Category Archives: Security

Hybridization: The Executive Roundtable

Hybridization: The Executive Roundtable


When discussing migration to the cloud, the use of hybrid cloud and all other cloud-related issues, people generally place the focus on the technology itself. What sometimes gets overlooked is the group of individuals who are — or at least, should be — responsible for the precise and successful integration of cloud into a company’s lifecycle. Many people should be sitting at the table for this discussion.


Because the cloud is largely an IT issue, many companies like to defer the entire package to the IT department. But the IT people should not be the only ones involved. Cloud is just too big, and too all-encompassing, for any one group to shoulder the responsibility. Most IT managers would readily agree to this.

Roundtable Specialists

To this end, an organization should consider a roundtable of specialists, carefully chosen and capable of contributing their particular expertise to the ongoing policy of cloud integration. Ideally, this group should consist of the following, listed in no particular order:

A project manager. A qualified individual who can create and update a project plan and timeline, and make it available to the entire team. A project such as cloud migration requires competent and professional oversight.

People who understand the terminology. There is a great deal of new and sometimes confusing terminology that can offset, delay or just obscure the migration project. This individual must be capable of clearly understanding and translating cloud terminology to the rest of the group, using strategic language.

A person or people capable of identifying, researching and interviewing trustworthy cloud service providers, and creating and maintaining an updatable database of existing suppliers.

People who have a direct connection to the end user, both internal and external. If cloud-based technologies result in a change in performance or usability, then the team needs individuals who can oversee and guide this transition, and most importantly who can listen to the end users.


(Image Source: Shutterstock)

A coordinator of shadow IT. Given that most IT departments are already very busy, a shadow IT department, or project-specific group, may be required. Such a team must integrate with the existing IT matrix to ensure clear communication and collaboration, and to balance loads as needed.

A cloud security specialist. Cloud security is a slightly different animal from regular IT security. Cloud security professionals work in conjunction with internal IT security, but are becoming more specialized and certified, in order to deal with the ever-increasing number of threats. This type of specialist could be an external vendor or an internal employee.

A cloud backup/transition specialist. Numerous experts in the cloud field recommend that migrations happen over a series of steps, rather than a general move, and that there always be an “Undo” option that allows quick backtracking to a previously saved state, should something go awry.

A real-time metrics analyst. In the age of cloud, real-time data is king. Cloud-based applications – from customer-facing commerce through to back-end administration – need to be carefully monitored, using the easily available data that digital technology provides.

A specialist in comparative intelligence. Cloud and its related online digital technologies change very quickly. The competitive, global economy allows for new companies to enter the race, sometimes offering a better, more sophisticated approach to sales, fulfilment and every other element of commerce. An individual tasked with the role of constantly observing the competition in the field is essential.

An HR or training specialist. New technologies bring change into an organization. Employees do not always welcome change. In some cases, they will resist and even try to sabotage new techniques that cause fear and insecurity. The specialist from HR or corporate training is an essential player at the table to ensure that new developments are introduced and massaged into the organizational culture, comfortably and proactively.

A neutral mentor. Mentors are an important component of individual professional success, and they should also be part of a company’s ongoing life. A neutral guide sitting at the table can provide wisdom, experience and advice, while not holding a vested interest.

Cloud-savvy legal advice. The global nature of cloud serves up a large palette of legal issues, ranging from compliance to content, and demands up-to-date awareness and guidance.

This makes for a very large table indeed. It is not necessary for these and other members of management to physically sit at an actual table, but it does require ongoing and regular communication even if done virtually. A large team is still manageable, especially when each individual has their specific, clearly defined role. This will allow for the clarification of some obvious but often overlooked must-haves, such as the organization’s mandate of what “cloud” actually means.

With so much of a company’s life force moving to the cloud, this small, coordinated army of specialists is critical in advising senior management in every area of cloud strategy.

