Shaping-your-Cyber-Practice-in-2022
Shaping your Cyber Practice in 2022

5/5 (1)

5/5 (1)

Against a backdrop of extended disruption, cybersecurity risks are expanding rapidly and current defences are inadequate. Ransomware attacks are increasing in frequency and impact, focusing more on targets where outages are not an option, such as critical infrastructure and hospitals. Supply chain attacks are creating chaos and has led to a much-needed focus on supply chain vulnerabilities.

As digitalisation continues at a faster pace, cybersecurity is too often, a secondary concern.

With the acceleration of cloud adoption; widespread remote working; the resulting proliferation of endpoints; and the expansion of attack surface for malicious actors, this is the time for organisations to transform their cybersecurity approaches.

Here are the 5 steps that you should consider:

  • Having CISOs report directly into top management – bypassing CIOs
  • Focusing on configuration management
  • Building resilience against ransomware attacks
  • Migrating away from a legacy perimeter-based approach
  • Shifting to Policy-as-Code

In 2022, attacks on organisations will grow in frequency and intensity. Organisations need to transform their approaches to cybersecurity. This involves embracing new concepts such as zero-trust and Secure Access Service Edge (SASE) as well as a stronger focus on policy as code and human factors.

Shaping-your-Cyber-Practice-in-2022-1
Shaping-your-Cyber-Practice-in-2022-2
Shaping-your-Cyber-Practice-in-2022-3
Shaping-your-Cyber-Practice-in-2022-4
Shaping-your-Cyber-Practice-in-2022-5
Shaping-your-Cyber-Practice-in-2022-6
Shaping-your-Cyber-Practice-in-2022-7
Shaping-your-Cyber-Practice-in-2022-8
previous arrowprevious arrow
next arrownext arrow
Shaping-your-Cyber-Practice-in-2022-1
Shaping-your-Cyber-Practice-in-2022-2
Shaping-your-Cyber-Practice-in-2022-3
Shaping-your-Cyber-Practice-in-2022-4
Shaping-your-Cyber-Practice-in-2022-5
Shaping-your-Cyber-Practice-in-2022-6
Shaping-your-Cyber-Practice-in-2022-7
Shaping-your-Cyber-Practice-in-2022-8
previous arrow
next arrow
Shadow

Click here to download Shaping your Cyber Practice in 2022 as a PDF

Cybersecurity Insights
0
0
Ecosystm-VendorSphere-Oracles-Emergence-as-a-Key-Webscaler
Ecosystm VendorSphere: Oracle’s Emergence as a Key Webscaler

5/5 (1)

5/5 (1)

Oracle is clearly prioritising a rapid expansion across the globe. The company is in a race to catch up with the big 3 (AWS, Google, and Microsoft), and recognises that many of their customers are eager to migrate to the cloud, and they have other options. Their strategy appears to be to rely on third-party co-location providers for most of their data centres, and build a single availability zone per region, at least to start.

Oracle Cloud Rollout Ramps Up

Let us consider the following:

  • Oracle’s network spending level puts it in the range of other webscalers. Focusing only on the Network and IT portion of their CapEx, Oracle has now passed Alibaba. Oracle is also ahead of both IBM and Baidu, which are included in the “All others” category in Figure 1.
Annualised Network & IT CAPEX through 3Q21, Top Webscalers
  • The coverage of the Oracle Cloud Infrastructure (OCI) is impressive. It has 36 regions today (some dedicated for government use), with a plan to reach 44 by year-end 2022. That compares to 27 overall for AWS, 65 for Azure, 29 for GCP; regional competitors Tencent and Huawei have 27 regions each, and Alibaba 25 regions. The downside is that Oracle has only one availability zone in most of its regions, while the Big 3 usually have 2 or 3 per region. Oracle needs to build out its local resiliency rapidly over the next year or two or risk losing business to the big 3, especially to AWS; but the company knows this and is budgeting CapEx aggressively to address the problem.
  • Oracle’s initial reliance on leased facilities may be an interim step. The rapid growth of AWS, Azure, and GCP in the late 2010s was a surprise and Oracle started to see serious risks of losing customers to these cloud platforms. Building out their own cloud base on new data centres would have taken years and cost them business. So, Oracle did the smart thing and leaped into the cloud as fast as possible with the resources and time available. The company has scaled their OCI operations at an impressive rate. It expects capital expenditures to double YoY for the fiscal year ending May 2022, as it increases “data centre capacities and geographic locations to meet current and expected customer demand” for OCI.
  • Finally, Oracle has invested heavily in designing the servers to be installed in its data centres (even if most of them are leased). Oracle was an early investor in Ampere Computing, which makes Arm-based processors, sidestepping the Intel ecosystem. In May 2021, Oracle rolled out its first Arm-based compute offering, OCI Ampere A1 Compute, based on the Ampere Altra processor. Oracle says this allows OCI customers to run “cloud-native and general-purpose workloads on Arm-based instances with significant price-performance benefits.” Microsoft and Tencent also deploy the Ampere Altra in some locations.

