Cloud Data Management Capabilities (CDMC) framework: the challenges & best practices

This blog was written by an independent guest blogger.

Cloud adoption has gained solid momentum over the past few years. The technology has been helping organizations revolutionize their businesses and optimize their processes for increased productivity, reduced cost, and better scalability. But as organizations pour their entire focus on improving their businesses, they tend to lose control of governance.

One of the many reasons that data governance tends to get more out of control is when organizations increasingly adopt a hybrid or multi-cloud model. This is due to the explosion of data that’s been increasing every year, forcing organizations to turn to data lakes or data warehouses to dump all their data.

Furthermore, the irregular growth of data and the increasing adoption of the cloud model without an effective cloud data management strategy has led organizations to face tremendous challenges. Here, a Cloud Data Management Capabilities (CDMC) framework can enable organizations to streamline their cloud adoption and data management processes effectively.

Common challenges that organizations face in the cloud

Before we dive into the definition of CDMC and learn more about its varying best-practice capabilities, let’s first talk about the myriad challenges organizations face in a single or hyper-cloud environment.

Challenge #1: According to a survey, it has been reported that 80% of employees admit that they use SaaS applications without the approval of their IT team. Similarly, it has also been reported that an average company has over 900 unknown cloud services. The growing number of shadow IT or dark data assets create security vulnerabilities that may come back to bite the organization in the form of internal abuse, ransomware, or any other cyber breach.

These circumstances may arise when those dark data assets are moved to the cloud during the life-and-shift process, and there’s no proper catalog of those assets. This also leaves organizations with little to no visibility into the security posture of those assets, especially those that contain sensitive data.

Challenge #2: According to a cloud security report, 56% of organizations cite security as the primary concern behind slow cloud adoption. Security threats may also arise when an organization has sensitive data in its assets, and there are little to no security measures set to protect that data.

When it comes to data protection, especially sensitive data, it is imperative for organizations to have adequate security controls. These are necessary to prevent data leakage, insider threats, or any other cyber threats. A clear inventory of cataloged metadata of sensitive data can best enable organizations to prioritize security and establish appropriate controls.

Data Intelligence – securiti-1

Challenge #3: Global privacy regulations are gaining momentum gradually. Countries are improving their privacy laws to enhance consumers’ right to privacy and freedom. As part of the compliance, it is necessary for businesses to have clear visibility into where the sensitive data resides, who has access to it, and what they can do with that level of access. In case of non-compliance, organizations may face not only hefty penalties from regulatory authorities but may also have to experience other chaotic consequences, such as loss of customer trust or business partnerships.

Traditional data management frameworks are not engineered around the complications and challenges that are exclusive to the cloud. Therefore, organizations need a framework that takes the exclusivities of the cloud into account. Here, the CDMC framework by the EDM Council comes into the picture.

What is a CDMC framework?

The Cloud Data Management Capabilities (CDMC) framework outlines the best practices and capabilities to help organizations make sure seamless cloud migration, effective data protection, and robust data management in the cloud.

The CDMC framework was designed through the contributions of the world’s top-rated internet services along with top-rated data governance, intelligence, and data privacy services. Securiti, for example, is also one of the major contributors to the CDMC framework. The joint effort was headed by the EDM Council which is an international association that advocates for the development and implementation of data standards and best practices.

Best practices under the CDMC framework

The CDMC framework v1.1 outlines 6 different components, containing 14 capabilities and 37 sub-capabilities. These capabilities provide us with the much-needed guidance on how to securely manage data in the cloud, stay compliant with global privacy laws, and enable automation for enhanced data management and governance. The 14 best practices and capabilities outlined under the CDMC framework are as follows:

1. A data control compliance metric must be established for an organization’s all data assets that contain sensitive data. The metric is derived from all the key controls of the CDMC framework.
2. The ownership field in a data catalog must be properly populated for all the sensitive data.
3. A catalog of metadata, such as authoritative sources and authorized distributors, for all the data assets, must be populated, especially for the assets that contain sensitive data.
4. An auditable and controlled record of cross-border movements and data sovereignty must be kept in accordance with a defined policy.
5. A catalog of all personal and sensitive data needs to be created at the point of data creation or ingestion.
6. A real-time automated data classification must be established for all data at the point of creation or ingestion.
7. The framework must be capable of tracking ownership, entitlement, and access to all sensitive data.
8. The data consumption purpose must be provided.
9. Appropriate security controls must be established around sensitive data, and a record should be maintained for audit trail and for checking any anomalies.
10. Automated data privacy impact assessment should be set up for all sensitive data according to its jurisdictions.
11. Data quality measurement should be enabled.
12. Manage data retention and streamline purging and archiving of data.
13. A clear view of data lineage for all sensitive data.
14. An understanding of the cost associated with the usage, storage, and movement of data.

Why do organizations need CDMC capabilities?

The CDMC framework's best practices and capabilities are highly critical for organizations that deal with sensitive data or regulate that sensitive data in hybrid, multi, or dynamic cloud environments. Organizations that collect, store, process, share or sell the following data must pay attention to the key controls defined under the CDMC. Those data include:

1. Personally identifiable information.
2. Healthcare information.
3. Financial information.
4. Business information.
5. Sensitive personal information.
6. Confidential information.
7. Non-public information.

The post Cloud Data Management Capabilities (CDMC) framework: the challenges & best practices appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:09AM

Read More

Digital ID – Day in the life of a digital citizen after eIDAS2

Imagine you’re a French national going to study abroad in Greece for one semester, and all the logistics involved in setting up home there temporarily. All these logistics often require various touch points where you will have to prove your identity; usually with various means (passport, proof of address, education, income etc.) When you arrive at the Greek university, you just need to open your wallet and present a digitalised version of your diploma for the university officer to check your eligibility. Simply scan a QR code to create a secure communication channel from which encrypted data can be exchanged. This information has already been validated and proven by a trusted authority. The same process would apply to prove your identity  to easily allow you to swiftly set up a Greek bank account, sign a rental contract  – or even prove age on a student night out. Not only it becomes easy to share official documents but those documents are protected and your data is encrypted at all time, and is only available to the right person. So, let’s explore digital IDs…

Journey from hypothetical to reality 

This hypothetical scenario is not one ripped from the science fiction pages, or the result of a futurist prediction. There has been an acceleration towards digital identity recently, meaning that digital IDs are not just used by so called ‘tech-savvy digital natives’, but the wider population. The Covid-19 pandemic, and associated lockdowns served as a major catalyst for this.  

It’s fair to say then, that the concept of digital identification is already well established, and using a smartphone to board a plane, store bankcards or prove vaccination status has become second nature to many of us. But the experience is often clunky, with many forms to fill in, and is not as secure as it could be.  

In fact, a major survey conducted into EU ID by Thales revealed that 45% of Europeans are currently relying on insecure, unofficial, ‘DIY’ (do it yourself) scans and photos of their cards and documents to help prove their identity and entitlements.  

Countdown to European Digital ID 

While the concept of digital identification is already well established, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent. 

If we look at the EU as an example: only 14% of key public services across all EU Member States allow cross-border authentication with eID; according to the European Commission there is a need to improve acceptance of the scheme and user experience. These roadblocks certainly don’t help in building a strong level of consumer trust.  

However, this is set to change with the introduction of the latest legislation on European Digital Identity – eIDAS2. In short, eIDAS2 means that by September 2023, each EU Member State must make a digital ‘wallet’ available to every citizen and business who wants one. In tandem, service providers in both public and private sector organisations; such as banks and telcos; will have to accept it as proof of certain personal attributes. From providing electronic signatures to paying fines or accessing health services, EU citizens will be able to use the eIDAS wallet, in every Member State; generating millions of authentications every day.  

