Security Industry Predictions for 2016

first_imgHacktivism and the Attack Surface – Per my earlier comment, as cyberattack tools and services become increasingly commoditized, the cost of attacking an organization is dropping dramatically. This enables more attacks that do not have financial gain as the primary focus. Sophisticated hacktivist collectives like Anonymous have been joined by relatively unsophisticated cyber vigilantes. Organizations need to realize that financial gain is no longer the only or even the biggest driver of some of their adversaries. Security operations and risk managers should evolve their understanding not only of the threat, but also of what, why, where, and how they are being targeted. Shakeout of the Security Industry – Our industry has been awash in venture capital and as a result, foolish investments have been made in strategies and technologies that are little more than snake oil. As organizations’ security programs continue to mature, they are learning that claims of being able to prevent advanced threat breaches are nothing more than fantasy. Expect to see a shakeout in the security industry as organizations maturing understanding of advanced threats increasingly drives their security investment decisions. This year marked a strategic shift from a maniacal focus on prevention, toward greater balance on monitoring, detection, and response capabilities. It’s become cliché to say that breaches are inevitable and that faster detection and more accurate incident scoping are the way forward.2015 saw continued acceleration of threat evolution.  What was considered an “advanced” threat in years past has become a commodity today, with sophisticated malware and exploits available for the price of a movie ticket. As troublesome as these observations seem, the most impactful evolution goes almost entirely unreported and misunderstood. The threats that matter most, today’s pervasive threat actors are now conducting attack campaigns comprised of multiple exploit methods and multiple backdoors to assure persistence. Incomplete incident scoping has become a critical and consistent mistake made by security teams.This year was also notably characterized by security vendors claiming to be able to prevent advanced threat breaches when the reality is they can’t. It was characterized by organizations recognizing the need to monitor and defend their digital environments differently, but continuing to center their security programs on the same technologies and approaches they have been using – hoping for a different outcome, but not acting differently.Here are some of the emerging trends that our industry and organizations need to be ready for in 2016:Strategic Data Manipulation and Disruption – Organizations will begin to realize that not only is their data being accessed inappropriately, but that it is being tampered with. Data drives decision-making for people and computer systems. When that data is unknowingly manipulated, those decisions will be made based on false data. Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems, and manufacturing processes. Increasing Attacks on Application Service Providers – As organizations become more comfortable with the “as-a-service” model, many of their most sensitive applications and data reside in the cloud. The aggregation of this valuable data from many companies creates an incredibly lucrative target for cybercriminals and cyber espionage. A deeper appreciation of third party risk is needed. ICS (Industrial Control Systems) Pushed to the Breaking Point – Intrusions into systems that control operations in the chemical, electrical, water, and transport sectors have increased 17-fold over the last three years. The advent of connected and automated sensors aggressively exacerbates these issues. The growth in the use of cyber technology for terrorism, hacktivists and other actors, combined with the weakness of ICS security generally and the potential impact of bringing down a power facility or water treatment plant (hello, California), makes the critical breach of an ICS in 2016 extremely concerning and increasingly likely.last_img read more

