Monday, 22 January 2018

Bomgar Enables GDPR Compliance for Privileged Users

Bomgar, a leader in secure access solutions, today announced its secure access solutions can help organisations comply with the upcoming EU General Data Protection Regulation (GDPR) mandates. The amount, sources, and types of data that are collected and used by organisations today has grown exponentially, along with the value that can be gained from obtaining this data. How and where companies store and process data has moved from inside the traditional IT perimeter to hybrid and cloud environments that span systems and data centres around the globe. With the fast-approaching enforcement of GDPR going into effect 25 May 2018, organisations need to be prepared to meet the new standards to maintain data privacy.

Bomgar’s solutions have always focused on security at the heart of their design. This ensures that every remote access connection made by our customers—whether a privileged user connecting to a critical system or device or a help desk connecting to an end-user’s system—is secure, protecting critical systems and data and helping organisations meet the GDPR requirements.

 

Bomgar’s solutions include:

  • GDPR Pseudonymization Support – Meet GDPR initiatives through responding to Right to Erasure requests by searching for specific criteria supplied by the requestor.
  • Improved Customer Agreement Enhancements – Improve security among support teams by reassuring customers they’re dealing with the intended organization, and keep your brand front and center while presenting and capturing consent.
  • Enforce Policy of Least Privilege – Only give access to data to those who need it, when they need it, with granular levels of access controls that eliminate “all or nothing” access.
  • Manage Privilege ‘Sprawl’ – Identify and secure all your privileged accounts centrally across your organisation, including dormant credentials, eliminate insecure practices of employees sharing or writing down passwords, and integrate your security policies.
  • Secure and Protect All Privileged Accounts – Store, rotate, and manage privileged credentials within a secure enterprise password vault, and grant access based on job roles and requirements creating a reliable “privilege on demand” workflow.

 

“Security must be central to an organisations’ data privacy strategy to ensure they can control and protect access to the systems that hold personal data,” said Martin Willoughby, SVP, general counsel and chief privacy officer at Bomgar. “Organizations must also ensure all remote access methods are secure to protect their data as this is the number one method of compromise. Bomgar’s Secure Access solutions enable businesses to control, monitor, and manage access to critical systems and data, while ensuring that people remain productive and are not impeded in their day to day job tasks.”

For more details about how Bomgar can help your organisation meet the new GDPR standards, download this free whitepaper and register for our upcoming webinar: GDPR and Remote Access Security: What You Need to Know.

The post Bomgar Enables GDPR Compliance for Privileged Users appeared first on IT SECURITY GURU.



from Bomgar Enables GDPR Compliance for Privileged Users

72 hours and counting: The role of AI in GDPR

Written By  John Titmus, Director, EMEA – Sales Engineering, CrowdStrike

The need to be GDPR-ready may be attention-grabbing right now, but turn this on its head; would you rather be compliant or protected against breaches? If you more concerned about compliance without understanding the role of security and protection, you may face the ticking of the breach notification clock – 72 hours and counting and the related penalties associated

 

Compliance does not equal protection

Fear can be a positive emotion, preventing us from straying into dangerous situations, but it can also be crippling – stopping us from pursuing the correct course of action when required. With the looming GDPR deadline, are businesses seeing compliance as a tick box only activity, or should they be seeing the new regulations as an opportunity to improve their defences against an unprecedented rise in cyberattacks?

A ‘tick box’ mentality might help achieve compliance within the requirements of GDPR, but there is much more that they can do to abide by its spirit. What does that tick in the box really mean? When can you start to celebrate? The truth of the matter is, you are only compliant for that brief moment in time.

Businesses need to demonstrate more than mere compliance: they need to show that they are sophisticated enough to deal with any breach that occurs, and have the right processes in place to minimise the damage and effectively report the extent of the breach. Stating you were compliant when a breach happened doesn’t protect your organisation or your customer data.

