Why Tomorrow’s Leaders MUST Embrace the Economics of Digital Transformation

Why Tomorrow’s Leaders MUST Embrace the Economics of Digital Transformation

Embrace the Economics of Digital Transformation Why should companies care about Digital Transformation?  Yes, I know it appears as yet another technology-drunk buzzword, but what about Digital Transformation should make it EVERY organizations’ #1 strategic business initiative.  One word:  Economics. And your Digital Transformation initiative must start with understanding
How prepared are you to overcome the misuse of AI

How prepared are you to overcome the misuse of AI

Overcome the Misuse of AI Have you ever considered that the AI system integrated into your organisation's computing infrastructure could possess a threat? What if it is indeed true? Will it wreck your entire organisation and cause massive breaches of sensitive information? We can only

Reagan coined the phrase: “Trust, but verify” when dealing with the Soviets. In today’s world of Cyber it’s just not good enough. Welcome to the world of Zero Trust. What is it and what does it mean to you?

As computer use blossomed security rapidly became a major concern. How do you protect your key information; allow only legitimate users access, and keep the bad guys out? Our response was to build a digital fortress. We put in firewalls that allowed only authorized entry and we secured the communications by eliminating open internet connections through using only virtual private networks (VPN’s) that also required keys or codes to use.  The whole concept revolved around the idea that only those with the right credentials could open the gates and pass into the secure domain with the precious information.

Well how well did that work out? As you’ve read – it didn’t work out very well at all. Headline, after headline scream about this breach and that one. Private emails both embarrassing and scandalous are regularly revealed. Malicious characters and state actors vacuum up personal data of every stripe. What happened?

People happened. Humans are the key weakness of the fortress approach. The user is given (or creates) a password that enables him or her to enter the privileged domain. That means the user needs to protect that key to the kingdom. Unfortunately, that’s not what occurs. A recent study demonstrates that 74% of breaches were due to access credential abuse. Doesn’t do much good when the keys to the castle are spread all over the place.

Obviously, we can’t let this situation continue. Hence the rise of a new way of thinking about security: Zero Trust – never trust, always verify. In this concept the fundamental assumption of the fortress is overturned. Instead, just because you have the password does not mean you are who we think you are and you must be thoroughly checked out.

So what does “checked out” mean in this new security model (from Centrify – “Zero Trust Security for Dummies”):

  • Verify the User – A password alone is just not good enough. Here is where we use Multi Factor Authentication. Many of us have run into this already when in order to access an account the website texts a code to your registered phone that you also have to enter. The technique can be extended to all kinds of things that make you, you like biometric qualities, e.g. your fingerprint that unlocks your smartphone.
  • Validate the Device – Is the device the user is utilizing for access known to be associated with the user and at a regular location that the user would normally be located? If you are on your laptop, at home you are probably who you say you are. If you are on a strange machine in an Internet café in Tehran, not so much.
  • Limit Access and Privilege – Access is limited to what you need to do your job. Let’s say you write proposals for your employer. You probably need product information, past proposals and maybe certain approved pricing. But why should you be rummaging around in the HR or accounting systems?
  • Learn and Adapt – Zero Trust Security must continuously improve by learning and adapting. Information about the user, endpoint, application or server, policies, and all activities related to them can be collected and fed into a data pool that fuels machine learning. The system can then automatically recognize out-of-the-ordinary behaviors that immediately raise a red flag that may require a second form of authentication, or block access, depending on policies.

Makes a lot of sense doesn’t it? Surprisingly, it is not a new concept. NIST (National Institute of Standards and Technology) promoted it in 2010. In 2011, Google launched a Zero Trust approach it called BeyondCorp and claims great success. If it is so good why have we had all those awful breaches? That’s because mostly no one uses it. IDG’s 2018 Security Report indicates that only 8% of those surveyed are actively using it, while another 10% are piloting it.

What’s the problem? It’s not like no one knows about it. The same IDG report relates that most security professionals (71%) are aware of it. Partly, the concept needed some maturation and the machine learning tools needed to advance. But more importantly, unlike with the fortress approach the IT guys just can’t buy a firewall or VPN and claim things are secure.

IT and business leaders need to work together to implement Zero Trust as a strategy and business process. As we all know, when you set out to affect people, processes and organization, change can be difficult. Just look how long it has taken to adopt cloud and we still have a long way to go.

Cyber security is too important not to adopt models like Zero Trust. It’s kind of ironic that one of the principal bad guys out there are the same ones Reagan faced off in the 80’s – the Russians. Only now for our time it must be: “Never Trust, Always Verify”.

By John Pientka

John Pientka

John is currently the principal of Pientka and Associates which specializes in IT and Cloud Computing.

Over the years John has been vice president at CGI Federal, where he lead their cloud computing division. He founded and served as CEO of GigEpath, which provided communication solutions to major corporations. He has also served as president of British Telecom’s outsourcing arm Syncordia, vice president and general manager of a division at Motorola.

John has earned his M.B.A. from Harvard University as well as a bachelor’s degree from the State University in Buffalo, New York.

View Website

TOP ARCHIVES

CloudTweaks Q&A: How Smart Will Your City Be by 2025?

CloudTweaks Q&A: How Smart Will Your City Be by 2025?

How Smart Will Your City Be by 2025? What role does back end infrastructure play in connecting IoT devices? Probably ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
The Benefits of Virtualizing SD-WAN and Security

The Benefits of Virtualizing SD-WAN and Security

Benefits of Virtualizing SD-WAN As more companies adopt SD-WAN technology to enhance the agility of their networking architecture, they must ...
Work In The Cloud Era: Are We Ready For Virtual Teams?

Work In The Cloud Era: Are We Ready For Virtual Teams?

Getting Ready For Virtual Teams Technological developments are ushering in a new era of work. Cloud computing has changed not ...
My Fascination with Amazon Go

My Fascination with Amazon Go

Amazon Go Recently, Amazon unveiled the world’s first completely self-service, no checkout, grocery store — and it’s really captured the public’s imagination. Lines ...
Bluejeans video SaaS

15 Promising Cloud-Based Video Conferencing Services

Cloud Video Conferencing Services We have put together a compilation of some of the best cloud based conferencing services for businesses. The cloud video conferencing services market is expected to reach US$ 6.40 Billion by 2020 from the current $3.31 ...
Worldwide Spending on Augmented and Virtual Reality Expected to Surpass $20 Billion in 2019, According to IDC

Worldwide Spending on Augmented and Virtual Reality Expected to Surpass $20 Billion in 2019, According to IDC

FRAMINGHAM, Mass., December 6, 2018 – Worldwide spending on augmented reality and virtual reality (AR/VR) is forecast to be nearly $20.4 billion in 2019, an increase of 68.8% over the $12.1 billion International Data Corporation (IDC) expects will be spent this ...

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.