Software World An International Journal Of Programs & Packages - MARCH VOLUME 52 - Webflow
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
THE SOFTWARE WORLD SERIES Software World An International Journal Of Programs & Packages MARCH VOLUME 52 NUMBER 2 2021 PUBLISHED SIX TIMES PER YEAR
THE SOFTWARE WORLD SERIES Editor: Steven Patterson Software World Published by: An International Journal Of A.P.Publications Ltd Programs and Packages 58 Ryecroft Way, Luton, Beds. LU2 7TU. UK Vol.52 No.2 March 2021 SOFTWARE WORLD INTELLIGENCE Tel: 01582 722219 Now Is the Time to Digitize the Commodity Value Chain. Website: Paul MacGregor, head of sales and marketing at Perfect Channel. 3 www.softwareworldpublication.com Three Reasons the Security Industry Is Protecting the Wrong Thing. Editors E-mail: Paul German, CEO, Certes Networks. 5 smpluton@ntlworld.com Why the Education Sector Needs to Make Cyber Security a Priority. © A.P. Publications Ltd SecurityHQ 7 Disconnect Between Enterprise Data Access Requirements and Current Capabilities to Make Data-Driven Decisions. Subscription Rates: Starburst and Red Hat. 9 1 Year/ 2021 The Rise of Kubernetes and the Growing Challenge Around Data U.K. £135.00 Protection. Less Agency Discount £122.00 Florian Malecki, International Product Marketing Senior Director, StorageCraft. Overseas £161.00 11 Less Agency Discount £145.00 2021 Cybersecurity Outlook: Attackers vs. Defenders. VMware Security Business Unit. 12 Single Copies: Hold on to IT Talent with Salary and Certifications. Global Knowledge. 14 £24.00 (U.K) £29.00 Overseas Top 10 Data and Analytics Technology Trends for 2021. Gartner 15 ISSN 0038-0652 Fighting Back in 2021: 4 Best Practices for Security Teams. Tom Kellermann, Head of Cybersecurity Strategy at the VMware Security Business Unit. 17 HMRC Starts Crack down on IT Sector R&D Tax Credit Claims. Tom Heslin, ForrestBrown. 19 IT News and Products 21 Security News and Products 24 Software World and Database & Network Journal are published in the Peoples Republic of China by the Shanghai World Publishing IMPORTANT INFORMATION Corporation. Subscriptions are still being taken for 2021. No price increase. Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE COMPANY VIEWPOINT Now Is the Time to Digitize the Commodity Value Chain. Paul MacGregor, head of sales and marketing at Perfect Channel. A s the world continues to adapt to However, there is no independent spot carbon ‘exchange’ virtual and remote working with which can identify the most efficient means of transportation severe restrictions on travel, to reduce the overall carbon footprint of the supplier,. This many businesses are considering the is an issue which will heavily impact all energy intensive analogue nature of how they have been businesses as the world moves toward net zero. interacting with customers, suppliers and intermediaries, and whether it is fit for The potential for digital solutions. the ‘new normal’. Digital Business to Business (B2B) marketplaces are trusted to transact literally billions of dollars’ worth of goods every Consider the metals value chain; from mining to processing, year in a wide variety of industries – from vehicle sales, fabrication, transportation, storage, consumption and leasing and re-leasing, to insurance portfolio re-balancing, eventually recycling. Some larger luxury items, and cattle. Why not the players in the industry have successfully Recommendation multi-billion-dollar global market for purchased or acquired the next algorithms can be physical commodities? B2B markets can ‘vertical’ within the chain, and hence widen the distribution networks of reaped the efficiencies. However, the extremely powerful to sellers, create competitive tension and vast majority of businesses are dealing the marketplace owner, liquidity in the marketplace, and enable with intermediaries – often with business relationships dating back many enabling you to adjust price discovery through the use of various auction methodologies. Digital years - to advise them on who, when your auction methodology markets can capture every activity of and how to sell their products. In some to the most appropriate potential buyers, including lots searched cases, pricing for widely used metals or browsed, bids submitted, and lots (such as copper and aluminium) can be for any given product. won or lost. referenced from recognised Exchanges like the London Metal Exchange or Shanghai Futures Over time therefore, B2B markets can be overlain with data Exchange – but what about the ever growing universe of science in the form of machine learning, in order to ‘rare earth’ metals for which there is no recognised public recommend the right products to make available to the right source of pricing, but which form an essential part of buyers, at the right time, ensuring sales teams are operating mobile technology, computer chips, and rechargeable in the most effective manner. Recommendation algorithms batteries? Or the pricing of lithium, an essential ingredient can be extremely powerful to the marketplace owner, in EV car batteries? In this case, the supplier is totally reliant enabling you to adjust your auction methodology to the on that limited analogue network of intermediaries and most appropriate for any given product, based on past buyers built over a number of years. auction performance. Let’s look at another issue facing the commodity value Recommendation algorithms can also alert your buyers to chain: logistics and the carbon cost of transportation. potential substitute products, ensuring you sell the Suppliers of ‘dry bulk’ cargoes typically use intermediaries, maximum amount of product, and satisfy your customer or shipping brokers, to source vessels to transport their demand. Effective use of data science can deepen and products to the point of consumption. China, a voracious broaden your knowledge about your marketplace and the consumer of every commodity from soyabeans to iron ore wider industry, putting you in a position which cannot be over the past 20 years, is often the final destination, but the easily disrupted by competitors. cargo may originate from North America, Brazil, Chile, Australia, or any number of African nations. Shipping In addition, digital B2B markets can be integrated with brokers (and other independent start-ups) have made some logistics and storage solutions, searching and securing the attempts to augment what has traditionally been a very most appropriate and lowest carbon footprint form of analogue market with some digital offerings, utilising tracker transportation to the point of storage, and eventual beacons which are active on all major vessels. consumption. Software World Vol.52 No.2 3
