Digitally Speaking

Andrew Newton
September 8, 2017

Shadow IT is not a new concept, but certainly is a big issue for many organisations today. Companies of all sizes see a significant increase in the use of devices and/or services not within the organisation’s approved IT infrastructure.

A Global CIO Survey  found that IT leaders are under growing pressure from Shadow IT and are gradually losing the battle to retain the balance of power in IT decision-making. The threat from Shadow IT is forcing CIOs to re-align their IT strategy to better serve the needs of their line of business colleagues, and transforming IT to become the first choice for all IT service provision. However Shadow IT continues to apply pressure to many CIO’s and IT leaders who do not have clear visibility of the use of Shadow IT within their organisations and therefore cannot quantify the risks or opportunities.

So is Shadow IT a threat to your organisation or does it improve productivity and drive innovation?

Based on Gartner’s report, Shadow IT will account for a third of the cyber-attacks experienced by enterprises by the time we reach 2020. However, some customers have told us:

  • “Shadow IT is an opportunity for us to test devices or services before we go to IT for approval,”
  • Shadow IT allows us to be Agile and use services that IT don’t provide so we can work more effectively

One of the most important aspects of Shadow IT is of course the cost. What are the costs to the business from the hidden costs of a security breach, potential loss of data and for those with regulatory compliance requirements, the possibility of large fines and loss of reputation in their respective markets?

With an ever changing and expanding IT landscape and new regulations  such as the General Data Protection Regulation (GDPR) coming into effect in May 2018, managing and controlling data whilst ensuring complete data security should be top of the priority list. Therefore understanding the key challenges of Shadow IT is fundamental in order to manage it effectively.

Shadow IT – The Key Challenges:

    • Identifying the use of Shadow IT
      Arguably the biggest challenge with Shadow IT is visibility within the organisation. How can IT leaders see who is using or consuming what and for what purpose? If you can’t see or are aware of it, how can you manage it?
    • Costs of Shadow IT
      Controlling costs is impossible for Shadow IT spend if there is no visibility of what is being used. Not just the direct Shadow IT purchases present a challenge but the consequences of a security breach as a result of the use of Shadow IT in fines, reputation damage and future loss of business.
    • Securing the threat to your business
      One of the biggest areas of concern and quite rightly is the security threat to the business from the use of non-approved IT sources.  Not only does this have the potential to add to the organisation’s costs but also could result in the loss of data, again with the potential risk of considerable fines.
    • Managing Shadow IT without stifling innovation
      The wrong approach to managing Shadow IT, such as the “total lock down messaging”  can send signals to the organisation that IT are controlling, inflexible and  unwilling to listen with the possible result of driving Shadow IT under ground and in cases actually increase its use , thus increasing risks and costs.

Shadow IT is a complicated issue, but your response to it doesn’t have to be. Contact us to find out how we can help you manage Shadow IT, be forward thinking and fill the gaps within the current IT infrastructure.

Jorge Aguilera Poyato
August 9, 2017

It’s common knowledge that there is a global shortage of experienced IT security professionals, right across the spectrum of skills and specialities, and that this shortage is exacerbated by an ongoing lack of cyber security specialists emerging from education systems.

Governments are taking action to address this skills shortage, but it is nevertheless holding back advancement and exposing IT systems and Internet businesses to potential attacks.

Because of this, and despite the fear that other industries may have of Artificial Intelligence (AI) the information security industry should be embracing it and making the most of it. As the connectivity requirements of various different environments become ever more sophisticated, so the number of security information data sources is increasing rapidly, even as potential threats increase in number and complexity. Automation and AI offer powerful new ways of managing security in this brave new world.

At the moment, the focus in AI is on searching and correlating large amounts of information to identify potential threats based on data patterns or user behaviour analytics. These first generation AI-driven security solutions only go so far, though: security engineers are still needed, to validate the identification of threats and to activate remediation processes.

As these first generation solutions become more efficient and effective in detecting threats, they will become the first step towards moving security architectures into genuine auto-remediation.

To explore this, consider a firewall – it allows you to define access lists based on applications, ports or IP addresses. Working as part of a comprehensive security architecture, new AI-driven platforms will use similar access lists, based on a variety of complex and dynamic information sources. The use of such lists will under-gird your auto-remediation policy, which will integrate with other platforms to maintain consistency in the security posture defined.

