Cybersecurity Archives | eWEEK https://www.eweek.com/security/ Technology News, Tech Product Reviews, Research and Enterprise Analysis Thu, 07 Sep 2023 00:34:37 +0000 en-US hourly 1 https://wordpress.org/?v=6.3.2 AT&T’s Theresa Lanowitz on Cybersecurity in Edge Computing https://www.eweek.com/security/att-cybersecurity-in-edge-computing/ Thu, 07 Sep 2023 00:34:37 +0000 https://www.eweek.com/?p=222938 I spoke with Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, about the issues the involved with securing an edge deployment. Among the topics we discussed:  Let’s look at the edge market broadly. Clearly edge has seen rapid growth in the last few years. What trends are driving the edge market here in 2023? […]

The post AT&T’s Theresa Lanowitz on Cybersecurity in Edge Computing appeared first on eWEEK.

]]>
I spoke with Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, about the issues the involved with securing an edge deployment.

Among the topics we discussed: 

  • Let’s look at the edge market broadly. Clearly edge has seen rapid growth in the last few years. What trends are driving the edge market here in 2023? What are some key findings from the Edge Security Report?
  • As companies plan and build out their edge deployments, what are the most challenging security concerns? What do you see companies struggling with the most?
  • How do you recommend companies address these security challenges to their edge infrastructure?
  • How is AT&T serving the edge computing needs of its clients?
  • The future of edge computing and security, over the next 1-3 years? It seems like security in the edge sector has a long way to go.

Listen to the podcast:

Also available on Apple Podcasts

Watch the video:

The post AT&T’s Theresa Lanowitz on Cybersecurity in Edge Computing appeared first on eWEEK.

]]>
How Veeam Helped New Orleans Fight Ransomware https://www.eweek.com/security/how-veeam-helped-new-orleans-fight-ransomware/ Mon, 12 Jun 2023 16:59:53 +0000 https://www.eweek.com/?p=222536 When faced with a ransomware attack, organizations and government agencies need to have robust protocols in place to respond quickly. The importance of regular and secure backups cannot be overstated. The City of New Orleans learned this lesson firsthand during a complex and time-consuming backup and recovery process following a ransomware attack. In the aftermath […]

The post How Veeam Helped New Orleans Fight Ransomware appeared first on eWEEK.

]]>
When faced with a ransomware attack, organizations and government agencies need to have robust protocols in place to respond quickly. The importance of regular and secure backups cannot be overstated. The City of New Orleans learned this lesson firsthand during a complex and time-consuming backup and recovery process following a ransomware attack.

In the aftermath of the ransomware attack, the city was forced to take the drastic step of completely shutting down its digital infrastructure. As a result, 100 percent of city services became unavailable overnight, causing significant disruptions. The city needed to address these issues by deploying a solution that was easier to use, worked better, and could be trusted to keep data secure. To do this, the city turned to Veeam.

I met with Kim Walker LaGrue, CIO of the City of New Orleans, at the VeeamON 2023 conference in Miami to discuss how Veeam’s technology has helped the city with both backup recovery and disaster recovery. Highlights of the ZKast interview, done in conjunction with eWEEK eSPEAKS, are below.

Also see: The Successful CISO: How to Build Stakeholder Trust

  • The New Orleans ransomware attack is a key example of how vulnerabilities can be exploited. The incident began with compromised credentials. The IT department noticed unusual activity when there were constant password resets, and remote access was detected on user workstations. It was discovered that a user had opened a malicious email, allowing an attacker to infiltrate the city’s network.
  • To recover from the attack, the city cleaned and inspected its existing data, transferred it onto new storage platforms, and implemented a fresh backup strategy with Veeam at its core. This approach ensured that as data was reintroduced into production, it was not only clean and free of ransomware, but also immediately backed up through Veeam. Ensuring the cleanliness of data is a critical but often under appreciated aspect of recovery.
  • The city bounced back from the ransomware attack in just about a month. But the real game-changer moment came a year and a half later when New Orleans had to deal with a major disaster. A hurricane caused the city’s main data center to be destroyed by a fire. The city had to rely completely on secondary storage and its backups. This time, New Orleans restored its entire environment and got the backups online in the secondary data center within 48 hours.
  • Before turning to Veeam, the City of New Orleans was dealing with fragmented backup solutions deployed across different parts of its IT environment. The backup solutions weren’t efficient enough to ensure fast recovery, which is crucial in the event of a data breach or a natural disaster. The city wanted a solution to consolidate the backup processes for all these disparate systems into one location.
  • The city chose Veeam due to several key factors: simplicity, responsiveness, user-friendly interface, and immutable backups—an especially useful feature where backups cannot be modified or deleted after they are stored. Overall, Veeam’s solution acted like a security blanket over the city’s infrastructure as it was being rebuilt. This gave the team confidence during a potentially stressful period.
  • Operationally, moving to Veeam has provided the city’s data center team with flexibility and automation regarding data recovery. The team can now easily identify and restore specific elements, whether an individual file or a set of servers, from a single interface that Veeam offers.
  • For other organizations dealing with ransomware, the best approach is to prioritize and categorize data because it holds the most value. So organizations can truly understand the nature of the information in their environment. This puts technology solutions in the best possible position to recover, eliminating the need for organizations to negotiate with threat actors or pay a ransom.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

The post How Veeam Helped New Orleans Fight Ransomware appeared first on eWEEK.

]]>
Cohesity and Microsoft Tag Team To Improve Data Protection https://www.eweek.com/security/cohesity-and-microsoft-data-protection/ Wed, 26 Apr 2023 19:18:49 +0000 https://www.eweek.com/?p=222176 Cohesity and Microsoft recently announced they have expanded their partnership to enhance data security, threat detection, and protection against cyberattacks using artificial intelligence. The goal is to help organizations optimize cloud usage while mitigating risks in an increasingly hybrid and multicloud world. Cohesity already offers backup services for Microsoft 365 on Amazon Web Services (AWS) […]

The post Cohesity and Microsoft Tag Team To Improve Data Protection appeared first on eWEEK.

]]>
Cohesity and Microsoft recently announced they have expanded their partnership to enhance data security, threat detection, and protection against cyberattacks using artificial intelligence. The goal is to help organizations optimize cloud usage while mitigating risks in an increasingly hybrid and multicloud world.