SOFTWARE WORLD INTELLIGENCE Making the decision to ‘disrupt’ Secondly, referring to my first point in this article, the So why has the global market for physical commodities current crucial role of intermediaries is naturally threatened remained analogue for so long? This is especially interesting by a digital offering. There is therefore built-in inertia to given the scientific advances made in the mining industry, for transform the sales process within the industry. More example, utilising automated drilling and tunnel boring transparency in a digital B2B market and associated logistics systems, autonomous vehicles, and drones. Or indeed, the solution would naturally narrow spreads and squeeze scientific advances in agriculture, utilising robotics, margins, largely to the benefit of the marketplace owner. temperature and moisture sensors, aerial images and GPS technology. Moving forward, if the world wants to ‘build back greener’, digitising the multi-billion-dollar commodity value chain is a The answer is that this is due to a mix of two factors. key part of that process. It will be disruptive, and require Firstly, prior to the pandemic, face to face sales in high value investment in new technology and skills, but businesses bulk commodities was a traditional, common practice. Think prepared to grasp the nettle will put themselves on a more of metals week in London, or copper week in Shanghai, profitable and sustainable growth path for the future. physically bringing together the world’s largest consumers, suppliers and brokers. Both events (and many others) were www.perfectchannel.com cancelled for 2020, and, if they return in 2021 or 2022, it is • likely to be on a vastly reduced, socially distanced scale. Coding Is the Fastest Growing Profession in the UK. Coding is the fastest growing profession in the UK by consultancies in the UK has increased by 54% in the past numbers of employees, and there are now more than 10 years, from 40,805 to 62,890 - with these businesses 600,000 developers working in the private sector, generating turnover of more than £120bn. according to research by developer recruitment platform Aude Barral, co-founder of developer recruitment CodinGame. platform CodinGame, comments: Analysis of the most up-to-date ONS business population “Although the number of developers working in the data1 reveals that the number of computer programmers private sector has risen 14% in the past three years, tech working for private companies has increased by 74,000 in recruiters are still facing a digital skills crisis. the past three years, from 536,000 to 610,000. “The past ten years has seen a digital revolution that is A third (196,000) of those developers are employed by reshaping the global workforce, and skilled developers are large companies. However, just under 300,000 in exceptionally high demand. programmers are working in micro and small businesses. “And despite Government figures showing the number of The only other two industries in the private sector that developers employed in the UK has topped 600,000, have seen employee numbers grow by more than 50,000 supply of highly skilled tech talent is struggling to keep over the same time period are construction (54,000) and pace with demand. the restaurant and mobile food service industry (52,000). “The tech start-up sector is booming and traditional Other industries have seen employee numbers grow by businesses are going through a digital transformation, more than 10,000 over the past three years include; which has been turbo-charged by the impact of the accountants (22,000), tradespeople, such as electricians pandemic and the country switching to remote working. and plumbers (21,000), car dealers (17,000), estate agents (16,000) and management consultants (11,000). “We surveyed tech recruiters recently and they admitted their No1 challenge for 2021 will be to find qualified Over the past decade, as the digital revolution gathered developers2 for their tech teams. This year, DevOps are momentum, the number of computer programmers particularly sought after with unprecedented demand for working in the private sector has increased by 51%, from cloud migration experts given as one of the reasons. 405,000 to 610,000. ‘The message to companies who are hoping to fill top tech The explosion of new digital businesses and the digitisation positions in 2021, is to start their hiring process as soon as of traditional companies, has generated huge demand for possible and to have a clear idea what skill-set they are highly skilled developers. looking for in a developer. In comparison, ONS figures show that across all industries “In our experience, the best developers aren't simply in the private sector, the business population has increased attracted by the biggest salary3, they are stimulated by the by a more modest 20% over the same period, less than technical challenges, and a business with a clear roadmap half the rate of growth seen within the computer and a compelling vision.” programming profession. Government figures also reveal that the number of ww.codingame • computer programming related businesses and 4 Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE OPINION Three Reasons the Security Industry Is Protecting the Wrong Thing. Paul German, CEO, Certes Networks. W hy is it that the security industry talks about However, consider separating data security from the network security, but data breaches? It’s clear network through an encryption-based information that something needs to change, and according assurance overlay. Meaning that organisations can to Paul German, CEO, Certes Networks, the change is seamlessly ensure that even when malicious actors enter simple. For too long now, organisations have been focusing the network, the data will still be unattainable and on protecting their network, when in fact they should have unreadable, keeping the integrity, authentication and been protecting their data. Paul outlines three reasons why confidentiality of the data intact without impacting overall the security industry has been protecting the wrong thing performance of the underlying infrastructure. and what they can do to secure their data as we move into 2021. Reason two: Regulations and compliance revolve around data. Reason one: They’re called data breaches, not Back in 2018, GDPR caused many headaches for businesses network breaches, for a reason. across the world. There are numerous data regulations Looking back on some of the biggest businesses must adhere to, but GDPR data breaches the world has ever seen, Facing an either/or in particular highlighted how important it’s clear that cyber hackers always seem it is for organisations to protect their to be one step ahead of organisations decision, companies have sensitive data. In the case of GDPR, that seemingly have sufficient protection organisations are not fined based on a and technology in place. From the blindly followed the same network breach; in fact, if a cyber Adobe data breach way back in 2013 hacker were to enter an organisation’s that resulted in 153 million user records old path of attempting to network but not compromise any data, stolen, to the Equifax data breach in the organisation wouldn’t actually be in 2017 that exposed the data of 147.9 secure the network breach of the regulation at all. million consumers, the lengthy Marriott International data breach that perimeter. GDPR, alongside many other compromised the