Posted on

Innovate faster with cloud technology, a data strategy and digital capabilities

Those who want to innovate faster in today’s dynamic and rapidly evolving market have to keep learning and changing in line with customer experience, process and technology trends. These changes are necessary to find new ways to add value for customers, increase sales and optimize processes. For us, these changes involve balancing the use of cloud technology with a data strategy and digital capabilities. Together, these three things enable the process of digital transformation.  

 

Accelerate innovation with the cloud

 

Most small and medium-sized businesses spend around 80 to 90% of their IT budget on keeping existing systems operational. This leaves little to invest in innovation. Innovation involves experimenting and ineffective experiments can be very expensive. With cloud technology it is possible to carry out experiments at low cost and pull the plug on experiments that fail to deliver. Cloud technology is indispensable for companies that want to grow. It is also a critical component of digital transformation.   

 

The cloud as accelerator at Dat.mobility

 

Our customer Dat.mobility has discovered the potential of the cloud as an innovation accelerator. With AWS cloud technology the company can meet the needs of the market faster and with greater agility. Peter Kant, innovator, strategist and product owner at Dat.mobility:    

“Luminis helped us develop a digital transformation strategy that included transitioning to the AWS cloud. They guided us through everything involved, from securing internal and external stakeholder interests to identifying possible transition paths, designing conceptual (cloud) architectures, right-sizing and developing business cases. This enabled us to make the right decisions to better meet the needs of our customers.”   

 

The importance of a good data strategy   

 

In addition to transitioning to the cloud, for most businesses a good data strategy is essential to develop innovations. Smarter use of data is the key to success both now and in the future. So rather than looking at the applications used, we focus on the available data, because that’s where the real value is. Our modular data strategy ensures controlled data mobility so our customers can access the right data faster.   

 

From data to engagement with the energy transition at Omons   

 

Our customer Omons, an initiative to support citizen engagement with the energy transition, is a good example of how this can work. In each municipality, there are different priorities, rules and conditions. These include things such as tax rates and per-kWh price. Omons had to find a way to make a huge amount of data and complex calculations manageable for citizens and asked Luminis to help. There needed to be one platform that could be used by people in different municipalities, while also allowing for differences in legislation and regulations. Based on feedback from workshops, we developed a cloud-based solution that helps increase citizen engagement while identifying and communicating potential cost savings.    

 

AI translates science into reality at Whispp   

 

Whispp is a cloud-based speech-enhancement solution that enables people who stutter and those with a voice disorder to have a relaxed and (almost) fluent conversation.  Audio technology created with artificial intelligence digitally adjusts the sound of the speaker’s voice on a smartphone or laptop. Whispp can be used for live conversations as well as phone and video calls. Together with patient associations, medical specialists and universities, Luminis was involved in the creation of the product from the first study onwards. The process involved converting ideas and theories into a valuable speech-enhancement solution – one that is scalable.  

 

Digital capabilities – the missing link  

 

Digital transformation involves both technological and organizational change. In addition to implementing the necessary technology, in-house knowledge and expertise are also needed to keep innovating in the future. Addressing security, improving accessibility of data and implementing an Agile way of working to achieve value creation faster and more effectively are all key in this respect.    

To keep innovating at product level and provide customers with what they need, it’s important to keep growing your in-house knowledge and expertise. To help with this, we employ gamification of knowledge with Cloud: The Game and the Cloud Proficiency App and our Accelerate process, in which together with our partners we train the tech leaders of tomorrow.   

 

Growth opportunities for every organization 

 

Identifying, exploiting and maximizing growth opportunities is our area of expertise. We are known for our creativity, our vision when it comes to the cloud and data, and our expertise in implementing digital transformation processes. We help organizations increase their capacity to think strategically and execute accordingly while continuing to develop their knowledge.  This is how we accelerate innovation and growth for companies that want to be ready for the future.  

 

About Luminis   

 

Luminis has been generating creative ideas, innovating and doing things differently for 20 years. This makes us the perfect innovation partner for companies that want to innovate. We are a team of inquisitive minds and diverse personalities, proud to help our customers get smarter about data and harness the full potential of the cloud. We will be happy to help you discover and maximize your potential.    
  

Posted on

Sneller innoveren: de rol van cloud, een datastrategie en digital capabilities

Wie sneller wil innoveren in deze dynamische, evoluerende markt wordt gevraagd continu te leren en veranderen op het gebied van klantervaring, processen en technologie. Veranderen, om in staat te zijn op nieuwe manieren waarde toe te voegen voor klanten, omzet te verhogen en processen te optimaliseren. Voor ons vindt die verandering plaats in het vinden van de balans tussen gebruik van de mogelijkheden van de cloud, een datastrategie en digital capabilities. De combinatie van deze drie zaken maakt het mogelijk een digitale transformatie te realiseren.  

 

Sneller innoveren dankzij de cloud   

 

De gemiddelde IT-manager van een MKB+ organisatie geeft vaak zo’n 80-90% van zijn IT-budget uit aan het operationeel houden van datgene dat er al is. Daardoor blijft er maar beperkt ruimte over om te investeren in innovatie. Innoveren is experimenteren en ineffectief experimenteren kost vaak veel geld. Met cloudtechnologie krijg je de mogelijkheid om experimenten uit te voeren tegen lage kosten en om de stekker uit een experiment te trekken wanneer het niet brengt wat je ervan had verwacht. De cloud is onmisbaar voor wie wil groeien en onomstotelijk onderdeel van digitale transformaties.   

 

De cloud als accelerator bij Dat. Mobility   

 

De mogelijkheden van de cloud als innovatieversneller zijn bijvoorbeeld duidelijk zichtbaar bij onze klant Dat.mobility. Deze organisatie heeft haar snelheid en wendbaarheid vergroot en is dankzij AWS cloudtechnologie in staat sneller te reageren op behoeften uit de markt. Peter Kant, innovator, strateeg en product owner bij Dat.mobility:    

“Luminis heeft ons ondersteund bij het verkennen van een transformatiestrategie richting de AWS-cloud en alles wat daarbij komt kijken: het borgen van de belangen van interne en externe stakeholders, het uitwerken van mogelijke transitiepaden, het opstellen van conceptuele (cloud)architecturen, het uitvoeren van sizing en het opstellen van business cases. Alles bij elkaar stelde dit ons in staat de juiste knopen door te hakken om beter te kunnen voorzien in de behoeften van onze klanten.”   

