This week, I’m attending the 2015 RSA Conference where I’ve had the chance to mingle with security professionals and other security writers, as well as get to sit in on some interesting sessions. I was invited to attend a panel discussion hosted by Nok Nok Labs. The panel included Nok Nok’s CEO Philip Dunkelberger; Jon Oltsik, a security analyst at Enterprise Strategy Group; Rhonda MacLean, a former CISO with a number of companies including Bank of America and Boeing; and Giles Watkins, a partner in the cybersecurity practice at KPMG.
The discussion—with quite a bit of audience participation, I should add—revolved around the opening question posed by Oltsik: Why is it taking so long for industry to embrace security?
The words “rip and replace” are among the most feared in the IT lexicon—right up there with “denial of service” and “The CIO wants you in his office right now.”
But now that the enterprise is contemplating a data environment that will propel business into the 21st Century, some organizations are giving serious consideration to wholesale replacement of aging infrastructure. In an increasingly interconnected world, it has not gone unnoticed that many emerging markets are already building forward-leaning data environments atop gleaming new hardware platforms.
Indeed, says EuroCloud co-founder Phil Wainewright, those who don’t embrace some level of rip-and-replace will find themselves outclassed by rivals who do. When the pace of change is moving at hyperspeed, delay is the enemy—it not only limits your ability to compete, it makes the inevitable change that much harder as new systems and software become integrated with the old.
Netwrix 2015 State of IT Changes Survey reveals that nearly 70% of organisations continue to make undocumented changes and only 50% audit their IT infrastructures
The Netwrix 2015 State of IT Changes Survey of more than 700 IT professionals across 40 industries found that 70% of companies forget about documenting changes, up from 57% last year. Most surprisingly, the number of large enterprises that make undocumented changes has increased by 20% to 66%.
Undocumented changes pose a threat to business continuity and the integrity of sensitive data. The survey shows that 67% of companies suffer from service downtime due to unauthorised or incorrect changes to system configurations and the worst offenders are large enterprises in 73% of cases.
Security-wise, the overwhelming majority of organisations claim to have never made a change that turned out to be the root cause of a security breach. However, given that the majority of companies make undocumented changes and only half of them have auditing processes in place - instead relying on looking through native logs manually – their ability to prove this is questionable. What is certain is that many organisations remain in the dark about what is going on across their IT infrastructures and are not able to detect a security violation until a data breach is officially revealed.
Despite the fact that companies still have shortcomings in their change management policies, the overall results of the 2015 survey show a positive trend. More organisations have changed their approach to changes and have made some effort to establish auditing processes to achieve visibility into their IT infrastructures. The key survey findings show that of the respondents:
- 80% of organisations continue to claim they document changes; however the number of companies that make undocumented changes has reached 70%. The frequency of those changes has also increased.
- 58% of small companies have started to track changes despite the lack of change management controls, against 30% last year.
- Change auditing technology continues to capture the market, as 52% of organisations have established change auditing controls, compared to 38% last year. Today, 75% of enterprises (52% in 2014) have established change auditing processes to monitor their IT infrastructures.
- Organisations opt for several methods of change auditing. 60% of SMBs traditionally choose manual monitoring of native logs, whereas 65% of enterprises deploy automated auditing solutions.
- Due to established change management controls, more thorough documentation and automated auditing processes, the number of enterprises who managed to find which changes were a root cause of security incidents has doubled since 2014 to 33%.
“As with years past, errors made by internal staff, especially system administrators, who were the prime actors in over 60% of incidents, represent a significant volume of breaches and records,” stated the Verizon 2015 Data Breach Investigations Report. “Understand where goofs, gaffes, fat fingers, etc., can affect sensitive data. Track how often incidents related to human error occur. Measure effectiveness of current and future controls, and establish an acceptable level of risk you are willing to live with, because human fallacy is with us to stay.”
“Human factor is the key to informational security and its pain point at the same time,” said Alex Vovk, president and co-founder of Netwrix. “No matter how advanced the security policy is, people still make mistakes and from time to time misbehave, putting overall system security and business continuity at risk. In this case, automated auditing processes can help companies keep their IT systems under control and make sure that any deliberate or accidental changes will be detected and addressed properly to eliminate the risk of a data breach.”
To download a complete copy of the “Netwrix 2015 State of IT Changes” report, please visit http://www.netwrix.com/netwrix_researches_for_it_pros.html.