Cohesity already offers backup services for Microsoft 365 on Amazon Web Services (AWS) and on-prem data protection for Azure virtual machines (VMs) and Azure Stack HCI, a hyperconverged infrastructure cluster solution that hosts virtualized Windows and Linux workloads.

The expanded partnership includes new integrations to bolster IT’s defense against cyber threats and offers Cohesity services on Azure to support multicloud security initiatives.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Cohesity-Microsoft Integration Addresses Ransomware, MFA 

The first integration combines Cohesity DataProtect and Microsoft Sentinel. Both DataProtect on-premises and backup as a service (BaaS) offerings now integrate with Microsoft Sentinel, a cloud-native security information and event management (SIEM) platform that streamlines incident reporting and ransomware alerts.

The second integration with Azure Active Directory (AD) provides multi-factor authentication (MFA) and single sign-on, which allows organizations to securely manage and access Cohesity Data Cloud and Cohesity Cloud Services.

The third integration pertains to BigID and Microsoft Purview. Cohesity’s data classification service is powered by BigID, which has built an integration with Microsoft Purview. So, joint customers can benefit from actionable data intelligence for data discovery, privacy, security, and governance.

Microsoft Customers Can Use Cohesity for Backups

In addition to these integrations, Microsoft customers will have access to Cohesity Cloud Services on Azure to secure data across hybrid environments. Cohesity’s DataProtect BaaS offering now supports Microsoft 365, which means customers can back up their Microsoft 365 to a dataplane hosted on Azure. Cohesity FortKnox, a software as a service (SaaS) cyber vaulting service for predictable data recovery, will be available to Azure customers in the coming months.

Cohesity is building on its partnership with Microsoft in order to give customers access to different services across multiple cloud vendors, said Gregory Statton, Office of the CTO, Data & AI at Cohesity. Customers can use the Helios management control plane to deploy data planes in Azure and AWS, as well as manage local clusters within private data centers.

Also see: The Successful CISO: How to Build Stakeholder Trust

Cohesity is Leveraging OpenAI for Enterprise Data Insights

Cohesity vision for AI includes leveraging Microsoft’s integration with OpenAI, which is currently the most powerful language model available. While not productized, Cohesity is deploying GPT-3.5 and GPT-4 models within its own managed environment, which would help ensure that data stays under the customer’s control. According to Statton, the data does not need to be in Azure to take advantage of this functionality.

Statton shared two examples of how Cohesity could tap into Azure OpenAI to unlock novel insights from enterprise data.

First is interactive reporting using large language models. In the demo, AI models were used to generate rich executive summaries from a stream of data stored in Cohesity’s Security Center to detect potential ransomware. The AI models were easily able to break down data and list entities or VMs that have the highest affected files or anomaly strength. The model also provided recommendations on how to handle these issues, such as mass recovery or accessing insights through a security assistant chatbot.

Also see: Generative AI Companies: Top 12 Leaders

GPT Makes Data Queryable in Natural Language 

Another product highlight is a conversational interface for real-time insights. The language model was able to identify anomalous entities within Cohesity’s audit logs.

In the demo, this information was accessible to a range of users—from chief information security officers (CISOs) to practitioners—in a digestible manner. Cohesity layered a conversational interface on top of this. Users could gain a deeper understanding of what’s being generated from the logs by asking additional questions, such as “which users have interacted the most with the infected system?” The large language models generate conversational responses, based on the user’s data access permissions.

The same approach could be applied to any data stored on Cohesity. The language model understands the context and intent of users’ questions, whether they relate to documentation, workloads being protected, or data within the system. It could retrieve relevant information and provide answers to various questions, making it versatile and useful for users.

“It humanizes interactions with the system and it allows users to reduce the time to remediation or reduce the time to action by providing actionable insights,” Statton said. “That’s the power of AI language models.”

The post Cohesity and Microsoft Tag Team To Improve Data Protection appeared first on eWEEK.

]]>
Fortanix CEO Anand Kashyap on Confidential Computing https://www.eweek.com/security/fortanix-ceo-anand-kashyap-confidential-computing/ Mon, 03 Apr 2023 18:23:27 +0000 https://www.eweek.com/?p=222024 I spoke with Anand Kashyap, CEO of Fortanix, about how cloud data security is enhanced by confidential computing, which uses hardware for an extra layer of security. As you survey the cloud security challenges, what are the key trends affecting this sector in 2023? How can companies improve their cloud – and multicloud – data security? How […]

The post Fortanix CEO Anand Kashyap on Confidential Computing appeared first on eWEEK.

]]>
I spoke with Anand Kashyap, CEO of Fortanix, about how cloud data security is enhanced by confidential computing, which uses hardware for an extra layer of security.

  • As you survey the cloud security challenges, what are the key trends affecting this sector in 2023?
  • How can companies improve their cloud – and multicloud – data security?
  • How is Fortanix addressing the cloud data security needs of its clients? What’s distinct about the company’s approach?
  • The future of cloud data security? The future appears more challenging because hackers are now using AI.

Listen to the podcast:

Also available on Apple Podcasts

Watch the video:

The post Fortanix CEO Anand Kashyap on Confidential Computing appeared first on eWEEK.

]]>
NVIDIA CSO David Reber on AI and Cybersecurity https://www.eweek.com/security/nvidia-ai-and-cybersecurity/ Thu, 02 Mar 2023 20:13:22 +0000 https://www.eweek.com/?p=221985 I spoke with David Reber, CSO of Nvidia, about how the modern cybersecurity sector is defined by “AI vs. AI.” Among the topics we discussed: In the world of cybersecurity, it appears that AI is a tool used by both sides – it’s similar to an escalating arms race. Can you talk about how AI […]

The post NVIDIA CSO David Reber on AI and Cybersecurity appeared first on eWEEK.

]]>
I spoke with David Reber, CSO of Nvidia, about how the modern cybersecurity sector is defined by “AI vs. AI.”