 

De impact van een goede datastrategie   

 

Ter aanvulling op een transitie naar de cloud is voor de meeste organisaties ook een goede datastrategie essentieel om innovaties te realiseren. Succesvol zijn nu en in de toekomst begint bij het slimmer inrichten van data. Daarom kijken wij niet naar de applicaties die worden gebruikt, maar naar de beschikbare data, want daarin zit de echte waarde. Met onze modulaire datastrategie zorgen we voor gecontroleerde beweeglijkheid, wat onze klanten in staat stelt sneller te beschikken over de juiste data.   

 

Van data tot consequentie van de Energietransitie bij Omons   

 

Een goed voorbeeld hiervan is onze klant Omons, een initiatief om de betrokkenheid van burgers bij de energietransitie te ondersteunen. In iedere gemeente gelden andere regelgeving, doelstellingen en voorwaarden, denk bijvoorbeeld aan belastingtarieven of kostprijs per kWh. Omons vroeg Luminis te helpen met het vinden van een manier om een grote hoeveelheid data, gecombineerd met complexe berekeningen, behapbaar te maken voor burgers. Het platform moest bruikbaar zijn voor mensen uit verschillende gemeentes, maar wel aanpasbaar aan de verschillen op gebied van wet- en regelgeving. Aan de hand van workshops ontwikkelden wij een cloudgebaseerde oplossing, die bijdraagt aan het verhogen van de betrokkenheid van de burgers, mogelijke kostenbesparingen identificeert en communiceert. 

 

AI maakt wetenschap realiteit bij Whispp   

 

Whispp is een cloudgebaseerde spraakoplossing gerealiseerd met kunstmatige intelligentie, die het voor stotteraars of mensen met een stemaandoening mogelijk maakt een ontspannen en (bijna) vloeiend gesprek te voeren.  De audiotechnologie past het geluid van jouw spraak op de smartphone of laptop digitaal aan. Denk aan live gesprekken, telefoneren of videobellen. Luminis is vanaf het eerste onderzoek, samen met patiëntenverenigingen, medisch specialisten en universiteiten, bij de creatie van het product betrokken geweest: van het omzetten van ideeën en hypotheses naar een waardevol spraakoplossing die nota bene schaalbaar is.  

 

The missing link: Digital capabilities  

 

Een digitale transformatie is naast een technologische ook een organisatorische verandering. In aanvulling op het implementeren van de benodigde technologie is ook in-house kennis en expertise nodig om in de toekomst te blijven innoveren. Denk hierbij aan vraagstukken op gebied van security, het beter toegankelijk maken van data en het implementeren van een Agile manier van werken zodat waarde-creatie effectiever en sneller gerealiseerd kan worden.    

Om te blijven innoveren op productniveau en klanten te voorzien in wat ze nodig hebben is het belangrijk te blijven werken aan de kennis en expertise van eigen mensen. Dit doen wij bijvoorbeeld door middel van gamification van kennis met Cloud: the Game en de Cloud Proficiency App, maar bijvoorbeeld ook met ons Accelerate traject, waarin we samen met verschillende partners de techleiders van de toekomst opleiden.   

 

Groeimogelijkheden voor iedere organisatie 

 

Groeimogelijkheden ontdekken, benutten en helpen realiseren. Dat is ons speelveld. We blinken uit in creativiteit, visie op gebied van cloud en data en de uitvoering van digital transformation trajecten. We voegen strategisch denk- en uitvoeringsvermogen toe aan organisaties en helpen tegelijkertijd in kennisontwikkeling.  Zo realiseren we versnelling van innovatie en groei voor organisaties die klaar willen zijn voor de toekomst.  

 

Over Luminis   

 

Al 20 jaar staat Luminis voor innovatie, creatieve ideeën en dingen net even anders doen. Dat maakt ons de innovatiepartner voor bedrijven die willen innoveren. Wij zijn een team nieuwsgierige geesten en diverse persoonlijkheden, trots om onze klanten van dienst te zijn in het slimmer inrichten van data en gebruikmaken van alle mogelijkheden die de Cloud biedt. We helpen graag met het ontdekken en realiseren van jullie potentieel.    
  

Posted on

What Does the Future of Cloud in Europe Look Like?

Cloud technologies have been catalysts for growth, innovation and agility for data-driven organizations across Europe. How do IT leaders ensure that their organizational cloud-based environments are scalable, effective and comply with relevant data privacy regulatory laws?  

Daniel Melin, Strategist at Skatteverket; and Kaj Kjellgren*, Senior Network Architect at Netnod Internet Exchange; help us navigate the current volatile cloud landscape and provide answers to important questions on cloud security, compliance, and challenges. In addition, we hear about the roles they play in the highly anticipated and talked about cloud project, Gaia-X.  

 

How can businesses ensure effective cloud data protection?  

Daniel: Customers need to choose cloud services that are sufficiently secure for their information. When evaluating security, the customer needs to take the whole spectrum of security into account; physical, IT, information, legal, and political. Security is like a chain and every link has to be evaluated

The Swedish Tax Agency has established a cloud center of excellence consisting of experts in IT security, legal, data protection, document and archiving, physical security, procurement, and architecture to make sure that all aspects are looked at before a new cloud service is enabled for users. 

Kaj: Protection of data must be based on an initial categorization of the data itself and identification of requirements on each data element. Not every piece of data requires the same protection. Of course, there are legislations and traditional security requirements that have to be followed.

For information security, this normally comprises availability, correctness, and confidentiality. If you start from zero, orchestrated microservices are the easiest way of ensuring adequate protection using the zero trust concept to isolate the various containers touching the data. Once again, this has to be according to the defined requirements for each data element. This orchestration, often called cloud, can be self-hosted or hosted by third parties, just like any service an organization needs.  

 

What are the biggest challenges concerning compliance with cloud data protection regulations and laws? 

Daniel: There are direct challenges with laws like the Swedish Public Access to Information and Secrecy Act (offentlighets- och sekretesslagen) and the GDPR. Both are challenges for Swedish public sector customers today. However, the Protective Security Act will be the hardest law to comply with, especially when a non-Swedish cloud provider has access to huge amounts of aggregated information. 