Reaching Global Scale

Once Oracle decided to launch into the cloud, its goal was to both grow revenues and also protect its legacy base from slipping away to the Big 3, which already had a growing global footprint. Oracle chose to quickly build cloud regions in its key markets, with the understanding that it would have to fill out individual regions as time passed. This is not that different from the big 3, in fact, but Oracle started its buildout much later. It also has lesser availability zones per region.

Oracle has not ignored this disparity. It recognises that reliability is key for its clients in trusting OCI. For example, the company emphasises that:

  • Each Oracle Cloud region contains at least three fault domains, which are “groupings of hardware that form logical data centers for high availability and resilience to hardware and network failures.” Fault domains allow a customer to distribute instances so “the instances are not on the same physical hardware within a single availability domain.”
  • OCI has a network of 70 “FastConnect” partners which offer dedicated connectivity to OCI regions and services (comparable to AWS DirectConnect)
  • OCI and Microsoft Azure have a partnership allowing “joint customers” to run workloads across the two clouds, providing low latency, cross-cloud interconnect between OCI and Azure in eight specific regions. Customers can migrate existing applications or develop cloud native applications using a mix of OCI and Azure.
  • Oracle allows customers to deploy OCI completely within their own data centers, with Dedicated Region and Exadata Cloud@Customer, deploy cloud services locally with public cloud-based management, or deploy cloud services remotely on the edge with Roving Edge Infrastructure.
  • Further, Oracle clearly tries to differentiate around its Arm-based Ampere processors. Reliability is not necessarily the focus, though. The main focus is contrasting Ampere with the x86 ecosystem around overall price-performance, with highlights on power efficiency, scalability and ease of development. 

Ultimately the market will decide whether Oracle’s approach makes it truly competitive with the big 3. The company continues to announce some big wins, including with Deutsche Bank, FedEx, NEC, Toyota, and Zoom. The latter is probably the company’s biggest cloud win given Zoom’s rise to prominence amidst the pandemic. Not surprisingly, Oracle’s recent Singapore cloud region launch was hosted by Zoom.

Conclusion

Over the long run, the webscale market is getting more concentrated in the hands of a few players; some companies tracked as webscalers, such as HPE and SAP, will fall by the wayside as they can’t keep up with the infrastructure spending requirements of being a top player. Oracle is aiming to remain in the race, however. CEO Larry Ellison addressed this in an earnings call, arguing the global cloud market is not just the “big 3” (AWS, Azure, and GCP), but is a “big 4” due in part to Oracle’s database strengths. Ellison also argued that the OCI is “much better for security, for performance, for reliability” and cost: “we’re cheaper.” The market will ultimately decide these things, but Oracle is off to a strong start. Its asset light approach to network buildout, and limited depth within regions, clearly have downfalls. But the company has a deep roster of long-term customers across many regions, and it is moving fast to secure their business as they migrate operations to the cloud.

Cloud Insights
0
0
How-is-Your-Supplier-Using-Your-Data
How is Your Supplier Using Your Data?

5/5 (2)

5/5 (2)

What is happening to the data that you are sharing with your ecosystem of suppliers?

Just before Christmas, a friend recommended reading “Privacy is Power” by Carissa Véliz. But the long list of recommendations that the author provides on what you could and should do is quite disheartening. I feel that I have to shut off a lot of the benefits that I get from using the Internet in order to maintain my privacy.

But then over the past couple of days came a couple of reminders of our exposure – our suppliers will share our data with their suppliers, as well as be prepared to use our resources to their benefit. I am reasonably technical and still find it difficult, so how does a person who just wants to use a digital service cope?

Bunnings’ Data Breach with FlexBooker

First example. Bunnings started using a service called FlexBooker to support their click-and-collect service.

