Data with Future Enabled State?

Data (and Privacy), Regulations, Compliance, Security and Policies are the key to any Future Enabled State and for that matter, any cloud transformation. How do we factor in data, security, compliance, regulatory and policies factors into an integrated cloud solution?

So what is Dr. CSP?

I thought it right to device an acronym for Data, Privacy and Regulations/Compliance. A gamut of policies, procedures and processes need to be updated along with change to organizational culture for understanding and adopting the impacts and implications. Data (and Privacy), Regulations, Compliance, Security and Policies (DR. CSP). What should we do to get this right? Often, while providing proposal, we just talk about cloud migration. Alas, migration is not a lone isolated event; it has to factor in all dimensions of transformation. The acronym is simple, any Cloud Service Provider (even we can be counted in as CS), should be DR. CSP. It may be mean to those who have fantastic memory but without being a DR. CSP, we are unlikely to resonate with the customer.

Yes, Data is number one. It is the ultimate asset of an organization. Data, Data and Data – the key enabler or a bane for emerging Future Enabled State. According to Network Asia, “By 2024, 90 percent of the G1000 organizations will mitigate vendor lock-in through multi and hybrid cloud technologies by using technologies such as containers and data fabric, these organizations will be able to flexibly and easily move workloads across environments while having full control over them”.

According to the same report, Bank of America, for example, is using containers for app testing and development. By doing so, the bank’s developers and infrastructure staff are able to focus on high-value work instead of managing middleware systems and messaging buses, which do not generate revenue for the bank. Despite the benefits of hybrid and multi-cloud, they will not be the default IT architecture for smaller organizations. This is because data itself can be far less portable than compute and application resources, which affects the portability of runtime environments. Moreover, some cloud services may be exclusive to a particular cloud provider, which means that those services cannot be ported to other environments”.

Integrated solution is a key while resonating with customer already in cloud or those intending to migration to cloud. Providing an encapsulation and governance mechanism to critical enablers such as data, regulations, security, compliance and policies will drive success to the future enabled cloud state.

Interesting read…https://www.networksasia.net/article/4-key-trends-could-spark-digital-transformation-enterprises.1548732759

Imminent fragmentation of a string of Global Village

One of the factors that make us a global village is our ability to connect over the internet and internet being a common highway for humanity to connect. With the advent of Russia discovering its renewed ability to develop parallel track, we may see an eventual fragmentation of the way we communicate.

A prelude to imminent fragmentation… everyone will copy this model. So far, we existed as a single earth, connected together by internet, making it a global village.

With the advent of Russian testing for separate DNS (domain name service, e.g. google.com), it will be talking a different language in a different world. Ultimately, others will follow suite and eventually, lobbies and multi-block reorganization may induce a multipolar world that may collaborate or in extreme situation, be at loggerhead with each other.

Russia considers ‘unplugging’ from internet
http://www.bbc.co.uk/news/technology-47198426

Insider Threats: Lessons Learnt

Recent cyber attacks also point towards organizations primary vulnerability. Insider threat is more common than cyber-attack. Despite the media focus on cybersecurity, it is important to be aware of insider threat.

The authors shared ten lessons on insider threat. Though these are experiences in respect to an alternate field continuously exposed to security threats, nevertheless, it is important to know the significance and implications of these.

Below, excerpts from “A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes” by Matthew Bunn and Scott D. Sagan published by AMERICAN ACADEMY OF ARTS & SCIENCES.

Even this brief comparative look at insider threats illustrates that such threats come in diverse and complex forms, that the individuals involved can have multiple complex motives, and that common, though understandable, organizational imperfections make insider threats a difficult problem to address adequately. Most nuclear organizations appear to underestimate both the scale of the insider threat and the difficulty of addressing it. Serious insider threats may well be rare in nuclear security, but given the scale of the potential consequences, it is crucial to do everything reasonably practical to address them. The main lesson of all these cases is: do not assume, always assess—and assess (and test) as realistically as possible. Unfortunately, realistic testing of how well insider protections work in practice is very difficult; genuinely realistic tests could compromise safety or put testers at risk, while tests that security personnel and other staff know are taking place do not genuinely test the performance of the system.
LESSONS

Lesson #1: Don’t Assume that Serious Insider Problems are NIMO (Not In My Organization)

Lesson #2: Don’t Assume that Background Checks will Solve the Insider
Problem

Lesson #3: Don’t Assume that Red Flags will be Read Properly

Lesson #4: Don’t Assume that Insider Conspiracies are Impossible

Lesson #5: Don’t Rely on Single Protection Measures

Lesson #6: Don’t Assume that Organizational Culture and Employee Disgruntlement Don’t Matter

Lesson #7: Don’t Forget that Insiders May Know about Security Measures and How to Work Around Them

Lesson #8: Don’t Assume that Security Rules are Followed

Lesson #9: Don’t Assume that Only Consciously Malicious Insider Actions Matter

Lesson #10: Don’t Focus Only on Prevention and Miss Opportunities for Mitigation


 

Citation:

A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes

http://www.amacad.org/multimedia/pdfs/publications/researchpapersmonographs/insiderThreats.pdf

insiderthreats

Sentiment Analysis in the Context of Insider Threat

https://insights.sei.cmu.edu/insider-threat/2016/12/sentiment-analysis-in-the-context-of-insider-threat.html