Tag: cybersecurity

• Noise reduction. AIOps ingests systems data, surfaces priority anomalies and correlates them together. This brings the number of incidents to investigate back down to a human level. Rackspace recently announced that AIOps helped it reduce alert noise by 99% during the initial stage of its rollout. Successful vendor references typically cite similar figures between 95-99%.
• Root cause analysis. Once priority events have been correlated, AIOps identifies a root cause to enable the operations team to focus its efforts on a resolution. This is a task that proves challenging to perform at speed for a human operator considering the complexity of today’s systems.
• Proactive response. A range of responses is available with AIOps, from directing issues to the appropriate people, to recommending actions that can be taken by operators directly in a collaboration tool, to rules-based workflows performed automatically, such as spinning up additional AWS EC2 instances.
• Learning. By evaluating past failures and successes, AIOps can learn over time which events are likely to become critical and how to respond to them. This brings us closer to the dream of NoOps, where operations are completely automated.

The Impact of COVID-19 on IT Operations

The Ecosystm Digital Priorities in the New Normal study launched this month, asks technology users about how their digital priorities have shifted during the pandemic. Despite pressure to shift to digital delivery, almost 40% of participants reported that their organisations cut headcount in the IT department (Figure 1). Furthermore, over one third had been forced to cut their employees’ salaries. As we have seen in previous crises, IT operations teams are being asked to do more with less and will need automation to bridge the gaps.

As we begin to move into the next phase of the COVID-19 reality and businesses continue to open, we will see many launch digital services that were conceived of during the crisis. One of the greatest challenges that IT departments face will be scalability as digital businesses grow. AIOps will be a go-to tool for IT operations to ensure uptime and improve user experience. It is likely that the next 12-18 months will be a watershed moment for AIOps.

NLP and the Democratisation of Data

Natural Language Processing (NLP) will be the next string in the bow of AIOps. While the ultimate goal of IT operations is to identify and remediate situations before they have an impact on the user, oftentimes it is the service desk that generates the initial barrage of alerts. AIOps equipped with NLP can extract relevant data from user tickets, correlate them with other system events and potentially even suggest a resolution to the user. Here, ChatOps can help to reduce the workload on the service desk and bring relevant events to the attention of the operations team faster. NLP will also help democratise IT operations data within the organisation. As they digitalise, lines of business (LoBs) besides IT will need access to system health and user experience data but business managers may not have the necessary technical skills to extract them. Chatbots that can return these metrics to non-technical users will begin to proliferate.

AIOps Recommendations

Most IT departments would have discovered the limitations of their current systems during the upheaval caused by recent lockdowns. Only about 7% of organisations in our study reported that they were well-prepared across all areas of IT, to handle the COVID-19 crisis. For those organisations that have yet to invest in AIOps, we recommend starting now but starting small. Develop a topology map to understand where you have reliable data sources that could be analysed by AIOps. Then select a domain by assessing the present level of observability and automation, IT skills gap, frequency of outages, and business criticality. As you add additional domains and the system learns, the value you realise from AIOps will grow.

The power of collaborative AIOps tools would have been undeniable as the COVID-19 crisis began and IT departments were forced to work in a distributed manner. When evaluating a system, carefully consider how it will integrate into your organisation’s preferred collaboration suite, whether it be the AIOps vendor’s proprietary situation tool or a third-party provider like Slack or Microsoft Teams. The ability for operations teams to collaborate effectively reduces time to resolution.

Last week, the Australia government joined other countries in the Asia Pacific region in highlighting the growth of attack surface in the midst of the COVID-19 pandemic.

In our recently launched study Digital Priorities in the New Normal, we find that 87% of organisations in the Asia Pacific have increased investments in one or more cybersecurity solutions. However, this has to be backed by a reassessment of organisations’ risk positions and a re-evaluation of data protection and compliance policies.
 

Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.

