Software World An International Journal Of Programs & Packages - MARCH VOLUME 52 - Webflow

Page created by Crystal Shaw
 
CONTINUE READING
Software World An International Journal Of Programs & Packages - MARCH VOLUME 52 - Webflow
THE SOFTWARE WORLD SERIES

                Software
                World
                An International Journal Of
                  Programs & Packages

  MARCH
 VOLUME 52
NUMBER 2 2021   PUBLISHED SIX TIMES PER YEAR
Software World An International Journal Of Programs & Packages - MARCH VOLUME 52 - Webflow
THE SOFTWARE WORLD SERIES

  Editor: Steven Patterson
                                                                  Software
                                                                  World
  Published by:                                                     An International Journal Of
  A.P.Publications Ltd                                               Programs and Packages
  58 Ryecroft Way,
  Luton, Beds. LU2 7TU.
  UK                                                               Vol.52 No.2                          March 2021

                                      SOFTWARE WORLD INTELLIGENCE
  Tel: 01582 722219
                                      Now Is the Time to Digitize the Commodity Value Chain.
  Website:                            Paul MacGregor, head of sales and marketing at Perfect Channel.           3
  www.softwareworldpublication.com
                                      Three Reasons the Security Industry Is Protecting the Wrong Thing.
  Editors E-mail:                     Paul German, CEO, Certes Networks.                                        5
  smpluton@ntlworld.com
                                      Why the Education Sector Needs to Make Cyber Security a Priority.
  © A.P. Publications Ltd             SecurityHQ                                                        7

                                      Disconnect Between Enterprise Data Access Requirements and
                                      Current Capabilities to Make Data-Driven Decisions.
  Subscription Rates:                 Starburst and Red Hat.                                                    9

  1 Year/ 2021                        The Rise of Kubernetes and the Growing Challenge Around Data
  U.K. £135.00                        Protection.
  Less Agency Discount £122.00        Florian Malecki, International Product Marketing Senior Director,
                                      StorageCraft.
  Overseas £161.00                                                                                              11
  Less Agency Discount £145.00        2021 Cybersecurity Outlook: Attackers vs. Defenders.
                                      VMware Security Business Unit.                                            12
  Single Copies:                      Hold on to IT Talent with Salary and Certifications.
                                      Global Knowledge.                                                         14
  £24.00 (U.K)
  £29.00 Overseas                     Top 10 Data and Analytics Technology Trends for 2021.
                                      Gartner                                                                   15
  ISSN 0038-0652
                                      Fighting Back in 2021: 4 Best Practices for Security Teams.
                                      Tom Kellermann, Head of Cybersecurity Strategy at the VMware Security
                                      Business Unit.                                                            17

                                      HMRC Starts Crack down on IT Sector R&D Tax Credit Claims.
                                      Tom Heslin, ForrestBrown.                                                 19

                                      IT News and Products                                                      21

                                      Security News and Products                                                24
   Software World and Database &
   Network Journal are published in
   the Peoples Republic of China by
   the Shanghai World Publishing
                                               IMPORTANT INFORMATION
   Corporation.
                                                 Subscriptions are still being
                                             taken for 2021. No price increase.

Software World Vol.52 No.2
Software World An International Journal Of Programs & Packages - MARCH VOLUME 52 - Webflow
SOFTWARE                WORLD INTELLIGENCE

                                            COMPANY VIEWPOINT

Now Is the Time to
Digitize the Commodity
Value Chain.
Paul MacGregor, head of sales and marketing at Perfect Channel.

                     A
                             s the world continues to adapt to     However, there is no independent spot carbon ‘exchange’
                             virtual and remote working with       which can identify the most efficient means of transportation
                             severe restrictions on travel,        to reduce the overall carbon footprint of the supplier,. This
                     many businesses are considering the           is an issue which will heavily impact all energy intensive
                     analogue nature of how they have been         businesses as the world moves toward net zero.
                     interacting with customers, suppliers and
                     intermediaries, and whether it is fit for      The potential for digital solutions.
                     the ‘new normal’.                              Digital Business to Business (B2B) marketplaces are trusted
                                                                    to transact literally billions of dollars’ worth of goods every
 Consider the metals value chain; from mining to processing, year in a wide variety of industries – from vehicle sales,
 fabrication, transportation, storage, consumption and              leasing and re-leasing, to insurance portfolio re-balancing,
 eventually recycling. Some larger                                                         luxury items, and cattle. Why not the
 players in the industry have successfully           Recommendation                        multi-billion-dollar global market for
 purchased or acquired the next                      algorithms can be                     physical commodities? B2B markets can
 ‘vertical’ within the chain, and hence                                                    widen the distribution networks of
 reaped the efficiencies. However, the           extremely powerful to sellers, create competitive tension and
 vast majority of businesses are dealing       the marketplace owner, liquidity in the marketplace, and enable
 with intermediaries – often with
 business relationships dating back many
                                                 enabling you to adjust price                     discovery through the use of
                                                                                           various auction methodologies. Digital
 years - to advise them on who, when         your auction methodology markets can capture every activity of
 and how to sell their products. In some to the most appropriate potential buyers, including lots searched
 cases, pricing for widely used metals                                                     or browsed, bids submitted, and lots
 (such as copper and aluminium) can be           for any given product. won or lost.
 referenced from recognised Exchanges
 like the London Metal Exchange or Shanghai Futures                 Over time therefore, B2B markets can be overlain with data
 Exchange – but what about the ever growing universe of             science in the form of machine learning, in order to
 ‘rare earth’ metals for which there is no recognised public        recommend the right products to make available to the right
 source of pricing, but which form an essential part of             buyers, at the right time, ensuring sales teams are operating
 mobile technology, computer chips, and rechargeable                in the most effective manner. Recommendation algorithms
 batteries? Or the pricing of lithium, an essential ingredient      can be extremely powerful to the marketplace owner,
 in EV car batteries? In this case, the supplier is totally reliant enabling you to adjust your auction methodology to the
 on that limited analogue network of intermediaries and             most appropriate for any given product, based on past
 buyers built over a number of years.                               auction performance.

