CS Mar Apr 2022

More documents

Recommendations

Info

cloud Raghu Nandakumara, Illumio: a frequent mistake during cloud implementation is teams unintentionally enabling unrestricted access to services, often caused by misconfigured security policy. Winny Thomas, Vera Networks: the greatest challenge with cloud environments is striking the perfect balance between accessibility and security. CLOUD TECHNOLOGY ADOPTION IS ALL SET TO TAKE OFF Meanwhile, a new survey has found that 93% of IT industry are planning to adopt cloud technology within five years. The survey, conducted by Hornetsecurity, points to hybrid cloud solutions becoming the longterm target for two in three companies The hybrid cloud adoption survey of 900- plus IT professionals, primarily based in Europe and North America, reveals that the majority of businesses (93%) are adopting a hybrid of cloud and on-premise solutions or migrating fully to the cloud within five years. Half of respondents (51%) reported that they will be 'mostly in the cloud' in five years, with one or two workloads remaining on premise. In all, 28% of respondents said they would remain 'mostly on premise', with a workload or two in the cloud. Hybrid cloud solution as permanent destination While 29% of respondents said they are using hybrid cloud solutions as a stepping stone to a full cloud environment, 67% of respondents see hybrid as a final destination for their infrastructure, due to workloads that must remain on premise. The rest claim to be remaining 100% on premise. When asked why companies were remaining on premise, many respondents cited data control, security and cost concerns with cloud technology. Trust issues with cloud The hybrid cloud adoption survey also found that trust issues with the public cloud are present within companies of all sizes, with 31-36% of all surveyed company size categories reporting concerns. The survey also showed that with experience comes more distrust in the public cloud. Respondents with 20-plus years’ experience were more likely to express concerns with the trustworthiness of cloud platforms (34%) than those with 1-5 years’ experience (24%). Half of all respondents mentioned 'legacy systems or software' as another major reason certain workloads must remain on premise, while 'application compatibility' was reported as a roadblock to cloud migration for four in 10 companies. Industry regulations such as GDPR, HIPAA and CMMC, amongst others, were also cited as an obstacle for cloud adoption by 29% of respondents. Multiple challenges blocking cloud adoption Many companies surveyed stated they were holding back from full cloud migration, due to a lack of 'technical know-how or certified staff' (48%), difficulties with 'application of best practices within the company' (33%), issues with connectivity (33%), and 'secured access' (29%). The most common workload preventing IT departments from lifting all services to the cloud was 'Print & Imaging Services' (55%). Databases, file storage and application services are also cited as reasons for remaining partially on premise, with 50%, 45%, and 43% of respondents indicating such intentions respectively. Hornetsecurity's survey shows that hybrid cloud solutions still bring with them several challenges. Chief among them is 'monitoring and security', with half of respondents expressing concerns in this area. 'Networking and connectivity' is another concern shared by nearly half of all respondents (48%). Finally, 'training and certification', 'manageability and tooling', and 'resiliency and data recovery' also factor into the disquiet shared by 35%, 35%, and 33% of respondents respectively. Cloud solutions versus on premise Some 47% of respondents who form part of internal IT teams reported that they see their workloads 'mostly in the cloud' in five years, versus 52% of respondents whose company used MSP services, and 54% of respondents that worked at MSPs. Internal IT departments reported a lack of trust in cloud services at almost the same rate as those using MSP services, with 34% and 33% respectively. 20 computing security Mar/Apr 2022 @CSMagAndAwards www.computingsecurity.co.uk