For more on this topic, go to, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Warm Data – Looking Beyond The 1s And 0s Of Big Data

Warm Data – Looking Beyond The 1s And 0s Of Big Data

Properly Utilizing Big Data

Big Data has moved from fad to trend to elemental in a very short space of time and organizations large and small are ensuring they’re gathering and analyzing every byte to the best of their ability. However, as suggested by Satyen Sangani, CEO of Alation, companies need to be careful not to lose their customer in an avalanche of 1s and 0s. The concept of “warm data” is being encouraged wherein less information in the form of appropriate communication and conclusions replaces a flood of impersonal and imprecise data. While leaders typically see great value in data as a means of problem-solving, many are narrowing their focuses to specific challenges rather than merely following the flow of data.DataStorm-comic-cloudtweaks

A data-driven culture

Tara Paider, associate vice president of IT architecture at Nationwide Insurance, believes the primary reason big data projects fail is down to people. Big Data is affecting every part of our world, but ensuring people aren’t threatened by data, but rather excited, requires a data-driven culture. Of this campaign in her own organization, Paider states, “It was the hardest thing to get past; the ‘this was the way we’ve been doing it for 20 years or 30 years, and we know best.’ That’s our biggest challenge.”

PriceWaterhouseCoopers supports this view with their research that suggests culture is one of three obstacles stopping businesses from properly utilizing data. In conjunction with Iron Mountain, PWC found 75% of enterprises obtain little or no advantage from their data. Gartner analysts Alan Duncan and Frank Buytendijk suggest four opportunities for creating a data-driven culture in “How to establish a data-driven culture in the digital workplace”:

  • Leading by example wherein CIOs consciously communicate to employees how they use data to make decisions. “In meetings, in presentations, in all daily interactions, executives need to show they are looking for the right data to base decisions on.”
  • Hiring data-driven people.
  • Creating more transparency to make access to data easier and information governance policies clearer.
  • Conducting data-driven performance reviews to ensure data is used in every aspect of the business.

Monetizing Big Data


As companies are building their data skills, so too are their customers. Today’s consumers quickly research via smartphones and tablets and successful organizations are getting creative with Big Data to improve their offerings.

Customer Data & Cross-Promoting

With the wealth of customer data available, companies are generating advanced marketing strategies that bundle products together and promote across their brand/s.


Big Data is further enabling companies to connect with customers by helping them recognize the most appealing branding elements and marketing tactics. Understanding a client’s desires make the final sell far simpler.


Actuaries have their place, but perhaps not as market fortunetellers. Accessing freely available data through search engines and social media sites indicates emerging trends and customer preferences, allowing increased sales and improved customer loyalty.

Free Services

Finally, a maneuver that’s been resurrected time and again, ‘free’ services are being put to work. Providing businesses with a tool to collect otherwise expensive customer data, the free services offered put paid to the adage there’s no such thing as a free lunch.

By Jennifer Klostermann

Artificial Intelligence: The Passing Of M.I.T Professor Marvin Minsky

Artificial Intelligence: The Passing Of M.I.T Professor Marvin Minsky

Artificial Intelligence Pioneer Marvin Minsky

Marvin Minsky, a pioneer of A.I, dies at the age of 88.

The world has lost one of its great minds in science” wrote the Washington Post on Tuesday morning, while the New York Times eulogized a mind that “laid the foundation for the field of artificial intelligence by demonstrating the possibilities of imparting common-sense reasoning to computers”. From around the world, tributes poured in for Professor Marvin Minsky of M.I.T, who passed away on Sunday evening at the age of 88.

In 1959, Minsky co-founded the Artificial Intelligence Project at M.I.T with colleague John McCarthy, a place that would have “a profound impact on the modern computing industry” as we know it today and provide the stimulus for the open-source software movement which has shaped so many of the tools we use today.

In a glowing tribute on its own website, M.I.T sought to explain Minsky’s methodology by saying “he viewed the brain as a machine whose functioning can be studied and replicated in a computer — which would teach us, in turn, to better understand the human brain and higher-level mental functions: How might we endow machines with common sense — the knowledge humans acquire every day through experience?” Today, Artificial Intelligence is an integral part of the user experience for millions of people worldwide. Every time you ask Siri a question via your iPhone, or you see a driverless car being tested for widespread public use, you are seeing the manifestation of AI, and the results of the groundwork that was laid by Minsky.

