November 23, 2021
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Microsoft Detection and Response Team (DART) has been assisting multiple organizations around the world in investigating the impact of NOBELIUM’s activities. While we have already engaged directly with affected customers to assist with incident response related to NOBELIUM’s recent activity, our goal with this blog is to help you answer the common and fundamental questions: How do I determine if I am a victim? If I am a victim, what did the threat actor do? How can I regain control over my environment and make it more difficult for this threat actor to regain access to our environments? ... DAP can be beneficial for both the service provider and end customer because it allows a service provider to administer a downstream tenant using their own identities and security policies. ... Azure AOBO is similar in nature to DAP, albeit the access is scoped to Azure Resource Manager (ARM) role assignments on individual Azure subscriptions and resources, as well as Azure Key Vault access policies. Azure AOBO brings similar management benefits as DAP does.
The distribution of tenants among multiple servers can be made using different methods. An intuitive way would be like "put the first 10 tenants in this server A, then only when needed provision a new server B and put the next 10 tenants there, etc". Another method would be starting with a few servers and distributing tenants evenly across those servers: Let's say you have 3 servers called A, B, C, you'd put Tenant1 into A, Tenant2 into B, Tenant3 into C, Tenant4 into A again, Tenant5 into B, etc. So basically tenants are distributed according to (TenantId)%(NumberOfServers). If you don't want to have a single catalog (which as I said before is both a bottleneck and a single point of failure) you can spread your catalog across multiple servers (exactly like the tenants' data) as long as your requests can be routed directly to the right place, which would require the sharding to be based on something like the tenant domain. ... The Security Policy TenantAccessPolicy can be used to apply filters over any number of tables. To make sure that any table with the [TenantId] column will always be filtered, we can create a DDL trigger that will apply the security predicate to any new (or modified) table.?
Nvidia is succeeding at its mission of demystifying zero trust in datacenters, starting with its BlueField DPU architecture. Its architecture includes secure boot with hardware root-of-trust, secure firmware updates, and Cerberus compliant with more enhancements to support the build-out of its zero-trust framework. One of Nvidia’s core strengths is its ability to extend and scale DPU core features with SDKs and related software, while scaling to support larger AI and data science workloads. Doubling down on DOCA development this year, Nvidia used GTC 2021 to announce the 1.2 release supports new authentication, attestation, isolation, and monitoring features, further strengthening Nvidia’s zero-trust platform. In addition, Nvidia says they are seeing momentum in customers and partners signing up for the DOCA early access program. ... Morpheus monitors network activity using unsupervised machine learning algorithms to understand typical behavioral patterns, as well as identity, endpoint, and location parameters across multiple networks.?
领英推荐
The difference between data privacy and data security comes down to who and what your data is being protected from. Security can be defined as protecting data from malicious threats, while privacy is more about using data responsibly. This is why you’ll see security measures designed around protecting against data breaches no matter who the unauthorized party is that’s trying to access that data. Privacy measures are more about managing sensitive information, making sure that the people with access to it only have it with the owner’s consent and are compliant with security measures to protect sensitive data once they have it. ... Using apps with end-to-end encryption is a good way to boost the security of your data online. Messaging services like Signal are encrypted end-to-end, meaning that no one but the sender and recipient of the message can view the data. That’s because the data is encrypted (or scrambled) before being sent, then decrypted only when it hits your device. One caveat here is to make sure the service you’re using is actually end-to-end encrypted.?
The pandemic has permanently changed what it means to be “at work”. Work is no longer a place you go, but what you do. Hybrid working, and the ability to work from anywhere, is here to stay. A huge part of this shift has been facilitated by our capacity to invent new ways of working fit for the digital age. Video conferencing, the cloud, instant messaging: it’s all part of the same narrative – how technology can facilitate new behaviours and patterns that can benefit the workforce. Network-as-a-Service (NaaS), for example, is a secure, cost-effective subscription-based model that lets businesses of all sizes consume network infrastructure on-demand and as needed. Think of it like a thermostat, where you can increase or decrease temperature to suit your needs. With a solution like NaaS, businesses can ensure their employees have the same security and network connectivity at a coffee shop or at home, as they would in the office. This fundamentally changes what it means to be safe, secure and online – and employees can work from any location.
Digital fluency is the missing ingredient in many digital transformation efforts. In most cases, I would argue that it’s not the technology that’s holding an employee back but the lack of digital infrastructure, Culture, leadership, and skills, which are required to thrive alongside technologies. Digital literacy in the workforce can be tricky, especially for a large organization with thousands of employees. Companies must consider each employee’s age, background, educational qualification, and current digital literacy level. Although the challenges are beyond Diversity and Inclusion (D&I), it also includes resistance to change, Fear of Missing Out (FOMO), tracking the change management, continuous process of change, etc. To be successful, businesses will need to provide the right digital tools and training to the workforce, including leadership and cultural support to build Tech intensity, i.e., an organization’s ability to adapt and integrate the latest technology to develop its unique digital capability and trust factor.