How Object Storage Is Taking Storage Virtualization to the Next Level

We live in an increasingly virtual world. Because of that, many organizations not only virtualize their servers, they also explore the benefits of virtualized storage.

Gaining popularity 10-15 years ago, storage virtualization is the process of sharing storage resources by bringing physical storage from different devices together in a centralized pool of available storage capacity. The strategy is designed to help organizations improve agility and performance while reducing hardware and resource costs. However, this effort, at least to date, has not been as seamless or effective as server virtualization.

That is starting to change with the rise of object storage – an increasingly popular approach that manages data storage by arranging it into discrete and unique units, called objects. These objects are managed within a single pool of storage instead of a legacy LUN/volume block store structure. The objects are also bundled with associated metadata to form a centralized storage pool.

Object storage truly takes storage virtualization to the next level. I like to call it storage virtualization 2.0 because it makes it easier to deploy increased storage capacity through inline deduplication, compression, and encryption. It also enables enterprises to effortlessly reallocate storage where needed while eliminating the layers of management complexity inherent in storage virtualization. As a result, administrators do not need to worry about allocating a given capacity to a given server with object storage. Why? Because all servers have equal access to the object storage pool.

One key benefit is that organizations no longer need a crystal ball to predict their utilization requirements. Instead, they can add the exact amount of storage they need, anytime and in any granularity, to meet their storage requirements. And they can continue to grow their storage pool with zero disruption and no application downtime.

Greater security

Perhaps the most significant benefit of storage virtualization 2.0 is that it can do a much better job of protecting and securing your data than legacy iterations of storage virtualization.

Yes, with legacy storage solutions, you can take snapshots of your data. But the problem is that these snapshots are not immutable. And that fact should have you concerned. Why? Because, although you may have a snapshot when data changes or is overwritten, there is no way to recapture the original.

So, once you do any kind of update, you have no way to return to the original data. Quite simply, you are losing the old data snapshots in favor of the new. While there are some exceptions, this is the case with the majority of legacy storage solutions.

With object storage, however, your data snapshots are indeed immutable. Because of that, organizations can now capture and back up their data in near real-time—and do it cost-effectively. An immutable storage snapshot protects your information continuously by taking snapshots every 90 seconds so that even in the case of data loss or a cyber breach, you will always have a backup. All your data will be protected.

Taming the data deluge

Storage virtualization 2.0 is also more effective than the original storage virtualization when it comes to taming the data tsunami. Specifically, it can help manage the massive volumes of data—such as digital content, connected services, and cloud-based apps—that companies must now deal with. Most of this new content and data is unstructured, and organizations are discovering that their traditional storage solutions are not up to managing it all.

It’s a real problem. Unstructured data eats up a vast amount of a typical organization’s storage capacity. IDC estimates that 80% of data will be unstructured in five years. For the most part, this data takes up primary, tier-one storage on virtual machines, which can be a very costly proposition.

It doesn’t have to be this way. Organizations can offload much of this unstructured data via storage virtualization 2.0, with immutable snapshots and centralized pooling capabilities.

The net effect is that by moving the unstructured data to object storage, organizations won’t have it stored on VMs and won’t need to backup in a traditional sense. With object storage taking immutable snaps and replicating to another offsite cluster, it will eliminate 80% of an organization’s backup requirements/window.

This dramatically lowers costs. Because instead of having 80% of storage in primary, tier-one environments, everything is now stored and protected on object storage.

All of this also dramatically reduces the recovery time of both unstructured data from days and weeks to less than a minute, regardless of whether it’s TB or PB of data. And because the network no longer moves the data around from point to point, it’s much less congested. What’s more, the probability of having failed data backups goes away, because there are no more backups in the traditional sense.

The need for a new approach

As storage needs increase, organizations need more than just virtualization..[…] Read more »

 

Is Your Pandemic-Fueled Cloud Migration Sustainable?

COVID-19 shoved enterprises into the cloud. While remote work is sustainable, emergency cloud strategies are not.

Enterprises were already moving deeper into the cloud before the pandemic hit. Multi-year plans were replaced by emergency implementations to facilitate remote work and digital customer interactions. Businesses and their IT departments have been proud of their heroic efforts, but emergency implementations are not sustainable over the long-term.

“Regardless of what we did right or wrong, there was a rationalization behind it,” said George Burns, senior consultant for cloud operations at digital transformation agency SPR. “Now we need to take a step back and look at projects through a different prism.”

Governance

Data governance is non-optional for companies whether they’re regulated or not, especially with data regulations such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Burns said some of his clients are having trouble finding data now that they’ve shoveled it into the cloud.

“We need to rearchitect some of these solutions we’ve put in place, but then we need to come up with implementation plans that are even less disruptive than we had during good times,” said Burns. “How do we bolt that on to what we already have to let our newly distributed workforce continue to function and continue to generate revenue? Do we have governance wrapped around that to make sure that we can monitor what we need to monitor and be compliant where we need to be compliant?”