 

Beyond compliance

One of the most high-profile recent breaches – targeting Equifax – highlighted the reputational damage that delayed breach notifications can cause. Under GDPR, any delay will come with a hefty financial cost. The penalties for non-compliance with GDPR are well-known – a fine of up to 4% of revenue or €20m, whichever is the greater. An organisation can still be compliant yet suffer serious financial and reputational consequences from a breach that goes undetected. It’s therefore incumbent upon any organisation to ensure they are not only compliant, but always prepared for any breach. And the only way to build the right defences is to take the focus away from the breach and re-direct it to stopping the malware and demonstrating that you have mature processes in place to help detect, prevent and respond.

 

The Role of AI in GDPR

The key to defeating cyber attackers is to master huge volumes of data about threats in real time; and this simply isn’t possible without the use of AI due to the volumes of data that need to be processed. To give you an idea of the scale of the analysis, CrowdStrike collects and analyses around 67 billion events every single day. AI is used to access and contextualise all this data in under five seconds providing a real-time view of current threats, organisations need to be protected from.

The real essence of GDPR lies in the ability to demonstrate maturity from both a technical and process perspective, to be able to deal with a breach, should it occur. Harnessing technologies that use automation to operationalise data and artificial intelligence (AI) will make a big impact and also help to approach GDPR with a proactive ‘stopping malware’ mind-set.

AI can provide the ability to scale, provide visibility and therefore protect us at speed, as time can be the enemy. Used intelligently, AI enables us to see what’s happening in the world at any given moment, and to interrogate data to identify indicators of attack (predictive methods) as well as indicators of compromise. When combined with machine learning, it’s an incredibly powerful capability in the fight against hackers; constantly collecting, analysing and adapting security algorithms. Without the ability to understand if there are indicators of compromise in real-time, you will never be able to establish IT hygiene and, more importantly, have a security posture that is ready to face any future threats.

 

From compliance to security hygiene

Organisations also need to invest in processes to protect data and identify how that data is being accessed. Early warning systems that detect intrusions by external threat actors or insiders trying to gain unlawful access are key – but so are established guidelines for how to respond to a breach, such as isolating infected devices, remediating the estate, and working with legal and PR to formulate the right public response.

Preventative measures are also a fundamental part of the approach. With the rise in IoT, organisations should question which devices are WiFi-enabled and if they really need to be connected. Simple measures like this can ensure that they minimise the chance that they are compromised or become vectors for an attack.

We see this as ‘security hygiene’; a posture that focuses on cross-organisational measures to combat breaches, rather than a narrow focus on point security such as AV or endpoint protection.

 

Conclusion

Organisations should not fear the 72-hour deadline for breach notification but use this as an opportunity to review their existing processes and security. Achieving this target might mean that an organisation protects itself from huge fines mandated under GDPR, but it also provides the opportunity to make those updates to their technology and processes that may be overdue; being able to discover indicators of attack in real-time and prevent a breach. This might sound like another impossible requirement to add to the already stringent demands of the GDPR, but in fact the right tools and processes, can achieve this easily.

Don’t let fear be your motivation for achieving GDPR compliance. Instead, focus on how your business can give itself – and its customers – the best protection possible.

The post 72 hours and counting: The role of AI in GDPR appeared first on IT SECURITY GURU.



from 72 hours and counting: The role of AI in GDPR

Learning to live left of breach

Written By Harlan Carvey, Director of Intelligence Integration, Nuix

The cybersecurity industry tends to focus its attention on what to do after a breach or a hack occurs. After all, this is the topic of discussion for the media, or an organisations’ partners and customers. “What does the victim do now?” But shouldn’t we at least be as interested, if not more so, in what the organisation should be doing before a breach ever occurs? This is how we’ve come up with the term, staying left of the breach – meaning before it takes place.

It’s pretty much commonly agreed upon within the industry that data breaches are inevitable. It won’t be long before the media outlets give us another Equifax, Three, Deloitte or Wonga (to name but a few) – and demonstrate the potential irreversible damage the breach may have on said organisation.

