Connect with us

TECHNOLOGY

why expired machine identities represent a growing business risk

Published

on

A 'way out' sign.


Kevin Bocek, VP of security strategy and threat intelligence, Venafi, explains how cloud complexity and multicloud is increasing the number of outages.

Spotify users recently experienced an event that is becoming all-too familiar to digital consumers. They were left unable to listen to their favourite podcasts for hours after an TLS certificate at the streaming giant expired. Although certificates, or ‘machine identities’, like these are intended to provide a backbone of trust across the online world, they are also increasingly challenging for organisations to manage. Digital transformation is driving an unprecedented expansion of machine identity volumes across the globe. That’s bad news for the security teams tasked with managing them. When even one expires, it can lead to chaos.

Spotify is certainly not the first big-name brand impacted in this way. And it definitely won’t be the last. The message is clear: brands need a more efficient, automated way to manage these identities if they want to optimise cybersecurity and service uptime.

An expensive challenge

While human identity is authenticated and secured via usernames and passwords, machine identities use keys and certificates to validate the legitimacy of information flowing between authorised machines. They can be used to secure privileged access, DevOps assets and web transactions, authenticate software code, and enable secure, remote access to enterprise networks.  But what happens when those identities expire? A certificate-related outage of the sort that recently affected Spotify, creates downtime and security risks until it is resolved.

That could end up having a major financial and reputational impact. Exactly how much is open to debate, as accurate data is difficult to come by. A Gartner study from years ago puts the figure at $5,600 per minute of IT downtime. A more recent study from ITIC claimed that just one hour of server downtime totals $300,000+ for 91% percent of SMEs and large enterprises. Over two-fifths (44%) of respondents said an hour costs over $1m. That’s not to mention the impact of poor customer experience, reduced worker productivity, diminished brand value, supply chain disruption and other factors highlighted in this research.

Getting worse

The bad news is that machine identity management is becoming more challenging for security teams as their organisations embark on a proliferation of digital initiatives. Research reveals that two-thirds (65%) of businesses increased technology spend during the pandemic. They invested in IoT systems to streamline business processes, laptops and mobile devices for hybrid workers, and new internal and customer-facing apps and websites to improve user experiences. In the cloud, containers, APIs and more help to drive DevOps and greater business agility. But all of these new assets need machine identities to help secure them.

Research reveals that the average business used nearly 250,000 machine identities at the end of 2021. Yet it’s predicted that they’ll double this inventory to at least 500,000 by 2024. With so many certificates to issue and manage, it’s no surprise that some slip through the cracks.

The challenge is made that much harder by separate trends occurring in the marketplace. Leading browsers are demanding that organisations change their machine identities every year, which will accelerate the frequency with which they must rotate certificates. What’s more, Let’s Encrypt, now the world’s leading certificate authority (CA), and many of its peers, are now only issuing machine identities for 90 days. They’re doing this to limit any potential damage from key compromise and mis-issuance. But forcing more frequent renewals makes missed expiration dates more likely. This doesn’t just increase the risk of outages, it can create additional security risks, by exposing websites to man-in-the-middle and phishing attacks.

It’s time to automate

This is a situation that can no longer be managed manually. Even organisations with modest digital transformation plans will soon find the number of keys and certificates they need to keep track of spiralling out of control. The answer is to invest in a control plane which enables automated management of machine identities throughout their lifespan.

There are several ways that intelligent automation of this kind can benefit organisations and their security administrators. First, they can be set to intuitively discover all corporate certs across cloud, virtual and physical assets, and then catalogue them in a centralised repository. That will provide continuous visibility. Next, control tools can be deployed to automatically verify security compliance: ensuring all certificates have the right owners, attributes, and configurations no matter which CA issued them. Finally, and most important for mitigating the risk of expiration, tools can help teams continuously monitor all of their certs, alert them when one is about to expire and even automatically renew.

Being able to install, configure and validate certificates proactively before they expire, and in seconds, not only reduces security risk and the threat of financial and reputational damage that stems from outages. It also frees up security staff to work on high value strategic tasks. In a world where security talent is in increasingly short supply, that’s yet another reason to automate away the challenges of machine identity management.



