Jun 23, 2016: Managing Risk through Cloud App Authentication and 360° Control
The easy availability of IT services delivered as cloud services together with the revolution in the range of devices that are used to access these services has created challenges for organizations in the areas of security and compliance. Employees and associates can use their personal cloud services to perform their jobs without reference to their employer. Line of business managers can acquire cloud services without performing risk assessment or considering the impact of these on compliance. To compound the problem mobile devices can be used to access these services from outside of the organizational perimeter anytime and anywhere.
Bridging the Gap Between IT, OT and Business in the Digital Transformation Age
by Bruce Hughes
The Digital Transformation age is focussed on integrating digital technologies such as social, mobile, manufacturing, cloud computing etc. It will inherently lead to new types of innovation and creativity and is already having far reaching application across business, government, medical and mass communications to name a few. The Internet of Things (IoT), that is connecting everything to everything, also presents new challenges to organisations. This new world places Business at risk because they have not embraced security standardisation, developed a holistic view of business risks across the business, or determined how Information Technology (IT) and Operational Technology (OT) will work together to minimise the risks.
Digital Transformation is really a business transformation. Business Models need to be rewritten to take advantage of the new possibilities that Digital Transformation brings as well as how to monetise these opportunities. It is not just about deploying Smart Objects on the factory floor or implementing a blockchain solution to take care of one aspect of the business, it is about developing a go-to-market blueprint that will include reorganising the business, embracing the new technologies, optimising processes, binding customers and aim for a profitable outcome.
There is a huge trend to move away from offering just products and replacing them with customer services. We have seen this for years with Cloud-based software licensing and, as an example, several markets have introduced electric motor vehicles on a “user pays” basis, so instead of buying a car for city use, you rent one by the hour or the day (find one on the street, walk up, and open it with an app on your smartphone), just like other services like bicycle rental.
In the Manufacturing sector, Smart Manufacturing has brought with it a whole new set of business opportunities but also increased risks. The object of Industry 4.0 is to connect the manufacturing environment and OT to optimise the end-to-end processes and to build a service infrastructure between the business and the end customer. Optimisation will be disruptive and may well disenfranchise the middlemen, such as brokers and dealers, from the new operating model.
Optimising the end-to-end view of an organisation that joins the business view to the manufacturing view opens up the manufacturing side to attack as well as the business systems. This changes the security paradigm and puts everything at risk. The IoT and “things” controlling a manufacturing process open up areas of cyber threat that were not previously there. With Smart Vehicles a blackbox could capture data such as performance, location or payment information which would be made available to service providers, motor manufacturers, insurance companies, law enforcement etc. There are a myriad of possibilities and they all need to be managed in an optimal, controlled, safe and secure manner.
A new Business Model must incorporate the requirement to adopt a standardised and configurable security infrastructure to manage cyber risk and at the same time, enable the business to become agile. Agility will enable the business to quickly react to new opportunities or changed circumstances and improve its competitive advantage.
Businesses must also develop a Risk Management Plan to deal with the new circumstances, with a focus on risk mitigation. While risk cannot be totally eliminated, major risks can be identified and mitigated that could endanger the organisation from a number of different perspectives: cost, reputation, regulation, legal, business process, or technical. A comprehensive communications plan is also vital to addressing incident responses across the spectrum of the enterprise.
In this new Digital Transformation age, organisations have to think about security by design and, as a result, agility by design. The IT/OT group must implement a secure, standardised and configurable security infrastructure that embraces security and privacy by design. This will allow an organisation the flexibility required to open or close configurations to meet changing regulatory demands, exchange information with the outside, and address risks as they occur in a quick and economical way and not in the old inefficient ways of costly and risky code changes.
Organisations might consider merging the IT and OT organisations to deliver their part of the Business Model in a more efficient and integrated manner. OT has always been challenging in its own right. OT systems are required to control valves, engines, conveyors and other machines to regulate various process values, such as temperature, pressure, flow, and to monitor them to prevent hazardous conditions. OT systems have used various technologies for hardware design and communications protocols, that are unknown in IT. The most common problems are legacy system and devices and numerous vendor architectures and standards. The focus of OT has been availability rather than confidentiality, integrity and availability as is the case with IT. As OT embraces Smart Devices, integrating OT into an overall enterprise solution will require standardised data exchange abilities and standardised, configurable security to manage the environment. Combining the IT and OT organisations can help facilitate and optimise an organisations end-to-end security and data management in a consistent and optimal manner.