Kaj: The main legal challenge for any IT-related issue since 1990 is that legislation is different in different jurisdictions. The market economy pushes for large specialized organizations, services, and products that are bigger than any jurisdiction. This has hurt the flow of money and created tax havens for a number of years. A similar situation now exists for services. 

Those rules made by politicians with imaginary borders do not comply with the foundation of the Internet, which was made by technicians and engineers to be open, free, and unlimited by country borders between jurisdictions. On top of that, no single economy today is large enough to produce services for that economy alone without having to scale impact price for production. 

 

Tell us about your role in the Gaia-X project. 

Daniel: The Swedish Tax Agency currently has an assignment from the Swedish government to monitor Gaia-X. That work includes talking to all relevant stakeholders, gathering information, presenting at conferences, and taking part in the Swedish hub. We are positive about Gaia-X and what it brings to the table. 

Kaj: Netnod is one of the founding members of Gaia-X in Sweden, and together with similar organizations helps with basic services like transport which are needed for players higher up in the value chain. We are currently most active in the Sub-working group Interconnection & Networking which lies under the Architecture Workgroup within the Technical Committee under Gaia-X AISBL. 

 

What role does the human factor play in cloud security and vulnerability? 

Daniel: The human factor is as relevant as always; I don’t see that cloud services create any particular new challenges. However, a successful breach of a hyperscaler yields an extreme effect due to its size and storage of aggregated information. 

Kaj: When implementing any kind of service, there are many different kinds of threats where insider actions, both mistake or intentional, are included. This is where a proper orchestration of microservices using zero trust comes into play. The integrity of a pod managing certain data is important so that it is self-contained and secure regardless of how an attack against the data is designed. One never knows the goal of the attacker, so second-guessing detailed attack scenarios is always doomed to failure. There are always unknown unknowns.  

Most cloud services are provided as unmanaged components, pieces of a bigger puzzle, regardless of whether the cloud is self-hosted or not. The engineers at a company have to create a functional workflow that creates, configures, and secures solutions based on these pieces. This is both a big risk and a safety net, since a lot of people don’t fully understand the complexity of said services and tools, and don’t understand what needs to be secured or how. That being said, those tools are built to be robust and not expose users to dangerous or even impossible configurations. 

 

What areas should organizations consider when choosing a cloud service provider? 

Daniel: One of the biggest concerns today is that cloud service providers have to adapt better to customer needs. Currently, there are a handful of providers offering a one-size-fits-all model. It is certainly a cost-effective model, but the price tag on the invoice does not tell the whole story. The legal implications when using cloud services based in countries with extraterritorial legislation will be an ongoing issue. 

Kaj: Categorization of information must take place, followed by an analysis of what requirements there are in each category. The requirements have to take both legal and security (availability, confidentiality, and correctness) aspects into account. In some cases, there is a balance between goals where the so-called risk appetite is to be decided upon. Be aware of benefits and risks, and make sure you avoid creating solutions where there are too many unknown unknowns.  

 

What are your predictions for cloud trends in the next five years?

Daniel: We will see a market with more cloud providers, from small to hyperscalers, which will provide cloud services that fit different customers. The American hyperscalers will continue to license their technology to other cloud providers. Laws and regulations related to national security will be broader and will affect both cloud providers and customers more and more. The effects of geopolitics will be worse over time and the EU will follow China and USA in being more protectionist. 

Kaj: We see more legislation, specifically in the EU, that isolates the EU from the rest of the world. This will create more borders that force us to use different solutions for different jurisdictions. What we instead need to do is harmonize the laws and regulations in different jurisdictions with each other so the market for IT-related services will not be as fragmented. We are close to a situation where we have serverless environments, with only pods managing information. Everything is orchestrated by mechanisms that understand both information and the policies applied to the information. 

 

The answers have been edited for length and clarity.

*Part of Kaj Kjellgren’s answers were contributed by his colleagues at Netnod: Mattias Ahnberg, Head of Architecture & Development; Patrik Fältström, Technical Director & Head of Security; and Christian Lindholm, Head of Sales and Marketing & Senior Product Manager

Posted on

The Top Worry In Cloud Security for 2021

The cloud is an environment full of potential. It provides easy access to technologies that simply weren’t available a decade ago. You can now launch the equivalent of an entire data center with a single command.

Scaling to meet the demands of millions of customers can be entirely automated. Advanced machine learning analysis is as simple as one API call. This has allowed teams to speed up innovation and focus almost exclusively on delivering business value.

But it’s not all unicorns and rainbows.

The assumption was that alongside this increased potential, the security challenges we see on-premises would grow as well. Teams should be struggling with zero days, vulnerability chains, and shadow IT.

It turns out they aren’t. At least those issues are nowhere near the top of their list of concerns. The top security challenge for builders in the cloud is very straightforward.

Their biggest challenge is making mistakes in the form of service misconfigurations.

 

Shared Responsibility

First, let’s look at the evidence around the initial assumption that people make about cloud security. They assume the cloud service providers themselves are a big risk. The data doesn’t support this at all.

Each of the big four cloud service providers; Alibaba Cloud, AWS, Google Cloud, and Microsoft Azure, have had two security breaches in their services over the past five years…combined. Now, before we get into each of these, it’s important to note that each of the big four has had to deal with tons of security vulnerabilities over this timeframe.

A large number of cloud services are simplified managed service offerings of popular commercial or open-source projects. These projects have had various security issues that the providers have had to deal with.

The advantage for us as users, and builders, is how operations work in the cloud. All operational work done in any cloud follows the Shared Responsibility Model. It’s very straightforward.

There are six primary areas where daily operational work is required. Depending on the type of service you are using in the cloud, your responsibilities shift. If you’re using instances or virtual machines, you are responsible for the operating system, the applications running on that OS, and your data. As you move to an entirely managed service, you are only responsible for the data you process and store with the service.

For all types of cloud services, you are responsible for service configuration. despite having a clear line of responsibilities, the providers offer many features to help you meet your responsibilities and adjust the services to suit your needs.

 

Cloud Service Provider Issues

Now, let us take a look at providers’ security issues over the past five years… the first one is from March 2020. In this case, Google Cloud paid out a $100,000 reward through their bug bounty program to a security researcher who found a privilege escalation issue in Google Cloud Shell.