 Let’s look at another issue facing the commodity value            Recommendation algorithms can also alert your buyers to
 chain: logistics and the carbon cost of transportation.           potential substitute products, ensuring you sell the
 Suppliers of ‘dry bulk’ cargoes typically use intermediaries,     maximum amount of product, and satisfy your customer
 or shipping brokers, to source vessels to transport their         demand. Effective use of data science can deepen and
 products to the point of consumption. China, a voracious          broaden your knowledge about your marketplace and the
 consumer of every commodity from soyabeans to iron ore            wider industry, putting you in a position which cannot be
 over the past 20 years, is often the final destination, but the   easily disrupted by competitors.
 cargo may originate from North America, Brazil, Chile,
 Australia, or any number of African nations. Shipping             In addition, digital B2B markets can be integrated with
 brokers (and other independent start-ups) have made some          logistics and storage solutions, searching and securing the
 attempts to augment what has traditionally been a very            most appropriate and lowest carbon footprint form of
 analogue market with some digital offerings, utilising tracker    transportation to the point of storage, and eventual
 beacons which are active on all major vessels.                    consumption.

                                                                                                   Software World Vol.52 No.2 3
SOFTWARE WORLD INTELLIGENCE

 Making the decision to ‘disrupt’                                 Secondly, referring to my first point in this article, the
 So why has the global market for physical commodities            current crucial role of intermediaries is naturally threatened
 remained analogue for so long? This is especially interesting    by a digital offering. There is therefore built-in inertia to
 given the scientific advances made in the mining industry, for   transform the sales process within the industry. More
 example, utilising automated drilling and tunnel boring          transparency in a digital B2B market and associated logistics
 systems, autonomous vehicles, and drones. Or indeed, the         solution would naturally narrow spreads and squeeze
 scientific advances in agriculture, utilising robotics,          margins, largely to the benefit of the marketplace owner.
 temperature and moisture sensors, aerial images and GPS
 technology.                                                      Moving forward, if the world wants to ‘build back greener’,
                                                                  digitising the multi-billion-dollar commodity value chain is a
 The answer is that this is due to a mix of two factors.          key part of that process. It will be disruptive, and require
 Firstly, prior to the pandemic, face to face sales in high value investment in new technology and skills, but businesses
 bulk commodities was a traditional, common practice. Think prepared to grasp the nettle will put themselves on a more
 of metals week in London, or copper week in Shanghai,            profitable and sustainable growth path for the future.
 physically bringing together the world’s largest consumers,
 suppliers and brokers. Both events (and many others) were www.perfectchannel.com
 cancelled for 2020, and, if they return in 2021 or 2022, it is                                                                •
 likely to be on a vastly reduced, socially distanced scale.

  Coding Is the Fastest Growing Profession
  in the UK.
  Coding is the fastest growing profession in the UK by           consultancies in the UK has increased by 54% in the past
  numbers of employees, and there are now more than               10 years, from 40,805 to 62,890 - with these businesses
  600,000 developers working in the private sector,               generating turnover of more than £120bn.
  according to research by developer recruitment platform         Aude Barral, co-founder of developer recruitment
  CodinGame.                                                      platform CodinGame, comments:
  Analysis of the most up-to-date ONS business population         “Although the number of developers working in the
  data1 reveals that the number of computer programmers           private sector has risen 14% in the past three years, tech
  working for private companies has increased by 74,000 in        recruiters are still facing a digital skills crisis.
  the past three years, from 536,000 to 610,000.
                                                                  “The past ten years has seen a digital revolution that is
  A third (196,000) of those developers are employed by           reshaping the global workforce, and skilled developers are
  large companies. However, just under 300,000                    in exceptionally high demand.
  programmers are working in micro and small businesses.
                                                                  “And despite Government figures showing the number of
  The only other two industries in the private sector that        developers employed in the UK has topped 600,000,
  have seen employee numbers grow by more than 50,000             supply of highly skilled tech talent is struggling to keep
  over the same time period are construction (54,000) and         pace with demand.
  the restaurant and mobile food service industry (52,000).
                                                                  “The tech start-up sector is booming and traditional
  Other industries have seen employee numbers grow by             businesses are going through a digital transformation,
  more than 10,000 over the past three years include;             which has been turbo-charged by the impact of the
  accountants (22,000), tradespeople, such as electricians        pandemic and the country switching to remote working.
  and plumbers (21,000), car dealers (17,000), estate agents
  (16,000) and management consultants (11,000).                   “We surveyed tech recruiters recently and they admitted
                                                                  their No1 challenge for 2021 will be to find qualified
  Over the past decade, as the digital revolution gathered        developers2 for their tech teams. This year, DevOps are
  momentum, the number of computer programmers                    particularly sought after with unprecedented demand for
  working in the private sector has increased by 51%, from        cloud migration experts given as one of the reasons.
  405,000 to 610,000.
                                                               ‘The message to companies who are hoping to fill top tech
  The explosion of new digital businesses and the digitisation positions in 2021, is to start their hiring process as soon as
  of traditional companies, has generated huge demand for      possible and to have a clear idea what skill-set they are
  highly skilled developers.                                   looking for in a developer.
  In comparison, ONS figures show that across all industries “In our experience, the best developers aren't simply
  in the private sector, the business population has increased attracted by the biggest salary3, they are stimulated by the
  by a more modest 20% over the same period, less than         technical challenges, and a business with a clear roadmap
  half the rate of growth seen within the computer             and a compelling vision.”
  programming profession.
  Government figures also reveal that the number of
                                                               ww.codingame                                                    •
  computer programming related businesses and

4 Software World Vol.52 No.2
SOFTWARE                WORLD INTELLIGENCE

                                                          OPINION

Three Reasons the Security
Industry Is Protecting the
Wrong Thing.
Paul German, CEO, Certes Networks.