Among the topics we discussed:

  • In the world of cybersecurity, it appears that AI is a tool used by both sides – it’s similar to an escalating arms race. Can you talk about how AI is shaping the security sector?
  • If both sides have AI, how can companies get the better hand in protecting themselves? What are your recommendations?
  • How do Nvidia’s AI offerings serve the cybersecurity sector?
  • The future of AI and cybersecurity? What do you foresee and how can companies get ready now?

Listen to the podcast:

Also available on Apple Podcasts

Watch the video:

The post NVIDIA CSO David Reber on AI and Cybersecurity appeared first on eWEEK.

]]>
IBM’s Vision for Security in the Quantum Era https://www.eweek.com/security/ibm-security-quantum-era/ Thu, 09 Feb 2023 22:52:17 +0000 https://www.eweek.com/?p=221907 Enterprise technology solutions are predicated on the knowledge that large scale businesses face continual, often evolving challenges. Most enterprise IT vendors’ offerings and services are designed to help clients successfully address existing problematic issues and digital transformation challenges. The best vendors have the foresight, skills and expertise to help enterprises effectively prepare for ever greater […]

The post IBM’s Vision for Security in the Quantum Era appeared first on eWEEK.

]]>
Enterprise technology solutions are predicated on the knowledge that large scale businesses face continual, often evolving challenges. Most enterprise IT vendors’ offerings and services are designed to help clients successfully address existing problematic issues and digital transformation challenges. The best vendors have the foresight, skills and expertise to help enterprises effectively prepare for ever greater difficulties that lie just over the horizon.

A recent report from IBM’s Institute for Business Value (IBV), Security in the Quantum Era offers insights into how this process works. The report examines the potentially catastrophic dangers posed by cybercriminals, rogue states and other bad actors that have access to quantum-level tools. It also discusses what IBM is doing to address those issues and help enterprises secure their IT assets and infrastructures against quantum cyberthreats.

For more information, also see: Digital Transformation Guide: Definition, Types & Strategy

IBM’s Security Focus for the Quantum Sector

IBM has been proactive in developing a host of advanced security offerings, including a suite of IBM Quantum Safe services that are designed to be resistant to quantum-based encryption cracking techniques. Those services are available for the IBM z16 mainframe launched last April, the industry’s first quantum-safe enterprise system.

In addition, IBM has spent years building a global team of top cryptography experts to spearhead quantum-safe schemes and preparation plans. The company contributed to developing three of the four algorithms chosen by the National Institute for Standards and Technology (NIST) for post-quantum cryptography standardization and was also a founding member of the GSMA Post-Quantum Telco Network Taskforce.

To learn more, also see: Secure Access Service Edge: Big Benefits, Big Challenges

Benefits and Dangers of Quantum Computing

The IBV report begins with a simple premise: “Quantum computing is evolving from the fantastical to the feasible.”

On the upside, emerging quantum solutions could help solve intractable problems in areas like machine learning, materials science, pharmaceutical research and process optimization. If that future comes to pass, the potential scientific, social and business benefits are enormous and well worth pursuing.

However, like any technology, quantum tools can be leveraged for good or ill. Regarding that danger, the IBV report notes that in the wrong hands “quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions.”

As a result, commonplace trusted data encryption mechanisms such as RSA and ECC public-key cryptography (PKC) could be vulnerable, endangering organizations’ information and financial assets.

As the World Economic Forum stated last August, “Considering that the digital economy is estimated to be worth $20.8 trillion by 2025, the repercussions could be staggering.”

Another factor in this scenario is the long-term value of many forms of information, including data related to national security, business strategy, intellectual property, public infrastructure, medical records and product development. The IBV report suggests that those assets are potentially already subject to exfiltration in so-called “harvest now, decrypt later” attacks, with the intention of monetizing data once quantum decryption solutions are viable.

For organizations ranging from large enterprises to government agencies and entities to public utilities to telecommunications providers, preparing for future cyber-attacks backed with quantum-level cryptographic tools is vitally important.

Building “Quantum-Safe” Cryptography Solutions

What does the IBV report suggest enterprises should do to address these dangers?

  • Prepare for potential quantum threats by educating teams on quantum-safe cryptography and demonstrate how businesses can identify achievable near and long-term cryptographic goals.
  • Discover potential vulnerabilities by using quantum-safe cryptographic assessments, including how to develop and deploy a successful ecosystem for a common approach to data governance.
  • Transform business operations by performing analyses that can spot cryptographic dependencies between business-critical systems, thus leaving data vulnerable.
  • Observe the threat landscape by developing a dashboard to promote visibility and assessment.

Final Analysis

IBM’s work in quantum-safe offerings and services, along with its continuing investments in advanced security development, show the company doing what it does best. While many enterprise IT vendors tend to compartmentalize product teams and creation, IBM is highly focused on integrating software, infrastructure, data analytics and AI into workable new business solutions and services. Those are crucial to the thousands of enterprises that look to the company for help solving existing business-critical problems.

Just as importantly, IBM’s pursuit of next generation technologies is designed to explore new business opportunities and concerns. The company has been a leading light in commercial quantum system development. It seems likely that the insights it gleaned along the way were foundational to the Quantum-Safe services available with the new generation IBM z16.

The conclusions offered in the IBV’s new Security in the Quantum Era report suggest that the company is acting as it has so often in the past. In essence, IBM is using its considerable investments, insights and inventions to help enterprise customers understand, prepare for and successfully weather future changes and challenges.

The post IBM’s Vision for Security in the Quantum Era appeared first on eWEEK.

]]>
DigiCert Rolls Out Trust Lifecycle Manager https://www.eweek.com/security/digicert-rolls-out-trust-lifecycle-manager/ Wed, 18 Jan 2023 20:04:38 +0000 https://www.eweek.com/?p=221834 DigiCert this week launched a comprehensive digital trust solution that unifies certificate authority (CA), certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager, now available as part of the DigiCert ONE platform, is a major product launch that was years in the making. DigiCert is well known for helping companies implement digital trust […]

The post DigiCert Rolls Out Trust Lifecycle Manager appeared first on eWEEK.

]]>
DigiCert this week launched a comprehensive digital trust solution that unifies certificate authority (CA), certificate management and public key infrastructure (PKI) services. Trust Lifecycle Manager, now available as part of the DigiCert ONE platform, is a major product launch that was years in the making.