Accelerating time to value with future-ready rack-scale infrastructure

first_imgIn talking with our customers over the past several years, it’s clear that CIOs and IT directors are looking to maximize the value they get from their data center operations in the age of the cloud.  Whether they are service providers to others or are hosting their own operations, every one of our customers is consistently looking to implement solutions more quickly and efficiently than ever before.The continued growth of edge computing and the Internet of Things (IoT) along with the rollout of next-generation 5G networks is also driving demand among service providers for more agile, dynamically-assigned infrastructure that reduces deployment complexity and minimizes time to value for their business.To that end, Dell has been working closely with Intel to bring such future-ready infrastructure to life as part of the Intel Rack Scale Design (RSD) program*.  This software-defined architecture is purpose-built for telecommunications and cloud service providers and draws on nearly a decade of experience with the largest hyperscale IT implementations in the world.  Intel RSD enables shared pools of compute and storage across one or more racks (called a pod), all connected via a flexible network fabric and a unified management system built on open standards including DMTF’s Redfish as the API’s foundation.Though I’ve talked  before about the DSS 9000 rack-scale infrastructure which underlies Dell’s approach to Intel RSD, what’s often overlooked in the solution is the systems management capabilities, which are critical components for minimizing deployment time and providing differentiated business value.The management framework in Intel RSD is based on Intel POD Manager (PODM), which links a vendor-agnostic orchestration API and an open hardware management API together to provide control of compute, storage and network resource pools in a flexible, agile architecture.  This allows service providers to implement truly software-defined data centers with solutions across Microsoft, VMware, and OpenStack clouds on the same underlying infrastructure, tuned to the dynamic needs of their customer workloads. At this year’s Intel Developer Forum in San Francisco, Dell ESI will be showcasing the rapid deployment and robust infrastructure capabilities of our Intel RSD implementation.  We’ll demonstrate how quickly deploying an OpenStack cluster with a Dell DSS 9000 using Intel POD Manager and OpenStack Fuel will revolutionize how you think about implementing cloud solutions at scale.Imagine allocating shared pools of compute, storage, and networking across workloads as you need them, with the optimal ratio of compute or storage ideal for that application across the cloud environment of your choice and all in an open ecosystem devoid of the lock-in typical of other ‘composable’ systems rolled out by our competitors.Open systems drive innovation for our customers and we’re also excited to announce today that the DSS 9000 rack scale solution has been recognized by the Open Compute Project (OCP) Foundation as OCP-INSPIRED.  In fact, the Open Compute Project and Intel Rack Scale Design are highly complementary.  Intel RSD defines a logical architecture for resource management while OCP defines a physical infrastructure implementation.  The Dell DSS 9000 is the embodiment of the two working in concert together for the benefit of our customers and we’re very excited about the possibilities this brings to deliver increased agility, cost-performance, and management flexibility for service providers and scale-out organizations.In an era where time to value is ever-present, Dell and Intel are working to bring the future of the software-defined data center to you and we look forward to showing you more of our combined innovation at this year’s Intel Developer Forum on August 16th.*Previously known as Intel Rack Scale Architecture (RSA).last_img read more