data from 500 million regulations such as HIPAA, CCPA, CJIS customers over four years, to the recent Solarwinds data or PCI-DSS, is concerned with protecting data, whether it’s breach at the end of 2020, over time it’s looked like no financial data, healthcare data or law enforcement data. The organisation is exempt from the devastating consequences point is: it all revolves around data, but the way in which of a cyber hack. data needs to be protected will depend on business intent. With new regulations constantly coming into play and When these breaches hit the media headlines, they’re called compliance another huge concern for organisations as we ‘data breaches’, yet the default approach to data security for continue into 2021, protecting data has never been more all these organisations has been focused on protecting the important, but by developing an intent-based policy, network - to little effect. In many cases, these data breaches organisations can ensure their data is being treated and have seen malicious actors infiltrate the organisation’s secured in a way that will meet business goals and deliver network, sometimes for long periods of time, and then have provable and measurable outcomes, rather than with a one- their pick of the data that’s left unprotected right in front of size-fits-all approach. them. Reason three: Network breaches are inevitable, but So what’s the rationale behind maintaining this flawed data breaches are not. approach to data protection? The fact is that current Data has become extremely valuable across all business approaches mean it is simply not possible to implement the sectors and the increase in digitisation means that there is level of security that sensitive data demands as it is in transit now more data available to waiting malicious actors. without compromising network performance. Facing an either/or decision, companies have blindly followed the From credit card information to highly sensitive data held same old path of attempting to secure the network about law enforcement cases and crime scenes, to data such perimeter, and hoping that they won’t suffer the same fate as passport numbers and social ID numbers in the US, as so many before them. organisations are responsible for keeping this data safe for Software World Vol.52 No.2 5
SOFTWARE WORLD INTELLIGENCE their customers, but many are falling short of this duty. contextual meta-data, any non-compliant traffic flows or With the high price tag that data now has, doing everything policy changes can be quickly detected on a continuous possible to keep data secure seems like an obvious task for basis to ensure the security posture is not affected, so that every CISO and IT Manager to prioritise, yet the constant even if an inevitable network breach occurs, a data breach stream of data breaches shows this isn’t the case. does not follow in its wake. But what can organisations do to keep this data safe? To Trusting information assurance. start with, a change in mindset is needed to truly put data at An information assurance approach that removes the the forefront of all cyber security decisions and investments. misdirected focus on protecting an organisation’s network Essential questions a CISO must ask include: Will this and instead looks at protecting data, is the only way that the solution protect my data as it travels throughout the security industry can move away from the damaging data network? Will this technology enable data to be kept safe, breaches of the past. There really is no reason for these even if hackers are able to infiltrate the network? Will this data breaches to continue hitting the media headlines; the strategy ensure the business is compliant with regulations technology needed to keep data secure is ready and waiting regarding data security, and that if a network breach does for the industry to take advantage of. The same way that no occur, the business won’t risk facing any fines? The answer one would leave their finest jewellery on display in the to these questions must be yes in order for any CISO to kitchen window, or leave their passport out for the trust that their data is safe and that their IT security policy postman to see, organisations must safeguard their most is effective. valuable asset and protect themselves and their reputation from suffering the same fate as many other organisations Furthermore, with such a vast volume of data to protect, that have not protected their data. real-time monitoring of the organisation’s information assurance posture is essential in order to react to an issue, www.certesnetworks.com • and remediate it, at lightning speed. With real-time, SMBs Can Regain Confidence in Lockdown by Being Smarter with Data. “SMBs do not have the same resources as larger TrueCue. counterparts, making them more vulnerable to disruption. Despite this, we firmly believe SMBs can overcome the The true impact of the lockdown on UK SMBs has been current challenges posed by existing restrictions by being revealed, with nearly a third (31%) of business leaders smarter with their data, leveraging their investments made stating current restrictions are impacting their ability to plan into digital initiatives and making conscious strides to ahead. improving their data and analytics maturity.” Smaller organisations typically lack the resources to adapt James continues: “Even before Covid, SMBs were to market instability and are more vulnerable to any recognising the value data can bring to their business – disruption, but, according to James Don-Carolis, Managing whether as a means of creating greater actionable insights, Director at TrueCue, SMBs can improve their ability to improving forecasting or gaining a better understanding of overcome challenges and plan for the future by being how resources can and should be allocated, the merits of smarter with their data. data was not lost on business leaders, but often the challenge lay with how to leverage it effectively. Many SMBs Don-Carolis explains: “While the latest government are still labelled as having low data and analytics maturity announcement does offer a roadmap out of the crisis, due to simply procuring technologies and not enforcing an restrictions will remain for some time and a return to organisation-wide culture of data and analytics. business as usual won’t happen overnight. The negative sentiment expressed by SMBs at this lack of certainty is “To unlock the benefits, SMBs must assess how data and understandable, but by making better use of data, business analytics are conducted and viewed across their business, leaders can improve their ability to make informed strategic while also aligning any approach with the wider corporate decisions and gain a better sense of direction for how to strategy. Early adopters of advanced data and analytics manage the business forward as we exit lockdown processes will be far more likely to foresee challenges restrictions.” ahead and plan a successful route forward out of lockdown. Business leaders have been faced with a plethora of “Ultimately, the benefits of