As we move into this new era in security systems, in which everything comes down to gathering information that can be processed, with security in mind, by AI systems, we will see changes as services adapt to the new capabilities. Such changes will be seen first in Security Operations Centres (SOCs).

Today’s SOCs still rely heavily on security analysts reviewing reports to provide the level of service expected by customers. They will be one of the first environments to adopt AI systems, as they seek to add value to their services and operate as a seamless extension to digital businesses of all kinds.

SOCs are just one example, the security industry will get the most out of AI, but they need to start recognising that machines do best at what people do best. Any use of this technology will enable the creation of new tools and processes in the cybersecurity space that will protect new devices and networks from threats even before a human can classify that threat.

Artificial intelligence techniques such as unsupervised learning and continuous retraining can keep us ahead of the cyber criminals. However, we need to be aware that hackers will be also using these techniques, so here is where the creativity of the Good Guys can focus on thinking about what is coming next and let the machines do their job in learning and continuous protection.

Don’t miss out: to find out more, contact us – we’ll be delighted to help you with emerging technology and use it to your benefit.

Category: Security

Alastair Broom
May 16, 2017

What if I told you, that Ransomware, is on its way to becoming a $1 billion annual market ?

Eyebrows raised (or not), it is a matter of fact in 2017 that Ransomware is an extremely lucrative business, evolving in an alarming rate and becoming more sophisticated day by day.

But, the question remains, what is Ransomware?

Ransomware is a malicious software – a form of malware – that either disables a target system or encrypts a user’s files and holds them ‘hostage’ until a ransom is paid. This malware generally operates indiscriminately with the ability to target any operating system, within any organisation. Once the malware has gained a foothold in an organisation, it can spread quickly infecting other systems, even backup systems and therefore can effectively disable an entire organisation. Data is the lifeblood of many organisations and without access to this data, businesses can literally grind to a halt. Attackers demand that the user pay a fee (often in Bitcoins) to decrypt their files and get them back.

On a global scale, more than 40% of ransomware victims pay the ransom, although there is no guarantee that you will actually get your data back and copies of your data will now be in the attacker’s hands. In the UK, 45% of organisations reported that a severe data breach caused systems to be down on average for more than eight hours. This makes it apparent that the cost is not only the ransom itself, but also the significant resources required to restore the systems and data. What is even more alarming, is that in the UK the number of threats and alerts is significantly higher than other countries (Cisco 2017 Annual Cybersecurity Report). Outdated systems and equipment are partially to blame, coupled with the belief that line managers are not sufficiently engaged with security. Modern and sophisticated attacks like ransomware require user awareness, effective processes and cutting edge security systems to prevent them from taking your organisation hostage!

How can you protect your company?

As one of the latest threats in cybersecurity, a lot has been written and said around ransomware and potential ways of preventing it. A successful mitigation strategy involving people, process and technology is the best way to minimise the risk of an attack and its impact. Your security program should consider the approach before, during and after an attack takes place giving due consideration to protecting the organisation from attack, detecting Ransomware and other malware attacks and how the organisation should respond following an attack. Given that Ransomware can penetrate organisations in multiple ways, reducing the risk of an infection requires a holistic approach, rather than a single point solution.  It takes seconds to encrypt an entire hard disk and so IT security systems must provide the highest levels of protection, rapid detection and high containment and quarantine capability to limit damage. Paying the ransom should be viewed as an undesirable, unpredictable last resort and every organisation should therefore take effective measures to avoid this scenario.

Could your organisation be a target?

One would imagine that only large corporations would be at risk of a Ransomware attack, but this is far from the truth. Organisations of all industries and sizes report Ransomware attacks which lead to substantial financial loss, data exposure and potential brand damage. The reason is that all businesses rely on the availability of data, such as employee profiles, patents, customer lists, financial statements etc. to operate.  Imagine the impact of Ransomware attacks in police departments, city councils, schools or hospitals. Whether an organisation operates in the public or private sector, banking or healthcare, it must have an agile security system in place to reduce the risk of a Ransomware attack.

Where to start?

