should be covered

9. Audit Confidence

Conducting a comprehensive security audit. …and ignoring the results

Famous Last Words: We will close those gaps later…

8. Best Tools, Left Unmanaged

Deploying several good tools, set to autopilot. No need to manage or maintain anything 

Famous Last Words: Security is not that difficult…

7. Regulatory Compliance

Meeting the minimum requirements (defined 2 years ago)

Famous Last Words: Relax, we are compliant!

6. One Good Tool

We just need one good tool (ex. AV) and we are set. 

Famous Last Words: That should do it.

5. IT Dependence  

Cybersecurity is a tech problem, it’s IT’s responsibility. 

Famous Last Words: The IT dept has it covered.

4. Security by Marketing  

Believing the snake-oil (deceptive marketing) salesperson that will ‘solve‘ your security problems

Famous Last Words: We are totally protected now! (or similar derivative from the sales brochure)

3. Default Security Settings  

Products and services come with security built in! 

Famous Last Words: It’s new, shiny, and looks secure. Don’t worry, we should be fine!

2. Security by Obscurity

Nobody knows or cares about us. We are too small to be targeted.

Famous Last Words: We haven’t been attacked yet…

1. Hope, as a Strategy

I hope we don’t get attacked. Let’s move on with more important things.

Famous Last Words: <meek inner voice>> Just don’t think about security because it is too scary, expensive, and complex!

 

This is the menu that evokes anger, frustration, and pity among cybersecurity professionals around the globe. Eventually it always ends in despair, blame, and a side of tears.

A solid long-term strategic plan is a necessity for an efficient and capable cybersecurity capability. Cybersecurity fails without a proper strategy. 

Källlänk

Fortsätt läsa

NYHETER

OpenAI Introduces ChatGPT Plus with Monthly Subscription of $20

Publicerad

Open AI - Chat GPT

OpenAI, the leading artificial intelligence research laboratory, has launched a new product – ChatGPT Plus. The new product is an advanced version of its previous language model, ChatGPT, and is available for a monthly subscription of $20. The company aims to provide a more sophisticated and efficient conversational AI tool to its users through this new product.

ChatGPT Plus is a state-of-the-art language model that uses advanced deep learning algorithms to generate human-like responses to text inputs. The model has been trained on a massive corpus of text data, allowing it to generate coherent and contextually relevant responses. The model is designed to handle a wide range of conversational topics and can be integrated into various applications, such as chatbots, customer support systems, and virtual assistants.

One of the main advantages of ChatGPT Plus over its predecessor, ChatGPT, is its ability to generate responses in a more human-like manner. The model has been fine-tuned to incorporate more advanced language processing techniques, which enable it to better understand the context and tone of a conversation. This makes it possible for the model to generate more nuanced and appropriate responses, which can greatly improve the user experience.

In addition to its advanced language processing capabilities, ChatGPT Plus also offers improved performance in terms of response generation speed and efficiency. The model has been optimized to run on faster hardware and has been fine-tuned to generate responses more quickly. This makes it possible for the model to handle a larger volume of requests, making it an ideal solution for businesses with high traffic websites or customer support centers.

The monthly subscription fee of $20 for ChatGPT Plus makes it an affordable solution for businesses of all sizes. The company has designed the pricing model in such a way that it is accessible to businesses of all sizes, regardless of their budget. This makes it possible for small businesses to take advantage of advanced conversational AI technology, which can greatly improve their customer engagement and support.

OpenAI has also made it easy to integrate ChatGPT Plus into various applications. The company has provided a comprehensive API that allows developers to easily integrate the model into their applications. The API supports a wide range of programming languages, making it possible for developers to use the technology regardless of their preferred programming language. This makes it possible for businesses to quickly and easily incorporate conversational AI into their operations.

In conclusion, OpenAI’s launch of ChatGPT Plus is a significant development in the field of conversational AI. The new product offers advanced language processing capabilities and improved performance, making it an ideal solution for businesses of all sizes. The affordable pricing model and easy integration make it accessible to businesses of all sizes, and the advanced language processing capabilities make it possible for businesses to improve their customer engagement and support. OpenAI’s ChatGPT Plus is set to revolutionize the conversational AI industry and bring advanced technology within the reach of businesses of all sizes.

Visit OpenAI.com to read more and to get the latest news about ChatGPT.

Fortsätt läsa

Trendigt

sv_SESvenska