As the stories of these breaches emerge, we continue to see organisations remaining right of breach for far too long; that is, in pure reactive mode. Panicking and scrambling to collect information that may no longer exist – often days, weeks, or even months after the breach occurred. So, what exactly does this look like in practice?

Living right of breach

The first step to understanding the difference is learning what to expect if you choose to remain right of breach…

A sense of panic and dread

It’s only natural upon learning that your organisation has been breached that a sense of dread will begin to fall over any business leader.  There is a correct way to react, but because you’re living “right of breach”, you begin to panic and scramble for answers. What resources or assets have been compromised? And, very often you can’t find the data you need to inform legal counsel and senior executive decisions due to inadequate incident preparation. Combine the lack of planning with a lack of experience and the overwhelming requirement to report to compliance and regulatory bodies, and the result is pandemonium.

The end result is that a breach becomes wildly expensive for any organisation – not just in terms of litigation – but in terms of brand reputation, to which it can have a devastating effect for even the largest of conglomerates.

Regulations and notifications

Depending on where your organisation is based, you will be held accountable to any number of compliance requirements and regulation bodies. One such regulation that centres around breach notification is the EU’s General Data Protection Regulation (GDPR). Organisations whose business operations are predominately based within the European Union (EU) have had no choice but to pay attention to the regulation once it comes into effect in May of 2018. After all, if they choose to ignore it, they could face significant fines for noncompliance. These fines are the greater of €20 million or 4% of the organisation’s global gross revenue. The time and money spent having to comply is surely the preferable option for organisations operating within the EU.

To the left, to the left

Now that we understand a little more about the costs of being breached, let’s turn our attention to the benefits of staying in that ideal left of breach posture, and some ways to remain there.

Plan for the worst, hope for the best

If you plan for incidents to occur, if you run your organisation “left of breach”, you can budget for the costs of planning and implementing your security strategy. Yes, there are one-time start-up costs and annual upkeep or maintenance costs, but all of these will become part of budget planning, and hence, the annual financial planning process.

By taking this approach, you can detect breaches much earlier in the threat lifecycle, which removes a great deal of the costs resulting from a breach. Through early detection and remediation, you avoid the costs of notification and the legal fees for subsequent lawsuits.

More importantly, if you’re only responding to a breach many months after the fact, it can very hard to say definitively what data was compromised. Detecting and halting the breach before the attacker can access sensitive data means you won’t have to deal with notification costs.

Why early detection is the way forward

When you build your infrastructure with visibility in mind, you naturally learn a fair bit about what’s going on inside your virtual walls. You begin seeing a great deal of the activity that’s occurring on your systems, both long-running and short-lived processes. As you begin monitoring your systems, even the most basic filters for process activity will illustrate suspicious activity.

This sort of visibility, particularly when coupled with system hardening and audit configuration, inherently leads you to understand and detect suspicious activity, as well as outright breaches, much earlier in the threat lifecycle. Rather than learning from an external third party that you’ve been breached, you detect the breach before the attacker can access sensitive data.  As such, you can then state definitively that sensitive data was not accessed in your report to your compliance oversight body.

Endpoint visibility and monitoring tools allow organisations to detect the presence of malicious actors much sooner within the breach cycle. This then allows security teams to identify their entry point and respond with a planned approach before they develop a foothold within the IT infrastructure.

Getting to the left of breach

Getting left of breach means configuring your systems appropriately for your infrastructure and then utilise them for visibility.

When I say configuring your systems, ask yourself questions like:

  • Why is our DNS or DHCP server running a web server and Terminal Services?
  • Should both of those be accessible from the internet?
  • Are our systems configured to provide only the necessary and defined services, and are those systems and services patched appropriately?

The purpose of system configuration is to reduce your potential attack surface, making it harder for cybercriminal to gain access to systems by forcing them to change the methods they use to attack your organisation.

