Singapore updates guidelines on data breach notification, accountability

Singapore updates guidelines on data breach notification, accountability

Expected to be included as part of the upcoming amendment to the country's data protection law, the new guidelines state businesses take no more than 30 days to investigate a suspected breach and notify the authorities 72 hours after completing their assessment of the breach...
/
Slack patches vulnerability in Windows client that could be used to hijack files

Slack patches vulnerability in Windows client that could be used to hijack files

On May 17, researchers at Tenable revealed that they had discovered a vulnerability in the Windows version of the desktop application for Slack, the widely-used collaboration service. The vulnerability, in Slack Desktop version 3.3.7 for Windows, could have been used to change the destination of
/

Protect Your IT by Automating

In the big data world, companies have more information than any human (or team of humans) can consume. New software arrives every minute, servers go up and down, data streams in, and businesses still expect their employees to catch every security issue amid the chaos. It’s like asking employees to find a needle in a haystack — but there are millions of haystacks, and tornadoes hit every 10 minutes.

That’s why automation in a cloud environment is essential to preserve security without creating exorbitant personnel costs. No one can keep up with the pace of global development unassisted. Rather than let employees trudge through these complex systems looking for threats, businesses need to lean on automated systems that can lighten the load so their employees are able to act effectively when a threat is detected.

The current state of cloud security, while inadequate, is understandable. Back in the days before big data, companies were better off relying on human eyes to catch errors and plug holes. Today, though, things move too quickly. Companies need automation to keep their data safe — and they need it now.

Save Time and Money by Automating 3 Departments

Businesses can minimize their risk and keep their systems secure (without breaking the bank) by automating these three departments:

1. DevOps Group (Front End)

In the past, businesses set easy security goals — “Don’t let bad guys into the network!” — and the network team made it happen. Now that many enterprise applications are on the public internet to provide self-service options and other benefits to the workforce, vulnerabilities and attack vectors are more complex.

Security automation begins in concert with the development life cycle. As the development team builds systems, members of that team should prioritize system security as highly as they do functionality.

Automation tools keep track of this process automatically, ensuring no new system goes online without a secure foundation. Most savvy companies already automate development security to some degree (the DevOps Diagram Generator from XebiaLabs is a great way to create a process with the right tool set for safer deployments), and those that don’t automate place themselves at the mercy of hackers. Fixing holes after they’re exploited won’t do much to help a business — it only takes one breach to cause significant damage.

The cost savings of one breach with a full security team versus no breaches with automation are massive. Automation reduces security headcounts by about a factor of three, and every breach can cost a company around $148 per record accessed. The personnel costs alone are motivation to automate; the potential consequences even more so.

2. Infrastructure Group

Once the development team deploys something, it’s up to the infrastructure team to provide the shield. Here, rather than ask teams of coders to spend weeks matching server configurations and firewall setups, companies can turn to automation to keep their infrastructure safe at a fraction of the cost.

Businesses should look at the resources they dedicate to server setup and network maintenance and then ask themselves how much of that work could be handled by machines or even infrastructure as code. Infrastructure teams would be free to handle more delicate tasks, companies would save money, and environments would be safer from intrusions. With automated infrastructure management, everyone wins.

3. Production Environment

In cloud systems with production environments that are always active, automated tools can present security events to users in ways that allow humans to act on the information quickly. Automated tools can interpret all the tiny data points that would take humans years to read and sound the alarm when something isn’t right.

As hackers increasingly turn to machine learning to penetrate systems, IT teams will need to use new technology as well — and the first step is centralizing the production system on the cloud. Back in 2017, Gartner estimated 18 percent year-over-year growth in the cloud services market, and if today’s trends are any indication, that number will only get higher with each passing year.

Rather than attempt to wrangle multiple environments, companies should centralize their processes to keep customers (and employees) in the same multi-tenant environment with better segmentation for security. This makes scaling easier and safer to achieve — a configuration in one environment becomes much easier to implement in others when everything works together.

Security automation catches more threats, saves companies money, and makes customers feel safe. What’s not to love? As data threats loom ever larger, businesses must turn to automation to provide the tools they need to fight back.

By Brad Thies

Brad Thies

Brad Thies is the founder and president of BARR Advisory, an assurance and advisory firm specializing in cybersecurity, risk management, and compliance. Brad speaks regularly at industry events such as ISACA conferences, and he is a member of AICPA’s Trust Information Integrity Task Force. Brad’s advice has been featured in Entrepreneur, Small Business CEO, and Information Security Buzz. Prior to founding BARR, Brad managed KPMG's risk consulting division. He is a CPA and CISA.

View Website
How AI Revolutionizes the Industrial Sector

How AI Revolutionizes the Industrial Sector

Breakneck speed, unprecedented development and unhindered feasibility are just some of the phrases attached to the spread of Artificial Intelligence ...
Real-time Communications - Voice, Messaging, Video or Collaboration

Real-time Communications – Voice, Messaging, Video or Collaboration

The Communications Cloud As more and more real-time communications – whether voice, messaging, video or collaboration – move to distributed software ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
What Skills Do I Need to Become a Data Scientist?

What Skills Do I Need to Become a Data Scientist?

Becoming a Data Scientist Leveraging the use of big data, as an insight-generating engine, has driven the demand for data ...