TECHNOLOGY
On the increased cybersecurity threat and mitigating risks
Cloud Tech caught up with Andrew Egoroff, Senior Cybersecurity Specialist at ProcessUnity, to discuss the increased threat around the Russia-Ukraine crisis and how to mitigate risks from third parties.
A business can implement excellent internal cybersecurity measures, but a slip-up from a third-party vendor can have devastating consequences. ProcessUnity specialises in helping businesses determine what vendors carry the lowest risk.
“We try and evangelise the philosophy of assessing your third parties with the same controls you’re using for your internal network,” explains Egoroff. “If you consider third parties to be an entry point into your network, then it’s very key that you have those sort of controls.”
Most vendors will have done some previous assessment of their cybersecurity against an industry framework. If they haven’t, it might be time to consider a different vendor.
Egoroff has some additional tips to lower a specific vendor’s risk to your organisation.
“Understanding what data is in your internal network and what the external third party has access to defines the controls required,” says Egoroff.
“For example, if you’ve got credit card data and your third party is accessing that data for whatever reason—that starts defining the scope of not only your infrastructure but also the controls that need to be applied around that set of data for that third party.”
Zero-trust models are being increasingly evangelised. The idea behind zero-trust is that implicit trust is eliminated and only the bare minimum access to perform certain tasks is assigned.
Egoroff believes more organisations should adopt a zero-trust model and notes how the Russia-Ukraine war highlights the need to do so.
“There was a bug bounty released by organisations on the Russian or Ukraine side asking for people to find vulnerabilities against infrastructure, public services, that sort of stuff,” says Egoroff.
“The term that I heard was that now is the first time in history that everybody can participate in a war. It’s really enhancing or furthering that importance of making sure there’s zero trust.”
The heightened risk around the conflict drives home the need for robust cybersecurity measures.
“It’s not just a simple case of doing an assessment or running a vulnerability scan and achieving a baseline—it’s that constant checking to ensure that your infrastructure your assets have been patched, the appropriate controls are put in place, and any access to that data is constantly being checked,” explains Egoroff.
“You need a platform like ProcessUnity that allows you to interface with a lot of technologies out there and have everything in a single pane of glass to facilitate and make more efficient those processes to make sure you’re getting constant checks against all those various data points.”
Hackers on both sides of the conflict are getting involved—from independent to state-linked actors, individuals to larger collectives like Anonymous.
Western firms can be targets for voicing their opinion, offering assistance, suspending their operations, or simply due to their government’s support of one side. Egoroff believes the conflict has increased the global cybersecurity risk.
“It’s so easy now nowadays for anyone to either become a participant or a victim in this process,” says Egoroff.
Egoroff believes some comfort should be taken in the fact there’s now greater cybersecurity awareness from businesses and individuals.
“Everybody’s using MFA (Multi-Factor Authentication) for example, because a lot of these actors are out there using the existing traditional ways of getting into places like social engineering and phishing.”
However, Egoroff notes there’s been a huge increase in attacks against both the Russian and Ukraine side and that will inevitably bleed over into attacking Western companies and individuals.
NATO has been strategically ambiguous about what kind of cyberattack would trigger a collective response under Article 5, but the danger is certainly there. Much like all it could take to seriously escalate the conflict is one stray missile into NATO territory, all it could take is a cyberattack that spills over.
“If you take an example of the Russians accidentally, or on purpose, knocking out public services or power for a NATO-aligned country … if you consider the fact that cyber warfare can have detrimental effects – quite real tangible effects – then there’s no reason why it couldn’t escalate into a military response,” comments Egoroff.
Many security analysts predicted that a conflict with a powerful cyber actor like Russia would see it launch a major cyber offensive within hours, let alone days or weeks. We’ve seen many quite rudimentary DDoS attacks taking government websites and things offline, but not really the kind of attacks on critical infrastructure that many expected.
One potential explanation for the lack of such a major cyber offensive is the risk of spillover prompting a NATO response. We asked Egoroff if he believes that’s the case or whether modern cyber defenses are proving to be robust when quite literally battle-tested.
“I think it’s a combination of both. I think people generally are becoming more aware when there’s a heightened risk of attacks,” says Egoroff.
“From a government perspective, you know there’s certain controls and measures they need to put in place to protect against that but I think the nature of war is that a lot of these things that may be happening aren’t being particularly advertised.
“I think a lot of these actors on either side are attacking more government facilities or military facilities so by its very nature you’re not going to hear about that stuff anyway.”
Quite early on in the conflict, the Ukrainian government put out a statement warning civilians and soldiers about potential ‘deepfake’ videos. In the past week, a Ukrainian news website was hacked to post a deepfake video of President Zelenskyy calling on Ukrainians to “lay down arms”.
Fortunately, it was a poor deepfake and combined with the awareness campaign it probably didn’t fool anyone. However, it’s an example of how cybersecurity threats have evolved in the past few years alone.
One cybersecurity threat that remains the same is social engineering, especially over email. A report from Trend Micro released this week found that 75 percent of cyberattacks now start from email.