To do this, they share personal information with the company for the service to work correctly. But hackers have stolen data for over three million customers from FlexBooker in a recent data breach.

How many of Bunnings’ customers were aware that their data was being shared with FlexBooker? How many would have cared if they had known?

I have only read the comments from Bunnings included in the Stuff report but I believe the reported reaction lacks the level of concern that this breach warrants. What did Bunnings do to verify FlexBooker’s privacy and security standards before sharing their customers’ data with them? What is going to change now that the vulnerability has been identified?

Neither of these things is clear. It is not clear if Bunnings have advised their customers that they could have been affected. There is no clear message on the Bunnings New Zealand site on the details of the breach.

In “Privacy is Power”, the author makes a strong case for customers to demand protection of their privacy. Organisations that use other companies as part of their services must be as demanding of their suppliers as their own customers would be of them.

Is Crypto Mining part of antivirus?

The second example is a little different. Norton has released crypto mining software as part of their antivirus suite. This crypto mining software uses the spare capacity of your computer to join with a pool of computers that are working to create a new blockchain block. Each time a new block is added, you would earn some cryptocurrency that you could change to a fiat currency, i.e. normal cash.

But I question why a crypto miner is part of an antivirus suite. Norton makes the case that they are a trusted partner, so can deliver a safer mining experience than other options.

Norton have made the use of this software optional, but to me, it does indicate the avarice of companies where they see a potential income opportunity. If they had included the software in their internet security suite, then there may be some logic in adding the capability. But to antivirus?

The Verge did some unscientific measurements on the value to a user of running this software. They found the cost of the electricity used during the operation of Norton’s mining software was about the same as what they earned. So Norton, with their 15% fee, would be the only ones making money.

The challenge remains for most of us. Our software vendors are adding new functionality to our services regularly because it is what we as customers expect. But I rarely check to see what has been changed in a new release as normally you will only see a “bugs squashed, performance improved” messaging. We have no guarantee that they have not implemented some new way of using our information or assets without gaining explicit approval from the user for this new use.

To Norton’s credit, they have made crypto mining optional and do not activate the software without their users’ consent. Others are less likely to be as ethical.

Summary

Both of these examples show how vulnerable customers of companies are to the exposure of their private data and assets. All organisations are increasing their use of different external services as SaaS options become more attractive. Commercial terms are the critical points of negotiation, not customer privacy. What assurance do customers get that their privacy is being maintained as they would expect?

One point that is often overlooked is that many cloud service contracts define the legal jurisdiction as being either the cloud provider’s home jurisdiction or one that is more advantageous for them. So, any intended legal action could be taking place in a foreign jurisdiction with different privacy laws.

Customer service organisations (i.e. pretty much all organisations) need to look after their customers’ data much more effectively. Customers need to demand to know how their rights are being protected, and governments have to put in place appropriate consequences for organisations where breaches occur outside that government’s jurisdiction.

Cybersecurity Insights
0
0
Ecosystm Predicts: The Top 5 Trends for Healthcare in 2022

5/5 (1)

5/5 (1)

The Healthcare industry has achieved much in the last two years, despite all the struggles and pivots. However, the impact of COVID-19 on the industry is far from over.

2020 was focused on finding a vaccine against the virus, setting treatment protocols, and workforce management to handle the emergency. 2021 was focused on vaccine distribution and administration. 2022 will be the year when we start seeing the second-order impacts of the pandemic – and see healthcare providers address these impacts.

In 2022 the key drivers of the ongoing transformation in Healthcare will be:

  • Patients. Improved self-knowledge and ownership of personal health outcomes and data
  • Technology. Widespread availability and adoption of digital and cognitive technologies
  • Employees. The ongoing challenges of clinical and administrative staff
  • The Life Sciences Industry. The recent investments in, and success of the sector
  • Policy Makers. The sharp increase in focus on population health
  • Continued Uncertainty. Around challenges such as new virus strains, anti-vaccine protests, supply chain disruptions etc.

Read on to find out what Ecosystm Analysts Amit Rana, Krish Krishnan, and Sash Mukherjee think are the key achievements of the industry and the future trends in 2022 and beyond.

Click here to download this Ecosystm Predicts Ecosystm Predicts: The Top 5 Trends for Healthcare in 2022 as a PDF

Ecosystm Predictions 2022
0
0