Thales’s research found that the wallet is set to be welcomed with open arms. Two out of three Europeans citizens are looking forward to the arrival of an EU-backed Digital ID Wallet for storing their ID card, driving license and other official documents and signed attestations on a smartphone. 

Digital ID becoming mainstream 

This acceleration towards Digital ID isn’t just taking place in  the EU – just earlier this year the UK government proposed legislation to secure digital identity, even creating the Office for Digital Identities and Attributes.  

With just under a year away until eIDAS2 comes into force, it will be interesting to see how the conversation, debate and appetite for digital IDs continues to evolve.  

In the countdown towards the eIDAS2, keep checking back on the DIS blog where we’ll be discussing the following topics:  

• Generational and regional attitudes to the wallet  
• What Citizens want from a wallet  
• Challenges and hurdles to overcome to build a streamlined, secure and efficient wallet 

For further reading, visit:  

• eIDAS 2 – realising the vision of a single Digital ID Wallet for Europe
   
• How digital ID wallets are meeting the needs of modern society (part one)
  

The post Digital ID – Day in the life of a digital citizen after eIDAS2 appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:09AM

Read More

Poll: Cybersecurity Professionals Want Remote Work Options

As organizations consider recalling workers back to the office, many are finding resistance – and in some cases, open revolt. Employees have become accustomed to the work-from-home (WFH) lifestyle and they aren’t necessarily willing to trade it for commutes and cubicles. Most want the choice of whether to stay home, return to the office or a combination of both, and many cybersecurity professionals are among them.

A new (ISC)² member poll looks at how organizations are changing remote work policies in 2022 and what it means for worker satisfaction. The poll found the most satisfied cybersecurity professionals have the choice of where to work, and the least satisfied are those being forced back into the office. While choice rules, working remotely still trumps going back to the office, according to the poll.

(ISC)² collected responses from 416 cybersecurity professionals around the world in June 2022. 57% of respondents who in the past were in the office some or all of the time said their job satisfaction increased when offered the option of working remotely. Also experiencing a boost in satisfaction were 45% of respondents who had spent most or all their time in the office but are now required to work remotely. 47% of participants who formerly worked remotely and are now required to be in the office full-time said that this change has decreased their job satisfaction.

The number of cybersecurity professionals responding to our poll who work completely remote decreased from 44% in 2021 to 33% in 2022, with 58% of them reporting that their employer changed remote work policies this year.

What has changed? 29% of participants reported that they were mostly or fully remote and are now required to be in the office full or part-time. Of those whose employers have moved to in-office requirements, 24% are now required to be in the office part-time and 5% are required to be in the office full-time. 20% said they had been mostly or fully in-office and are now able to work remotely by choice or requirement. Of those whose employers moved from the office to remote, 17% can work remotely if they choose while 3% are required to work remotely. 39% said their employer has not changed any remote work policies in the past year.

Cybersecurity Professionals Want Choice

Poll results indicate that remote work preferences among cybersecurity professionals are in line with the workforce at large. For instance, 35% of respondents in a new McKinsey survey say they have the option of working from home five days a week. This compares to 33% in the (ISC)² poll. McKinsey also found that when given the choice of working remotely at least some of the time, 87% take it.

Choice is the prevailing theme. When companies have tried to mandate workers to return to the office, it hasn’t always gone well. At Apple, for instance, employees wrote a strongly worded open letter to the company saying they didn’t want to return to the office. “Stop treating us like school kids,” the letter said. “Stop trying to control how often you can see us.” Subsequently, the company lifted a requirement for workers to spend at least three days weekly in the office.

Cybersecurity leaders considering recalling teams to the office need to take note. 18% of poll respondents said they would look for a new job if they were directed to return to work mostly or fully in the office and 33% were unsure. About half (49%) said a change in remote work policy would not drive them to look for a new job.

The poll suggests that the risk of losing cybersecurity professionals due to changing remote work policies shouldn’t be ignored. Intentions to change jobs become even more clear for professionals who are experiencing these remote work policy changes. Those who had been working remotely and are now required to be in an office part-time have the highest intentions of seeking a new job (26%) followed by those who were remote and are now required to be in an office full-time (21%).

Additionally, poll participants feel secure in their jobs, with 65% saying they are not worried that employers will outsource their jobs due to remote work.

Some Choose the Office

We also asked participants if they prefer to work in an office, some or all of the time, and why. Half indicated social interaction was a key motivator for working in the office and nearly one-third (30%) like the work/life delineation in-office work provides (separating work and home). 14% said the office is quieter with fewer distractions; 11% indicated other reasons including access to office technology or equipment and more effective collaboration opportunities in person (brainstorming, whiteboarding, meetings); and 10% feel in-office is more secure.

Still, over one-third (35%) indicated they prefer to work remotely 100% of the time, nearly matching the percentage (34%) that indicated they want to work remotely 100% of the time.

Choice = Higher Satisfaction

Broadly speaking, workers currently are in the driver’s seat and hold a lot of influence over their employers’ decisions to return to the office, but this may change. Predictions of a looming recession have been multiplying. For the time being, security leaders should take note that cybersecurity teams that are provided with a choice of where to work are citing the highest levels of job satisfaction and the lowest intent to look for another job because of WFH policies. In today’s highly competitive market for cybersecurity talent, many cybersecurity professionals have discovered that in addition to being effective and efficient working remotely, they like working from home.   

The post Poll: Cybersecurity Professionals Want Remote Work Options appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:09AM

Read More

(ISC)² Closing the Cybersecurity Workforce Gap

The following letter was sent by (ISC)² CEO Clar Rosso to all (ISC)² members and associates, sharing insights into several developments at (ISC)² focused on addressing the workforce gap and creating cybersecurity career opportunities for more people worldwide.

Dear Members,

I hope you share my tremendous pride in our association as today we announce three significant milestones in our collective efforts to address the global workforce gap by making cybersecurity careers accessible to more people around the world.

First, our newest certification, (ISC)² Certified in Cybersecurity, is now operational. More than 1,500 individuals, who passed the exam during our pilot program, are now on their path to full certification and (ISC)² membership. Those earning the (ISC)² Certified in Cybersecurity certification demonstrate they have the foundational knowledge, skills and abilities to take on entry- and junior-level cybersecurity roles, enabling employers to more confidently build resilient teams across all experience levels. 

We also introduced (ISC)² Candidates for individuals considering a career in cybersecurity. Upon enrolling as an (ISC)² Candidate, participants receive career development advice, networking opportunities, tools, resources and continuous education as they work toward earning any (ISC)² certification including the new (ISC)² Certified in Cybersecurity. We will be their guide, partner and advocate every step of the way as they achieve their career goals.

Finally, we have pledged through (ISC)² One Million Certified in Cybersecurity to expand and diversify the cybersecurity workforce by providing free (ISC)² Certified in Cybersecurity education and exams to one million people worldwide. Enrollment for One Million Certified in Cybersecurity is now open. To qualify, individuals must enroll as an (ISC)² Candidate, which entitles them to all the career-building support outlined above, as well as free education and exam for (ISC)² Certified in Cybersecurity.

In addition to the One Million Certified in Cybersecurity open enrollment through (ISC)² Candidate, we will work closely with partner organizations to reach historically under-represented populations and encourage greater diversity and inclusion within the cybersecurity community. (ISC)² has pledged that 500,000 course enrollments and exams will be directed toward students of historically black colleges and universities (HBCUs), minority-serving institutions (MSIs), tribal organizations and women’s organizations worldwide.