“I’ve always said to all the sort of clients I work with that social engineering is hugely underestimated. You can put all the high tech firewalls and data loss prevention controls in place, but all it takes is an email and someone to intermittently pick a link or click a link opened up and you’ve compromised everything,” explains Egoroff.
“You’ll find that there’s a lot more sophisticated phishing and social engineering as in person-to-person type threats that happen—someone ringing up and coming across as a fake person from a company.”
You can watch our full interview with Andrew Egoroff below:
Andrew Egoroff will be speaking at this year’s Cyber Security & Cloud Expo North America. You can find out more about his sessions and how to attend here.
(Photo by Philipp Katzenberger on Unsplash)
Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
Source link
TECHNOLOGY
Next-gen chips, Amazon Q, and speedy S3
AWS re:Invent, which has been taking place from November 27 and runs to December 1, has had its usual plethora of announcements: a total of 21 at time of print.
Perhaps not surprisingly, given the huge potential impact of generative AI – ChatGPT officially turns one year old today – a lot of focus has been on the AI side for AWS’ announcements, including a major partnership inked with NVIDIA across infrastructure, software, and services.
Yet there has been plenty more announced at the Las Vegas jamboree besides. Here, CloudTech rounds up the best of the rest:
Next-generation chips
This was the other major AI-focused announcement at re:Invent: the launch of two new chips, AWS Graviton4 and AWS Trainium2, for training and running AI and machine learning (ML) models, among other customer workloads. Graviton4 shapes up against its predecessor with 30% better compute performance, 50% more cores and 75% more memory bandwidth, while Trainium2 delivers up to four times faster training than before and will be able to be deployed in EC2 UltraClusters of up to 100,000 chips.
The EC2 UltraClusters are designed to ‘deliver the highest performance, most energy efficient AI model training infrastructure in the cloud’, as AWS puts it. With it, customers will be able to train large language models in ‘a fraction of the time’, as well as double energy efficiency.
As ever, AWS offers customers who are already utilising these tools. Databricks, Epic and SAP are among the companies cited as using the new AWS-designed chips.
Zero-ETL integrations
AWS announced new Amazon Aurora PostgreSQL, Amazon DynamoDB, and Amazon Relational Database Services (Amazon RDS) for MySQL integrations with Amazon Redshift, AWS’ cloud data warehouse. The zero-ETL integrations – eliminating the need to build ETL (extract, transform, load) data pipelines – make it easier to connect and analyse transactional data across various relational and non-relational databases in Amazon Redshift.
A simple example of how zero-ETL functions can be seen is in a hypothetical company which stores transactional data – time of transaction, items bought, where the transaction occurred – in a relational database, but use another analytics tool to analyse data in a non-relational database. To connect it all up, companies would previously have to construct ETL data pipelines which are a time and money sink.
The latest integrations “build on AWS’s zero-ETL foundation… so customers can quickly and easily connect all of their data, no matter where it lives,” the company said.
Amazon S3 Express One Zone
AWS announced the general availability of Amazon S3 Express One Zone, a new storage class purpose-built for customers’ most frequently-accessed data. Data access speed is up to 10 times faster and request costs up to 50% lower than standard S3. Companies can also opt to collocate their Amazon S3 Express One Zone data in the same availability zone as their compute resources.
Companies and partners who are using Amazon S3 Express One Zone include ChaosSearch, Cloudera, and Pinterest.
Amazon Q
A new product, and an interesting pivot, again with generative AI at its core. Amazon Q was announced as a ‘new type of generative AI-powered assistant’ which can be tailored to a customer’s business. “Customers can get fast, relevant answers to pressing questions, generate content, and take actions – all informed by a customer’s information repositories, code, and enterprise systems,” AWS added. The service also can assist companies building on AWS, as well as companies using AWS applications for business intelligence, contact centres, and supply chain management.
Customers cited as early adopters include Accenture, BMW and Wunderkind.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
TECHNOLOGY
HCLTech and Cisco create collaborative hybrid workplaces
Digital comms specialist Cisco and global tech firm HCLTech have teamed up to launch Meeting-Rooms-as-a-Service (MRaaS).
Available on a subscription model, this solution modernises legacy meeting rooms and enables users to join meetings from any meeting solution provider using Webex devices.
The MRaaS solution helps enterprises simplify the design, implementation and maintenance of integrated meeting rooms, enabling seamless collaboration for their globally distributed hybrid workforces.
Rakshit Ghura, senior VP and Global head of digital workplace services, HCLTech, said: “MRaaS combines our consulting and managed services expertise with Cisco’s proficiency in Webex devices to change the way employees conceptualise, organise and interact in a collaborative environment for a modern hybrid work model.
“The common vision of our partnership is to elevate the collaboration experience at work and drive productivity through modern meeting rooms.”
Alexandra Zagury, VP of partner managed and as-a-Service Sales at Cisco, said: “Our partnership with HCLTech helps our clients transform their offices through cost-effective managed services that support the ongoing evolution of workspaces.
“As we reimagine the modern office, we are making it easier to support collaboration and productivity among workers, whether they are in the office or elsewhere.”