DigiCert is well known for helping companies implement digital trust across the enterprise. DigiCert ONE is a modular platform that can be deployed individually or as part of a suite, either on-premises, in the cloud, or in a hybrid environment. Using the platform, companies can issue millions of certificates on devices and servers to sign software for user authentication with digital identities attached to them.

Also see: The Successful CISO: How to Build Stakeholder Trust

Endpoints Drive Need for Digital Trust

With the rise of connected devices and cloud deployments, the network perimeter has expanded. For IT operations, this means greater complexity and risk. For identity and access management (IAM) administrators, the authentication needs are increasing. For software development and IT operations (DevOps), security operations (SecOps), and operational technology (OT) teams, the attack surface is expanding.

That’s where Trust Lifecycle Manager comes in. It brings together certificate lifecycle management and PKI services. It also tightly integrates with public trust issuance. On the certificate management front, the solution provides:

  • Discovery (centralized repository of all public and private certificates)
  • Management and notifications (prevents expired certificates)
  • Automation (one-touch provisioning and renewal)
  • Integration (governance across CAs, or specific vendor Certificate Authority)

Multiple Deployment Options For Trust Lifecycle Manager

On the PKI services front, Trust Lifecycle Manager oversees identity and authentication of users, servers, devices, and other IT resources. DigiCert offers three deployment options.

The first one is PKI as a service, where DigiCert manages customers’ public or private PKI. The second one is on-prem for those who have more complex environments. The third one is in the customer cloud. Approximately 50 percent of customers are deploying PKI as a service, 30 percent in the cloud, and the remainder on-prem.

“We’re seeing a pivot in the industry, where instead of looking at siloed areas, organizations are starting to look across them and see how trust can be managed and measured throughout the organization,” said Brian Trzupek, senior vice president of product at DigiCert. “All the previous announcements and the infrastructure work we’ve done is leading up to DigiCert being able to execute on this launch.”

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Digital Trust Is Challenging To Deploy With Point Products

When thinking about the building blocks of digital trust, standards that help create trust in the ecosystem are at the core. Creating digital trust is a complicated process involving several key steps that can be visualized as a pyramid, explained Trzupek.

At the base of the pyramid is defining trust through industry and technology standards. “This is where our leadership in the standards bodies that we participate in is so crucial. We’re the voice of the customer in those bodies. We’re taking their concerns, requests, and challenges into consideration,” said Trzupek.

Moving up the pyramid is establishing trust through compliance and operations. DigiCert operates global data centers in six regions with service-level agreements (SLAs) for high availability. “This gives us extraordinarily high availability as a company. We operate data centers under a compliance regime that’s managed by 25 annual audits to ensure that we can deliver trust in those regions,” said Trzupek.

Toward the top of the pyramid is managing trust for public and private PKI in the enterprise, which includes certificate lifecycle management. At the very top of the pyramid is extending trust even further into connected trust ecosystems—essentially everything beyond the perimeter like devices, software, identity, and content.

Although certificate lifecycle management solutions have been on the market for a while, what differentiates DigiCert from competitors is its PKI service provider roots and ability to offer a full-stack solution that combines private and public trust with CA-agnostic certificate lifecycle management.

DigiCert’s PKI Services draw from its rich history in PKI management, simplifying the complexity involved in managing identity and access with pre-built and customizable templates, deep integration and automated provisioning.

DigiCert Is Shifting From Product To Platform

Additionally, DigiCert has more than 100 integrations with third-party vendors, offered out of the box with Trust Lifecycle Manager. DigiCert is opening up application programming interfaces (APIs) to third-party vendors, so they can do this work on their own. According to Trzupek, this gives DigiCert the scale to help more customers.

DigiCert is actively adding support for management of other CAs beginning with Microsoft CA in Q1 and extending to other public and private CAs in subsequent quarters. With these expansions, DigiCert customers will be able to manage any certificate from any CA. Customers can already work with multiple CAs when building their certificate inventory with Trust Lifecycle Manager’s discovery features.

“This opens up a whole new market for us. Previously, we had to sell to customers who are only using DigiCert CA services,” said Trzupek. “We’ve created an entire integration API and surface layer through this product, which third parties can extend and add functionality to it as they see fit. That’s a game changer.”

The post DigiCert Rolls Out Trust Lifecycle Manager appeared first on eWEEK.

]]>
Tech Predictions for 2023: AI, Cloud, Edge, Cybersecurity, and More https://www.eweek.com/enterprise-apps/tech-predictions-for-2023-ai-cloud-edge/ Mon, 02 Jan 2023 16:39:24 +0000 https://www.eweek.com/?p=221789 So you think you can predict the course of technology in the year ahead? Really? I have my doubts. In the many years I’ve covered enterprise tech, I’ve never looked ahead and seen such a rapidly shifting landscape. As the pace of innovation leaps ahead, the leading sub-sectors of IT have become increasingly complex: Artificial […]

The post Tech Predictions for 2023: AI, Cloud, Edge, Cybersecurity, and More appeared first on eWEEK.

]]>
So you think you can predict the course of technology in the year ahead?

Really? I have my doubts. In the many years I’ve covered enterprise tech, I’ve never looked ahead and seen such a rapidly shifting landscape. As the pace of innovation leaps ahead, the leading sub-sectors of IT have become increasingly complex:

  • Artificial intelligence: The stunning debut of ChatGPT in November put us on notice: AI is growing exponentially, offering a toolset (for free!) that would’ve been sci-fi not that long ago.
  • Cloud has become the foundation of tech, but never has a foundation continued to evolve so fundamentally. Cloud is now very much multi-cloud. So customers benefit from the vast potential of combining the top hyperscalers – which is equaled only by the frustrating management and cost concerns.
  • Edge computing exploded in 2022; I can hardly count the executives I’ve spoken with recently who see it as a new leading focus. The Internet of Thing’s immersive computing environment is creating a data-rich infrastructure that supports commerce and collaboration and, eventually, the metaverse.
  • Data analytics – the engine that drives decision making – has forked into an array of mushrooming sub-sectors, from predictive analytics to data visualization to real time data mining. No longer a separate discipline, analytics is being built into ever more applications as a core element. I hope you like the mining of metrics for insight, because it’s becoming omnipresent.