The first step to shield your company against Ransomware is to perform an audit of your current security posture and identify areas of exposure.  Do you have the systems and skills to identify an attack?  Do you have the processes and resources to respond effectively?  As Ransomware disguises itself and uses sophisticated hacking tactics to infiltrate your organisation’s network, it is important to constantly seek innovative ways to protect your data before any irreparable damage is done.

With our Security Consultancy, Managed Security Service offerings and threat-centric Security product portfolio, we are able to help our customers build the holistic security architecture needed in today’s threat landscape.

Contact us to discuss your cyber security needs and ensure you aren’t the next topic of a BBC news article.

 

Category: Security

Alastair Broom
March 10, 2017

As Logicalis’ Chief Security Technology Officer I’m often asked to comment on cyber security issues. Usually the request relates to specific areas such as ransomware or socially engineered attacks. In this article I’m taking a more holistic look at IT security.

Such a holistic approach to security is, generally, sorely lacking. This is a serious matter, with cyber criminals constantly looking for the weak links in organisations’ security, constantly testing the fence to find the easiest place to get through. So, let’s take a look at the state of enterprise IT security in early 2017, using the technology, processes and people model.

Technology

A brief, high-level look at the security market is all it takes to show that there are vast numbers of point products out there – ‘silver bullet’ solutions designed to take out specific threats. There is, however, little in terms of an ecosystem supporting a defence-in-depth architecture. Integration of and co-operation between the various disparate components is , although growing, typically weak or non-existent.

We’ve seen customers with more than 60 products deployed, from over 40 vendors, each intended to address a specific security issue. Having such a large number of products itself presents significant security challenges, though. All these products combined have their own vulnerability: support and manintenance. Managing them and keeping them updated generates significant workload, and any mistakes or unresolved issues can easily become new weak points in the organisation’s security.

The situation has been exacerbated by the rapidly increasing popularity of Cloud and Open Source software. Both trends make market entry significantly simpler, allowing new players to quickly and easily offer new solutions, targeting whichever threat happens to be making a big noise at the moment.

Just as poor integration between security products is an issue, so is lack of integration between the components on which they are built. Through weak coding or failure to make use of hardware security features – Intel’s hardware-level Software Guards Extensions (SGX) encryption technology is a good example – security holes are left open, waiting to be exploited.

The good news on the technology front is that we are seeing the early stages of the development of protocols, such as STIX, TAXII and CybOX, allowing different vendors’ products to interact and share standardised threat information. The big security vendors have been promoting the idea of threat information sharing and subsequent action for a while, but only within their own product ecosystems. It’s time for a broader playing field!

Processes

IT security is one of the most important issues facing today’s enterprise, yet, while any self-respecting board will feature directors with responsibility for sales, marketing, operations and finance, few enterprises have a board level CISO.

Similarly few organisations have a comprehensive and thoroughly considered security strategy in place, or proper security processes and policies suitable for today’s threat landscape and ICT usage patterns. A number of industry frameworks exist: ISO 27001, Cyber Essentials, NIST to name but a few; and yet very few organisations adopt these beyond the bare minimum to meet regulatory requirements.

Most organisations spend considerable sums on security technology, but without the right security strategy in place, and user behaviour in line with the right processes and policies, they remain at risk of serious breaches.

People

The hard truth is that some 60% of breaches are down to user error. Recent research obtiained through Freedom of Information requests found that 62% reported to the ICO are down to humans basically getting it wrong. People make poor password choices, use insecure public (and private!) WiFi, and use public Cloud storage and similar services without taking the necessary security precautions. They do not follow, or indeed even know, corporate data classification and usage policies. The list, of course, goes on.

Training has a part to play here, to increase users’ awareness of the importance of security, as well as the behaviours they need to adopt (and discard) to stay secure. However, there will come a point at which the law of diminishing returns kicks in: we all make mistakes – even the most careful, well trained of us.

We need to explore, discover and devise new ways in which technology can help, by removing the human element, where possible and desirable, and by limiting and swiftly rectifying the damage done when human error occurs. Furthermore, we need to leverage ever improving machine learning and artificial intelligence software to help augment human capability.

Enterprises need to work with specialists that can help them understand the nature of the threats they face, and the weak links in their defences that offer miscreants easy ways in. That means closely examining all aspects of their security from each of the technology, processes and people perspectives, to identify actual and potential weaknesses. Then robust, practical, fit-for-purpose security architectures and policies can be built.