Last week, the Australia Government announced that they have been monitoring persistent and increasing volumes of cyber-attacks by a foreign state-based actor on both government and private sector businesses. The Australian Cyber Security Centre (ACSC) reported that most of the attacks make use of existing open-source tools and packages, which ACSC has dubbed as “copy-paste compromises”. The attackers are also using other methods to exploit such as spear phishing, sending malicious files and using various websites to harvest passwords and more, to exploit systems.
Cybercrime has been escalating in other parts of the world as well. The World Health Organisation (WHO) witnessed a dramatic increase in cyber-attacks directed with scammers impersonating WHO personnel’s official emails targeting the public. The National Cyber Security Centre (NCSC) in the UK alerted the country’s educational institutions and scientific facilities on increased cyber-attacks attempting to steal research associated with the coronavirus. Earlier this month, the Singapore Computer Emergency Response Team (SingCERT) issued an advisory on potential phishing campaigns targeting six countries, including Singapore that exploit government support initiatives for businesses and individuals in the wake of the COVID-19 crisis.
Such announcements are a timely reminder to government agencies and private organisations to implement the right cybersecurity measures against the backdrop of an increased attack surface. These cyber attacks can have business impacts such as theft of business data and destruction or impairment to financial data, creating extended business interruptions. The ramifications can be far-reaching including financial and reputational loss, compliance breaches and potentially even legal action.

A Rise in Spear-Phishing

In Australia, we’re seeing attackers targeting internet-facing infrastructure relating to vulnerabilities in Citrix, Windows IIS web server, Microsoft Sharepoint, and Telerik UI.
Where these attacks fail, they are moving to spear-phishing attacks. Spear phishing is most commonly an email or SMS scam targeted towards a specific individual or organisation but can be delivered to a target via any number of electronic communication mediums. In the spear-phishing emails, the attacker attaches files or includes links to a variety of destinations that include:

• Credential harvesting sites. These genuine-looking but fake web sites prompt targets to enter username and password. Once the gullible target provides the credentials, these are then stored in the attackers’ database and are used to launch credential-based attacks against the organisation’s IT infrastructure and applications.
• Malicious files. These file attachments to emails look legitimate but once downloaded, they execute a malicious malware on the target device. Common file types are .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .gif, .mpg, .mp4, .wav
• OAuth Token Theft. OAuth is commonly used on the internet to authenticate a user to a wide variety of other platforms. This attack technique uses OAuth tokens generated by a platform and shares with other platforms. An example of this is a website that asks users to authenticate using their Facebook or Google accounts in order to use its own services. Faulty implementation of OAuth renders such integration to cyber-attacks.
• Link Shimming. The technique includes using email tracking services to launch an attack. The attackers send fake emails with valid looking links and images inside, using email tracking services. Once the user receives the email, it tracks the actions related to opening the email and clicking on the links. Such tracking services can reveal when the email was opened, location data, device used, links clicked, and IP addresses used. The links once clicked-on, can in- turn, lead to malicious software being stealthily downloaded on the target system and/or luring the user for credential harvesting.

How do you safeguard against Cyber-Attacks?

The most common vectors for such cyber-attacks are lack of user awareness AND/OR exploitable internet-facing systems and applications. Unpatched or out-of-support internet-facing systems, application or system misconfiguration, inadequate or poorly maintained device security controls and weak threat detection and response programs, compound the threat to your organisation.
Governments across the world are coming up with advisories and guidelines to spread cybersecurity awareness and prevent threats and attacks. ACSC’s Australian Signals Directorates ‘Essential 8’ are effective mitigations for a large majority of present-day attacks. There were also guidelines published earlier this year, specifically with the COVID-19 crisis in mind. The Cyber Security Agency in Singapore (CSA) promotes the ‘Go Safe Online’ campaign that provides regular guidance and best practices on cybersecurity measures.
Ecosystm’s ongoing “Digital Priorities in the New Normal” study evaluates the impact of the COVID-19 pandemic on organisations, and how digital priorities are being initiated or aligned to adapt to the New Normal that has emerged. 41% of organisations in Asia Pacific re-evaluated cybersecurity risks and measures, in the wake of the pandemic. Identity & Access Management (IDAM), Data Security and Threat Analytics & Intelligence saw increased investments in many organisations in the region (Figure 1).
However, technology implementation has to be backed by a rigorous process that constantly evaluates the organisation’s risk positions. The following preventive measures will help you address the risks to your organisation:

