Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Jon Seals

Jon Seals

PALO ALTO, Calif. – Rubrik, the Converged Data Management company, announced today that JLL (NYSE: JLL), a Fortune 500 professional services and investment management firm, has deployed multiple Rubrik Converged Data Management appliances to deliver backup, recovery and replication for its production environment.

"We see Rubrik's platform ushering in real change in the data management industry," said Joe Ryan, JLL's Chief Technology Officer, Americas. "Rubrik simplifies our process, makes us more efficient and provides extra protection -- all of which helps keep us at the forefront of technology innovations."

JLL is committed to investing in technology, data and analytics to continue to increase its client-service levels and capabilities. The firm's data and technology initiatives continue to earn recognition with clients and independent third-parties. Recently, JLL received the 2016 Realcomm Digie Award for Best Use of Automation-Commercial Services and was named to the 2016 InformationWeek Elite 100, a list of the top business technology innovators in the United States. It was the fifth consecutive year JLL was included on the list.

In 2015, JLL's Corporate Solutions applications received the prestigious Service Organization Controls (SOC) 2, type II report and the global ISO 27001 certification for information security. The globally recognized designations demonstrate JLL's ability to maintain and execute controls of its internal and external technology platforms. Also in 2015, JLL launched RED, the commercial real estate industry's first scalable data and insights platform that connects master data governance, knowledge management, business intelligence and advanced analytics. Combined with cutting-edge technologies and JLL's real estate and data and analytics expertise, it dramatically improves the quality and speed of real estate decision-making.

"JLL has built an impressive reputation for driving business success through IT innovations, having been recognized as an InformationWeek Elite 100 for the last five years," said Bipul Sinha, co-founder and CEO, Rubrik. "JLL's adoption of Rubrik's Converged Data Management solution demonstrates how a modern approach to backup can support business requirements with greater agility and simplicity."

About JLL
JLL (NYSE: JLL) is a professional services and investment management firm offering specialized real estate services to clients seeking increased value by owning, occupying and investing in real estate. A Fortune 500 company with annual fee revenue of $5.2 billion and gross revenue of $6.0 billion, JLL has more than 280 corporate offices, operates in more than 80 countries and has a global workforce of more than 60,000. On behalf of its clients, the firm provides management and real estate outsourcing services for a property portfolio of 4.0 billion square feet, or 372 million square meters, and completed $138 billion in sales, acquisitions and finance transactions in 2015. Its investment management business, LaSalle Investment Management, has $58.3 billion of real estate assets under management. JLL is the brand name, and a registered trademark, of Jones Lang LaSalle Incorporated. For further information, visit www.jll.com.

About Rubrik
Rubrik provides the industry's first Converged Data Management appliance, delivering automated backup, instant recovery, unlimited replication, and data archival at infinite scale. Rubrik is built by key engineers behind Google, Facebook, VMware, and Data Domain.

Headquartered in Palo Alto, CA, Rubrik has raised over $51 million from Greylock Partners, Lightspeed Venture Partners and enterprise IT luminaries, including John W. Thompson (Microsoft Chairman, Symantec Former CEO), Frank Slootman (ServiceNow CEO, Data Domain Former CEO), and Mark Leslie (Leslie Ventures, Veritas Founding CEO). Rubrik has been named to Gartner's Cool Vendors in Storage Technologies, 2016. For more information, visit http://www.rubrik.com and follow @rubrikInc on Twitter.

The Business Continuity Institute - Jul 29, 2016 11:59 BST

There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies (CSIS). 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

The Hacking the Skills Shortage Report highlighted that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Despite a quarter of respondents confirming their organizations had lost proprietary data as a result of this skills gap, there are no signs of it abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously, and this starts by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the BCI's Horizon Scan Report, which also identified availability of talents / key skills as a top ten concern.

The Hacking the Skills Shortage Report analysed four dimensions that comprise the cyber security talent shortage, which include:

Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritize cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce shortage.

Education and training: Only 23% of respondents say education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Government policies: More than three-quarters (76%) of respondents say their governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the US, UK, Israel and Australia have called for increased support for the cyber security workforce in the last year.

A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.

Friday, 29 July 2016 00:00

Local Code

Local Code: 3,659 Proposals About Data, Design, & The Nature of Cities (Princeton Architectural Press, October 11, $40) presents a collection of data-driven tools and design prototypes for understanding and transforming the physical, social, and ecological resilience of cities. Written by Nicholas de Monchaux, associate professor of architecture and urban design at UC Berkeley, the book arranges drawings of 3,659 digitally tailored interventions for vacant public land in San Francisco, Los Angeles, New York City, and Venice, Italy. Critical essays offer essential links between these innovative design experiments.

Designed in collaboration with the Dutch information-design studio Catalogtree and featuring an introduction by Keller Easterling, Local Code presents a digitally prolific, open-ended approach to urban resilience and social and environmental justice. At once analytic and visionary, it pioneers a new field of inquiry and action at the intersection of environmental data and the expanding city.