Evolution of AI

The evolution of the field of Artificial Intelligence wasn’t always smooth sailing, and there were significant period of time, particularly in the late 1970’s and again in the early 1990’s when the public became disillusioned with progress, dismissing the field as a lost cause and something for the realms of science fiction. But there was always progressing happening, and in 1997 the victory of IBM’s Deep Blue Computer over chess grand master Garry Kasparov re-ignited public interest and learned to resurgence of interest in the field.

A timeline of developments in computers and robotics.

(Infographic Source: LiveScience)

During his long career at MIT, Minsky “created robotic hands that can manipulate objects, developed new programming frameworks, and wrote extensively about philosophical issues in artificial intelligence.” He also wrote extensively, and his books “The Society of Mind” from 1985 and “The Emotion Machine” from 2006 were landmark publications for the field. With reference to his writing, “His great contributions were theoretical insights into how the human mind operates”, according to the Washington Post.

In 2014, Minsky was awarded the BBVA Foundation Frontiers of Knowledge Award for his lifetime contributions to the field of artificial intelligence. While receiving the award, Minsky reiterated his beliefs that one day humans will invent machines that are as smart as their inventors. “How long this takes”, he added, “will depend on how many people we have working on the right problems. Right now there is a shortage of both researchers and funding.”

By Jeremy Daniel

Securing A Mid-Sized Enterprise: When A Little Assistance Goes A Long Way

Securing A Mid-Sized Enterprise: When A Little Assistance Goes A Long Way

Securing A Mid-Sized Enterprise

There is no longer any subjectivity in this statement: security is at the top of list for all CIOs. Every meeting I’ve attended over the last three months has been dominated by the topic of security and when it’s injected into the conversation, it’s not necessarily by my team, but the customer.

Security has been a hot topic for the last three years beginning when prime time news displayed the list of Fortune 500 logos that had fallen victim to foreign hackers. As with most IT trends, the mid-sized enterprises have followed their larger counterpart’s actions driving their current interest in and need for heightened security. Though this need has been met with confusion, questions and sighs on how to achieve the goal of increasing security and thereby adherence to compliance.

Why the confusion?


Security is a combination of education with the usual people, process and technology equation. For the medium size enterprise this can be a tough equation to solve given limited resources and budget. With the demand for security engineers increasing by 74% over the last three years and 30%-40% of security projects ending up in failed implementations, demonstrating no value to the enterprise, it is easy to see why. So, how do security managers succeed with the odds seemingly stacked against them?

Closing The Security Gap

There are two forces crossing in the industry, which if leveraged appropriately, can help enterprises close their security gap. First, from a technology perspective we are at a point where products have matured to the point where consolidation is possible without the loss of protection. The features of many point products which have emerged over the last three years are now being rolled in as features on existing products such as firewalls or other perimeter security products. By leveraging the mature vendors that offer various security products on a single platform administration effort is lowered while integration and security intelligence is heightened.

One example of this is the concept of “sand boxing” web traffic or email traffic and watching to see if malicious activity occurs. If so, the traffic could be sanitized or blocked.


(Infographic Source:

When this technology first arrived it was introduced by market disruptors and a was a new platform to be absorbed by the security staff. Today, the same feature is now part of many firewalls and web security gateway products that are already in place. A feature to be turned on rather than a new platform to be learned. So the point to take away is look to simplify the management while gaining better integration and security intelligence by consolidating security features on a common product platform.

Managed Service Providers

The second force, driven by Cloud services, is the many Cloud Enabled Managed Service Providers now offering managed security services. These providers can offer managed firewall, IPS, SIEM, web security and email security solution reducing the number of security engineers required to be staffed by the enterprise which solves the staffing shortage for them. In addition to offering the technology to provide these services, the main advantage gained with MSPs is solid process and methodology which assures these tools will provide business value and be successfully implemented.

Virtual Security Officer

Another offering proven to be useful is the VCISO or Virtual Security Officer. Enterprise of medium size often cannot afford a dedicated CISO but still have the need for the position. By contracting with a provider that offers a VCISO, an enterprise can gain access to a CISO skillset for a fraction of the cost of hiring one.

In closing, budget constraints and staffing issues are real barriers and have stopped many companies from achieving their security goals.

