Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector.

The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.

DevOpsSUMMIT at CloudEXPO expands the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike.

read more

Cloud access security broker (CASB) Bitglass has announced a $70 million (£53.6m) funding round aimed at consolidating its leadership of the CASB and cloud security market.

The round, a series D, included a new investor in the shape of Quadrille Capital, as well as existing investors Future Fund, New Enterprise Associates (NEA), Norwest, and Singtel Innov8. NEA, as regular readers of this publication will be aware, is a regular investor in the cloud space, with previous bets including Cloudflare, Databricks and Datrium among others.

The role of CASBs is to essentially sit between an organisation’s on-premises infrastructure and a cloud provider’s infrastructure, thereby taking the strain of cloud security away from the client. As TechTarget puts it, it ‘acts as a gatekeeper, allowing the organisation to extend the reach of their security policies beyond their own infrastructure.’

The need for an CASB has significantly increased as organisations continue to not hold up their end of the ‘shared responsibility’ bargain for cloud security. The oft-repeated – yet not oft-heeded – mantra is that cloud vendors were responsible for security of the cloud, while the customer is responsible for security in the cloud, such as data, applications, and identity and access management. Only last week the disclosure by UpGuard of Facebook user data being exposed to the public internet led to more questions.

As a result, last November saw analyst firm Gartner issue its first Magic Quadrant for the area. Bitglass, alongside McAfee, Netskope and Symantec – the latter all worth noting as much wider-purpose security providers – was placed as a leader. This was a point Gartner alluded to in its analysis; while Bitglass’ technical expertise was widely praised, the company did not come up as often as the other leaders in clients’ enquiries.

Writing for this publication in August, Hatem Naguib, SVP security at Barracuda Networks, noted his belief that many organisations continued to misunderstand the shared responsibility model. “The organisations benefiting the most from public cloud are those that understand their public cloud provider is not responsible for securing data or applications, and are augmenting security with support from third party vendors,” Naguib wrote.

“Cloud adoption is disruptive of incumbents securing networks, servers and other infrastructure,” said Nat Kausik, CEO of Bitglass in a statement. “Our next-gen CASB uniquely secures against data leakage and threats without installing more hardware and software.”

Total funding for the company now stands at just over $150 million.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Anand Akela is the Tech Chair of DevOpsSUMMIT | ServerlessSUMMIT. Prior to his current role, Anand was Sr. Director of Product Marketing for DevOps and Cloud Solutions at CA Technologies.
Earlier Anand worked at AppDynamics, Oracle and HP in various product marketing, product management, and engineering roles in the systems management, servers, data center energy efficiency and enterprise software areas.

Anand has more than 20 years of experience in product marketing, product management, strategic planning and software development. Anand received his MBA from The Fuqua School of Business, Duke University and a B.S. in Computer Science from Pune University in India. You can follow Anand on twitter at https://twitter.com/aakela

read more

• For new digital business models to succeed, customers’ privacy preferences need to be secure, and that begins by treating every identity as a new security perimeter.
• Organisations need to recognise that perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity and credential-based threats. Until they start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches.
• 74% of data breaches start with privileged credential abuse that could have been averted if the organisations had adopted a privileged access management (PAM) strategy, according to a recent Centrify survey.
• Just 48% of organisations have a password vault, and only 21% have multi-factor authentication (MFA) implemented for privileged administrative access.

New digital business models are redefining organisations’ growth trajectories and enabling startups to thrive, all driven by customer trust. Gaining and strengthening customer trust starts with a security strategy that can scale quickly to secure every identity and threat surface a new business model creates. 

Centrify’s recent survey, Privileged Access Management in the Modern Threatscape, found 74% of data breaches begin with privileged credential abuse. The survey also found that the most important areas of IT infrastructure that new digital business models rely on to succeed — including big data repositories, cloud platform access, containers, and DevOps — are among the most vulnerable. The most urgent challenges executives are facing include protecting their business, securing customer data, and finding new ways to add value to their business’ operations.

Why executives need to know about identity and access management now  

Executives have a strong sense of urgency to improve identity and access management (IAM) today to assure the right individuals access the right resources at the right times and for the right reasons.

IAM components like access management, single sign-on, customer identity and access management (CIAM), advanced authentication, identity governance and administration (IGA), IoT-driven IAM, and privileged access management address the need to ensure appropriate access to resources across an organisation’s entire attack surface and to meet compliance requirements.

Considering that privileged access abuse is the leading cause of today’s breaches, they’re especially prioritising privileged account management as part of their broader cybersecurity strategies to secure the “keys to their kingdom.” Gartner supports this view by placing a high priority on privileged account management, including it in its Gartner Top 10 Security Projects for 2018, and again in 2019.

During a recent conversation with insurance and financial services executives, I learned why privileged access management is such an urgent, high priority today. Privileged access abuse is the leading attack vector, where they see the majority of breach attempts to access the company’s most sensitive systems and data. It’s also where they can improve customer data security while also making employees more productive by giving them access systems and platforms faster. All of them know instances of hackers and state-sponsored hacking groups offering bitcoin payments in exchange for administrative-level logins and passwords to their financial systems.

