• Privileged credentials for accessing an airport’s security system were recently for sale on the Dark Web for just $10, according to McAfee.
• 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.
• Apple employees in Ireland have been offered as much as €20,000 ($22,878) in exchange for their privilege access credentials in 2016, according to Business Insider.
• Privileged access credentials belonging to more than 1 million staff at a top UK law firm have been found for sale on the Dark Web.

There’s been a 135% year-over-year increase in financial data for sale on the Dark Web between the first half of 2017 and the first half of 2018. The Dark Web is now solidly established as a globally-based trading marketplace for a myriad of privileged credentials including access procedures with keywords, and corporate logins and passwords where transactions happen between anonymous buyers and sellers. It’s also the online marketplace of choice where disgruntled, angry employees turn to for revenge against employers. An employee at Honeywell, angry over not getting a raise, used the Dark Web as an intermediary to sell DEA satellite tracking system data he accessed from unauthorized accounts he created to Mexican drug cartels for $2M. He was caught in a sting operation, the breach was thwarted, and he was arrested.

Your most vulnerable threat surface is a best seller

Sites on the Dark Web offer lucrative payment in bitcoin and other anonymous currencies for administrators’ accounts at leading European, UK and North American banking institutions and corporations. Employees are offering their privileged credentials for sale to the highest bidder out of anger, revenge or for financial gain anonymously from online auction sites.

Privileged access credentials are a best-seller because they provide the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity, a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. This holds especially true when the organizations are not applying multi-factor authentication (MFA) or risk-based access controls to limit any type of lateral movement after unauthorized access. Without these security measures in place, hackers can quickly access any digital businesses’ most valuable systems to exfiltrate valuable data or sabotage systems and applications.

81% of all hacking-related breaches leverage either stolen and weak passwords, according to Verizon’s 2017 Data Breach Investigations Report. A recent study by Centrify and Dow Jones Customer Intelligence titled, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in), found that CEOs can reduce the risk of a security breach by rethinking their Identity and Access Management (IAM) strategies. 68% of executives whose companies experienced significant breaches in hindsight believe that the breach could have been prevented by implementing more mature identity and access management strategies.

In a Zero Trust world, identities are the new security perimeter

The buying and selling of privileged credentials are proliferating on the Dark Web today and will exponentially increase in the years to come. Digital businesses need to realize that dated concepts of trusted and untrusted domains have been rendered ineffective. Teams of hackers aren’t breaking into secured systems; they’re logging in.

Digital businesses who are effective in thwarting privileged credential access have standardized on Zero Trust Security (ZTS) to ensure every potentially compromised endpoint, and threat surface within and outside a company is protected. Not a single device, login attempt, resource requested or other user-based actions are trusted, they are verified through Next-Gen Access (NGA).

Zero Trust Security relies upon four pillars: real-time user verification, device validation, access and privilege limitation, while also learning and adapting to verified user behaviors. Leaders in this area such as Centrify are relying on machine learning technology to calculate risk scores based on a wide spectrum of variables that quantitatively define every access attempt, including device, operating system, location, time of day, and several other key factors.

Depending on their risk scores, users are asked to validate their true identity through MFA further. If there are too many login attempts, risk scores increase quickly, and the NGA platform will automatically block and disable an account. All this happens in seconds and is running on a 24/7 basis ― monitoring every attempted login from anywhere in the world.

A recent Forrester Research thought leadership paper titled, Adopt Next-Gen Access to Power Your Zero Trust Strategy (14 pp., PDF, opt-in), provides insights into how NGA enables ZTS to scale across enterprises, protecting every endpoint and threat surface. The study found 32% of enterprises are excelling at the four ZTS pillars of verifying the identity of every user, validating every device using Mobile Data Management (MDM) and Mobile App Management (MAM), limiting access and privileges and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

NGA is a proven strategy for thwarting stolen and sold privileged access credentials from gaining access to a digital business’ network and systems, combining Identity-as-a-Service, Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Forrester found that scalable Zero Trust Security strategies empowered by NGA lead to increased organization-wide productivity (71%), reduced overall risk (70%) and reduced cost on compliance initiatives (70%).

Additionally, insights gained from user behavior through machine learning allow for greater efficiency — both on reduced compliance (31% more confident) and overall security costs (40% more likely to be confident), as well through increased productivity for the organization (8% more likely to be confident). The following graphic from the study ranks respondents’ answers.

Conclusion

Making sure your company’s privileged access credentials don’t make the best seller list on the Dark Web starts with a strong, scalable ZTS strategy driven by NGA. Next-Gen Access continually learns the behaviors of verified users, solving a long-standing paradox of user experience in security and access management. However, every digital business needs to focus on how the four pillars of Zero Trust Security apply to them and how they can take a pragmatic, thorough approach to secure every threat surface they have.

Clare Hopping

“Deloitte” is the brand under which tens of thousands of dedicated professionals in independent firms throughout the world collaborate to provide audit & assurance, consulting, risk and financial advisory, risk management, tax, and related services to select clients. These firms are members of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). Each DTTL member firm provides services in particular geographic areas and is subject to the laws and professional regulations of the particular country or countries in which it operates.

read more

Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera’s expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.

read more

Every industry is moving towards a hybrid cloud world – with retail, advertising and marketing making the biggest push.