About the Author
Nicholas de Monchaux is associate professor of Architecture and Urban Design at UC Berkeley, where he is director of the Berkeley Center for New Media, and is a fellow of the American Academy in Rome. He is a partner in the Oakland-based architecture practice Modem / Moll de Monchaux. De Monchaux’s first book, Spacesuit: Fashioning Apollo (MIT Press, 2011), was named a best book of the year on numerous design and technology lists. His design work has been exhibited internationally, at venues including SFMOMA, the MCA Chicago, the Venice Architecture Biennale, and the Lisbon Architecture Triennial.

Wear a smartwatch and you could cause a data breach that brings your organization to its knees. Install an anti-virus product on any one of your endpoints and you could compromise the security of key enterprise applications.

Smartwatches and certain anti-virus products are just a small sample of the growing number of shocking application security threats. Just like more familiar application security threats such as code injection, cross site scripting and buffer overruns, the threats they pose can be critical.

This article discusses five emerging application security threats:

  • PIN and password inference software
  • Mobile app collusion
  • Anti-virus software
  • JavaScript ransomware
  • Voice-activated attacks

...

http://www.esecurityplanet.com/hackers/5-freaky-application-security-threats.html

The Ponemon Institute has published a new study ‘The 2016 Global Cloud Data Security Study.’ Commissioned by Gemalto, the study surveyed more than 3,400 IT and IT security practitioners worldwide to gain a better understanding of key trends in data governance and security practices for cloud-based services.

According to 73 percent of respondents, cloud-based services and platforms are considered important to their organization's operations and 81 percent said they will be more so over the next two years. In fact, 36 percent of respondents said their companies' total IT and data processing needs were met using cloud resources today and that they expected this to increase to 45 percent over the next two years.

Although cloud-based resources are becoming more important to companies' IT operations and business strategies, 54 percent of respondents did not agree that their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments. This is despite the fact that 65 percent of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. Furthermore, 56 percent did not agree their organization is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.

Key findings

Cloud security and shadow IT

According to respondents, nearly half (49 percent) of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department. However, confidence in knowing about all cloud computing services in use is increasing. 54 percent of respondents are confident that the IT organization knows all cloud computing applications, platform or infrastructure services in use - a 9 percent increase from 2014.

Conventional security practices do not apply in the cloud

In 2014, 60 percent of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, 54 percent said the same. Difficulty in controlling or restricting end-user access increased from 48 percent in 2014 to 53 percent of respondents in 2016. The other major challenges that make security difficult include the inability to apply conventional information security in cloud environments (70 percent of respondents) and the inability to directly inspect cloud providers for security compliance (69 percent of respondents).

More customer information is being stored in the cloud and is considered the data most at risk

According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud. Since 2014, the storage of customer information in the cloud has increased the most, from 53 percent in 2014 to 62 percent of respondents saying their company was doing this today. 53 percent also considered customer information the data most at risk in the cloud.

Security departments left in the dark when it comes to buying cloud services

Only 21 percent of respondents said members of the security team are involved in the decision-making process about using certain cloud application or platforms. The majority of respondents (64 percent) also said their organizations do not have a policy that requires use of security safeguards, such as encryption, as a condition to using certain cloud computing applications.

Encryption is important but not yet pervasive in the cloud

Seventy-two percent of respondents said the ability to encrypt or tokenize sensitive or confidential data is important, with 86 percent saying it will become more important over the next two years, up from 79 percent in 2014. While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular type of cloud-based service, only 34 percent of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.

Many companies still rely on passwords to secure user access to cloud services

67 percent of respondents said the management of user identities is more difficult in the cloud than on-premises. However, organizations are not adopting measures that are easy to implement and could increase cloud security. About half (forty-five percent) of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because 58 percent of respondents say their organizations have third-party users accessing their data and information in the cloud.

Recommendations for data security in the cloud

The new realities of Cloud IT mean that IT organizations need to set comprehensive policies for data governance and compliance, create guidelines for the sourcing of cloud services, and establish rules for what data can and cannot be stored in the cloud.

IT organizations can accomplish their mission to protect corporate data while also being an enabler of their Shadow IT by implementing data security measures such as encryption that allow them to protect data in the cloud in a centralized fashion as their internal organizations source cloud-based services as needed.

As companies store more data in the cloud and utilize more cloud-based services, IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication. This is even more important for companies that give third-parties and vendors access to their data in cloud.

About the survey

The survey was conducted by the Ponemon Institute on behalf of Gemalto and surveyed 3,476 IT and IT security practitioners in the United States, Brazil, United Kingdom, Germany, France, Russian Federation, India, Japan and Australia who are familiar and involved in their company's use of both public and private cloud resources.

www.gemalto.com