With up to 75 percent of remote device management projects deemed “not successful,” in 2020, IoT deployment has been limited in realizing its full potential.
Path to IoT project success
However, a new wave of affordable silicon that provides a wide array of features and functionality, in conjunction with the maturation of pre-packed software, will lead to a substantial increase in IoT project success in the upcoming year, predict experts at Sequitur Labs.
According to Verified Market Research, the global IoT market size was valued at $212.1 Billion in 2018 and is expected to witness a growth of 25.68% to reach $1.3 trillion by 2026.
While there are many reasons for IoT deployment struggles, the most common ones involve project complexity, lack of required skills and the inability to implement effective security.
With recent improvements that enable vendors to implement a new generation of functionality into their solutions and device updates, ensuring a substantial increase in the success of IoT projects.
Being heavily involved in the IoT security space, there are several advancements in 2021 that are expected to move the industry forward in several key areas.
Improved industrial IoT remote device management and control
COVID-19 has not only forced people to work remotely, it has also accelerated the need to configure, control and manage industrial devices remotely as well. As a result, the vast majority of industrial end points are expected to support IP-based networks (like Ethernet and Wi-fi) rather than purpose-built networks (for example, Modbus or Profibus).
The devices can be connected to the internet, and as such will also require the ability to boot safely, update securely, enable system recovery, secure sensitive applications and data storage.
Increased cloud integration
Smart device platforms from Google (Google Assistant), Amazon (Alexa) and Apple (Apple Homekit) have emerged as the central communications point in the connected home. Each of these vendors require compliance from their ecosystem partners in order to join their solution.
With the number of connected devices in the home accelerating, the need for device security will become more critical than ever in the coming year.
Increased deployment of IoT for medical devices
Medical products such as remote monitoring devices and sensors for medical equipment are accelerating in adoption. The benefits include lower medical management costs, reduction in hospital stay time and effective equipment monitoring.
The risk of a corrupted or compromised device is high in this industry, and as sheer volumes of remotely monitored and controlled products increase, so do security needs.
Device authentication, secure monitoring for updates, maintenance and health diagnostics, and protection against remote attacks will drive the need for purpose-based solutions in this industry.
“There is huge potential in the deployment of IoT devices into industries that will improve the way people work, communicate and live. However, successful implementation will be limited if these devices cannot be used securely,” said Philip Attfield, CEO, Sequitur Labs.
“The advances in securing remote devices over the past year will lead to incredible innovations in the marketplace, expected to accelerate artificial intelligence and significant technological benefits at the edge.”
Unit4 surveyed business and IT decision makers and users working in service industries in August and September 2020, to understand how well organizations are embracing innovation and adapting to the challenges of the pandemic.
Growing people-centric innovation
The study shows that 84% of global decision makers are accelerating their digital transformation plans, in response to growing demands from users, who want more flexibility to work remotely in the future.
During COVID-19, global decision makers cited three main impacts on their enterprise applications strategies. They have become more agile in their planning (49%) and acknowledge the pace of innovation (42%) has increased, while 35% say it has sped up their investment in moving to the cloud and 24% are more comfortable failing fast.
They’ve also outlined specific priorities to enable workforces to be more productive, which shows that innovation has become much more focused on the needs of users.
As decision makers look ahead to future strategies, the research identifies the top three priorities for users, which decision makers must respond to:
- Having the freedom to access IT systems so they can work from anywhere
- Better tools for collaboration
- Increased automation to reduce their workloads.
Consequently, decision makers say their future IT plans are very people-centric, listing their main objectives as: wanting to enable the flexibility of remote working, creating environments to encourage greater collaboration and empowering employees to be more productive, as well as meeting the demands of customers. Decision makers believe this is achievable by focusing on three tech-based priorities:
- Building a simple and intuitive user interface and experience – 43%
- Using automation to simplify and speed up workflows – 39%
- Enabling users to communicate with enterprise applications using their preferred tools, such as Slack and WhatsApp – 38%
The adaptable organization
As many organizations transitioned to remote working during 2020, a positive outcome has been that 60% of global users say they have been more productive during lockdown. They are also predominantly satisfied that their IT systems have helped them to get the most out of their roles.
It is perhaps unsurprising that 84% of global decision makers want to encourage colleagues to work remotely more often following the lockdown, which is mirrored by 69% of global users who also want the same flexibility.
Clearly, now that organizations have proven their enterprise IT systems can handle the demands of a remote, distributed workforce there is confidence they can sustain the model.
However, there are challenges ahead, as 34% of global decision makers say they must break down silos of information across their organizations and 31% of users are reluctant to change.
On a more positive note a resounding majority (84%) say that the pandemic is forcing meaningful board discussions about future strategy, which clearly shows C-Suite decision makers are engaged.
Traditional on-premise IT systems not capable of reacting to rapid change
77% of global decision makers also believe traditional on-premise IT systems and enterprise applications are not capable of reacting to rapid change, hence why 86% say the cloud offers more flexibility, with more than two-thirds expecting their enterprise applications to be fully cloud-based in the next two years.
“New ways of working, initially broadly imposed by the global pandemic, are morphing into lasting models for the future,” said Mickey North Rizza, program vice president for IDC‘s Enterprise Applications and Digital Commerce research practice.
“Permanent technology changes, underpinned by improved collaboration, include supporting hybrid work, accelerating cloud use, increasing automation, going contactless, adopting smaller TaskApps, and extending the partnership ecosystem. Enterprise application vendors need to assess their immediate and long-term strategies for delivering collaboration platforms in conjunction with their core software.”
“If we’ve learned anything this year, it’s that the business environment can change almost overnight, and as business leaders we have to be able to reimagine our organizations and seize opportunities to secure sustainable competitive advantage,” said Mike Ettling, CEO, Unit4.
“Our study shows what is possible with continued investment in innovation and a people-first, flexible enterprise applications strategy. As many countries go back into some form of lockdown, this people-centric focus is crucial if businesses are to survive the challenges of the coming months.”
26% of remote workers have experienced a cyber attack personally, while 45% of employers have asked their employees to use their personal devices for work since the start of the pandemic, according to a Microsoft research.
The study surveyed 500 employees and 200 business decision makers in September 2020 about remote working, digital security behaviours, and the worries they now face.
The accelerated transition to homeworking is placing pressure on organizations to support the unavoidable blending of personal and professional lives more than ever before.
However, this naturally creates new risks, including the increased risk of cyber attacks. This was reflected in the research which showed that only 17% of remote workers currently believe that the software and technology provided has done enough to protect their data.
This could be in some way due to the pace at which employers had to transition to remote working environments, with 36% of employers admitting they have spent the past few months putting in place the security, privacy, and workplace procedures required for today’s remote working world.
Remote workers’ information protection concerns
76% of workers were surprised with how well they had adapted to remote working. However, one in five employees feel their data is more vulnerable when working from home due to the absence of regular IT supports.
The research points to some potentially dangerous cybersecurity issues amongst remote workers:
- Personal emails: 30% of workers still use personal email accounts to share confidential work materials.
- Poor password hygiene: One third of workers use the same password to log into work and personal devices.
- Unregulated access: 43% face/navigate no security restrictions when accessing work-related documents and materials remotely.
Employers’ security management concerns
One of the most concerning findings is that organizations are potentially side-stepping their own security procedures in the name of expediency:
- Reactive approach: One third of employers acknowledge they are exposed since they had to make remote-working decisions and transitions so quickly.
- Lack of devices: 45% of employers have had to ask their employees to use their personal devices for work purposes since the start of the pandemic.
- No remote BYOD policies: 42% of employers are yet to secure those remote employee’s personal devices.
Furthermore, 41% of employers acknowledge it has become increasingly difficult to remain GDPR compliant because of the pandemic.
The report identified an escalation in both the level and sophistication of attacks. For example:
- Over 13bn malicious and suspicious mails were blocked, out of which more than 1bn were URLs set up for the explicit purpose of phishing credential attacks in 2019.
- Ransomware is the most common reason behind Microsoft’s incident response engagements from October 2019 through July 2020.
- The most common attack techniques used by nation-state actors in the past year are reconnaissance, credential harvesting, malware, and VPN exploits.
- IoT threats are constantly expanding and evolving. The first half of 2020 saw an approximate 35% increase in total attack volume compared to the second half of 2019.