Six months into the pandemic, organizations should realize that they’re accumulating unnecessary risks if they don’t address the longer-term governance issues.

Though governance tends to be viewed as an internal-facing function, its role doesn’t end there. In fact, a recent Forrester report discusses the link between sound governance and better customer service. In a customer service context, the report’s authors said governance should include a cross-functional governance board, technology governance, process governance and data governance.

That’s sound advice generally.

Security

An obvious victim of rapid cloud adoption is security. There was no time to fully assess the new architecture from a security standpoint because business continuity and employee safety were more important. However, the potential security vulnerabilities left unchecked keep the door open for internal and external bad actors.

“It really comes back to the fundamentals,” said Burns. “Do we have the right security wrapped around [our architecture] so that we’re not exposing any of our data or access points?”

Meanwhile, the pandemic has fueled cyber fraud spikes and many of those campaigns have target work-from-home employees. In August, Interpol revealed it had observed a 350% increase in phishing sites and a 600% increase in malicious emails. Home Wi-Fi routers also have been targeted and several family members in an employee’s home may be sharing computers regardless of who owns them.

Enterprises need to ensure they’re educating employees about the work-from-home security risks to their organizations, especially since many of those individuals are attempting to balance their personal and professional lives. Hackers and social engineers know distracted individuals are easy targets.

Time to reassess

When the pandemic hit, there was no time for long-term thinking. Now, there’s a window of opportunity that shouldn’t be squandered. Whether a second COVID-19 wave occurs or not, businesses have an opportunity to assess where they’re at and compare that with where they need to be to ensure longer-term resilience.

“People are starting to understand that we’re not going to go back to work like normal tomorrow,” said Burns. ” Really, it comes back to the fundamentals. Do we have the right technology in place? Are we moving in the right direction? We need KPIs that show us that.”

Digital transformation has taken on new meaning in 2020 because it isn’t just about responding to digital disruption anymore. It’s about doing whatever it takes to survive and thrive no matter what happens. Essentially, last year’s playbook is old news.

“The rules of the game have completely changed. We’re not solving for the same X anymore,” said Burns. “We’re solving new problems that we haven’t taken the time to identify. We need to put out fewer fires and make more strategic decisions.”

Otherwise, enormous amounts of technical debt will continue to accumulate..[…] Read more »…..

 

Cloud Strategies Aren’t Just About Digital Transformation Anymore

Organizations have been transferring more data, workloads, and applications to the cloud to increase the pace of innovation and organizational agility. Up until recently, the digital transformation was accelerating. However, cloud adoption recently got a major shove as the result of the crisis, which can be seen in:

  • Dramatic remote work spikes
  • Capital expenditure (CapEx) reductions
  • Business model adaptations to maintain customer relationships

In fact, in a recent blog, Forrester reported robust 2020 first quarter growth of top three providers with AWS at 34%, Microsoft Azure (59%), and Google Cloud Platform (52%). The driver, according to Vice President and Principal Analyst John Rymer, is “Faced with sudden and urgent disruption, most enterprises are turning to the big public cloud providers for help.”

“We are seeing a huge increase in our clients wanting to digitize in-person processes and ensure they are accessible 24/7 and integrated with existing technologies through utilizing cloud services [such as] developing contactless ordering systems for physical retail locations, which both reduce the need for face-to-face interaction, but also sync with existing POS and stock management systems,” said Bethan Vincent, marketing director at UK digital transformation consultancy Netsells Group. “This requires both API integrations and a solid cloud strategy, which seeks to build resilience into these new services, protecting against downtime and the knock-on effect of one system affecting another.”

Jiten Vaidya, PlanetScale

Jiten Vaidya, PlanetScale

Speaking of resiliency, there is a corresponding uptick in Docker and Kubernetes adoption. “We have seen an interest in databases for Kubernetes spike during the COVID-19 pandemic. Kubernetes had already emerged as the de facto operating system for computing resources either on-premise or in the cloud,” said Jiten Vaidya, co-founder and CEO of cloud-native database platform provider PlanetScale. “As the need for resiliency and scalability becomes top of the mind, having this uniform platform for database deployment is becoming increasingly important to enterprises.”

While business continuity isn’t the buzzy topic it was during the Y2K frenzy, many consulting firms and technology providers say it’s top of mind once again. However, it’s not just about uptime and SLAs, it’s also about the continuity of business processes and the people needed to support those business processes.

Greater remote work is the new normal

Chris Ciborowski, CEO and co-founder of cloud and DevOps consulting firm Nebulaworks, said many of his clients have increased their use of SaaS platforms such as Zoom and GitLab/GitHub source code management systems.

“While these are by no means new, there has been a surge in use as identified by the increased load on the platforms,” said Ciborowski. “These are being leveraged to keep teams connected and driving productivity for organizations that are not used to or built for distributed teams. [M]any companies [were] already doing this pre-pandemic, but the trend is pouring over to those companies that are less familiar with such practices.”