• Conduct regular user awareness training on common cyber threats
• Conduct regular phishing tests to check user awareness level
• Patch the internet-facing products as recommended by their vendors
• Establish baseline security standards for applications and systems
• Apply multi-factor authentication to access critical applications and systems – especially internet-facing and SaaS products widely used in the organisation like O365
• Follow regular vulnerability scanning and remediation regimes
• Conduct regular penetration testing on internet-facing applications and systems
• Apply security settings on endpoints and internet gateways that disallow download and execution of files from unfamiliar sources
• Maintain an active threat detection and response program that provides for intrusion detection, integrity checks, user and system behaviour monitoring and tools to maintain visibility of potential attacks and incidents – e.g Security Information & Event Monitoring (SIEM) tools
• Consider managed services such as Managed Threat Detection and Response delivered via security operations (SOC)
• Maintain a robust incident management program that is reviewed and tested at least annually
• Maintain a comprehensive backup regime – especially for critical data – including offsite/offline backups, and regular testing of backups for data integrity
• Restrict and monitor the usage of administrative credentials

Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.

“However, there are challenges to leveraging digitalisation effectively, including a lack of awareness, knowledge and skills, and funding to support innovation and scale, in aligning with the growing pressure within sectors to meet increasing productivity and compliance requirements,” says Ecosystm Principal Advisor, Jannat Maqbool. “Adoption of IoT specifically is resulting in new data supply chains, that those operating in many industries cannot cater for with respect to infrastructure and also the skills necessary to process and extract valuable insights from the data.”

Ecosystm research shows that only 37% of organisations looking to adopt IoT in Australia have a strategic internal team to create the roadmap and manage the deployment. This indicates a lack of skills that organisations can utilise, depending on external resources such as consulting firms and ISVs instead. To cater to the expected growth in Australia’s IoT market, IoT Alliance Australia (IoTAA) – that represents more than 500 participating organisations and 1,000 individual participants – has come forward with the IoT Australia Skills Barometer survey.

The survey created in association with La Trobe University aims to gauge the IoT skills gap, to inform educators and adopters on the potential areas of focus for future skills development. It covers questions on IoT adoption, challenges expected, solutions being evaluated, and courses needed.

Addressing the Skills Gap

As the adoption of IoT increases, there will be added requirement for skills in data storage, infrastructure management and creating frameworks. The survey is expected to help the industry determine the skills gap, isolate training and re-skilling requirements and develop courses and hands-on sessions to address the end-to-end services requirements and better utilisation of data gathered from the devices.

There are some courses that are already available – mostly run in collaboration with industry. Last year, Rio Tinto, the Western Australia Government and South Metropolitan TAFE developed Australia’s first nationally-recognised remote operations course. Earlier this year, RMIT partnered with IBM to deliver the IoT and 5G business opportunity courses to equip business professionals with the right technology and business skills for IoT projects.

“Awareness of the potential of emerging technologies needs to target both non-technical and technical members of the organisation. This wider buy-in is needed to drive thinking around the ‘why’ from stakeholders across the business, enabling a more informed decision around the potential impact on existing resources, infrastructure, processes, products, required investment and business outcomes,” says Maqbool. “Any education and training program needs to allow for this focus on awareness, then provide opportunities to build on this for those that then want to gain the deeper knowledge and technical skills required to effectively leverage the IoT.”

“Education and training programs to support the uptake of digital technologies across the wider population and traditionally non-digital industries require a contextual learning and a flexible delivery approach.”

Government and Industry working together

“A digital divide exists in many countries – especially for those in rural communities. They are often not in a position to access the infrastructure necessary to support a real-world connection in a contextual learning environment, let alone having the digital literacy and scaffolding to get to a point where they can effectively consider leveraging emerging technologies,” says Maqbool.

This is where governments play a larger role. To accelerate innovation and make better use of technology the Australian Government is supporting clear communication and a better understanding of IoT, implementing standards and regulations, upgrading digital infrastructure, creating opportunities for economic and social benefits and collaborating with research and education institutes to deliver skills, innovation and growth in the IoT sector.

One of the key areas of focus will have to be cybersecurity. Regulatory compliance and security & privacy issues are the key barriers of IoT adoption in Australia (Figure 1).

Last year, the Australian government released a draft code of practice to enable businesses implementing IoT solutions to follow certain principles as a voluntary measure to defend against threats.