Des Ryan, Solutions Director for Microsoft Ireland, said: “Cyber hackers are opportunistic, skilled, and relentless. They have become adept at evolving their techniques to increase success rates, whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work.
“While our physical work locations may have changed, our responsibilities in protecting organizational data and complying to data regulations have not. Now is the time to address this with an increased investment in cybersecurity, secure devices, tighter policies, increased support, and education for employees so they can play an important role in not only protecting themselves but also their organizations.”
Cloud-based services and hybrid working
When asked about the future, 58% believe they will have a hybrid workforce in future as more staff work from home more of the time and others are in the office.
57% felt more positive about using cloud-based services, including productivity tools.
Remote priorities: Training, support and investment
However, the research shows that Irish organizations understand there is a gap with 41% admitting they are behind the curve when it comes to having the right digital services and technologies in place to deal with new working realities.
As a result of the move to remote working, employers are focused on investment in digital security. The research found:
- 38% of organizations have already increased the level and detail of cybersecurity training for staff who are working from home.
- A further 52% will prioritise investing in training in 2021.
- 44% of workers would also welcome alternatives to passwords, with biometric verification (fingerprint or facial recognition) being the most popular options.
As the “as-a-service” cloud model revolutionizes the way businesses of all sizes use technology, a study released by AppDirect reveals that SMBs are eagerly adopting infrastructure as a service (IaaS) and that they prefer to purchase solutions from resellers.
The report also found that 72% of SMBs already run most of their workloads in the cloud, and that eight out of 10 plan to increase their IaaS spend over the next three years.
SMBs inceasingly using IaaS solutions
For years, SMBs have been eager SaaS adopters. Now, as their understanding of—and comfort with—the public cloud has increased, many SMBs are adopting IaaS solutions to manage critical parts of their businesses.
Small businesses already spend more than $60 billion on IaaS, a figure that is set to reach more than $90 billion by 2023.
“As-a-service solutions have been a game-changer for SMBs, giving them access to enterprise-grade technology that levels the playing field, and IaaS is no different,” said Dan Saks, co-CEO of AppDirect.
“Our report shows that SMBs are eager to adopt IaaS, but they want trusted partners to help them scale the solutions that are best for their businesses. There’s a huge IaaS opportunity for IaaS resellers who offer the products and ease of use that SMBs want.”
SMB spending is on the rise
Just 20% of SMBs say they will hold spending at current levels, while 80% plan to increase IaaS purchasing over the next three years. Many are starting to shop around for the best products and deals, with 69% SMBs buying from multiple providers to get better pricing.
Others also pursue a multi-vendor strategy to diversify their technology (41%) or find the products that best suit their needs.
Resellers are valuable partners
Businesses have two main options to purchase IaaS services – going directly to a provider or working with a reseller. They prefer working with resellers by nearly a 20-point margin—59% vs 41%—primarily for the more personalized attention that resellers offer.
In fact, resellers have the edge in almost every area measured, including trust, support, understanding business needs, and flexibility. Providers came out ahead only on pricing and discounting options.
Challenges for resellers in gearing up to serve SMBs
SMBs prefer to purchase from multiple providers. However, resellers are experiencing significant obstacles to a multi-provider strategy. Lack of skilled staff (82%) is the biggest challenge, followed by provider exclusives (46%).
With most SMBs looking to spend more on IaaS, resellers who balance investing in additional personnel and platform technology that can streamline IaaS provider onboarding and management are likely to see a return on their efforts to reach SMBs.
Many resellers seem to recognize this fact. 56% of resellers plan to increase their investment in selling to SMBs over the next three years.
Bitglass released a report which uncovers whether organizations are properly equipped to defend themselves in the cloud. IT and security professionals were surveyed to understand their top security concerns and identify the actions that enterprises are taking to protect data in the cloud.
Orgs struggling to use cloud-based resources safely
93% of respondents were moderately to extremely concerned about the security of the public cloud. The report’s findings suggest that organizations are struggling to use cloud-based resources safely. For example, a mere 31% of organizations use cloud DLP, despite 66% citing data leakage as their top cloud security concern.
Similarly, organizations are unable to maintain visibility into file downloads (45%), file uploads (50%), DLP policy violations (50%), and external sharing (55%) in the cloud.
Many still using legacy tools
The report also found that many still try to use tools like firewalls (44%), network encryption (36%), and network monitoring (26%) to secure the use of the cloud–despite 82% of respondents recognizing that such legacy tools are poorly suited to do so and that they should instead use security capabilities designed for the cloud.
“To address modern cloud security needs, organizations should leverage multi-faceted security platforms that are capable of providing comprehensive and consistent security for any interaction between any device, app, web destination, on-premises resource, or infrastructure,” said Anurag Kahol, CTO at Bitglass.
“According to our research, 79% of organizations already believe it would be helpful to have such a consolidated security platform; now they just need to choose and implement the right one.”
Nutanix announced the findings of its survey and research report, which measures enterprise progress with adopting private, hybrid and public clouds. This year, survey respondents were also asked about the impact of the COVID-19 pandemic on current and future IT decisions and strategy.
Hybrid cloud is still the frontrunner as the ideal IT infrastructure model (86% of respondents think so), and respondents running hybrid environments are more likely to plan to focus on strategic efforts and driving positive business impact.
Shifting IT’s focus toward remote worker support
The pandemic has shifted IT’s focus toward remote worker support and enabling near-instant infrastructure deployments that reach geographically distributed workforces, spurring increased enterprise progress with cloud expansion.
Additionally, a greater number of respondents running hybrid environments said they were likely to offer more flexible work setups, strengthen their business continuity plans, simplify operations, and increase digital conferencing usage because of the pandemic.
76% of respondents reported the pandemic made them think more strategically about IT, and 46% said their investments in hybrid cloud have increased as a direct result of the pandemic, including public and private clouds.
Additionally, businesses also increasingly rely on multiple public clouds to meet their needs compared to previous years. The report showed that, among those who use public clouds, 63% of respondents use two or more public clouds, or multicloud, respondents are also expecting this number to jump to 71% in the next 12 months.
Enterprises taking key steps toward reaching their IT operating model of choice
Global respondents report taking the initial key steps to successfully run a hybrid environment, including adopting hyperconverged infrastructure in their datacenters and decommissioning non-cloud-enabled datacenters in favor of private and public cloud usage.
Global IT teams are also planning for substantial infrastructure changes; they foresee, on average, hybrid cloud deployments increasing by more than 37 percentage points over the next five years, with a corresponding 15-point drop in non-cloud-enabled datacenters.
Most notably of the many infrastructure categories, respondents reported running a mixed model of private cloud, public cloud, and traditional datacenter more often than any other (nearly 26%) which is likely a precursor to a hybrid cloud deployment.
Remote work is here to stay — and companies are planning for it
In last year’s survey, about 27% of respondent companies had no full-time at-home workers. That number fell 20 percentage points this year to only 7%, as a result of to COVID-19.
By 2022, respondents predict that an average of 13% of companies will have no full-time remote employees at that time, less than half as many as a year ago in 2019, before COVID struck. Improving IT infrastructure (50%) and work-from-home capabilities (47%) have therefore become priorities for the next 12 to 18 months.
Strategic business outcomes, not economics, drive change today
Respondents said their primary motives for modifying their IT infrastructures are to get greater control of their IT resources (58%), gain the flexibility to meet dynamic business requirements (55%), and improve support for customers and remote workers (46%). By contrast, just 27% mentioned cutting costs as a driver.
Educators face unique COVID-19-related challenges and needs
More education-industry respondents cited “ensuring that remote workers have adequate hardware” as a primary challenge than any other issue. 47% also cited providing “adequate communications channels among employees, customers, and clients” as a top challenge.
The education sector is taking the right steps toward transformation, ranking high in private cloud deployments, with 29% of respondents saying they were running private clouds only (substantially more than the 22% global average).
“Today, technology has taken on an entirely new meaning. It is a complex strategy and it makes or breaks a company’s long-term viability. COVID-19 has accelerated us into a new era of strategic IT and raised its profile considerably, and the findings from this year’s Enterprise Cloud Index reflect this new reality.
“Hybrid cloud is the frontrunner, and it will continue to be as we navigate our mixing of physical and virtual environments and move away from doing business in a single mode.”