This is a service that provides a browser-based interface to the command line of a virtual machine running in your account. Under the covers, this shell is simply a container running an application to provide the required access. The researcher noticed that they were able to use a socket connection in the container to compromise the host machine and escalate their access.

The root cause? A misconfiguration in the access to that socket.

The second example is from January 2020 and it involved a service offered in Microsoft Azure. Here an issue was reported in the Microsoft App Service offering. This vulnerability allowed an attacker to escape the expected boundaries of the service and access a limited-scope deployment server with elevated privileges.

The reason? A misconfiguration in the open-source tool used to provide this web app hosting service.

In both cases, the vulnerabilities were responsibly disclosed and quickly fixed. Neither issues lead to any reported customer impacts. Both of these cases were in higher-level cloud services. These are services that the provider’s teams built using other services on the platform. As a result, and in line with the shared responsibility model, they were at risk of a service misconfiguration.

Even hyper-scale providers face this challenge!

 

3rd Party Validation

There’s more evidence to support the fact that misconfigurations are the biggest issue in cloud security. Security researchers in the community who study cloud issues have all published findings that align with this premise. Whether from other security vendors or industry organizations, the findings agree: that 65-70% of all security issues in the cloud start with a misconfiguration.

Making it worse, 45% of organizations believe that privacy and security challenges are a barrier to cloud adoption.

Why is that worse?

When understood, the shared responsibility model makes it easier to maintain a strong security posture. Organizations should be pushing to move faster to the cloud to improve their security!

 

Direct evidence

However, surveys and targeted research projects only go so far. What does the publicly available evidence say? Here’s a list of some of the most visible cloud security breaches in recent years;

 
 

If you filter out all the reports of cloud hacks and breaches to remove incidents that were not cloud-specific—so those where the issue wasn’t related to the cloud, the service just happened to be there—over two billion sensitive records have been exposed through a breach in cloud security.

Let’s take this further and remove every single breach that wasn’t due to a single misconfiguration.

Yes, single. One wrong setting. One incorrect permission. One simple mistake…caused all of these breaches.

That leaves the Capital One breach. This more complicated event was caused by …two misconfigurations and a bug. An in-depth analysis of this breach shows that the bug was inconsequential to the overall impact which was 100 million customer records being exposed.

What’s more, is that Capital One is a very mature cloud user. They are a reference customer for AWS, they’ve been a huge advocate of the cloud within the community and were the incubator for the very popular open-source security, governance, and management tool, Cloud Custodian.

This is a team that knows what they are doing. And yet, they still made a mistake.

 

Pace of Change

That’s really what misconfigurations are. They are mistakes. Sometimes those mistakes are oversights, and other times an incorrect choices made due to a lack of awareness.

It all comes back to the power made accessible by the cloud. Reducing these barriers has had a commensurate increase in the pace of innovation. Teams are moving faster. As these teams mature, they can maintain a high rate of innovation with a low failure rate.

In fact, 43% of teams who have adopted a DevOps philosophy can deploy at least once a week while maintaining a failure rate of under 15%.

Critically, when they do encounter a failure, they can resolve it within the day…more impressively 46% of those teams resolve those issues within the hour. But, as we know, cybercriminals don’t need a day. Any opening can be enough to gain a foothold creating an incident.

What about teams that aren’t at this pace? Well, the other 57% of teams, the majority of which are large enterprises, often feel that their lack of pace provides protection. Moving cautiously in the cloud allows them to take a more measured approach and reduce their error rates.

While this may be true—and there’s no evidence to support or disprove this assumption—change is still happening around them. The cloud service providers themselves are moving at a rapid pace.

In 2020, the big four hyper-scale providers released over 5,000 new features for their services. For single cloud users, that means almost 2 new features a day…at a minimum. For the growing set of multi-cloud users, the pace of change only increases. So even if your team is moving slowly, the ground underneath them is shifting rapidly.

 

Goal of cybersecurity

Now the goal of cybersecurity is actually quite simple. The goal is to ensure that whatever is built works as intended and only as intended. In a traditional on-premises environment, this standard approach is a strong perimeter and deep visibility across the enterprise.

That doesn’t work in the cloud. The pace of change is too rapid, both internally and with the provider. Smaller teams are building more and more. Quite often, by design, these teams act outside of the central CIO infrastructure.

This requires that security is treated as another aspect of building well. It cannot be treated as a stand-alone activity. This sounds like a monumental task, but it’s not. It starts with two key questions;

  1. What else can this do?
  2. Are you sure?

This container running the code creates the financial reports. What else can it do? Can it access other types of data? Are you even sure it’s the right container?

This is where security controls provide the most value.

 

Top pain points to address

Most of the time when we talk about security controls, we talk about what they stop. Using an intrusion prevention system can stop worms and other types of network attacks. Anti-malware controls can stop ransomware, crypto miners, and other malicious behaviors.

For every security control, we have a list of things it stops. This is excellent and works well with subject matter experts…a.k.a the security team.

Builders have a different perspective. Builders want to build. When framed in the proper context, it’s easy to show how security controls can help them build better.

Posture management helps ensure that settings stay set regardless of how many times a team deploys during the week. Network controls assure teams that only valid traffic ever reaches their code. Container admission control makes sure that the right container is deployed at the right time.

Security controls do so much more than just stop things from happening. They provide answers to critical questions that builders are starting to ask.

What else can this do?”. Very little thanks to these security controls.

Are you sure?” Yes. I have these controls in place to make sure.

When built well and deployed intelligently, security controls help teams deliver more dependable, easier-to-observe, and more reliable solutions.

Security helps you build better.

Posted on

CIO Investments: Which Tech Is Your Priority?

As the world crosses into 2021, the distribution of the COVID-19 vaccine has brought surges in global stocks and market optimism.

However, even with great hopes of economic recovery by the end of 2021, organizations still need to ensure that their business growth and plans continue positively. Chief Information Officers (CIOs) are playing a big part in achieving these goals by maximizing information technology (IT) investments and advancements.

 

What IT Investments To Focus On?

