DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].

read more

Clare Hopping

Hybrid cloud continues to be a strong trend. For many enterprises, their legacy data centre assets are going nowhere. Despite cajoling from cloud providers, the mix of cloud and on-prem remains a prudent one.

It is this theory which has seen the likes of VMware Cloud on AWS come to fruition. The two companies have successfully come together to provide customers with portability between private and public clouds.

Now, AWS is working with another such firm in the shape of Cisco. The latter has announced a new solution built for AWS to run production-grade Kubernetes applications on-premises, with the product being a combination of Amazon EKS (Elastic Container Service for Kubernetes) and Cisco’s Container Platform (CCP), all tied up with Cisco’s networking, security, management and monitoring and AWS’ cloud.

A blog post from Cisco outlined some of the more technical aspects of the partnership. “Through the single CCP management UI, the customer can provision clusters both on-premises and on EKS in the cloud,” wrote Reinhardt Quelle, principal architect. “CCP uses AWS [identity and access management] authentication to create the VPC, instructs EKS to create a new cluster, and then configures the worker nodes in that cluster.”

Kubernetes continues to be a key pawn in organisations’ maturing cloud strategies – and indeed, the strategies of cloud vendors. VMware acquired Heptio, a company set up by two original Kubernetes engineers to give the technology more enterprise reach, while IBM’s planned acquisition of Red Hat was described by this publication as a ‘match made in container heaven.’

“Today, most customers are forced to choose between developing applications on-premises or in the cloud. This can create a complex mix of environments, technologies, teams and vendors – but they shouldn’t have to make a choice,” said Kip Compton, SVP cloud platform and solutions at Cisco. “Now, developers can use existing investments to build new cloud-scale applications that fuel business innovation.

“This makes it easier to deploy and manage hybrid applications, no matter where they run,” Compton added. “This allows customers to get the best out of both cloud and their on-premises environments with a single solution.”

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.

read more

• Over 100 million healthcare IoT devices are installed worldwide today, growing to 161m by 2020, attaining a Compound Annual Growth Rate (CAGR) of 17.2% in just three years according to Statista.
• Healthcare executives say privacy concerns (59%), legacy system integration (55%) and security concerns (54%) are the top three barriers holding back Internet of Things (IoT) adoption in healthcare organizations today according to the Accenture 2017 Internet of Health Things Survey.
• The global IoT market is projected to soar from $249B in 2018 to $457B in 2020, attaining a Compound Annual Growth Rate (CAGR) of 22.4% in just three years according to Statista.

Healthcare and medical device manufacturers are in a race to see who can create the smartest and most-connected IoT devices first. Capitalizing on the rich real-time data monitoring streams these devices can provide, many see the opportunity to break free of product sales and move into more lucrative digital service business models. According to Capgemini’s “Digital Engineering, The new growth engine for discrete manufacturers,” the global market for smart, connected products is projected to be worth $519B to $685B by 2020. The study can be downloaded here (PDF, 40 pp., no opt-in). 47% of a typical manufacturer’s product portfolio by 2020 will be comprised of smart, connected products. In the gold rush to new digital services, data security needs to be a primary design goal that protects the patients these machines are designed to serve. The following graphic from the study shows how organizations producing smart, connected products are making use of the data generated today.

Healthcare IoT device data doesn’t belong for sale on the dark web

Every healthcare IoT device from insulin pumps and diagnostic equipment to Remote Patient Monitoring is a potential attack surface for cyber adversaries to exploit. And the healthcare industry is renowned for having the majority of system breaches initiated by insiders. 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today according to Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR).

Many employees working for medical providers are paid modest salaries and often have to regularly work hours of overtime to make ends meet. Stealing and selling medical records is one of the ways those facing financial challenges look to make side money quickly and discreetly. And with a market on the Dark Web willing to pay up to $1,000 or more for the most detailed healthcare data, according to Experian, medical employees have an always-on, 24/7 marketplace to sell stolen data. 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey. Healthcare IoT devices are a potential treasure trove to inside and outside actors who are after financial gains by hacking the IoT connections to smart, connected devices and the networks they are installed on to exfiltrate valuable medical data.

Healthcare and medical device manufacturers need to start taking action now to secure these devices during the research and development, design and engineering phases of their next generation of IoT products. Specifying and validating that every IoT access point is compatible and can scale to support Zero Trust Security (ZTS) is essential if the network of devices being designed and sold will be secure. ZTS is proving to be very effective at thwarting potential breach attempts across every threat surface an organization has. Its four core pillars include verifying the identity of every user, validating every device, limiting access and privilege, and utilizing machine learning to analyze user behavior and gain greater insights from analytics.

The first step is protect development environments with Zero Trust privilege

Product research & development, design, and engineering systems are all attack surfaces that cyber adversaries are looking to exploit as part of the modern threatscape. Their goals include gaining access to valuable Intellectual Property (IP), patents and designs that can be sold to competitors and on the Dark Web, or damaging and destroying development data to slow down the development of new products. Another tactic lies in planting malware in the firmware of IoT devices to exfiltrate data at scale.

Attack surfaces and the identities that comprise the new security perimeter of their companies aren’t just people; they are workloads, services, machines, and development systems and platforms. Protecting every attack surface with cloud-ready Zero Trust Privilege (ZTP) which secures access to infrastructure, DevOps, cloud, containers, Big Data, and the entire development and production environment is needed.

Zero Trust Privilege can harden healthcare and medical device manufacturers’ internal security, only granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, healthcare and medical device manufacturers would be able to minimize attack surfaces, improve audit and compliance visibility, and reduces risk, complexity, and costs across their development and production operations.

The best security test of all: An FDA audit

Regulatory agencies across Asia, Europe, and North America are placing a higher priority than ever before on cybersecurity to the device level. The U.S. Food & Drug Administration’s Cybersecurity Initiative is one of the most comprehensive, providing prescriptive guidance to manufacturers on how to attain higher levels of cybersecurity in their products.

During a recent healthcare device and medical device manufacturer’s conference, a former FDA auditor (and now Vice President of Compliance) gave a fascinating keynote on the FDA’s intent to audit medical device security at the production level. Security had been an afterthought or at best a “trust but verify” approach that relied on trusted versus untrusted machine domains. That will no longer be the case, as the FDA will now complete audits that are comparable to Zero Trust across manufacturing operations and devices.

As Zero Trust Privilege enables greater auditability than has been possible in the past, combined with a “never trust, always verify” approach to system access, healthcare device, and medical products manufacturers should start engineering in Zero Trust into their development cycles now.

Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web.

With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support.

Leading global enterprises use Isomorphic technology to reduce costs and improve productivity, developing & deploying sophisticated business applications with unprecedented ease and simplicity.

read more

Darktrace is the world’s leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace’s Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal’ for all devices and users, updating its understanding as the environment changes.

read more

Clare Hopping

Tim Danton

Tim Danton