advancing your data and challenges over the past year including managing increased analytics maturity are now recognised as a necessity, debt, the need to reduce costs, managing staffing challenges meaning business leaders must install the right tools and and trying to identify new revenue streams. Managing these effectively train their employees to gain true value from issues is not easy. When planning a route forward, SMBs their data. With the government laying down a roadmap will typically rely on previous experiences as the basis for out of lockdown restrictions, it’s important SMBs are decision making. But given how unpredictable the current leveraging their data effectively, to ensure they remain landscape is, going with gut-feeling is not enough – businesses need to be much more considered as Don- nimble and reactive to any future challenges.” www.truecue.com • Carolis discusses: 6 Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE SECURITY Why the Education Sector Needs to Make Cyber Security a Priority. SecurityHQ T he Education sector was already dealing with a vast The school of a family member of mine was recently array of critical issues, including a lack of resources, a hacked. The hacker got into the database of the school. shortage in staff and training, and a scarcity of This database was then ex-filtrated, and the bad actor funding. Then COVID-19 hit. This forced massive upheaval impersonated the accounts receivable. This meant that and disturbance to the methods used to teach and for pupils many of those on the parents list, that the attacker to learn. The situation involved a speedy move to remote now had access to, fell for the scam. This resulted in the working and with it the re-evaluation of the systems and school having to reimburse the parents, costing the processes that have been in place for school thousands of pounds. And many years. these threats and attacks are far Few institutions from rare. Many do not make it to This sudden shift has left the industry the news. With each successful exposed. appeared to have a attack costing thousands of pounds risk management in the process.” Overnight, and on top of the usual - Feras Tappuni, CEO, SecurityHQ logistics of the academic year, the strategy in place that education system had to abruptly Attack Surface revaluate everything that it knew, in would allow them to order to continue teaching the minds respond to a pandemic. The education sector will always be a or our future, to safeguard students, prime target to hackers. Mainly because employees, data and intellectual property. the attack surface is so large. The sheer size of the industry, and with it the potential of great financial gain, data theft ‘Few institutions appeared to have a risk management and espionage, makes it a prime target for cyber criminals. strategy in place that would allow them to respond to a And anyone, from students to employees, faculty members pandemic, particularly the capacity to offer online and third-party providers are a prospective target. programmes and support when the crisis hit.’ - Frans van Vught, joint project leader of the university ranking system U- The larger the attack surface, the more likely the Multirank investment of time and resources into an attack will be fruitful. In the UK alone, there are over 2.3 million students It does not come as a shock that the majority of schooling in education, and just under half a million staff in higher systems, if not all, were underprepared for such a transition. education. With such a large attack surface, realistically If we look back from January 2020, no-one could have there has to be a weak link somewhere. predicted what would evolve. In response, and in a bid to uphold some level of continuity, new rules have been Other industries, such as the telecommunication or implemented, new systems put in place, and new guidelines Financial sector are obvious targets because of the wealth for teaching and learning have been made. But these rules and power they hold. But take away the fact that the differ from country to country, institution to institution, and education industry, like many others, is large, what is the the structure and clarity has been lost along the way. It is real gain behind hacking a student or employee account? exactly this, the ambiguity of the entire situation, that cyber criminals are taking advantage of. Data Theft The methods used by attackers are sophisticated, and From kindergarten to postgrad, every education-based attacks against the industry are increasingly aggressive. From organisation holds a wealth of data. This data includes a ransomware to malware, headlines with the latest breaches range of private and personal information, including and threats (like the recent Blackbaud hack) are strewn addresses, telephone numbers, full names, sensitive data across the news. And what is shouted about in print such as medical records, personal requirements, and much presents only a fraction of the real issues that this sector is more. facing. Once collected and pilfered, this information can be sold “Not only have I seen the number of attacks in the and used to exploit individuals or whole schools at a time. If education industry rise over the course of 2020 and sensitive data is acquired, it can also be used as a bargaining 2021, but I have personally dealt with such an attack. tool within a ransomware attack. Software World Vol.52 No.2 7
SOFTWARE WORLD INTELLIGENCE ‘Since August 2020, the NCSC has been investigating an information, development in a particular field (COVID-19 increased number of ransomware attacks affecting related research for instance) can be halted. education establishments in the UK, including schools, colleges and universities.’ - National Cyber Security Centre ‘Shifting to full online learning means more personal and research sensitive data is now available online, with many Financial Gain more access attempts from various devices’ - Samme-Nlar Not only is a successful ransomware attack financially DDoS Disruption beneficial to the attacker, but direct attacks into paymentAlongside Nation State Actor and espionage attacks are systems are also prevalent. Distributed Denial-of-Service (DDoS) attacks. The intention of these attacks is to infiltrate a weak network, flood this Student fees are a large part of network, target a host, and cause university and private schooling Cybercrime specialists at disruption to impact productivity and, systems. With the average student in essence, stop or crash systems. The paying over £9000 a year on their the FBI noted one attack is hard to contain, as it is often education, disregarding the additional maid from multiple sources. The costs of living arrangements paid into a specific campaign that motives behind such an attack can singular faculty connected account, and with over 2.3 million student in the UK stole tens of thousands range from a personal vendetta against a specific organisation, the means to alone at university, the financial gain of of dollars from students slow down an organisation to cost targeting university systems and the them time and money, or to work as a financial third parties associated, is back in 2018. distraction to allow for other fruitful. infiltrations to be made. The majority of payments are made in lump sums, via ‘Without proper protection, it leaves the learning university online portals. If a bad actor can infiltrate this management systems susceptible to denial-of-service portal or create a phishing campaign to trick the user into attacks. In addition, the involvement of African universities sending the money to the wrong account, the benefits are and institutions in coronavirus research makes them a huge. target by nation state actors interested in gaining access to that information.’