Seize the moment, assess your current security environment and look for ways to consolidate and simplify security platforms to gain the most value. Then look to fill the gaps with technology, people and process with qualified service providers. Pay special attention to those providers that bring the process and methodology to assure success in the technologies they represent as that is as important as the technology itself. Filling your CISO role with an on demand VCISO can address your CISO needs in an economical and efficient manner.

Marc Malizia

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

Government Cyber Security Preparedness

Last year’s massive data breach of Office of Personnel Management, as well as other recent cyber security incidents affecting federal agencies, underscored the urgency of bringing the federal government’s security infrastructure up to date. Although many agencies have made strides toward hardening their cyber security, outdated IT infrastructure and architecture is still common — making the federal government an easy cyber attack target.

In 2014, Congress enacted the Federal Information Technology Acquisition Reform Act (FITARA), giving CIOs significant powers in IT decisions, including new technology acquisitions. But based on an analysis of a scorecard created to measure the implementation of four key provisions of the legislation, the top 24 federal agencies received an average overall “grade” of D.

This raises the question: How well is the federal government prepared for cyber attacks?

FITARA’s impact on security


FITARA was “the most comprehensive overhaul of government IT in 18 years,” according to a Gartner analysis. Its purpose was to reform IT procurement and management to make it more agile and efficient.

Because FITARA’s intent was to drastically cut spending on outdated, legacy technology, the expectation was that it would minimize the vulnerabilities that create the perfect storm for cyber attackers.

But a recently published audit of the Department of Homeland Security — considered to have some of the best cyber security measures among federal agencies — showed that its IT infrastructure still relies on dozens of unpatched, vulnerable databases.

The “Evaluation of DHS’s Information Security Program for Fiscal Year 2015” report, by the Office of Inspector General (OIG), found a long list of other shortcomings. They included 220 “sensitive but unclassified,” “secret” and “top secret” systems with “expired authorities to operate,” which would imply that those systems were no longer regularly patched and maintained. And even many systems that were actively maintained didn’t have current security patches.

It’s worth mentioning that the entities where cyber security is especially critical were at the top of the OIG list as having the most vulnerable systems — 26 systems inside the Coast Guard, 25 at FEMA, 11 at DHS’ own headquarters, 14 at Customs and Border Protection and 10 at Transportation Security Administration. This audit shows that the government is still a long way from coming up-to-speed with its cyber attack defenses.

FITARA compliance

While the OIG audit focused on compliance related to the Federal Information Security Modernization Act (FISMA), it reflects the same concerns exposed by the recent FITARA scorecard.

In releasing the scorecard, members of the House Oversight Committee wrote, “For decades, the federal government has operated with poorly managed and outdated IT infrastructure. Cyber attacks are a real threat to this country. Federal agencies must act now.


(Image Source:

The scorecard looked at FITARA implementation progress in four areas: data center consolidation, IT portfolio review savings, risk assessment transparency and incremental development. Factors considered for the grades included implementation of best practices for risk assessment, increasing the powers of CIOs and trimming wasteful spending.

The Department of Corrections and the General Services Administration received the only Bs (there were no As), while five agencies including DHS scored Cs. Energy and Education failed, and the other 16 all came in with Ds.

In the data center category, 15 of the agencies received Fs (three of the 24 did not report consolidation), while 16 agencies had Fs in the review savings category.

The grades in these two areas were calculated based on how well the agencies saved money by reviewing their IT portfolios as well as consolidating the data centers. In fact, F. David Powner, director of GAO’s information technology management issues, said during a committee hearing that the number of federal data centers has actually grown, to 11,700, and only 275 of those are considered “core.”

In the incremental development area, the grades were based on how many IT projects that were part of major investments successfully achieved completion and delivery every six months. Again, a dozen agencies failed completely (and three others didn’t have any projects meeting the criteria).

The last area measured how well agencies managed the major IT projects’ risks. This is one category where many agencies fared much better, with only four receiving Fs while 10 receiving As and Bs.

While the entire scorecard poses a major concern, it’s especially troubling to see DHS, which is tasked with overseeing the country’s security, only managing to score a C.