Given tech’s furious pace of change, I see only one “safe” prediction: the revenue for tech will continue to spiral skyward at vertiginous rates.

Cloud, for instance, is growing at a robust 14.4 percent CAGR. It’s forecast to expand from its 2022 total of $483 billion to a cool $1.5 trillion in 2030. And that growth rate is downright modest compared with AI, which is forecast to increase at a rip-roaring 38 percent CAGR, leaping from 2021’s $147 million to $1.6 trillion in 2030.

By the way, that’s the first time I’ve used the phrase “rip-roaring” in a sentence about IT. Fitting that it would be about AI. There’s gold in them hills – as there is throughout the enterprise IT sector.

Tech Predictions 2023 and Beyond

Fortunately, my reluctance to predict the course of tech is not shared by executives across the enterprise IT industry. The thought leaders below offer their forecast for the sectors that will shape the enterprise in 2023 and beyond.

DIGITAL TRANSFORMATION

Ayman Sayed, Chief Executive Officer, BMC Software

Six Trends to Watch

As companies continue to evolve their remote work workforce and decentralized IT operations, it will be important that the organizations supporting them have products that align to their needs and their new operating models. In 2023, there are six key macrotrends to watch.

  • First, the Future of Work, the way we work has changed forever. If there is one thing we learned from the pandemic, it’s where and how we work is constantly evolving. And technology will continue to be key to enabling this flexibility.
  • Economic Growth Shifts: the turbulence of the financial markets feels normal now. The nations driving global growth are shifting, and geopolitical challenges have altered how business is conducted. Predicting market shifts and finding ways to succeed takes incredible amount of data analytics and insights, and this will only grow in the year ahead.
  • Supply Chains, including procurement, manufacturing, distribution, inventory and last-mile delivery, have changed in ways where data and insights are critical. For many, there is incredible pressure to ensure that supply chain changes can be absorbed to shield customer and employee expectations.
  • Cybersecurity: This is not only the job of a CSO any longer, cybersecurity is everybody’s job. Yet this needs to be done in a way that does not create friction or slow businesses down.
  • The Value of Data: Statista reports that every person creates 97 zettabytes of data by the end of this calendar year. That is 21 zeros after 97 bytes of data. This creates immense opportunity if we can capture, analyze, and apply it for better business results.
  • The socially responsible organization creates an opportunity and expectation for each of us to make the right decisions and collectively impact climate change, diversity, and inclusion, to make the world a better place. Because doing good in the world is good for businesses.

Shiva Nathan, Founder & CEO, Onymos

Metaverse technologies will remain just hype, while digital transformation technologies trends higher

While there might be flashes of jazzy product introductions around metaverse technologies, there will not be any mass adoption or game-changing impact in 2023 stemming from metaverse. These technologies will remain just hype for the foreseeable future until more and more enterprises gain a better understanding of this space and its impact.

Technologies accelerating digital transformation, with a focus on cost reduction, will gain steam in 2023. The digital transformation trend that started during the Covid pandemic will only continue to accelerate as enterprises look for new ways to extract efficiencies in systems and processes.

Ian van Reenen, CTO, 1E

IT sustainability and cost reduction

As remote work remains a constant heading into 2023, we’ll see more discussion around IT sustainability in terms of how to reduce IT costs as more employees opt to work from home, and how this can also have a more positive impact on the environment.

Around 70% of the carbon footprint of a laptop comes from the manufacturing process, so a tangible action organizations can take to become more cost-effective and sustainable is to evaluate how they can extend the life cycle of their laptops and other devices. A key question for leaders to ask is how their organizations can more efficiently reuse, repurpose, and refresh IT equipment.

AI and DATA

Srinivasan Venkatesan, Executive Vice President, U.S. Omni Tech, Walmart Global Tech 

A significant expansion beyond robotics to intelligent automation

Over the last several decades, the value of automation has largely been derived from using robotics to replicate human actions and eliminate laborious, repetitive tasks. This coming year, I predict we’ll witness a significant expansion beyond robotics to intelligent automation, which uses artificial intelligence and analysis to carry out data-driven tasks with very little human interaction. This enablement shifts reliance off humans and onto technology, so workers can focus their attention on other areas of the business.

As more businesses adopt this newer structure, they’ll find greater efficiencies in everyday tasks across their organization. Imagine streamlining hundreds of processes and decisions—everything from prioritizing employee work tasks, to determining the products stocked on shelves, to automating customer contact—with the push of a button. The possibilities and opportunities are endless for optimizing workflows and reducing costs.

Charlie Boyle, Vice President, NVIDIA DGX Systems

Enterprises will seek out AI solutions that can deliver on objectives

In 2023, inefficient, x86-based legacy computing architectures that can’t support parallel processing will give way to accelerated computing solutions that deliver the computational performance, scale and efficiency needed to build language models, recommenders and more.

Amid economic headwinds, enterprises will seek out AI solutions that can deliver on objectives, while streamlining IT costs and boosting efficiency. New platforms that use software to integrate workflows across infrastructure will deliver computing performance breakthroughs — with lower total cost of ownership, reduced carbon footprint and faster return on investment on transformative AI projects — displacing more wasteful, older architectures.

Ashok Srivastava, Senior Vice President & Chief Data Officer, Intuit

AI will completely transform security, risk and fraud

We’re seeing AI and powerful data capabilities redefine the security models and capabilities for companies. Security practitioners and the industry as a whole will have much better tools and much faster information at their disposal, and they should be able to isolate security risks with much greater precision. They’ll also be using more marketing-like techniques to understand anomalous behavior and bad actions.

In due time, we may very well see parties using AI to infiltrate systems, attempt to take over software assets through ransomware and take advantage of the cryptocurrency markets.

Quentin Clark, Managing Director, venture capital firm General Catalyst

Personalization will shape the employee experience

Personalization has become a Holy Grail for both businesses and consumers looking to build loyalty. Next year, such personalization will become more widespread in the workplace (individualized benefits, rewards, on-boarding, training plans).

Employees essentially are consumers, and they will increasingly expect the same personalization they’re used to in everyday life entering the workplace. At a time when recruitment remains challenging and businesses are preparing for slower growth rates, personalization can help companies do more with less and ensure talent stability.