 W
             hy is it that the security industry talks about       However, consider separating data security from the
             network security, but data breaches? It’s clear       network through an encryption-based information
             that something needs to change, and according         assurance overlay. Meaning that organisations can
 to Paul German, CEO, Certes Networks, the change is               seamlessly ensure that even when malicious actors enter
 simple. For too long now, organisations have been focusing        the network, the data will still be unattainable and
 on protecting their network, when in fact they should have        unreadable, keeping the integrity, authentication and
 been protecting their data. Paul outlines three reasons why       confidentiality of the data intact without impacting overall
 the security industry has been protecting the wrong thing         performance of the underlying infrastructure.
 and what they can do to secure their data as we move into
 2021.                                                             Reason two: Regulations and compliance revolve
                                                                   around data.
 Reason one: They’re called data breaches, not                     Back in 2018, GDPR caused many headaches for businesses
 network breaches, for a reason.                                   across the world. There are numerous data regulations
 Looking back on some of the biggest                                                       businesses must adhere to, but GDPR
 data breaches the world has ever seen,             Facing an either/or                    in particular highlighted how important
 it’s clear that cyber hackers always seem                                                 it is for organisations to protect their
 to be one step ahead of organisations         decision, companies have sensitive data. In the case of GDPR,
 that seemingly have sufficient protection                                                 organisations are not fined based on a
 and technology in place. From the            blindly followed the same network breach; in fact, if a cyber
 Adobe data breach way back in 2013                                                        hacker were to enter an organisation’s
 that resulted in 153 million user records old path of attempting to network but not compromise any data,
 stolen, to the Equifax data breach in                                                     the organisation wouldn’t actually be in
 2017 that exposed the data of 147.9               secure the network                      breach of the regulation at all.
 million consumers, the lengthy Marriott
 International data breach that
                                                           perimeter.                      GDPR, alongside many other
 compromised the data from 500 million                                                     regulations such as HIPAA, CCPA, CJIS
 customers over four years, to the recent Solarwinds data          or PCI-DSS, is concerned with protecting data, whether it’s
 breach at the end of 2020, over time it’s looked like no          financial data, healthcare data or law enforcement data. The
 organisation is exempt from the devastating consequences          point is: it all revolves around data, but the way in which
 of a cyber hack.                                                  data needs to be protected will depend on business intent.
                                                                   With new regulations constantly coming into play and
 When these breaches hit the media headlines, they’re called compliance another huge concern for organisations as we
 ‘data breaches’, yet the default approach to data security for continue into 2021, protecting data has never been more
 all these organisations has been focused on protecting the        important, but by developing an intent-based policy,
 network - to little effect. In many cases, these data breaches organisations can ensure their data is being treated and
 have seen malicious actors infiltrate the organisation’s          secured in a way that will meet business goals and deliver
 network, sometimes for long periods of time, and then have provable and measurable outcomes, rather than with a one-
 their pick of the data that’s left unprotected right in front of size-fits-all approach.
 them.
                                                                   Reason three: Network breaches are inevitable, but
 So what’s the rationale behind maintaining this flawed            data breaches are not.
 approach to data protection? The fact is that current             Data has become extremely valuable across all business
 approaches mean it is simply not possible to implement the sectors and the increase in digitisation means that there is
 level of security that sensitive data demands as it is in transit now more data available to waiting malicious actors.
 without compromising network performance. Facing an
 either/or decision, companies have blindly followed the           From credit card information to highly sensitive data held
 same old path of attempting to secure the network                 about law enforcement cases and crime scenes, to data such
 perimeter, and hoping that they won’t suffer the same fate        as passport numbers and social ID numbers in the US,
 as so many before them.                                           organisations are responsible for keeping this data safe for

                                                                                                   Software World Vol.52 No.2 5
SOFTWARE WORLD INTELLIGENCE

 their customers, but many are falling short of this duty.         contextual meta-data, any non-compliant traffic flows or
 With the high price tag that data now has, doing everything       policy changes can be quickly detected on a continuous
 possible to keep data secure seems like an obvious task for       basis to ensure the security posture is not affected, so that
 every CISO and IT Manager to prioritise, yet the constant         even if an inevitable network breach occurs, a data breach
 stream of data breaches shows this isn’t the case.                does not follow in its wake.

 But what can organisations do to keep this data safe? To          Trusting information assurance.
 start with, a change in mindset is needed to truly put data at    An information assurance approach that removes the
 the forefront of all cyber security decisions and investments.    misdirected focus on protecting an organisation’s network
 Essential questions a CISO must ask include: Will this            and instead looks at protecting data, is the only way that the
 solution protect my data as it travels throughout the             security industry can move away from the damaging data
 network? Will this technology enable data to be kept safe,        breaches of the past. There really is no reason for these
 even if hackers are able to infiltrate the network? Will this     data breaches to continue hitting the media headlines; the
 strategy ensure the business is compliant with regulations        technology needed to keep data secure is ready and waiting
 regarding data security, and that if a network breach does        for the industry to take advantage of. The same way that no
 occur, the business won’t risk facing any fines? The answer       one would leave their finest jewellery on display in the
 to these questions must be yes in order for any CISO to           kitchen window, or leave their passport out for the
 trust that their data is safe and that their IT security policy   postman to see, organisations must safeguard their most
 is effective.                                                     valuable asset and protect themselves and their reputation
                                                                   from suffering the same fate as many other organisations
 Furthermore, with such a vast volume of data to protect,          that have not protected their data.
 real-time monitoring of the organisation’s information
 assurance posture is essential in order to react to an issue,     www.certesnetworks.com                                      •
 and remediate it, at lightning speed. With real-time,

 SMBs Can Regain Confidence in Lockdown by Being
 Smarter with Data.                                               “SMBs do not have the same resources as larger
 TrueCue.                                                         counterparts, making them more vulnerable to disruption.
                                                                  Despite this, we firmly believe SMBs can overcome the
 The true impact of the lockdown on UK SMBs has been              current challenges posed by existing restrictions by being
 revealed, with nearly a third (31%) of business leaders          smarter with their data, leveraging their investments made
 stating current restrictions are impacting their ability to plan into digital initiatives and making conscious strides to
 ahead.                                                           improving their data and analytics maturity.”

 Smaller organisations typically lack the resources to adapt       James continues: “Even before Covid, SMBs were
 to market instability and are more vulnerable to any              recognising the value data can bring to their business –
 disruption, but, according to James Don-Carolis, Managing         whether as a means of creating greater actionable insights,
 Director at TrueCue, SMBs can improve their ability to            improving forecasting or gaining a better understanding of
 overcome challenges and plan for the future by being              how resources can and should be allocated, the merits of
 smarter with their data.                                          data was not lost on business leaders, but often the
                                                                   challenge lay with how to leverage it effectively. Many SMBs
 Don-Carolis explains: “While the latest government                are still labelled as having low data and analytics maturity
 announcement does offer a roadmap out of the crisis,              due to simply procuring technologies and not enforcing an
 restrictions will remain for some time and a return to            organisation-wide culture of data and analytics.
 business as usual won’t happen overnight. The negative
 sentiment expressed by SMBs at this lack of certainty is          “To unlock the benefits, SMBs must assess how data and
 understandable, but by making better use of data, business        analytics are conducted and viewed across their business,
 leaders can improve their ability to make informed strategic      while also aligning any approach with the wider corporate
 decisions and gain a better sense of direction for how to         strategy. Early adopters of advanced data and analytics
 manage the business forward as we exit lockdown                   processes will be far more likely to foresee challenges
 restrictions.”                                                    ahead and plan a successful route forward out of lockdown.