- African Academic Network on Internet Policy ‘Cybercrime specialists at the FBI noted one specific campaign that stole tens of thousands of dollars from How to Reduce Threats students back in 2018. Since then, they’ve reported on multiple other campaigns targeting universities and student In order to safeguard student data, research, processes and bodies all over the country.’ - Forbes finance, schools must put in place strategies to mitigate cyber threats. Espionage To do this, security patches must be maintained, and Universities hold valuable and influential intellectual protocols to defend and test environments should be property. Depending on the nature of the data stolen, utilised. Visualise and understand malicious or anomalous espionage often takes place as a result. Research within activity and analyse, prioritise, and respond to threats in medicine and engineering, in particular, can provide valuable rapid time. Which means that the only way to safeguard insights which can then be used in the following three ways. data, students, employees, and processes is with Managed Detection & Response. 1) To understand the developments of a certain subject/project. This data can then be sold to competitors Not only should technical strategies be put in place, but or nation state actors to influence economic, social or internal training for all students and staff must actively be political change. encouraged. Especially with regards to ransomware and phishing. Educating students about cyber risks, to know 2) Individuals / researchers / departments can be held to how to recognise threats and to safeguard devices will instil ransom in return for their valuable data. Often the process a culture of awareness. of stopping research can be more costly than the demand made. www.securityhq.com • 3) Researchers can be restricted to access their own data. By making it possible to hide or restrict the users own IMPORTANT INFORMATION Subscriptions are still being taken for 2021. No price increase. 8 Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE NEW STUDY Disconnect Between Enterprise Data Access Requirements and Current Capabilities to Make Data-Driven Decisions. Starburst and Red Hat. N ew market research commissioned by Starburst 4. Every second between querying data and and Red Hat, shows that data access has become gaining insight counts. With the rapidly changing more critical for 53% of survey respondents landscape of almost every industry due to the pandemic, throughout the pandemic as analytics workloads and today’s enterprises have significantly less time to gain demands increase significantly. The survey, conducted by insight on their data before it’s outdated. Viability of independent research firm Enterprise Management business decisions comes down to a matter of Associates, found that the imperative for faster data access milliseconds (according to 17% of respondents), with 39% is about driving business outcomes, with 35% of survey of business decisions requiring latency of one second or respondents looking to analyse real- less. time changes to risk and 36% wanting What we’re seeing in to improve growth and revenue “Data is the lifeblood of any business generation through more intelligent these survey results is trying to navigate today’s digital customer engagements. economy. What we’re seeing in these that organisations have survey results is that organisations have More than one-third (37%) of survey clear demands for faster and more respondents aren't confident in their clear demands for faster comprehensive data access, but ability to access timely, relevant data for technical challenges still exist,” said critical analytics and decision-making. and more comprehensive Justin Borgman CEO of Starburst. “It’s “The State of Data and What’s Next” imperative that companies overcome survey revealed that this lack of data access. these challenges because their confidence stems from four main customer experience, competitive challenges currently facing data teams: advantage and growth depend on it. By empowering our customers to access all of their data, regardless of location, 1. Data is significantly distributed and this Starburst enables better and faster business decisions.” complexity isn't going away. The survey found that half (52%) of respondents have data in five or more data The survey shows that enterprises are turning to specific storage platforms. And more enterprises are expected to practices and product capabilities to meet these challenges: follow this trend, with 56% of respondents claiming they will have data on more than five platforms in the next 1. Multi-cloud flexibility. Among survey respondents, year. It appears distributed data is here to stay. 56% of their data is in the cloud and 44% is on-premises. The move to the cloud is quickly progressing, however, 2. Moving data across sources is riddled with with respondents expecting to have 62% of their data in challenges. Many enterprises are finding the task of the cloud and 38% on-premises by the end of 2021. And building and deploying data pipelines difficult. Some of the this migration is not to one specific cloud provider: the biggest obstacles they face are combining data in motion number one criteria respondents looked for in cloud data with data at rest (32%), the excessive time it takes to storage was the flexibility to access data from multiple address break and fix (30%), data pipeline complexity clouds (47%). (26%) and the manual coding lift for deploying error-free data pipelines (25%). 2. Automation, search & cataloging. When asked, almost half (44%) of respondents identified automating IT 3. Developing a data pipeline is time intensive. and data operations as the most important practice to Building the right infrastructure for accessing data takes improve their organisation’s data strategy. Survey significant time and manpower, and enterprises can’t respondents also identified implementing search (32%) afford to wait. For 45% of survey respondents, it and cataloguing data (30%) among the most important currently takes more than a day to develop a data practices, pointing toward the necessity for organisations pipeline, with 27% saying it can take anywhere from three to make finding and using the right data a quick and easy days to two months. Not to mention making that data process for users across the enterprise. pipeline operational takes more time – 52% of respondents said that it adds another day or more, with 3. Modern analytical capabilities. Legacy data 24% saying it adds another week to the process. solutions are no longer meeting the needs of the modern Software World Vol.52 No.2 9