About Netwrix Corporation
Netwrix Corporation, the #1 provider of change and configuration auditing solutions, delivers complete visibility into who did what, when, and where across the entire IT infrastructure. This strengthens security, streamlines compliance, and optimizes operations. Founded in 2006, Netwrix is named to the Inc. 5000 list and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.
End-to-end, Integrated Approach to Engineering, Data Analytics, User Experience and Design Improves Business Agility and Competitive Advantage in Digital Economy
LONDON –Ness Software Engineering Services (SES), a leading provider of software product engineering services, has today announced the launch of its end-to-end, Ness Connected Framework to bridge the gap between business and technical objectives during the software development lifecycle. Ness SES’s highly integrated, adaptive approach significantly reduces time-to-market, risk and costs for businesses when launching new, innovative digital products and services.
The framework addresses how technology development and digital transformation initiatives are being driven by business strategies rather than being technology and IT led. This is especially true of digital projects that are market facing and require creative input on how a superior customer experience is delivered. The challenges arise when trying to synchronise creative and technical requirements, translating the diverse needs of both into one compelling solution.
The new Ness Connected Framework resolves this by fully integrating the two disciplines – creative and technical – that are critical to successful digital transformation and development projects today.
Unlike other engineering services providers, Ness SES has not simply bolted on a customer user interface design practice onto its software engineering capabilities. This creates an added problem when using both agencies and engineering partners to assist and requires significant mediation and adjudication to reconcile differing points of view. Instead the framework proactively removes the traditional conflicts between the two sides, whilst ensuring a client benefits from a technology partner who practices both disciplines fluently and seamlessly and thus presents one interface to the client resulting in faster delivery, greater cost effectiveness and quicker realisation of revenue and growth.
The methodology behind the Ness Connected Framework weaves strong links between three pillars in the Digital Economy: Products & Platforms, Big Data & Analytics, and Contextual User Experience Engineering to create a seamless transition from front and back-end business processes through to user experience and design.
Doug Mow, senior vice president corporate strategy and chief marketing officer, Ness SES commented, “Over two decades of experience in building end-to-end products and platforms for customers in a variety of industries, we’ve seen businesses constantly struggle to merge user experience and design with engineering expertise. The business side tries to talk about user experience and the front end of the design process by engaging independently with a design agency and throws the design over the wall to the engineering teams. This creates a complicated mix of creativity and design which often leads to an elegant design but a technology nightmare. It’s like mixing sugar and pepper.”
The Ness Connected Framework consists of five stages, which companies can delve into dependent on the needs of their business and the stage their teams are at in the software development lifecycle:
- Discover: Ness SES facilitates collaboration between organisations’ stakeholders to identify a common set of business requirements around all facets of user experience, user interface, data analytics, and product engineering. This helps to create a strong business case and outlines competitive advantages.
- Envision: Ness SES helps its customers validate propositions from the Discovery phase including generating a clear product definition, and Proofs of Concept (PoC), or prototypes, to reduce financial risk.
- Build: Ness SES delivers a rapid execution phase driven by the use of a portfolio of templates, time-tested governance tools, test automation, and industry-specific reference models to improve productivity, reduce time-to-market and ensure product/service quality.
- Sustain: Ness SES operates as an ongoing extension of its customers’ teams throughout the software development cycle, to ensure timely product enhancements and adjustments can be made.
- Evolve: Ness SES offers a framework that adapts to the unique needs and challenges of individual businesses, so each product and service aligns to business objectives.
With the Ness Connected Framework businesses can immediately see any issues to improve time-to-market and ensure compelling products are launched. Agile methods are incorporated to allow organisations to modify and optimise their products and services throughout the software development process. This means stakeholders have a solid handle on deliverables and timeframes, and the user experience is built right the first time – significantly reducing financial risk.
“Through our discovery and blueprinting expertise we help bridge the gap between design and engineering. We help enterprises ask the right questions at the right time to get working products to market. On top of this, the ongoing dialogue with our customers during the software development lifecycle enables business agility in a competitive marketplace,” Mow added.
About Ness Software Engineering Services (SES)
Ness Software Engineering Services (SES) is a premier provider of outsourced engineering services. Ness SES helps organisations compete and grow in today’s digital economy by providing deep expertise in products and platforms, data and analytics, and experience engineering. With access to world-class software engineering resources, Ness SES’s clients create advanced, new products and services, enter new markets, win new customers, and streamline operations to radically reduce costs. Ness SES delivers consumer-grade experiences with commercial-grade quality and stability through its global delivery model that offers the flexibility and efficiencies of on-site, on-shore, near-shore and off-shore sourcing, leveraging sophisticated distributed Agile techniques. Visit www.ness-ses.com for more information.