 

According to our Executive Trend Survey, 67% of CIOs placed data science as a top priority for 2021 with core focuses on analytics strategy, data management, and big data analytics

Meanwhile, cyber security and cloud were named as other top CIO priorities by 59% and 53% of surveyed leaders respectively.

 
 

But what does this mean for CIOs across the industries?

Based on feedback from CIOs and key IT executives, the majority (47%) of them are facing 2021 with slight changes in their goals and a lower budget for their function.

 
 

With limited budgets, CIOs need to pick and choose which goal takes priority over the others and select a solution that will truly give them the return on investment they seek.

Thus, even if CIO trends point towards analytics if their current end objectives don’t correspond with the need for data solutions, they should focus on more pressing investments.

Another key factor influencing their investment priorities lies in the current maturity levels of their technology and operations. For instance, some are still new in forming data strategies while others are more advanced in their data-driven processes, thus their focus areas in the use of data science differ greatly.

 

Investing In Data Science

 

Today, it’s uncommon to find any company that is not taking advantage of their data. From enhancing customer experience to improving predictive maintenance, business leaders are aware that data is critical to their organizational growth.

But which area of data analytics should your organization focus on? Between the different analytics applications and components, what should be the foremost priority?

In recent interviews with CIOs and other IT decision-makers, over 450 of them named analytics as their core focus. Even so, under the analytics umbrella, their interests ranged from big data analytics and predictive analytics to data warehousing and analytics strategy.

 
 

55% of them selected data management as their foremost investment in analytics, naming master data management (MDM) and product information management (PIM) implementation as some of their projects.

 
 

The MDM solution is largely adopted by the banking, financial services and insurance (BFSI) sector to manage massive amounts of transactional data on their customers. PIM, on the other hand, is seeing higher demand by the e-commerce industry and an anticipated fast growth in the media and entertainment sector.

In regards to data analytics strategy, some of the CIOs are investigating how they can make the business work more efficiently through analytics strategy while others are taking the next steps to improve data quality.

On the other hand, a number of the interviewed decision-makers are still setting up and realizing their data strategy, indicating that they’re still in the planning stages and concentrating on becoming a data-driven organization.

 

Investing in Cyber Security

 

Meanwhile, our most recent interviews with CIOs on cybersecurity investments discovered that cloud security is foremost on their priority list followed closely by cyber security strategy.

 
 

From our findings, a number of the interviewed decision-makers expressed interest in implementing security information and event management (SIEM) solutions.

 
 

Another hot spot in 2021 cyber security spending, according to Forbes, is identity and access management (IAM), which is a prime focus for 30% of business leaders investing in cyber security. Some of their projects regarding access and identity management include:

 
 

With uncertainties still forthcoming, some CIOs are worried about guaranteeing a high level of cyber security with a limited budget while facing challenges in approaching the topic of online security to a diversified and remote workforce.

 

Investing in Cloud

 

Based on CIO investment feedback from the interviews, most of them are still in the planning stage of their cloud strategy with cloud integration and migration as their core priorities.

 
 

Microsoft Azure, Amazon Web Services, and Google Cloud are three of the most popular cloud platforms in the market, and interviewed decision-makers are contemplating between the cloud computing services while some are even working with all three of the platforms.

Alternatively, a group of IT leaders and other key C-suites are working towards a hybrid cloud environment, which is commonly used in industries such as:

What is Your Focus Area?

 

As seen in our survey findings and interviews, each of the IT leaders is prioritizing a specific solution that best serves their target goals with consideration to their budget, their available expertise and IT talents, and current processes.

For some, the immediate focus is on surviving the consequences of the pandemic, “which has become the number one objective for most emerging technology investments”, according to KPMG’s research. For others, it’s an opportune time to shift to a more digital business model and accelerate their digital transformation.

Nevertheless, while benchmarking and taking note of emerging IT trends help your organization to measure business performance against other companies, the global situation and market uncertainty are still expected to significantly affect information technology investments.

The important thing is to have a solid focus on your strategic IT priorities, adopting agility and adaptability for business continuity, and making smart investments to prevail in the long term.

Posted on

IT Benchmark 2021: Where Do You Stand Among the CIOs?

CIO IT Benchmarking

The outbreak, evolving workscape, a volatile market, changing customer demands –  Chief Information Officers (CIOs) have their hands full in strategizing IT projects while maximizing the value of technology investments.

With the modern CIO role entailing more strategic decision-making, you need to identify key technologies that not only help advance the organization’s digital transformation, but that also increase its business value and competitive edge.

So how effective is your IT strategy compared to other organizations in your industry? Are there areas where your peers are ahead of you? Let’s dive into the IT benchmark data for the coming year.

Data Science Takes The Lead

In 2019, Management Events’ Executive Trend Survey found that 88% of CIOs across Europe were focusing on cyber security adoption for the coming years, followed by cloud and big data.

However, the pandemic has shuffled tech priorities with the latest survey discovering that data science and analytics have taken precedence over cyber security for 2021.

Although the findings point towards a higher importance of data science, the surveyed CIOs seem to be almost equally torn between data, cyber security and cloud investments. The close gaps indicate that these three technologies are vital parts of CIOs’ business continuity and recovery strategies.


The Rise Of Data

Based on our survey and interviews with IT decision makers, their core data focuses are on analytics strategy, data management and big data analytics, with the majority looking for data science and analytics to be scaling within their organization in 3 years.

Almost 82% of the surveyed leaders said they are updating data analytics models to accommodate changing market behavior. Furthermore, 73% agreed that they’re heavily investing in data-driven business models for post-COVID-19 survival.


Compared to the 2020 annual budget of between €100,000 and €250,000, the budget allocated by the CIOs for 2021 data analytics spending in their organization is higher, with the majority looking to spend in the €500,000 range.


As for data tech adoption, the majority of CIOs are currently building capabilities by hiring new talents with the required skills. However, in the future, they are looking to change their adoption strategy by investing in other companies to acquire the skills.

Diving deeper into the benchmark data, most of the IT leaders focusing on data analytics are from the retail and consumer industry, followed by the banking and financial services industry. Incidentally, aside from data analytics, the retail CIOs are also looking into e-commerce implementations.


Join the discussion on the latest IT trends with leading CIOs, CTOs and more at 600Minutes Executive IT  in Sweden, Austria, The Netherlands, Switzerland, Belgium, Denmark, Germany, and Norway.