 Business leaders have been faced with a plethora of               “Ultimately, the benefits of advancing your data and
 challenges over the past year including managing increased        analytics maturity are now recognised as a necessity,
 debt, the need to reduce costs, managing staffing challenges      meaning business leaders must install the right tools and
 and trying to identify new revenue streams. Managing these        effectively train their employees to gain true value from
 issues is not easy. When planning a route forward, SMBs           their data. With the government laying down a roadmap
 will typically rely on previous experiences as the basis for      out of lockdown restrictions, it’s important SMBs are
 decision making. But given how unpredictable the current          leveraging their data effectively, to ensure they remain
 landscape is, going with gut-feeling is not enough –
 businesses need to be much more considered as Don-
                                                                   nimble and reactive to any future challenges.”
                                                                   www.truecue.com                                             •
 Carolis discusses:

6 Software World Vol.52 No.2
SOFTWARE                WORLD INTELLIGENCE

                                                        SECURITY

Why the Education Sector
Needs to Make Cyber
Security a Priority.
SecurityHQ

 T
         he Education sector was already dealing with a vast           The school of a family member of mine was recently
         array of critical issues, including a lack of resources, a hacked. The hacker got into the database of the school.
         shortage in staff and training, and a scarcity of            This database was then ex-filtrated, and the bad actor
 funding. Then COVID-19 hit. This forced massive upheaval            impersonated the accounts receivable. This meant that
 and disturbance to the methods used to teach and for pupils           many of those on the parents list, that the attacker
 to learn. The situation involved a speedy move to remote           now had access to, fell for the scam. This resulted in the
 working and with it the re-evaluation of the systems and              school having to reimburse the parents, costing the
 processes that have been in place for                                                      school thousands of pounds. And
 many years.                                                                                 these threats and attacks are far
                                                          Few institutions                 from rare. Many do not make it to
 This sudden shift has left the industry                                                      the news. With each successful
 exposed.
                                                      appeared to have a                   attack costing thousands of pounds
                                                        risk management                                in the process.”
 Overnight, and on top of the usual                                                            - Feras Tappuni, CEO, SecurityHQ
 logistics of the academic year, the                 strategy in place that
 education system had to abruptly                                                         Attack Surface
 revaluate everything that it knew, in
                                                     would allow them to
 order to continue teaching the minds              respond to a pandemic. The education sector will always be a
 or our future, to safeguard students,                                                    prime target to hackers. Mainly because
 employees, data and intellectual property.                         the attack surface is so large. The sheer size of the industry,
                                                                    and with it the potential of great financial gain, data theft
 ‘Few institutions appeared to have a risk management               and espionage, makes it a prime target for cyber criminals.
 strategy in place that would allow them to respond to a            And anyone, from students to employees, faculty members
 pandemic, particularly the capacity to offer online                and third-party providers are a prospective target.
 programmes and support when the crisis hit.’ - Frans van
 Vught, joint project leader of the university ranking system U-    The larger the attack surface, the more likely the
 Multirank                                                          investment of time and resources into an attack will be
                                                                    fruitful. In the UK alone, there are over 2.3 million students
 It does not come as a shock that the majority of schooling         in education, and just under half a million staff in higher
 systems, if not all, were underprepared for such a transition. education. With such a large attack surface, realistically
 If we look back from January 2020, no-one could have               there has to be a weak link somewhere.
 predicted what would evolve. In response, and in a bid to
 uphold some level of continuity, new rules have been               Other industries, such as the telecommunication or
 implemented, new systems put in place, and new guidelines Financial sector are obvious targets because of the wealth
 for teaching and learning have been made. But these rules          and power they hold. But take away the fact that the
 differ from country to country, institution to institution, and education industry, like many others, is large, what is the
 the structure and clarity has been lost along the way. It is       real gain behind hacking a student or employee account?
 exactly this, the ambiguity of the entire situation, that cyber
 criminals are taking advantage of.                                 Data Theft

 The methods used by attackers are sophisticated, and              From kindergarten to postgrad, every education-based
 attacks against the industry are increasingly aggressive. From    organisation holds a wealth of data. This data includes a
 ransomware to malware, headlines with the latest breaches         range of private and personal information, including
 and threats (like the recent Blackbaud hack) are strewn           addresses, telephone numbers, full names, sensitive data
 across the news. And what is shouted about in print               such as medical records, personal requirements, and much
 presents only a fraction of the real issues that this sector is   more.
 facing.
                                                                   Once collected and pilfered, this information can be sold
   “Not only have I seen the number of attacks in the              and used to exploit individuals or whole schools at a time. If
   education industry rise over the course of 2020 and             sensitive data is acquired, it can also be used as a bargaining
  2021, but I have personally dealt with such an attack.           tool within a ransomware attack.

                                                                                                   Software World Vol.52 No.2 7
SOFTWARE WORLD INTELLIGENCE

 ‘Since August 2020, the NCSC has been investigating an          information, development in a particular field (COVID-19
 increased number of ransomware attacks affecting                related research for instance) can be halted.
 education establishments in the UK, including schools,
 colleges and universities.’ - National Cyber Security Centre    ‘Shifting to full online learning means more personal and
                                                                 research sensitive data is now available online, with many
 Financial Gain                                                  more access attempts from various devices’ - Samme-Nlar

 Not only is a successful ransomware attack financially     DDoS Disruption
 beneficial to the attacker, but direct attacks into paymentAlongside Nation State Actor and espionage attacks are
 systems are also prevalent.                                Distributed Denial-of-Service (DDoS) attacks. The intention
                                                            of these attacks is to infiltrate a weak network, flood this
 Student fees are a large part of                                                 network, target a host, and cause
 university and private schooling             Cybercrime specialists at disruption to impact productivity and,
 systems. With the average student                                                in essence, stop or crash systems. The
 paying over £9000 a year on their                the FBI noted one               attack is hard to contain, as it is often
 education, disregarding the additional                                           maid from multiple sources. The
 costs of living arrangements paid into a      specific campaign that motives behind such an attack can
 singular faculty connected account, and
 with over 2.3 million student in the UK
                                               stole tens of thousands range              from a personal vendetta against
                                                                                  a specific organisation, the means to
 alone at university, the financial gain of   of dollars from students slow down an organisation to cost
 targeting university systems and the                                             them time and money, or to work as a
 financial third parties associated, is             back in 2018.                 distraction to allow for other
 fruitful.                                                                        infiltrations to be made.

