HP’s doomsday cyber forecast
HP’s CTO Andrzej Kawalec, speaking at the European Information Security Summit in London on 10th February, has predicted a ‘catastrophic cyber attack’ in the next five years. Before people settle back comfortably and think it is ‘just another cyber attack on a brand’, think again. Kawalec foresees this as far more serious: “We expect an attack that will cause significant and lasting damage to a major world economy through physical and economic impacts”.
Kawalec acknowledges the enormous challenges around creating a resilient single digital online identity. Much of the blame he identifies as being a lack of common standards amongst social media platforms, the cloud and devices connecting to the Internet of Things (IoT).
Kawalec identifies a tricky balance to be struck between managing regulatory and privacy concerns and the potential impact on cross-border trade, or exposing industry to financial risk – which must be avoided.
HP have therefore identified three areas of cyber security in 2015 that they will urgently focus on:
• Spending more time and effort understanding our adversaries and how to disrupt them at every step.
• Understand and identify risk to ourselves to ascertain how best to protect, as well as enable information assets.
• The need for businesses to collaborate more – and share information with each other to get a unified view of the threats and extend cyber security capabilities beyond one organisation (as our adversaries have stolen the march on this – and THEY collaborate faster and more efficiently, without being weighed down by any legislation.
On a technical note, Kawalec noted the need to improve management of open-source software within organisations. He also flagged the need to address security vulnerabilities within supply chains (referring to the 2nd largest US attack on retailer Target in December 2013 which hit 40m payment card users and was the result of a compromise via their air-conditioning supplier). This highlights the need to change the way organisations deal with their suppliers – and finally, Kawalec impressed on the audience the need to improve securing the end user and the data.
Ultimately, alternatives to password-based authentication will evolve he sees – with greater focus on protecting data. This, he said, was all part of “understanding our information environments better, see how they work and find better ways of making them secure”.
Amicus ITS has joined the UK Cyber Security Forum, echoing these sentiments that shared knowledge of enterprise security specialists will help create greater strength and unity in 2015. To find out more click on http://ukcybersecurityforum.com/
IoT revenue opportunity vs business cost
The latest report by technology research marketing company Beecham Research has identified that IoT security could present a revenue opportunity, with security and data management for the internet of things (IoT) a big value-add revenue opportunity for service providers, instead of it being seen as a business cost.
With the growth and complexity of the myriad applications of IoT and emerging smart lifestyles, Beecham Forrester see this will be accompanied by an urgent need to manage connecting devices which use short-range wireless and fixed-line technologies.
Principal analyst and report author, Saverio Romeo anticipates, “Companies will increasingly rely on outsourcing and we expect that revenues from device authentication, device management, data management, billing and security will exceed $3bn by 2020. Out of these, we see security and data management services generating some $1.8bn alone”.
Data management for IoT remains currently a small market, however Beecham Research believes it has the most potential for high gross margins, with IoT security as the most strategic, across the network, device and services domains. Romeo commented: “…we see IoT security providers offering high-value, end-to-end security to service and application providers”.
This follows their last report 5 months ago urging industry to take decisive action to secure IoT devices which should be managed over their entire lifecycle (with resets an option, to enable remote remediation to rebuild and extend security capabilities over time).
As with the cyber security story above, this report has highlighted the need for industry players to unite and enable the securing of IoT devices end to end (from silicon semiconductor manufacturers to network operators and systems integrators), with particular attention to the identification, authentication and authorisation of devices and people in IoT systems.
A strong pattern is thus emerging for 2015 in the technology industry with security themes dominating. Where the core value of security is shared by organisations, there is surely a compelling argument for the different businesses to come together, share knowledge and give the end user assurance that they are safe using such devices. This can surely only result in one result: greater take up in the long term and profitability for all involved.
Value of IT outsourcing review
Figures out by Business Process Outsourcing analysts (BPO), Nelson Hall, regarding UK spend in 2014 on outsourcing and IT totalled £6.65bn, with IT outsourcing accounting for £3.44bn.
New business deals accounted for 55.5% of those signed, up from 33% in 2013. 66% of those deals were fully onshore by UK suppliers, with the remainder having an offshore element and 8% delivered exclusively from offshore locations.
The drive by organisations to digitise through Cloud and software development (DevOps) saw a substantial rise in private and hybrid cloud transformation. However, the desire for many businesses to transform their business IT infrastructure environment and the costs involved, meant that many could not fully migrate and so a transactional and usage-based pricing model in contracts emerged.
• Private enterprise accounted for 63% of the spending.
• Local government saw 15% increase in average contract values rise to £30.3m.
• The financial services industry spend was £1.1bn in 2014.
• With energy and utilities companies accounting for 187% growth in IT spending (the fastest growing, which reached £1.07bn).
MSPs which can offer a comprehensive array of IT services and on top of this can apply a flexible approach to their customers with fully secured Cloud solutions and 24×7 support will be the beneficiaries of this increasing trend as 2015 gets underway.
Keeping your keys out of the Box
Cloud storage provider Box has announced a new service that could be a first in the file storage arena. The new service is currently in Beta and allows organisations to hold their own encryption keys for their data. This differs from the traditional approach where the service provider tightly guards everyone’s encryption keys.
This new service called Enterprise Key Management (EKM) will appeal to highly regulated industries such as healthcare, finance, government and the legal sector. EKM will also appeal to those worried about hackers, government requests for data and Cloud providers’ own employees having access to their data.
EKM essentially gives you control over the one master key for your data. But, it also gives you FULL responsibility. You may no longer need to worry about the threat of hackers getting to your data through your service provider but this should only alleviate concerns if you believe your own security is sturdier.
If you do consider EKM, the most important consideration will be the storage of the encryption key itself. Of course it will need to be resilient enough to survive hardware or site failure, but the strategy to make sure it is backed up, specifically regarding access to it and backups, will need to careful consideration. Whilst EKM does solve many of the issues some have with Cloud storage solutions today it also comes with its own set of new unique challenges and should only be chosen after great consideration.
Ever Greener Apple
Apple is no stranger to being green. Not only does the company promote their own products with an environmental check-list on launch, the iPhone producer also uses renewable energies like solar to power their services.
Apple has detailed plans to spend $850 million on a new solar farm in California. This deal marks the largest ever supply of ‘clean power’ to a commercial user. The farm itself will cover 2,900 acres and will have the equivalent to power 60,000 Californian homes. The power from the new farm will be split with 130-megawatts going to Apple to power buildings such as its future campus, while the remaining 150 megawatts is being sold to the Pacific Gas & Energy’s grid.
This huge spend continues Apple’s commitment to use 100% clean energy – and if successful could be used as the blueprint for many other clean energy driven enterprises going forwards.
Amicus ITS Blog 