Enabling endpoint visibility and monitoring the information collected allows your organisations to capture a complete record of an adversary’s access to your network.  The appropriate application of threat intelligence allows you to filter through the vast amount of “normal” activity within your infrastructure that is indicative of day-to-day business, and alert on activity associated with dedicated adversaries. This process then gives you the ability to quickly filter through massive amounts of data to focus on just those relevant activities. The same is true for insider threats as well as a wide range of security issues.

It comes down to the saying “An ounce of prevention is worth a pound of cure.” Of course, you can justify spending large sums of money and time by waiting for a breach to occur. Once that happens, what choice do you have? Isn’t it better to take the time, money, and energy to focus on staying “left of breach”, rather than suffering from the enormous costs (financial, legal, brand) associated with being “right of breach”? Chances are your stakeholders and investors will thank you in the long run when your organisation is breached.

The post Learning to live left of breach appeared first on IT SECURITY GURU.



from Learning to live left of breach

Friday, 19 January 2018

Netflix and Chill? If you open this email you could be screwed

If you’re planning a weekend binging on Netflix while relaxing with loved ones be warned – the brand is being used by scammers to screw over unsuspecting users!

 

Phishers have been spoofing this popular brand for a year, trying to trick users into handing over their credentials and payment information, but this week the scammers upped their game.

 

Users have been reporting messages purporting to be from the popular video streaming service that claims the recipient’s payment has been declined. It then urges them to update their payment details which transfers them to a very believable page where the victim is encouraged to submit their credit card details. Anyone that does this is then transferred to a legitimate Netflix page, while the criminals disappear into the night with the user’s financial information. Not Good!

 

Of course, for individuals, this could be very upsetting. But surely this is just a consumer issue? Well, in this case, yes it is – but phishing does pose a threat to the enterprise. Eyal Benishti, CEO and Founder of IRONSCALES explains, “If a phishing email, such as this, happens to drop into an employee’s inbox whilst at work, this could quickly become a problem for the entire organisation.”

 

While the recent Netflix scam leads to a phishing website, phishing attacks are on the increase with many used to deliver malware and organisations firmly in the attacker’s sights.

 

Eyal continues, “As is the case in any phishing incident, vigilance is key. Never hand over any official information, and if you are even slightly suspicious, contact either the ‘Sender’ (in this case Netflix), or if at work, your IT Security Team. Scams like this are often spotted relatively quickly, so keeping an eye on social media, news sites and even doing a quick Google search, could prevent you, and your organisation, from becoming the latest victim.”

 

Offering his advice to thwart phishing attacks, Eyal added, “It is imperative to help users identify well-crafted impersonation techniques, in order to avoid a potential cybersecurity incident, which could be crippling for an organisation. This means employing mailbox level detection that tracks user behaviour analysis to build a picture of what is deemed normal behaviour so that anomalies in communications are easily spotted and automatically flagged as suspicious, in tandem providing an augmented email experience (InMail alerts) and mechanism (report button)  to help  employees better spot and easily report something amiss in a message ultimately helps protect the enterprise.”

 

This weekend, as you reach for the popcorn, make sure criminals aren’t reaching out for your credit card details.

The post Netflix and Chill? If you open this email you could be screwed appeared first on IT SECURITY GURU.



from Netflix and Chill? If you open this email you could be screwed

DDoS Defence Demands a Hybrid Approach

Just imagine that a DDoS attack is crushing your network. Your enterprise’s internet pipe is under siege and almost to capacity. There is nowhere else for the traffic to go, making it impossible for legitimate user traffic to get through. So, what is the result? The attack is successful, your network or services fall down, you lose productivity and revenue, your brand is irrefutably damaged and all you can do is pick up the pieces.