The same goes for the State Department — which scored a D — considering the email server scandal former Secretary of State Hillary Clinton had been embroiled in. Not to mention the major cyber attack that had crippled State’s unclassified email system, which had to be completely shut down and couldn’t be mitigated for months.

It’s also worth calling out OPM, which received a D, since its breach compromised personal data of 21.5 million federal employees. Security experts pointed out that OPM essentially “left the barn doors open” because of its poor security measures.

Veterans Affairs’ “C” and Department of Education’s F add a layer of concern because of the Health Insurance Portability and Accountability Act (HIPAA), which was designed to protect and secure protected health information (PHI).

The VA, which runs the country’s “largest integrated healthcare system” through its Veterans Health Administration, is subject to HIPAA as a “business associate” of the VHA. The rash of cyber security breaches of healthcare providers last year was proof that bad actors are increasingly seeking out PHI because its value on the black market is much higher than financial information. The federal government should practice what it preaches, and make sure its own departments that are subject to HIPAA have strong cybersecurity defenses.

The Department of Education itself is not subject to HIPAA, but many of the public schools and institutions that it funds — and which report data back to the agency — are. The House Oversight Committee Chairman Rep. Jason Chaffetz has warned that OPM’s breach would pale in comparison to the damage that cybercriminals could inflict on the Department of Education.

I think ultimately that’s going to be the largest data breach that we’ve ever seen in the history of our nation,” he said, regarding a breach of Education, at a Brookings Institution event.

The FITARA scorecard, of course, wasn’t intended to point fingers at the federal government for doing a poor job. Still, considering the estimated IT federal budget at $79.8 billion for fiscal year 2016 (which ends on Sept. 30, 2016), the scorecard results pose serious concerns about the nation’s cyber resilience.

As Federal CIO Tony Scott put it during the committee’s hearing, “FITARA presents a historic opportunity to reform the management of information technology across the federal government.” He also said that the work and commitment required to fully implement this law couldn’t be underestimated.

Let’s just hope that the next FITARA scorecard shows much better progress than an average of “D.”

By Sekhar Sarukkai

Immune Systems: Information Security And Risk In 2016

Immune Systems: Information Security And Risk In 2016

Information Security And Risk

C-suite executives have woken up to the threat posed by data theft, denial-of-service attacks and vulnerable systems. In 2015, for example, a series of high-profile cases illustrated the degree to which such attacks can damage a company’s reputation, brand and, ultimately, profits. Where businesses once undervalued cybersecurity, considering it the domain of CIOs and IT departments, it’s now squarely at the top of the agenda. Recognising the threat is one thing. The challenge for organizations is to find ways of understanding the risks and constructing robust systems. In this article, I want to look at how a risk-first approach to IT security and shrewd recruitment can boost a business’s immune system.

Identifying Risk

As companies continue to digitize their operations, the potential of information security breaches to damage trust and their competitive position increases. Information security risks are multiple and manifold. They could, for example, involve companies that rely on information as a means of generating value, such as banks or energy suppliers who must address a wide range of threats.


Equally, any company that holds large quantities of customer information runs a risk. This risk is particularly acute for SMEs, for whom the financial costs of information security can be prohibitive. In the digital economy, information is an asset that creates value for organizations; but this value is what makes it vulnerable.

Identifying these risks evidently requires expertise and coordination. Many businesses no longer see information security as simply something to do with IT. Rather, IT security is now bound up with wider risk management policies. But old habits, and ingrained divisions, can still be an obstacle for organizations. This goes for IT departments as well as management. In the past, IT departments habitually addressed security challenges by starting with technology and costing before moving on to consider the potential risk of an investment. In 2016, however, security has moved to front of
people’s thinking. Investing in the right IT systems now means first identifying the risk and then finding the devices and technology.

Mind the Gap

One area where firms have been slower to respond, however, is recruitment. The shift in the landscape has opened up a sizable skills gap, with organizations competing to recruit and retain employees with the necessary skills and experience. While good news for employees who can easily
find opportunities in the public and private sectors, this has caused problems for CISOs tasked with sourcing and training the people who can both identify and take steps to mitigate the cybersecurity risks that businesses face. In this environment, the challenge for organizations is to find ways to open up career paths and build expertise into a business, while still keeping costs down. In a survey carried out by Deloitte, 59% of CISOs identified the inadequate availability of cybersecurity professionals as a barrier to information security, with many turning to outsourcing to fill the gap.