Cyber Security Is Still A Priority

With cybercrimes on the rise, businesses around the world are working hard to prevent data breaches and system disruptions. At the same time, companies are in the midst of strengthening their security framework, from securing endpoints to stronger online protection.

So what are the cyber security benchmark and CIO cyber security focus areas for 2021?

In terms of security investments, data security and privacy is one of the core focal points among European CIOs along with a more robust cyber security strategy and emphasis on cloud security.


As COVID-19 saw increasing security breaches, it’s not a surprise that employee awareness training on cyber security is a top priority for 95% of IT leaders. Meanwhile,  89% of the IT C-executives are expecting a rise in predictive and behavioral detection to prevent cyber attacks.

Similar to data science, cyber security’s annual budget was also ranging between €100,000 and €250,000 for 2020, but has increased to €500,000 for 2021, according to the IT leaders in our survey.

Currently, 58% of the decision makers are partnering with vendors and consultancies for their cyber security solutions, but in the future, most of them are looking at partnering with organizations in other industries to create security ecosystems.

Incidentally, IT leaders from the manufacturing industry make up the majority of surveyed CIOs looking to invest in cyber security.

Cloud Increase On The Horizon

 

On cloud benchmark data, our survey found that cloud is the third topmost tech priority for 2021 with the majority interested in cloud migration coming from the banking and financial services industry.

88% of the cloud-focused respondents are currently looking to migrate their workload to the cloud for increased business efficiency, and the survey also discovered that cloud infrastructure and cloud platforms are primary aspects of the CIO cloud strategy.


Unlike the other aforementioned technologies, cloud migration seems to have different budget ranges. The CIO respondents are divided between spending less than €500,000 and between €500,000 and €1 million in the coming year, when in 2020, the annual budget for cloud was mostly less than €50,000 and between €100,000 and €250,000.

Currently, their cloud adoption approach is partnering with external vendors and training their employees, but 68% of the IT leaders are hoping to acquire the necessary cloud capabilities by investing in other companies in the near future.


How Should You Respond?

Before undertaking a benchmarking opportunity, there is much to consider:

  • Are you looking at industry benchmark data or more towards IT budget benchmarks?
  • What performance or process gaps are you seeking to enhance?
  • Do you have a clear objective for the tech implementation?

While the trends are pointing mainly towards data analytics, investing in this solution must be in line with your organizational and industry goals. As Datafloq puts it, companies need to “dig down to understand if [data analytics] is worth it”, and if it’ll bring them the return of investment (ROI) that they are looking for.

Data analytics use case of a CIO interviewee from a Dutch online travel agency:

  • What’s the objective of analyzing the data? To improve booking experience and behavior recognition
  • What data are they looking at? Online customer behavior
  • What are they using to process the data? Big data analytics and predictive analytics

The same goes for all innovations that are the focus of CIOs. Although market trends are pointing to a certain technology, it doesn’t mean that everyone must jump on the bandwagon.

Data benchmark is just one indicator of your organization’s performance that will potentially inform you on which areas you need to improve, but identifying the right elements to benchmark is the key. It’s vital to choose elements and technologies that will bring the most positive impact to your organization’s growth and revenue.

Posted on

Silver Peak & Zscaler: Making SASE Work for You

As part of their digital transformation strategy, many enterprises are actively migrating applications to public cloud infrastructure and Software-as-a-Service offerings. Enterprise IT objectives and expected benefits of cloud migration include:

  • Increased agility
  • Higher application performance and availability
  • Improved application accessibility for users
  • Reduced data center footprint
  • Lower costs

Unfortunately, the transformational promise of the cloud often falls short of meeting these expectations.

Why? Because traffic patterns have changed.

They have changed not only due to the migration of apps to the cloud, but also in response to today’s “work-from-anywhere” world. Users now access applications from anywhere, from any device and across diverse WAN transports, including residential broadband.

IT has quickly come to realize that making incremental investments in their legacy routers and firewalls didn’t yield the desired outcomes. Traffic bound for the internet was still backhauled to the corporate data center, adding unnecessary latency and negatively impacting application performance.

What’s required is a complete transformation of the wide area network, and this transformation has fueled the biggest evolution of the WAN in two decades: the software-defined wide area network, or SD-WAN.

The combination of workers accessing business applications from home and remote locations (e.g. airports, coffee shops), along with the explosive growth of IoT devices is rendering the traditional enterprise security perimeter ineffective. Today’s cloud-first enterprise must arm workers with a security service solution that follows them wherever they go.

As we’ve already seen, continuing to use a hub-and-spoke architecture, backhauling internet-bound traffic to the data center for advanced security inspection, results in a sub-optimal user experience. What’s needed is a complete transformation of security infrastructure, and this has driven the rapid adoption of modern cloud-delivered security services.

WAN Transformation + Security Transformation = Digital Transformation

Only by transforming both the WAN edge and security architectures can the full promise of the cloud be fully realized.

In a report published by Gartner in November 2019, they proposed a new model called the secure access services edge – SASE for short. The model describes the integration of core WAN edge capabilities such as SD-WAN, routing and WAN optimization at the branch locations with a comprehensive array of cloud-delivered security services such as secure web gateway (SWG), firewall-as-a-service (FWaaS), cloud access security broker (CASB), zero trust network access (ZTNA) and more.

A key design principal of SASE is the transformation from complex hardware-laden branches to thin branches with cloud-native security services. The promises of the SASE model are many:

  • Improved user experience by delivering better application performance by breaking out cloud traffic locally over the internet from the branch
  • Operational efficiency by simplifying branch WAN infrastructure and through centralized orchestration of application, network and security policies
  • Reduced risk with consistent, always-up-to date, business-driven security policy enforcement
  • Increased business agility by significantly reducing the time to bring new sites and applications online or to update application and security policies

But simply adopting just any SD-WAN solution and cloud security offering is not enough to maximize the return on cloud investments described earlier.

While those individual solutions might deliver on the app performance/availability and accessibility promises and enable the shrinking of the data center, that approach falls short of delivering increased business agility and lower costs. And it won’t address consistent security policy enforcement across all users, locations and devices to mitigate risk to the enterprise.

