Tag Archives: Pros

Half of IT Pros Say Remote Workers Dodging Security Precautions

Hackers aren’t the only ones evading security measures of many organizations. So are their remote workers.

In a report on remote workforce security released Monday, 52 percent of the U.S. IT and cybersecurity professionals surveyed revealed they experienced remote workers finding workarounds to their organizations’ security policies.

The report, prepared by Cybersecurity Insiders and sponsored by Axiad, a trusted identity solutions provider in Santa Clara, Calif., also found that the top three security policies and protocols remote workers were most resistant to comply with were multifactor authentication (35 percent), mobile device managers (33 percent) and password managers (26 percent).

“This means that even if a company has invested in strong authentication technology like MFA, they are still at risk unless they can encourage employees to comply with their policy,” the report noted. “This is even more challenging with a remote or hybrid workforce, as employees are not in the office to work with their IT team to deploy and utilize new technologies,” it added.

Ease-of-Use Issue

Employees circumventing security policies don’t do it, typically, with malicious intent, explained Axiad COO Jerome Becquart.

“They want to do their work in the most efficient way possible, and they perceive security as getting in their way,” he told TechNewsWorld.

Most employees don’t want to intentionally circumvent security policies, added Jen Kraxner, strategic advisory director at SecZetta, a third-party risk management company in Fall River, Mass.

“Sometimes it’s because they don’t know how to do something correctly,” she told TechNewsWorld. “Other times, they know how to do it, but it’s too hard.”

“Security policies don’t always make it easy for end users,” she continued. “When it becomes too hard for them to do it the right way, they choose to do it however they can.”

She cited the way two-factor authentication could be implemented as an example. One way is to be sent a notification that allows you to authenticate with a click. Another way is to require entering a code. The one-click approach has ease-of-use for the user in mind more so that the entering a code approach.

Oliver Tavakoli, CTO of Vectra AI, a provider of automated threat management solutions in San Jose, Calif., explained that in organizations that take security seriously fewer employees generally think about circumventing security policies.

“But when there is poor user experience — for example, needing to enter a second factor for authentication every time your laptop comes out of hibernation mode; the percentage of non-compliance. such as running software to ensure your laptop never hibernates even when you’re away, tends to rise,” he told TechNewsWorld.

Good Intentions

In some employees’ minds, they may think they need to overcome their organization’s security to be more productive.

“An employee may be used to having access to files and applications that aren’t available remotely,” said Saryu Nayyar, CEO of Gurucul, a threat intelligence company in El Segundo, Calif.

“A worker may try in those cases to subvert network restrictions to gain access they were used to having in the office,” she told TechNewsWorld.

Erich Kron, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla., explained that if an employee does not understand the reason for a security policy, or if the organization has a weak security culture, employees will often look to sidestep policies.

“They may believe it is just extra steps they must take to do their job, or needless hurdles interfering with production,” he told TechNewsWorld.

“If the extra work is significant enough, they may even begin to resent the policy or the organization,” he added.

“Employees often do not understand just how significant the modern threat landscape is,” he said, “or may believe that they, or their organization, is too small to be targeted by cyber criminals, a common misconception that often leads to big problems.”

Lemons Into Lemonade

It shouldn’t surprise that employees are finding workarounds to security policies, observed Sounil Yu, CISO of JupiterOne, a Morrisville, N.C.-based provider of cyber asset management and governance solutions.

“We want our employees to be clever and creative, therefore it’s no surprise that employees find ways to skirt security controls,” he told TechNewsWorld.

He recommended organizations tap into the creativity that’s circumventing security controls.

“What is important is that employees share those circumvention methods with the security team, not so that the security team blocks those methods outright, but so that the security team can work to find or build safer, paved paths that enable employees to be even more productive,” he said.

“To build trust across the company so that employees feel willing and safe to disclose how they circumvented a security control, the security team needs to keep security simple, open and collaborative, enabling and rewarding by embracing one of the core principles stated in the Manifesto for Modern Cybersecurity, which is to favor transparency over obscurity, practicality over process, and usability over complexity,” he added.