For an outline of how this can work, take a look at Logicalis’ three-step methodology here or email us security@uk.logicalis.com to discuss your cyber security needs.

Category: Security

Fanni Vig
January 16, 2017

A friend of mine recently introduced me to the idea of the ‘runaway brain’ – a theory first published in 1993 outlining the uniqueness of human evolution. We take a look into how artificial intelligence is developing into something comparable to the human brain and the potential caveats that concern us as human-beings.

The theory considers how humans have created a complex culture by continually challenging their brains, leading to the development of more complex intellect throughout human evolution. A process which continues to occur, even up to today and will again tomorrow, and will no doubt for years to come. This is what theorists claim is driving human intelligence towards its ultimate best.

There are many ways in which we can define why ‘human intelligence’ is considered unique. In essence, it’s characterised by perception, consciousness, self-awareness, and desire.

It was by speaking to a friend that I considered with human intelligence alongside the emergence of artificial intelligence (AI), is it possible for the ‘runaway brain’ to reach a new milestone? After further research, I found some that say it already has.

They label it ‘runaway super intelligence‘.

Storage capacity of the human brain

Most neuroscientists estimate the human brains storage capacity to range between 10 and 100 terabytes, with some evaluations estimating closer to 2.5 petabytes. In fact, new research suggests the human brain could hold as much information as the entire internet.

As surprising as that sounds, it’s not necessarily impossible. It has long been said that the human brain can be like a sponge, absorbing as much information that we throw towards it. Of course we forget a large amount of that information, but take into consideration those with photographic memory or those who practice a combination of innate skills, learned tactics, mnemonic strategies or those who have an extraordinary knowledge base.

Why can machines still perform better?

Ponder this – if human brains have the capacity to store significant amounts of data, why do machines continue to outperform human decision making?

The human brain has a huge range – data analysis and pattern recognition alongside the ability to learn and retain information. A human needs only to glance before they recognise a car they’ve seen before, but AI may need to process hundreds or even thousands of samples before it’s able to come to a conclusion. Perhaps human premeditative assumption, if you will, to save time analysing finer details for an exact match, but conversely, while AI functions may be more complex and varied, the human brain is unable to process the same volume of data as a computer.

It’s this efficiency of data processing that calls on leading researchers to believe that indeed AI will dominate our lives in the coming decades and eventually lead to what we call the ‘technology singularity’.

Technology singularity

Technological singularity is defined by the hypothesis that through the invention of artificial super intelligence abruptly triggering runaway technological growth, which will result in unfathomable changes to human civilization.

According to this hypothesis, an upgradable intelligent agent, such as software-based artificial general intelligence, could enter a ‘runaway reaction’ cycle of self-learning and self-improvement, with each new and increasingly intelligent generation appearing more rapidly, causing an intelligence explosion resulting in a powerful super intelligence that would, qualitatively, far surpass human intelligence.

Ubiquitous AI

When it comes to our day-to-day lives, algorithms often save time and effort. Take online search tools, Internet shopping and smartphone apps using beacon technology to provide recommendations based upon our whereabouts.

Today, AI uses machine learning. Provide AI with an outcome-based scenario and, to put it simply, it will remember and learn. The computer is taught what to learn, how to learn, and how to make its own decisions.
What’s more fascinating, is how new AI’s are modeling the human mind using techniques similar to that of our own learning processes.

Do we need to be worried about the runaway artificial general intelligence?

If we to listen to the cautiously wise words of Stephen Hawking who said “success in creating AI would be the biggest event in human history”, before commenting “unfortunately, it might also be the last, unless we learn how to avoid the risks”.

The answer to whether we should be worried all depends on too many variables for a definitive answer. However, it is difficult not to argue that AI will play a growing part in our lives and businesses.

Rest assured: 4 things that will always remain human

It’s inevitable that one might raise the question is there anything that humans will always be better at?

