|By Kevin Nikkhoo||
|December 20, 2012 09:00 AM EST||
Today's is a cautionary tale. One that you've probably heard before, but I promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent.
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software tools to manage lease lifecycles and other financial information. His primary customer is commercial real estate agencies across the country. For the past 12 years, it has been highly successful despite some of the economic battering the housing market took over the past several years. The company clears somewhere in the neighborhood of 30-50 million per year. He employs about 150 people. And it is the story of one of those employees where the story takes a dark turn.
Recently Dan parted ways with his VP of Sales. Dan thought the split was amicable, but according to my colleague, in less than a month, Dan was confronted with the reality that the veep actually felt slighted, and allegedly took steps to hobble the company.
It seems several days after this employee left the company, he was able to access the network and allegedly remove client databases from the CRM, all his work files and even sent an "anonymous" message from the company's info@ email account to every customer decrying how Dan was personally trying to cheat them. And as a last "get stuffed" act was able to access several other applications and erased a good deal of data. Apparently he was able to clean his trail or else I would be talking about how this guy is currently being sued or in jail for theft. It is also why I cautiously use the word allegedly. Nonetheless, there was some serious damage done.
Now in terms of security, Dan had a decent firewall and anti-virus protection. He also had a log management solution for his financial compliance issue. Now the log didn't pick up any machine code of the veep's alleged visit because all the financial data required by the regulatory agency is on another server.
Now Dan is faced with several business issues and related costs of having to recreate the wheel, replace lost information and shore up security. Aside from the tribal knowledge and the recovery of the data, Dan's biggest mountain to climb is making sure something like this never happens again. If Dan relies on existing paradigms (buying new servers, workstations and 4 different software packages, finding a knowledgeable consultant to develop the processes, and development/deployment time) it is going to cost him a pocket load of front-ended capital expenditures, hundreds of man hours and other assets that will siphon resources from his core competencies.
If Dan REACTs and looks to the cloud, many of those headaches fade without the crushing blow to time, money and resources. REACT™ or Realtime Event and Access Correlation Technology is part of a game-changing holistic paradigm called UniSec (unified security) which delivers a comprehensive suite of solutions deployed and managed from the cloud. It comprises all the security elements that would've prevented Dan's breach and data theft and leverages all the various silos information into a centralized real time contextual analysis. In other words it provides 360o enterprise visibility to see who is doing what , when and where for any part of the IT landscape. It takes the historical backbone of Log Management, the intelligence of SIEM, the authenticating of Identity Management and the control of Access Management and provides a Single Source of analysis, alert and action in real time
Without the benefit of cloud computing, this solution would be well beyond the budget means of Dan's company. Even one doing as well as his. REACT puts enterprise power in the hands of smaller companies in a very affordable, scalable and flexible manner. Just deploying a single sign on initiative can be pricy. Then you add all these layers, all these endpoints... It used to make very little sense for modest organizations to invest in such protection. However bundled , deployed and managed from the cloud (for less than what it would cost support & maintenance for an on premise equivalent) Dan is able to better protect his assets and has a clearer vision of business needs; what department needs which application and providing access only to them.
Four solutions...does Dan really need all that? Yes. Is it overkill? Absolutely not. If Dan had each element deployed (realizing it is just a single solution underneath the REACT umbrella): 1) an identity management solution would have immediately prevented an ex-employee from coming in through automatic deprovisioning and password retirement, 2) access management would have blocked his way from reaching SaaS apps and downloading CRM databases and other proprietary files 3)SIEM would have noted his attempts to touch any part of the network and create an intrusion alert and Log Management would have recorded it all for compliance audits. That this solution is scalable to the exacting need and business requirements (today and tomorrow) of Dan's company make it a perfect fit. That the solution is zero-day deployment ready means no waiting on ROI and the important functionality it brings. That the solution is pay-as-you-go he's spending no CapEx money. That the solution includes security-as-a-service means he has an expert analyst working on his behalf that isn't on his payroll. The financial and administrative benefits make Dan the CEO sleep better at night. The enterprise power allows Dan the CTO to have more pleasant dreams.
REACT and UniSec are paradigm changing concepts in the security and cloud computing sphere that I predict will soon become the norm.
Of course, in the interest of full disclosure, I called Dan last week and I am optimistic he will be subscribing at the end of the month.
Countless business models have spawned from the IaaS industry – resell Web hosting, blogs, public cloud, and on and on. With the overwhelming amount of tools available to us, it's sometimes easy to overlook that many of them are just new skins of resources we've had for a long time. In his general session at 17th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, an IBM Company, broke down what we have to work with, discussed the benefits and pitfalls and how we can best use them ...
Nov. 30, 2015 11:45 AM EST
This morning on #c9d9 we spoke with two industry veterans and published authors - James DeLuccia and Jonathan McAllister - on how to bake-in security and compliance into your DevOps processes, and how DevOps and automation can essentially help you pass your next audit.