Chris Ciborowski, Nebulaworks

Chris Ciborowski, Nebulaworks

Dux Raymond Sy, CMO and Microsoft MVP + regional director at AvePoint, which develops data migration, management and protection products for Office 365 and SharePoint, has noticed a similar trend.

“Satya Nadella recently remarked [that] two years of digital transformation has happened in two months,” said Sy. “Organizations and users that were on the fence, have all adopted the cloud and new ways of working. They didn’t have a choice, but they are happy with it and won’t revert to the old ways.”

However, not all organizations have learned how to truly live in the cloud yet. For example, many have adopted non-enterprise, consumer communication and/or collaboration platforms, which have offered free licenses in response to COVID-19. However, fast access to tools can result in ad-hoc, unstructured and ungoverned processes.

“Adoption isn’t a problem anymore, but now productivity and security are. As we emerge from the post-pandemic world, organizations are going to need to clean up their shadow IT, overprivileged or external users that can access sensitive data they shouldn’t and sprawling collaboration environments,” said Sy. “The other mistake we are seeing organizations make is not continuously analyzing their content, finding their dark data, and reducing their attack profile. Organizations need to make a regular habit of scanning their environments for sensitive content and making sure it is where it is supposed to be or appropriately expire it if it can be deleted. Having sensitive content in your environment isn’t bad, but access to it needs to be controlled.”

Dux Raymond Sy, AvePoint

Dux Raymond Sy, AvePoint

All the cybersecurity controls organizations have been exercising under normal conditions are being challenged as IT departments find themselves enabling the sudden explosion of remote workers. In fact, identity and access management company OneLogin recently surveyed 5,000 remote workers from the U.S. and parts of Europe to gauge the cybersecurity risks enterprises are facing. According to the report, 20% have shared their work device password with their spouse or child, which puts corporate data at risk, and 36% have not changed their home Wi-Fi password in more than a year, which puts corporate devices at risk. Yet, 63% believe their organizations will be in favor of continued remote work post-pandemic. One-third admitted downloading an app on their work device without approval.

“Organizations everywhere are facing unprecedented challenges as millions of people are working from home,” said Brad Brooks, CEO and president of trusted experience platform provider OneLogin in a press release. “Passwords pose an even greater risk in this WFH environment and — as our study supports — are the weakest link in exposing businesses’ customers and data to bad actors.”

CapEx loses more ground to OpEx

SaaS and cloud have forever changed enterprise IT financial models, although many organizations still have a mix of assets on-premises and in the cloud. In the wake of the 2008 financial crisis, businesses increased their use of SaaS and cloud. Digital transformation further fueled the trend. Now, CFOs are taking another hard look at CapEx as they fret about cashflow.

Suranjan Chatterjee, Tata Consultancy Services

Suranjan Chatterjee, Tata Consultancy Services

“The pandemic has crystalized the fact that there are basically two types of companies today: those that are able to deliver digitally and connect to customers remotely, and those that are trying to get into this group,” said  Miles Ward, CTO at business and technology consulting services firm SADA. “Since the world turned on its head the past few months, we’ve seen companies in both groups jump on cloud-based tools that support secure connections, scaled communications, rapid development and system access from anywhere, anytime. Using these tools, companies can reduce their risk; nothing feels safer than going from three to five-year commitments on infrastructure to easy pay-as-you-go, and pay only for what you use, commitment-free systems.”

Business models have shifted to maintain customer relationships

Businesses negatively impacted by shelter in place and stay at home executive orders have reacted in one of two ways: adapt or shut down temporarily until the state or country reopens. The ones that have adapted have been relying more heavily on their digital presence to sell products or services online, with the former being supplemented with curbside pickup. The businesses that shut down completely tended to have a comparatively weak digital strategy to begin with. Those companies are the ones facing the biggest existential threat..[…] Read more »…..

 

 

Cloud Solutions: Four Key Areas of Focus

When it comes to cloud solutions, there are many questions regarding the migration process. To help with the transition, end users need to have a full understanding of what cloud is and what they would be getting. The security industry is conservative and can be slow to make changes, however it’s not a question of ‘if’ you might transfer to cloud, but ‘when.’ Moving to cloud starts with an understanding of operation and functionality. Education and research come next, honing in on what you are looking for and what a cloud solution can offer to meet your physical security requirements.

To help with the transition, what are a few key elements to focus on, when starting to have a conversation about cloud? In an effort to provide guidance, these four cloud facts should help in deciding if a cloud solution is best for you.

1. Cloud Provides Cost-Saving Solutions

Eliminating local system components makes the cloud less complicated, but it also makes system maintenance more cost-effective overall. Transitioning to the cloud will save you money in both the long and short term. A subscription-based model will save on setup and management fees, as well as human resources. With a cloud solution, because you are eliminating the need for NVRs, video management systems, access control servers and panels, you will be eliminating four major expenses.