  1. Unstructured problem solving. Solving problems in which the rules do not currently exist; such as creating a new web application.
  2. Acquiring and processing new information. Deciding what is relevant; like a reporter writing a story.
  3. Non-routine physical work. Performing complex tasks in a 3-dimentional space that requires a combination of skill #1 and skill #2 which is proving very difficult for computers to master. As a consequence this causes scientists like Frank Levy and Richard J. Murmane to say that we need to focus on preparing children for an “increased emphasis on conceptual understanding and problem-solving“.
  4. And last but not least – being human. Expressing empathy, making people feel good, taking care of others, being artistic and creative for the sake of creativity, expressing emotions and vulnerability in a relatable way, and making people laugh.

Are you safe?

We all know that computers/machines/robots will have an impact (positive and/or negative) on our lives in one way or another. The rather ominous elephant in the room here is whether or not your job can be done by a robot?

I am sure you will be glad to know there is an algorithm for it…
In a recent article by the BBC it is predicted that 35% of current jobs in the UK are at a ‘high risk’ of computerization in the coming 20 years (according to a study by Oxford University and Deloitte).

It remains, jobs that rely on empathy, creativity and social intelligence are considerably less at risk of being computerized. In comparison roles including retail assistants (37th), chartered accountants (21st) and legal secretaries (3rd) all rank among the top 50 jobs at risk.

Maybe not too late to pick up the night course on ‘Computer Science’…

Jorge Aguilera Poyato
December 15, 2016

Last week I read that you can now hijack nearly any drone mid-flight just by using a tiny gadget.

The gadget responds to the name of Icarus and it can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.

Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.

Although this is not the first device we have seen that can hijack drones, this is the first one giving the control Icarus works by exploiting DMSx protocol, granting attackers complete control over target drones that allows attackers to steer, accelerate, brake and even crash them.

The attack relies on the fact that DSMx protocol does not encrypt the ‘secret’ key that pairs a controller and the controlled device. So, it is possible for an attacker to steal this secret key by launching several brute-force attacks.

You can also watch the demonstration video to learn more about Icarus box.

There is no mitigation approach to this issue at the moment, other than wait for manufacturers affected to release patches and update their hardware embracing encryption mechanisms to secure the communication between controller and device.

Having seen this video and the potential impact of this hijacking technique, my first thought was about the threat for Amazon’s new service coming soon, which will allow drones to safely deliver packages to people’s homes in under 30 minutes.

This is just another example of how important is to define the right strategy around using encryption as part of the security in the digital era. Business data and the way we want to access this data from any device, anywhere and anytime just highlight the need of enhanced and clever security solutions.

There are different ways Logicalis can help our customers in the protection of data located in data centres and end points with the help of the ecosystem of partners like Cisco and Intel Security.

An interesting offering to mention is Logicalis Endpoint Encryption Managed Service. This service gives our customer’s devices and the data within them the level of protection that will give them peace of mind should a device be lost or stolen, and we Logicalis manage the service for them. This service is the market leader for data protection and it provides the highest levels of Confidentiality, Integrity and Availability. The service is part of the global strategy adopted by Logicalis Group across EMEA.

Category: Automation, Security

Alastair Broom
December 11, 2016

21 times in the past 12 months! According to the following BBC article, that’s how many times Bournemouth University has been hit by ransomware attacks (University hit 21 times in one year by ransomware – BBC News). 23 universities have suffered that same issue, 28 NHS trusts. And the problem continues in the Enterprise space. According to Kaspersky labs research, over 50,000 corporate PCs were infected with ransomware in 2015, a 100% year-on-year growth as compared to 2014. And that’s the data Kaspersky has access to. The FBI states that in Q2 of 2015, 4 million unique ransomware samples were detected, and that in 2016 over $1 billion will be paid out in ransomware attacks to retrieve data. I may be in the wrong job…

The thing is, ransomware in the past has been what I would term, a typically opportunistic attack. It was predominantly targeted at individuals, and would rely on relatively basic techniques, such as phishing scams or drive-by-downloads, to get the infection done. Attacks would range from scareware, to screenlockers, all the way to encryption attacks, and would demand a reasonably small sum from the victim to decrypt locked files (assuming you were lucky enough to get the files back at all). You would handover some Bitcoins, the currency hackers crave due to its global and anonymous nature, and hope the decryption key was handed over in return.