SOFTWARE WORLD INTELLIGENCE enterprise – data analysts need future-facing tools that that can handle a wider range of workload types, from enable the processes they are engaging in most. For 42% structured databases and semi-structured data warehouses of respondents, that is running a single query across to unstructured data lakes. With this foundation, relational databases, file systems and object storage. Data organisations can be better positioned to harness insights analysts are also looking for the most support in analysing from their data, no matter where it comes from in their streaming data or real-time events (38%) and running a hybrid cloud environment.” single query across structured and semi-structured data (37%). “It was clear even before this research that enterprise technology needs have drastically shifted over the past “The opportunity for every organisation is to convert data year,” said John Santaferraro, Research Director at into action,” said Mike Piech, Vice President and General Enterprise Management Associates. “This research identifies Manager of Cloud Storage and Data Services at Red Hat. that there is a chasm between data requirements and “But the challenge we see organisations facing is a veritable current capabilities, pinpoints what is most needed to tsunami of diverse data in their hybrid cloud environments, bridge that chasm, and provides the roadmap for how with a range of users needing access to it, including technology solutions will need to evolve to meet these application developer and DevOps teams, data science and needs.” data engineering teams, and cloud infrastructure teams. The imperative is to create a consistent foundation for storage www.enterprisemanagement.com. • Internet Connection Sharing as the New Big Another use case example is giving people access to Passive Income Trend. content that they normally would not have with their As the world adapts to the Covid-19 pandemic, increasing current IP address. Music, movies, or even search engines numbers of people are challenging the traditional concept of like Google are geo-blocked to some users. However, work by renting their spare internet bandwidth to obtain these restrictions can be surpassed by temporarily passive income. borrowing somebody else’s IP. The Covid-19 pandemic and its induced lockdown have As far as actual earnings go, the reported monthly payouts made working from home part of many people’s everyday mostly depend on the amount of bandwidth the user is reality. However, not everyone has been afforded this willing to share and the rates offered by the platform. privilege and instead had to contend with unsafe working Generally, the earning potential can vary from just a few conditions or even unemployment. In the face of these cents to several hundred dollars a month. IPRoyal Pawns is trends, there has been an increase in online freelancing one of the IP proxy sharing platforms that offers its users a and other means of making money online. way to develop a stream of passive income. Aside from working online, the internet has been offering “Currently our users earn from $5 to $140 per month on its users a variety of ways for generating passive income average for just keeping our app active on their device. streams. Some of the better-known examples include Right now we pay 0.20USD per 1GB shared. Making sure content monetization, affiliate marketing, and –more our users are compensated fairly and generously is one of recently– investing in cryptocurrencies. our top priorities!” said Karolis Toleikis, CEO of IPRoyal. In fact, cryptocurrencies–and Bitcoin more specifically – There are some things that the user should be aware of are responsible for another trend for making money when trusting one’s bandwidth to a residential IP sharing online. It has to do with exchanging unused resources of app. That is because currently, only some companies one’s devices for ‘real” money paid as dividends - as part employ cybersecurity measures to prevent data leakages, of bitcoin mining operations. While in the case of Bitcoin illegal content downloads, and DDos attacks being people are offering their spare GPU processing power, performed from their users’ IP addresses. Having a unused bandwidth is what other companies are bargaining sophisticated system to counter these potential threats is for. essential to providing a safe user experience. The underlying technology utilizing residential IP use might “IPRoyal is built on three core pillars - security, safety, and be quite hard to grasp. However, the way it works from privacy. All our clients need to confirm their identity by the user perspective is fairly straightforward. Typically, providing their name and valid ID documents. That way, people begin by installing the app on their devices and we know who they are. We also make sure all the traffic connecting them to the internet. Then, while the app is our trusted partners use is 100% safe,” commented Mr. active, the company uses the connection to gather bits of Toleikis. information from the internet, making use of access to a unique geolocation. As the world adapts to the effects of the pandemic, the traditional concepts of work and income change. While in An example of what the app might do with these spare some cases this shift inspires completely new ways of internet connectivity resources is reselling it to other earning a living, it typically accelerates trends that began brands so they can scan the web for intellectual property violations like copies and counterfeits of their products. way before 2020. www.iproyal.com • 10 Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE OPINION The Rise of Kubernetes and the Growing Challenge Around Data Protection. Florian Malecki, International Product Marketing Senior Director, StorageCraft. W hile containers have been number of organisations now using containers in their around since the 1970s, their testing environment before deploying new applications are popularity exploded with discovering that unexpected things can happen to the data Docker in 2013. Now, container- during that migration and deployment. orchestration tools like Kubernetes are rapidly transforming how applications are The takeaway: properly backing up your data is particularly developed and deployed. They're doing it important—and will only become more critical in the by enabling developers to focus exclusively months and years ahead. on building software and delivering value. It's not an overstatement to say that containers are sparking a As organisations use more containers, they will create more revolution in software development. and more data that will need to be backed up and stored. As noted above, because containers tend to be used for But if you're