It doesn’t have to be this way though. Had the enterprise in this scenario employed a hybrid approach to its DDoS Defence, it would’ve been back to business as usual once the attack was mitigated. How does it do this, you ask? By swinging traffic to the cloud to get a good scrub down. The most effective way to battle DDoS attacks is with a hybrid approach that marries cloud and on-premise protection that can stand up to attacks of any type and any size.

Why Hybrid?

Hybrid DDoS defence is the best of both worlds. It combines cloud scrubbing with the surgical precision and context-aware controls of an always-on, instant on-premise DDoS solution. When DDoS attack volumes grow beyond the capacity of your internet pipe, it diverts traffic to the cloud maintaining service availability.

With this powerful combination, you can defend against frequent smaller and sophisticated attacks that target applications, services and security devices, and the colossal 1 Tbps volumetric attacks that crush companies and make for compelling headlines.

According to Verisign’s DDoS Trend Report for the first quarter of 2017, 41 percent of DDoS attacks are less than 1 Gbps and 77 percent are less than 10 Gbps. These attacks are more effectively mitigated with surgical, on-premise DDoS defence, while the cloud is available on-demand for when attack volume grows beyond the capacity of your internet pipe.

Blending cloud and on-premise DDoS defence ensures network exhaustion and application layer attacks are caught, and it eliminates mitigation errors that cause collateral damage to legitimate traffic and users. This is the whole point of DDoS defence, to ensure legitimate traffic and users get through.

Hybrid DDoS users also get the benefit of cloud scrubbing while maintaining the operator control of an on-premise solution, which delivers the application protection that cloud scrubbing alone cannot.

At the same time, hybrid DDoS defence eliminates the added expense of using cloud scrubbing alone. Some cloud scrubbing services charge based on the total amount of traffic diverted. That’s unnecessarily costly, because you end up paying not only for the legitimate traffic you are seeking to protect, but also for the massive volumes of attack traffic. A hybrid solution kicks to the cloud only when the always-on, on-premise, solution is overwhelmed, and you only pay for cloud scrubbing as you use it.

A Complete Hybrid DDoS Solution

For the best DDoS protection, you need to make sure you have a complete hybrid solution, including an on-demand cloud DDoS scrubbing solution that gives you the full spectrum of DDoS protection, especially when combined with other precise defence solutions.

Solutions that deliver cloud-scale hybrid DDoS protection against volumetric attacks that exceed your internet bandwidth is required for the best protection. This hybrid approach offers precision protection against all DDoS attack strategies such as volumetric, network-based, application layer, slow and low attacks and attacks missed by cloud scrubbing services.

Coupling on-demand cloud scrubbing with other on-premise DDoS defences minimises false events with source-based mitigation; protects enterprise personnel and customers; and enforces protection via threat intelligence services and more than 27 traffic behaviour indicators to increase mitigation accuracy.

Cloud DDoS protection services should be built on protecting legitimate traffic, not the amount of traffic that attacks apply. With an effective protection service, you are only charged for the protected traffic and the number of times cloud-scale scrubbing is required. Coupled with a product that deflects all attacks that fall under your on-premises internet bandwidth, your enterprise can have the most surgically effective and economical full spectrum DDoS solution on the market.

The post DDoS Defence Demands a Hybrid Approach appeared first on IT SECURITY GURU.



from DDoS Defence Demands a Hybrid Approach

Wombat Security Pinpoints Phishing Impacts and Key Regional, Industry, and Generational Differences in Fourth Annual State of the Phish™ Report

Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, today announces the release of its annual State of the Phish™ research report. The report findings demonstrate that the war against phishing is still on, with 76% of organizations experiencing phishing attacks in 2017 and nearly half of information security (infosec) professionals saying that the rate of attacks increased from 2016. The impacts of phishing were also more broadly felt than in 2016, with an 80+% increase in reports of malware infections, account compromise, and data loss related to phishing attacks.

 

Even so, Wombat customers show positive trends and progress within their programs, with declining click rates and increases in the number of suspicious emails identified and reported by end users. Unfortunately, awareness of phishing and ransomware has not trickled down to the average technology user, as revealed by the international third-party survey that was conducted as part of the State of the Phish research.