Insider Threats Increasing

Not all employees, however, have their employer’s best interests in mind when they end-run security policies and protocols.

“Remote work has significantly increased insider threats from employees taking risks with company assets, such as stealing sensitive data for personal use or gain, as employers have less visibility into what employees are accessing,” observed Joseph Carson, chief security scientist at Thycotic, a Washington D.C.-based provider of privileged account management solutions.

“Employees have company devices that were dependent on network security — such as email gateways, web gateways, intrusion detection systems or firewalls — to protect those devices,” he told TechNewsWorld

“Now, most of those protections are pretty much useless because the devices have been moved to the public internet,” he said.

Discouraging Bad Behavior

How can organizations discourage employees from evading security policies?

“Utilization of security policies which have minimal friction is the best way to achieve the goal,” said David Stewart, CEO of Approov, of Edinburgh, UK, which performs binary-level dynamic analysis of software.

“If the security is invisible, then the employee has no incentive to bypass it,” he told TechNewsWorld.

Chris Clement, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz. recommended using incentives.

“Find ways to make security easy or even transparent to your users and compliance with your policies will be high,” he told TechNewsWorld.

“Still, there are always people with malicious intent that need to be guarded against,” he added. “Regular monitoring and auditing of user activities is necessary to be able to quickly identify and respond to malicious behavior.”

Source link

The Pros and Cons of Hyperconverged Infrastructure

Hyperconverged solutions are software-defined systems with tightly integrated storage, networking, and resources that have seen an increase in usage recently, especially as a result of the COVID-19 pandemic. Hyperconverged infrastructure is a combination of traditional data center hardware and locally attached storage with software that enables the use of building blocks to replace legacy infrastructure systems. These legacy systems would typically consist of individual servers and different storage networks, but in a hyperconverged system, they are unified in a single platform.

Infrastructure with server-SAN and storage networks that featured independent modules which could be updated or changed without affecting other layers has been the typical way IT systems have operated for decades. However, in the era of hybrid cloud computing, this form of infrastructure can no longer keep up with the needs of many global businesses.

An HCI solution converges the entire data center stack, including storage, networking, and virtualization. Complex and expensive legacy infrastructure is replaced by a platform running on industry-standard servers that allows for businesses to start small and then scale as needed, one node at a time. More and more organizations are now starting to see the intrinsic benefits of hyperconverged infrastructure as it is a business that is expected to grow from $7.8 billion this year to over $27 billion by 2025, at a growth rate of 28.1%.

Currently, hyperconverged storage is the infrastructure of choice for companies that want to remain competitive during a critical period, see continued growth, and ensure that all data centers are sufficiently ready to transfer to cloud computing systems. With an HCI solution being the next logical step for the majority of businesses, it is important to understand exactly what are the positive and negative effects of transitioning to hyperconverged infrastructure.

Benefits of hyperconverged infrastructure

There are many clear benefits of having a highly integrated and tested system for your business, including:

Scalability: In a hyperconverged infrastructure, everything is seamlessly integrated, so scaling up involves simply adding another node to the previous one. This process offers the ability for more storage capabilities without the problem of any configuration hassles or hardware compatibility checks. It is essentially that simple; the more nodes you have, the more storage you can generate. This boost in storage not only offers seamless scalability, but it can be achieved without ever having to alter any management requirements.

Simplicity: The tried and true method of creating a data center requires bringing together a huge amount of separate pieces of hardware and software that can include servers, storage, networking, and management software for both hardware and software alike. A hyperconverged storage solution removes this problem. HCI solutions fully integrate hardware, software, and systems that are set to operate the moment they become functional. This simplicity ensures that all management issues are removed because everything has been created to specifically work together; therefore, it does.

Expense: Hyperconverged infrastructure will usually use commodity hardware, as opposed to special-purpose components, which is likely to significantly reduce the cost of implementation and operation. In addition, the nature of hyperconverged storage means that there is no need to bring in any additional IT staff to manage it due to its simplicity. Another key aspect of this is that the costs are entirely predictable as once you know the cost of adding an extra node and the additional capacity you will receive means simple cost calculations due to the pay-as-you-scale model.

