Search
Exact matches only
Search in title
Search in content
Search in comments
Search in excerpt
Filter by Custom Post Type

Massive Amazon S3 breaches highlight blind spots in enterprise race to the cloud

Cloud icon with fingerprint locked with padlock. Layered file for easy customization. Fully scalable vector illustration.

Data leaks at Dow Jones, Verizon, and a GOP analytics firm show that companies are forgoing security best practices in order to quickly make it to the cloud.

A recent data breach at Dow Jones exposed data including names, addresses, and partial credit card numbers from millions of customers, according to a Monday report from UpGuard. The reason for the leak? Dow Jones simply chose the wrong permission settings for the Amazon Web Services (AWS) S3 data repository.

By configuring the settings the way it did, Dow Jones essential gave any AWS users access to the data. While this seems like an oversight that would be easily caught by an admin, common sense mistakes are rampant among large companies racing to get their data to the cloud.

In July 2017, Verizon confirmed a leak of data from some 6 million customers, due to a leak brought on by a poorly chosen security setting on an S3 repository. Additionally, a GOP voter records leak of the personal data of almost 200 million Americans, called the “largest ever” of its kind, was also attributable to poor S3 security.

So, what gives? Is AWS to blame for all these breaches affecting S3? In short, the answer is no. In an effort to move quickly to the cloud, gaining the competitive advantages promised therein, many organizations overlook key steps in securing their cloud data.

RSA senior director of advanced cyber defense Peter Tran said that cloud security is in a “delicate state of transition,” with a massive surge of cloud migrations happening in the past year. Additionally, the desire to move to the cloud as fast as possible has been driven by organizations looking to get away from aging legacy infrastructure and take advantage of cloud flexibility. And the sheer speed of the “cloud first” movement has led to security gaps, specifically regarding identity management and access controls, Tran said.

“The ‘lumpiness’ in cloud security happens when business risks aren’t aligned to technology risks and there are blind spots in design, deployment, implementation, governance, policy and compliance….flying a plane with no windows or instruments….exposures and mistakes can happen,” Tran said.

When it comes to data security in the enterprise, the margin for error is slim. But, it’s even smaller when it comes to cloud security, Tran noted. If you miss the mark even slightly, the results could be catastrophic.

According to Rob Enns, vice president of engineering for Bracket Computing, the prevalence of the S3 breaches highlights the fact that organizations must own their cloud security—they cannot outsource it.

“Enterprise security architectures must expand to include cloud services in addition to on-premise data centers,” Enns said. “To manage complexity in these new environments, consistency from on-premise to cloud (and across cloud service providers) and enabling IT to retain control of information security gives application architects and developers a base on which they can move fast while remaining compliant with the enterprise’s security requirements.”

When considering a public cloud storage provider, Tran said, businesses should look at both the Service Letter Objective (SLO) and Service Letter Agreement (SLA) to determine what level of risk they’re willing to take on, as they address different issues. Sometimes, the risk is too much and it needs to be left on the table.

The 3 big takeaways

  1. Poor cloud security practices have lead to AWS S3 data leaks at Dow Jones, Verizon, and a GOP voter analytics firm, putting user data at risk.
  2. As companies race to the cloud, they are forgoing proper security practices and aren’t properly aligning the risks with the business needs.
  3. Companies need to own their cloud security, examine the SLA and SLO, and decide what they’re willing to take on in terms of issues and risk.

 

By Conner Forrest | July 18, 2017, 11:50 AM PST  (http://www.techrepublic.com/article/massive-amazon-s3-breaches-highlight-blind-spots-in-enterprise-race-to-the-cloud/?ftag=TRE684d531&bhid=24893145851948222235552411436598)

 

2

How to develop real influence as a business leader By Alison DeNisco | July 10, 2017, 4:00 AM PST

The leader of the business people giving a speech in a conference room.

A staggering 95% of leaders think that they wield more influence than they actually do, according to Stacey Hanke, a C-suite mentor and owner and founder of Stacey Hanke, Inc.

In her new book Influence Redefined: Be the Leader You Were Meant to Be, Monday to Monday, Hanke offers a step-by-step method for improving communication and developing your skills in leadership influence, to best get your message across to your employees and partners.

Influence means that your messaging and body language are consistent at all times, Hanke said. “It doesn’t matter who you’re talking to,” she added. “It doesn’t matter what kind of medium you’re trying to push the message through.” Influence also means that your message leads someone to take action, even long after your interaction with them has occurred, Hanke said.

The problem? Most leaders fall into a space known as blank feedback, Hanke said. “When you climb the ladder, people start telling you what you want to hear: ‘Nice job, that was great,'” she said. “They’re not giving real, constructive, meaningful feedback. Most leaders are never seeing themselves through the eyes and ears of their listeners.”

SEE: Complete PMP® Project Management Certification Training Bundle (TechRepublic Academy)

Many leaders also think they only need to be practicing influence before an important presentation or meeting, Hanke said. “You should be practicing how you show up every day, because the more consistent you are with your body language and your messaging, the more authentic you are,” she said. “That authenticity ties directly to people trusting you and wanting to follow you, and take on the action step that you are asking them to take.”

IT leaders tend to get caught up in their knowledge, and believe that influence is all about their technical prowess, Hanke said. “They don’t realize that you can’t be the smartest person on your topic, but if you cannot communicate in a way that is clear, brief, and has interest and passion, it doesn’t matter how smart you are,” Hanke said. “It’s not just your content, it’s about really being able to connect and engage through your behavior.”

Here are the three drivers of influence, according to Hanke:

1. Feedback

“Never accept ‘Good, nice job,'” Hanke said. Instead, prepare your audience to give you feedback. Before going into a meeting, for example, she recommends asking, “Here’s what I’m working on. Would you watch for that, and then give me feedback immediately after?” This feedback has to be constant, and focused on the behavior and the messaging, Hanke said.

2. Practice

Leaders won’t see changes to their levels of influence without constant practice, Hanke said. Take the US Open as an example: Professional golfers don’t try out new recommendations on how to swing at the event. “Instead, they are practicing deliberately, over and over,” Hanke said. “The good news is, if we are communicating 24/7, we can practice these skill sets all the time.”

3. Accountability

Find someone in your professional life who is comfortable telling you when you are ineffective, Hanke said. “I cannot improve in anything in my life, much less be influential, if I don’t have accountability partners constantly measuring my results, and keeping me honest,” Hanke said.

One simple way to begin improving your influence abilities is by recording yourself speaking, Hanke said. “If we’re not recording ourselves, getting constructive feedback, practicing our delivery skills and our content and messaging, then there’s a good chance as a leader that you’re basing your level of effectiveness off of how you feel rather than what’s fact-based,” she said.

REF. http://www.techrepublic.com/article/how-to-develop-real-influence-as-a-business-leader/?ftag=TREf7159e0&bhid=24893145851948222235552411436598

 

2

Formatting Blogs with Text and Media

May 23, 2017
1

This is a blog post example with the new rich text editor.

It allows me to add media and format the text for my blog post.


To insert media, simply click on the ADD MEDIA button above the post box, then upload your media and format it (align, size, etc) for your post.

To format your text, simply highlight the text you want to format and click the format buttons in the toolbar above the post box.


 

5