 The majority of payments are made in lump sums, via             ‘Without proper protection, it leaves the learning
 university online portals. If a bad actor can infiltrate this   management systems susceptible to denial-of-service
 portal or create a phishing campaign to trick the user into     attacks. In addition, the involvement of African universities
 sending the money to the wrong account, the benefits are        and institutions in coronavirus research makes them a
 huge.                                                           target by nation state actors interested in gaining access to
                                                                 that information.’- African Academic Network on Internet Policy
 ‘Cybercrime specialists at the FBI noted one specific
 campaign that stole tens of thousands of dollars from           How to Reduce Threats
 students back in 2018. Since then, they’ve reported on
 multiple other campaigns targeting universities and student     In order to safeguard student data, research, processes and
 bodies all over the country.’ - Forbes                          finance, schools must put in place strategies to mitigate
                                                                 cyber threats.
 Espionage
                                                                 To do this, security patches must be maintained, and
 Universities hold valuable and influential intellectual         protocols to defend and test environments should be
 property. Depending on the nature of the data stolen,           utilised. Visualise and understand malicious or anomalous
 espionage often takes place as a result. Research within        activity and analyse, prioritise, and respond to threats in
 medicine and engineering, in particular, can provide valuable   rapid time. Which means that the only way to safeguard
 insights which can then be used in the following three ways.    data, students, employees, and processes is with Managed
                                                                 Detection & Response.
 1) To understand the developments of a certain
 subject/project. This data can then be sold to competitors      Not only should technical strategies be put in place, but
 or nation state actors to influence economic, social or         internal training for all students and staff must actively be
 political change.                                               encouraged. Especially with regards to ransomware and
                                                                 phishing. Educating students about cyber risks, to know
 2) Individuals / researchers / departments can be held to       how to recognise threats and to safeguard devices will instil
 ransom in return for their valuable data. Often the process     a culture of awareness.
 of stopping research can be more costly than the demand
 made.                                                           www.securityhq.com                                            •
 3) Researchers can be restricted to access their own data.
 By making it possible to hide or restrict the users own

                      IMPORTANT INFORMATION
       Subscriptions are still being taken for 2021. No price increase.

8 Software World Vol.52 No.2
SOFTWARE               WORLD INTELLIGENCE

                                                   NEW STUDY

Disconnect Between Enterprise Data Access
Requirements and Current Capabilities to
Make Data-Driven Decisions.
Starburst and Red Hat.

N
           ew market research commissioned by Starburst           4. Every second between querying data and
           and Red Hat, shows that data access has become         gaining insight counts. With the rapidly changing
           more critical for 53% of survey respondents            landscape of almost every industry due to the pandemic,
throughout the pandemic as analytics workloads and                today’s enterprises have significantly less time to gain
demands increase significantly. The survey, conducted by          insight on their data before it’s outdated. Viability of
independent research firm Enterprise Management                   business decisions comes down to a matter of
Associates, found that the imperative for faster data access      milliseconds (according to 17% of respondents), with 39%
is about driving business outcomes, with 35% of survey            of business decisions requiring latency of one second or
respondents looking to analyse real-                                                 less.
time changes to risk and 36% wanting              What we’re seeing in
to improve growth and revenue                                                        “Data is the lifeblood of any business
generation through more intelligent              these survey results is trying to navigate today’s digital
customer engagements.                                                                economy. What we’re seeing in these
                                               that organisations have survey results is that organisations have
More than one-third (37%) of survey                                                  clear demands for faster and more
respondents aren't confident in their          clear demands for faster comprehensive data access, but
ability to access timely, relevant data for                                          technical challenges still exist,” said
critical analytics and decision-making.       and more comprehensive Justin Borgman CEO of Starburst. “It’s
“The State of Data and What’s Next”                                                  imperative that companies overcome
survey revealed that this lack of
                                                        data access.                 these challenges because their
confidence stems from four main                                                      customer experience, competitive
challenges currently facing data teams:                         advantage and growth depend on it. By empowering our
                                                                customers to access all of their data, regardless of location,
   1. Data is significantly distributed and this                Starburst enables better and faster business decisions.”
   complexity isn't going away. The survey found that
   half (52%) of respondents have data in five or more data     The survey shows that enterprises are turning to specific
   storage platforms. And more enterprises are expected to practices and product capabilities to meet these challenges:
   follow this trend, with 56% of respondents claiming they
   will have data on more than five platforms in the next         1. Multi-cloud flexibility. Among survey respondents,
   year. It appears distributed data is here to stay.             56% of their data is in the cloud and 44% is on-premises.
                                                                  The move to the cloud is quickly progressing, however,
   2. Moving data across sources is riddled with                  with respondents expecting to have 62% of their data in
   challenges. Many enterprises are finding the task of           the cloud and 38% on-premises by the end of 2021. And
   building and deploying data pipelines difficult. Some of the   this migration is not to one specific cloud provider: the
   biggest obstacles they face are combining data in motion       number one criteria respondents looked for in cloud data
   with data at rest (32%), the excessive time it takes to        storage was the flexibility to access data from multiple
   address break and fix (30%), data pipeline complexity          clouds (47%).
   (26%) and the manual coding lift for deploying error-free
   data pipelines (25%).                                          2. Automation, search & cataloging. When asked,
                                                                  almost half (44%) of respondents identified automating IT
   3. Developing a data pipeline is time intensive.               and data operations as the most important practice to
   Building the right infrastructure for accessing data takes     improve their organisation’s data strategy. Survey
   significant time and manpower, and enterprises can’t           respondents also identified implementing search (32%)
   afford to wait. For 45% of survey respondents, it              and cataloguing data (30%) among the most important
   currently takes more than a day to develop a data              practices, pointing toward the necessity for organisations
   pipeline, with 27% saying it can take anywhere from three      to make finding and using the right data a quick and easy
   days to two months. Not to mention making that data            process for users across the enterprise.
   pipeline operational takes more time – 52% of
   respondents said that it adds another day or more, with        3. Modern analytical capabilities. Legacy data
   24% saying it adds another week to the process.                solutions are no longer meeting the needs of the modern