going to embrace containers, you must also get testing and development, the lifespan of the containers your arms around the issue of data protection. themselves is usually shorter than the data they create. But, for compliance and other reasons, that data needs to be To explain why we must first define what exactly a stored and protected long after a particular container is container is. It's an application that bundles all its decommissioned or destroyed. dependencies, libraries, and configuration files into a single package. This bundling makes it easier to spin up new It's also important to note that backing up container data is container instances and seamlessly move containers from not a time-based process, with data backed up every few one computing environment to another. minutes or hours. With containers, backup is more event- driven. For example, if you create a new container and you That's a significant advantage in a lot of ways. For instance, don't get the result you're hoping for, you want the ability containers are typically used when developers want to to return to the previous state quickly. So, you need a move an application from a testing environment, such as backup at that point. their laptop, to a live production environment. The use of containers is also common when migrating from a physical It's for all these reasons that container backup is machine to a cloud-based virtual machine. increasingly a front-burner issue. Even though containers, by their nature, are designed for existing only when needed, Containers are highly beneficial in many different scenarios organisations are realising that container data needs to last because they are not slowed down by differences in longer and must ultimately be protected. operating systems, software versions, etc. Indeed, containers are extremely flexible and portable, making them So, what's the solution? There are several steps companies a natural fit for many cloud applications. As computing and can take to ensure that their container data is stored storage rapidly move to the cloud, containers will likely successfully. For starters, it's vital to assess the data become a vital technology for every modern organisation. requirements for each containerised application. Companies However, while container orchestration tools like should also ensure that there are protocols in place to stop Kubernetes are convenient due to their scalability and container data from being needlessly overwritten. Further, portability, they can fall short for data protection. companies must be aware of every container's security and access requirements in their environment. Why is data protection for Kubernetes so tricky? Well, for starters, a Kubernetes architecture is exceptionally fluid and Containerisation has provided a significant boost to dynamic. Containers are rapidly spun up and just as quickly application development. But organisations need to give torn down, depending on the developers' goals and serious consideration to storing, backing up, and protecting specifications. That means containers are essentially their containerised data. By tackling the data-protection temporary and have a relatively short lifespan. issue head-on, organisations can truly reap the many benefits of container-based development and move What does this mean for data protection? It means that as confidently into the future. more enterprises adopt containers, data protection will become an increasingly important issue. The growing www.storagecraft.com • Software World Vol.52 No.2 11
SOFTWARE WORLD INTELLIGENCE 2021 PREDICTIONS 2021 Cybersecurity Outlook: Attackers vs. Defenders. VMware Security Business Unit. COVID-19, one year later. Key Findings 2020 was undoubtedly a defining year for cybersecurity – a • Ransomware attacks are getting increasingly sophisticated: year that ended with the SolarWinds breach, which nearly 40% of respondents said double-extortion infiltrated US government agencies and organisations at a ransomware was the most observed new ransomware scale not seen in recent history. attack technique in 2020. For cybersecurity professionals, the nature of this attack – a • A growing number of attackers are fighting back: 63% of sophisticated, clandestine intrusion into vendors’ networks respondents witnessed counter incident response (IR) that was then used to “island hop” onto others along their since the start of the pandemic. Security tooling supply chains – embodied today’s threat landscape as disablement was the most observed technique. refigured by the pandemic. • Attackers are leveraging a number of counter IR techniques, “This is not an isolated event,” notes Tom Kellermann, the top techniques observed included: security tool Head of Cybersecurity Strategy, disablement (33%); DDoS (Denial-of- VMware Security Business Unit. “With COVID-19 catalysing digital Since 2019, we’ve seen service) attacks (26%); Security tool bypass (15%); Destruction of logs transformation and a shift to cloud e-crime shift from covert (11%). services, these sorts of attacks will only increase in frequency. Organisations shadow groups into these • Security teams now know it's not a matter of if they'll get attacked, but when have to realise that it’s no longer simply pseudo-legitimate – and have adopted a proactive about whether breaches along their supply chains can be leveraged to attack businesses, replete with mindset: 81% of organisations reported having a threat hunting program. them, but whether they themselves can customer service channels. be used to attack their customers.” • Island hopping is increasingly prevalent, as attackers “hop” from one network to another along its The pandemic did more than broaden the attack surface: it supply chain: Nearly half (44%) of respondents said they provided the time, capital, and opportunity for cybercrime witnessed island hopping in more than 25% of all IR to industrialise. E-crime groups have collaborated to form engagements; 13% witnessed it in over 50% of advanced enterprises, providing ransomware-as-a-Service engagements. (RaaS), selling network access points on the dark web, and executing destructive cyberattacks. • This year, the top security priorities for organisations include: security for trusted third parties/supply chain As Greg Foss, Senior Cybersecurity Strategist, VMware (24%); remote access security (24%); network and Security Business Unit, puts it, “Since 2019, we’ve seen e- endpoint security (22%); identity and access controls crime shift from covert shadow groups into these pseudo- (21%); hardware/physical device security (9%). legitimate businesses, replete with customer service channels, clear business sites, and increasingly sophisticated Attacker Behaviour: Amid COVID-19, the surge of attack methods.” sophisticated attacks and the rise of ransomware-as -a-service. Still, 2020 was not all bad news. With new attack methods on the rise, organisations have been forced to shift their In response to the pandemic, organisations have accelerated mindset and rethink their approach to security across the