Several of the executives I spoke with are also evaluating Zero Trust as the foundation for their cybersecurity strategy. As their new digital business models grow, all of them are focused on discarding the outdated, “trust, but verify” mindset and replacing it with Zero Trust, which mandates a “never trust, always verify” approach. They’re also using a least privilege access approach to minimise each attack surface and improve audit and compliance visibility while reducing risk, complexity, and costs.

The following are the five things every executive needs to know about identity and access management to address a reality that every company and consumer must recognise exists today. Attackers no longer “hack” in, they log in.

Designing in the ability to manage access rights and all digital identities of privileged users require privileged access management (PAM) and identity governance and administration (IGA) systems be integrated as part of an IAM strategy

For digital business initiatives’ security strategies to scale, they need to support access requests, entitlement management, and user credential attestation for governance purposes. With identities being the new security perimeter, provisioning least privileged access to suppliers, distributors, and service organisations is also a must-have to scale any new business model. Natively, IGA is dealing only with end users – not privileged users. Therefore integration with PAM systems is required to bring in privileged user data and gain a holistic view of access entitlements.

IAM is a proven approach to securing valuable Intellectual Property (IP), patents, and attaining regulatory compliance, including GDPR

The fascinating digital businesses emerging today also function as patent and IP foundries. A byproduct of their operations is an entirely new business, product and process ideas. Executives spoken with are prioritising how they secure intellectual property and patents using an Identity and Access Management strategy.

Knowing with confidence the identity of every user is what makes every aspect of an IAM strategy work

Having multi-factor authentication (MFA) enabled for every access session, and threat surface is one of the main processes that make an IAM strategy succeed. It’s a best practice to reinforce Zero Trust principles through multi-factor authentication enforcement on each computer that cannot be circumvented (or bypassed) by malware.

Designing in transaction verification now for future eCommerce digital business models is worth it

Think of your IAM initiative as a platform to create ongoing customer trust with. As all digital business initiatives rely on multi-channel selling, designing in transaction verification as part of an IAM strategy is essential. Organisations are combining verification and MFA to thwart breaches and the abuse of credential access abuse.

In defining any IAM strategy focus on how privileged access management (PAM) needs to be tailored to your specific business needs

PAM is the foundational element that turns the investments made in security into business value. It’s a catalyst for ensuring customer trust turns into revenue. Many organisations equate PAM with a password vault.

But in a modern threatscape where humans, machines, applications, and services dynamically require access to a broadening range of attack surfaces such as cloud, IoT, big data, and containers, that outdated legacy approach won’t effectively secure the leading attack vector: privileged access abuse. Vendors such as Centrify and others are looking beyond the vault and offering Zero Trust solutions for PAM that address these modern access requestors and attack surfaces.

Conclusion

Insurance and financial services executives realise, and even predict, that there’s going to be an increase in the number and intensity of efforts to break into their systems using compromised credentials. Prioritising privileged access management as part of the IAM toolkit is proving to be an effective cybersecurity strategy for protecting their businesses and customers’ data while also making a valuable contribution to its growth.

The bottom line is that identity and access management is the cornerstone of any effective Zero Trust-based strategy, and taking an aggressive, pre-emptive approach to privileged access management is the new normal for organisations’ cybersecurity strategies.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.

read more

The platform combines the strengths of Singtel’s extensive, intelligent network capabilities with Microsoft’s cloud expertise to create a unique solution that sets new standards for IoT applications,” said Mr Diomedes Kastanis, Head of IoT at Singtel. “Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises’ digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected path for IoT innovators to scale globally, and the smartest path to cross-device synergy in an instrumented, connected world.

read more

In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential.
Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at Dice, he takes a metrics-driven approach to management. His experience in building and managing high performance teams was built throughout his experience at Oracle, Sun Microsystems and SocialEkwity.

read more

When you’re operating multiple services in production, building out forensics tools such as monitoring and observability becomes essential. Unfortunately, it is a real challenge balancing priorities between building new features and tools to help pinpoint root causes. Linkerd provides many of the tools you need to tame the chaos of operating microservices in a cloud native world.

Because Linkerd is a transparent proxy that runs alongside your application, there are no code changes required. It even comes with Prometheus to store the metrics for you and pre-built Grafana dashboards to show exactly what is important for your services – success rate, latency, and throughput.

read more

Blockchain has shifted from hype to reality across many industries including Financial Services, Supply Chain, Retail, Healthcare and Government. While traditional tech and crypto organizations are generally male dominated, women have embraced blockchain technology from its inception. This is no more evident than at companies where women occupy many of the blockchain roles and leadership positions. Join this panel to hear three women in blockchain share their experience and their POV on the future of blockchain.

read more

SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise.

Founded in 1992, SUSE is the world’s first provider of an Enterprise Linux distribution.

read more