To my mind, this barrier serves to reinforce the importance of taking holistic approach to information security. IT departments must communicate effectively with management and HR departments to ensure that risks are identified and addressed, and that the organization has the right people for the job. As digitization continues apace, getting this process right is only going to become more important.

By George Foot

Savision Discusses Hybrid Cloud, Microsoft System Center, And Live Maps Unity

Savision Discusses Hybrid Cloud, Microsoft System Center, And Live Maps Unity

Savision Discusses Hybrid Cloud

Savision, the first Dutch software company to sell to the US government via the GSA approval list, was founded in 2006 by two Dutch nationals, and today has a team of 35 people across Amsterdam, Dallas, New York, and Ottawa. An independent software provider selling enterprise software for the IT operations market, Savision currently focuses primarily on Microsoft technology but plans to extend operations across other platforms in the future. With a client base including the International Atomic Energy Agency, US Library of Congress, KPMG, and 20th Century Fox, the company has established itself firmly in both the hybrid cloud and Microsoft System Center markets. Matthew Carr, Savision’s Business Development Manager, with 15 years’ experience working in various IT&T companies around the world and having filled a range of positions in Savision from Finance to Business Intelligence, discusses the pros and cons of hybrid cloud with us, and delves into the advantages Microsoft System Center offers.

What do you believe are the chief benefits of moving to hybrid cloud?

Price, productivity, and security. Pricing because companies don’t need additional data room capacity for peak times of the day. If done correctly, the public cloud can be purchased on a per hour basis, meaning that bursting capacity will be considerably cheaper than managing more fixed assets.

Productivity is provided thanks to less time spent maintaining the IT environment which is partially handled by the public cloud providers now. Less time fixing problems affords more time for application development teams to focus on delivering value to the business. The counter argument to this, however, is that the increased complexity that the hybrid cloud introduces can mean that when issues do arise, time spent troubleshooting problems increases.

cloud ideas

Furthermore, security is a contentious issue at the moment, but people are realizing that security protocols built by the public cloud providers are actually far more secure than simple company firewalls which are regularly being breached by the BYOD phenomenon. Data is actually safer within a hybrid cloud that uses best in class security.

Are there any organizations that you believe more likely to benefit from hybrid cloud?

Pretty much any organization with over 100 employees can start to think about the hybrid cloud. We are seeing now that early stage companies will start on the pure public cloud because of the simplicity it affords in allowing companies to focus on their core business. As companies mature though it will make sense to have critical workloads on their private cloud, and use public for more ancillary requirements.

Are there any organizations that you believe won’t benefit from hybrid cloud?

Some global governmental departments such as in Germany are legally required to keep all data on their own premises. Additionally, there is an ongoing saga of US law enforcement agencies attempting to track potential criminal activity via social media and data sources in the big US public cloud providers (Microsoft, Amazon, and Google) for data located overseas. Currently, the likes of Microsoft are rightfully attempting to block access to data held in other countries. Should this situation change, it may see a flight of non-US companies from the large public cloud providers.

What can Microsoft System Center do for organizations, and how do you make that solution even better?

Microsoft System Center is a suite of products that enterprises use to manage their IT infrastructure and applications. System Center Operations Manager (SCOM) is an agent-based monitoring technology that tells an IT administrator when there is a problem or outage somewhere in the environment. Savision Live Maps Unity works natively with SCOM to provide business context to these infrastructure problems. Since 80% of incidents are non-critical and don’t affect the business in a meaningful way, Live Maps Unity enables organizations to focus only on the areas affected by outages and hence save time on problem resolution.

Savision believes that Microsoft Service Center provides insight and control over IT environments, but points out some significant challenges including integration of monitoring tools, an inability to determine impact, priority and responsible teams, and the difficulty in identifying root causes of service outages. Could you detail some of the challenges organizations using Microsoft Systems Center might face?