How You Can Help

You know the value (ISC)² holds for a growing cybersecurity career. This is your opportunity to “throw down the ladder” and help the next generation of cybersecurity professionals get started. We ask you to encourage your junior associates, interns, new graduates, entry-level colleagues or anyone you know interested in a new cybersecurity career to consider (ISC)² Certified in Cybersecurity, (ISC)² Candidate or (ISC)² One Million Certified in Cybersecurity as a valuable step in their journey.

So many of you are working hard to mentor and encourage the next generation of cybersecurity professionals. These new achievements are yet another opportunity for you to give back and ensure we are building a brighter and more resilient future for the profession.

Thank you for your membership, and all you do every day to inspire a safe and secure cyber world.

The post (ISC)² Closing the Cybersecurity Workforce Gap appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:09AM

Read More

Token Appoints Rommel De La Cruz as CFO to Support Rapid Growth of Ransomware Prevention Solution

ROCHESTER, N.Y.–(BUSINESS WIRE)–Token, a revolutionary provider of secure, wearable authentication solutions, today announced the appointment of Rommel De La Cruz as the company’s Chief Financial Officer. De La Cruz’s decades of experience will support Token’s rapid scaling growth in bringing its disruptive solution to a market in dire need of an effective way to stop ransomware and data breaches.

The unchecked spread of ransomware is resulting in destructive consequences for data breach victims with more that 60% of SMBs failing after a successful attack. The number of victims doubled year over year and the average loss also doubled to more than $1M per victim. Compromised user credentials from phishing and social engineering continue to be the root cause of most data breaches and Token’s smart ring is the only solution to offer complete protection against these types of attacks.

“We have an incredible opportunity in front of us with a game-changing solution that stops the ransomware attacks that are succeeding against every type of organization today and we anticipate strong demand. To ensure support for Token’s hypergrowth, we need a professional with proven skills and experience,” said Token CEO John Gunn. “Rommel has an impressive record of building finance operations in successful organizations and he is the perfect financial leader for Token.”

Mr. De La Cruz joins Token from rapidly growing startup project44, a cloud-based supply chain visibility platform, where he was the Vice President of Finance and Strategy leading the company’s global financial planning and analysis. Prior to project44, he was Vice President of Finance for OneSpan, the leading digital agreements security company, where he scaled corporate financial planning, operational finance and business intelligence functions, and implemented several enterprise-wide business applications. He has also held senior finance positions at Groupon and Motorola.

“I’m excited to join such a dynamic team bringing a next generation, passwordless authentication solution to market,” said De La Cruz. “The smart ring’s form factor and embedded biometric authentication fix what is broken with today’s solutions providing a higher level of security and a frictionless user experience.”

About Token

In a world of stolen identities and compromised user credentials, Token is changing the way organizations secure their networks by providing passwordless, biometric, multifactor authentication. Token delivers the next generation of security that is invulnerable to social engineering, malware, and tampering for organizations where breaches, data loss, and ransomware must be prevented.

To learn more, visit www.tokenring.com

The post Token Appoints Rommel De La Cruz as CFO to Support Rapid Growth of Ransomware Prevention Solution appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:08AM

Read More

IronNet to Announce Fiscal Second Quarter 2023 Results on September 14, 2022

MCLEAN, Va.–(BUSINESS WIRE)–IronNet, Inc. (NYSE: IRNT), an innovative leader Transforming Cybersecurity Through Collective Defense℠, today announced that its fiscal second quarter 2023 financial results will be released Wednesday, September 14, 2022, after market close. Following the press release, IronNet management will host a conference call and webcast at 5:00 p.m. ET.

Fiscal 2023 Q2 Earnings Call

Date:		Wednesday, September 14, 2022
Time:		5:00 p.m. ET
Webcast:		https://ir.ironnet.com
Dial-in number:		201-689-7807

A replay will be posted after the conference call.

About IronNet

Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet, Inc. (NYSE: “IRNT”) is a global cybersecurity leader that is transforming how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. For more information, visit www.ironnet.com.

The post IronNet to Announce Fiscal Second Quarter 2023 Results on September 14, 2022 appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:08AM

Read More

CynergisTek Inc. Stockholders Approve Merger Agreement

AUSTIN, Texas–(BUSINESS WIRE)–CynergisTek, Inc. (NYSE American: CTEK), (“CynergisTek”), a leading cybersecurity, privacy, compliance, and IT audit firm helping organizations in highly regulated industries navigate emerging security and privacy issues, today announced that its stockholders have voted to approve the previously announced merger agreement dated May 23, 2022 (“Merger Agreement”) with Clearwater Compliance LLC (“Clearwater”), a healthcare focused cybersecurity, compliance, and risk management solutions firm, and approval of the proposed merger contemplated by the Merger Agreement in an all cash transaction that values CynergisTek at approximately $17.7 million (the “Merger”).

CynergisTek today held its virtual special meeting of stockholders (the “Special Meeting”) to vote on, among other things, the Merger Agreement and proposed Merger with a subsidiary of Clearwater.

The first proposal, to adopt the Merger Agreement and approve the Merger, was approved by the affirmative vote of a majority of the outstanding shares of CynergisTek common stock entitled to vote thereon.

The second proposal, which was a non-binding, advisory proposal to approve compensation that will or may become payable by CynergisTek to its named executive officers in connection with the Merger, was approved by the affirmative vote of the holders of a majority of the shares of CynergisTek common stock entitled to vote thereon and virtually present in person by remote communication, or represented by proxy.

Under the terms of the Merger Agreement, Clearwater will acquire all of CynergisTek’s common stock for $1.25 per share in cash. The parties expect the transaction to close on September 1, 2022. Upon completion of the transaction, CynergisTek’s shares will no longer trade on the NYSE American Stock Market, and CynergisTek will become a private company.

Full results of the vote will be reported on a Form 8-K that CynergisTek will file with the U.S. Securities and Exchange Commission (the “SEC”). References herein to terms of the Merger Agreement are subject to, and are qualified by reference to, the full terms of the Merger Agreement, which CynergisTek filed with the SEC on Form 8-K on May 23, 2022.

Advisors

American Growth Capital is acting as financial advisor to CynergisTek, with Kirton McConkie PC acting as CynergisTek’s legal counsel.

About CynergisTek, Inc.

CynergisTek is a top-ranked cybersecurity consulting firm helping organizations in highly-regulated industries, including those in healthcare, government, and finance navigate emerging security and privacy issues. CynergisTek combines intelligence, expertise, and a distinct methodology to validate a company’s security posture and ensure the team is rehearsed, prepared, and resilient against threats. Since 2004, CynergisTek has been dedicated to hiring and retaining experts who bring real-life experience and hold advanced certifications to support and educate the industry by contributing to relevant industry associations. For more information, visit www.cynergistek.com follow us on Twitter or LinkedIn.