Enterprise Hybrid Cloud – Smaller and Simpler with VxRail

first_imgNow, this brings us to today’s news – we are now offering Enterprise Hybrid Cloud on VxRail.Why does this matter?   As much as point #1 (hybrid) and point #2 (multiple) above are true – there’s something that we simply must face as an industry:Currently, deploying, managing, supporting, and all “day 2” lifecycle operations for private clouds is WAY, WAY too hard, and starts WAY, WAY too big (in hardware, and in software complexity).This is an industry problem for us to solve – and we’re fighting to lead the way at Dell Technologies.We’ve been working on the Enterprise Hybrid Cloud (EHC) for four years now – and have been working with customers of every size, every part of the world.   We’ve found a common set of needs that are way beyond a basic IaaS. It’s an IaaS stack engineered for the needs of an enterprise.   What does that mean?   It’s built around the VMware IaaS (vRealize, NSX, vSphere, and now vSAN in VxRail) – but also includes things that we’ve found most enterprises expect:Sophisticated workflows for integrated data protection and DRPlatform hardening and additional security measures and encryption capabilitiesDatabase-as-a-ServiceMulti-site topologies where workflows follow workloads as they move between sites.It’s not just IaaS – it’s ITaaS.Furthermore – together Dell EMC and VMware standup and take single call responsibility for the full stack, not only getting it running, but full lifecycle (patch, upgrade, decommission) and single call support.EHC has been deployed at some of the largest customers in the world – and deploying hybrid cloud has not been easy – even with great tech and great people.   I hate to be so blunt, but we have hundreds of people that have been working on this for years. I cringe to think of a customer taking on the challenge themselves.   It’s also historically only available on massive VxBlocks – so between the software, the services, the hardware – the price tag is enormous.   Frankly, the customers like it – but it doesn’t feel too “cloud like”.This is an industry call – if we can’t make ITaaS simpler, easier – then it’s on us.So – we have made EHC much simpler.   3x simpler.So – we have made EHC much smaller.   3x smaller to start – bringing it to customers who previously couldn’t afford it.…But we managed to do it without losing EHC ITaaS capabilities and its ability to scale.With the release of EHC 4.1.1 on VxRail, we’ve taken a huge step together with VMware.Customers can have the full Enterprise Hybrid Cloud capability at a 3x smaller starting point in every metric (size, cost, VMs).   By pivoting to a strong focus on HCI as a simplifying factor – and using VxRail Appliances, the industry’s best HCI Appliance for VMware, we can start small and grow.Just as importantly, we’ve been working overtime to automate most the deployment tasks – EHC is now 3x simpler.   EHC is now a great answer for tens of thousands of customers that previously would have seen it as “out of reach”.I want to offer my congratulations to the Enterprise Hybrid Cloud team – hundreds of passionate folks at Dell EMC and VMware working to make IT and Business Transformation easy. Cause? Customers need simple, cost-effective Hybrid Clouds. Effect?   Enterprise Hybrid Cloud is now on VxRail. There is no question that he massive web-scale public clouds have changed the game, and the pendulum is swinging – but the pendulum will settle with a blend of on-and off-premises platforms.   This Evaluator Group study shows the simple economic picture of on and off-premises models – not that on-premises always wins either, but rather that with workload variation, it’s both, not one or the other.   Net? The answer is “hybrid” – the question has shifted to “what stacks, what workloads, what models” – get used to it.If “hybrid” is the answer – you then ask a simple follow up question: Does anyone really believe that they will have just ONE IaaS/PaaS/SaaS in every customer? Of course not!   Therefore “multiple” becomes critical.   Technologies that link/bind together multiple clouds become important.   What are examples of “binding” technologies?Sidebar: I’m increasingly skeptical about heterogeneous IaaS bridges that just end up neutralizing all platforms. I see customers using heterogeneous Cloud Management Platforms (CMP) to do this and the strategy that seems to win more often is about picking the CMP that is linked to your stack of “most use”, and then binding and extending what you can.   For example people use vRealize to manage AWS, Azure and other OpenStack based IaaS – but even that is somewhat limited value – because these CMPs all neutralize a given layer (like an IaaS) without a ton of benefit. I’m increasingly confident about things that bind without “homogenizing that particular layer”, but more are about “value on TOP of that layer”.Examples include: Pivotal Cloud Foundry creating a common PaaS across multiple IaaS platformsServiceNow as an ITSM that spans and binds many servicesThere are examples “inside” the IaaS layer – but only where they provide some big incremental value – an example of that would be NSX and other cross-cloud networking, encryption and security services.Heck, there’s an argument that configuration/automation tools (Puppet, Chef, Ansible and the like) are things that bind together multiple clouds, but without the “homogenization” of the CMPs. First – the headline, because a headline this good shouldn’t be buried: Today, a turnkey Enterprise Hybrid Cloud got 3x simpler, and available 3x smaller.   This makes the number of customers for which it’s an interesting option for 10x more customers.Now – let’s look at context and detail. Hint – always focus on cause, not effect when you want to understand the big picture.For years now, technology leaders never have woken up on a bright shiny morning in IT and said “you know what I need – I need a new server”… or “new storage” … or “a new network switch will change the game”.It’s not that there aren’t people that focus on those questions, and for them it’s their world.   It’s not that component level IT topics don’t exist, aren’t filled with innovation and don’t matter.   Component/ingredient level topics matter – but they are the “effect” not the “cause”. You may be thinking that I’m leading to a point: “that it’s all about Converged Infrastructure (CI) or Hyper-Converged Infrastructure (HCI)”   Nope. CI and HCI matter more on the big stage than components – but they remain a simplification of “effect”.   CI and HCI are a force that simplifies, collapses and automates the common domains of server/network/compute.   CI and HCI are awesome – but they are just a part of the picture. CI and HCI represent the foundation of “transformation of IT” (customers getting out of the server/network/storage business), but not a full vehicle for “business transformation”.So what is the “cause”, this “prime mover” I’m talking about?The cause has been and will continue to be a simple idea that should never be lost: IT’s job is to support business applications and critical workloads, and more generally provide platforms for the business via SaaS, PaaS, and IaaS. This is the cause for IT. This is the purpose of IT – it’s “raison d’etre”.   IT’s “cause” is to provide these platforms that enable the business to run and innovate.   It’s important for all IT practitioners and innovators to always keep it in mind.   Remember cause leads effect, not the other way around.   Put otherwise – don’t start from the bottom up, start top down.This is why one of the most important missions at Dell EMC and ultimately at Dell Technologies isn’t at the component level (though that matters), or even at the CI/HCI level (though that matters) – but how we make turn-key business platforms for IaaS, PaaS – the Multiple, Hybrid Cloud Platforms that are the “cause”.Let’s break down the key words there: “Hybrid”, “Multiple”:The “Hybrid” vs. “Public Only” or “Private Only” debate is really over – except in the minds of a few – particularly those who like hyperbole 🙂   With notable exceptions to be sure – the answer will be Hybrid – why?For data gravity reasons. Compute tends to live where the data lives – and will bias to where the data is born (either on or off premises). This is due to physics, not alt-facts.   Speed of light. The economic curves of WAN relative to persistence, compute and local networks.For governance reasons. This is NOT the same as not the same as “security”. I’m tending to ignore people who FUD public cloud security which can be demonstrated as better than many private clouds.For economic reasons. Public will always win for workloads that are highly variable, relatively transient – public clouds have an overwhelming advantage for highly elastic workloads, particularly ones that have a compute bias. Conversely, there are fundamental reasons why we are even seeing some repatriation of workloads in private clouds (whether it’s Uber, Dropbox, or others) at the same time that here is an indisputable massive growth public clouds – this is not an OR, it’s an AND.last_img read more