As COVID-19 lockdown measures were implemented in March-April 2020, consumer and business behavioral changes transformed the internet’s shape and how people use it virtually overnight. Many networks experienced a year’s worth of traffic growth (30-50%) in just a few weeks, Nokia reveals.
By September, traffic had stabilized at 20-30% above pre-pandemic levels, with further seasonal growth to come. From February to September, there was a 30% increase in video subscribers, a 23% increase in VPN end-points in the U.S., and a 40-50% increase in DDoS traffic.
Ready for COVID-19
In the decade prior to the pandemic, the internet had already seen massive and transformative changes – both in service provider networks and in the evolved internet architectures for cloud content delivery. Investment during this time meant the networks were in good shape and mostly ready for COVID-19 when it arrived.
Manish Gulyani, General Manager and Head of Nokia Deepfield, said: “Never has so much demand been put on the networks so suddenly, or so unpredictably. With networks providing the underlying connectivity fabric for business and society to function as we shelter-in-place, there is a greater need than ever for holistic, multi-dimensional insights across networks, services, applications and end users.”
The networks were made for this
While the networks held up during the biggest demand peaks, data from September 2020 indicates that traffic levels remain elevated even as lockdowns are eased; meaning, service providers will need to continue to engineer headroom into the networks for future eventualities.
Content delivery chains are evolving
Demand for streaming video, low-latency cloud gaming and video conferencing, and fast access to cloud applications and services, all placed unprecedented pressure on the internet service delivery chain.
Just as Content Delivery Networks (CDNs) grew in the past decade, it’s expected the same will happen with edge/far edge cloud in the next decade – bringing content and compute closer to end users.
Residential broadband networks have become critical infrastructure
With increased needs (upstream traffic was up more than 30%), accelerating rollout of new technologies – such as 5G and next-gen FTTH – will go a long way towards improving access and connectivity in rural, remote and underserved areas.
Better analytical insights enable service providers to keep innovating and delivering flawless service and loyalty-building customer experiences.
Deep insight into network traffic is essential
While the COVID-19 era may prove exceptional in many ways, the likelihood is that it has only accelerated trends in content consumption, production and delivery that were already underway.
Service providers must be able to have real-time, detailed network insights at their disposal – fully correlated with internet traffic insights – to get a holistic perspective on their network, services and consumption.
Security has never been more important
During the pandemic, DDoS traffic increased between 40-50%. As broadband connectivity is now largely an essential service, protecting network infrastructure and services becomes critical.
Agile and cost effective DDoS detection and automated mitigation are becoming paramount mechanisms to protect service provider infrastructures and services.
As we near 2021, it seems that the changes to our working life that came about in 2020 are set to remain. Businesses are transforming as companies continue to embrace remote working practices to adhere to government guidelines. What does the next year hold for organizations as they continue to adapt in the age of the Everywhere Enterprise?
We will see the rush to the cloud continue
The pandemic saw more companies than ever move to the cloud as they sought collaboration and productivity tools for employee bases working from home. We expect that surge to continue as more companies realize the importance of the cloud in 2021. Businesses are prepared to preserve these new working models in the long term, some perhaps permanently: Google urged employees to continue working from home until at least next July and Twitter stated employees can work from home forever if they prefer.
Workforces around the world need to continue using alternatives to physical face-to-face meetings and remote collaboration tools will help. Cloud-based tools are perfect for that kind of functionality, which is partly why many customers that are not in the cloud, want to be. The customers who already started the cloud migration journey are also moving more resources to public cloud infrastructure.
People will be the new perimeter
While people will eventually return to the office, they won’t do so full-time, and they won’t return in droves. This shift will close the circle on a long trend that has been building since the mid-2000s: the dissolution of the network perimeter. The network and the devices that defined its perimeter will become even less special from a cybersecurity standpoint.
Instead, people will become the new perimeter. Their identity will define what they’re allowed to access, both inside and outside the corporate network. Even when they are logged into the network, they will have minimal access to resources until they and the device they are using have been authenticated and authorized. This approach, known as zero trust networking, will pervade everything, covering not just employees, but customers, contractors, and other business partners.
User experience will be increasingly important in remote working
Happy, productive workers are even more important during a pandemic. Especially as on average, employees are working three hours longer since the pandemic started, disrupting the work-life balance. It’s up to employers to focus on the user experience and make workers’ lives as easy as possible.
When the COVID-19 lockdown began, companies coped by expanding their remote VPN usage. That got them through the immediate crisis, but it was far from ideal. On-premises VPN appliances suffered a capacity crunch as they struggled to scale, creating performance issues, and users found themselves dealing with cumbersome VPN clients and log-ins. It worked for a few months, but as employees settle in to continue working from home in 2021, IT departments must concentrate on building a better remote user experience.
Old-school remote access mechanisms will fade away
This focus on the user experience will change the way that people access computing resources. In the old model, companies used a full VPN to tunnel all traffic via the enterprise network. This introduced latency issues, especially when accessing applications in the cloud because it meant routing all traffic back through the enterprise data center.
It’s time to stop routing cloud sessions through the enterprise network. Instead, companies should allow remote workers to access them directly. That means either sanitizing traffic on the device itself or in the cloud.
User authentication improvements
Part of that new approach to authentication involves better user verification. That will come in two parts. First, it’s time to ditch the password. The cybersecurity community has advocated this for a long time, but the work-from-home trend will accelerate it. Employees accessing from mobile devices are increasingly using biometric authentication, which is more secure and convenient.
The second improvement to user verification will see people logging into applications less often. Sessions will persist for longer, based on deep agent-based device knowledge that will form a big part of the remote access experience.
Changing customer interactions will require better mobile security
It isn’t just employees who will need better mobile security. Businesses will change the way that they interact with customers too. We can expect fewer person-to-person interactions in retail as social distancing rules continue. Instead, contact-free transactions will become more important and businesses will move to self-checkout options. Retailers must focus more on mobile devices for everything from browsing products, to ordering and payment.
The increase in QR codes presents a great threat
Retailers and other companies are already starting and will continue to use QR codes more and more to bridge contact with things like menus and payment systems, as well as comply with social distance rules. Users can scan them from two meters away, making them perfect for payments and product information.
The problem is that they were never designed for these applications or digital authentication and can easily be replaced with malicious codes that manipulate smartphones in unexpected and damaging ways. We can expect to see QR code fraud problems increase as the usage of these codes expands in 2021.
The age of the Everywhere Enterprise
One overarching message came through clearly in our conversations with customers: the enterprise changed for the longer term in 2020, and this will have profound effects in 2021. What began as a rushed reaction during a crisis this year will evolve during the next as the IT department joins HR in rethinking employee relationships in the age of the everywhere enterprise.
If 2020 was the year that businesses fell back on the ropes, 2021 will be the one where they bounce forward, moving from a rushed reaction into a thoughtful, measured response.
COVID-19 and the subsequent global recession have thrown a wrench into IT spending. Many enterprises have placed new purchases on hold. Gartner recently projected that global spending on IT would drop 8% overall this year — and yet dollars allocated to cloud-based services are still expected to rise by approximately 19 percent, bucking that downward trend.
Underscoring the relative health of the cloud market, IDC reported that all growth in traditional tech spending will be driven by four platforms over the next five years: cloud, mobile, social and big data/analytics. Their 2020-2023 forecast states that traditional software continues to represent a major contribution to productivity, while investments in mobile and cloud hardware have created new platforms which will enable the rapid deployment of new software tools and applications.
With entire workforces suddenly going remote all over the world, there certainly are a number of specific business problems that need to be addressed, and many of the big issues involve VPNs.
Assault on VPNs
Millions of employees are working from home, and they all have to securely access their corporate networks. The vast majority of enterprises still rely on on-premises servers to some degree (estimates range from 60% to 98%), therefore VPNs play a vital role in enabling that employee connection to the network. This comes at a cost, though: bandwidth is gobbled up, slowing network performance — sometimes to a crippling level — and this has repercussions.
Maintenance of the thousands of machines and devices connected to the network gets sacrificed. The deployment of software, updates and patches simply doesn’t happen with the same regularity as when everyone works on-site. One reason for this is that content distribution (patches, applications and other updates) can take up much-needed bandwidth, and as a result, system hygiene gets sacrificed for the sake of keeping employees productive.