Nov. 30, 2015 09:48 AM EST
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
Nov. 30, 2015 08:00 AM EST Reads: 563
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem"...
Nov. 30, 2015 07:00 AM EST Reads: 466
In today’s pharmaceutical supply chain, counterfeit activity is thriving. As pharma companies have expanded target markets and outsourced production over the last decade, the supply chain has become increasingly global, virtual, and vulnerable. Illicit activity has thrived, and patients have suffered, with hundreds of thousands dying each year from counterfeit and contaminated drugs. More than 40 countries have responded with new laws that regulate prescription medications as they travel throug...
Nov. 30, 2015 05:45 AM EST Reads: 314
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound...
Nov. 30, 2015 05:30 AM EST Reads: 493
As organizations shift towards IT-as-a-service models, the need for managing & protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection & E-Discovery of your data - whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise.
Nov. 30, 2015 05:15 AM EST Reads: 251
Naturally, new and exciting technologies and trends like software defined networking, the Internet of Things and the cloud tend to get the lion’s share of attention these days, including when it comes to security. However, it’s important to never forget that at the center of it all is still the enterprise network. And as evidenced by the ever-expanding landslide of data breaches that could have been prevented or at least their impact lessened by better practicing network security basics, it’s ...
Nov. 30, 2015 04:30 AM EST Reads: 286
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNu...
Nov. 30, 2015 04:00 AM EST Reads: 348
Put the word continuous in front of many things and we help define DevOps: continuous delivery, continuous testing, continuous assessment, and there is more. The next BriefingsDirect DevOps thought leadership discussion explores the concept of continuous processes around the development and deployment of applications and systems. Put the word continuous in front of many things and we help define DevOps: continuous delivery, continuous testing, continuous assessment, and there is more.
Nov. 30, 2015 04:00 AM EST Reads: 181
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, San...
Nov. 30, 2015 04:00 AM EST Reads: 607
In today's enterprise, digital transformation represents organizational change even more so than technology change, as customer preferences and behavior drive end-to-end transformation across lines of business as well as IT. To capitalize on the ubiquitous disruption driving this transformation, companies must be able to innovate at an increasingly rapid pace. Traditional approaches for driving innovation are now woefully inadequate for keeping up with the breadth of disruption and change facin...
Nov. 30, 2015 03:00 AM EST Reads: 513
I recently attended and was a speaker at the 4th International Internet of @ThingsExpo at the Santa Clara Convention Center. I also had the opportunity to attend this event last year and I wrote a blog from that show talking about how the “Enterprise Impact of IoT” was a key theme of last year’s show. I was curious to see if the same theme would still resonate 365 days later and what, if any, changes I would see in the content presented.
Nov. 30, 2015 02:00 AM EST Reads: 450
You may have heard about the pets vs. cattle discussion – a reference to the way application servers are deployed in the cloud native world. If an application server goes down it can simply be dropped from the mix and a new server added in its place. The practice so far has mostly been applied to application deployments. Management software on the other hand is treated in a very special manner. Dedicated resources are set aside to run the management software components and several alerting syst...
Nov. 30, 2015 01:00 AM EST Reads: 232
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
Nov. 30, 2015 12:00 AM EST Reads: 419
It's been a busy time for tech's ongoing infatuation with containers. Amazon just announced EC2 Container Registry to simply container management. The new Azure container service taps into Microsoft's partnership with Docker and Mesosphere. You know when there's a standard for containers on the table there's money on the table, too. Everyone is talking containers because they reduce a ton of development-related challenges and make it much easier to move across production and testing environm...
Nov. 29, 2015 09:00 PM EST Reads: 632
Hiring the wrong candidate can cost a company hundreds of thousands of dollars, and result in lost profit and productivity during the search for a replacement. In fact, the Harvard Business Review has found that as much as 80 percent of turnover is caused by bad hiring decisions. But when your organization has implemented DevOps, the job is about more than just technical chops. It’s also about core behaviors: how they work with others, how they make decisions, and how those decisions translate t...
Nov. 29, 2015 04:45 PM EST Reads: 200
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at Logz.io, explored the value of Kibana 4 for log analysis and provided a hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He examined three use cases: IT operations, business intelligence, and security and compliance. Asaf Yigal is co-founder and VP of Product at log analytics software company Logz.io. In the past, he was co-founder of social-trading platform Currensee, which...
Nov. 29, 2015 04:00 PM EST Reads: 257
People want to get going with DevOps or Continuous Delivery, but need a place to start. Others are already on their way, but need some validation of their choices. A few months ago, I published the first volume of DevOps and Continuous Delivery reference architectures which has now been viewed over 50,000 times on SlideShare (it's free to download...no registration required). Three things helped people in the deck: (1) the reference architectures, (2) links to the sources for each architectur...
Nov. 29, 2015 03:30 PM EST Reads: 262
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
Nov. 29, 2015 02:00 PM EST Reads: 488