Cautionary Note Regarding Forward Looking Statements

This release contains certain forward-looking statements relating to the business of CynergisTek. These forward-looking statements are within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “would,” “could,” “intends,” “may,” “will,” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including but not limited to uncertainties relating to product/services development; long and uncertain sales cycles; the ability to obtain or maintain proprietary intellectual property protection; future capital requirements; competition from other providers; the ability of the Company’s vendors to continue supplying the Company with supplies and services at comparable terms and prices; the Company’s ability to successfully compete and introduce enhancements and new features that achieve market acceptance and that keep pace with technological developments; the Company’s ability to maintain its brand and reputation and retain or replace its significant customers; cybersecurity risks and risks of damage and interruptions of information technology systems; the Company’s ability to retain key members of management and successfully integrate new executives; the Company’s ability to complete acquisitions, strategic investments, entry into new lines of business, divestitures, mergers or other transactions on acceptable terms, or at all; potential risks and uncertainties relating to the existing and ultimate impact of the COVID-19 pandemic, including actions that may be taken by governmental authorities to contain the COVID-19 outbreak or to treat its impact, and the potential negative impacts of COVID-19 on the global economy and financial markets; the general economic impact of the ongoing war in Ukraine, including the impact of related sanctions being imposed by the U.S. Government and the governments of other countries, and the impact of potential reprisals as a consequence of the war in Ukraine and any related sanctions; and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in the Company’s Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. Given the risks and uncertainties, readers should not place undue reliance on any forward-looking statement and should recognize that the statements are predictions of future results which may not occur as anticipated. Many of the risks listed above have been, and may further be, exacerbated by the COVID-19 pandemic, including its impact on the healthcare industry, or the ongoing war in Ukraine. Actual results could differ materially from those anticipated in the forward-looking statements and from historical results, due to the risks and uncertainties described herein, as well as others not now anticipated. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.

The post CynergisTek Inc. Stockholders Approve Merger Agreement appeared first on Cybersecurity Insiders.

September 01, 2022 at 09:08AM

Read More

Latest Cyberthreats and Advisories – August 19, 2022

Big tech breaches, the rise of callback phishing and joint advisories issued by CISA…here are the latest cybersecurity threats and advisories for the week of August 19, 2022.

Threat Advisories and Alerts

Cybercriminals Exploit Zimbra Vulnerabilities

CISA and MS-ISAC have issued a joint advisory in response to active exploitation of multiple vulnerabilities against Zimbra Collaboration Suite (ZCS). Cybercriminals may target unpatched ZCS security holes in government and private sector networks. Organizations who didn’t make  the appropriate updates upon patch release should assume they’ve been compromised and follow the recovery steps in the CISA advisory.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-228a

CISA and the FBI Issue Warning for Zeppelin Ransomware

The FBI and CISA have issued a joint advisory concerning Zeppelin ransomware, which has been active since 2019. The ransomware targets a wide range of businesses, from healthcare organizations to defense contractors and more. Attacks are perpetrated via phishing campaigns, RDP exploitation and SonicWall firewall vulnerabilities. FBI and CISA encourage ransomware victims to report all incidents.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-223a

Cisco Releases Patches for Multiple Vulnerabilities

Security updates have been released for vulnerabilities affecting Cisco Firepower Threat Defense Software and Adaptive Security Appliance Software. CISA encourages users and admins to apply the necessary updates, as the vulnerabilities could enable attackers to access sensitive information.

Source: https://www.cisa.gov/uscert/ncas/current-activity/2022/08/11/cisco-releases-security-update-multiple-products

Apple updates MacOS to address critical flaws

Mac maker Apple this week released macOS Monterey 12.5.1, an update to the Mac operating system. The update includes two security updates that affect the Kernel and WebKit and are serious. Apple says the flaw may allow an app “to execute arbitrary code with kernel privileges” and may have been actively exploited.

Source: https://www.macworld.com/article/833211/macos-monterey-12-5-1-security-updates.html

Emerging Threats and Research

Twilio Breach Exposed the Phone Numbers of 1,900 Signal Users

A Twilio breach from earlier this month is now known to have exposed the SMS registration codes and phone numbers of 1,900 users of messaging app Signal, a customer of Twilio. Signal has claimed that other personal data of the affected users—such as contact lists, profile information, message history, etc.—is secure and wasn’t accessed by the attacker. Signal is contacting the 1,900 users directly, asking them to re-register the app on their devices.

Source: https://www.theregister.com/2022/08/16/twilio_breach_fallout_signal_user/

Mailchimp Breach Exposes the Email Addresses of DigitalOcean Customers

Some users of the cloud infrastructure provider DigitalOcean were affected by a recent Mailchimp attack. On August 8, DigitalOcean learned that its Mailchimp account had been compromised, which it believes was part of a wider Mailchimp security incident. Email addresses of some DigitalOcean customers were exposed, and the attackers reportedly tried to reset the passwords of the corresponding accounts. Affected customers have been contacted by DigitalOcean directly and their accounts have since been secured. DigitalOcean users should be vigilant about potential phishing attacks in the coming weeks.

Source: https://www.helpnetsecurity.com/2022/08/16/mailchimp-digitalocean-security-incident/

Callback Phishing up 625% Since Q1 2021

A hybrid form of phishing known as “callback phishing” is on the rise. According to Agari's Q2 2022 cyber-intelligence report, the sophisticated attacks have increased 625% since the first quarter of 2021, compared to a 6% increase for normal phishing volumes. Attacks are typically orchestrated via an email sent to unsuspecting victims about an invoice or fake subscription notice. Victims are then asked to call a phone number to resolve the issue, at which point the scammers trick them into sharing sensitive information or downloading malware.

Source: https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-see-massive-625-percent-growth-since-q1-2021/

265 Brands Impersonated in Credential Phishing Attacks This Year

A report by Abnormal Security found that 15% of phishing emails impersonate well-known brands to fool victims. Threat actors send fake emails that masquerade as the popular brands, using their reputation and familiarity to persuade employees to give their login credentials. The first half of 2022 saw 265 brands impersonated, the most popular of which was LinkedIn. Other major brands imitated include three more Microsoft product brands: OneDrive, Outlook and Microsoft 365.

Source: https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.

The post Latest Cyberthreats and Advisories – August 19, 2022 appeared first on Cybersecurity Insiders.

August 31, 2022 at 09:09PM

Read More

Netcracker Sponsors Mobile Future Forward 2022

WALTHAM, Mass.–(BUSINESS WIRE)–Netcracker Technology announced today that it will participate in Mobile Future Forward 2022 next week as a Platinum Sponsor. The annual event, organized by strategy management consulting and advisory firm Chetan Sharma Consulting and held at the Newcastle Golf Club in Seattle, will bring together executives from across the telecom industry to discuss critical topics of the day, including 5G revenue and monetization, cybersecurity, private networks, edge computing and sustainability.

Netcracker will also take part in the following panel discussion during Mobile Future Forward 2022:

5G: Economics and Innovation

Wednesday, September 7, 2022 | 2:30 p.m. PT

Speaker: Ari Banerjee, SVP of Strategy, Netcracker

This session will focus on how cloud-native and edge-based architectures are essential for operators to unlock the full potential of their 5G investments.

For more information on Mobile Future Forward 2022, click here.

About Netcracker Technology

Netcracker Technology, a wholly owned subsidiary of NEC Corporation, offers mission-critical digital transformation solutions to service providers around the globe. Our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations, unlocking the opportunities of the cloud, virtualization and the changing mobile ecosystem. With an unbroken service delivery track record of more than 25 years, our unique combination of technology, people and expertise helps companies transform their networks and enable better experiences for their customers.

For more information, visit www.netcracker.com.

The post Netcracker Sponsors Mobile Future Forward 2022 appeared first on Cybersecurity Insiders.

August 31, 2022 at 09:09PM

Read More

Become an (ISC)² Candidate – No Exam, Experience or Fees Required

Today, (ISC)² launched a new initiative so that anyone can join our association as an (ISC)² Candidate. When you become an (ISC)² Candidate, you’ll gain access to many of the benefits and resources that (ISC)² certified members and Associates of (ISC)² enjoy – but with no exam, work experience, and, for a limited time, no fee required.

Who should become an (ISC)² Candidate?