Putting off endpoint management, however, exposes corporate networks to enormous risks. Bad actors are well aware that endpoints are not being maintained at the same level as pre-pandemic, and they are more than willing to take advantage. Recent stats show that the volume of cyberattacks today is pretty staggering — much higher than prior to COVID-19.
Get thee to the cloud: Acceleration of modern device management
Because of bandwidth concerns, the pressure to trim costs, and the need to maintain machines in new ways, many enterprises are accelerating their move to the cloud. The cloud offers a lot of advantages for distributed workforces while also reducing costs. But digital transformation and the move to modern device management can’t happen overnight.
Enterprises have invested too much time, money, physical space and human resources to just walk away. Not to mention, on-premises environments have been highly reliable. Physical servers are one of the few things IT teams can count on to just work as intended these days.
Hybrid environments offer a happy medium. With the latest technology, enterprises can begin migrating to the cloud and adapt to changing conditions, meeting the needs of distributed teams. They can also save some money in the process. At the same time, they don’t have to completely abandon their tried-and-true servers.
Solving specific business problems: Content distribution to keep systems running
But what about those “specific business problems,” such as endpoint management and content distribution? Prior to COVID-19, this had been one of the biggest hurdles to digital transformation. It was not possible to distribute software and updates at scale without negatively impacting business processes and without excessive cost.
The issue escalated with the shift to remote work. Fortunately, technology providers have responded, developing solutions that leverage secure and efficient delivery mechanisms, such as peer-to-peer content distribution, that can work in the cloud. Even in legacy environments, vast improvements have been made to reduce bandwidth consumption.
These solutions allow enterprises to transition from a traditional on-premises infrastructure to the cloud and modern device management at their own speed, making their company more agile and resilient to the numerous risks they encounter today. Breakthrough technologies also support multiple system management platforms and help guarantee endpoints stay secure and updated even if corporate networks go down – something that, given the world we live in today, is a very real possibility.
Companies like Garmin and organizations such as the University of California San Francisco joined the unwitting victims of ransomware attacks in recent months. Their systems were seized, only to be released upon payment of millions of dollars.
While there is the obvious hard cost involved, there are severe operational costs as well — employees that can’t get on the network to do their jobs, systems must be scanned, updated and remediated to ensure the network isn’t further compromised, etc. A lot has to happen within a short period of time in the wake of a cyberattack to get people back to work as quickly and safely as possible.
Fortunately, with modern cloud-based content distribution solutions, all that is needed for systems to stay up is electricity and an internet connection. Massive redundancy is being built into the design of products to provide extreme resilience and help ensure business continuity in case part or all of the corporate network goes down.
The newest highly scalable, cloud-enabled content distribution options enable integration with products like Azure CDN and Azure Storage and also provide a single agent for migration to modern device management. With features like cloud integration, internet P2P, and predictive bandwidth harvesting, enterprises can leverage a massive amount of bandwidth from the internet to manage endpoints and ensure they always stay updated and secure.
Given these new developments precipitated and accelerated by COVID-19, as well as the clear, essential business problem these solutions address, expect to see movement and growth in the cloud sector. Expect to see an acceleration of modern device management, and despite IT spending cuts, expect to see a better, more secure and reliable, cost efficient, operationally efficient enterprise in the days to come.
It was an accomplishment for the ages: within just a couple of days, IT departments hurriedly provided millions of newly homebound employees online access to the data and apps they needed to remain productive.
Some employees were handed laptops as they left the building, while others made do with their own machines. Most connected to their corporate services via VPNs. Other companies harnessed the cloud and software and infrastructure services (SaaS, IaaS).
Bravo, IT! Not only did it all work, businesses and employees both saw the very real benefits of remote life, and that egg is not going back into the shell. Many won’t return to those offices and will continue work from home.
But while immediate access challenges were answered, this was not a long-term solution.
Let’s face it, because of the pandemic a lot of companies were caught off guard with insufficient plans for data protection and disaster recovery (DR). That isn’t easy in the best of times, never mind during a pandemic. Even those with effective strategies now must revisit and update them. Employees have insufficient home security. VPNs are difficult to manage and provision, perform poorly and are hard to scale. And, IT’s domain is now stretched across the corporate data center, cloud (often more than one), user endpoints and multiple SaaS providers.
There’s a lot to do. A plan that fully covers DR, data protection and availability is a must.
There are several strategies for protecting endpoints. First off, if employees are using company-issued machines, there are many good mobile machine management products on the market. Sure, setting up clients for a volume of these will be a laborious task, but you’ll have peace of mind knowing data won’t go unprotected.
Another strategy is to create group policies that map the Desktop and My Documents folders directly to the cloud file storage of your choice, no matter if it’s Google Drive, OneDrive, Dropbox or some other solution. That can simplify file data protection but its success hinges on the employee storing documents in the right place. And if they keep them on their desktop, for example, they’re not going to be protected.
And right there is the rub with protecting employee machines – employees are going to store data on these devices. Often, insecure home Internet connections make these devices and data vulnerable. Further, if you add backup clients and/or software to employee-owned machines, you could encounter some privacy resistance.
Remote desktops can provide an elegant solution. We’ve heard “this is the year of virtual desktop infrastructure (VDI)” for over a decade. It’s something of a running joke in IT circles, but you know what? The current scenario could very well make this the year of remote desktops after all.
VDI performance in more sophisticated remote desktop solutions has greatly improved. With a robust platform configured properly, end-users can’t store data on their local machines – it’ll be safely kept behind a firewall with on-premises backup systems to protect and secure it.
Further, IT can set up virtual desktops to prevent cut and paste to the device. And because many solutions don’t require a client, it doesn’t matter what machine an employee uses – just make sure proper credentials are needed for access and include multi-factor authentication.
Pain in the SaaS
As if IT doesn’t have enough to worry about, there’s a potential SaaS issue that can cause a lot of pain. Most providers operate under the shared responsibility model. They secure infrastructure, ensure apps are available and data is safe in case of a large-scale disaster. But long-term, responsibility for granular protection of data rests on the shoulders of the customer.
Unfortunately, many organizations are unprepared. A January 2020 survey from OwnBackup of 2,000 Salesforce users found that 52% are not backing up their Salesforce data.
What happens if someone mistakenly deletes a Microsoft Office 365 document vital for a quarterly sales report and it’s not noticed for a while? Microsoft automatically empties recycle bins data after 30 days, so unless there’s backup in place, it’s gone for good.
Backup vendors provide products to protect data in most of the more common SaaS services, but if there’s not a data protection solution for one your organization is using, make data protection part of the service provider’s contract and insist they regularly send along copies of your data.
When it comes to a significant disaster, highly distributed environments can make recovery difficult. The cloud seems like a clear choice for storing DR and backup data, but while the commodity cloud providers make it easy and cheap to upload data, costs for retrieval are much higher. Also, remember that cloud recovery is different from on-prem, requiring expertise in areas like virtual machines and user access. And, if IT is handling cloud directly and has issues, keep in mind that it could be very difficult getting support.
During a disaster, you want to recover fast; you don’t want to be creating a backup and DR strategy as the leadership grits their teeth due to downtime. So, set your data protection strategy now, be sure each app is included, follow all dependencies and test over and over again. Employees and data may be in varied locations, so be sure you’re completely covered so your company can get back in the game faster.
While IT pulled off an amazing feat handling a rapid remote migration, to ensure your company’s future, you need to be certain it can protect data, even outside of the corporate firewall. With a backup and DR strategy for dispersed data in place, you’ll continue to be in a position to make history, instead of fading away.
Businesses increasingly embrace the moving of multiple applications to the cloud using containers and utilize Kubernetes for orchestration, according to Zettaset.
However, findings also confirm that organizations are inadequately securing the data stored in these new cloud-native environments and continue to leverage existing legacy security technology as a solution.
Businesses are faced with significant IT-related challenges as they strive to keep up with the demands of digital transformation. Now more than ever to maintain a competitive edge, companies are rapidly developing and deploying new applications.
Companies must invest in high performance data protection
The adoption of containers, microservices and Kubernetes for orchestration play a significant role in these digital acceleration efforts. And yet, while many companies are eager to adopt these new cloud-native technologies, research shows that companies are not accurately weighing the benefits of enterprise IT innovation with inherent security risks.
“Our goal with this research was to determine whether enterprise organizations who are actively transitioning from DevOps to DevSecOps are investing in proper security and data protection technology. And while findings confirm that companies are in fact making the strategic decision to shift towards cloud-native environments, they are currently ill-equipped to secure their company’s most critical asset: data.