A common problem is alert noise caused by individual physical or virtual servers having problems. With the use of clusters and failovers, this means that most of these outages are not important to the business. In today’s IT environment, there’s a huge amount of complexity which is only increasing over time with virtualization and applications distributed over various geographic and functional locations. Agent-based monitoring of servers is still the main method of understanding problems within the IT fabric but, more and more, it doesn’t actually say anything about the business impact. The first thing that IT administrators hear about a problem is still when a business user calls the help desk to say their email or web application is down.

How would Savision address these challenges?

Firstly, Savision is able to correlate related alerts and simplify them. Instead of an IT administrator receiving ten alerts which result in confusion or time wasting as administrators process them one by one, Live Maps Unity correlates alerts to Business Services and alerts based upon that higher level context. It immediately reduces the alert noise and lets people see only the alerts they need to take action upon. This time saving is invaluable.

Also, by focusing on the business context, Live Maps Unity increases the importance of end user experience with regards to application performance. By introducing a Business Service Management framework, our technology forces IT administrators to think about and design end user synthetic transactions. These transactions sit on the business user side and simulate how an end user interacts with an application or service. If there are any problems from the user’s side, a notification will be sent to the IT administrator to act upon before a time-consuming phone call is put into the help desk.

The post is sponsored by Savision. For more, head over to Savision now. Organizations that believe they could benefit from Savision’s products can try Live Maps Unity free online.

By Jennifer Klostermann

The Meaning Of Secure Business Agility In The Cloud

The Meaning Of Secure Business Agility In The Cloud

Secure Business Agility In The Cloud

As cloud continues to accelerate business delivery and shift away the balance of power from IT and InfoSec to business users, organizations need to find ways to ensure that security is part of a business process rather than an afterthought. Today’s organizations are transacting some of their most valuable data and services in the cloud. While the promise of instant availability, convenience and cost are very attractive the damage to brand, reputation and trust could be irrevocable to businesses if security is not built in.

Many CISOs and InfoSec teams continue to struggle with the new order in which business users have unprecedented freedom over how they work, what devices and applications they use to accomplish their work and from where they work. Most want to partner with their business users to figure out optimal ways to engage in cloud services securely but most don’t think of how IT security integrates into business processes. The result is that we often see burdensome processes within organizations where business users have to take extra steps to categorize data or to register new cloud security services. And, in doing so InfoSec and IT might be creating a bigger risk where business users will further make a run around InfoSec and IT. When business users are pressed for time extra processes become doubly burdensome.

Insider Threat Vectors

Reputation and trust could be irrevocable to businesses if security is not built in... Click to Tweet

Over the last year there has been a rise in both accidental and mis-intentioned insider threat vectors. With personal and business lines of work so blurred it’s easy for business users to accidentally drag and drop the wrong attachment into an email, or in the spur of a moment accidentally post a message that alludes or pertains to confidential company information, or post a regulatory-related file on an unsecured file share site in order to make it easier to work on.

The key to secure business agility in the cloud is through ongoing dialog and automation.


Ongoing dialog:

  • Given the fast changing pace of today’s business environments IT and InfoSec and business users need to have constant check-ins to ensure a fruitful relationship. Needs are going to change rapidly as increasingly more services are migrated to the cloud.
  • Security processes need to be designed to be business intuitive. If business users are going to required to own the data classification process, categories should be few and very intuitive. And, so, too the process for the onboarding of new cloud services.


There are now a slew of cloud security services that enable business users to remain agile while preserving security in a less intrusive way.

  • Emerging data security toolsets leverage big data analytics and machine learning to automate the data classification process. Such toolsets should be explored within the business culture, geographies and trialed before going broadscale.
  • Self service portals can be designed with a standard set of security profiles built in. This helps not only automate the cloud security provisioning process but also allows for consistent implementation company-wide and across the many different types of cloud services a company many engage.

As we enter into 2016, I encourage IT and business users to find more meaningful ways to ensure securely accelerate cloud services.

By Evelyn de Souza

CloudTweaks Comics
The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Timeline of the Massive DDoS DYN Attacks

Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The cloud is capable of delivering many benefits, enabling greater collaboration, business agility, and speed to market. Cloud adoption in the enterprise has been growing fast. Worldwide spending on public cloud services will grow at a…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…


Sponsored Partners