                                                                                               Software World Vol.52 No.2 9
SOFTWARE WORLD INTELLIGENCE

   enterprise – data analysts need future-facing tools that      that can handle a wider range of workload types, from
   enable the processes they are engaging in most. For 42%       structured databases and semi-structured data warehouses
   of respondents, that is running a single query across         to unstructured data lakes. With this foundation,
   relational databases, file systems and object storage. Data   organisations can be better positioned to harness insights
   analysts are also looking for the most support in analysing   from their data, no matter where it comes from in their
   streaming data or real-time events (38%) and running a        hybrid cloud environment.”
   single query across structured and semi-structured data
   (37%).                                                        “It was clear even before this research that enterprise
                                                                 technology needs have drastically shifted over the past
 “The opportunity for every organisation is to convert data      year,” said John Santaferraro, Research Director at
 into action,” said Mike Piech, Vice President and General       Enterprise Management Associates. “This research identifies
 Manager of Cloud Storage and Data Services at Red Hat.          that there is a chasm between data requirements and
 “But the challenge we see organisations facing is a veritable   current capabilities, pinpoints what is most needed to
 tsunami of diverse data in their hybrid cloud environments,     bridge that chasm, and provides the roadmap for how
 with a range of users needing access to it, including           technology solutions will need to evolve to meet these
 application developer and DevOps teams, data science and        needs.”
 data engineering teams, and cloud infrastructure teams. The
 imperative is to create a consistent foundation for storage     www.enterprisemanagement.com.                                     •
  Internet Connection Sharing as the New Big                     Another use case example is giving people access to
  Passive Income Trend.                                          content that they normally would not have with their
  As the world adapts to the Covid-19 pandemic, increasing       current IP address. Music, movies, or even search engines
  numbers of people are challenging the traditional concept of   like Google are geo-blocked to some users. However,
  work by renting their spare internet bandwidth to obtain       these restrictions can be surpassed by temporarily
  passive income.                                                borrowing somebody else’s IP.

  The Covid-19 pandemic and its induced lockdown have            As far as actual earnings go, the reported monthly payouts
  made working from home part of many people’s everyday          mostly depend on the amount of bandwidth the user is
  reality. However, not everyone has been afforded this          willing to share and the rates offered by the platform.
  privilege and instead had to contend with unsafe working       Generally, the earning potential can vary from just a few
  conditions or even unemployment. In the face of these          cents to several hundred dollars a month. IPRoyal Pawns is
  trends, there has been an increase in online freelancing       one of the IP proxy sharing platforms that offers its users a
  and other means of making money online.                        way to develop a stream of passive income.

  Aside from working online, the internet has been offering      “Currently our users earn from $5 to $140 per month on
  its users a variety of ways for generating passive income      average for just keeping our app active on their device.
  streams. Some of the better-known examples include             Right now we pay 0.20USD per 1GB shared. Making sure
  content monetization, affiliate marketing, and –more           our users are compensated fairly and generously is one of
  recently– investing in cryptocurrencies.                       our top priorities!” said Karolis Toleikis, CEO of IPRoyal.

  In fact, cryptocurrencies–and Bitcoin more specifically –      There are some things that the user should be aware of
  are responsible for another trend for making money             when trusting one’s bandwidth to a residential IP sharing
  online. It has to do with exchanging unused resources of       app. That is because currently, only some companies
  one’s devices for ‘real” money paid as dividends - as part     employ cybersecurity measures to prevent data leakages,
  of bitcoin mining operations. While in the case of Bitcoin     illegal content downloads, and DDos attacks being
  people are offering their spare GPU processing power,          performed from their users’ IP addresses. Having a
  unused bandwidth is what other companies are bargaining        sophisticated system to counter these potential threats is
  for.                                                           essential to providing a safe user experience.

  The underlying technology utilizing residential IP use might   “IPRoyal is built on three core pillars - security, safety, and
  be quite hard to grasp. However, the way it works from         privacy. All our clients need to confirm their identity by
  the user perspective is fairly straightforward. Typically,     providing their name and valid ID documents. That way,
  people begin by installing the app on their devices and        we know who they are. We also make sure all the traffic
  connecting them to the internet. Then, while the app is        our trusted partners use is 100% safe,” commented Mr.
  active, the company uses the connection to gather bits of      Toleikis.
  information from the internet, making use of access to a
  unique geolocation.                                            As the world adapts to the effects of the pandemic, the
                                                                 traditional concepts of work and income change. While in
  An example of what the app might do with these spare           some cases this shift inspires completely new ways of
  internet connectivity resources is reselling it to other       earning a living, it typically accelerates trends that began
  brands so they can scan the web for intellectual property
  violations like copies and counterfeits of their products.
                                                                 way before 2020.
                                                                 www.iproyal.com
                                                                                                                              •
10 Software World Vol.52 No.2
SOFTWARE               WORLD INTELLIGENCE

                                                     OPINION

The Rise of Kubernetes and the Growing
Challenge Around Data Protection.
Florian Malecki, International Product Marketing Senior Director, StorageCraft.