Additionally, cloud provides a more scalable solution, which means you will be able to add a few cameras or doors to an existing system without having to purchase additional hardware. This allows for a more flexible approach to your security needs – meaning you only pay for what you use. You will no longer have to pay for an NVR that supports 60 cameras, while only having 30 installed.

2. Cybersecurity Risks Are Alleviated

You might think because you’re connecting a device to the cloud, to something outside of your network, that it poses more security risks than on-premise storage. However, cloud providers have been working for many years to develop technology to encrypt the data from the moment it’s captured through the transportation to the cloud. This gives you end-to-end security, which is safer than an onsite system. In addition, onsite systems can be prone to damage through theft, server issues and hacking – which are not issues with a cloud system.

When choosing a cloud provider, look for organizations with experience and resources that invest significantly in cybersecurity annually. Consider asking how much a provider will spend on cybersecurity and data privacy every year, as well as if they have a designated cyber team and how big that team is. Your cloud provider will likely be able to invest significantly more into cybersecurity development than you might be able to on your own.

3. Cloud Requires Minimal Bandwidth

The cloud platform you select should run on a single, open architecture to deliver faster, more secure and more reliable services. What you might not know about cloud-based systems is that they can operate without cloud-based video storage. A robust and open platform will allow video to be stored on the camera, or gateway device – enabling the system to run using little to no bandwidth. If you choose to store video on a camera or gateway device, you can transport it over the network on-demand.

You should also look for a solution offering a hybrid mode – a combination of on-device and cloud storage. Hybrid mode is customizable to your needs and allows for video to be stored on the cloud, or locally on a bandwidth schedule. At the end of the day, cloud storage offers a number of options, all requiring little bandwidth.

4. Cloud Requires Less Components

Simply put, cloud solutions are easier and less complicated than onsite systems…[…] Read more »….

Meet Wendy Holmquist: Cloud Expert of the Month – December 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

December Cloud Expert of the Month is Wendy Holmquist
Wendy Holmquist has 20+ years of professional experience working in emerging technologies and go-to market sales strategies. Her experience includes time at Adobe, Oracle, Centurylink, and Verizon working with a wide range of customers and strategic alliance partners in both public sector and enterprise. She is able to provide clients with invaluable market knowledge, comprehensive strategies, and effective solutions to transform business initiatives, markets and organizations. She has a broad base of technology expertise in IaaS, PaaS, SaaS, DRaaS, software, AI, data center, security, network, and digital media.

Wendy has just returned from a 10-month sabbatical and is currently working at Splunk managing global systems integrator alliances for State, Local, and Higher Education (SLED) nationally. She is passionate about driving initiatives, personally and professionally, that have meaningful impact on communities and improving the lives of others. Wendy holds an MBA from the University of San Francisco and Bachelor’s of Science degree from California Polytechnic University in San Luis Obispo, California.

When did you join Cloud Girls and why?
I am one of the original Cloud Girls. I was invited to join what was an informal group of women coming together monthly via conference call to discuss cloud technologies in 2012, back when no one really knew what cloud meant. I joined the first Board of Directors and planned our first Cloud Girls off-site retreat in 2014. The first retreat was a game changer for all of us because it allowed us to physically come together as group and map out our mission and vision for the organization.

What do you value about being a Cloud Girl?
I value the friendships that I have made over the years and the unbiased approach to uplifting our unique community of women. I love and live by our mission to not only support each other, but other young women in their technology aspirations.

What is the biggest risk that you’ve taken?
When I started considering taking some time off from my career to recharge and focus on my family and uninterrupted personal development, it felt like it was too big of a risk to consider, professionally and financially. Ultimately, I allowed myself to take the risk. It’s remarkable how much you learn about yourself, your values, and how to be grateful when you take time to breathe and slow down the chaos of our daily lives. In my time off I learned to ensure that everything I do going forward, at home and as a woman in technology, will reflect authenticity and my core values. As I move step into a new role after a 10 month break, I realize that what felt like a big career risk at the time, is actually extremely beneficial to my career, as I can now move forward with more purpose in my job every day.

How do you define success?
Success to me is not only meeting expectations but exceeding them in areas that may not be tangible. When I am working with clients, I try to figure out what the impact of an initiative means to them personally, such as freedom, stress reduction, and/or happiness. A successful project or event is one that impacts people and their lives, and my view of success is always to build towards that ultimate goal.

What are the most exciting opportunities for women in tech?
This is such an extraordinary time for women in technology. As I started to talk to people about my next career move, I found that companies and hiring managers were purposefully looking to add women to their staff to not only add diversity to their teams but to promote women as a new generation of leaders inside technology companies…[…] Read more »…..