We created (ISC)² Candidate for those interested in pursuing an (ISC)² certification or a career in cybersecurity. If you’re looking to join the cybersecurity workforce, this program is ideal for you! If you’ve been working in cybersecurity and are looking to earn your first (ISC)² certification, whether that is the entry-level Certified in Cybersecurity or the gold standard for experienced professionals CISSP, this program will give you the strongest start in your certification journey.

What are the benefits?

We’re thrilled to share that (ISC)² Candidates are eligible for the One Million Certified in Cybersecurity program and will be provided with registration for the exam, as well as access to the online self-paced course – all completely free. (ISC)² Candidates benefits also include:

• 20% off (ISC)² certification online courses
• (ISC)² member pricing for pre-conference training ahead of (ISC)² Security Congress
• Access to the award-winning (ISC)² webinar channels Think Tank, Security Briefings, Knowledge Vault and sessions from previous (ISC)² Security Congress conferences
• (ISC)² member pricing on SECURE Summit events and Security Congress
• 30% off CRC Press products – which includes our Common Body of Knowledge texts
• 50% off Wiley publications, which includes certification practice test books and study guides

How do I join?

Create an account on https://www.isc2.org/ and visit https://my.isc2.org/s/Candidate-Application-Form to join as an (ISC)² Candidate immediately! There is no exam to take and no work experience requirement. As a celebration of the launch of this new program, we are waiving the $50 annual dues required for (ISC)² Candidates. You’ll get your badge, discounts and access right away so you can take advantage of the valuable resources to empower your cybersecurity career.

Questions? Talk to us at candidate@isc2.org – we hope you’ll join us as (ISC)² Candidates!

The post Become an (ISC)² Candidate – No Exam, Experience or Fees Required appeared first on Cybersecurity Insiders.

August 31, 2022 at 09:09PM

Read More

Now Russia and China companies face data breaches

Russian streaming platform ‘START’ has admitted that a portion of data from its 2021 database was stolen by hackers, who are now distributing some samples to affirm their claims. START has acknowledged the cyber attack that could have led to the leak of info such as email ids, usernames and phone numbers.

The only good news is that data such as financial info, browsing history, and passwords weren’t leaked in the incident.

Start.ru database allowed the hackers to siphon data because of a vulnerability that has been fixed now and it is yet to urge its customers to change their passwords ASAP, respectively.

Company claims that hackers accessed about 7.5 million accounts data. But confirmed sources from the company stated that the breach could be have led to the leak of about 44 million user accounts, that are slowly being distributed via telegram.

Medusa, a Russian news outlet, confirmed that the attack led to the leak of information stored on the database before September last week of 2021. So, all those accounts created later are expected to be safe.

Coming to data breach related to China, Xinai Electronics that keeps a track of citizens faces and license plate numbers has hit the news headlines for a human error that leaked information of at least 800 million records, including that of facial recognition used for personal identity, payroll management, employee tracking and vehicle tracking of those visiting schools, workplaces and construction sites along with parking garages.

Xinai based in Hangzhou District, is yet to react to the news on an official note. However, confirmed sources acknowledged the attack and admitted a mis-configuration error caused it on a server hosted in the Alibaba data center.

NOTE- In July this year, a similar data leak took place from the servers of Shanghai National Police. And as the victim denied paying ransom, the threat actors put the siphoned information of about 1 billion records on the dark web for a price of 10 BTC.

 

The post Now Russia and China companies face data breaches appeared first on Cybersecurity Insiders.

August 31, 2022 at 08:49PM

Read More

China was spying on Australian defense servers for months

In what seems to be a startling revelation made by Cybersecurity firm Proofpoint, China has been conducting espionage on Australian defense and energy servers for months, thus stealing intelligence and spying on the activities conducted by the officials.

It was a well-planned attack conducted by a hacking group named Red Ladon, say experts from the security firm. In the statement released by them a couple of days ago, researchers reasserted the fact that the attack took place in a sophisticated way with employees clicking on a phishing link, thus, paving way for the threat actors to induce malicious software payloads onto the computer networks, via PCs.

Interestingly, even the Federal Election Commission became an easy target in the attack. However, it remains unclear whether the hackers stole data in their effort.

Red Ladon, otherwise known as TA423, has become a biggest threat to Singapore, Malaysia, Australia and Japan and is operating from South China Sea, probably from a Navy vessel.

Almost all such email threats are quarantined in the scan box set up by Proofpoint and so depending on one such solution makes sense to companies for whom data has become a life blood.

NOTE 1- In the year 2018, Red Ladon was also seen infecting the election website of Cambodia and tried to target the websites with defacing tactics.

NOTE 2- Almost the entire world is accusing China of spreading the Corona Virus and now speculations like these will definitely tarnish the image of the country on a further note.

 

The post China was spying on Australian defense servers for months appeared first on Cybersecurity Insiders.

August 31, 2022 at 03:38PM

Read More

Octo Joins NVIDIA Partner Network to Help Federal Agencies Deploy AI Computing Faster

RESTON, Va.–(BUSINESS WIRE)–Octo announced today it has joined the NVIDIA Partner Network to deliver on its high-profile artificial intelligence (AI) projects for the Federal Government. NVIDIA will help develop and support AI-enabled services and experiences for Octo and its customers. Octo’s Reston, Virginia-based oLabs innovation hub will be powered by NVIDIA products and resources.

“In order to provide our customers with the latest AI computational technologies, it’s important to have not only the technology that NVIDIA offers but access to its world-class technical expertise,” said Rob Albritton, Octo’s Senior Director of Artificial Intelligence Center of Excellence. “The massive computing power available through oLabs and this new collaboration with NVIDIA enable us to train and deploy ML solutions faster and offer the most capable support possible to our customers, as we provide the most modern systems and software to help them meet their mission objectives.”

With its premier AI infrastructure, Octo’s oLabs attracts technologists wanting to do their life’s work while serving government missions.

“Accelerated computing is advancing science and services through applications that help make countries safer and more connected,” said Craig Weinstein, Vice President of the Americas Partner Organization at NVIDIA. “With NVIDIA-accelerated infrastructure, Octo and its oLabs innovation center will be able to improve support for government agencies during natural disasters and strengthen cybersecurity using AI.”

About Octo

Octo is a technology firm dedicated to solving the Federal Government’s most complex challenges, enabling agencies to jump the technology curve. We don’t just modernize. We create lasting change through best practices that help agencies implement and integrate at-scale, next-generation technology and innovation. With a mission- and service-first mentality, we provide Agile, DevSecOps, Artificial Intelligence, Cybersecurity, Blockchain, Cloud, and Data Management and Analytics solutions, collaborating to solve customers’ pressing problems. Headquartered in Reston, Virginia, Octo delivers proven technology vital to the intelligence community and health care, defense, national security, and civilian agencies that directly impact our nation. Visit octo.us.

The post Octo Joins NVIDIA Partner Network to Help Federal Agencies Deploy AI Computing Faster appeared first on Cybersecurity Insiders.

August 31, 2022 at 09:09AM

Read More

Cloud Data Management Capabilities (CDMC) framework: the challenges & best practices

This blog was written by an independent guest blogger.

Cloud adoption has gained solid momentum over the past few years. The technology has been helping organizations revolutionize their businesses and optimize their processes for increased productivity, reduced cost, and better scalability. But as organizations pour their entire focus on improving their businesses, they tend to lose control of governance.

One of the many reasons that data governance tends to get more out of control is when organizations increasingly adopt a hybrid or multi-cloud model. This is due to the explosion of data that’s been increasing every year, forcing organizations to turn to data lakes or data warehouses to dump all their data.