 

The fourth annual State of the Phish Report assembles data from three main sources:

  • Analysis of tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period
  • 10,000+ responses collected from quarterly surveys of Wombat’s database of infosec professionals (customers and non-customers) from more than 16 industries
  • Insights from a third-party survey of more than 3,000 technology users (1,000+ adults each in the US, UK, and Germany)

 

The 2018 report is structured differently than in prior years, with data presented via four overarching themes:

  • Business intelligence gathered from simulated phishing data and real-world experiences of infosec professionals
  • Factors that influence click rates and reporting (such as industry and program maturity) and data about use of consequence models
  • Key differences between organizational approaches to end-user risk management in the US and the UK
  • End-user knowledge levels related to phishing, ransomware, and smishing (SMS/text message phishing)

 

Also new this year is a more in-depth look at regional differences between US and UK approaches to cyber security education. Wombat found that UK organizations are less likely to assess end users’ susceptibility to phishing attacks; more frequently use passive security awareness and training tools (like videos, posters, and newsletters); and are much more likely to rely on yearly cybersecurity training. The report also reveals that US organizations — which favor interactive training methods delivered on a monthly or quarterly basis — are more than twice as likely to realize quantifiable results from their efforts.

 

“The State of the Phish Report shows that simulated phishing attacks are certainly valuable tools in the battle against social engineering attacks, but it also reinforces the need for CSOs, CISOs and their teams to take a broader view of cybersecurity education,” said Joe Ferrara, President and CEO of Wombat Security. “A cyclical approach to security awareness and training is the most effective. Organizations should employ a methodology that both raises awareness of cybersecurity best practices and teaches users how to employ these practices when they inevitably face a security threat.”

 

 

 

Other key findings:

  • Continued momentum for anti-phishing education: For the fourth consecutive year, Wombat saw an increase in the number of organizations that assess and train their users on phishing avoidance.
  • Increased use of computer-based training: The number of organizations using computer-based training this year jumped from 62% in 2016 to 79% in 2017.
  • Smishing (SMS/text message phishing) as an emerging threat: 45% of infosec professionals reported experiencing phishing via phone calls (vishing) and SMS/text messaging (smishing). Yet, globally, the majority (67%) of technology users surveyed were not able to garner a guess as to what smishing is.
  • Generational differences: Across all populations, adults aged 55 and older significantly outpace millennials in their recognition of what phishing is.
  • German users struggle to define ransomware: Nearly 70% of surveyed technology users in Germany were unable to identify what ransomware is.

 

“This report is filled with new information and analysis that we hope will empower infosec professionals to more effectively develop their own security awareness and training programs and, in turn, better manage end-user risk,” said Amy Baker, VP of Marketing at Wombat Security. “As organizations continue to see the detriment phishing and ransomware can have on the health and longevity of a business, we want to equip them with the data they need to protect their customers’ and their own valuable information.”

The post Wombat Security Pinpoints Phishing Impacts and Key Regional, Industry, and Generational Differences in Fourth Annual State of the Phish™ Report appeared first on IT SECURITY GURU.



from Wombat Security Pinpoints Phishing Impacts and Key Regional, Industry, and Generational Differences in Fourth Annual State of the Phish™ Report

The DataOps Revolution: Delphix 2018 predictions

2017 was a testing year for us all. Organisations were scrambling to ensure their data practices were in line with approaching compliance deadlines like PSD2 (January the 16th) and the General Data Protection Regulation (GDPR) (25th May). Whilst high profile data breaches seemed to hit our headlines on a weekly basis.

 

At the same time, the maturing of DevOps puts even more demand onto data, and as enterprises have started to consider using the cloud for core systems, we begin to wonder how to even move massive datasets to the cloud, let alone protect and manage them when they’re there.