Leonid Belkind, Co-founder and CTO, Torq 

Security automation’s proactive footprint continues expanding

Rather than focusing on retroactively building workflows and processes based on historic attacks, security automation deployments will shift to a proactive approach to help prevent attacks before they happen.

Part of this involves security teams harnessing early threat intelligence signals and building defenses against them into their workflows and processes. The result will be a comprehensive new offensive-capacity framework that combines the entirety of the security stack into the most powerful protection approach to date.

From Kuldeep Jiwani, SVP of Data Science, HiLabs

AI and ML systems must work in real time

Healthcare AI will soon move from a reactive to a proactive state. For this to happen, AI and ML systems will have to work in real time. This can be achieved in a couple ways:

  • One way to realize proactive, or predictive AI, is to have a closed loop MLOps-based system where ML model training happens in the background to generate models that are only applied on live, real time data. The quality of prediction is observed and if it degrades, then an automated closed loop is triggered that retrains the data to generate a new model and puts the newer version back into a streaming prediction pipeline.
  • Another way to achieve proactive AI is to implement a continuous learning framework where the same model learns from its mistakes and auto-corrects itself over time.

Evangelos Hytopoulos, Sr. Director of Data Science at iRhythm 

AI approaches will be based on the use of self-supervised and generative AI algorithms

The majority of AI models today are based on supervised learning, where labels are combined with measurements to teach an algorithm to predict unseen data. However, it takes a lot of effort to create a labeled data set and as a result, usually only a subset of the data can be labeled – thus limiting the learning capacity of the current models.

In upcoming years, we can expect to see AI approaches that are based on the use of self-supervised and generative AI algorithms in order to facilitate the incorporation of a larger volume of data in model training.

Supervised learning is capable of learning important features of the underlying measurements that are a richer representation of the data. The advantage of generative algorithms is the creation of synthetic data – labels coming from a different signal domain and the important features are learned from the domain of interest. In both cases, proper validation will be required to prove the validity of the algorithms and the lack of any bias in its predictions.

Mohan Kompella, VP of Product Marketing, BigPanda

Automation, AIOps and the recession

Very similar to what we saw at the start of the pandemic, the 2023 recession environment will force organizations to figure out how to scale through technology like automation and AIOps and not through headcount.

As companies implement hiring freezes and are forced to work with flat budgets, in addition to cutting staff, companies must identify ways to support existing employees and create a less stressful work environment for their IT, SRE and DevOps teams to avoid employee burnout. Effective, automated solutions that address these challenges will become a must-have.

Steven Mih, Co-founder and CEO, Ahana

Industry accepted open lakehouse stacks will emerge

As the market further chooses open options for table formats, compute engines and interfaces, the Lakehouse version of the LAMP stack will emerge. Linux Foundation and Apache Software Foundation projects will constitute those components.

CLOUD COMPUTING

Liz Centoni, Chief Strategy Officer and GM of Applications, Cisco

Multi-Cloud Realignment

As deglobalization and issues around data sovereignty accelerate, in the year ahead we will see a discernible shift in how companies leverage multicloud architectures. While 89% of enterprises are adopting a multicloud strategy for a variety of reasons (geopolitical, technical, provider diversification), the benefits come from additional complexity in connecting, securing, and observing a multicloud environment.

We will see a big move toward new multicloud frameworks such as Sovereign Clouds, Local Zone Clouds, Zero-Carbon Clouds, and other novel cloud offerings. This will create a path toward more private and edge cloud applications and services ushering in a new multicloud operating model.

John Engates, Field CTO, Cloudflare

The cloud takes on compliance

Complying with the patchwork of recently passed global privacy and data regulation has become a nightmare for corporate IT teams. In 2023, cloud services will finally take the burden of compliance off of these teams and automatically determine where data can be legally stored and processed.

We believe the majority of cloud services will soon come with compliance features built in. The cloud itself should take the compliance burden off companies. Developers shouldn’t be required to know exactly how and where their data can be legally stored or processed. The burden of compliance should largely be handled by the cloud services and tools developers are building with.

Networking services should route traffic efficiently and securely while complying with all data sovereignty laws. Storage services should inherently comply with data residency regulations. And processing should adhere to relevant data localization standards.

Patrick Bossman, Product Manager, MariaDB

Availability will be the key to winning in 2023

One thing we have learned in recent years is outages can be crippling for business. In 2023, availability will be the secret sauce differentiating the winners from the losers. Companies need to avoid lock in and have the flexibility to scale. By diversifying cloud environments, companies will minimize the impact of outages on their ability to continue operations.

Andy Glassley, Director of Innovation, Core BTS

A concerted effort to modernize the cloud

Over the last decade, we have seen a huge spike in businesses moving to the cloud. Gone are the days where on-premises infrastructure could fully accommodate the ever-changing technologies businesses needed to stay competitive. We are now in the age of the Cloud Revolution that better enables application modernization through rehosting, refactoring, re-platforming, and more.

In 2023, we’ll continue to see organizations migrate to the cloud, but we’ll also see a concerted effort to modernize the cloud. Organizations will look to do more with their existing cloud investments and innovate through cloud-native applications, hybrid applications, and modern data foundations.

Haoyuan Li, Founder and CEO, Alluxio

Cloud adoption becomes heavily influenced by cost optimization

Cloud adoption is being influenced by a greater focus on cost optimization in 2023. Even though the public cloud has catalyzed the growth of countless companies, the global economic uncertainties will drive large organizations with data-intensive workloads to recalibrate their cloud strategies with a higher emphasis on cost optimization, such as reducing egress costs.

The focus will be on the ROI and TCO of their infrastructure, either in the cloud, on-premises, or both.

Cassius Rhue, VP, Customer Experience, SIOS Technology

Cloud  migration and repatriation will continue and bring new demand

Many companies fast tracked their cloud adoption journey due to world-changing events in the last few years and traded on-prem data centers for the cloud. This cloud migration will continue, and at the same time, many companies will realize that migration itself was not a one size fit all solution nor a panacea for issues of  ‘application’ availability.

The need for high availability of stateful applications in the cloud will prompt companies to use clustering software. Repatriated systems will leverage solutions the minimize churn, and the need for multiple application availability vendors.