“Companies must invest in high performance data protection so as it to secure critical information in real-time across any architecture.”
- Organizations are embracing the cloud and cloud-native technologies: 39% of respondents have multiple production applications deployed on Kubernetes. But, companies are still struggling with the complexities associated with these environments and how to secure deployments.
- Cloud providers offer considerable influence with regards to Kubernetes distribution: A little over half of those surveyed are using open source Kubernetes available through the Cloud Native Computing Foundation (CNCF). And 34.7% of respondents are using a Kubernetes offering managed by an existing cloud provider such as AWS, Google, Azure, and IBM.
- Kubernetes security best practices have yet to be identified: 60.1% of respondents believe there is a lack of proper education and awareness of the proper ways to mitigate risk associated with storing data in cloud-native environments. And 43.2% are confident that multiple vulnerable attack surfaces are created with the introduction of Kubernetes.
- Companies have yet to evolve their existing security strategies: Almost half of respondents (46.5%) are using traditional data encryption tools to protect their data stored in Kubernetes clusters. Over 20% are finding that these traditional tools are not performing as desired.
“The results of our research substantiate the notion that enterprise organizations are moving forward with cloud-native technologies such as containers and Kubernetes. What we were most interested in discovering was how these companies are approaching security,” said Charles Kolodgy, security strategist and author of the report.
“Companies overall are concerned about the wide range of potential attack surfaces. They are applying legacy solutions but those are not designed to handle today’s ever-evolving threat landscape, especially as data is being moved off-premise to cloud-based environments.
“To stay ahead of what’s to come, companies must look to solutions purposely built to operate in a Kubernetes environment.”
Overall investments in digital resiliency have increased steadily throughout the year as businesses prioritize or accelerate adoption of cloud, collaborative, and digital transformation projects, IDC reveals.
Security has also been a major investment area, driven by the shift to more remote work and accelerated cloud adoption in 2020.
“Digital resiliency refers to an organization’s ability to rapidly adapt to business disruptions by leveraging digital capabilities to not only restore business operations, but also capitalize on the changed conditions,” said Stephen Minton, VP in IDC‘s Customer Insights & Analysis group.
“As the COVID-19 crisis has shown, the ability to respond quickly and effectively to unexpected changes in the business environment are critical to an organization’s short-term success. To prepare for future business disruptions, organizations need plans that will enable them to rapidly adapt as opposed to just respond.
“Investments in digital capabilities not only enable an organization to adapt to the current crisis but also to capitalize on the changed conditions.”
The Digital Resiliency Investment Index
The Digital Resiliency Investment Index is comprised of two factors – digital core investments and digital innovation investments.
Digital core investments are comprised of spending on the core components of digital resiliency: cloud, security, collaborative support for remote workers, and digital transformation projects. This score should increase over time as organizations shift budget away from traditional and legacy IT spending and toward these core components of digital resiliency.
Digital innovation investments are measured using a monthly survey of enterprises on their current and anticipated IT investment focus, including how much new or reallocated spending is targeted at digital resiliency and business acceleration versus crisis response measures. This score should also increase over time as organizations shift their spending focus back to building a digital enterprise.
Overall, investments in cloud, collaboration, and security have managed to grow throughout 2020, despite a decline in overall IT spending.
In recent, months, the focus on resiliency has increased as organizations realize the importance of being prepared for future business disruptions. As a result, digital resiliency spending is expected to accelerate in 2021 as the global economy improves.
Resiliency investments by location
On a geographic basis, resiliency investments grew fastest in Asia/Pacific, in line with the region’s overall response to the pandemic. Investments in the United States improved noticeably in October, which may reflect a combination of short-term and long-term factors.
Meanwhile, Europe’s results declined slightly in October as the region returned to crisis response mode with a surge in coronavirus cases and new socio-economic restrictions.
“The next several months may put increased pressure on some organizations to respond to second waves of COVID infections and economic lockdowns, which will be reflected in our monthly surveys throughout the winter,” said Minton.
“What we have learned already this year is that the organizations which were among the early adopters of cloud, digital, and collaborative technologies were best-positioned for a crisis no one could have predicted.
“Digital resiliency in the coming 6-12 months will to some extent reflect the speed at which others were able to pivot their tech investments in 2020, even as overall budgets were constrained by economic uncertainty.”
The race is on to build the world’s first reliable and truly useful quantum computer, and the finish line is closer than you might think – we might even reach it this decade. It’s an exciting prospect, particularly as these super-powerful machines offer huge potential to almost every industry, from drug development to electric-vehicle battery design.
But quantum computers also pose a big security problem. With exponentially higher processing power, they will be able to smash through the public-key encryption standards widely relied on today, threatening the security of all digital information and communication.
While it’s tempting to brush it under the carpet as “tomorrow’s problem”, the reality of the situation is much more urgent. That’s because quantum computers don’t just pose a threat to tomorrow’s sensitive information: they’ll be able to decrypt data that has been encrypted in the past, that’s being encrypted in the present, and that will be encrypted in the future (if quantum-resistant algorithms are not used).
It’s why the NSA warned, as early as 2015, that we “must act now” to defuse the threat, and why the US National Institute of Standards and Technology (NIST) is racing to standardize new post-quantum cryptographic solutions, so businesses can get a trusted safety net in place before the threat materializes.
From aviation to pharma: The industries at risk
The harsh reality is that no one is immune to the quantum threat. Whether it’s a security service, pharmaceutical company or nuclear power station, any organization holding sensitive information or intellectual property that needs to be protected in the long term has to take the issue seriously.
The stakes are high. For governments, a quantum attack could mean a hostile state gains access to sensitive information, compromising state security or revealing secrets that undermine political stability. For pharmaceuticals, on the other hand, a quantum computer could allow competitors to gain access to valuable intellectual property, hijacking a drug that has been in costly development for years. (As we’re seeing in the race for a COVID-19 vaccine, this IP can sometimes have significant geopolitical importance.)
Hardware and software are also vulnerable to attack. Within an industry like aviation, a quantum-empowered hacker would have the ability to forge the signature of a software update, push that update to a specific engine part, and then use that to alter the operations of the aircraft. Medical devices like pacemakers would be vulnerable to the same kind of attack, as would connected cars whose software is regularly updated from the cloud.
Though the list of scenarios goes on, the good news is that companies can ready themselves for the quantum threat using technologies available today. Here’s how:
1. Start the conversation early
Begin by promoting quantum literacy within your business to ensure that executive teams understand the severity and immediacy of the security threat. Faced with competing priorities, they may otherwise struggle to understand why this issue deserves immediate attention and investment.
It’s your job to make sure they understand what they’re up against. Identify specific risks that could materialize for your business and industry – what would a quantum attack look like, and what consequences would you be facing if sensitive information were to be decrypted?
Paint a vivid picture of the possible scenarios and calculate the cost that each one would have for your business, so everyone knows what’s at stake. By doing so, you’ll start to build a compelling business case for upgrading your organization’s information security, rather than assuming that this will be immediately obvious.
2. Work out what you’ve got and what you still need
Do a full audit of every place within your business where you are using cryptography, and make sure you understand why that is. Surprisingly, many companies have no idea of all the encryption they currently have in place or why, because the layers of protection have been built up in a siloed fashion over many years.
What cryptographic standards are you relying on today? What data are you protecting, and where? Try to pinpoint where you might be vulnerable. If you’re storing sensitive information in cloud-based collaboration software, for example, that may rely on public key cryptography, so won’t be quantum-secure.
As part of this audit, don’t forget to identify the places where data is in transit. However well your data is protected, it’s vulnerable when moving from one place to another. Make sure you understand how data is moving within your business – where from and to – so you can create a plan that addresses these weak points.
It’s also vital that you think about what industry regulations or standards you need to comply with, and where these come into play across the areas of your business. For industries like healthcare or finance, for example, there’s an added layer of regulation when it comes to information security, while privacy laws like the GDPR and CCPA will apply if you hold personal information relating to European or Californian citizens.
3. Build a long-term strategy for enhanced security
Once you’ve got a full view of what sensitive data you hold, you can start planning your migration to a quantum-ready architecture. How flexible is your current security infrastructure? How crypto-agile are your cryptography solutions? In order to migrate to new technology, do you need to rewrite everything, or could you make some straightforward switches?