Source link

TECHNOLOGY

Productivity Hacks for Remote Workers

Published

on

Productivity Hacks for Remote Workers


It’s no surprise that these days, there seem to be more and more opportunities for remote work, and an increasing creation of “distributed” workplaces.

While the allure of working from home (or being able to work from “anywhere”) can be exceedingly appealing, let me be the first to tell you remote work is a lot more difficult than just casually sitting with your laptop on the beach. 

When settling into remote work, there are a few different tricks you can use to be your most productive self, instead of feeling stressed, demotivated, and regretting the day you ever went “location independent.”

The Practical Aspects of Remote Work

There are a few different approaches to remote work these days. You may be a full-time employee to one company that allows you to work from home, or that doesn’t even have a specific headquarters, but instead has built an entire distributed team (think companies like Buffer). Or, perhaps you are a freelancer or contractor who may work with a number of different projects or companies where you are not required to be on location.

In any case, you may have opportunities to move around freely, or you’d rather stay put in one place. In the latter case, perhaps you choose to work from home or rent an office, or have a membership at a coworking space. 

With many different options, how you do remote work is completely up to you. But there are some basic challenges that remote workers in every type of situation can feel. Staying personally motivated, reducing distractions, and being efficient in work execution are on the top. 

For me at least, the key to being more productive while working remotely has been to admit when I’m struggling, and be aware of the conditions that I would like to work in, but just aren’t feasible for my productivity. Remote work solutions can be very individual depending on what motivates you, what kind of hours you like to keep, and what types of environments you thrive in.

‍Non-Tech Hacks for Remote Workers

Some of the best solutions for remote worker productivity have nothing to do with technology or fancy techniques. When thinking about how to be productive when working remotely, often the best thing to do is to start with the basics. 

‍Stick to a Routine

You’ve probably heard this before, but it’s crucial for remote workers to create a routine, and stick to it. Some of us remote workers may be rebels when it comes to keeping to the ordinary, but routines aren’t boring, they’re necessary for being productive.

Without a routine, you can often waste a ton of time just figuring out what you want or need to do next. If you don’t have a schedule for your morning, like reading your emails by 9:30, checking and making your daily to-do list by 9:45, and getting started on completing your first task by 10:00, you may find yourself rounding 10:30 and all you’ve done so far is had four cups of coffee and checked facebook. 

Routines create some semblance of structure, and structure is actually a really necessary component of being productive with remote work. 

Create Some Variety

But sometimes too much routine or structure can stifle creativity and the execution of your best work. Monotony isn’t good for anyone’s work satisfaction, so find out how and where you work best. Variety may be sitting at your kitchen table to work for the morning hours, and then switching it up to your home office in the afternoon. Or, perhaps you find a coworking space that gives you a nice change of scenery a couple days a week.

Variety (with structure) can be good for helping you to get out of mental ruts, and can help to inspire you in some ways. Not to mention, if you are only working from home it can be at least slightly more difficult to hold yourself accountable when there is no one else there who can see you doing work, or for you to talk to and discuss ideas with. Even just getting out to a coffee shop to work from may be beneficial for your productivity levels.

‍Get Ready For Your Day

I’ll admit, I’ve had more than a few “Donald Duck” video meetings: I may be dressed professionally on top, with my hair done and teeth brushed, but out of the line of site of the camera, I may or may not be wearing pants. When working from home it can be so tempting to throw on the same sweatshirt you’ve been wearing for the past four days. But this can be detrimental to your productivity.

Getting up and taking a shower, getting properly dressed and ready as if you are going to the office, will get you in the right mindset for your work day. It can make you feel more awake, in a working mood, and it’s the first thing you can check off your list of accomplishments. When working remotely, you need to count every win.

Leave the House

It’s a common conundrum for remote workers: a whole day passes and you think to yourself, “have I spoken to another human today?” When working from home especially, you can sink into the bad habit of not getting out enough or interacting with others, but this can be problematic for your productivity.