Cisco’s Webex collaboration devices harness the power of artificial intelligence to offer intuitive, seamless collaboration experiences, enabling meeting rooms with smart features such as meeting zones, intelligent people framing, optimised attendee audio and background noise removal, among others.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
TECHNOLOGY
Canonical releases low-touch private cloud MicroCloud
Canonical has announced the general availability of MicroCloud, a low-touch, open source cloud solution. MicroCloud is part of Canonical’s growing cloud infrastructure portfolio.
It is purpose-built for scalable clusters and edge deployments for all types of enterprises. It is designed with simplicity, security and automation in mind, minimising the time and effort to both deploy and maintain it. Conveniently, enterprise support for MicroCloud is offered as part of Canonical’s Ubuntu Pro subscription, with several support tiers available, and priced per node.
MicroClouds are optimised for repeatable and reliable remote deployments. A single command initiates the orchestration and clustering of various components with minimal involvement by the user, resulting in a fully functional cloud within minutes. This simplified deployment process significantly reduces the barrier to entry, putting a production-grade cloud at everyone’s fingertips.
Juan Manuel Ventura, head of architectures & technologies at Spindox, said: “Cloud computing is not only about technology, it’s the beating heart of any modern industrial transformation, driving agility and innovation. Our mission is to provide our customers with the most effective ways to innovate and bring value; having a complexity-free cloud infrastructure is one important piece of that puzzle. With MicroCloud, the focus shifts away from struggling with cloud operations to solving real business challenges” says
In addition to seamless deployment, MicroCloud prioritises security and ease of maintenance. All MicroCloud components are built with strict confinement for increased security, with over-the-air transactional updates that preserve data and roll back on errors automatically. Upgrades to newer versions are handled automatically and without downtime, with the mechanisms to hold or schedule them as needed.
With this approach, MicroCloud caters to both on-premise clouds but also edge deployments at remote locations, allowing organisations to use the same infrastructure primitives and services wherever they are needed. It is suitable for business-in-branch office locations or industrial use inside a factory, as well as distributed locations where the focus is on replicability and unattended operations.
Cedric Gegout, VP of product at Canonical, said: “As data becomes more distributed, the infrastructure has to follow. Cloud computing is now distributed, spanning across data centres, far and near edge computing appliances. MicroCloud is our answer to that.
“By packaging known infrastructure primitives in a portable and unattended way, we are delivering a simpler, more prescriptive cloud experience that makes zero-ops a reality for many Industries.“
MicroCloud’s lightweight architecture makes it usable on both commodity and high-end hardware, with several ways to further reduce its footprint depending on your workload needs. In addition to the standard Ubuntu Server or Desktop, MicroClouds can be run on Ubuntu Core – a lightweight OS optimised for the edge. With Ubuntu Core, MicroClouds are a perfect solution for far-edge locations with limited computing capabilities. Users can choose to run their workloads using Kubernetes or via system containers. System containers based on LXD behave similarly to traditional VMs but consume fewer resources while providing bare-metal performance.
Coupled with Canonical’s Ubuntu Pro + Support subscription, MicroCloud users can benefit from an enterprise-grade open source cloud solution that is fully supported and with better economics. An Ubuntu Pro subscription offers security maintenance for the broadest collection of open-source software available from a single vendor today. It covers over 30k packages with a consistent security maintenance commitment, and additional features such as kernel livepatch, systems management at scale, certified compliance and hardening profiles enabling easy adoption for enterprises. With per-node pricing and no hidden fees, customers can rest assured that their environment is secure and supported without the expensive price tag typically associated with cloud solutions.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
More Google March 2024 Core Update Ranking Volatility
Competitor Monitoring: 7 ways to keep watch on the competition
A History of Google AdWords and Google Ads: Revolutionizing Digital Advertising & Marketing Since 2000
Thrive Architect vs Divi vs Elementor
31 Ready-to-Go Mother’s Day Messages for Social Media, Email, & More
Turkish startup ikas attracts $20M for its e-commerce platform designed for small businesses
Roundel Media Studio: What to Expect From Target’s New Self-Service Platform
Google Search Results Can Be Harmful & Dangerous In Some Cases
How To Adapt Your SEO and Content Strategies for SGE and AI Experiences
Google Limits News Links In California Over Proposed ‘Link Tax’ Law
-
SEARCHENGINES6 days agoMore Google March 2024 Core Update Ranking Volatility
-
PPC6 days agoCompetitor Monitoring: 7 ways to keep watch on the competition
-
PPC5 days agoA History of Google AdWords and Google Ads: Revolutionizing Digital Advertising & Marketing Since 2000
-
WORDPRESS6 days agoThrive Architect vs Divi vs Elementor
-
PPC6 days ago31 Ready-to-Go Mother’s Day Messages for Social Media, Email, & More
-
WORDPRESS5 days agoTurkish startup ikas attracts $20M for its e-commerce platform designed for small businesses
-
MARKETING4 days agoRoundel Media Studio: What to Expect From Target’s New Self-Service Platform
-
SEARCHENGINES5 days agoGoogle Search Results Can Be Harmful & Dangerous In Some Cases
You must be logged in to post a comment Login