New IT Models Change IT Skills Landscape

first_imgOne of the primary reasons IT organizations of all sizes have been embracing converged (CI) and hyper-converged infrastructure (HCI) is to reduce both the total cost of acquiring and operating IT. But while pre-integrated or engineered systems offer some obvious benefits in terms of reducing the total cost of ownership for IT infrastructure, it’s not until IT organizations start to rethink how they apply their IT skillsets that truly profound savings and efficiencies start to manifest themselves across the organization.Beyond reducing the number of vendors needed to build a complete platform, CI and HCI platforms provide a unique moment in time to change the way IT is managed altogether. Rather than continuing to operate compute, storage and networking in isolation from one another, modern integrated systems make it feasible to truly unify the management of both virtual and physical IT resources via a common control plane.Organizations could obviously employ that unification to reduce their reliance on dedicated IT specialists in favor of less expensive IT generalists to manage the overall environment. But that approach is arguably at best short-sighted. Savvy organizations are taking advantage of integrated systems to cross-pollinate expertise across their IT staffs in a way the enables them to deploy and manage application workloads at unprecedented levels of scale.Thanks to the rise of everything from mobile computing applications and micro-services to new use cases driven by digital business initiatives and the Internet of Things, the number of workloads being deployed by the average enterprise is increasing exponentially. Hiring and retaining the IT personnel that would be required to support that level of expansion using legacy infrastructure is economically unsustainable for most organizations. Integrated systems provide the framework through which IT organizations as they are presently sized can effectively support a much larger ratio of workloads per IT staff member.Just as critically important, savvy IT leaders also view the unification of IT infrastructure management as critical means to injecting IT agility into their organizations. IT personnel capable of collectively allocating compute, storage and networking resources can respond faster to both spike in developer demand for infrastructure resources as well as changing business conditions. The days when it took a few minutes to provision a virtual machine, but weeks to provide a network connection have mercifully coming to an end.In fact, many organizations are already starting to recognize the significance of that shift. A report published by 451 Research shows that 41 percent of large enterprise IT organizations with 10,000 or more employees plan to evolve how their IT teams are organized. It’s only a matter of time before smaller IT organizations looks to take advantage of similar economic benefits.And truth be told, most IT personnel are excited about that change because the expansion of their skillsets it enables create an opportunity to increase their value to an organization that is going to be less inclined to consider outsourcing alternatives that eliminate their positions.IT leaders that have adopted integrated systems are clearly the early beneficiaries of advances in IT infrastructure management that many have felt are long overdue. Deploying and managing isolated stacks of compute, storage and networking resources makes neither technological nor economic sense. Integrated systems delivered by a single trusted partner are rewriting the formulas that organizations use to calculate the return on investment (ROI) in IT. As that process continues to occur, many of those same IT leaders are discovering that given all the tradeoffs and hidden costs associated with deploying application workloads in a public cloud, the number of workloads that it makes financial sense to deploy in a public cloud is starting to considerably shrink.Application workloads, much like water, always seek their own level. The better the performance experience the greater the percentage of workloads that typically wind up running on a specific platform. In the case of integrated systems, it’s now feasible to more affordably move workloads much closer to the point where end users are consuming the application. The more latency sensitive a workload is the more sense it makes to deploy on premise. The laws of physics associated access applications across a wide area network are not likely to ever be suspended. What is changing is the operational model used to locally deliver IT services is transforming in a way that makes the internal IT organization into the most efficient provider of IT services for their organization bar none.last_img read more