Furthermore, the irregular growth of data and the increasing adoption of the cloud model without an effective cloud data management strategy has led organizations to face tremendous challenges. Here, a Cloud Data Management Capabilities (CDMC) framework can enable organizations to streamline their cloud adoption and data management processes effectively.

Common challenges that organizations face in the cloud

Before we dive into the definition of CDMC and learn more about its varying best-practice capabilities, let’s first talk about the myriad challenges organizations face in a single or hyper-cloud environment.

Challenge #1: According to a survey, it has been reported that 80% of employees admit that they use SaaS applications without the approval of their IT team. Similarly, it has also been reported that an average company has over 900 unknown cloud services. The growing number of shadow IT or dark data assets create security vulnerabilities that may come back to bite the organization in the form of internal abuse, ransomware, or any other cyber breach.

These circumstances may arise when those dark data assets are moved to the cloud during the life-and-shift process, and there’s no proper catalog of those assets. This also leaves organizations with little to no visibility into the security posture of those assets, especially those that contain sensitive data.

Challenge #2: According to a cloud security report, 56% of organizations cite security as the primary concern behind slow cloud adoption. Security threats may also arise when an organization has sensitive data in its assets, and there are little to no security measures set to protect that data.

When it comes to data protection, especially sensitive data, it is imperative for organizations to have adequate security controls. These are necessary to prevent data leakage, insider threats, or any other cyber threats. A clear inventory of cataloged metadata of sensitive data can best enable organizations to prioritize security and establish appropriate controls.

Data Intelligence – securiti-1

Challenge #3: Global privacy regulations are gaining momentum gradually. Countries are improving their privacy laws to enhance consumers’ right to privacy and freedom. As part of the compliance, it is necessary for businesses to have clear visibility into where the sensitive data resides, who has access to it, and what they can do with that level of access. In case of non-compliance, organizations may face not only hefty penalties from regulatory authorities but may also have to experience other chaotic consequences, such as loss of customer trust or business partnerships.

Traditional data management frameworks are not engineered around the complications and challenges that are exclusive to the cloud. Therefore, organizations need a framework that takes the exclusivities of the cloud into account. Here, the CDMC framework by the EDM Council comes into the picture.

What is a CDMC framework?

The Cloud Data Management Capabilities (CDMC) framework outlines the best practices and capabilities to help organizations make sure seamless cloud migration, effective data protection, and robust data management in the cloud.

The CDMC framework was designed through the contributions of the world’s top-rated internet services along with top-rated data governance, intelligence, and data privacy services. Securiti, for example, is also one of the major contributors to the CDMC framework. The joint effort was headed by the EDM Council which is an international association that advocates for the development and implementation of data standards and best practices.

Best practices under the CDMC framework

The CDMC framework v1.1 outlines 6 different components, containing 14 capabilities and 37 sub-capabilities. These capabilities provide us with the much-needed guidance on how to securely manage data in the cloud, stay compliant with global privacy laws, and enable automation for enhanced data management and governance. The 14 best practices and capabilities outlined under the CDMC framework are as follows:

1. A data control compliance metric must be established for an organization’s all data assets that contain sensitive data. The metric is derived from all the key controls of the CDMC framework.
2. The ownership field in a data catalog must be properly populated for all the sensitive data.
3. A catalog of metadata, such as authoritative sources and authorized distributors, for all the data assets, must be populated, especially for the assets that contain sensitive data.
4. An auditable and controlled record of cross-border movements and data sovereignty must be kept in accordance with a defined policy.
5. A catalog of all personal and sensitive data needs to be created at the point of data creation or ingestion.
6. A real-time automated data classification must be established for all data at the point of creation or ingestion.
7. The framework must be capable of tracking ownership, entitlement, and access to all sensitive data.
8. The data consumption purpose must be provided.
9. Appropriate security controls must be established around sensitive data, and a record should be maintained for audit trail and for checking any anomalies.
10. Automated data privacy impact assessment should be set up for all sensitive data according to its jurisdictions.
11. Data quality measurement should be enabled.
12. Manage data retention and streamline purging and archiving of data.
13. A clear view of data lineage for all sensitive data.
14. An understanding of the cost associated with the usage, storage, and movement of data.

Why do organizations need CDMC capabilities?

The CDMC framework's best practices and capabilities are highly critical for organizations that deal with sensitive data or regulate that sensitive data in hybrid, multi, or dynamic cloud environments. Organizations that collect, store, process, share or sell the following data must pay attention to the key controls defined under the CDMC. Those data include:

1. Personally identifiable information.
2. Healthcare information.
3. Financial information.
4. Business information.
5. Sensitive personal information.
6. Confidential information.
7. Non-public information.

The post Cloud Data Management Capabilities (CDMC) framework: the challenges & best practices appeared first on Cybersecurity Insiders.

August 30, 2022 at 09:09AM

Read More

Latest Cyberthreats and Advisories – August 26, 2022

IT fiascos in healthcare, a dramatic rise in cyberattacks and an FBI warning highlight this week’s cybersecurity news. Here are the latest cybersecurity threats and advisories for the week of August 26, 2022.

Threat Advisories and Alerts

Credential Stuffing Attacks Target Legitimate Online Customer Accounts

The FBI warns that cybercriminals are using proxies and configurations to mask credential stuffing attacks on US businesses. Credential stuffing attacks occur when stolen username and password combos are used to take over legitimate accounts. The attacks can cause victims financial loss, reputation damage and downtime. To mitigate attacks, the full IC3 report advises businesses to implement multi-factor authentication, fingerprinting and other security measures.

Source: https://www.ic3.gov/Media/News/2022/220818.pdf

Google Chrome Releases Security Update for Actively Exploited Vulnerability

Google Chrome updates for Mac, Windows and Linux have been released to address multiple vulnerabilities. Reports have been issued that a high-severity Google Chrome vulnerability has been exploited in the wild. Users of the popular browser are advised to make the appropriate security updates immediately.

Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-041

CISA Warns of Palo Alto Networks’ PAN-OS Security Flaw

A Palo Alto Networks PAN-OS security flaw has been added to CISA’s Known Exploited Vulnerabilities Catalog after evidence of its active exploitation. The critical vulnerability (CVE-2022-0028) could allow remote attackers to perform reflected and amplified TCP denial-of-service (DoS) attacks. Customers of the affected product are recommended to apply the appropriate security patches. FCEB agencies are required to update by September 12, 2022.

Source: https://thehackernews.com/2022/08/cisa-warns-of-active-exploitation-of.html

Emerging Threats and Research

Phishing Attacks That Use SaaS Platforms Skyrocket 1,100%

A new Palo Alto Networks Unit 42 report reveals a sharp increase in phishing attacks that abuse software-as-a service platforms, like website builders and form builders. From June 2021 to June 2022, attacks have increased 1,100%. These phishing attacks sometimes impersonate legitimate sites to steal login credentials. Email users should be cautious of messages that request urgent action or make bold claims. Avoid clicking on any links or buttons in these emails and instead use a search engine to look up the official website.

Source: https://www.bleepingcomputer.com/news/security/phishing-attacks-abusing-saas-platforms-see-a-massive-1-100-percent-growth/

French Hospital Faces a $10 Million Ransomware Attack

The Center Hospitalier Sud Francilien, which serves an area of 600,000 people and is located near Paris’s city center, was hit with a cyberattack on Sunday, August 21. The bad actors demanded a $10 million ransom in exchange for the decryption key to unlock medical imaging systems, information systems associated with patient admissions and other IT systems. While these vital technologies have been inaccessible the hospital has been referring patients to other medical centers.