But that is no longer the case. Ransomware is now far better classed as an APT – Advanced Persistent Threat, and carries all the industrialized process behind it that we expect of corporate or sovereign government funded warfare. This is big business, and attackers are fully aware of the cost corporations are exposed to if they are unable to access that most precious of resources – their data. Attackers will spend huge effort researching their victim: footprinting, scanning, enumerating – and will then follow a very well thought out plan to realise their desired outcomes!

Not good news, but we can help! At Logicalis, we have been helping our clients prepare for and defend against ransomware and other APTs. Let’s specifically address ransomware.

We understand the key stages involved in a ransomware attack (infection, execution, backup spoliation, encryption, notification & clean up), and so can help advise you on the best lines of defence, and provide a number of services to make sure you are protected. The below list is a great place to start:

  • Reduce logged in user privileges so that they are unable to execute PowerShell and any other code not required.
  • Remove the command prompt from Citrix or logon profile sessions.
  • Use application whitelisting so that only authorised applications can run.
  • Prevent or disallow macro execution via group policy.
  • Investigate using where appropriate Microsoft EMET
  • Use a SIEM to monitor, for example, process injection
  • Ensure that there is a full backup of all the data and systems to be able to restore if and when required.
  • Use a software restriction policy in applocker (SRP)
  • Disable activeX in the browsers.
  • Install a personal firewall or use HIPS
  • Block binaries running from %APPDATA% and %TEMP% paths

With our Security consultancy, Managed Security Service offerings and threat-centric Security product portfolio, we are able to help our customers build the holistic security architecture needed in today’s threat landscape. When it comes to ransomware, our solutions in Anti-Virus, Endpoint Protection, Data Loss Protection, Advanced Malware Protection and Managed SIEM will ensure you aren’t the next topic of a BBC news article.

Category: Security

Jorge Aguilera Poyato
November 30, 2016

As you might have read back in November 2016, a huge Distributed Denial of Service (DDoS) attach against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet, causing a significant outage to a tonne of websites and services; including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

How did the attack happen? What was the cause behind the attack?

Although exact details of the attack remain vague, Dyn reported an army of hijacked internet-connected devices Slopian are thought to be responsible for the large-scale They attack; similar to a method recently employed by hackers to carry out a record-breaking DDoS attack of over 1 Tbps against the French hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not shooting necessarily all, of the cheap NFL jerseys traffic in the DDoS attacks against Dyn. Mira is a piece of malware that targets estudo Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a bonnet, which is then used to conduct DDoS attacks.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms. Which is why wholesale MLB jerseys they are routinely hacked and widely becoming part of DDoS botnets and used as weapons in cyber-attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials having spoken to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting Dyn, but treatment—How none of the agencies have yet speculated on who might be behind them.

At Logicalis UK, we have a threat centric approach. We can help customers wholesale NBA jerseys protect their applications and environments against DDoS attacks with on-premise, cloud-based or hybrid deployments based on solutions through our partner F5.

F5 provides seamless, flexible, and easy-to-deploy solutions that enable a fast response, no matter what type of DDoS attack you’re under. Together, Logicalis and F5 can;

  • Deliver multi-layered DDoS defense from a single box with a fast-acting, dual-mode appliance that supports both out-of-band processing and inline mitigation, while enabling SSL inspection and guarding against layer wholesale jerseys 7 app attacks.
  • Stop attacks on your data centre immediately with an in-depth DDoS defense that integrates appliance and cloud services for immediate cloud off-loading.
  • Unique layer 7 application coverage defeats threats cloaked behind DDoS attacks without impacting legitimate traffic.
  • Activate comprehensive DDoS defense with less complexity and greater attack coverage than most solutions.

If you would like to find out more about Logicalis’ advanced security practice, please complete the form opposite. Our experts are primed and ready to support you.

If you would like to find out more about our security practice please wholesale jerseys do not hesitate to get in touch: jorge.aguilera@uk.logicalis.com

Alastair Broom
November 29, 2016

Last week Zenit we hosted a number of our customers (30 people from 18 different organisation in fact) to an event held at Sushisamba in London. From the 39th floor, overlooking most of London, I had the privilege of hosting some of our existing and potential clients for a discussion predicated by the upcoming General Data Protection Regulation (GDPR). Over an absolutely fantastic lunch, which thankfully included many tasty meat dishes – I’m no huge fan of raw fish – we talked about how organisations are going to have to rethink their strategy around data governance and security in the face of a very tough new law.