adoption of cloud technology – which in turn has applications, clouds, and devices. created new security threats that sophisticated cybercriminals have seized the opportunity to exploit. The “Cybersecurity is adapting to changing conditions,” speed to innovation comes with broader issues such as observes Rick McElroy, Principal Cybersecurity Strategist, supply chain compromise. In such instances like the VMware Security Business Unit. “The old school mentality SolarWinds breach – the adversary will use one is gone. Security teams realise they must change their organisation’s network (or cloud) to island hop to others architectures, adopt a cloud-first mindset, and work along their supply chain. Recognising this growing threat, together to meet today’s challenges. The path they’re “security for trusted third parties/supply chains” was the charting is a good one.” top priority security area for organisations in 2021. Here’s a look at what organisations saw during an “In today’s threat landscape, organisations must assume that unprecedented year from evolving attacker behaviours to cybercriminals will also target their constituency,” said the rise in e-crime – and most importantly what defenders Kellermann. “The burglary has turned into a home invasion can be doing to prepare in 2021 and beyond. – and not just one house, but the neighbourhood.” 12 Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE When it comes to the most observed supply chain will only expand in 2021 – we expect to see triple and compromise techniques, nearly half of respondents (46%) quadruple extortion attacks this year.” selected attackers abusing trusted relationships by Defender Behaviour: How security teams have leveraging accounts belonging to legitimate suppliers and adapted – and what they need to know for 2021. other trusted third parties. Attackers leveraging connectivity/networks between third party suppliers and Adapting to a new threat landscape enterprises (22%) and loopholes in software updates (21%) Forced to combat increasingly sophisticated attacks – in a also garnered a significant proportion of responses. remote-work environment, no less – defenders have “Too often organisations offload security issues around stepped up their game. Eighty-one per cent of respondents third-party vendors, which include time-consuming now have a threat hunting program in place. This represents paperwork to properly vet upfront,” Foss adds. a vital mindset shift, wherein companies and security leaders “Organisations say, ‘they’ve filled out the questionnaire, aren’t merely defending potential breaches – but assuming passed our barometer.’ And even if they do put all the right there is already a breach to uncover. checks in place, bad actors can still take advantage.” “Organisations recognise security tools won’t tell them Increasingly destructive counter IR. everything,” Foss explains. “You need human beings to manually go through the information being collected to A significant majority (63%) of respondents witnessed proactively look for clues and anomalies.” incidents of counter IR since the start of the pandemic – many of which reflect the increasingly destructive nature of Now, it’s just a matter of what those threat hunts consist of cybercrime today. and how often they’re conducted (VMware cybersecurity strategists recommend doing so on at least a weekly basis). For instance, the types of counter IR most observed included: security tooling disablement (33%), Denial-of- 2021 security priorities and investments. Service attacks (26%), security tooling bypass (15%), In the wake of the SolarWinds breach and the move to destruction of logs (11%), email monitoring (9%), and cloud environments, it’s no surprise that security for destructive attacks (7%). trusted third parties/supply chain is the number one “These responses underscore the importance of threat security priority for organisations in 2021. This was hunting,” says McElroy. “They demonstrate that there’s a followed by remote access security (24%), network and human being on the other end of the system who wants to endpoint security (22%), identity and access controls (21%), get visibility into the entire environment – while deploying and hardware/physical devices security (9%). increasingly destructive malware.” This year, we will see security budgets activated to address Foss also notes: “Attackers are looking to get their foot in these priorities. When asked which security solution their the door of your network, then unhook the latch once it’s organisation planned to invest the most in for 2021, safe – all very soft and silently at first – before loading more respondents shared network security (27%), cloud security advanced tool kits. It’s becoming a significant part of e- (20%), endpoint security (17%), data protection (16%) and crime.” managed security services (12%). The rise of RaaS and double-extortion ransomware. Rethinking the security stack. In 2020, we saw ransomware go mainstream. Sixty-six per There’s no doubt about it: 2020 – and the vulnerabilities cent of respondents report being targeted by ransomware brought on by COVID-19 served as a catalyst for yet during the past year – much of which may have been sold by another evolution in the sophistication and severity of e-crime groups on the dark web as RaaS. cyberattacks. As organisations continue to migrate to public and private cloud networks, support “work from “Traditional ransomware isn’t going anywhere,” Foss says, anywhere” environments, and fast track digital “But it can be hard to tell nowadays whether you’ve been transformation efforts, we shouldn't expect the surge of hit by RaaS or traditional methods, largely because attacks to slow down anytime soon. ransomware groups themselves now leverage RaaS operations and affiliate programs.” On the bright side, the pandemic has served as a wakeup call for security leaders as an opportunity to rethink their Worse, in a growing number of cases, these ransomware full security stack. In 2021, organisations will need the right attacks have gotten more sophisticated. For instance, when mindset, investment, and platforms to stay one step ahead asked which new ransomware attack techniques were most of attackers. observed, nearly 40% of respondents selected double- extortion ransomware (e.g., encryption, data exfiltration, VMware January Survey Methodology: VMware conducted an extortion). In other words, as organisations became more online survey in January 2021 about evolving cybersecurity effective at recovering from ransomware attacks via threats and trends ahead in 2021. 180 IR, cybersecurity, and IT backups, attackers changed their tactics to exfiltrate professionals (including CTOs, CIOs and CISOs) from around the sensitive information and use it for blackmail to ensure a world participated. financial gain. “If you’re hit by ransomware today, it’s safe to assume the www.carbonblack.com • attacker has a second command and control post inside your infrastructure,” says Kellermann. “And these methods Software World Vol.52 No.2 13
You can also read