Amit Rathi, VP of Engineering, Virtana

Cloud cost management will give companies the upper hand

Cost and resource optimization is going to be key for 2023. Considering the potential economic uncertainty, most companies want to have detailed insights into cloud spend and the ability to control the spend and optimize its resource utilization. Driven by the digital transformation over the last few years, companies have adopted multiple clouds based on their individual business needs.

As a result, most companies have very little insight about spend, the correlation with business applications and potential cost savings possibilities. As organizations start to drive toward a cloud adoption maturity that is coupled with business pressure on reduced spend, the companies that have a proactive approach will have a significant upper hand in dealing with uncertainty.

EDGE COMPUTING

Bjorn Andersson, Senior Director of Global Digital Innovation Marketing and Strategy, Hitachi Vantara

Private 5G will collect more data at the edge than ever before

The use of private 5G networks in industrial settings, such as manufacturing where sensors and robotics are heavily used, will begin delivering on the promises of device connectivity, machine reconfigurability and real-time data analysis.

Increased use of private 5G will enable troves of new connected devices, collecting more data at the edge than ever before, in addition to a broader adoption of IIoT-enabled solutions in 2023.

Rafael Umann, CEO of Azion

Edge developers will embrace open standards and frameworks

Developers who create apps through platforms that don’t offer easy portability will have little recourse if those platforms decide to increase prices or make other significant changes. Vendor lock-in is unacceptable for companies that must carefully plan their budgets.

As a result, in 2023, expect a strong focus on ensuring that edge web apps rely on open standards and frameworks. This focus will increase interest in WebAssembly, Jamstack, and other technologies not tied to a specific provider. Building apps using these technologies allows developers to shift from platform to platform as needed to optimize cost and performance.

Kris Beevers, Co-Founder and CEO, NS1

Hyperspecific ML and AI will catalyze edge adoption

In the near future, AI and machine learning (ML) models will become hyper-personalized. Each model will be optimized for a specific person, location, or application, accounting for their particular needs and idiosyncrasies.

Creating these models will require processing and deploying massive data sets, on a far greater scale than a central data lake could hope to handle. As a result, expect to see edge infrastructure become critical as a way to make the creation and storage of these models more sustainable at scale.

Nima Negahban, CEO and Cofounder, Kinetica

Enterprises treat their data spatial in 2023

The cost of sensors and devices capable of broadcasting their longitude and latitude as they move through time and space is falling rapidly with commensurate proliferation. By 2025, projections suggest 40% of all connected IoT devices will be capable of sharing their location, up from 10% in 2020.

Spatial thinking will help innovators optimize existing operations and drive long-promised digital transformation in smart cities, connected cars, transparent supply chains, proximity marketing, new energy management techniques, and more.

Tenry Fu, Co-Founder and CEO, Spectro Cloud

Edge burns white-hot

Kubernetes may have gained popularity as the operating system for the data center, but its real value may prove to be at the edge, where its portable and resilient application workloads can power an almost infinite variety of digital business processes and customer experiences.

Our research has found that 35% of production Kubernetes users are already running Kubernetes at the edge, and many many more plan to do so in the next 12 months. The use cases are incredibly varied, from fruit-picking drones to AI on MRI machines, and many of them have the potential to drive revenue and competitive differentiation for the companies that get them right.

But the challenges are equally immense, from manageability to security. The year 2023 is the tipping point, when the challenges get hit head-on, and edge truly goes mainstream.

CYBERSECURITY

Nick Landers, VP of Research, NetSPI

An emphasis on machine learning security, threats, and vulnerabilities

Machine learning is already deployed in numerous technologies, especially those concerned with security — for example email filters, security information and event management (SIEM) dashboards, and endpoint detection and response (EDR) products.

If you thought you could delay ML security conversations, think again. There is a growing group of security researchers focused on Adversarial ML, which includes both attacks on models themselves (inversion, extraction, cloning, etc) and the use of ML in network attacks and social engineering. In the upcoming year, we’ll see a growing list of vulnerabilities being published for ML-integrated systems.

Shash Anand, SVP of Product Strategy, SOTI

The growth of Zero Trust

Zero Trust is a mindset; don’t trust anyone or anything that wants to access data or join a network without verifying credentials. While to some it may perceive that this leads to loss of productivity because it may take longer, proving who you are is important for security purposes. Companies must have the right tools to offer single sign-on and validation based on multiple factors of authentication.

We can expect Zero Trust to improve mobile security because it ensures only authenticated users get access.

Jacob DePriest, VP, Deputy CSO, GitHub 

Cybersecurity transparency will be hailed as a strength

While organizations are improving how they detect and defend against cyberattacks, they must also evolve the way they communicate about them. We’ve seen a fair number of breach disclosures this year, and next year will be no different.

However, we’ll see more organizations lean further into transparency as a means to strengthen trust around their business. More security leaders will focus on building an environment where the security team is an empowered, trusted partner to the business. It’s important to prioritize open, transparent communications around security incidents to build trust with both internal and external stakeholders.

As a natural result, the internal bar for privacy and data protection will rise and the threshold for external sharing of security incidents will lower.

Tal Dagan, Chief Product Officer, Atera

Security concerns = number one priority for IT leaders

Companies are focusing more on cybersecurity and looking for solutions to make their devices less vulnerable. We expect more IT departments to implement IT monitoring solutions as organizations become more demanding of the quality of service and much more fearful of increasing cyber-attacks.

Adam Koblentz, Field CTO, RevealSecurity

Behavior-based analytical detection will be required

Many incidents in 2022 have shown us that 2-factor authentication is not enough to prevent breaches, APTs (Advance Persistent Threats). Criminal organizations are seeing 2-Factor Authentication as a mere hurdle, not a blocker.

In 2023, companies will need to assume compromise and act to detect it with increased speed and ease (which can only be done via automation). Companies will not use detection tools that are too noisy or inaccurate as they are too much of a burden on the team. Behavior-based analytical detection will be required to handle the threats facing organizations.

The post Tech Predictions for 2023: AI, Cloud, Edge, Cybersecurity, and More appeared first on eWEEK.

