Archivo de la etiqueta: security

Chua Sock Koong, M&A, News & Analysis, Robert McCullen, Singtel, Telco Cloud, Trustwave

Singtel buys Trustwave in managed security play

Singtel has acquired Trustwave, a cloud and managed security services provider

Singtel has acquired Trustwave, a cloud and managed security services provider

Singtel is to acquire IT security firm Trustwave in a move that will see the latter operate as the cybersecurity division of the Singaporean telecoms incumbent.

The deal will see Singtel acquire a 98 per cent stake in the American security services firm, which has an $850m equity value. Singtel said it paid around $810m for the company.

Following the acquisition more than 1,200 Trustwave employees will join Singtel to form a standalone cybersecurity services business unit.

Trustwave said it had three million business subscribers pre-acquisition and five security operations centres (in the US and Poland).

In canned remarks Trustwave chairman, chief executive and president Robert McCullen said: “This strategic partnership creates an unparalleled opportunity to combine Singtel’s robust information and communications solutions with Trustwave’s industry-leading security technologies and managed services platform to deliver cutting-edge solutions that will enhance our customer experience.”

“Singtel is the perfect partner for us as we continue to help businesses fight cybercrime, protect data and reduce security risk, and the Trustwave team is thrilled to become a part of such a prestigious and innovative organization,” McCullen said.

Singtel said the move will allow it to build a stronger presence in the American and European cloud services markets as it combines its existing enterprise IT assets it already leverages in the Asia Pacific region.

Chua Sock Koong, Singtel Group chief executive said: “We aspire to be a global player in cyber security.  We have established a strong security business in the region, both organically and through strategic partnerships with global technology leaders.”

“Our extensive customer reach and strong suite of ICT services, together with Trustwave’s deep cyber security capabilities, will create a powerful combination and allow Singtel to capture global opportunities in the cyber security space,” Koong said.

The acquisition will see Singtel move into an area that seems to be constantly on the up – cyberattacks like DDoS and man-in-the-middle attacks are becoming more frequent and cheaper to procure on the black market according to nearly every report out there, and other IT-focused telcos (i.e. Verizon) making moves to broaden their enterprise services to include cloud security and managed security services. According to Gartner the managed security industry is estimated to generate approximately $24bn by 2018, up almost 75 per cent from $14bn in 2014.

Evan Grim, Josh Alexander, Microsoft, multifactor authentication, News & Analysis, PingIdentity, RSA, Salesforce, Toopher

Salesforce buys mobile authentication startup

MFA is becoming more prominent among enterprises

MFA is becoming more prominent among enterprises

Salesforce has acquired Toopher, a Texas-based mobile authentication startup, for an undisclosed sum.

The company, which offers multifactor authentication (MFA) for mobile platforms, was acquired by the CRM giant less than a month after it secured $200k in new investment.

“Today it is with great excitement that we can unveil our ability to super-charge our superpower—because we are being acquired by Salesforce,” the company’s founders Josh Alexander and Evan Grim wrote in a statement on the Toopher website.

“While we will no longer sell our current products, we are thrilled to join Salesforce, where we’ll work on delivering the Toopher vision on a much larger scale as part of the world’s #1 Cloud Platform. We can’t imagine a better team, technology and set of values with which to align.”

Toopher said it will continue to support existing customers.

Salesforce is aligning itself with a number of enterprise IT vendors including Microsoft, PingIdentity and RSA, which have over the past few years moved to acquire MFA vendors in order to bolster the security posture of their offerings.

Given the rise in MFA adoption among enterprises (a recent SafeNet survey suggests 37 per cent of organisations used MFA in 2014, up from 30 per cent the previous year), the performance improvements associated with tight technical integration between MFA and the services they protect, and the fact these enterprises are becoming more and more mobile, it’s not surprising to see some vendors swoop in to acquire the technology outright.

DDOS, Deloitte, Ed Powers, Mike Denning, News & Analysis, Verizon

Deloitte, Verizon team on cybersecurity

Verizon and Deloitte are teaming up on cybersecurity

Verizon and Deloitte are teaming up on cybersecurity

Deloitte and Verizon Enterprise Solutions have announced a partnership that will see the two firms deliver a comprehensive set of cybersecurity and risk-management solutions to enterprises.

The deal will see Verizon leverage its experience in digital forensics and managed services experience and Deloitte’s cyber risk advisory services to deliver end-to-end incident response services.

“As the cybersecurity landscape becomes more formidable, this alliance enables enterprises to better prepare for today’s new reality,” said Mike Denning, vice president, global security for Verizon Enterprise Solutions.