 

Meet Michelle Hyde: Cloud Expert of the Month – October 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

October Cloud Expert of the Month is Michelle Hyde
Michelle Hyde, president and founder of Hyde Group, has been serving Pacific Northwest enterprises with excellence for more than 20 years. Her history of applying the right technology at the right time to critical business issues that clients face has propelled the Hyde Group’s success and advanced its reputation as a true client advocate. Hyde Group has a passion for finding solutions to client challenges during their digital transformation through teamwork and enablement of scalable solutions in cloud, SaaS and emerging technologies. Hyde currently serves on the Advisory Council for Cloud Girls and is a past member of its Board of Directors.

When did you join Cloud Girls and why?
I joined Cloud Girls right at the formation of the association in Jan of 2012 and helped with the formation of our monthly endeavor.  I then joined the board in Jan 2013 as the Operations Chair role until Jan 2018, and then took the Finance Chair and moved into the role of Advisory Council member after that in Jan 2019 where I still serve.  It was an exciting endeavor to be part of the founding members of what would become a true premier organization; creating vision, structure, process and growth over the years.

What do you value about being a Cloud Girl?
The Cloud Girls organization is a true point of pride for me, not just being a part of its foundation, but being aligned with such amazing women that have become sincere friends, endearing colleagues and so many that have guided and influenced me over the years.  I can honestly say that I would not be as far in my career or with such success without the aid of the women in this organization.

What is the biggest risk that you’ve taken?
The biggest career risk I have taken is certainly starting my own consulting firm 3 months after having a second child and right after my 39th birthday.  I chock it up to the fact my hormones were not all there postpartum, and having the mindset of “what could possibly go wrong here?”  Starting a business, a tangent from what I was doing at the time, thinking I knew more than I did, and simply wanting success and autonomy in my world seemed to be the right mix.  I did all that I could to establish myself and created an amazingly supportive network around me that wanted me to also have success.  There are certainly days and weeks over the last 10 years I have had to throw elbows around to get my voice heard or my point across, but I would not change a thing.  Now that nearly 10 years have passed, I am getting pretty comfortable in my skin and am ready to take it to the next level and start looking at greater risks to take!

What is the best professional/business book you’ve read and why?
With my drive to get to the next level in my business, I am reading a book called ‘Scale – 7 Proven Principles to Grow Your Business and Get Your Life Back’, and although I have listened to it on Audible, I have to get the book because the worksheets are essential here.  I am examining merging with 2 other companies and this book will directly pertain to us.  It identifies where we are at in the 3 stages, and the 7 principles of getting through the next stage(s) for a successful small business growth trajectory.  There are other books I am reading right now too, Getting Things Done by David Allen and Power Trips, by a friend of mine, Norman Rawlings and How to Train A Wild Elephant and Other Adventures in Mindfulness, by Jan Chozen Bays MD.  There is no shortage of things I want to read – my nightstand is stacked a foot high with desired reads […] Read more »…..

 

Luanne Tierney: Cloud Expert of the Month – August 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

August Cloud Expert of the Month is Luanne Tierney
Luanne Tierney, currently CMO of Open Systems, which is a secure SD-WAN managed services company, has extensive experience in leading complex marketing organizations for Fortune 500 and mid-market SaaS companies. She has had marketing leadership roles at Cisco, Juniper, Fortinet and Proofpoint. As a young working executive, she was the first in the industry with the sponsorship of Chuck Robbins- now CEO of Cisco, to develop a Women-in-Tech leadership programs in Silicon Valley. Luanne has won numerous awards in the industry, from PBWC Industry Leader Award, Silicon Valley Women of Influence Award, multiple CRN Channel awards, YWCA TWIN Executive Award but the recognition she most appreciates is from the sales teams that she has supported throughout her career

When did you join Cloud Girls and why?
Jo Peterson one of the co-founders reached out to me in 2017 and invited me to join. Right away I was impressed about the organization because it was an intimate organization, focused on sharing ideas by women working in all levels in tech. The group would meet monthly to discuss cloud technologies as it related to their professional roles.

What do you value about being a Cloud Girl?
I value the opportunity to learn, interact, share best practices, support and personally connect with the other women who are at different stages in their careers.

What is the best career advice you’ve ever received?
When I was a young working mom, I had dinner with the late outspoken Ann Richards ( former governor of Texas). I had developed and initiated the first “Women in Channels Leadership Program” at Cisco and was in Dallas, Texas hosting one of first of these programs.  I remember having the honor of sitting next to her at dinner and asking her “How do I have a successful career and simultaneously raise great kids?” Her feisty delivery response was this, “Give up the guilt, bring them with you to your work, show them what you are doing and that you are passionate about your job, so that when you are not with them they understand what your work life is like and are positively exposed.”