]]>
Cynet’s George Tubin on XDR Cybersecurity https://www.eweek.com/security/cynet-xdr-cybersecurity/ Sun, 20 Nov 2022 19:53:11 +0000 https://www.eweek.com/?p=221621 I spoke with George Tubin, Director of Product Strategy at Cynet, about why XDR has so many definitions – and why this emerging security technology has great potential. Among the topics we discussed:  Let’s talk about XDR in the cybersecurity market. What is it, and why is it a growing solution? As you survey the […]

The post Cynet’s George Tubin on XDR Cybersecurity appeared first on eWEEK.

]]>
I spoke with George Tubin, Director of Product Strategy at Cynet, about why XDR has so many definitions – and why this emerging security technology has great potential.

Among the topics we discussed: 

  • Let’s talk about XDR in the cybersecurity market. What is it, and why is it a growing solution?
  • As you survey the XDR market, what forces are driving the market?
  • How is Cynet addressing the security needs of its clients?
  • The future of XDR and cybersecurity? What are some significant developments we can expect in the years ahead?

The post Cynet’s George Tubin on XDR Cybersecurity appeared first on eWEEK.

]]>
Understanding the Business Costs of Phishing Attacks https://www.eweek.com/security/business-costs-of-phishing-attacks/ Wed, 16 Nov 2022 21:33:01 +0000 https://www.eweek.com/?p=221594 Phishing attacks—where hackers try to collect personal information using deceptive emails and links—continue to impact organizations of all sizes. It’s been well documented that phishing as an attack vector has exploded over the past several years. SlashNext reported that over the first six months of 2022, there were over 255M attacks, a 61% increase in […]

The post Understanding the Business Costs of Phishing Attacks appeared first on eWEEK.

]]>
Phishing attacks—where hackers try to collect personal information using deceptive emails and links—continue to impact organizations of all sizes.

It’s been well documented that phishing as an attack vector has exploded over the past several years. SlashNext reported that over the first six months of 2022, there were over 255M attacks, a 61% increase in the rate of phishing attacks compared to 2021.

What is often overlooked is the total cost to a business. Such attacks require a great deal of time and energy from IT and security teams, which, on average, spend approximately 28 minutes dealing with a single phishing email at a cost of about $31 per message.

The findings come from a new report conducted by IRONSCALES and Osterman Research, surveying 252 IT and security professionals in the U.S. The report, The Business Cost of Phishing, uncovered that IT and security teams typically spend one-third of their time handling phishing threats weekly. For 70 percent of organizations, dealing with a single phishing email takes 16 to 60 minutes.

Also see: The Successful CISO: How to Build Stakeholder Trust

Dealing with Phishing: Like Finding a Needle in a Haystack

As the attack occurs, IT is looking for the message and reading the headers on the message, explained Ian Thomas, VP of product marketing at IRONSCALES. “If there’s an attachment, they’re running it through a sandbox to see if it’s malicious. Once IT realizes phishing is involved, they look for it in other mailboxes—potentially hundreds of mailboxes. When they find it, all the messages have to be pulled out. This requires a lot of investigating and takes roughly a half hour every single time.”

In addition to spending a lot of time on phishing-related activities, organizations have to pay a higher salary to every IT or security professional that handles phishing. According to the data, an organization with five IT and security professionals is currently paying $228,630 in annual salary and benefits to handle phishing. An organization with 10 IT and security professionals is paying $457,260 per year, and an organization with 25 IT and security professionals is currently paying $1,143,150 per year.

Phishing Attacks: Increasingly Challenging

Phishing is an increasingly sophisticated form of cyberattack that’s becoming more prevalent and better at evading detection. Most of the IT and security professionals surveyed in the report expect the volume of phishing attacks to increase over the next 12 months. As the attacks become more complex and damaging, organizations will spend more time and money on mitigating them.

Eighty percent of organizations feel the dynamics of phishing have worsened or remained the same over the past year. These dynamics include the number of phishing attacks, their sophistication, and their ability to bypass current detection mechanisms.

For example, hackers are using adaptive techniques or polymorphic attacks that slightly alter each phishing message, which decreases the likelihood of a message being flagged as a phishing scam.

Also see: Secure Access Service Edge: Big Benefits, Big Challenges

Targeting Vulnerable End Users

The most common way phishing attacks are carried out is by tricking an email recipient into believing that the message they received is from a trusted source, such as a bank, a friend, or a fellow employee.

Hackers can obtain account credentials from earlier phishing messages or purchase the credentials on the dark web. The messages are sent from an organization’s own email infrastructure, which means they are likely to bypass detection.

Any messaging platform where two-way communication takes place is now a target for phishing attacks, said Thomas. Social media platforms like Facebook, LinkedIn, and Instagram are the most common ones, but Webex and Zoom users are also at risk. Hackers with employee credentials can take over a legitimate account and disguise themselves as the account holder to contacts, who receive phishing links and attachments directly in these apps.

Also see: Best Website Scanners 

Social Media in the Crosshairs

The report identified a worrying trend, where phishing attacks are spreading beyond email. According to the respondents, they’re seeing phishing attacks in messaging apps like:

  • WhatsApp, Telegram, and Snapchat (57%)
  • Cloud-based file sharing platforms like Dropbox and Google Drive (50%)
  • Text messaging services (49%)
  • Social media and direct messages (44%)
  • Video conferencing platforms like Zoom, Webex, and Google Meet (43%)
  • Collaboration platforms like Microsoft Teams and Slack (40%)

The number of phishing attacks is only expected to grow over the next 12 months. Therefore, organizations should prepare by revamping their cybersecurity tactics to include more robust solutions that can detect and stop phishing attacks—even advanced polymorphic and nested threats—and safeguard their communication and collaboration apps, not just email.

In the report, IRONSCALES recommends creating awareness among employees through surveys and training materials, so they can identify phishing scams. Organizations can use phishing simulation and training exercises to help employees understand various phishing techniques. For organizations that have a bring your own device (BYOD) policy, it should be revised to include guidance on text-based phishing scams.

IRONSCALES also recommends using the principle of least privilege access to reduce the attack surface. Even if an employee’s account gets compromised, their access will be restricted only to their job functions and duties. Taking these important steps can help organizations educate their employees and mitigate potential attacks.

The post Understanding the Business Costs of Phishing Attacks appeared first on eWEEK.

]]>