Cloud Security and Compliance Issues

Oct 25, 2017 by infocon in  Security

Cloud Security and Compliance Issues:

 

A new report by Threat Stack and ESG (Environmental, Social Governance) raises major security concerns about the increasing public cloud environments and containers. The report reveals a notable gap in security and compliance readiness across the rapidly growing cloud-container environs.

The report discloses some significant facts as:

  • 60 percent of organizations regard security and compliance a hindrance to winning new business associates.
  • 57 percent of those surveyed complained of significant delays in the sales cycle blaming troubles created to meet customer security requirements.
  • 31 percent of those surveyed said they were unable to cope with the growing cloud and container environments. As a result, 62 percent said they’re aiming for greater visibility into their public cloud workloads.
  • 40 percent of the respondents conveyed that in the next 12 months, they will have hybrid environments, which is an increase from the current 12 percent. Meanwhile, 45 percent of organizations plan on starting to test or deploy containerized environs, which is above the current 42 percent of those who already do.
  • 94 percent of respondents believe containers give negative security implications for their organizations.

As the market democratizes, companies are adopting more complex technical solutions that were earlier reserved for only software giants.

This, experts believe, has led to the creation of an opening for external as well internal threats as security teams catch up on the cloud, containers, etc.

Sam Bisbee, Threat Stack CSO feels, “Containers originally focused on resource isolation, offering system building blocks to address specific operational needs that could be coupled with security solutions – they were not supposed to be a replacement for VMs, which is how most teams treat them”.

India at 23rd position in the list of information secured countries

Oct 17, 2017

The second Global Cyber Security Index (GCI), released by the UN telecommunications agency, International Telecommunications Union (UTC) places India at 23rd position in the list of information secured countries. The rank is among 165 other nations across the world who have committed to cyber security.

The report reveals that only about half of all countries already have a cyber security strategy or are in the process of developing one. It urges countries to engage in cyber security education initiatives and job creation in the sector.

Singapore tops the index with a 0.925 score.

Other countries in the top 10 are United States, Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada.

The report says that 38 per cent of these countries have a published cyber security strategy while 12 per cent of governments are in the process of developing one.

The threat is dangerously worrying because in 2016, according to ITU, about one per cent of all emails sent were malicious attacks. The rate is the highest in recent years.

The findings show that there is “space for further improvement in cooperation” at all levels. It further advocates for encouraging governments to consider national policies that take into account cyber security and encourage private citizens to make smart decisions online.

Five point strategy of ITU to develop efficient information security systems

The Indian government has taken a few steps to bring the attacks under control. Under PM Narendra Modi’s tenure, the Central govt established the office of Chief Information Ofiicer of Cyber Security Cell under PM’s office. Dr Gulshan Rai is the first to hold the post.

CERT-In, an emergency response team is set up under the Ministry of Electronics and Information Technology for dealing with a range of cyber-attacks.

Apart from this, the Government of India has four Sectoral Computer Emergency Response Teams to address Cyber Security Threats in Power Systems: Transmission, Thermal, Hydro and Distribution.

All the four utilities have been asked to identify a nodal senior executive as its Chief Information Security Officer (CISO) to lead the process of strengthening organizational systems with respect to cyber security and implement an information security management systems as recommended by rules under the Information Technology (IT) Act 2008.

artificial intelligence, what is artificial intelligence, artificial intelligence notes, definition of artificial intelligence

Artificial Intelligence (AI) to affect 60%-70% of the current jobs

Oct 18, 2017

As the world moves from ‘globalization’ to ‘glocalization’, the era of digitization seems to make its entry into global markets too. We’ve stepped into the age of ‘digital disruption’ where every new technology succeeds over its predecessor, proving the former a failure.
Increasing digital market environments are becoming a goal for every contemporary business organization. Digital interventions of social, analytics, mobile, big data and cloud technologies are laying the foundation for transformation. When these are integrated into cognitive computing, robotics, internet of things, 3 D printing, they form multiple disruptive scenarios like P2P, remote healthcare, digital banks, etc.
From the industry perspective, digital disruption is blurring lines between practices and learning from one industry being implemented in the other. Proliferation of smart devices and surge of AI, is the new battleground that is taking many sectors by storm.
AI has become the new hiring manager as job losses are projected to be the next big story. A recent World Bank research shows that AI threatens 69% and 77% of jobs in India and China respectively. A report by US-based research firm HfS Research states that about 7 lakh low-skilled workers in IT and BPO industry in India are likely to lose their jobs 2022, due to automation and AI.
Further, AI is set to affect 60%-70% of the current jobs. They will either get marginalized or totally eliminated.
A number of AI-based startups like Skillate, Belong, Stockroom, etc. scan through resumes and contain automatically updating algorithms for CVs. All of these are slowly taking over jobs portals like monster.com, Indeed, etc.
AI is shaking up the recruitment industry. Companies like Airbnb, WeWork, are starting pay-per-use models in both products and services. This has consistently given rise to freelancers who enroll for project-based work in growing gigs economy. Projections show that 43% of the US workforce will be freelancers by 2020.
In the time interactivity, where AI ensures upgrade on the go, jobseekers often complained of websites becoming useless for their resumes. Many even complained of no update on feedback on their interviews.
With AI, the most prime concern is of privacy. It is naïve to believe that AI-based platforms only track data in the public domain. A lot of times, a candidate’s political bias might potentially affect the employer’s decision-making. Or in the digitally-dominated world, potentially employable candidates who don’t use a lot of computers, may miss out on opportunities.
It is largely expected by cyber specialists that gradually, a person’s digital footprints will significance in the future.

5 Strategies for Cyber Security in Small Business Organizations

Oct 16, 2017

If you’re a small business organization, there is absolutely no reason for you to neglect cyber security. Not spending on security or relying on outdated software to protect your data – both are equally bad ideas.

Here are a few ways you should undertake to prevent damage to the reputation of your business repute:

Backups: Cyber attackers and hackers never leave an opportunity to take your data “hostage” and demand a ransom before releasing that data. Hence, small organizations must practice backing up data in the cloud or a hybrid data centre.

Update IT Systems: As malicious attacks are evermore wreaking havoc in the cyber-verse, it is essential for organizations to protect their business data at all costs. A top to bottom evaluation with an emphasis on vulnerabilities is important. Key assets like information about property, confidential personal data, etc. must be guarded against.

   Cyber security education: In any data-security effort, any individual can intentionally or not become a “weak-link”. More often, an employee nursing grudge against the organization may compromise security. To avoid such incidences, smaller organizations can always undertake a rigorous cyber security education program.

Proper planning: Included in the data-security education program should be procedures teaching employees how to react in the event of unauthorized intrusions, example, phishing or malware attempts. A detailed incident response plan that redirects to helpdesks or IT teams can have a significant impact.

Mobile device security: A lot of times employees in small organizations use their mobile devices for work and work-related communication. The thought of data passage through unsecured channels is nightmarish enough for organizations to establish policies like – (i) Categorizing and restricting the types of information that can be shared or accessed through these devices, (ii) Enforcing network access control wherein employees can access your business’s VPN and email in a reliable manner, (iii) Determining whether mobile devices provided by the business can be taken off-site.

1 Comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Comment *