Post-quantum encryption standards will be finalized by NIST in the next year and a half, but the process is already underway, and the direction of travel is becoming clearer. Now that finalist algorithms have been announced, businesses don’t need to wait to get quantum-secure – they must simply ensure that they design their security infrastructure to work with any of the shortlisted approaches that NIST is currently considering for standardization.
Deploying a hybrid solution – pairing existing solutions with one of the post-quantum schemes named as a NIST finalist – can be a good way to build resilience and flexibility into your security architecture. By doing this, you’ll be able to comply with whichever new industry standards are announced and remain fully protected against present and future threats in the meantime.
Whatever you decide, remember that migration can take time – especially if your business is already built on a complex infrastructure that will be hard to unpick and rebuild. Put a solid plan in place before you begin and consider partnering with an expert in the field to speed up the process.
A risk we can’t see
Just because a risk hasn’t yet materialized, doesn’t mean it isn’t worth preparing for (a mindset that could have come in handy for the coronavirus pandemic, all things considered…).
The quantum threat is serious, and it’s urgent. The good thing is that we already have all the ingredients to get a safety net in place, and thanks to strong mathematical foundations, we can be confident in the knowledge that the algorithms being standardized by NIST will protect businesses from even the most powerful computers.
The next step? Making sure this cutting-edge technology gets out of the lab and into the hands of the organizations who need it most.
CyberEdge conducted a web-based survey of 600 enterprise IT security professionals from seven countries and 19 industries in August 2020 in an effort to understand how the pandemic has affected IT security budgets, personnel, cyber risks, and priorities for acquiring new security technologies.
Impacts from the work-from-home movement
Prior to the pandemic, an average of 24% of enterprise workers had the ability to work from home on a full-time, part-time, or ad hoc basis. As of August 2020, that number more than doubled to 50%.
Many enterprises without existing BYOD policies were instantly compelled to permit employee-owned laptops, tablets, and smartphones to access company applications and data – in some instances without proper endpoint security protections.
Resulting IT security challenges
A 114% increase in remote workers coupled with a 59% increase in BYOD policy adoption has wreaked havoc among enterprise IT security teams.
The top-three challenges experienced by enterprise IT security teams have been an increased volume of threats and security incidents, insufficient remote access / VPN capacity, and increased risks due to unmanaged devices.
Furthermore, an astounding 73% of enterprises have experienced elevated third-party risks amongst their partners and suppliers. Adding fuel to the fire, 53% of these teams were already understaffed before the pandemic began.
Healthy 2020 and 2021 IT security budgets
While most enterprises searched for ways to reduce overall operating expenses in 2020, 54% of those surveyed increased their IT security operating budgets mid-year by an average of 5%.
Only 20% of enterprises reduced their overall IT security spending after the start of the pandemic. With regard to the impact of the pandemic on next year’s security budgets, 64% of organizations plan to increase their security operating budgets by an average of 7%.
Increased demand for cloud-based IT security investments
Arguably the biggest impact that the COVID-19 pandemic has had on the IT security industry is an increased appetite for cloud-based IT security solutions. This is primarily driven by the massive increase in remote workers but may also be influenced by having fewer IT security personnel available on site to install and maintain traditional on-premises security appliances.
Exactly 75% of respondents have indicated an increased preference for cloud-based security solutions. The top-three technology investments to address pandemic-fueled challenges are cloud-based secure web gateway (SWG), cloud-based next-generation firewall (NGFW), and cloud-based secure email gateway (SEG).
Reducing IT security personnel costs
Despite increased funding for cloud-based security technology investments, 67% of enterprise security teams were forced to temporarily reduce personnel expenses through hiring freezes (36%), temporary reductions in hours worked (32%), and temporary furloughs (25%). Fortunately, only 17% were forced to lay off personnel.
Training and certification make a huge difference
78% of those with IT security professional certifications feel their certification has made them better equipped to address pandemic-fueled challenges.
Next year, enterprises anticipate increasing their security training and certification budgets by an average of 6%.
Taking third-party risks seriously
The doubling of remote workforces has significantly increased third-party risks. As a result, 43% of enterprises have increased their third-party risk management (TPRM) technology investments. 77% are seeking technologies to help automate key TPRM tasks.
Securing employee-owned devices
In an effort to secure employee-owned devices connecting to company applications and data, 59% of enterprises are providing antivirus (AV) software, 52% are investing in mobile device management (MDM) products, and 48% are acquiring network access control (NAC) solutions.
Security professionals enjoy working from home
Not surprising, 81% of IT security professionals enjoy working from home. Once a COVID-19 vaccine is developed and the pandemic is over, 48% would like to continue working from home part-time while 33% would like to work from home full-time.
Cloud adoption was already strong heading into 2020. According to a study by O’Reilly, 88% of businesses were using the cloud in some form in January 2020. The global pandemic just accelerated the move to SaaS tools. This seismic shift where businesses live day-to-day means a massive amount of business data is making its way into the cloud.
All this data is absolutely critical for core business functions. However, it is all too often mistakenly considered “safe” thanks to blind trust in the SaaS platform. But human error, cyberattacks, platform updates and software integrations can all easily compromise or erase that data … and totally destroy a business.
According to Microsoft, 94% of businesses report security benefits since moving to the cloud. Although there are definitely benefits, data is by no means fully protected – and the threat to cloud data continues to rise, especially as it ends up spread across multiple applications.
Organizations continue to overlook the simple steps they can take to better protect cloud data and their business. In fact, our 2020 Ecommerce Data Protection Survey found that one in four businesses has already experienced data loss that immediately impacted sales and operations.
Cloud data security illusions
Many companies confuse cloud storage with cloud backup. Cloud storage is just that – you’ve stored your data in the cloud. But what if, three years later, you need a record of that data and how it was moved or changed for an audit? What if you are the target of a cyberattack and suddenly your most important data is no longer accessible? What if you or an employee accidentally delete all the files tied to your new product line?
Simply storing data in the cloud does not mean it is fully protected. The ubiquity of cloud services like Box, Dropbox, Microsoft 365, Google G Suite/Drive, etc., has created the illusion that cloud data is protected and easily accessible in the event of a data loss event. Yet even the most trusted providers manage data by following the Shared Responsibility Model.
The same goes for increasingly popular business apps like BigCommerce, GitHub, Shopify, Slack, Trello, QuickBooks Online, Xero, Zendesk and thousands of other SaaS applications. Cloud service providers only fully protect system-level infrastructure and data. So while they ensure reliability and recovery for system-wide failures, the cloud app data of individual businesses is still at risk.
In the current business climate, human errors are even more likely. With the pandemic increasing the amount of remote work, employees are navigating constant distractions tied to health concerns, increasing family needs and an inordinate amount of stress.
Complicating things further, many online tools do not play nicely with each other. APIs and integrations can be a challenge when trying to move or share data between apps. Without a secure backup, one cyberattack, failed integration, faulty update or click of the mouse could wipe out the data a business needs to survive.
While top SaaS platforms continue to expand their security measures, data backup and recovery is missing from the roadmap. Businesses need to take matters into their own hands.
Current cloud backup best practices
In its most rudimentary form, a traditional cloud backup essentially makes a copy of cloud data to support business continuity and disaster recovery initiatives. Proactively protecting cloud data ensures that if that business-critical data is compromised, corrupted, deleted or inaccessible, they still have immediate access to a comprehensive, usable copy of the data needed to avoid business disruption.
From multi-level user access restrictions, password managers and regularly timed manual downloads, there are many basic (even if tedious) ways for businesses to better protect their cloud data. Some companies have invested in building more robust backup solutions to keep their cloud business data safe. However, homegrown backup solutions are costly and time intensive as they require constant updates to keep pace with ever-changing APIs.
In contrast, third-party backup solutions can provide an easier to manage, cost/time-efficient way to protect cloud data. There is a wide range of offerings though – some more reputable and secure than others. Any time business data is entrusted to a third party, reputability and security of that vendor must take center stage. If they have your data, they need to protect it.
Cloud backup providers need to meet stringent security and regulatory requirements so look for explicit details about how they secure your data. As business data continues to move to the cloud, storage limits, increasingly complex integrations and new security concerns will heighten the need for comprehensive cloud data protection.