Ukraine backup CALL FOR HELP PROMPTS RAPID RESPONSE A TEAM OF EXPERTS HAS BEEN SET UP TO HELP DEFEND UKRAINE FROM CYBER-ATTACKS Acyber rapid-response team (CRRT) is being deployed across Europe, after a call went out from Ukraine for help, as reported by the BBC. The newly-formed team of eight to 12 experts from Lithuania, Croatia, Poland, Estonia, Romania and the Netherlands has committed to help defend Ukraine from cyber-attacks - remotely and on site in the country. An official warned attacks were likely. "We can see that cyber-measures are an important part of Russia's hybrid toolkit," the CRRT official said. It comes after the UK and the US blamed Russia for cyber-attacks earlier this month that temporarily took a small number of Ukrainian banking and government websites offline. The Lithuanian Ministry of Defence tweeted: "In response to Ukraine request, [we] are activating [a] Lithuanian-led cyber rapidresponse team, which will help Ukrainian institutions to cope with growing cyberthreats. #StandWithUkraine." CRRTs are a European Union initiative to deepen defence and co-operation between member states. They are said to be equipped with commonly developed cyber toolkits designed to detect, recognise and mitigate cyber-threats. An official told the BBC that the team was "composed of different cyberexpertise, such as incident response, forensics, vulnerability assessment, to be able to react to a variety of scenarios". Russia has previously been accused of 'hybrid warfare', combining cyber-attacks with traditional military activity, in Georgia and Crimea. "The EU and Ukraine blamed Russia after thousands of people in multiple cities in Ukraine experienced power cuts, in 2015 and 2016, when hackers temporarily shut off electricity substations," states the BBC. "The US, UK and EU also blamed it for the hugely disruptive NotPetya wiper attack." Experts say about 2,000 NotPetya attacks were launched in 2017, mainly aimed at Ukraine, but the malicious software spread globally, causing billions of dollars of damage to computer systems across Europe, Asia and the Americas. POSITIVE NEWS According to John Fokker, head of cyber investigations & principal engineer, Trellix, the news that the EU is deploying a Cyber Rapid- Response Team is extremely positive. "The initial cyber-attacks on Ukraine were intended to be very public and evident in their nature and impact. However, we anticipate that this will change in the future, and any attacks will be incredibly discreet, as attackers seek to conceal their activity and ultimate objectives. "Cyber-attacks are increasingly used as a means of modern warfare. Our research* found that Russian and Chinese nation-state backed groups are believed to be responsible for nearly half (46% combined) of all observed APT threat activity. Cybersecurity John Fokker, Trellix: Cyber-attacks are increasingly used as a means of modern warfare. must be a worldwide priority and we must collaborate to defend against these threats." Threat intelligence will be crucial to mitigating risk, he adds. "It will allow security professionals to strengthen detection, plus respond in real-time to active threats. The use of machine learning analytics will also help to predict and detect attacks, identify root causes, and guide adaption and response to whatever threat Ukraine may face." *https://www.trellix.com/en-us/threat-center/threatreports/jan-2022.html www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2022 computing security 21
Page 1: Computing Security Secure systems,
Page 4: Secure systems, secure data, secure
Page 7 and 8: Strengthen your data resilience wit
Page 10 and 11: ehavioural insights INFORMATION SEC
Page 12 and 13: MSP insights THE MSP ATTACK TARGET
Page 14 and 15: metaverse VIRTUAL WORLD, REAL DANGE
Page 16 and 17: compliance GETTING TO THE HEART OF
Page 18 and 19: cloud THE CLOUD CONUNDRUM CLOUD, IN
Page 22 and 23: tech scrap I.T. EQUIPMENT JUNKED PR
Page 24 and 25: NHS breaches NHS BREACHES - JUST A
Page 26 and 27: NHS breaches Felix_Rosbach, comfort
Page 28 and 29: ansomware RANSOMWARE NOW A GLOBAL M
Page 30 and 31: ansomware Daniel Hofmann, Hornetsec
Page 32 and 33: Log4shell LOGJAM OF CONCERNS LOG4SH
Page 34 and 35: Log4shell Jude McCorry, SBRC: all o
Page 36: PLAY IT SAFE WITH 365 TOTAL PROTECT

CS Mar Apr 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?