Turkish telco, Grid Telekom impressed by Flexiant's ease of use, feature set and speed to market
ISTANBUL, Turkey – Turkish telco, Grid Telekom, has selected Flexiant to deliver a cloud orchestration platform to enable self-service provisioning. The appointment marks Flexiant's first customer in Turkey.
With over 20 years of experience, Grid Telekom is one of Turkey's leading telecommunication companies. To offer its cloud services, the telco needed to move away from its manual process to provide a self-service platform.
Khalid Ahmed, Grid Telekom said, "We needed a cloud orchestration solution so we investigated Flexiant, InContinuum and VMUnify. We chose Flexiant Cloud Orchestrator because of its ease of use and feature set."
Flexiant Cloud Orchestrator is a mature, reliable and feature-rich software platform for cloud management. Software features include its flexible self-service, multi-tenancy, metering and billing capabilities, support for multi-hypervisors, multi-tiered storage and scalable architecture.
"Flexiant's user interface and control panel was straightforward giving us exactly the self-service capabilities we required," continued Khalid Ahmed, Grid Telekom.
Grid Telekom will use Flexiant Cloud Orchestrator to launch a new cloud solution aimed at SME organizations in the Turkish region.
George Knox, CEO, Flexiant said, "Telcos have many advantages when it comes to delivering cloud services from owning the network, data centers, scale and the extensive experience metering and billing for services delivered. Existing capability is only part of the requirement for success. Cloud orchestration solutions that remove the manual burden of provisioning are the second critical component. Flexiant gives Grid Telekom the capabilities needed for the Turkish telco to continue its impressive growth."
Grid Telekom will launch its new service this spring.
Grid Telekom is a telecommunications company in Turkey mainly working on International Fiber Connectivity, Metro Fiber Connectivity, Access and Datacenter businesses. Currently there are two data centers in Turkey located in Istanbul and Ankara. The major project that Grid Telekom is working on is the redundant fiber route from Greece, Bulgaria and Turkey. For more information visit www.gridtelekom.com.
Flexiant provides solutions aimed solely at helping service providers capture the cloud market opportunity. Its portfolio of solutions includes Flexiant Cloud Orchestrator and Flexiant Concerto. Since 2009 Flexiant has armed service providers with the solutions necessary to launch revenue generating cloud services quickly and easily.
Flexiant has been named a Gartner Cool Vendor in Cloud Management and received the Info-Tech Research Group Trendsetter Award for two consecutive years. Flexiant is a Gold Parallels Partner and a Dell certified technology partner. Customers include Brinkster, Computerlinks, FailProof Technology and ThinkGrid Ceano, part of Colt Telecom. Flexiant is also a key participant in the EU's Horizon 2020 program. For more information visit www.flexiant.com.
For the city of Long Beach, Calif., the challenge of emergency management is clear: A small number of people are making too many 911 calls for medical assistance.
It’s a problem Long Beach and cities across the nation struggle with as a minority of callers and care facilities — also known as “911 super-users” — congest phone lines and stretch emergency resources. Financially, it's a problem for providers, governments and even the callers themselves. Yet more pressing is the impact on first responders, where a minute's delay could determine life or death.
To deal with the problem, Long Beach officials partnered with the civic tech group Code for America to create AddressIQ, a Web app that combines fire, police and business licensing data to reduce calls from 911 super-users. The tool connects addresses to both the number and type of emergency dispatches. The information enables emergency workers to collaborate on high-usage locations and assist callers through education, social outreach, or — in worst cases — enforcement measures.
(TNS) — The woman won't look away from the dark huddle of uniforms standing behind a yellow police tape barrier that flaps back and forth in an occasional breeze. There, on the other side of this South Los Angeles parking lot, her brother is lying, still.
Two men in suits approach her. Their expressions signal bad news. Their words confirm it: Earlier in the night, her brother was shot in the head and killed.
Barbara de Lima, a grandmotherly figure with curly white hair, stands beside the family as they talk to the detectives. When a family member begins to cry, de Lima gives her a water bottle along with soothing words of comfort. The woman falls onto her, and de Lima cradles her head on her shoulder, calling her "honey."