I just wanted to give you a few takeaways from the day, none of which are edible – I’m sorry…

The first of our guest speakers was Lesley Roe, Data Protection Officer from the IET. Lesley spoke about what the IET are doing to get ready for GDPR. They hold a vast amount of personal data, and given that they are advising their membership on all manner of related things, they need to lead by example. Key points from her presentation cheap mlb jerseys are:

  • GDPR is about giving people more control over their personal data. Every day we share an extraordinary amount of personal data with all manner of organisations, and this data is cheap mlb jerseys valuable. GDPR is about ensuring we retain the rights to that value. What it is processed for, how can process it, how its retained/deleted once its useful life has expired.
  • Everyone has a part to play and training of staff & staff awareness are paramount. This, however, is no mean feat.
  • The process of data governance, and the education of that process throughout the organisation, will be the only way to fully comply with the regulation. How do the IET classify old & new data? How do they manage the lifecycle of the data? How do they make sure they are only obtaining, using and retaining the data they need and have consent for?
  • None of this, however, is possible without first knowing what personal data is within your organisational context, and where it lives.
  • Much of the thinking around GDPR will be a huge shift in the mindset of organisations today. Companies just do not think about their data assets and their responsibility for that data in the spirit of the regulation at all.

Our next two speakers were from two of our technology partners, VMWare and Palo Alto Networks. Things to remember here:

  • Technology, without a doubt, has a part to play in ensuring compliance. The regulators are far more savvy to what the art of the possible is in the security market, and they will be expecting organisations to leverage technologies within reach of budgets and according to exposure to best mitigate any risks to rights of individuals.
  • The ability to prevent, detect and report on the nature and extent of any breaches will be very important. Technologies will be needed to prove that organisations can do this effectively and efficiently, especially in the face of stringent reporting requirements.
  • State of the art will really mean state of the art. Regulators will be assessing how organisations are using the best possible mix of technologies to minimise both exposure to risk, and impact of any breach if/when they should occur.

The last presentation was from Ed Charvet and his guest star Ian De Frietas. Ian is part of the alliance we have with legal experts BLP. The joint value proposition Ed and Ian spoke about is what I believe makes us entirely unique in this space:

  • The first step towards compliance is data discovery – what is personal data from the ??? perspectives of both the GDPR and the organisations’ context? Where is the data? How is data currently classified? How is it processed? How are permissions obtained? This is delivered through a mix of manual and automated processes to help customers understand where they stand today.
  • But this process takes time. The regulation comes into law on the 28th May 2018, and as Ian made clear, the regulator is taking a “zero day” approach. This effectively means that if you’re not fully complaint on that day, Wine you are non-compliant, and the regulator has ever power to come after you. With fines of up to 4% of global wholesale group revenues, or EUR20 million (whichever is the greater of course), this is a regulation with teeth – and with what seems like a very real political agenda. Watch out Facebook, Google, Amazon…
  • Being compliant with the likes of the DPA today, while impressive, would still mean on day zero you do not comply with the new law.
  • Key questions to ask are: do you have a legitimate interest to process the data? What exactly are you planning to do with it? These will need to be made very clear even before the gathering of data has begun.

What became clear throughout the day is that time is tight to reach compliance, and the ICO in the UK seem to be recruiting in earnest to gear up for real enforcement of the law. This feels like something that is going to change how data, and in particular the protection of personal rights and data, is valued and protected by the organisations that get the most benefit from it. What organisations need to do as a matter of urgency is find out what personal data they hold, and where they store it. They need to assess the current security infrastructures they have and find out what gaps existing that could pose a risk and ultimately a loss of personal data. They need to be putting the right people and procedures in place to comply with new and enhanced rights, tighter reporting deadlines, and they should be working out what Data Protection Impact Assessments need to look like for their organisation to satisfy regulatory requirements.

As wholesale jerseys a next step, please reach out to either myself, Ed Charvet, Alastair Broom or Jorge Aguilera to discuss how Logicalis can help our customers get ready for GDPR. From the data discovery workshop, to engaging with BLP in legal matters, and technology cheap jerseys assessments powered by tools from the likes of VMware and Palo Alto Networks; we really can help customers on the road towards compliance.

Latest Tweets