                 W
                             hile containers have been         number of organisations now using containers in their
                             around since the 1970s, their     testing environment before deploying new applications are
                             popularity exploded with          discovering that unexpected things can happen to the data
                 Docker in 2013. Now, container-               during that migration and deployment.
                 orchestration tools like Kubernetes are
                 rapidly transforming how applications are     The takeaway: properly backing up your data is particularly
                 developed and deployed. They're doing it      important—and will only become more critical in the
                 by enabling developers to focus exclusively   months and years ahead.
on building software and delivering value. It's not an
overstatement to say that containers are sparking a            As organisations use more containers, they will create more
revolution in software development.                            and more data that will need to be backed up and stored.
                                                               As noted above, because containers tend to be used for
But if you're going to embrace containers, you must also get testing and development, the lifespan of the containers
your arms around the issue of data protection.                 themselves is usually shorter than the data they create. But,
                                                               for compliance and other reasons, that data needs to be
To explain why we must first define what exactly a             stored and protected long after a particular container is
container is. It's an application that bundles all its         decommissioned or destroyed.
dependencies, libraries, and configuration files into a single
package. This bundling makes it easier to spin up new          It's also important to note that backing up container data is
container instances and seamlessly move containers from        not a time-based process, with data backed up every few
one computing environment to another.                          minutes or hours. With containers, backup is more event-
                                                               driven. For example, if you create a new container and you
That's a significant advantage in a lot of ways. For instance, don't get the result you're hoping for, you want the ability
containers are typically used when developers want to          to return to the previous state quickly. So, you need a
move an application from a testing environment, such as        backup at that point.
their laptop, to a live production environment. The use of
containers is also common when migrating from a physical       It's for all these reasons that container backup is
machine to a cloud-based virtual machine.                      increasingly a front-burner issue. Even though containers, by
                                                               their nature, are designed for existing only when needed,
Containers are highly beneficial in many different scenarios   organisations are realising that container data needs to last
because they are not slowed down by differences in             longer and must ultimately be protected.
operating systems, software versions, etc. Indeed,
containers are extremely flexible and portable, making them So, what's the solution? There are several steps companies
a natural fit for many cloud applications. As computing and    can take to ensure that their container data is stored
storage rapidly move to the cloud, containers will likely      successfully. For starters, it's vital to assess the data
become a vital technology for every modern organisation.       requirements for each containerised application. Companies
However, while container orchestration tools like              should also ensure that there are protocols in place to stop
Kubernetes are convenient due to their scalability and         container data from being needlessly overwritten. Further,
portability, they can fall short for data protection.          companies must be aware of every container's security and
                                                               access requirements in their environment.
Why is data protection for Kubernetes so tricky? Well, for
starters, a Kubernetes architecture is exceptionally fluid and Containerisation has provided a significant boost to
dynamic. Containers are rapidly spun up and just as quickly application development. But organisations need to give
torn down, depending on the developers' goals and              serious consideration to storing, backing up, and protecting
specifications. That means containers are essentially          their containerised data. By tackling the data-protection
temporary and have a relatively short lifespan.                issue head-on, organisations can truly reap the many
                                                               benefits of container-based development and move
What does this mean for data protection? It means that as      confidently into the future.
more enterprises adopt containers, data protection will
become an increasingly important issue. The growing            www.storagecraft.com                                        •
                                                                                            Software World Vol.52 No.2 11
SOFTWARE                WORLD INTELLIGENCE

                                              2021 PREDICTIONS

2021 Cybersecurity Outlook:
Attackers vs. Defenders.
VMware Security Business Unit.

 COVID-19, one year later.                                        Key Findings
 2020 was undoubtedly a defining year for cybersecurity – a         • Ransomware attacks are getting increasingly sophisticated:
 year that ended with the SolarWinds breach, which                  nearly 40% of respondents said double-extortion
 infiltrated US government agencies and organisations at a          ransomware was the most observed new ransomware
 scale not seen in recent history.                                  attack technique in 2020.
 For cybersecurity professionals, the nature of this attack – a     • A growing number of attackers are fighting back: 63% of
 sophisticated, clandestine intrusion into vendors’ networks        respondents witnessed counter incident response (IR)
 that was then used to “island hop” onto others along their         since the start of the pandemic. Security tooling
 supply chains – embodied today’s threat landscape as               disablement was the most observed technique.
 refigured by the pandemic.
                                                                   • Attackers are leveraging a number of counter IR techniques,
 “This is not an isolated event,” notes Tom Kellermann,            the top techniques observed included: security tool
 Head of Cybersecurity Strategy,                                                       disablement (33%); DDoS (Denial-of-
 VMware Security Business Unit. “With
 COVID-19 catalysing digital                    Since 2019, we’ve seen service)                 attacks (26%); Security tool
                                                                                       bypass (15%); Destruction of logs
 transformation and a shift to cloud          e-crime shift from covert (11%).
 services, these sorts of attacks will only
 increase in frequency. Organisations
                                              shadow groups into these • Security teams now know it's not a
                                                                                       matter of if they'll get attacked, but when
 have to realise that it’s no longer simply         pseudo-legitimate                  – and have adopted a proactive
 about whether breaches along their
 supply chains can be leveraged to attack
                                               businesses,      replete     with       mindset: 81% of organisations reported
                                                                                       having a threat hunting program.
 them, but whether they themselves can customer service channels.
 be used to attack their customers.”                                                   • Island hopping is increasingly prevalent,
                                                                   as attackers “hop” from one network to another along its
 The pandemic did more than broaden the attack surface: it
                                                                   supply chain: Nearly half (44%) of respondents said they
 provided the time, capital, and opportunity for cybercrime
                                                                   witnessed island hopping in more than 25% of all IR
 to industrialise. E-crime groups have collaborated to form
                                                                   engagements; 13% witnessed it in over 50% of
 advanced enterprises, providing ransomware-as-a-Service
                                                                   engagements.
 (RaaS), selling network access points on the dark web, and
 executing destructive cyberattacks.                               • This year, the top security priorities for organisations
                                                                   include: security for trusted third parties/supply chain
 As Greg Foss, Senior Cybersecurity Strategist, VMware
                                                                   (24%); remote access security (24%); network and
 Security Business Unit, puts it, “Since 2019, we’ve seen e-
                                                                   endpoint security (22%); identity and access controls
 crime shift from covert shadow groups into these pseudo-
                                                                   (21%); hardware/physical device security (9%).
 legitimate businesses, replete with customer service
 channels, clear business sites, and increasingly sophisticated Attacker Behaviour: Amid COVID-19, the surge of
 attack methods.”                                                sophisticated attacks and the rise of ransomware-as
                                                                 -a-service.
 Still, 2020 was not all bad news. With new attack methods
 on the rise, organisations have been forced to shift their      In response to the pandemic, organisations have accelerated
 mindset and rethink their approach to security across           the adoption of cloud technology – which in turn has
 applications, clouds, and devices.                              created new security threats that sophisticated
                                                                 cybercriminals have seized the opportunity to exploit. The
 “Cybersecurity is adapting to changing conditions,”
                                                                 speed to innovation comes with broader issues such as
 observes Rick McElroy, Principal Cybersecurity Strategist,
                                                                 supply chain compromise. In such instances like the
 VMware Security Business Unit. “The old school mentality
                                                                 SolarWinds breach – the adversary will use one
 is gone. Security teams realise they must change their
                                                                 organisation’s network (or cloud) to island hop to others
 architectures, adopt a cloud-first mindset, and work
                                                                 along their supply chain. Recognising this growing threat,
 together to meet today’s challenges. The path they’re
                                                                 “security for trusted third parties/supply chains” was the
 charting is a good one.”
                                                                 top priority security area for organisations in 2021.
 Here’s a look at what organisations saw during an
                                                                 “In today’s threat landscape, organisations must assume that
 unprecedented year from evolving attacker behaviours to
                                                                 cybercriminals will also target their constituency,” said
 the rise in e-crime – and most importantly what defenders
                                                                 Kellermann. “The burglary has turned into a home invasion
 can be doing to prepare in 2021 and beyond.
                                                                 – and not just one house, but the neighbourhood.”