Source: https://www.bleepingcomputer.com/news/security/french-hospital-hit-by-10m-ransomware-attack-sends-patients-elsewhere/

Healthcare Data of 1.3 million Patients Exposed Due to Facebook Ad Flop

Over 1.3 million patients may have had their sensitive data leaked because of a botched advertising campaign. The US healthcare provider Novant Health misconfigured a Meta pixel on their site. The pixel was meant to track the success of their Facebook advertisements for their patient portal, but unintendedly sent private information to Meta and its ad partners. The private data included email addresses, financial information and phone numbers.

Source: https://www.theregister.com/2022/08/22/novant_meta_data/

DDoS Attacks Surge 203% The First Half of 2022

A recent Radware report revealed that malicious DDoS attacks grew by 203% in the first half of 2022, compared to the same six month period in 2021. In fact, DDoS attacks are already 60% higher for 2022 than they were for the entire year of 2021. What’s the cause? The report seems to emphasize that Russia’s invasion of Ukraine has altered the threat landscape, shifting it from pandemic-driven cybercrime to patriotic hacktivism and cyber war.

Source: https://www.helpnetsecurity.com/2022/08/23/malicious-ddos-attacks-climbed/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.

The post Latest Cyberthreats and Advisories – August 26, 2022 appeared first on Cybersecurity Insiders.

August 30, 2022 at 09:09AM

Read More

Yugabyte’s Fourth Annual Distributed SQL Summit to Feature Sessions Led by Database Experts From Fortune 500 Enterprises

SUNNYVALE, Calif.–(BUSINESS WIRE)–Yugabyte, the leading open source distributed SQL database company, today announced the speaker lineup for its fourth annual Distributed SQL Summit (DSS) on September 14, 2022. The company’s largest virtual event to date, this summit will feature sessions by data infrastructure experts and technology leaders from the world’s innovative data-driven enterprises, including Wells Fargo, General Motors, Kroger, Bed Bath & Beyond, and more.

DSS 2022 brings together YugabyteDB’s community of developers, customers, partners and industry thought leaders to discuss the challenges and opportunities of database modernization and transformation. Speakers will share use cases, best practices, real-world successes and challenges around database modernization with distributed SQL architecture.

Confirmed 2022 speakers on the DSS 2022 agenda include:

• Mark Pettovello, Ph.D., Hyperscale Big Data Architect, General Motors
  • Session Title – From Strategy to Reality: Embracing the Power and Scalability of Distributed SQL for Mission-Critical Apps
• Nathaniel Drehmel, Group Systems Architect and Head of Technology Infrastructure Architecture, Wells Fargo
  • Session Title – Fireside Chat with Wells Fargo: Building a Data-centric Business that is Ready for Any Future
• Lokesh Duseja, Senior Solutions Architect, Bed Bath & Beyond Inc.
  • Session Title – Preparing for Database Modernization: Lessons Learned from Performing a Successful YugabyteDB Evaluation
• Tom Eck, Senior Vice President, Distinguished Engineer, Digital Transformation, Fiserv
  • Session Title: Fireside Chat with Fiserv: Keys to Building a Cloud Native, Data-Centric Business
• Sriram Samu, VP Engineering, Customer Technology, Kroger
  • Session Title – Fireside Chat with Kroger: Examining a Two-Year Journey with Distributed SQL and What’s Next

“Our annual Distributed SQL Summit is a place for developers, database architects, technology leaders and experts to come together and discuss the full potential of distributed SQL,” said Karthik Ranganathan, co-founder and CTO of Yugabyte. “As more enterprises enter their next phase of digital transformation, they are looking to become data-first organizations. To do so successfully, enterprises must tackle database modernization by moving away from legacy solutions like Oracle and Aurora. We’re excited to discuss the ways that distributed SQL can facilitate this evolution and help future-proof enterprises at the data layer.”

In addition to world-class keynotes, fireside chats with leaders at Fortune 500 companies, and technical presentations by Yugabyte and industry engineers, attendees can participate in live hands-on workshops on SQL Tuning, Diagnostics and Instrumentation, and Multi-Region Applications. DSS attendees will also have the opportunity to expand their skills with 90-minute courses and certification offerings from Yugabyte University. Participants can join free training courses and get certified on YSQL development, YCQL development, and YugabyteDB administration.

Following this year’s virtual Distributed SQL Summit, Yugabyte will host a series of in-person DSS Day events in San Francisco, Dallas, Atlanta, Detroit, New York, and London. These events will focus on helping industry practitioners realize the critical role a modern data layer plays in preparing for any future. Registration for the DSS Days will open soon.

Tickets to the Distributed SQL Summit 2022 are available now for free. To learn more about the Distributed SQL Summit and in-person DSS Days, and to register visit: https://distributedsql.org/

Join the conversation on Twitter at #DSS22 for live updates.

About Yugabyte

​​Yugabyte is the company behind YugabyteDB, the open source, high-performance distributed SQL database for building global, cloud-native applications. YugabyteDB serves business-critical applications with SQL query flexibility, high performance and cloud-native agility, thus allowing enterprises to focus on business growth instead of complex data infrastructure management. It is trusted by companies in cybersecurity, financial markets, IoT, retail, e-commerce, and other verticals. Founded in 2016 by former Facebook and Oracle engineers, Yugabyte is backed by Lightspeed Venture Partners, 8VC, Dell Technologies Capital, Sapphire Ventures, and others. www.yugabyte.com

The post Yugabyte’s Fourth Annual Distributed SQL Summit to Feature Sessions Led by Database Experts From Fortune 500 Enterprises appeared first on Cybersecurity Insiders.

August 30, 2022 at 09:09AM

Read More

i3 Verticals Appoints Pete Panagakis as Chief Technology Officer

NASHVILLE, Tenn.–(BUSINESS WIRE)–i3 Verticals, Inc. (Nasdaq: IIIV) (“i3 Verticals” or the “Company”), announced today that Pete Panagakis has been appointed Chief Technology Officer (CTO). In this role, he will serve as the Company’s senior-most technology officer, and will help lead the Company’s delivery of integrated software and payment solutions to its thousands of customers. He will be responsible for overseeing the Company’s technology teams including enterprise-wide software engineering, architecture, infrastructure, cybersecurity, and technology operations.

Mr. Panagakis has a deep background in strategic leadership as a technology executive. Most recently, he served as an executive officer with Imperial PFS, a financial services firm in the Midwest. Prior to that, Mr. Panagakis held similar technology roles with MarksNelson, LLC and Epiq Systems.

Rob Bertke, who has served as the Company’s CTO since 2017, has requested a transition to a new leadership role within the organization. Mr. Bertke, who helped lead the Company through triple digit growth during his tenure as CTO, will remain with the Company and will move into a new position focused on the Company’s strategic efforts around implementation of a robust low code software development platform across the i3 Verticals enterprise.

Chairman and CEO Greg Daily commented, “We look forward to Pete’s leadership and innovative approach as we continue to scale our technological capabilities to serve our customers. His vision, personality, and proven ability to lead high performing teams will fit perfectly in our entrepreneurial culture. We are also excited about Rob transitioning to lead our low code efforts. We see tremendous potential in low code development, and we know Rob will do a fantastic job in his new role. He is a proven performer.”

About i3 Verticals

The Company delivers seamless integrated payment and software solutions to customers and end users in strategic vertical markets. Building on its sophisticated and diverse platform of software solutions, the Company creates and acquires software products to serve the specific needs of public and private organizations in its strategic verticals that include Public Sector, Healthcare and Education, among others.

The post i3 Verticals Appoints Pete Panagakis as Chief Technology Officer appeared first on Cybersecurity Insiders.

