The cloud is essential for innovation – but it must be run differently

The cloud is essential for innovation – but it must be run differently

Function as a Service Capabilities The cloud has changed. Ten years ago, it was all about cost. The benefits were clear: your IT team could access resources as required – provisioning some storage here, spinning up a VM there – and only pay for what
Artificial Intelligence: Suffering in the Over-hype Tornado

Artificial Intelligence: Suffering in the Over-hype Tornado

The Over-hype Tornado “AI is more important than fire or electricity to humans” – Google CEO Sundar Pichai Google CEO Sundar Pichai says artificial intelligence (AI) is going to have a bigger impact on the world than the most ubiquitous innovations in history. Pichai stays

Record Breaches

Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported that 87 percent of respondents had faced a disruptive incident with third parties in the last two to three years.

cloud-infosec-report

In May this year, Ponemon Institute published the results of a 617 person survey that revealed that 75 percent of IT and security professionals said the risk of a breach from a third party is serious and increasing.

The infamous Target breach that occurred during the 2013 holiday shopping season is a prime example of a catastrophic third party data breach. Target confirmed that payment card information from roughly 40 million customers was stolen, as well as 70 million customer records. The root cause of the data breach was compromised network credentials that linked back to the company’s third party HVAC systems subcontractor. The breach cost Target millions of dollars, damage to its brand and reputation, and the resignation of both its CEO and CIO. In the past 12 months, organizations represented in the Ponemon report spent an average of $10 million each to respond to a security incident that was the result of negligent or malicious third parties.

Despite these warnings, a recent study conducted by the Soha Third Party Advisory Group, which consists of industry security and IT experts from Aberdeen Group; Akamai; Assurant, Inc.; BrightPoint Security; CKure Consulting; Hunt Business Intelligence, PwC; and Symantec, found that just two percent of respondents consider third party access a top priority in terms of IT initiatives and budget allocation. The report, which surveyed over 200 enterprise IT and security C-Level executives, directors and managers from enterprise-level companies, uncovered a few reasons for this apathy.

Breaches Happen to Other Organizations

 

While CVS, American Express and Experian are just a few of the recognizable organizations that have recently suffered through a significant third party breach, the negative news stories published about them and others has not done much to motivate today’s IT personnel. Sixty-two percent of respondents to the Advisory Group report said they do not expect their organization to be the target of a serious breach due to third party access, but they believe 79 percent of their competitors will suffer a serious data breach in the future. Interestingly, 56 percent acknowledged they had concerns about their ability to control and/or secure their own third party access.

Providing Third Party Access Is Difficult

The complexity of providing secure access to applications spread across many clouds or in multiple data centers, and to contractors and suppliers who do not work for you, using devices IT knows nothing about, is a challenge. The Third Party Advisory Group report found that most of those polled believe that providing third party access was a complex and tedious process. The survey found IT needs to touch five to 14 network and application hardware and software components to provide third party access. Fifty-five percent said providing third party access to new supply chain partners or others was a “Complex IT Project,” and on average, they have to touch 4.6 devices, such as VPNs, firewalls, directories, and more. Forty percent described the process as tedious or painful, and 48 percent described it as an ongoing annoyance. This is a problem that will not go away anytime soon, as 48 percent of respondents saw third party access grow over the past three years, while 40 percent said they see growth continuing over the next three years.

People Are Not Afraid of Losing Their Jobs

When the Advisory Group survey asked IT professionals “If a data breach occurred in your area of responsibility, would you feel personally responsible,” 53 percent said they would, because they felt it would reflect poorly on their job performance. However, only 8 percent thought they might lose their jobs if a data breach occurred during their watch. The survey showed that IT professionals takes their jobs seriously, but it is unclear who is being held accountable for data breaches and how this ambiguity might affect attitudes and behavior in ensuring organizations are safe from outside threats.

Four Must-Have Features for Secure Third Party Access

When evaluating a secure third party access platform, it’s important the solution be able to navigate and manage a complex maze of people, processes and technologies. The solution should provide a convenient, simple and fast way to manage the platform, policies and security. And at minimum, the solution under evaluation should include the following four features:

  • Identity Access: Identity Access confirms that the third party vendor accessing the IT network has the right to do so. The goal is to provide authenticated end user access only to the specific applications the vendor needs, not to the whole network.
  • Data Path Protection: Rather than building a unique access string through an organization’s firewall, data path protection allows existing security measures to stay as they are, without having to be altered. This feature provides a secure pathway for vendors to access the parts of the network that they need for work purposes. And in the event that credentials are compromised, the direct pathway prevents outside attackers from scanning through the network.
  • Central Management: Keeping track of vendor access can be a challenge, but a centrally managed solution allows organizations to manage and control third party access in a simple and uncluttered fashion. The elimination of complexity means easy, functional connections that provide fundamentally better security that allows for detailed audit, visibility, control and compliance reporting.

The divide between IT priorities and the need to mitigate third party data breaches affects all industries. IT professionals must recognize that the threat from third parties accessing their infrastructure is very real. The good news is that with the right access platform with the appropriate feature sets, organizations can significantly mitigate their risk.

By Mark Carrizosa, chief information security officer (CISO) and vice president of security for Soha Systems.

Mark joined Soha in 2015 from Walmart, where, as principal security architect, he developed and implemented the company’s global e-commerce security architecture framework. Prior to Walmart, Carrizosa was operational risk consultant at Wells Fargo, where he analyzed the company’s infrastructure and application compliance to improve the security risk posture of both customer-facing and internal systems.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

Ajay Malik

Quantum Computing opens new front in Cloud!

Quantum Computing As the amount of data in the world is rapidly increasing, so is the time required for machines to ...
Using Machine Learning To Find Employees Who Can Scale With Your Business

Using Machine Learning To Find Employees Who Can Scale With Your Business

Machine Learning To Find Employees Hiring managers in search of qualified job candidates who can scale with and contribute to ...
How Will Artificial Intelligence Really Impact Jobs?

How Will Artificial Intelligence Really Impact Jobs?

Artificial Intelligence Jobs Hamilton is my favorite Broadway musical. The show follows the life of one of America’s founding fathers, ...
The Challenges to Tackle Before You Start With AI

The Challenges to Tackle Before You Start With AI

Artificial Intelligence and the technology behind it are growing at a furious pace. Marketers have realized its vast potential and ...
AI, Automation & 5G ensuring the future of Industry 4.0

AI, Automation & 5G ensuring the future of Industry 4.0

AI, Automation & 5G Industry 4.0 involves interconnecting all parts of a company and giving rise to effective automation resulting ...
Accenture Publishes 2018 Corporate Citizenship Report

Accenture Publishes 2018 Corporate Citizenship Report

Accenture Publishes 2018 Corporate Citizenship Report  Company strengthens commitment to reduce environmental impact and progresses toward its Skills to Succeed and gender-balanced workforce ...
Making Returning to Work as Easy as Possible with SAP Learning Rooms

Making Returning to Work as Easy as Possible with SAP Learning Rooms

Returning to work after a career break – especially one that has lasted several years – can be difficult. Now that digital transformation is in full swing, gaining the necessary knowledge and understanding systems and ...
EU approves tougher EU copyright rules in blow to Google, Facebook

EU approves tougher EU copyright rules in blow to Google, Facebook

BRUSSELS (Reuters) - Google will have to pay publishers for news snippets and Facebook filter out protected content under new copyright rules aimed at ensuring fair compensation for the European Union’s $1 trillion creative industries ...