EXPLAINER: How Russia has tried to stem pro-Navalny protests

first_imgMOSCOW (AP) — A prison sentence for Russian opposition leader Alexei Navalny and a sweeping crackdown on protesters demanding his release reflect the Kremlin’s steely determination to fend off threats to its political monopoly at any cost. Russia has seen mass protests before, and it has used various tactics to confront them, ranging from offering concessions to violently cracking down. The current wave of demonstrations has spread across Russia’s 11-time zones, unlike previous protests that centered on Moscow. In response, Russian authorities have pulled out all the stops: threatening tough penalties for people who attend, peeling protesters off from the crowds and arresting them violently, putting opposition leaders in house arrest and using state media to try to discredit the demonstrators.last_img read more

ND women to analyze workforce

first_imgSome might think the world of business and corporate heads still belongs to the men, but the Undergraduate Women in Business Club (UWIB) is hoping to challenge this notion with their second annual Women’s Professional Development Conference.The theme of the conference, which will be held on April 17, is “A New Decade, A New Beginning.”“The mission of the Undergraduate Women in Business Club is to foster and encourage women involvement in business,” senior Katie Curtin, the conference chair said. “The conference is meant to advocate empowerment in women.”Registration for the conference, which ends today, is open to students from all majors, something committee and UWIB members say is reflective of the common message of the conference.“We’re trying to reach out to all women who are looking at entering the field of business and this can apply to all majors,” UWIB president senior Staysha Sigler said.Many of the organizers of the conference said part of the purpose of the conference is to challenge the traditional notion there aren’t many women currently in the workforce, something that has significantly changed in the past decade.“It’s a new society that we’re entering and it doesn’t have rules yet,” sophomore committee member Juliet Palko said. “People aren’t used to having as many women in the workforce but it’s progressing.”The conference, which Curtin described as an “education event,” is partly aimed at helping women connect the past “It’s a women’s professional development conference and it focuses on mutual learning between students and successful women in business today,” Curtin said. “It’s about learning from their own experiences in the field.”The conference will feature two keynote speakers: Dean Carolyn Woo of the Mendoza College of Business and Diane Guyas, president of DuPont Performance Polymers.“These are women who are going to talk about what they’ve gone through and help prepare us for this new environment,” Sigler said.While the organizers said the conference is primarily an educational experience, there are also networking opportunities. The 10 companies visiting are ones that Sigler says are supportive of women’s roles in the workplace.“Today, companies are realizing that women are assets,” Sigler said. “There are a lot of opportunities for women that are out there and companies are coming to realize that and utilize them.”With Mendoza College of Business recently being ranked the top business school in the country, Sigler said events such as the Women’s Professional Development Conference are necessary to be worthy of the title.“Other top business schools in the country have workshops like this,” she said. “If we want to step up to the challenge of being the number one business school in the country then we need to keep having events like this and make them bigger and better.”last_img read more