How do I avoid being complacent in my role?
Well that’s a funny question. I find this to be true – there is always someone younger, smarter, with seemingly cooler professional experiences – especially in the digital area. First of all, I prioritize staying current through learning by in person conversations. Each week, I make sure I have scheduled external meetings with individuals who I can learn from. These are not necessarily people who are solely focused on marketing, but rather Executives in Sales, CEOs, CIO’s, Human Resources, and recent college graduates. I also make sure I invest in myself by learning from my peers through Industry Associations. In addition to Cloud Girls, I am member of SVEN, (Silicon Valley Executive Network)  and the CMO Club. I am also an avid podcast listener- some of my favorites are: What’s Next, How I Built This, and Super Women. I am also on public and a private boards in the consumer space, Crimson Wine Group  and KNOCK Inc., which gives me exposure to market dynamics and challenges in the consumer industry.

How can you be a role model for young women and young men about what it means to be a leader in tech?
It doesn’t matter what industry you are in; leadership is all about people! Take the time to listen to your people. Surround yourself with a diverse team of people who are have different expertise. It can’t be about you, the more you help the organization the better you will feel. Your team accomplishments and what they deliver will identify you as a great leader […] Read more »

 

Louise Bowman: Cloud Expert of the Month July, 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

July’s Cloud Expert of the Month is Louise Bowman

Louise Bowman is a customer-focused enterprise sales executive that has been in the IT industry for almost 20 years. Her career began at Rackspace, a Global Managed Hosting & Cloud provider, where she built the insides sales team – both in San Antonio and London. In 2007, she returned to her hometown of Denver, and began working for ViaWest, now Flexential, a National Colocation, Managed Hosting and Cloud provider. There she was a Major Account Executive managing top ten named accounts, and later was asked to build ViaWest’s inside sales team. Her next adventure, NIMBL, a national system integrator based in Denver, gave her the opportunity to move up the IT stack where she began working within the SAP ecosystem selling software, consulting, staffing and managed application services to clients primarily in the Pacific Northwest.

Bowman is intrinsically motivated by responsibility, positivity, winning others over, learning, complex deals, and dynamic and thriving organizations. She is currently a member of Cloud Girls and is the SAP ASUG Pacific Northwest Chair Lead.Outside of work, she enjoys great food and wine (cooking or eating out), traveling, skiing, hiking, working out, murder mystery movies andbooks, and spending time with her husband & fur baby, Edie! Louise has a Bachelor of Science degree in psychology from the University of Colorado, Boulder, where she was member of Phi Beta Phi and Captain of the Women’s Lacrosse team.

When did you join Cloud Girls and why?

Manon Buettner, Cloud Girls’ co-founder, and I had met earlier in 2014, and through many discussions she invited me to I join Cloud Girls in 2015. I was able to attend my first retreat in Park City – that weekend really gave my insight into what an amazing organization Cloud Girls is, especially all the women involved.

What do you value about being a Cloud Girl?

First, the annual retreat because this is the time I have been able to learn about each “girl” in the group, dig into key issues and how others see/handle situations, let our hair down, laugh, play and leave with a feeling of belonging. This event always reminds me what a dynamic, eclectic, accomplished and vocal group I am a part of – I am proud to be a Cloud Girl. Second, the ongoing education, strong network and our community involvement.

What is the best career advice you’ve ever received?

“Feel, Think, Do”

What is the best professional/business book you’ve read and why? 

Gallup Poll’s “StrengthFinder” by Tom Rath. This book is the only personality test that has ever really resonated and gave me great insight into myself and others.  I highly recommend to this to everyone, no matter your profession […] Read more »

 

Small and Medium-sized Financial Institutions: The Security Challenges They Face Each Day

It’s no secret that financial institutions are in criminals’ crosshairs. This has been the story ever since people and organizations started putting their cash in the care of others. But unlike the good ol’ days of dramatic ski-masks-over-face, gun-in-hand heists, the majority of today’s banking crimes are digital, and thus, involve far less bravado and derring-do.

While cybercrime and fraud affect all financial institutions, each sector has its own specific concerns. The concerns of large institutions generally take center stage due to their high profiles and the large stakes involved, but often, concerns specific to small and medium-sized institutions go overlooked. In this article, we will examine the issues that cause the most distress to IT and security teams at small and medium-sized financial institutions.

Why Cyber Criminals Love Small and Medium-sized Financial Institutions

Small and medium-sized financial institutions are often seen by cyber criminals as low-hanging fruit — sure, they could go after JPMorgan Chase or Goldman Sachs for a huge payoff — but a heist of that nature requires boatloads of planning and effort. For an attack of that scale, an assailant must have incredibly powerful tools as well as a flawless plan, which could take months and even years to orchestrate.

Add to that the immense challenge of evading the law once the attack has been executed. High profile attacks on banks make great news fodder and criminals can expect to be hotly pursued and tried for their misdeeds.

Unfortunately, this is not typically the case with smaller targets. It doesn’t take quite as much planning or effort to hit smaller players and since these crimes are not as high profile, it may be easier for the attacker to get away with them. All in all, small and medium-sized financial institutions are a wise choice for attackers looking for a relatively easy swindle.

