Monday, 7 December 2015
Wednesday, 25 November 2015
Wednesday, 18 November 2015
Thursday, 5 November 2015
03:00 Augmented and virtual reality, big data analytics, cloud, Digital Transformation, Internet of Things, mobility, security, unified communications, Web Summit 2015 No comments
Grown from the 400 attendees five years back to the current 22000 tech enthusiasts, the Web Summit 2015 continues to deliver innovative ideas and fascinating thoughts to the tech world gathered at the bustling RDS venue, Dublin.
Cars and technology took the center stage on day 2. Augmented reality, Virtual Reality, Drones, and Wearables were also some of the key highlight topics that seized the audience attention on day 2. Check out some of the most interesting tech talks from day 2 at Dublin. Ford chief executive Bill Ford, pointed out the promising intersection between cars – an industry that has been “revolution- resistant for a hundred years” - and technology. He added that Ford is redefining itself as a “mobility company” with an interest in autonomous driving, net-connected cars along with data collection and analytics. Sean Rad of Tinder, the CEO of location- based dating app highlighted about the data that drives it and the future of the platform. On a lighter note, he added that the Irish user base was extremely active on the app.
The most exciting part of day 2 was the live demonstration of a drone that flew into the center stage by Randy Braun of DJI- a World Leader in Camera Drones/Quadcopters. The tech enthusiasts including me curiously heard that DJI along with Humanitarian UAV Network uses their drones or Unmanned Aerial Vehicles UAV’s for a wide range of humanitarian and development settings. Google showcased its famous virtual reality platform ‘Google Cardboard’, basically a cardboard case for smartphones that works in conjunction with compatible apps for projecting 3D images or videos. The wonders of the virtual reality did not ended with Google’s Cardboard. Columbian company Protesis Avanzadas showcased a 3D robotic prosthetic hand, an affordable multifunctional prosthetic hand that can replicate many of the grip patterns of the human hand, in the summit center stage. The Head of Adtech at Facebook, Dave Jakubowski took to the Marketing Summit- the state of the industry, FOMO (Fear of Missing Out) in the digital age.
All the tech talks surrounding Virtual Reality, Augmented Reality and Machine Learning reminds us that we are swiftly moving into an age of transformation, where the bridge between the digital and the real world slowly blurs out. All these technology advancements also hold the great potential to redefine the existing business models. As a part of a digital transformation company Happiest Minds, which is strongly focused on the new age disrupting technologies including IoT, Big Data, M2M Learning, Cloud and Mobility, I strongly feel that very interesting days are coming ahead in terms of technology as well as the customer experience.
Anticipating more exciting and insightful talks and demos from the Web Summit 2015 stage, on the closing day, 5th of November. Stay tuned.
Wednesday, 30 September 2015
02:45 access controls, could, could Computing., Data Security, Identity Management, security No comments
How to Protect Your Data from Third-Party Breaches
The December 2013 Target data breach that compromised the credit card information of 40 million customers was the first of many wake-up calls to organizations, bringing home the damage a company can sustain when a partner’s systems are hacked. As the whole world now knows, the HVAC supplier had access to more of Target’s systems than was needed or intended, and hackers infiltrated Target’s network through the partner’s own vulnerable solution.
Sadly, Target is not the lone case. More recently, 15,000 Boston Medical Center patients’ personal information and the payment card details of 868,000 Good will customers were compromised through data breaches at vendor companies with access to the organizations’ systems. In fact, a recent PwC study found the biggest challenge to security today is from internal sources – employees and partners – not external threats.
Vendors often need remote access to maintain your internal systems, but they may not be as stringent about security processes as your chief security officer, CIO, or IT team. For example, partners’ systems may use software that a developer no longer supports, and is hence, vulnerable. Even worse, they may use the same administrative passwords across every customers’ systems.
All this translates into the need for a far more comprehensive information security risk management strategy — one that not only oversees your data, but also third-party access rights, the robustness of network defenses, and more.
Here are some best practices to help protect your network from third-party data breaches:
Be aware of what your vendors can remotely access. Understand what kind of data and which systems your vendors can access, and the levels of access they enjoy. Can they retrieve any critical data they do not need for their work? Or do they have access only to the resources necessary to perform their jobs? This is of particular importance when you work with infrastructure management partners, for instance, because these have privileged access that could pose a significant threat if not properly secured. Provide access to data and systems only on a need to know basis.
Standardize remote access methodologies. The proliferation of available remote access methodologies (WebEx, web conferencing tools, and virtual private networks, for example) makes it difficult to monitor and manage access controls. Simplify this and better manage connections made to your network by defining the specific methodologies you will allow.
Use stronger authentication. Insist that vendors who must access your environment use two-factor authentication and institute well-defined access control processes.
Segment your network behind firewalls. It is advisable to allow vendors access only to a specific segment of the network, with this segment being firewalled from others. Network segmentation can limit the damage from a third-party data breach. To make this even more effective, provide dedicated systems for vendors, so they do not use their systems to connect to your network.
Monitor network defenses frequently. Frequently audit access controls and security policies to identify potential security gaps that can be plugged before a breach occurs. Real-time analyses allow your IT department to see what is being accessed by whom and why, as your vendors connect to your network. This helps proactively identify any problematic activity.
Hold vendors to the same security standards you hold yourself. However stringent your organization’s security system, all is nullified if your vendors are not equally particular. Define your security requirements upfront when signing on a new vendor. Review their security processes and access control policies, and check if they conduct regular penetration testing on their systems and network. Insist they adhere to the same standards as your organization in the areas of data protection, identity management, authentication, and other security measures.
Proactively plan for third-party breaches. You will (or should) already have a robust incident response and disaster recovery plan for attacks on your own systems. Take this a step further by planning a defense against third-party attacks as well. Ask your vendors to demonstrate how they protect your data, their incident response plan, and how they will deal with breaches that can affect your data.
Periodically verify your vendor’s security posture. Security assurance is not a one-time task but a continuous process. Conduct periodic audits of your vendors to make sure that they follow best practices and have the necessary technical controls in place. The aim should not be to review every vendor you engage, but to conduct a thorough audit with greater frequency for targeted, high-risk vendors.
In this, as in other aspects of your relationship with your vendors, work with partners to identify security gaps and protect against breaches before they occur. Industry standards are gradually evolving to this end as well. The latest version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) mandates that organizations pay closer attention to partners’ security practices. This will probably provide the much-needed nudge to get businesses to think beyond only their own security posture.