|By Kevin Nikkhoo||
|December 20, 2012 09:00 AM EST||
Today's is a cautionary tale. One that you've probably heard before, but I promise a new spin on making sure it won't happen again.
It's a true story. It recently happened to a colleague's friend's business. But it is not an isolated incident. Because the information is sensitive and the wounds still raw, I have changed the names to protect the innocent and the not-so-innocent.
It was a dark and stormy night...
Dan is the CEO and CTO of a privately owned business that develops software tools to manage lease lifecycles and other financial information. His primary customer is commercial real estate agencies across the country. For the past 12 years, it has been highly successful despite some of the economic battering the housing market took over the past several years. The company clears somewhere in the neighborhood of 30-50 million per year. He employs about 150 people. And it is the story of one of those employees where the story takes a dark turn.
Recently Dan parted ways with his VP of Sales. Dan thought the split was amicable, but according to my colleague, in less than a month, Dan was confronted with the reality that the veep actually felt slighted, and allegedly took steps to hobble the company.
It seems several days after this employee left the company, he was able to access the network and allegedly remove client databases from the CRM, all his work files and even sent an "anonymous" message from the company's info@ email account to every customer decrying how Dan was personally trying to cheat them. And as a last "get stuffed" act was able to access several other applications and erased a good deal of data. Apparently he was able to clean his trail or else I would be talking about how this guy is currently being sued or in jail for theft. It is also why I cautiously use the word allegedly. Nonetheless, there was some serious damage done.
Now in terms of security, Dan had a decent firewall and anti-virus protection. He also had a log management solution for his financial compliance issue. Now the log didn't pick up any machine code of the veep's alleged visit because all the financial data required by the regulatory agency is on another server.
Now Dan is faced with several business issues and related costs of having to recreate the wheel, replace lost information and shore up security. Aside from the tribal knowledge and the recovery of the data, Dan's biggest mountain to climb is making sure something like this never happens again. If Dan relies on existing paradigms (buying new servers, workstations and 4 different software packages, finding a knowledgeable consultant to develop the processes, and development/deployment time) it is going to cost him a pocket load of front-ended capital expenditures, hundreds of man hours and other assets that will siphon resources from his core competencies.
If Dan REACTs and looks to the cloud, many of those headaches fade without the crushing blow to time, money and resources. REACT™ or Realtime Event and Access Correlation Technology is part of a game-changing holistic paradigm called UniSec (unified security) which delivers a comprehensive suite of solutions deployed and managed from the cloud. It comprises all the security elements that would've prevented Dan's breach and data theft and leverages all the various silos information into a centralized real time contextual analysis. In other words it provides 360o enterprise visibility to see who is doing what , when and where for any part of the IT landscape. It takes the historical backbone of Log Management, the intelligence of SIEM, the authenticating of Identity Management and the control of Access Management and provides a Single Source of analysis, alert and action in real time
Without the benefit of cloud computing, this solution would be well beyond the budget means of Dan's company. Even one doing as well as his. REACT puts enterprise power in the hands of smaller companies in a very affordable, scalable and flexible manner. Just deploying a single sign on initiative can be pricy. Then you add all these layers, all these endpoints... It used to make very little sense for modest organizations to invest in such protection. However bundled , deployed and managed from the cloud (for less than what it would cost support & maintenance for an on premise equivalent) Dan is able to better protect his assets and has a clearer vision of business needs; what department needs which application and providing access only to them.
Four solutions...does Dan really need all that? Yes. Is it overkill? Absolutely not. If Dan had each element deployed (realizing it is just a single solution underneath the REACT umbrella): 1) an identity management solution would have immediately prevented an ex-employee from coming in through automatic deprovisioning and password retirement, 2) access management would have blocked his way from reaching SaaS apps and downloading CRM databases and other proprietary files 3)SIEM would have noted his attempts to touch any part of the network and create an intrusion alert and Log Management would have recorded it all for compliance audits. That this solution is scalable to the exacting need and business requirements (today and tomorrow) of Dan's company make it a perfect fit. That the solution is zero-day deployment ready means no waiting on ROI and the important functionality it brings. That the solution is pay-as-you-go he's spending no CapEx money. That the solution includes security-as-a-service means he has an expert analyst working on his behalf that isn't on his payroll. The financial and administrative benefits make Dan the CEO sleep better at night. The enterprise power allows Dan the CTO to have more pleasant dreams.
REACT and UniSec are paradigm changing concepts in the security and cloud computing sphere that I predict will soon become the norm.
Of course, in the interest of full disclosure, I called Dan last week and I am optimistic he will be subscribing at the end of the month.
Your business relies on your applications and your employees to stay in business. Whether you develop apps or manage business critical apps that help fuel your business, what happens when users experience sluggish performance? You and all technical teams across the organization – application, network, operations, among others, as well as, those outside the organization, like ISPs and third-party providers – are called in to solve the problem.
Sep. 28, 2016 06:00 AM EDT Reads: 2,623
SYS-CON Events announced today that Roundee / LinearHub will exhibit at the WebRTC Summit at @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LinearHub provides Roundee Service, a smart platform for enterprise video conferencing with enhanced features such as automatic recording and transcription service. Slack users can integrate Roundee to their team via Slack’s App Directory, and '/roundee' command lets your video conference ...
Sep. 28, 2016 05:30 AM EDT Reads: 1,467
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Sep. 28, 2016 05:15 AM EDT Reads: 2,800
Digital transformation is too big and important for our future success to not understand the rules that apply to it. The first three rules for winning in this age of hyper-digital transformation are: Advantages in speed, analytics and operational tempos must be captured by implementing an optimized information logistics system (OILS) Real-time operational tempos (IT, people and business processes) must be achieved Businesses that can "analyze data and act and with speed" will dominate those t...
Sep. 28, 2016 05:00 AM EDT Reads: 1,201
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
Sep. 28, 2016 05:00 AM EDT Reads: 2,722
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
Sep. 28, 2016 05:00 AM EDT Reads: 3,829
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Sep. 28, 2016 04:45 AM EDT Reads: 2,989
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Sep. 28, 2016 04:30 AM EDT Reads: 1,687
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Sep. 28, 2016 04:30 AM EDT Reads: 1,644
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
Sep. 28, 2016 04:30 AM EDT Reads: 1,022
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Sep. 28, 2016 04:15 AM EDT Reads: 4,608
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
Sep. 28, 2016 04:00 AM EDT Reads: 463
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Sep. 28, 2016 03:30 AM EDT Reads: 3,121
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
Sep. 28, 2016 03:30 AM EDT Reads: 1,769
SYS-CON Events announced today that ReadyTalk, a leading provider of online conferencing and webinar services, has been named Vendor Presentation Sponsor at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. ReadyTalk delivers audio and web conferencing services that inspire collaboration and enable the Future of Work for today’s increasingly digital and mobile workforce. By combining intuitive, innovative tec...
Sep. 28, 2016 03:15 AM EDT Reads: 2,986
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
Sep. 28, 2016 03:00 AM EDT Reads: 1,834
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
Sep. 28, 2016 03:00 AM EDT Reads: 1,781
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
Sep. 28, 2016 02:45 AM EDT Reads: 1,886
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
Sep. 28, 2016 02:15 AM EDT Reads: 1,349
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Sep. 28, 2016 02:00 AM EDT Reads: 1,146