The Security Challenges that Keep Small and Medium-sized Financial Institutions CISOs Up at Night

There are many cyber security issues that plague small and medium-sized financial firms, ranging from structural issues to out-and-out threats. While each organization is unique, security leaders at most, if not all, small and medium-sized financial services firms must overcome these structural challenges.

Lack of Buy-in/Understanding from C-Suite/Leadership

Each financial services firm has its own business drivers, those issues that are integral to the success and advancement of the business model. While issues like customer satisfaction and regulatory compliance generally top execs’ lists, the issue of cybersecurity doesn’t always show up on their radar.

There are a few reasons that cyber security may not be the first thing on many leaders’ minds. To start with, it can be very difficult to prove the return on investment for security-centered projects. In the words of security expert Bruce Schneier, “Security is about loss prevention, not about earnings.” Proving how much a company saves by preventing a breach does not produce the same tangible benchmarks as do other, more concrete investments.

Moreover, leaders may not have sufficient IT and/or security knowledge to grasp the full severity of weak or inadequate defenses. While some decision makers certainly are well versed in technology, it’s often not a part of their job requirements and they simply may not grasp the importance of investing in new solutions as they become available. Likewise, they may not understand the full legal and operational ramifications of falling prey to a breach.

Lastly, according to ChiefExecutive.net, leaders at smaller firms are often convinced that their firm is not worth the attacker’s time or effort. This leads to a dangerous stance of security complacency, an attitude that nothing further is required to protect the firm, based on their own erroneous assessment of limited risk.

Limited Budgets

As mentioned above, small and medium-sized financial institutions typically have much more limited cyber security budgets than larger institutions. A recent survey by Untangle found – shockingly! — that of 350 small and medium-sized businesses polled, 50 percent had annual security budgets of less than $5,000 US and of those, 50 percent had budgets of less than $1,000 US.

In light of these numbers, it comes as no surprise that at many smaller FinServs, there is no one specific person or team tasked with cybersecurity – it’s just another aspect of IT’s responsibilities. Moreover, their tools are nowhere near as comprehensive as those found at larger institutions. This increases the chances of breaches and extends time to detection (TTD) and time to respond (TTR) in the face of incidents.

At the same time, small and medium-sized financial firms still have conveniences like customer-facing apps and websites, which are necessary to compete with the big guys. But as with the rest of their technology stack, these applications may be less robust and secure than those developed by banks with more money to allocate to security. This makes these less secure applications prime pickings for attackers.

Dependence on Third Party Vendors

Small and medium-sized financial institutions are heavily reliant on integrations with third party suppliers. As with businesses of any size, these firms need to share information with partners and contractors to remain relevant and agile in an increasingly connected world.

But granting access to third parties can come with great risks — by making your network accessible to third parties, you allow their vulnerabilities to become your vulnerabilities, their liability to become your liability. This was clearly demonstrated in the infamous Target hack of 2013, when the behemoth saw their point of sale system breached due to an integration with an HVAC vendor whose credentials were stolen.

In the typical integration, external partners can access the company’s networks without adequate monitoring and limitations. This allows them access to far more resources than needed to do their jobs, making the organization a sitting duck. And as third-party vendors are often also small and medium-sized businesses, there is a very real chance that they may have less-than-adequate security, which compounds the risk. Further, the decision of which vendor to use is often made with little regard to vendor security practices and how those may affect the institution and its networks.

The Threats that Nightmares are Made Of

While budget limitations, support from top brass and third-party vendors are ongoing headaches for security officers, threats that commonly target financial service businesses are the night terrors that bolt them awake in a cold sweat.

The Many Flavors of Insider Threats

Insider threats take many forms and affect all businesses, from the largest enterprises to shoestring operations. And while all businesses suffer when an employee goes rogue or an ex-staffer decides to spill the company beans, small businesses experience damage from insiders more often than their larger counterparts. This is especially true in finance, where the stakes are inherently much higher than for most other businesses. In fact, according to the 2019 Verizon Data Breach Investigations Report, the threat actors in 36 percent of breaches of financial institutions were insiders.

One reason small and medium-sized financial firms fall prey to insiders is that they often lack proper protocols for revoking access after an employee has been terminated. Smaller financial firms tend to have less robust IT standard operating procedures and thus when an employee is asked to leave, it may take days or weeks before his or her access to critical resources is revoked. This leaves the ex-staffer with plenty of time to collect whatever data he or she wants, which can then be given to competing banks — or worse, such as nation state adversaries and cyber-criminal syndicates.

