|By ManageEngine IT Matters||
|July 13, 2016 04:26 PM EDT||
How to Combat Security Cracks Created By Collaboration
By Ram Vaidyanathan, ManageEngine
Meanwhile, collaboration has become the cornerstone of successful organizations. But collaboration often comes with a risk. The number of cyberattacks will grow as employees increasingly use collaboration tools to maximize their company's productivity. This is because these tools can provide new points of entry for hackers looking to cause damage. This issue could become more serious as we will see more radical collaboration tools in the days to come. Fortunately, there are always going to be readily available solutions.
Here are three ways in which an organization's security can be compromised due to increased collaboration.
1. A wolf in sheep's clothing: Companies collaborate with suppliers, vendors and customers in the cloud every day. Consider this scenario: A supply chain executive receives an automated weekly email with an MS Excel file from their logistics partner, giving the estimated time of arrival for products. A cybercriminal somehow discovers this practice. The criminal then impersonates the logistics partner by using a similar email address. The executive doesn't notice and downloads the attachment - an executable (.exe) file masked as an MS Excel file. When the executive opens the file, a wolf in sheep's clothing enters the company's network to steal trade secrets, financial data, and customer information. This modus operandi, called spear phishing, is popular globally. By some estimates, 91% of all attacks begin with spear phishing.
2. A betrayal: With the advent of bring your own device (BYOD), collaboration has become fairly common. Employees can now access work files while away from the office and increase their productivity. On the other hand, disgruntled employees can easily expose information or even sabotage company files. What if an employee who is about to join a competitor were to print customer contact details from a remote location? And what if this employee took this information to the new workplace? This betrayal could lead to the company losing its competitive edge.
3. A foreign adversary: Even governments are not immune to cyberattacks from foreign state-sponsored adversaries. Government employees may visit certain websites frequently to collaborate with employees from other departments or with their citizens. Malware placed on these sites could exploit vulnerable endpoints and compromise the devices of any visitors. Malware can also morph into more serious advanced persistent threats (APTs) that can lurk in the victim's system for a long time. This way, these adversaries could secretly keep a tab on issues of national security and international policy. When governments can face such threats, businesses are all the more at risk.
To fight data breaches and defend their business, organizations must protect all entry points. Here are few ways in which organizations can defend against each of the threats identified above.
1. Guarding the door: Application white listing, a method of checking applications against an approved list, is effective against criminals in disguise looking for an entry point. If an unknown program tries to run, it will be barred. This is very effective against spear phishing attacks. In addition, a log management system would help to collect logs on failed access attempts and decipher whether or not they are attacks.
2. Guarding from inside: A privileged password management process can help organizations protect against insider threats. All privileged identities and passwords are stored in a centralized vault and only approved devices are allowed to access information from remote locations. Furthermore, companies can video record all sessions, whether on-premise or remote, for a complete record of all actions.
3. Defending against international threats: Software applications that analyze packet flow can detect malicious traffic hitting the network in real time. In case of a sophisticated attack, the company can immediately view the offender's IP, the severity of the attack and the time of the attack. A detailed forensic investigation will enable the company to detect patterns and identify the source of unwanted intrusions.
In the present age of heightened collaboration, the risk of cybercrime is very high. Organizations need to defend against techniques such as spear phishing, malware and APTs, among others. Application white listing, privileged password management and network behavior anomaly detection are just three modes of defense.
And what happens in a future of radical collaboration tools?
Future collaboration tools will be even more powerful. For example, the combination of holography and brain decoding technology may create a society in which people have meetings between their virtual selves in the office. What if a cybercriminal impersonates a CEO's virtual self and compromises the business by giving wrong instructions during a meeting? In a scenario like this, even if a criminal were somehow able to project the CEO's hologram inside the office, the ICT team could detect the deviation if there were inconsistencies with the CEO's known logic. There is no doubt that the future holds endless possibilities for collaboration, which we know to be integral for business success. We just need to make sure our security technology is well equipped to handle it. However sophisticated the attacks in an age of increased collaboration, a proactive ICT team will always prevail.
Ram Vaidyanathan is an IT evangelist at ManageEngine, the real-time IT management company. Ram closely follows emerging industry trends and is a frequent blogger on technology topics. His main interest is in the impact of the Internet of Things on IT management. He has an MBA from the Schulich School of Business.
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busin...
Apr. 24, 2017 08:15 PM EDT Reads: 336
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Apr. 24, 2017 08:00 PM EDT Reads: 669
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
Apr. 24, 2017 07:45 PM EDT Reads: 2,116
In recent years, containers have taken the world by storm. Companies of all sizes and industries have realized the massive benefits of containers, such as unprecedented mobility, higher hardware utilization, and increased flexibility and agility; however, many containers today are non-persistent. Containers without persistence miss out on many benefits, and in many cases simply pass the responsibility of persistence onto other infrastructure, adding additional complexity.
Apr. 24, 2017 07:30 PM EDT Reads: 2,101
Cloud Expo, Inc. has announced today that Aruna Ravichandran, vice president of DevOps Product and Solutions Marketing at CA Technologies, has been named co-conference chair of DevOps at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Apr. 24, 2017 07:15 PM EDT Reads: 2,396
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
Apr. 24, 2017 07:00 PM EDT Reads: 717
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
Apr. 24, 2017 06:45 PM EDT Reads: 560
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Apr. 24, 2017 06:45 PM EDT Reads: 678
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Apr. 24, 2017 06:30 PM EDT Reads: 624
SYS-CON Events announced today that Twistlock, the leading provider of cloud container security solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Twistlock is the industry's first enterprise security suite for container security. Twistlock's technology addresses risks on the host and within the application of the container, enabling enterprises to consistently enforce security policies, monitor...
Apr. 24, 2017 04:45 PM EDT Reads: 3,415
Quickly find the root cause of complex database problems slowing down your applications. Up to 88% of all application performance issues are related to the database. DPA’s unique response time analysis shows you exactly what needs fixing - in four clicks or less. Optimize performance anywhere. Database Performance Analyzer monitors on-premises, on VMware®, and in the Cloud, including Amazon® AWS and Azure™ virtual machines.
Apr. 24, 2017 04:30 PM EDT Reads: 1,641
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, pane...
Apr. 24, 2017 04:30 PM EDT Reads: 1,990
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Apr. 24, 2017 03:45 PM EDT Reads: 579
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
Apr. 24, 2017 03:30 PM EDT Reads: 2,536
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
Apr. 24, 2017 03:00 PM EDT Reads: 1,881
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Apr. 24, 2017 02:45 PM EDT Reads: 612
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Apr. 24, 2017 02:15 PM EDT Reads: 1,114
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
Apr. 24, 2017 01:30 PM EDT Reads: 644
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and 21st International Cloud Expo, which will take place in November in Silicon Valley, California.
Apr. 24, 2017 01:15 PM EDT Reads: 2,147
@DevOpsSummit has been named the ‘Top DevOps Influencer' by iTrend. iTred processes millions of conversations, tweets, interactions, news articles, press releases, blog posts - and extract meaning form them and analyzes mobile and desktop software platforms used to communicate, various metadata (such as geo location), and automation tools. In overall placement, @DevOpsSummit ranked as the number one ‘DevOps Influencer' followed by @CloudExpo at third, and @MicroservicesE at 24th.
Apr. 24, 2017 11:45 AM EDT Reads: 2,639