That’s the key finding from a new report by container and cloud technology provider Mesosphere. The study, which focused its responses on more than 700 Mesosphere users, found that almost two thirds (64%) of retail and eCommerce respondents polled said they had hybrid environments.

This is considerably more than advertising, marketing and PR (42%) and IT consulting (40%), which came next in the list. The lowest performing industry is education, with only one in five (21%) proffering hybrid.

Not one respondent in the healthcare industry said they had a primarily cloud-based stack; 71% were on-prem and 29% had hybrid. For education, 64% have wholly cloud and only 14% were on-premise. “Healthcare is going straight from on-prem to hybrid and skipping cloud-only altogether. This is likely due to the size of the data and confidentiality requirements,” the report noted. “Education still trails, possibly due to a large footprint in high performance computing infrastructure.”

The figures don’t correlate with company size. 38% of organisations with 10,000 employees or more are hybrid, compared with 35% for 5,001-10,000 and 39% for 1,001 to 5,000.

Container adoption is seeing steady progress. 84% of Mesosphere users are running containers in production today, up significantly from 62% in 2016. Not surprisingly, Kubernetes was top dog among the respondents. On average, users are running three or more frameworks on Mesosphere, with Kubernetes the most popular ahead of big data service Kafka and open source server Jenkins. The vast majority of those polled (97%) said they were using Kubernetes to simplify deployment.

“The growth of Kubernetes usage on Mesosphere clearly echoes its popularity in the market,” the report notes, “and customers are adopting Kubernetes and leveraging the Mesosphere platform for automation and management.”

Writing in a company blog, Dayna Rothman, Mesosphere VP marketing, explained: “Clearly, the main drivers for implementing Kubernetes on Mesosphere are around simplicity, scale, and flexibility. These drivers are especially critical for enterprise organisations and companies who need to operate multiple Kubernetes clusters.”

Multi-cloud has also gone up considerably in the past couple of years. In the 2016 report, 86% of respondents said they were using only one cloud provider, a number which had gone down to 76% this time around.

Opinion We hear the term ‘the year of the cloud’ many times. I profess that it is ‘the decade of the cloud’ – and what’s more, we haven’t even really started yet.

Having been in the cloud industry for more than 12 years, and had a wealth of opportunity to engage with business across vertical sectors – from small local businesses to global enterprises and across geographic regions – I have witnessed an evolutionary change in acceptance of cloud technologies. This has gone from adamant “we resist” no-cloud policies through to “all in” cloud-first strategies.

We seem to have settled down now into a world where there is acceptance that cloud options should always be considered and the fear of cloud has diminished to a point where questions are asked and diligence done – rightly so, but as a necessary checkpoint, rather than a barrier to progressing.

Cloud is going to rapidly proliferate, not through the name – who says ‘I want some cloud’? – but due to the accelerated and rapid growth of emerging technologies powered by cloud somewhere or somehow. These are fast becoming the norm in everyday life and are appearing on business agendas across sectors. We find big data, AI, IoT, VR, and even drones all appearing in ever more interesting and applicable ways, with their prices becoming consumable by even the smallest of firms. By 2020, we can expect to be seeing AI and IoT increasingly in our everyday lives – often transparent to us, and with cloud hidden away powering their wonderous delivery.

We now hear the terms edge computing and fog computing, as well as wider use of ‘as a service’ as the cloud sector matures. With this maturing comes a wave of change in the underlying delivery mechanisms and platforms.

We started with hosting, data centres hosting your own racked equipment, or providing racks where you could remotely install your applications onto your own single tenancy instance. Heading towards 2020, we are seeing an acceleration of re-platforming and customers moving their workloads to the public cloud, where the early concerns have gone and we now see compute and storage costs constantly reducing on what is known as the race to zero (who will be the first to give it away?). This whilst performance, reliability and function have increased. We have never seen a time in compute previously where the power and function went up at as high an exponential as prices are coming down.

Compounding this is technology vendors who are themselves re-platforming, moving their SaaS offerings from their own hosted data centres to the likes of the big three – AWS, Azure, or Google. We have seen major technology SaaS firms doing this and, in my experience, both where I have worked and those I know well in the sector, this is increasingly commonplace. Cloud firms are realising their core is the IP and expertise, not running the traditional cloud infrastructure itself. Add to this that we are seeing a growth of hosting firms, traditionally fighting against these public cloud giants, not getting on board, instead reselling their hosting and wrapping their cloud expertise around the unbeatable ‘compute power <> price’ ratio that the goliaths can deliver.

By 2020, we can expect cheaper prices throughout the cloud chain, the emergence of eye-opening new tech at home and in the workplace – and a change under the covers of how the cloud providers themselves deliver and monetarise their own offerings.

Ian Moyse is a cloud industry thought leader and cloud sales director at Natterbox.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services that are less expensive and much faster than previous generations of cloud storage. Cloud Storage 2.0 has also delivered new and faster methods for migrating your premises storage environment to the cloud and the concept of multi-cloud. This session will provide technical details on Cloud Storage 2.0 and the methods used to efficiently migrate from premises-to-cloud storage. This session will also discuss best practices for implementing multi-cloud environments.

read more

Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world’s second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactures motherboard chipsets, network interface controllers and integrated circuits, flash memory, graphics chips, embedded processors and other devices related to communications and computing.

read more