The Government is also seeing a larger potential for IoT in some industries. To support the Agriculture industry, the Australia Government has allocated USD 90 million to the Smart Farms program to support the development and uptake of best practices and technologies in farms, fisheries and forestry, with a special focus on regional communities. In its FY2019-20 federal budget, the Government announced plans to invest USD 1.4 million for a feasibility study and assess ways on improving digital on-farm connectivity. Similarly, Australia’s National Landcare Program (NLP) delivered by the Department of Agriculture, Water and the Environment (DAWE) is receiving financial support until June 2023.

5/5 (2) The Wireless Broadband Alliance (WBA) was formed in 2003 to enable a seamless and interoperable Wi-Fi experience across the global wireless ecosystem. The key objective of the alliance was to bring together multiple stakeholders – such as telecom providers, technology vendors and enterprises – to work on areas such as industry guidelines, pilot projects, standards to promote end-to-end services and drive adoption in Wi-Fi, 5G, IoT and others.

WBA OpenRoaming™

Ecosystm Principal Advisor, Ashok Kumar says, “Wi-Fi has gained increasing popularity worldwide over the last two decades and has now become an essential network technology with ubiquitous service that it is utilitarian. However, it has been viewed as a collection of islands of heterogenous networks, requiring re-authentication each time a mobile user transits from one network and re-connects with another Wi-Fi network, with the associated hurdles of logging back in, making it cumbersome.”

“The lack of interoperability between Wi-Fi networks has been a drawback for service providers, compared to the ease of use associated with global mobile networks, such as 4G, LTE, 5G, and so on, which offer seamless roaming connectivity.”

The WBA OpenRoaming™ initiative was announced last month, to create a globally available Wi-Fi ecosystem that offers a federation of automatic and secure connections for billions of devices to millions of Wi-Fi networks. It provides a new global standards-led approach, removing public-guest Wi-Fi connectivity barriers and brings greater convenience and security to the wireless ecosystem. WBA OpenRoaming™ removes the need to search for Wi-Fi networks, to repeatedly enter or create login credentials, or to constantly reconnect or re-register to public Wi-Fi networks.

Several leading technology companies and telecom service providers have extended support to WBA OpenRoaming™ standards – Samsung, Google, Cisco, Intel, Aptilo, AT&T, Boingo Wireless, Broadcom, Comcast, Deutsche Telekom and Orange to name a few.

“Wi-Fi is arguably the most ground-breaking wireless technology of our time. From the first public Wi-Fi hotspots in the early 2000s which enabled radically increased productivity on the move, through to the role Wi-Fi has in today’s pandemic environment. With WBA OpenRoaming™ we want to revolutionise how individual users as well as businesses engage with Wi-Fi, removing the need to repeatedly log in, re-connect, share passwords or re-register for Wi-Fi networks as we travel locally, nationally or internationally”, said Tiago Rodrigues, CEO of the WBA, “Instead, no matter where we are, the new framework automates how users connect to Wi-Fi while seamlessly aligning to cellular network connectivity. It does so by bringing together a federation of trusted identity providers so that individual users are allowed to automatically join any network managed by a federation member.”

WBA OpenRoaming™ can simplify Wi-Fi, much like the cellular roaming experience. Kumar says, “ The WBA OpenRoaming™, with support from major global service providers, network solution vendors, and authentication & security firms, has the potential to address the issue of seamless interoperability in the Wi-Fi networks ecosystem with ease-of-use and security.”

WBA OpenRoaming™ Framework

The framework and standards are based on cloud federation, consisting of a global database of networks and identities, dynamic discovery and the Wireless Roaming Intermediary Exchange (WRIX); cybersecurity consisting of Public Key Infrastructure a RadSec providing the certificate policy, management and brokerage services; and network automation facilitated by an automated roaming consortium framework and policy and Wi-Fi CERTIFIED Passpoint®*.

The Impact of WBA OpenRoaming™

“Enterprises are expected to benefit enormously from the opportunity to create new commercial business models and innovative services with speed and simplicity,” says Kumar.

Maturing mobile technologies such as 5G and Wi-Fi 6 along with next generation wireless devices, could make OpenRoaming™ more seamless and extend its applications further.

Cisco in particular has been leading the charge with several pilots that showcase the benefits of OpenRoaming™. Earlier this year, it partnered with Oxbotica, an autonomous vehicle software provider, to demonstrate how OpenRoaming™ can unlock the potential of autonomous vehicle fleets, allowing a seamless and secure sharing of high-volume data while on the move.

