November 07, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
The Secure Production Identity Framework For Everyone (SPIFFE) is a specification for workload identity. According to Gilman, the easiest way to think about SPIFFE is as a passport. Similar to how people are issued passports in a common shape with a barcode and standard information, SPIFFE dictates the standard methods to prove and validate the identity of a service. It’s like bringing the “Sign in with Google” experience to the software services themselves, he adds. There are three key components in SPIFFE. First, SPIFFE specifies that services shall identify themselves with what’s called a SPIFFE ID, which is defined as a URI in the format of spiffe://trust-domain-name/path. These IDs are then encoded into a SPIFFE Verifiable Identity Document or SVID. SVIDs aren’t so much a document type themselves — instead, they support either X.509 or JWT document types. Last but not least, SPIFFE specifies a workload API that issues and rotates these SVIDs, along with the keys needed to validate them. SPIRE is the code that implements the SPIFFE specification—you can think of it as a production-ready SPIFFE runtime environment.?
The C-suite now frequently discusses cybersecurity in boardroom discussions. IT and business leaders have historically had difficulty cooperating on cyber risk management, but this disagreement seems to be worse than ever right now. According to a study, over 90% of IT decision-makers think their organisation would be willing to forego cybersecurity in favour of other objectives. Such a strategy for short-term gains are not worth the risk regarding cybersecurity, which includes monetary losses and reputational harm. An organisation must resolve this business-IT conflict and come to a consensus on cyber risk as a crucial component of business risk in order to succeed in the post-pandemic era of hybrid or remote workforces. Organisations will be able to maximise their commercial opportunities and prevent pricey breaches by using this to better identify, communicate, and mitigate cyber risk across the workplace. Additionally, research shows that 38% of business decision-makers and 50% of IT leaders believe the C-Suite fully comprehends cyber dangers.?
Using IIoT creates massive amounts of data. That wouldn’t matter, were it not for the fact that this information needs to be processed quickly in order to be of any use. Especially when applied to digital operations, data processing is key to success. Additionally, all this generated information brings matters of privacy and security into question. IoT itself is a relatively new concept, and protecting the data that it collects will require companies to find different and more efficient ways to sort through digital assets. At the very least, businesses operating with IIoT technology should be sure to invest in secure cloud computing infrastructure. Without strong digital assets, IIoT implementation will become even more complicated and risky than it already is. ... Transitioning to IIoT is costly. Regardless of the need for new systems, as mentioned above, current IoT expenses are already high. This is because IIoT uses sophisticated software to analyze productivity and predict future trends and issues. It is also capable of deploying smart-sensing software for use in technology and agricultural businesses. Combined with the network that IIoT provides to companies, the expense of developing a digital strategy can be hefty.
领英推荐
CEOs of the world’s largest companies tell IDC that they already make around 30% of their revenue from digital products, and they expect that proportion to grow in the years to come. IDC identifies three dimensions along which enterprises can achieve this growth. First, they can exploit new channels: e-commerce, mobile apps, or the creation of new distribution paths such as enabling the circular economy. Second, they can adopt additional revenue models: pay-per-use, subscriptions, dynamic pricing, transaction fees, or payment for outcomes. And third, they can seek to monetize new digital assets: data, intellectual property, or virtual objects. Developing such new revenue streams requires that CIOs keep pressing ahead with digital spending. “If you pause, you’re already behind,” he says. Building new products may involve skills that CIOs don’t yet have on their roster. “You have to have the right mix of in-house and partners that can enable quicker development,” says Powers.
“Companies tend to write their controls down and never look at them again, so preparing for the audit is an appropriate time to look at and update them if they don’t reflect what you’re doing,” says Paul Perry, a member of the Emerging Trends Working Group with the governance group ISACA and the Security, Risk and Controls Practice Leader with accounting and advisory firm Warren Averett. Auditors want to see well-documented policies, but they also want to see them in action to verify that organizations are doing in day-to-day practice what those policies say they should be doing. For example, software engineers may be testing code, but they need to do so in a manner that follows the process and documentation requirements outlined in the organization’s policies. That’s the kind of action auditors will want to see, Yawn says. Review security and privacy controls to ensure they’re aligned with the organization’s own security and privacy policies as well as regulatory requirements and industry best practices.
Using potentially flawed data in the decision-making process not only leads to incorrect decision-making, but can have a negative impact on future data operations. If there isn’t real clarity about where the source of the data is, what it’s quality is and what it really means, how can employees really trust that data? And if they can’t trust it, the consequences can be serious, with executives developing a negative view of data-driven decision making and underinvesting in future data projects. It’s a vicious data circle that can end in a business not fully realising the true value from arguably its most important asset. It is crucial, therefore, that data is trusted and accurate, but ensuring data is reliable across multiple different sources is another challenge entirely The key is giving employees a single pane of glass through which to see all of the available data. This not only provides a single point of reference for employees that allows them to search for data on a reliable platform, but also gives them access to data from a wide range of different sources such as CRM or ERP systems.