Negatives of hyperconverged infrastructure

While these benefits are significant, it’s still important to be aware of potential pain points that might arise due to switching to an HCI solution. Some of these include:

Vendor Unity: When you use a hyperconverged infrastructure, you are then reliant on one lone vendor. This is why it is critical to ensure that any vendor you work with has a track record in your industry, is well-regarded, and can support your needs effectively. It is important to consult with experts before making your final decision regarding an HCI solution.

Hidden Costs: If you have not carefully considered the vendor you work with, costs can quickly begin to add up. Hidden costs can appear as some vendors may charge a higher amount for their equipment or services, while cloud costs can also increase if you are not careful. One way to prevent this from happening is to do due diligence when selecting a vendor, as well as undertake a full cost analysis of the process before agreeing to it.

Final thoughts

A hyperconverged infrastructure should not be considered a panacea for all your IT and data problems. However, the positives of a hyperconverged solution typically far outweigh the negatives when it comes to streamlining your overall operational capabilities and productivity. With companies and organizations receiving more data on an almost daily basis and analytical workloads growing constantly, we are seeing hyperconverged infrastructure quickly become a part of the ‘new business normal.’

Greg Jehs is the Director of Enterprise Engagement at Meridian.

Source link

5 IT Career Tips from Pros Who Know | IT Infrastructure Advice, Discussion, Community

The new year is always a good time to take stock of your life, and your career is one area that you may want to evaluate. Maybe you are just getting started in your IT career and looking for the best approach to take to gain experience quickly and advance. Or maybe you already have spent a few years or even a few decades in IT, but you feel a little stuck in your current role or position, even as the tech space is expanding and your peers seem to be moving ahead.

Whatever the case, learning from the experience of other IT professionals can save you time and money as you work to get to the next phase of your career as an IT professional.

InformationWeek spoke to several IT professionals and leaders recently and asked them for their top piece of advice for other IT pros just getting started or in a mid-career state of limbo. Here’s a collection of some of the best advice we heard.

Read the rest of this article on InformationWeek.

Source link

An IT Pro’s View: Why Interop is a Unique IT Conference | IT Infrastructure Advice, Discussion, Community

I’ve been attending technical trade shows and conferences since 2003. Over that time, I’ve witnessed a dramatic shift in the style and content these conferences deliver. Instead of being focused on problems that we face in enterprise IT, most conferences today are now solely focused on the products. While there is clearly a market for product-focused technology conferences, it’s nice to know that a few shows still offer the ability to dig deep into what issues IT professionals face without being bombarded with product marketing.

Interop is probably the best conference in the industry at providing this uniquely special angle. Let’s talk about who Interop is for – and why you should be attending.

Interop for IT management and executives

CIO’s and top IT management should be paying little attention to technology vendors and products. These are the types of details that should be left to implementation-focused employees. Instead, their focus should be on how they can use technology to shape business strategy. At Interop, IT managers and executives from around the world can gather to listen to and share their ideas about how to solve business problems using enterprise tech.

Read the rest of the article on InformationWeek.

Get details on this year’s Interop19 Infrastructure conference sessions.

Source link

Data Center Tech ‘Graduation:’ What IT Pros Have Learned

As schools around the country hold graduation ceremonies, classic songs like Green Day’s “Good Riddance (Time of Your Life)” will be sung, played, or reminisced about by students everywhere as they reflect on fond memories and lessons learned in school. Graduation is a symbol of transition and change, a milestone that represents growth, progress, and transformation.

Just as education fosters growth in students, digital transformation drives progress in an organization and ultimately leads to innovations in the data center, but not without a few lessons learned from setbacks and failures.

In the spirit of graduation season, we asked our THWACK IT community to tell us what technology they “graduated” to in 2018. According to the SolarWinds 2018 IT Trends Report, 94% of surveyed IT professionals indicated that cloud and/or hybrid IT is the most important technology in their IT organization’s technology strategy today. But what else have organizations experimented with over the last year? Check out some of the most popular technologies that THWACK community members tell us they have implemented this past year, in their words.

(Image: Nirat.pix/Shutterstock)

Source link