November 28, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
When it comes to technology purchases, another regret can be not moving fast enough. Merim Becirovic, managing director of global IT and enterprise architecture at Accenture, says his clients often wonder whether they’re falling behind.?“With the level of technology maturity today, it’s a lot easier to make good decisions and not regret them. But what I do hear are questions around how to get things done faster,” he says. “We’re getting more capabilities all the time, but it’s all moving so quickly that it’s getting harder to keep up.”?A lag can mean missed opportunities, Becirovic says, which can produce a should-have-done-better reproach. “It’s ‘I wish I had known, I wish I had done,’” he adds.?Becirovic advises CIOs on how to avoid such scenarios, saying they should make technology decisions based on what will add value; shift to the public cloud to create the agility needed to keep pace with and benefit from the quickening pace of IT innovation; and update IT governance practices tailored to overseeing a cloud environment with its consumption-based fees.
If money (whether earned or saved) is the first pillar of most business metrics, then time is another. That could be time spent or saved (more on that in a moment), but it’s also in the sense of pure speed. "Time to market should be one of the most critical digital transformation metrics right now for enterprises across industries,” says Skye Chalmers, CEO of Image Relay. “The market impact of a digital transformation project is all about its speed: If you don’t cross the finish line first with compelling new customer [or] employee experiences or other digital modernization initiatives, your competitors will.” So while an overall digital transformation strategy may not have an endpoint, per se, the goals or milestones that comprise that strategy should have some time-based measurement. And from Chalmers’ point of view, the speed with which you can deliver should be a key factor in decision-making and measurement. Focusing on the time-to-market metric “will directly improve an enterprise’s competitive position and standing with customers,” Chalmers says.
Before soliciting cyber insurance quotes, examine several areas of your network security to understand what vulnerabilities exist. Insurers will do just that, so anticipating gaps in your infrastructure, software, and systems will provide you with a clearer idea of what your company needs. Start with your enterprise network. Who has access and to what degree? Every person who has access to your network provides an attack vector, increasing the possibility of an attacker accessing more data through lateral movement. If an outside agent can gain entry to your network, that person or bot can harvest the most privileged credentials and move between servers and throughout the storage infrastructure while continually exploiting valuable sensitive data. That’s why most insurance audits consider privilege sprawl to be among the top risks. It happens when special rights to a system have been granted to too many people. It impacts the cost of premiums and could even lead to a loss of coverage. Public cloud assets also present an opportunity for a strike. Is access to that information secure??
领英推荐
Since when does everything always go as planned? Spoiler Alert: It never does. There’s even a saying for this: “Into each life, a little rain must fall.” And when those rain clouds do appear, what do successful entrepreneurs do? They don’t pack up their gear and head for shelter. No, they plant their feet firmly into the (muddy) ground and start selling umbrellas. “When you study success and read extensively about entrepreneurs, you realize that successful people come from a variety of backgrounds and circumstances, but they have one thing in common—they consistently do the work,” says Case Lane, Founder of Ready Entrepreneur in Los Angeles. “The only talent needed is knowing you can make that commitment to keep working to ensure business success.” Entrepreneurs don’t fear change (see above); they see it as an opportunity. “I knew how to solve a problem that many people were experiencing, and I knew I could help those people,” says Chane Steiner, CEO of Crediful in Scottsdale, Arizona.?
Device hijacking is one of the common security challenges of IIoT. It can occur when the IoT sensor or endpoint is hijacked. This can lead to serious data breaches depending on the intelligence of the sensors as well as the number of devices the sensors are connected to. Sensor breaches or hijacks can easily expose your sensors to malware, enabling the hacker to have control of the endpoint device. With this level of control, hackers can run the manufacturing processes as they wish. ... IIoT deals with many physical endpoint devices that can be stolen if not protected from prying eyes. This situation can pose a security risk to any organization if these devices are used to store sensitive information. Organizations with endpoint devices in great use can make arrangements to ensure that these devices are protected, but storing critical data in them can still raise safety concerns due to the growing number of endpoint attacks. For organizations to minimize the risk associated with device theft, it’s expedient to avoid storing sensitive information on endpoint devices. Instead, they should use cloud-based infrastructure to store critical information.
Generally speaking, the best way for an organization to approach zero trust is for security teams to take the mindset that the network is already compromised and develop security protocols from there. With this in mind, when implementing zero trust into a cloud environment, organizations must first perform a threat assessment to see where their biggest vulnerabilities lie. Zero trust strategy requires an inventory of every single item in a company’s portfolio, including a list of who and what should and should not be trusted. Additionally, organizations must develop a strong understanding of their current workflows and create a well-maintained inventory of all the company’s assets. After conducting a thorough threat assessment and developing an inventory of key company information, security controls must be specifically designed to address any threats identified during the threat assessment to tailor the zero trust strategy around them. The nature of zero trust is inherently complex due to the significant steps that a company has to take to achieve a true zero trust atmosphere, and this is something that more businesses should take into account.