 

A movement emerged last year that claimed it could help. The goal of DataOps is to bring together those who operate data and those who consume data, in order to make business run faster, more securely and better comply with regulations. But what are we to expect from DataOps in 2018?

 

GDPR: the key to better security

In today’s software economy, data has become one of businesses’ most valuable assets. It is shocking to know that the lifespan of the S&P 500 was 61 years in the 1950’s, now it is 17 years. Today’s businesses need to move fast and use the data available to drive innovation. However, in the pursuit of continuous delivery, data is being distributed across multiple environments. Overall, 90% of all data in an enterprise resides within non-production environments, where copies are used for testing, development, reporting, analytics, and archiving. This data is typically less secure than production copies, making it more vulnerable to cyber-attacks.

 

GDPR was designed to address how all data is being used in a new era. It will change the perception of data and its security to bring it in line with modern data practices. We’ve seen the initial seeds of this change start to take root in 2017. In the year ahead, we will see GDPR force organisations to take data protection one step further and start viewing it as a basic human right. It will require organisations to integrate data protection into their DataOps teams, process and tools. The ability to replace personal identifiable information with a non-sensitive equivalent–data masking–will propel companies towards compliance. At the same time, it will ensure that the data is still accessible and valuable so organisations can use information assets to drive innovation.

 

Rewriting the physics of data with a multi cloud approach

As we turn the page on 2017, we move on to a new chapter of the cloud era; the multi-cloud era. Organisations have already gained some experience with cloud services in one iteration or another. They are now looking at who will be their next generation of cloud providers and are less willing to put all of their eggs in one basket. However, with a movement towards multi-cloud comes a new set of challenges. Applications containing sensitive data must be properly secured, while cloud migration projects are risky and complex, requiring data for many testing and rehearsal iterations. To accelerate cloud projects, organisations must again turn to DataOps to align data operators with the cloud consumers. DataOps tools like the dynamic data platform allow the transition of application landscape to multiple clouds at speed and with as little risk as possible. DataOps teams can support the cloud by identifying and securing sensitive information, replicating secure data or data changes to the cloud and supplying test data for migrated applications ahead of go-live.

 

Move to open banking

With the introduction of the second payment systems directive (PSD2), banks will have to embrace the concept of open banking. For the first time, banks will be mandated to open their Application Programme Interfaces (APIs), and required to develop their security and messaging standards.

 

PSD2 will herald a new wave of third party banking applications and integrations, all designed to use existing financial data. These will need to undergo thorough testing, and data will either make or break this process. By establishing DataOps practices early on and putting in place strict processes and guidelines, these new apps will not only thrive but create entirely new markets.

 

DevOps meets DataOps

Just as DevOps was a key driver of the first 10 years of the cloud era, transforming the way that organisations thought of IT, DataOps will be a key driver of the next 10 years. DataOps offers the solution to many of these issues that organisations will face in 2018. It will also be the technological driver in the coming decade. Why? Because it reduces the principle enemy of businesses everywhere; data friction.

 

Within all DevOps teams, there is conflict between those data operators that manage large and complex data sets and those data consumers that need fast, secure access to data sources to drive the innovation that runs the business. This friction limits the number of development environments, restricts the speed at which testing can be done, and directly impacts a DevOps team’s ability to achieve Continuous Integration and Delivery. However, with a dynamic data platform that ensures sensitive data is secured and the right data made available to the right people at the right time, data operators and consumers can work as one. DevOps is unlocked and able to drive revenue and productivity business wide.

 

DataOps will help organisations worldwide combat the difficulties that lie ahead in the coming year, such as GDPR, unstable data security, the move to multi-clouds and to help DevOps reach it’s true potential. Fundamentally, 2018 will be the year which will see the DataOps revolution take hold.

The post The DataOps Revolution: Delphix 2018 predictions appeared first on IT SECURITY GURU.



from The DataOps Revolution: Delphix 2018 predictions