What’s needed is fully automated orchestration of the WAN edge network functions and cloud-delivered security services. This is a 1 + 1 = 3 benefit for IT and the enterprise.

Posted on

Endpoint Security and the Future of the Cyber Security Landscape

Establishing the Zero-Trust Cybersecurity Framework

In recent years, Cybersecurity has repeatedly been one of the leading anxieties for enterprises worldwide, and in 2020, that trend intensifies. Traditionally, it is easy to shirk the organization’s IT responsibilities and point fingers towards CIOs, CISOs, and the CTO. However, it would be imprudent not to acknowledge that most cybersecurity incidents have arisen due to employee negligence. As such, the culture of taking proactive security measures should be borne by the entire organization.

 

“Today, the only way to be sure your system is good enough from a security point of view is for the whole IT team to design everything with security in mind,” says Grossi. “It’s no longer okay to be only mobile first or cloud first; it’s got to be security first.”

Piergiorgio Grossi (Former Chief Information (CIO) and Digital Transformation Officer at Italian motorcycle-maker Ducati)

 

A glance at today’s cybersecurity landscape

Cyber attacks alongside Deepfakes continue to increase year over year. According to the ISACA’s Global State of Cyber Security Survey—a survey of more than 2,000 information security professionals from more than 17 industries—looks at the threat landscape, the measures security professionals employ to keep their organizations safe, and key trends and themes in the practice of security.

The cybersecurity landscape presents a positive and negative outlook. On the positive side, at least 50% of fully or appropriately staffed teams are more confident in their abilities to respond to cyber threats. While on the negative side, 62% of survey participants agree that cybercrimes are severely under-reported, and 52% believe that it is very likely their enterprise will experience a cyber attack in the next 12 months. Nevertheless, Information security professionals still believe that real progress is being made against common threats.

The most common threat actors being Cyber Criminals (22%), Hackers (19%), Malicious Insiders (11%), Non-Malicious Insiders (10%), Nation-State Attackers (9%), and Hacktivists (8%). The most frequent attack methods being Social Engineering (15%), Advanced Persistent Threat (10%), Ransomware (9%), and Unpatched systems (9%). Other noteworthy methods are Distributed Denial of Service (DDoS) and Mobile Malware, especially via android.

Fortunately, Google is making more headway with its latest privacy-focused features and increased efforts toward security updates. Android 10 (Pie) introduced granular controls over app permissions, while the upcoming Android 11 (currently available as a developer preview) further conveys their commitment to improvements in security with the implementation of temporary one-time access, allowing an app to use, for example, your phone’s location or camera. Android 11 continues this security-focused expansion and uses biometrics (Face, Iris, and Fingerprint data) to authenticate apps and services. Android 11 will also support digital driver licenses and other identification documents.

The ISACA survey also shows that organizations that take longer to fill in their cybersecurity and related positions report an increase in cyber attacks. Enterprises that took less than 2 weeks experienced 26% more cyber-attacks this year. Those who took around three months experienced 35% more attacks this year. Those who took six months or more experienced 38% more attacks. While those who were or still finding it hard to fill the positions experienced 42% more cyber-attacks this year.

 

Why Endpoint Attacks Occur

There used to be a distinct difference between the inside and outside of an organization, with infrastructures possessing clearly defined roles and boundaries. Organizations would have offices with computers and servers running on-site, creating a physical firewall, and ensuring that data often never leaves the company.

However, with the rise in telecommuting, more employees were asked or forced to work from home where there is no apparent, easily guarded line that can keep all the data in and attackers out of the system.

Worse is that some organizations still have a legacy viewpoint of the boundaries. Combine that with the BYOD trend, and all these lead to an increasingly expanding frontline. Causing security personnel to deal with relatively easy to hack employee-owned devices. This is further compounded by the fact that most employees expect convenience—many opting to use free and popular services to bring their data outside the company and with them. The majority of these services are infamously insecure, as have been pointed out by several hacks lately.

One such cyber attack is the recent discovery of an additional six malicious Android apps (11 similarly malicious apps were discovered in July) that slipped through the Google Play Store’s safety net to plant malware on Android devices. Another phishing attack targeted government and security organizations, using a legitimate Box page with Microsoft 365 branding to trick the victims.

The attackers were careful to appear quite convincing. Botnets facilitated spam and malicious emails with sender names and domains from a legitimate third-party vendor, asking readers to view a sensitive financial document. Viewers who clicked the link were led through a series of pages till they landed on a phishing page, built to resemble the Office 365 login portal, where they were asked to log in with their corporate credentials.

According to the cybersecurity awareness and data analysis firm, CybSafe and data from the UK Information Commissioner’s Office (ICO), 90% of the 2376 cyber breaches reported to the ICO in 2019 were attributed to end-users’ errors. This was a significant increase from the years prior, with 61% in 2017 and 87% in 2018. The cybersecurity company reported phishing accounted for 45% of all reported cases, making them the primary cause in 2019 in the UK.

There is a general lack of public understanding around basic secure behavior, such as spotting fraudulent links and phishing emails, sending the wrong document to the wrong person, leaving a computer unlocked, or plugging in unidentified USB sticks. However, there are two sides to this human error issue.

  1. Passive Attacking: End-users and endpoints have become the primary targets for cyber attacks. This is because their behaviors and powerful devices are relatively easier to exploit, making them attractive targets. Security to most end-users is an untaught concept, and one they typically leave to the “experts.” Yet said experts are rarely the most communicative or most persuasive of tutors and thus, fail to communicate the pitfalls of not being security first effectively. Additionally, BYODs rarely include superior security, such as multifactor authentication (MFA), a system that can prevent the vast majority of data breaches by stopping unauthorized clients from accessing a corporate device. This all leads to the end-user becoming the weakest link, triggering a Supply Chain Attack.
  2. Increased IT Infrastructure Complexity: This second aspect encompasses the increasing complexity and distinctiveness of security tools. From intrusion detection, network monitoring, and encryption to security information and event management tools (SIEMs). Typically, more robust options are welcome; the issue is that all of these disparate tools need to be integrated effectively and correctly aligned to provide adequate and effective security. This also means that security teams have to know each tool, their uses, thresholds, and experience to create appropriate baselines. Unfortunately, teams are not trained well enough in the real world and most likely implement the tools with their default configurations. Doing this allows for an easier rollout but a risky and unsecured move, nonetheless. Such settings were predetermined by the manufacturer and basically put usability before all else.
 