“We understand that companies need to have the mindset that being breached is a matter of when, not if. With our combined capabilities, we are preparing enterprises to better withstand a cyberattack before and beyond the breach.”

Ed Powers, national managing principal, Deloitte cyber risk services, Deloitte said companies today are looking for more comprehensive cybersecurity tools rather than acquiring them in bits and pieces.

“Organizations today need to quickly contain the damage, but they also need a solutions provider that can help them regain full business strength and improve their capacity to withstand future crises. We are making it possible for our clients to meet tomorrow’s cyber challenges head-on while continuing to power performance in their businesses,” Powers said.

The move comes as cyberattacks like DDoS are becoming more frequent and more impactful. According to a recently published Neustar DDoS report which surveyed 250 businesses across a broad range of sectors globally, about 40 per cent of companies now estimate losses of over £100,000 per hour at peak times during a DDoS outage.

Andrew Kellett, data protection, Data security, News & Analysis, ovum

Ovum: Security skills shortage remains most prevalent barrier in cloud

Security skills shortages are hampering IT's ability to adopt cloud services

A security skills shortage is hampering cloud adoption

Security and an IT security skills shortage remain the most prevalent barriers to cloud uptake, according to Ovum principle analyst Andrew Kellett.

Although Ovum’s research suggests the volume of sensitive corporate data stored in the cloud continues to grow, with enterprise cloud adoption rates exceeding 80 per cent, in many cases this data is not adequately protected.

“Security, or lack thereof, is a significant issue. If there is one problem area inhibiting further adoption of cloud-based services, it is enterprise concerns about shortfalls in the protection regimes of many cloud service providers,” Kellet said, adding that since more sensitive data appears to be stored in the cloud the most basic security practices and controls aren’t necessarily enough.

“On too many occasions, security policies only come into place once a new technology has already gone mainstream, and this is certainly true of the cloud industry. Many cloud providers have been guilty of ‘bolting on’ security as an afterthought, something which has left previous generations of technology vulnerable to malware attacks, advanced persistent threats and other breach tactics.”

“Whether they like it or not, organisations are putting their trust in the hands of the service provider, often without being completely satisfied that such trust is justified or that service levels and protection can be maintained,” he concluded.

Other recently published research from Ovum suggests enterprises are quite concerned with how their cloud service providers implement security controls. The company recently surveyed 818 ITDMs for their views on cloud security and found that in the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

data privacy, data protection, Microsoft, News & Analysis, Public Sector

Microsoft, civil liberties renew calls for Patriot Act reform

Microsoft and close to 50 tech companies and civil liberties assocaitions have renewed calls to reform the US Patriot Act ahead of the expiry of the law's provisions governing bulk data collection

Microsoft and close to 50 tech companies and civil liberties associations have renewed calls to reform the US Patriot Act ahead of the expiry of the law’s provisions governing bulk data collection

Microsoft, along with nearly fifty other technology civil rights associations and technology firms have signed an open letter to senior members of the US government calling for reform of the Patriot Act, a cause célèbre for Microsoft among other cloud firms in recent years.

Microsoft has previously criticised the US government’s bulk data collection practices, and the ability of its authorities to act on warrants beyond US soil (particularly when such acts contradict local laws where those businesses operate).

In an open letter to very senior members of the US government including Michael Rogers, director of the NSA, senate minority leader Harry Reid, and US president Barack Obama, the organisations reaffirm the need to end the US government’s bulk data collection practices, and make government and corporate reporting on any Foreign Intelligence Surveillance Court decisions more transparent.

The US Patriot Act Section 215, which currently serves as the legal basis for the NSA’s bulk collection of metadata, is due to expire in June this year.

“We the undersigned represent a wide range of privacy and human rights advocates, technology companies, and trade associations that hold an equally wide range of positions on the issue of surveillance reform. Many of us have differing views on exactly what reforms must be included in any bill reauthorizing USA Patriot Act Section 215,” the letter reads.

“That said, our broad, diverse, and bipartisan coalition believes that the status quo is untenable and that it is urgent that Congress move forward with reform.”

“It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities. Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability.”