Last year, Cisco also showcased the benefits of OpenRoaming™ in a pilot at the Mobile World Congress in Barcelona with Samsung as the identity provider. Attendees were connected to the network throughout the venue, with connectivity extended to even local train stations and the airport. This unified experience was possible despite the fact that at least three network providers were involved. Pilots such as these gives the industry a glimpse of what benefits lie ahead.

Kumar sees the impact being extended across industries. “The impact of WBA OpenRoaming™ will be in the introduction of innovative services for consumers and enterprise users in public Wi-Fi networks in industries such as Hospitality, Transportation (airport and rail), Retail outlets, Smart City solutions, and local community networks.”

Learn more about WBA OpenRoaming™, visit www.openroaming.org

*Wi-Fi CERTIFIED Passpoint® is a registered trademark of the Wi-Fi Alliance  

5/5 (2) In his blog, The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.

We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.

Market Consolidation through M&As Continues

The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.

As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.

Another interesting deal was Venafi acquiring Jetstack.  Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities.   The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.

Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.

Governments actively working on their Cyber Standards

Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data.  This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.

Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.

Australia is also ramping up measures to protect the public sector and the country’s data against threats and breaches by issuing guidelines to Australia’s critical infrastructure providers from cyber-attacks. The Australian Cyber Security Centre (ACSC) especially aims key employees working in services such as power and water distribution networks, and transport and communications grids. In the US agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have issued guidelines on safeguarding the country’s critical infrastructure. Similarly, UK’s National Cyber Security Centre (NCSC) issued cybersecurity best practices for Industrial Control Systems (ICS).

Cyber Awareness emerges as the need of the hour

While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.

Comtech received a US$8.4 million in additional orders from the US Federal Government for a Joint Cyber Analysis Course. The company has been providing cyber-training to government agencies in the communications sector. Another public-private partnership to raise awareness on Cybersecurity announced in May was the MoU between Europol’s European Cybercrime Centre (EC3) and Capgemini Netherlands. With this MoU, Capgemini and Europol are collaborating on activities such as the development of cyber simulation exercises, capacity building, and prevention and awareness campaigns. They are also partnered on a No More Ransomware project by National High Tech Crime Unit of the Netherlands’ Police, Kaspersky and McAfee to help victims fight against ransomware threats.

The Industry continues to gear up for the Future

Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.

Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.

The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.

Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.

Click below for more data on organisations’ Cybersecurity priorities and investments

5/5 (1) CEOs have an active role to play in an organisation’s transformation needs and journey – including in the technology decisions. Last month we spoke about why CEOs should get involved in their organisation’s IoT investments. Now, we look at Cloud – which has been a part of the CIO’s purview so far. Under the current circumstances, most organisations are actively pushing to go digital and the internal discussions will often revolve around empowering remote employees and digital customers. All the technologies that are being evaluated by organisations today have Cloud as their pillar. Increasingly, we see organisations adopt the hybrid and the multi-cloud. And organisations may not have the capabilities – technological and skills – to support the complexity of their Cloud environment. While a CEO does not have to understand the technology fully, it is important to understand the business impact of the technology.

Why should a CEO get involved in and have visibility into an organisation’s Cloud investments? There are a few important reasons.

#1 Cloud is not a cost-saving measure – it will enable you to transform

Organisations have matured in their Cloud adoption and no longer evaluate the benefits of Cloud only in terms of shifting CapEx to OpEx. If we look at the benefits of Cloud adoption, reduction of IT costs is not even in the top 3 benefits that organisations are seeking from Cloud anymore. Operational efficiency and collaboration emerge as key benefits (Figure 1) – while some companies still move to the Cloud for the savings, they stay there for other benefits.

This requires organisations to think of Cloud as a technology empowering their infrastructure and services. Cloud acts as an enabler for ease of doing business, real-time data access for productivity increase, and process automation. This impacts the entire organisation. It also involves prioritising the needs of certain functions over others – definitely not what a CIO should have to do.

If we look at just Cloud storage as an example, organisations can no longer have individual functions and their associated shadow IT teams having their own Cloud storage (and collaboration). This often turns out to be more expensive and there is a lack of consolidated view and management. While organisations forge ahead with the dream of having real-time information sharing across functions, a CIO has to consider the entire organisation’s technological and business needs – a CEO is the best person to guide the CIO in translating the organisation’s vision into IT priorities.