The trend of business operations moving to the cloud started long before the quarantine. Nevertheless, the cloud storage and security protocols most businesses currently rely on to protect cloud data are woefully insufficient.
Critical business data used to be stored (and secured) in a central location. Companies invested significant resources to manage walls of servers. With SaaS, everything is in the cloud and distributed – apps running your store, your account team, your mailing list, your website, etc. Business data in the backend of each SaaS tool looks very different and isn’t easily transferable.
All the data has become decentralized, and most backups can’t keep pace. It isn’t a matter of “if” a business will one day have a data loss event, it’s “when”. We need to evolve cloud backups into a comprehensive, distributed cloud data protection platform that secures as much business-critical data as possible across various SaaS platforms.
As businesses begin to rethink their approach to data protection in the cloud era, business backups will need to alleviate the worry tied to losing data – even in the cloud. True business data protection means not worrying about whether an online store will be taken out, a third-party app will cause problems, an export is fully up to date, where your data is stored, if it is compliant or if you have all of the information needed to fully (and easily) get apps back up and running in case of an issue.
Delivering cohesive cloud data protection, regardless of which application it lives in, will help businesses break free from backup worry. The next era of cloud data protection needs to let business owners and data security teams sleep easier.
Federal IT leaders across the country voiced the importance of network visibility in managing and securing their agencies’ increasingly complex and hybrid networks, according to Riverbed.
Of 200 participating federal government IT decision makers and influencers, 90 percent consider their networks to be moderately-to-highly complex, and 32 percent say that increasing network complexity is the greatest challenge an IT professional without visibility faces in their agency when managing the network.
Driving this network complexity are Cloud First and Cloud Smart initiatives that make it an imperative for federal IT to modernize its infrastructure with cloud transformation and “as-a-service” adoption.
More than 25 percent of respondents are still in the planning stages of their priority modernization projects, though 87 percent of survey respondents recognize that network visibility is a strong or moderate enabler of cloud infrastructure.
Network visibility can help expedite the evaluation process to determine what goes onto an agency’s cloud and what data and apps stay on-prem; it also allows clearer, ongoing management across the networks to enable smooth transitions to cloud, multi-cloud and hybrid infrastructures.
Accelerated move to cloud
The COVID-19 has further accelerated modernization and cloud adoption to support the massive shift of the federal workforce to telework – a recent Market Connections study indicates that 90 percent of federal employees are currently teleworking and that 86 percent expect to continue to do so at least part-time after the pandemic ends.
The rapid adoption of cloud-based services and solutions and an explosion of new endpoints accessing agency networks during the pandemic generated an even greater need for visibility into the who, what, when and where of traffic. In fact, 81 percent of survey respondents noted that the increasing use of telework accelerated their agency’s use and deployment of network visibility solutions, with 25 percent responding “greatly.”
“The accelerated move to cloud was necessary because the majority of federal staff were no longer on-prem, creating significant potential for disruption to citizen services and mission delivery,” said Marlin McFate, public sector CTO at Riverbed.
“This basically took IT teams from being able to see, to being blind. All of their users were now outside of their protected environments, and they no longer had control over the internet connections, the networks employees were logging on from or who or what else had access to those networks. To be able to securely maintain networks and manage end-user experience, you have to have greater visibility.”
Visibility drives security
Lack of visibility into agency networks and the proliferation of apps and endpoints designed to improve productivity and collaboration expands the potential attack surface for cyberthreats.
Ninety-three percent of respondents believe that greater network visibility facilitates greater network security and 96 percent believe network visibility is moderately or highly valuable in assuring secure infrastructure.
Further, respondents ranked cybersecurity as their agency’s number one priority that can be improved through better network visibility, and automated threat detection was identified as the most important feature of a network visibility solution (24 percent), followed by advanced reporting features (14 percent), and automated alerting (13 percent).
“Network visibility is the foundation of cybersecurity and federal agencies have to know what’s on their network so they can rapidly detect and remediate malicious actors. And while automation enablement calls for an upfront time investment, it can significantly improve response time not only for cyber threat detection but also network issues that can hit employee productivity,” concluded McFate.
Corporate WANs are failing to deliver on businesses’ priorities, with 55% of respondents citing security is the biggest pain point, 43% service flexibility, 36% supplier performance, and 35% network congestion, according to a survey from Telia Carrier.
The research was conducted in four of the world’s biggest markets – the US, the UK, Germany and France – and provides insights into the evolution of the corporate WAN and cloud adoption from the top of business.
Digital technology and the cloud have transformed the way businesses are run and connect with their employees, suppliers, partners, and customers — across sites and geographies. Public internet and cloud-based services underpin the corporate WAN landscape and reliable connectivity is seen as critical to business performance.
With 90% of the survey’s respondents confirming that their enterprises rely on the public internet for some or all of their wide area network services, 48% of them say the impact of a corporate WAN outage exceeding 24 hours would be catastrophic.
Today’s enterprise: Connected but uninformed?
However, as the research findings reveal, the corporate WAN experience is not yet the best it could, and should, be. This is not just because WAN technology is still evolving and suppliers need to improve their customer experience, but also because the WAN ecosystem hasn’t been fully understood: knowledge gaps about the internet and its various tiers have made decision-making difficult.
For example, only half of survey respondents (US: 57%; FR: 56%; UK: 49%; DE: 37%) rate their understanding of how the internet backbone works as very good or excellent, but almost two-thirds think of public internet connectivity as a commodity that doesn’t vary much between suppliers. (FR: 74%; DE: 62%; US: 62%; UK: 49%).
Commenting on the findings of the research, Mattias Fridström, Chief Evangelist, Telia Carrier said: “Network-development strategies, unfortunately, appear to be missing the backbone piece of the puzzle. This means that Tier 1 suppliers, such as telcos and carriers, are often overlooked when it comes to choosing a method to build their WANs and connect to the cloud.”
Tomorrow’s supplier: Flexible, innovative and customer-focused
The research illustrates that the network providers of the future have to put the needs of the customer at the center of everything they do. Bandwidth (40%), service flexibility (36%) and customer support (29%) are enterprises’ top three priorities when deciding on a local network partner or ISP to connect to their preferred cloud-service providers.
Sustainability is also a key criterion when shortlisting suppliers or choosing between candidates, and enterprises are prepared to pay a premium for it. In fact, 38% of all respondents confirmed that they now only shortlist suppliers with a strong commitment to sustainability – in France, this number rises to 55%. Of those who don’t include sustainability in their initial selection criteria, 42% say it helps them choose between the final candidates (US: 46%; UK & DE: 45%; FR: 28%).
Only a fifth say they choose suppliers solely on the basis of price and performance. Importantly, 95% are willing to pay a premium for a sustainable supplier of 5% or more. 49% of respondents in Germany, 48% in the UK, 42% in the US and 37% in France confirmed their commitment to paying between 10% and 15% more.
The survey also found that demand for new tools and technologies to improve workflows and increase transparency is strong. For example, 90% would like their network partners to adopt more machine-to-machine workflows and automation to enhance their services, and 68% say they already use APIs to achieve real-time visibility of their network performance or control of their network infrastructure.
“If organizations really want to create the networks that transform their businesses, whilst controlling costs and reducing their carbon footprint,” Fridström concluded, “their leaders may need to review their strategies for the next three to five years. Network providers can be strategic partners in the growth and development of enterprises—if they’re aligned with enterprises’ needs.”
Vulnerability management (VM) technology addresses the threat landscape, which is in a constant state of flux. The wider dispersal of endpoints across private and public cloud environments increases the points of vulnerabilities in an enterprise network, intensifying the demand for VM solutions that make endpoints easier to track, verify, and secure.
To prevent attacks and damage to a business, VM providers employ various means of identifying, prioritizing, communicating, and suggesting possible responses to the risks companies face in their networked business environments.
The leading VM platforms provide a complete picture of a client’s security posture, correlating the client organization’s assets, classifying their importance with the vulnerabilities identified in the scan, and offering information for remediation.
A multilayered defense
Frost & Sullivan’s latest thought leadership paper analyzes the threat landscape and the role of VM in addressing the security concerns of the entire enterprise. It analyzes end-user willingness to invest in VM platforms that help provide a holistic cybersecurity approach in various areas, including vulnerability prioritization, automated workflows, and third-party integration.