Group addresses prayer service, diversity concerns

first_imgAt Wednesday night’s senate meeting, Student Body Vice President Nancy Joyce addressed the service Sunday night held to pray for the most recent on-campus victim of sexual assault. She said the prayer service was part of an ongoing response to any possible future sexual assaults. “I wanted to stress that this was not a spontaneous event,” Joyce said. “It has been part of an ongoing conversation in the Senate and student government.” Meanwhile, Student Body President Alex Coccia opened the meeting by asking the senators to bring back “cab cards” to their dorms, which have the phone numbers for South Bend taxi services. As its first order of business, Senate unanimously voted to pass a resolution that changed the wording of several Student Union Board position titles to reflect consistency within the group. As its second order of business for the meeting, the Senate hosted Carolina Ramirez, a junior serving as student government liaison to Diversity Council, who led the group in a diversity workshop, an activity required by the group’s constitution. “I want to challenge you guys today as student leaders to really sit here and talk openly and honestly,” Ramirez said. As part of the workshop, Ramirez screened a video, which was shown to rectors, assistant rectors and resident assistants during their training this summer. The video comes from “A Call to Action,” a diversity forum that took place as a result of an act of racially-motivated vandalism Feb. 2012. The video showed students speaking about their own experiences with racial prejudice within the Notre Dame community. When the video was over, Ramirez asked Senate to break up into small groups to discuss their reactions. After finishing small group discussion, Ramirez asked the senators to share their thoughts. The resulting discussion focused largely on how to address inappropriate behavior. “I challenge you all,” Ramirez said, “to continue this conversation. Take it back to your dorms and to your friends – that’s how we can move forward.”last_img read more

Right to Life Club festival aims to encourage dialogue on abortion

first_imgFor the Right to Life Club, the most important thing is conversation.Emily Burns, the vice president of events for the club, said the club focuses on promoting an open dialogue about abortion and other pro-life issues. Burns said the club attempts to promote this dialogue through events like LifeFest, a festival that will be held Friday on South Quad and include balloons, inflatables, lawn games, a photo booth and free frozen yogurt.Burns said LifeFest, which is open to both Notre Dame students and the surrounding South Bend community, is simply a way to include everyone in the pro-life movement.“[LifeFest] is for anyone who wants to celebrate life. We use events like this to show that our message is really not something that should be a polarizing thing, a political thing or a religious thing. It’s very much just about the idea that life is something to be celebrated and we want everyone to be able to participate in that,” Burns said. “We hope to reach out to everyone here, no matter what their views are. We just try to encourage conversation and education. But, for those people who are pro-life, we help them understand, explain and defend [their views].”Burns said the festival is a way to celebrate the end of Respect Life Week. In addition to LifeFest, Respect Life Week featured numerous other events, including on-campus speakers, a prayer vigil, masses and displays of support for the pro-life movement.Burns said the club holds Respect Life Week during the month of October because it is National Respect Life Month.“[Throughout Respect Life Week] we want to bring out the elements of our movement that everyone can agree with,” Burns said. “I think with any cause or organization there is always an underlying basis that most people agree with. We are trying to show that the basis of our organization is to show love and that overall that is a good thing for everyone to strive for.”According to Janelle Wanzek, the president of Right to Life, LifeFest is a way for the club to promote the numerous service opportunities the club has throughout the year.“We are not just focused on saying ‘anti-abortion,’ we are focused on providing service opportunities and ways for students to act on their pro-life views,” Wanzek said. “We want to promote these opportunities to the entire student body and show them that there are many different ways that they can put their pro-life views into action.”According to Burns, the club provides numerous service opportunities that aren’t directly connected to the club’s anti-abortion work.“We work with a variety of groups that just focus on defending human dignity,”Burns said. “For example, we work with Hannah and Friends, which is an organization for adults and children that have special needs. People don’t think of that as something that is a controversial pro-life issue, but it is about how these people have dignity.”Burns said these community partners are what sparked this year’s Respect Life Week theme, “Love them both.” This theme refers to loving both the mother and the baby and is directly connected to a pro-adoption, pro-life view, Burns said.“We were approached by someone at the beginning of the year who works for Holy Family Adoption Agency in South Bend, and they brought up the idea of bringing these speakers [on adoption to campus]. We really liked that idea, and so we built the whole week around these speakers,” Burns said.Burns said the selection of this topic was just another way for the club to reach out and include many people who may hold different views.“We wanted to pick a topic that would draw people in. Most people can agree that [loving them both] is a good goal. Maybe people have different ideas on how to achieve that goal, but that goal is something that everyone will agree with. We tried to pick a theme that wasn’t going to drive anyone away,” Burns said. “Overall, we wanted to get people thinking and wondering and maybe even drive away some of the stigma or misconceptions about the pro-life movement.”Tags: LifeFest, National Respect Life Month, Respect Life Week, Right to Life, Right to Life Clublast_img read more