 #2 In fact Cloud adoption may not cut costs at all!

Organisations are also re-evaluating the cost benefits of Cloud. Investing in a Cloud infrastructure with a short-term view on the investments involved has led to instances of Cloud solutions being brought back in-house because of rising costs. While security, data privacy and integration remain the key challenges of Cloud adoption (Figure 2), over a third of the organisations find Cloud more expensive than traditional licensing or owning the hardware.

Organisations find that the cost considerations do not stop after the adoption or migration. As businesses use Cloud to scale, there are several aspects that require constant re-evaluation and often further investments – cybersecurity measures, continuous data protection (CDP), disaster recovery management, rightsizing capacity, software and database licenses and day-to-day maintenance, to name a few. In addition to this, the cost of finding and recruiting a team of professionals to manage and maintain the Cloud environment also adds up to the OpEx.

If the CIO is talking about a Cloud migration for cost benefits only, the CEO and the CFO need to step in to evaluate that all factors have been taken into consideration. Moreover, the CIO may not have full visibility of how and where the organisation is looking to scale up or down. It is the CEO’s responsibility to share that vision with the CIO to guide Cloud investments.

#3 Cloud will increasingly be part of all tech adoption considerations

In this disruptive world, CEOs should explore possibilities and understand the technical capabilities which can give organisations an edge over their competitors. It is then up to the CIOs to implement that vision with this larger context in mind. As organisations look to leverage emerging technologies, organisations will adopt Cloud to optimise their resources and workloads.

AI is changing the way organisations need to store, process and analyse the data to derive useful insights and decision-making practices. This is pushing the adoption of Cloud, even in the most conservative organisations. Cloud is no longer only required for infrastructure and back-up – but actually improving business processes, by enabling real-time data and systems access. Similarly, IoT devices will grow exponentially. Today, data is already going into the Cloud and data centres on a real-time basis from sensors and automated devices. However, as these devices become bi-directional, decisions will need to be made in real-time as well. Edge Computing will be essential in this intelligent and automated world. Cloud platform vendors are building on their edge solutions and tech buyers are increasingly getting interested in the Edge allowing better decision-making through machine learning and AI.

In view of the recent global crisis, we will see a sharp uptake of Cloud solutions across tech areas. IaaS will remain the key area of focus in the near future, especially Desktop-as-as-Service. Organisations will also look to evaluate more SaaS solutions, in order to empower a mobile and remote workforce. This will allow the workforce of the future to stay connected, informed and make more decisions. More than ever, CEOs have to drive business growth with innovative products and services – not understanding the capabilities and challenges of Cloud adoption and the advancements in the technology can be a serious handicap for CEOs.

#4 Your IT Team may be more complacent about Cloud security than you think

Another domain that requires the CEO’s attention is cybersecurity. The Cloud is used for computing operations and to store data including, intellectual property rights, financial information, employee details and other sensitive data. Cybersecurity breaches have immense financial and reputational implications and IT Teams cannot solely be responsible for it.  Cybersecurity has become a Board-level conversation and many organisations are employing a Chief Information Security Officer (CISO) who reports directly into the CEO. Cybersecurity is an aspect of an organisation’s risk management program.

Evaluating the security features of the Cloud offerings, therefore, becomes an important aspect of an IT decision-maker’s job. While security remains a key concern when it comes to Cloud adoption, Cloud is often regarded as a more secure option than on-premise. Cloud providers have dedicated security focus, constantly upgrade their security capabilities in response to newer threats and evolve their partner ecosystem. There is also better traceability with the Cloud as every virtual activity can be tracked, monitored, and logged. Ecosystm research finds that more than 40% of IT decision-makers think the Public Cloud has enough security measures and does not need complementing (Figure 3).

However, the Cloud is as secure as an organisation makes it. The perception that there is no need to supplement Public Cloud security features can have disastrous outcomes. It is important to supplement the Cloud provider’s security with event-driven security measures within an organisation’s applications and cloud interface.

It is the job of the CEO – through the CISO – to evaluate how cyber ready the IT Team really is. Do they know enough about shared responsibility? Do they have full cognizance of the SLAs of their Cloud providers? Do they have sufficient internal cybersecurity skills? Do they understand that data breaches can have cost and reputational impacts? As cybersecurity breaches begin to have more financial implications than ever and can derail an organisation, a CEO should have visibility of the risks of the organisation’s Cloud adoption.