“This aids a multilayered defense, which has proven to be superior to discrete technologies working separately in network defense. VM platforms that allow IT departments to conduct continual vulnerability assessments are emerging as one of the top five solutions for organizations concerned about system vulnerabilities as part of their security maturity improvement initiatives.”
According to the research, two out of every three cyberattacks in the United States and three out of every four in Europe are categorized as severe by the organizations affected by them.
One Identity released a global survey that reveals attitudes of IT and security teams regarding their responses to COVID-19-driven work environment changes. The results shed insight into IT best practices that have emerged in recent months, and how organizations rushed to adopt them to maintain a secure and efficient virtual workplace.
Cloud computing has been a lifesaver
99% of IT security professionals said their organizations transitioned to remote work because of COVID-19, and only a third described that transition as “smooth.” 62% of respondents indicated that cloud infrastructure is more important now than 12 months ago.
Thirty-one percent attributed this shift directly to COVID-19. The cloud has become front and center to the new working reality, creating flexibility for employees.
These results demonstrate that the previous level of attention to cloud deployments, while notable, does not appear to have been nearly enough to accommodate the dramatic computing shift across organizations.
“This research makes it clearly evident that cloud computing has been a lifesaver for many enterprises as IT teams pivoted and supported the massive shift to working away from offices,” said Darrell Long, president and general manager at One Identity.
“While we knew the pandemic-driven changes were sudden, what was particularly notable was how strongly the results proved that organizations had to turn their focus on the immediate challenges presented by the aggressive move to cloud computing, chiefly finding solutions that streamlined administering and securing who has access to what and how.”
Higher priority on access request technologies
Shifts in priorities indicate organizations are turning their focus on tackling the security basics. When compared to 12 months ago, 50% of respondents are placing a higher priority on access request technologies, and 31% said this change in prioritization is because of COVID.
Identity/access lifecycle management, identity process and workflow, and role management all saw increased priority among at least half of those surveyed.
Perhaps shell shocked, only 45% of IT security professionals indicated they are prepared for the IT changes necessary when their employees move back to organizations’ offices, according to survey results. Yet, 66% expressed increased confidence in the effectiveness of their identity management programs post COVID-based changes.
“We now know the truth: the COVID pandemic did not change the need to be productive, nor did it change the regulatory compliance requirements companies face, but clearly IT and security teams scrambled to shift their systems to accommodate work from home in a secure and controlled way,” said Long.
“Companies and organizations were helped to an extent by cloud investments that prepared them pre-COVID. However, most of them are still dealing with new challenges as employees adapt, IT and security teams effectively respond to the challenge of providing effective processes for gaining access to the resources needed for the workforce to do their jobs and security challenges associated with this new working environment.”
The machine identity attack surface is exploding, with a rapid increase in all types of machine identity-related security events in 2018 and 2019, according to Venafi. For example, the number of reported machine identity-related cyberattacks grew by over 400% during this two-year period.
“We have seen machine use skyrocket in organizations over the last five years, but many businesses still focus their security controls primarily on human identity management,” said Kevin Bocek, VP of security strategy and threat intelligence at Venafi.
“Digital transformation initiatives are in jeopardy because attackers are able to exploit wide gaps in machine identity management strategies. The COVID-19 pandemic is driving faster adoption of cloud, hybrid and microservices architectures, but protecting machine identities for these projects are often an afterthought.
“The only way to mitigate these risks is to build comprehensive machine identity management programs that are as comprehensive as customer, partner and employee identity and access management strategies.”
- Between 2015 and 2019, the number of reported cyberattacks that used machine identities grew by more than 700%, with this amount increasing by 433% between the years 2018 and 2019 alone.
- From 2015 to 2019, the number of vulnerabilities involving machine identities grew by 260%, increasing by 125% between 2018 and 2019.
- The use of commodity malware that abuses machine identities doubled between the years 2018 and 2019 and grew 300% over the five years leading up to 2019.
- Between 2015 and 2019, the number of reported advanced persistent threats (APTs) that used machine identities grew by 400%. Reports of these attacks increased by 150% between 2018 and 2019.
“As our use of cloud, hybrid, open source and microservices use increases, there are many more machine identities on enterprise networks—and this rising number correlates with the accelerated number of threats,” said Yana Blachman, threat intelligence researcher at Venafi.
“As a result, every organization’s machine identity attack surface is getting much bigger. Although many threats or security incidents frequently involve a machine identity component, too often these details do not receive enough attention and aren’t highlighted in public reports.
“This lack of focus on machine identities in cyber security reporting has led to a lack of data and focus on this crucial area of security. As a result, the trends we are seeing in this report are likely just the tip of the iceberg.”
Trustwave released a report which depicts how technology trends, compromise risks and regulations are shaping how organizations’ data is stored and protected.
Data protection strategy
The report is based on a recent survey of 966 full-time IT professionals who are cybersecurity decision makers or security influencers within their organizations.
Over 75% of respondents work in organizations with over 500 employees in key geographic regions including the U.S., U.K., Australia and Singapore.
“Our findings illustrate organizations are under enormous pressure to secure data as workloads migrate off-premises, attacks on cloud services increases and ransomware evolves. Gaining complete visibility of data either at rest or in motion and eliminating threats as they occur are top cybersecurity challenges all industries are facing.”
More sensitive data moving to the cloud
Types of data organizations are moving into the cloud have become increasingly sensitive, therefore a solid data protection strategy is crucial. Ninety-six percent of total respondents stated they plan to move sensitive data to the cloud over the next two years with 52% planning to include highly sensitive data with Australia at 57% leading the regions surveyed.
Not surprisingly, when asked to rate the importance of securing data regarding digital transformation initiatives, an average score of 4.6 out of a possible high of five was tallied.
Hybrid cloud model driving digital transformation and data storage
Of those surveyed, most at 55% use both on-premises and public cloud to store data with 17% using public cloud only. Singapore organizations use the hybrid cloud model most frequently at 73% or 18% higher than the average and U.S. organizations employ it the least at 45%.
Government respondents store data on-premises only the most at 39% or 11% higher than average. Additionally, 48% of respondents stored data using the hybrid cloud model during a recent digital transformation project with only 29% relying solely on their own databases.
Most organizations use multiple cloud services
Seventy percent of organizations surveyed were found to use between two and four public cloud services and 12% use five or more. At 14%, the U.S. had the most instances of using five or more public cloud services followed by the U.K. at 13%, Australia at 9% and Singapore at 9%. Only 18% of organizations queried use zero or just one public cloud service.
Perceived threats do not match actual incidents
Thirty-eight percent of organizations are most concerned with malware and ransomware followed by phishing and social engineering at 18%, application threats 14%, insider threats at 9%, privilege escalation at 7% and misconfiguration attack at 6%.
Interestingly, when asked about actual threats experienced, phishing and social engineering came in first at 27% followed by malware and ransomware at 25%. The U.K. and Singapore experienced the most phishing and social engineering incidents at 32% and 31% and the U.S. and Australia experienced the most malware and ransomware attacks at 30% and 25%.
Respondents in the government sector had the highest incidents of insider threats at 13% or 5% above the average.
Patching practices show room for improvement
A resounding 96% of respondents have patching policies in place, however, of those, 71% rely on automated patching and 29% employ manual patching. Overall, 61% of organizations patched within 24 hours and 28% patched between 24 and 48 hours.
The highest percentage patching within a 24-hour window came from Australia at 66% and the U.K. at 61%. Unfortunately, 4% of organizations took a week to over a month to patch.
Reliance on automation driving key security processes
In addition to a high percentage of organizations using automated patching processes, findings show 89% of respondents employ automation to check for overprivileged users or lock down access credentials once an individual has left their job or changed roles.
This finding correlates to low concern for insider threats and data compromise due to privilege escalation according to the survey. Organizations must exercise caution when assuming removal of user access to applications to also include databases, which is often not the case.
Data regulations having minor impact on database security strategies
These findings may suggest a lack of alignment between information technology and other departments, such as legal, responsible for helping ensure stipulations like ‘the right to be forgotten’ are properly enforced to avoid severe penalties.
Small teams with big responsibilities
Of those surveyed, 47% had a security team size of only six to 15 members. Respondents from Singapore had the smallest teams with 47% reporting between one and ten members and the U.S. had the largest teams with 22% reporting team size of 21 or more, 2% higher than the average.
Thirty-two percent of government respondents surprisingly run security operations with teams between just six and ten members.