Microsoft is among a range of technology companies in support of reforming how American legal entities treat data, both within the context of surveillance activities or general legal proceedings. But US lawmakers have signaled they are prepared to act on longstanding promises to reform the legal landscape. Last month American lawmakers introduced two bipartisan bills that seek to limit the reach of US courts over data stored in cloud services located outside the US, a move welcomed by a broad coalition of technology and telecoms firm – including Microsoft.

engineering, Enterprise IT, Khatib & Alami, News & Analysis, private

AEC firm K&A moves from private to public cloud, saves 40% in costs

Khatib & Alami moved onto iland's public cloud platform this year

Khatib & Alami moved onto iland’s public cloud platform this year

Global architectural design and project management firm Khatib & Alami (K&A) has moved from a private cloud platform onto a public cloud, which the company said has led to a 40 per cent reduction in IT operations management spend.

K&A, which was set up in 1964 and has offices in the Middle East, Africa, Western Europe and North America, offers a range of architectural and engineering services.

The company originally moved to deploy its internal applications on a private cloud platform hosted in iland’s datacentre in London, which it did in order to consolidate its IT environments.

At the time the company also experimented with public cloud platforms, but preferred to maintain its private cloud deployment. However, while it’s difficult to narrow down an exact figure where private and public cloud platforms are equal in cost, the company’s corporate IT manager Mohamed Saad said the public cloud option began to make more sense at the company’s growth began to outpace its ability to scale efficiently, both in terms to technology and personnel.

“The hardware was becoming too restrictive because we weren’t able to scale up.  We would have had to purchase more hardware and then deploy that and add more virtual servers with capacity for additional processing power. We would also have needed to employ the maintenance staff that went along with purchasing more hardware. Then we’d have to maintain all this equipment,” he explained.

“All of the maintenance and management headaches and the fact we needed rapid scalability helped us come to the decision that having our own private cloud infrastructure was just too much of a hassle.”

“What’s more, iland’s public cloud was considerably more economical than using our own equipment. We’re getting close to 35 to 40 per cent cost savings with iland’s cloud. iland now hosts all of our mission critical applications, allowing us to focus our IT efforts on activities that drive our business forward,” he added.

Enterprise Strategy Group, Funding, Gene Stevens, News & Analysis, Scott Chasin, Universal Music Group

ProtectWise scores $17m to bring cloud security DVR to the enterprise

ProjectWise has exited stealth and announced it has raised $17m in funding

ProjectWise has exited stealth and announced it has raised $17m in funding

ProtectWise, which specialises in providing cloud security services, has exited stealth mode and announced it has secured $17m. The company, which was founded by former McAfee executives Scott Chasin and Gene Stevens, said it will use the funding to expand its sales and marketing efforts.

ProtectWise offers what it’s essentially calling a “cloud network DVR” that the company says can recall and analyse traffic going back weeks, months and even years in a bid to uncover any threats.

“By creating a network memory in the cloud, we’re able to provide a time machine for threat detection,” said Stevens, the company’s chief technology officer. “It automatically replays and analyzes stored network traffic whenever new threats emerge to uncover threats that were previously unknown.  This makes it possible to continuously analyze what we observe in the past and the present together to refine and reveal the threats that matter most.”

It also applies machine learning algorithms in conjunction with a number of commercial intelligence feeds to generate a broad security posture overview of a company’s digital services.

Some of the company’s early customers (it claims over a dozen overall) include the Enterprise Strategy Group and Universal Music Group.

“Enterprises today are grappling with Defense in Doubt,” said Chasin, the company’s chief executive officer. “The traditional defence in depth approach has left security professionals with a costly daisy chain of endpoint solutions that provide only a point-in-time view of threats and emit a tidal wave of security alarms with no context or correlation across solutions. By shifting network security to the cloud, we make it possible to leave this outdated, ineffective model of enterprise network security behind.”

Cloud security firms have attracted significant funding over the past couple of years, a testament to a growing shift towards cloud services. Earlier this month cloud security provider Elastica announced it had secured $30m in series B funding, a year after the firm exited stealth mode and announced its first investment round.

Alan Kessler, Andrew Kellett, cloud security, encryption, Enterprise IT, News & Analysis, ovum, Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Alan Kessler, Andrew Kellett, cloud security, encryption, Enterprise IT, News & Analysis, ovum, Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Featured, Hacking

The Hacking Industry isn’t Just Getting Bigger, it’s Getting Smarter

In this video, Solutions Architect Dan Allen talks about the growth and evolving sophistication of the hacking industry. There was a large uptick in data breaches in late 2013 and throughout 2014. Dan discusses the importance of having visibility into your environment to address breaches as quickly as possible and to make sure they got resolved properly.

 

http://www.youtube.com/watch?v=pM4vw_Tyzjg

 

 

Interested in learning more? Reach out to us!