Mapping tool visualizes anticipated flood effects, aiding preparation for coastal storms
April 21, 2015
Charleston, South Carolina, was found to be one of the top ten U.S. cities in increased nuisance flooding, according to a June 2014 NOAA report. The Coastal Flood Exposure Mapper enables users to visualize these flood impacts and others in order to craft better resilience plans.". (Image: NOAA)
A NOAA flood exposure risk mapping tool that was developed in New York, New Jersey, Delaware and Pennsylvania has now been expanded to cover coastal areas along the entire U.S. East Coast and Gulf of Mexico. The Coastal Flood Exposure Mapper, a deliverable of President Obama’s Climate Action Plan, provides users with maps, data, and information to assess risks and vulnerabilities related to coastal flooding and hazards.
According to the 2010 U.S. Census Bureau population count, 39 percent of the U.S. population lives in counties subject to significant coastal flooding.
“Coastal populations are increasing, as is the potential for flood events,” said Jeffrey L. Payne, Ph.D., acting director of NOAA’s Office for Coastal Management. “Anything we can do to make people aware of their community’s vulnerability puts that community in a better position to act to save lives and property.”
With this NOAA tool, users select their location and the flood scenario of their choosing: Federal Emergency Management Agency flood designations, shallow coastal flooding associated with high tides, or flooding associated with sea level rise or storm surge. Flood maps are then overlaid with any of three exposure maps to show how floodwaters might impact area assets. All maps can be saved, printed, and shared.
The societal exposure map provides information on population density, poverty, the elderly, employees, and projected population growth. Communities can use this information for community planning and to determine how floodwaters might affect vulnerable or concentrated populations.
Roads, bridges, water, and sewer systems can be damaged by coastal flooding. Communities can use the mapper to assess infrastructure vulnerabilities and associated environmental and economic issues to determine what steps are needed to protect these assets.
- The ecosystem exposure map provides data and information about natural areas and open spaces—including their proximity to development — to help communities identify which areas can be conserved for future flood protection benefits. Pollution sources are also identified to show where natural resources could be affected during a flood.
Coastal communities around the country are becoming more vulnerable to severe events and water inundation,” said Holly Bamford, Ph.D., acting assistant secretary of commerce for conservation and management. “According to the 2010 U.S. Census, the population of coastal communities is going to rise by 8 percent by 2020. Increased vulnerability plus increased population means communities are going to need accurate, reliable, and timely information to prepare for the future. Equipping our communities with information, products, services, and tools, like the Coastal Flood Exposure Mapper, allows them to become more resilient.”
This map tool was developed by the NOAA Office for Coastal Management.
NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on Facebook, Twitter, Instagram and our other social media channels.
Target (TGT) last week said it would pay MasterCard (MA) issuers up to $19 million pre-tax in alternative recovery payments related to the retailer's Dec. 2013 data breach. And as a result, Target and MasterCard top this week's list of IT security newsmakers, followed by the Data Security and Breach Notification Act of 2015, HSBC (HSBC) and Verizon (VZ).
What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's list of IT security stories to watch to find out:
At the BCI Middle East Conference in May, to be held at the Oryx Rotana in Doha, Qatar, the Business Continuity Institute Qatar Forum will launch its Qatar Business Continuity Management Guideline. The guideline was a collaborative effort of a small Working Committee representing various organizations in Qatar, and the members are also active participants in the recently established BCI Qatar Forum. In developing the guideline, the BCI Qatar Forum was supported by the Directorate of laboratories and standardization within Qatar's Ministry of Environment.
This new guideline is designed to help all types of organizations operating in Qatar, whether business, charity or government, and regardless of sector, size, location or activity, to be better-prepared and more confident to handle business disruptions of any type.
Incidents take many forms, ranging from large-scale natural disasters or acts of terror to single technology-related failures, or utility services interruptions. Most incidents are small but some can have a significant impact on an organization, multiple organizations, or on the State of Qatar as a whole. This therefore makes business continuity management relevant at all times and at all levels. Complex inter-dependencies between organizations also make it important to ensure business continuity across the whole value chain, from receipt of goods and services from suppliers to delivery of products and services to customers, and to ensure there is an effective BCM information exchange with a range of stakeholders.
Based on the various international Standards in business continuity, and in particular ISO 22301, the guideline describes how to set up, implement and manage an effective Business Continuity Management System. The Guideline also provides guidance on interpreting ISO 22301 requirements, as well as local examples and templates to adapt and use.
"There is an increasing global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and disruptive events, to ensure business continuity and maintain their operations and the Qatar BCM Guideline will help all organizations in Qatar achieve this" said Abdullatif Ali Al-Yafei, Chairman of the Qatar BCM Guideline Working Committee.”