12 Software World Vol.52 No.2
SOFTWARE WORLD INTELLIGENCE

When it comes to the most observed supply chain                    will only expand in 2021 – we expect to see triple and
compromise techniques, nearly half of respondents (46%)            quadruple extortion attacks this year.”
selected attackers abusing trusted relationships by
                                                                   Defender Behaviour: How security teams have
leveraging accounts belonging to legitimate suppliers and
                                                                   adapted – and what they need to know for 2021.
other trusted third parties. Attackers leveraging
connectivity/networks between third party suppliers and            Adapting to a new threat landscape
enterprises (22%) and loopholes in software updates (21%)          Forced to combat increasingly sophisticated attacks – in a
also garnered a significant proportion of responses.               remote-work environment, no less – defenders have
“Too often organisations offload security issues around            stepped up their game. Eighty-one per cent of respondents
third-party vendors, which include time-consuming                  now have a threat hunting program in place. This represents
paperwork to properly vet upfront,” Foss adds.                     a vital mindset shift, wherein companies and security leaders
“Organisations say, ‘they’ve filled out the questionnaire,         aren’t merely defending potential breaches – but assuming
passed our barometer.’ And even if they do put all the right       there is already a breach to uncover.
checks in place, bad actors can still take advantage.”             “Organisations recognise security tools won’t tell them
Increasingly destructive counter IR.                               everything,” Foss explains. “You need human beings to
                                                                   manually go through the information being collected to
A significant majority (63%) of respondents witnessed
                                                                   proactively look for clues and anomalies.”
incidents of counter IR since the start of the pandemic –
many of which reflect the increasingly destructive nature of       Now, it’s just a matter of what those threat hunts consist of
cybercrime today.                                                  and how often they’re conducted (VMware cybersecurity
                                                                   strategists recommend doing so on at least a weekly basis).
For instance, the types of counter IR most observed
included: security tooling disablement (33%), Denial-of-           2021 security priorities and investments.
Service attacks (26%), security tooling bypass (15%),              In the wake of the SolarWinds breach and the move to
destruction of logs (11%), email monitoring (9%), and              cloud environments, it’s no surprise that security for
destructive attacks (7%).                                          trusted third parties/supply chain is the number one
“These responses underscore the importance of threat               security priority for organisations in 2021. This was
hunting,” says McElroy. “They demonstrate that there’s a           followed by remote access security (24%), network and
human being on the other end of the system who wants to            endpoint security (22%), identity and access controls (21%),
get visibility into the entire environment – while deploying       and hardware/physical devices security (9%).
increasingly destructive malware.”                                 This year, we will see security budgets activated to address
Foss also notes: “Attackers are looking to get their foot in       these priorities. When asked which security solution their
the door of your network, then unhook the latch once it’s          organisation planned to invest the most in for 2021,
safe – all very soft and silently at first – before loading more   respondents shared network security (27%), cloud security
advanced tool kits. It’s becoming a significant part of e-         (20%), endpoint security (17%), data protection (16%) and
crime.”                                                            managed security services (12%).
The rise of RaaS and double-extortion ransomware.                  Rethinking the security stack.
In 2020, we saw ransomware go mainstream. Sixty-six per            There’s no doubt about it: 2020 – and the vulnerabilities
cent of respondents report being targeted by ransomware            brought on by COVID-19 served as a catalyst for yet
during the past year – much of which may have been sold by         another evolution in the sophistication and severity of
e-crime groups on the dark web as RaaS.                            cyberattacks. As organisations continue to migrate to public
                                                                   and private cloud networks, support “work from
“Traditional ransomware isn’t going anywhere,” Foss says,
                                                                   anywhere” environments, and fast track digital
“But it can be hard to tell nowadays whether you’ve been
                                                                   transformation efforts, we shouldn't expect the surge of
hit by RaaS or traditional methods, largely because
                                                                   attacks to slow down anytime soon.
ransomware groups themselves now leverage RaaS
operations and affiliate programs.”                                On the bright side, the pandemic has served as a wakeup
                                                                   call for security leaders as an opportunity to rethink their
Worse, in a growing number of cases, these ransomware
                                                                   full security stack. In 2021, organisations will need the right
attacks have gotten more sophisticated. For instance, when
                                                                   mindset, investment, and platforms to stay one step ahead
asked which new ransomware attack techniques were most
                                                                   of attackers.
observed, nearly 40% of respondents selected double-
extortion ransomware (e.g., encryption, data exfiltration,         VMware January Survey Methodology: VMware conducted an
extortion). In other words, as organisations became more           online survey in January 2021 about evolving cybersecurity
effective at recovering from ransomware attacks via                threats and trends ahead in 2021. 180 IR, cybersecurity, and IT
backups, attackers changed their tactics to exfiltrate             professionals (including CTOs, CIOs and CISOs) from around the
sensitive information and use it for blackmail to ensure a         world participated.
financial gain.
“If you’re hit by ransomware today, it’s safe to assume the
                                                                   www.carbonblack.com
                                                                                                                                 •
attacker has a second command and control post inside
your infrastructure,” says Kellermann. “And these methods

                                                                                                  Software World Vol.52 No.2 13
You can also read