Similarly, smaller firms also tend to engender feelings of trust and familiarity among employees. While this is great for the general work ethic, there is risk in trusting your employees too much. Large institutions often have tiered Identity Access Management (IAM) solutions in place to prevent employees from seeing information which is beyond the scope of their requirements. Once again, due to less sophisticated IT infrastructure and because of that cozy, feel-good atmosphere, smaller institutions may not have the same precautionary measures in place, allowing employees access to data far beyond their actual data needs.

Then there is the insider who, although not necessarily malicious in intent, is simply impervious to training. This is the employee who routinely clicks suspicious links or fails to notice clues indicating that he or she is being phished or scammed. Scary but true: According to Verizon’s 2019 DBIR, three percent of people will click on any given phishing campaign. And these well-meaning employees can cause just as much damage as those with ill intentions: In a small and medium-sized bank, the means or understanding to track just which employee is “that guy” may simply not exist — thus, the risk goes unmitigated.

Business Email Compromise (BEC) Scams

According to a report by security firm IronScales, 95 percent of successful cyber-attacks include an element of social engineering. Humans are easily manipulated and attackers are adept at creating all kinds of compelling scams to help victims and their money or data part ways. According to the Verizon 2019 DBIR, financially motivated social engineering attacks target financial services institutions disproportionately vis a vis other industries.

In recent years, BEC, or Business Email Compromise, has become one of the most potent phishing methods, generating losses of $676 million US in 2017. According to HSBC, small and medium-sized businesses are harder hit than larger enterprises.

In the typical BEC scam, the scammer impersonates someone in a position of power within the organization, perhaps the CEO or a senior member of the IT team. The scammer sends an urgent email to a lower ranking employee, demanding funds to be transferred. This perfectly crafted email is almost indiscernible from an authentic one and implies that the recipient must see to it that the funds are transferred immediately – or face repercussions. If things go according to the attacker’s plan, the employee sends the request off to the organization’s bank, where an unwitting bank employee complies with the email’s instructions and transfers the funds.

BEC scams cause damage to all kinds of businesses, as well as banks.  But no matter the industry, they affect banks because they are the ones through which financial transfers take place. In smaller institutions, standard operating procedure for transfers may not be clearly outlined and thus there is a greater danger that someone within the bank may authorize such fraudulent transfers.

Browser-Based Threats

Like all businesses, small and medium-sized financial institutions need to use the Internet for tasks such as researching loan applicants and corresponding with customers. So, every employee needs web access. But the risk that comes with open connectivity, namely, the fact that browser-borne malware can easily spread laterally throughout networks, cannot be tolerated in such a sensitive arena.

Browser-based malware is always morphing to ensure that it evades traditional security methods, but some attack elements remain the same; Cross-site scripting (XSS) and SQL injection (SQLi) attacks are some of the most common web-based attack methods and can potentially come from any website that has been infected — even those that have been deemed secure. These complex attacks can easily exfiltrate data off employee’s browsers. Moreover, browser-based threats are difficult to detect, which puts critical assets directly in harm’s way.

Many IT admins turn to whitelisting pre-approved web applications and websites to help keep out browser-based threats. But whitelisting has significant drawbacks — it leads to reduced productivity and agility as employees cannot always access the resources they need when they need them. It’s also not completely effective, as once-good sites can become infected with malware and in turn, pass that infection on to your network.

Small and Medium-sized Banks Have to Level Up to Survive

Beyond the threats themselves, small and medium-sized FinServs have to consider the costly fallout that comes along with successful cyber security attacks. Understandably, in the wake of an attack, customers may lose confidence and jump ship. And while larger financial institutions can absorb the costs of many, if not most, attacks, smaller ones cannot, which may lead to closures […] Read more »..

Artificial Intelligence Changes Everything in the Security Industry

During my years at Dell, we would share what we serendipitously found in the way of a good read. I thought I’d continue that practice, sending your way, if you haven’t already discovered it, Kai-Fu Lee’s book AI Superpowers: China, Silicon Valley, and the New World Order. It’s a fascinating read – particularly his insight that, “AI will be to the 21st Century what electricity was to the last…and Data – the oil that drives the generator.” Just as nineteenth-century entrepreneurs applied the electricity break-through to cooking food, lighting rooms and powering industrial equipment, today’s AI entrepreneurs are doing the same with the deep learning of artificial narrow intelligence (ANI). Lee’s insights were incisive and inspiring – a clarion call of caution mixed with an articulate voice of hope and encouragement. Having straddled both China and U.S. cultures, his insights into the mind and practices of these largest global markets were eye-opening and even-handed. He explains the fundamentals of Neural Networks and Deep Learning in a way that were easy to grasp and presupposed little in the way of any prior mathematical understanding.

In the Deep Learning of AI, we’ve found that proactive capability we wanted to advance many years ago.  We knew if we could determine the pure genomic state of the benign files that make up the Internet, we could detect malicious anomalies and preempt them before they could hurt us. We just needed technology to catch up with the idea. However, just as predicted 50 years ago by Thomas Kuhn in his book the Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advance mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99 percent[…] Read more »..