New Global Research from Accenture Interactive Urges CMOs to Put People Before Data Collection

New Global Research from Accenture Interactive Urges CMOs to Put People Before Data Collection

Nearly 69% of consumers would stop doing business with a brand if data usage became too invasive NEW YORK; Oct. 16, 2019 – New global research released by Accenture Interactive offers guidance to chief marketing officers (CMOs) on strategies to use data respectfully and responsibly
/
BBC Tech

‘Deletefacebook’ trends after Zuckerberg backlash

The hashtag deletefacebook is trending on social media after it emerged Mark Zuckerberg held informal dinners with conservative politicians and right-wing commentators in the US. The meetings began in July, the news website Politico reported. In a post on Facebook, Mr Zuckerberg said he had
/
Cisco News

DevSecOps: Blending Critical Operations and Cultures to Increase Data Security

Two major shifts are affecting organizational cybersecurity posture: digital product and service offerings are increasingly powered by mobile, cloud and data analytics; while developers of those products and services are migrating to Development Operations (DevOps) processes for greater agility and scale. Because both of these trends have security implications, CISOs are innovating approaches to build security in and shift it to a shared responsibility between the development and IT teams.

A new practice of DevSecOps—bridging DevOps workflows with Information Security (InfoSec) Operations—blends constructs familiar to both groups. Here are a few tips on how to start a DevSecOps initiative:

  • Establish the foundation. Using clearly defined guiding principles to drive security throughout the development process helps establish mutual trust among the Engineering, Operations and Security teams. This is also how expectations for mutual accountability and high security standards get defined. The org manifesto offers a great starting place. Their guidelines can be readily modified to fit a company’s unique requirements.
  • Prove it out first. It’s best to prove ideas manually before automating them. At Cisco, we ran an Agile security hack-a-thon with participants from the Information Security and application teams to first configure the most important security requirements – what we call the guardrails. Start by defining what your guardrails should be in the context of what platform you’ll use. For example, our first target environment was built on Amazon Web Services (AWS), so we defined 10 guardrails for our AWS accounts that fit our specific requirements. Then, conduct a hack-a-thon as you would for other Agile development efforts. Post-test readouts help the entire team be knowledgeable and support users in DevOps fashion.
  • Automate Your Guardrails. Provide an easy way for your teams to apply the guardrails, such as at the time of new account provisioning. Also develop simple scripting to retrofit those with existing accounts. This likely will require coordination among multiple teams – InfoSec, IT, Supply Chain, Procurement and possibly others. We achieved the security automation via our own tool we call the Continuous Security Buddy (CSB), which is built on several AWS services.
  • Continuously Validate. As new resources are on-boarded or other changes occur, keep guardrails up-to-date with constant security validation and real-time monitoring of security logs. Consider creating security “health reports” based on specific scoring or grading criteria to send to department tenants on a regular basis. That will empower tenants to address any critical security findings in a timely manner, and enable a cycle of teams always integrating and deploying code while getting ongoing security assurance…

Read Full Source

Cisco Contributor
Cisco News and Resources
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, even the most popular cloud ...
The Massive Growth of the IoT Services Market

The Massive Growth of the IoT Services Market

Growth of the IoT Services While the Internet of Things has become a popular concept among tech crowds, the consumer IoT remains fragmented. Top companies ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ in the human body. While ...
The Cloudification of Healthcare: Benefits and Risks

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception ...
Michela Menting

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been ...
It Programs Compressor