Just getting out of your house, even to grab a coffee down the street, or taking a drive to the store, can be a quick and easy way to refresh your motivation and jump-start your energy. Not to mention that the benefit of remote work can be flexible, but sitting at home all day is not making the most of that benefit, no matter how much you enjoy the nonexistent commute. 

‍Create a Hard Line between Professional Life and Private Life

When you aren’t being watched over by a manager, or there is no one really keeping tabs on the hours you keep, the problem isn’t always that you don’t work enough. The problem may be that you don’t set hard boundaries for what is work and what is personal. 

In the beginning of my venture into working remotely, I found myself wanting to be eager, available, and seemingly always on top of things. What that translated to, was answering emails at all hours of the night, never really “logging off,” and finding the lines between my professional life and private life completely blurred. 

But the fact is, it made me stressed all the time, and the companies I worked for didn’t really notice a difference in my work ethic. Work issues bled into my nights and weekends and free time until I felt that I was in work mode basically 24/7. And as it turns out, it killed my productivity when I needed it most.

Setting hard boundaries, and establishing the precedent to your company or customers about sticking to specific hours can be crucial for your motivation and also your sanity. Be sure to create that hard-line early on, so that you know when to be in productive time, and when you can (and should) relax.

Fill Your Time

As with procrastination, remote work has a fun way of making even small projects take up all the time you have available. The less busy you are, the less efficient you’ll actually be. When you have a lot to do, and a lot to fill your time with, that is when you’ll actually be your most productive. 

Especially if you are just starting out freelancing and are still collecting projects to fill your docket, block your days for work, and then your days for doing errands or job searching, or whatever else you need to do. If you try to fill your 40 hour work week with only 20 hours of work, you’ll be slow, inefficient, and definitely not cost-effective. Try to get as much work assignments as you can, because when you can fill your time with actual work, then you will be more productive.

‍Tech hacks for remote workers

Remote workers would be nowhere if it wasn’t for the plethora of productivity and collaboration tools that are now available to us. While self-motivation and old school methods for productivity can create a good foundation, the tech will be your friend when working remotely.

‍Rely on Productivity Tools

Thankfully, productivity tools for that are beneficial for remote work are basically an industry in and of itself. There are many different options you can use for being the most productive.

Project management tools like Asana and Trello can help you stay the course when it comes to just getting things done. With these types of tools, you’ll have a good overview of what you need to complete and when, and at what stage each project is in, or if you need input from others to complete tasks. 

Task management tools like Wunderlist and Todoist can be awesome for tackling to-dos, especially for visual people who like to look at a clear overview of what needs to be prioritized or if there are impending deadlines. Time trackers like Toggl and The Pomodoro Tracker can help you be more aware of the time you spend on different projects or just work in general and can help you to be better about being productive in sprints.

‍Limit Tech Distractions

While you should use tech to help you be more productive, sometimes those tools should work to actually limit the number of distractions you have, and what you have access to. Social media, email, RSS feeds, news notifications, personal messaging apps, and many others can cause major problems for remote workers. Use app blockers like Freedom or Self Control to ensure you can turn off the things that are not essential for getting your work done.

Collaborate as Much as You Can

While remote work lends itself to a lot of independence and autonomy, it can actually really help your productivity to collaborate with others. On one hand, working with a team that relies on you and vice versa can give you some accountability for completing tasks in a timely way. But it can also cure some of the side effects of working “alone” like basic loneliness, or mental blocks. 

Collaboration tools make working with distributed teams a non-issue. In many ways, they can encourage us to be more efficient in our communication, and be very transparent in our work. Communication apps like Slack, doc sharing such as Google DriveDropbox, and Basecamp, and video conferencing with Zoom, or GoToMeeting, make collaboration easier than ever.

Remote work can be a great experience and can allow you to have freedom, flexibility, and autonomy like you’ve never had in work before. But it can be very easy to fall down a rabbit hole of bad habits, distractions, and lack of motivation. Be honest with yourself about the kinds of environments that are best for your productivity, keep routines and structure, and use the right tools to help you stay on top of your assignments, and you’ll have no problem being successful working remotely.



Source link

Continue Reading




DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish