SMBs’ Cloud Security Struggles Exposed

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Of the 4,984 IT professionals queried in a recent Sophos cloud security survey, 56% report a surge in attack volume and 53% say the negative effect of security incidents has been more severe in 2022 than 2021.

• Nearly two-thirds admit limited vantage point into their cloud assets and configurations was cited as a major contributor to their security woes.

The migration to the cloud has been especially challenging for small and mid-sized businesses that often lack the internal expertise necessary to make the transition successfully. Cloud security is one of the most vexing issues, with SMBs too often lacking the resources to consistently monitor what are often complex cloud environments. In a recent Sophos survey of 4,984 IT staffers in 31 countries, the security vendor has found a sharp increase in the volume, complexity, and negative impact of attacks in the last year. An alarming 67% report that their organizations have been subject to a ransomware demand.

Continue reading “SMBs’ Cloud Security Struggles Exposed”

Cybersecurity Workforce Gap Leaves Many Organizations Underprotected

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• (ISC)² reports that while big gains have been made in hiring cybersecurity professionals around the world in 2022, the number of unfilled positions have expanded dramatically.

• Nearly 70% of the 11,779 professionals surveyed for the study say understaffing made their organizations vulnerable.

With the volume of threats on a seemingly endless upward trajectory, awareness of how critical it is to have effective security technology and personnel in place has been a long-time board-level concern. Unfortunately, lack of resources, particularly of the human variety, has plagued the security industry for years. Despite some major efforts across industries to bring in more security talent, there are still major gaps in coverage. In its 2022 Cybersecurity Workforce study, the non-profit security professional’s organization (ISC)² report an 11.1% increase in the number of security professionals in the workforce globally. This represents an addition of 464,000 security staff in the last year. Unfortunately, demand is outstripping supply. The number of unfilled IT security positions has more than doubled to a 26.2% increase in the last year, which translates to more than 3.4 million vacant spots.

Continue reading “Cybersecurity Workforce Gap Leaves Many Organizations Underprotected”

Akamai Reports a Surge in Malicious Domains

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Akamai has identified almost 13 million malicious domains per month in 2022, roughly 20% of all newly observed domains (NODs) that access the provider’s content delivery network (CDN).

• While it remains to be seen how threat actors will operationalize these, it is indicative of looming state-backed cyberwarfare attacks.

Security, cloud, and CDN provider Akamai offers some insights into a looming cyber threat. In a report published at the end of September 2022, Akamai says it has seen a significant uptick in the number of malicious NODs on its CDN. The company says NOD-based threat detection gives the company a means to assess the “long tail” of DNS queries to identify new threats in a very early phase. Akamai defines a NOD as a domain name queried for the first time within a 60-day window.

Continue reading “Akamai Reports a Surge in Malicious Domains”

IBM Joins Forces with 20 HBCUs to Open Cybersecurity Training Centers

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• IBM added 14 Historically Black Colleges and Universities (HBCUs) cybersecurity partners as the company looks to help train and certify new industry professionals.

• The initiative is part of IBM’s broader, pro bono effort to foster science, technology, engineering, and math (STEM) programs in high schools and colleges.

At the National HBCU Week Conference in Washington DC (US), IBM said it is adding 14 new colleges and university partners to its program announced in May 2022 to train students to become cybersecurity professionals. This brings the total number of IBM’s partners to 20 schools in 11 states.

Continue reading “IBM Joins Forces with 20 HBCUs to Open Cybersecurity Training Centers”

Verizon’s 2022 Payment Security Report Shed Light on Progress and Challenges in Data Protection

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In 2020, Verizon compiled data from PCI DSS security assessors from Verizon and four outside sources to analyze the state of compliance and data security in advance of the release of the latest version of the PCI DSS specification – 4.0 – earlier this year.

• The results are encouraging with 43.4% maintaining full compliance as assessed during an interim audit in 2020 versus 27.9% in 2019.

While the need to meet regulatory requirements associated with data privacy is often cited as an investment driver in security technology, too often organizations struggle to maintain protections during the interim periods between Payment Card Industry Data Security Standard (PCI DSS) audits. The lack of consistent enforcement leaves organizations that handle sensitive financial information vulnerable to breaches. Continue reading “Verizon’s 2022 Payment Security Report Shed Light on Progress and Challenges in Data Protection”

Realizing Real Returns from On-Demand Service Investment in Latin America

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

As the global economy faces serious headwinds from a challenging geopolitical climate, enterprises are turning to technology as a tool to help navigate rocky competitive terrain. This is particularly true in regions like Latin America where economic instability has long been a problem. Serious economic challenges came into sharp relief in the region when nominal GDP declined 16.3% in 2020 from $5.2 trillion to $4.5 trillion. Continue reading “Realizing Real Returns from On-Demand Service Investment in Latin America”

AWS’ Private 5G Service Hits the Market with a Big Asterisk

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:        

• Eight months after AWS announced it was bringing a private 5G service to market, the solution is now generally available in select AWS regions.

• The AWS Private 5G service comes with a big, carrier-style caveat at launch; it only supports 4G LTE with 5G coming sometime in the future.

After announcing it in December 2021, Amazon Web Services (AWS) has now rolled out its AWS Private 5G service to a wider prospect pool, but without 5G support. The misleading branding of the service will no doubt cause confusion, particularly given the fact that AWS hasn’t specified when support for 5G will be available.

Continue reading “AWS’ Private 5G Service Hits the Market with a Big Asterisk”

Mobile Insecurity: Changing Workplace Models Expose Enterprise Vulnerabilities

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Almost half of organizations queried suffered a mobile device related breach in the last year.

• The majority of organizations link the increase in incidents to migration to a hybrid work environment.

It is no secret that the sudden shift to remote work during COVID-19 lockdown put tremendous pressure on IT teams as they scrambled to deploy and manage new collaboration tools and related IT services. Over time, it became apparent that many enterprise security vulnerabilities were exposed in that overnight migration, and as a result there was an uptick in breaches. Continue reading “Mobile Insecurity: Changing Workplace Models Expose Enterprise Vulnerabilities”

Amazon Goes All-in on Healthcare with $3.9 Billion One Medical Acquisition

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Amazon caught both the tech and healthcare industries off guard when it announced it had reached an agreement with One Medical to acquire the tech-centric healthcare provider for $3.9 billion.

• The deal raised some regulatory red flags as critics questioned the data privacy implications of having a large retailer with a massive cloud platform having access to patient records.

Amazon’s planned One Medical acquisition stunned both the healthcare and technology industries. While the deal is not the retailer’s first foray into healthcare, the value of the deal and the pairing with Amazon’s other interests in both brick-and-mortar retail (Whole Foods and Amazon Fresh) and pharmaceuticals (PillPack) show just how serious the company is about pursuing an outsized role in the medical industry. One Medical, which operates just under 200 clinics, offers patients a subscription-based telehealth service, which dovetails with Amazon’s own Prime model. Continue reading “Amazon Goes All-in on Healthcare with $3.9 Billion One Medical Acquisition”

Google Cloud Launches New Subsidiary Catering to Government Clients

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• A bit late to the enterprise party, Google Cloud is looking to play catch up on the government front with a new public sector business.

• The business will operate autonomously while selling the full suite of Google products.

Looking to capture a bigger share of the public sector IT sales and challenge fellow hyperscale rivals Amazon Web Services and Microsoft Azure, Google Cloud is launching a separate subsidiary to serve US government clients, which will have its own separate board of directors to be named later. The Google Cloud Public Sector arm will sell the full suite of Google services, including cybersecurity solutions to federal, state, and local government entities. Will Grannis, Google Managing Director and Chief Technology Officer, will oversee the new business at launch until a permanent CEO is named. Lynn Martin, a Google vice president, will head the US Public Sector sales organization.

Continue reading “Google Cloud Launches New Subsidiary Catering to Government Clients”