“Though shocking, these statistics shouldn’t provoke a negative reaction. Employees of course pose a certain level of cyber risks to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber risk can almost always be significantly reduced by encouraging changes in staff cyber awareness, behavior, and culture.”

Oz Alashe – (CEO and Founder at CybSafe)

 

Undoubtedly, cybersecurity has dramatically changed, and cybersecurity teams’ capabilities are being stretched past their limits. Fundamentally brought on by a ballooning attack surface blended with ill-informed and inappropriate consequential end-user behavior floated by some organizations that refuse to take security seriously.

 

Endpoint cybersecurity threats

Endpoint security is a critical aspect of the cybersecurity landscape, and it’s becoming increasingly important as the nature of work evolves. With more devices connecting to networks than ever before, from laptops and smartphones to IoT devices, the number of potential entry points for endpoint cyber security threats has multiplied. This makes endpoint cyber security a vital component of any comprehensive security strategy.

Endpoint cyber security threats are diverse and constantly evolving. They include malware, ransomware, phishing attacks, and zero-day exploits, among others. These threats can compromise individual devices, and from there, gain access to the broader network, leading to data breaches or system disruptions.

Malware and Ransomware: Malware is a broad term that encompasses various types of malicious software, including viruses, worms, and Trojans. Ransomware, a type of malware, encrypts a victim’s files and demands a ransom to restore access. These threats can infiltrate endpoints through malicious email attachments, infected software downloads, or malicious websites.

Phishing Attacks: Phishing attacks often come in the form of deceptive emails that trick users into revealing sensitive information, such as passwords or credit card numbers. They can also involve convincing users to click on a link or download an attachment that installs malware on their device.

Zero-Day Exploits: These are attacks that take advantage of software vulnerabilities that are unknown to the software vendor. Because these vulnerabilities haven’t been patched, they provide an open door for hackers to infiltrate systems and networks.

Advanced Persistent Threats (APTs): APTs are complex, stealthy threats in which an unauthorized user gains access to a network and remains undetected for a prolonged period. These threats are often state-sponsored and aim to steal information or disrupt operations.

To combat these threats, organizations need to adopt a multi-layered approach to endpoint security. This includes the use of antivirus and anti-malware solutions, firewalls, intrusion prevention systems, and endpoint detection and response (EDR) technologies. Additionally, organizations should regularly patch and update software to fix known vulnerabilities, and educate employees about safe online practices to prevent phishing and other user-targeted attacks.

 

The Future of the Cyber Security Landscape

The evolution of large-scale breaches symbolizes a growing trend of security violations both in numbers and their gravity. Data breaches recurrently expose sensitive information that often leaves users at risk for identity theft, ruin businesses’ reputations, and leave businesses liable for compliance violations. Cyber Observer, holistic cybersecurity management, and awareness solutions predict that damages from cyber crimes are projected to reach $6 trillion annually by 2021.

In other words, as enterprises gradually emerge from the current pandemic, we expect to see a surge in new demands. Reacting to these will require CIOs to formulate strategies based on two structural principles; understanding what customers need in a transforming landscape and leveraging technology to respond to these challenges in ways that acknowledge scope, cost, and scale objectives.

It is virtually impossible to write about the cybersecurity landscape’s future without citing Artificial intelligence (AI) and its role in securing endpoints. AI has existed for quite some time, and its use in our daily lives has become so common that we hardly ever stop to really think about it. From “Weak” AI programs such as “AlphaGo” developed by Goggle DeepMind that combined advanced search tree with deep neural networks, to Strong AI and machine learning systems used in flying Drones, Google Nest, and Tesla’s Autopilot. CIOs will carry on utilizing AI in various fields within cybersecurity. If anything, but to combat the numbers of attackers misusing AI and machine learning.

Looking to the future, the potential for new threat classes remains; ubiquitous and non-discriminatory in nature and to which there are currently no known catch-all countermeasures. Intrinsically, meticulous observations on malware features, abnormal acts, attackers’ attributes, and machine learning-based AI algorithms empower the defenders to deal with cyber threats, and in some cases, actually, go on offense. Regrettably, such observations also provide the attackers’ chances to invent novel attack techniques. Particularly as the risk of inputting false data and many other unsolved errors are relatively high in AI, defenders must always stay alert.

 

10 Simple Steps to Protect Your Business

Today, homeowners go beyond the typical door locks and automatic lights to a fully integrated security system that can prevent attacks and detect and respond to an intrusion and even accidents like a fire. Similarly, a business should deploy a multilayered cybersecurity strategy, one that includes.

Prevention: Firewalls, Anti-virus, Anti-malware, Password Management, Cybersecurity Awareness Training

Detection: SIEM, IDS, Threat Intelligence, and Log Monitoring

Response: 24/7 SOC Monitoring Response, Automated Threat Remediation, and Forensic Investigation.

These are all great tools, but in reality, not all businesses can afford top of the line and often proprietary security suites. Fortunately, you or businesses do not need to invest endlessly in new security tools to improve and elevate your current Cybersecurity posture and awareness for the reason that 80% of data breaches can be prevented with the following basic actions.

  1. Patching
  2. Regular vulnerability assessments
  3. Institute end-user security awareness
  4. Ensuring third-party vendor compliance
  5. Endpoint Detection and Response (EDR)
  6. Limiting access to your most valuable data
  7. Securing mobile devices and BYOD devices
  8. Proper device and or software configurations
  9. Conduct employee security awareness training
  10. Develop cyber breach prevention, detection, and response plan
 

Final Thoughts

Improving endpoint cyber security needs to be a top priority in 2020 and the foreseeable future. The border-less and seemingly non-discriminatory nature of cyber-attacks means it is of imperative importance that the cybersecurity industry shares their insights and work together to protect themselves and the wider population.

In today’s connected world, a breach of one organization can compromise an entire supply chain. Spelling disaster for businesses, eroding public trust and opinions, whilst leaving them in financial collapse, particularly with the General Data Protection Regulation (GDPR) in the EU. It is up to the legitimate security community to learn from each other, sharing what works and what does not. Most importantly, we all need to identify where to improve and ensure we leave no one behind.