Digital Transformation: Why Security and Privacy Matter
Amazon, Uber, Netflix, the Kindle etc.: Digital technology has changed our society in an appreciable way. Just as our personal lives are being transformed digitally, the same happens in corporations and with our traditional technology solutions. The digital transformation affects everything from customer experience andoperational processes to business models and IT focus. Even software development is being digitally transformed. This leads to new security and privacy challenges: In IoT and digital transformation, organizations have to deal with more identities and relations than ever before. The attack surface increases constantly every day.
Executive View: Signicat Connect, Assure, Sign & Preserve - 72504
by Martin Kuppinger
Signicat offers cloud-based services for secure access to applications, identity proofing, electronic signing, and long-time archiving of signed and sealed documents. With these services, Signicat supports organizations in transforming paper-based processes to cloud-based services, while meeting legal and security requirements.
Executive View: PointSharp Mobile Gateway - 71508
by Alexei Balaganski
PointSharp Mobile Gateway is an enterprise mobility solution that provides strong authentication and easy, yet secure, mobile access to Microsoft Exchange and Skype for Business, both on-premise and in the cloud.
Executive View: CyberArk Privileged Threat Analytics - 71540
by Ivan Niccolai
CyberArk’s latest major release of Privileged Threat Analytics is a capable and focused solution for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements. With the addition of several key features, Privileged Threat Analytics now provides real-time network threat detection and automated response capabilities.
Jun 14, 2016: Authentication, Access, Assets: The Triple A of securing sensitive systems and information
In more than two thirds of all cyber breaches, a misused privileged account serves as the entrance gate. Historically, managing privileged access focused on protecting privileged accounts by securing and managing passwords. But today, simply rotating passwords isn’t enough to defend against increasingly sophisticated cyberattacks. When it comes to securing privileged systems and data, organizations need to broaden their focus on controlling Authentication, Access and Assets.
Executive View: Atos DirX Identity V8.5 - 70896
by Ivan Niccolai
Atos DirX Identity encompasses a rich feature set for all areas of Identity Management and Governance. Its comprehensive business and process-driven approach includes very strong modelling capabilities of the organisational structure and user relationships thus providing the foundation for a business, rather than a technology-centric approach to identity management.
Enforcing Fine Grained Access Control Policies to Meet Legal Requirements
Attribute Based Access Control (ABAC) solutions provide an organization with the power to control access to protected resources via a set of policies. These policies express the increasingly complicated legal and business environments in which companies operate these days. However, due to the number of moving parts, it becomes harder to understand the effect a policy change might have in a complex policy set. These moving parts include the policies themselves, attribute values and the specific queries under consideration.
Executive View: BeyondTrust PowerBroker - 71504
by Ivan Niccolai
BeyondTrust’s PowerBroker product family provides a well-integrated solution with a broad range of capabilities for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements, on endpoints as well as server systems. With dedicated products for major system architectures, PowerBroker provides deep support for privilege management on Windows, Unix/Linux as well as Mac systems.
Executive View: Gigya Customer Identity Management Suite - 71529
by Matthias Reinwarth
A feature-rich customer identity management platform providing strong analytics and tools for business-oriented decision-making processes while enabling compliance with legal and regulatory requirements and an adequately high level of security.
Executive View: SAP Enterprise Threat Detection - 71181
by Martin Kuppinger
In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to threats is a must for protecting the core business systems.
Executive View: Balabit Shell Control Box - 71570
by Alexei Balaganski
Balabit Shell Control Box is a standalone appliance for controlling, monitoring and auditing privileged access to remote servers and network devices. Shell Control Box provides a transparent and quickly deployable PxM solution without the need to modify existing infrastructure or change business processes.
Customer-centric Identity Management
While most organizations are at least good enough in managing their employee identities, dealing with millions of consumer and customer identities imposes a new challenge. Many new identity types, various authenticators from social logins to device-related authenticators in smartphones, risk mitigation requirements for commercial transactions, the relationship with secure payments, customer retention, new business models and thus new requirements for interacting with customers: The challenge has never been that big.
Jun 07, 2016: Data Loss Prevention Best Practice – Applying User-driven Data Classification
The first step in protecting intellectual property and sensitive information is to classify it. This can be accomplished manually via author classification or automatically via content filtering. Some tools simplify the process and provide greater governance.