Cloud is no longer just a technological decision – it is a business decision and takes into account the organisation’s vision. A full visibility of the Cloud roadmap – including the pitfalls, the risks and the immense potential – will empower a CEO immensely.

Yes and no. If we look at the history of the ERP solution, as an example, we find that it was initially meant for and deeply entrenched in Manufacturing organisations. In fact, the precursor to modern-day ERP is the Manufacturing Resource Planning (MRP II) software of the 1980s. Now, we primarily look at ERP as a cross-industry solution. Every business has taken lessons on inventory and supply chain management from the Manufacturing industry and has an enterprise-wide system. However, there are industries such as Hospitality and Healthcare that have their niche vendors who bundle in ERP features with their industry-specific solutions. This will be the general pattern that all tech solutions will follow: a) an industry use case will become popular; b) other industries will try to incorporate that solution, and in the process; c) create their own industry-specific customisations. It is important, therefore, for those who are evaluating emerging technologies to cast their net wide to identify use cases from other industries.

AI and automation is one such tech area where organisations should look to leverage cross-industry expertise. They should ask their vendors about their implementations in other allied industries and, in some cases, in industries that are not allied.

For cybersecurity, their approach should be entirely different. As companies move on from network security to more specific areas such as data security and emerging areas such as GRC communication, it will be important to evaluate industry experience. Data protection and compliance laws are often specific to industries – for example, while customer-focused industries are mandated on how to handle customer data, the Banking, Insurance, Healthcare and Public Sector industries have the need to store more sensitive data than other industries. They should look at solutions that have in-built checks and balances in place, incorporating their GRC requirements.

So, the answer to whether organisations should look for industry expertise in their vendors is that they should for more mature tech areas. An eCommerce company should look for industry experience when choosing a web hosting partner, but should look for experience in other industries such as Banking, when they are looking to invest in virtual assistants.

Are some industries more focused on industry experience than others?

Ecosystm research also sought to find out which industries look for industry expertise more than others (Figure 2). Surprisingly, there are no clear differences across industries. The Services, Healthcare and Public Sector industries emphasise marginally more on industry expertise – but the differences are almost negligible.

There are some differences when we look at specific tech areas, however. For example, industries that may be considered early adopters of IoT – Transportation, Manufacturing and Healthcare – tend to give more credit to industry experience because there are previous use cases that they can leverage. There are industries that are still formulating standards when it comes to IoT and they will be more open to evaluating vendors that have a successful solution for their requirement – irrespective of the industry.

The Healthcare Industry Example

Ecosystm Principal Analyst, Sash Mukherjee says, “In today’s fast-evolving technology market, it is important to go beyond use cases in only your industries and look for vendors that have a demonstrated history of innovation and experience in delivering measurable results, irrespective of the industry.” Mukherjee takes the example of the Healthcare industry. “No one vendor can provide the entire gamut of functionalities required for patient lifecycle management.  In spite of recent trends of multi-capability vendors, hospitals need multiple vendors for the hospital information systems (HIS), ERP, HR systems, document management systems, auxiliary department systems and so on. For some areas such as electronic health records (EHR) systems, obviously industry expertise is paramount. However, if healthcare organisations continue to look for industry expertise and partner with the same vendors, they miss out on important learnings from other industries.”

Talking about industries that have influenced and will influence the Healthcare industry in the very near future, Mukherjee says, “Healthcare providers have learnt a lot from the Manufacturing industry – and several organisations have evaluated and implemented Lean Healthcare and Six Sigma to improve clinical outcomes. The industry has also learnt from the Retail and Hospitality industries on how to be customer focused. In the Top 5 Healthtech trends for 2020, I had pointed out the similarities between the Financial and Healthcare industries (stringent regulations, process-based legacy systems and so on). As the Healthcare industry focuses on value-based outcomes, governments introduce more regulations around accountability and transparency, and people expect the experience that they get out of their retail interactions, Healthtech start-ups will become as mainstream as Fintech start-ups.”

It is time for tech buyers to re-evaluate whether they are restricting themselves by looking at industry use cases, especially for emerging technologies. While less industry customisations mean easier deployments, it may also hamper innovation.