August 30, 2022 at 09:09AM

Read More

Racing and Wagering Western Australia Turns to Rimini Street for Better Support and Advanced Security for its Oracle Technology Landscape

LAS VEGAS–(BUSINESS WIRE)–Rimini Street, Inc. (Nasdaq: RMNI), a global provider of enterprise software products and services, the leading third-party support provider for Oracle and SAP software products, and a Salesforce partner, today announced that Racing and Wagering Western Australia (RWWA), a national leader in racing and wagering entertainment, has switched from Oracle to Rimini Street for better, more responsive support and advanced security for its Oracle database and Oracle technology landscape. The move helps RWWA to achieve its strategic plan to reduce its reliance on Oracle products as cloud-native and open-source offerings become viable for the organization, providing RWWA with more deployment and usage flexibility, reduced enterprise software operating expenses and improved security.

“The wagering sector is a competitive one in Australia and companies need a level of flexibility in their systems to provide new services while staying online,” said Daniel Benad, group vice president and regional general manager, Australia, New Zealand and Oceania, Rimini Street. “Sports wagering is now a 24/7/365 business, and clients are increasingly turning to organisations that offer the best ‘always on’ experience during big events. To do that, wagering companies can’t afford to spend their limited IT budget solely on enterprise software operating costs; they need to be able to invest more of their IT budget in innovation and continuously update their offerings to stay ahead of their competition.”

Moving Ahead of the Pack with More Budget to Innovate

The RWWA identified a need to invest in its customer engagement as well as machine learning and Artificial Intelligence (AI) capabilities as wagering became an increasingly online business, particularly during the pandemic when its business shifted from its retail brick-and-mortar stores to managing online wagering at high volumes. It has also been on a journey to shift its infrastructure platform from on-premise to cloud, a shift set to be completed by the end of the year.

“The better we can understand our customers, the better we can give them the service they want, when they want it,” said Grey Properjohn, head of technology at RWWA. “Wagering on racing and sport in general is now an anytime, anywhere offering, and we wanted to ensure that we could continue to innovate to provide the experience our customers deserve and expect.”

Oracle Database and Oracle Technology platforms, while mature and reliable, were proving to be high-cost. Furthermore, security patches offered by Oracle for its platforms were time consuming, resource-intensive, costly to implement and often did not fix the root cause of security issues.

RWWA turned to Rimini Street support as its selected option to achieve its goals, signing a contract with Rimini Street through Australia’s Whole of Government Agreement, with the Company providing support for RWWA’s Oracle footprint. RWWA also selected and implemented Rimini Street’s Advanced Database Security which provides RWWA with an innovative security solution with a fast time-to-protect for its database in comparison to Oracle’s traditional, dated software vendor patching approach.

Rimini Street Security Solutions Enable Peace of Mind

Software vendor patching is often ineffective due to late delivery, complexity to apply code patches, and the expense of extensive regression testing before moving patches into production environments. By comparison, Rimini Street’s Advanced Database Security protects databases from known and unknown vulnerabilities by monitoring and analyzing database communications traffic and blocking attempted attacks before they reach the database.

RWWA also now benefits from Rimini Street’s industry-leading service level agreement of 10-minute response times for all critical Priority 1 cases. In addition, RWWA is assigned a Primary Support Engineer with an average of 20 years’ experience in enterprise software and backed by a team of global functional and technical engineers, available 24/7/365.

Having a dedicated support engineer and security team is critical to RWWA during the organization’s busiest periods, such as during the annual Melbourne Cup, known as ‘the race that stops a nation’ in Australia and a period which sees huge increases in traffic to wagering platforms across the country.

“Having direct access to a dedicated, local support engineer assigned specifically to us, gave us peace of mind to operate during the most critical periods of the Melbourne Cup, knowing that any issue would be addressed quickly should one arise because they were available and nearby,” said Properjohn. “This is a huge weight off our shoulders as vendor support is often overseas and they don’t have the level of knowledge of our environment in the way Rimini Street’s dedicated local engineer does. That level of service and availability from Rimini Street during a high period of activity was and is greatly appreciated.

“Their security offering has also delivered everything we’ve needed in the time we’ve worked with them, and concurrently removed the need for resource-intensive vendor patching. This has allowed us to free up staff dedicated to costly patching and regression testing cycles to instead focus their efforts on more high-value initiatives, such as our innovation in the cloud.”

About Rimini Street, Inc.

Rimini Street, Inc. (Nasdaq: RMNI) is a global provider of enterprise software products and services, the leading third-party support provider for Oracle and SAP software products and a Salesforce partner. The Company offers premium, ultra-responsive and integrated application management and support services that enable enterprise software licensees to save significant costs, free up resources for innovation and achieve better business outcomes. To date, nearly 4,700 Fortune 500, Fortune Global 100, midmarket, public sector and other organizations from a broad range of industries have relied on Rimini Street as their trusted application enterprise software products and services provider. To learn more, please visit http://www.riministreet.com, follow @riministreet on Twitter and find Rimini Street on Facebook and LinkedIn. (IR-RMNI)

Forward-Looking Statements

Certain statements included in this communication are not historical facts but are forward-looking statements for purposes of the safe harbor provisions under The Private Securities Litigation Reform Act of 1995. Forward-looking statements generally are accompanied by words such as “may,” “should,” “would,” “plan,” “intend,” “anticipate,” “believe,” “estimate,” “predict,” “potential,” “seem,” “seek,” “continue,” “future,” “will,” “expect,” “outlook” or other similar words, phrases or expressions. These forward-looking statements include, but are not limited to, statements regarding our expectations of future events, future opportunities, global expansion and other growth initiatives and our investments in such initiatives. These statements are based on various assumptions and on the current expectations of management and are not predictions of actual performance, nor are these statements of historical facts. These statements are subject to a number of risks and uncertainties regarding Rimini Street’s business, and actual results may differ materially. These risks and uncertainties include, but are not limited to, the amount and timing of repurchases, if any, under our stock repurchase program and our ability to enhance stockholder value through such program; the impact of our credit facility’s ongoing debt service obligations and financial and operational covenants on our business and related interest rate risk, including uncertainty from the discontinuance of LIBOR and transition to any other interest rate benchmarks; the duration of and economic, operational and financial impacts on our business of the COVID-19 pandemic, as well as the actions taken by governmental authorities, clients or others in response to the pandemic; changes in the business environment in which Rimini Street operates, including the impact of any recessionary economic trends, including inflation, rising interest rates and changes in foreign exchange rates, as well as general financial, economic, regulatory and political conditions affecting the industry in which Rimini Street operates and the industries in which our clients operate; the evolution of the enterprise software management and support landscape facing our clients and prospects and our ability to attract and retain clients and further penetrate our client base; catastrophic events that disrupt our business or that of our current and prospective clients, including terrorism and geopolitical actions specific to an international region; adverse developments in and costs associated with defending pending litigation or any new litigation; our need and ability to raise additional equity or debt financing on favorable terms and our ability to generate cash flows from operations to help fund increased investment in our growth initiatives; the sufficiency of our cash and cash equivalents to meet our liquidity requirements, including under our credit facility; our ability to maintain an effective system of internal control over financial reporting and our ability to remediate any identified material weaknesses in our internal controls; changes in laws and regulations, including changes in tax laws or unfavorable outcomes of tax positions we take, or a failure by us to establish adequate reserves for tax events; competitive product and pricing activity; challenges of managing growth profitably; customer adoption of our products and services, including our Application Management Services (AMS) offerings, in addition to other products and services we expect to introduce in the future; the loss of one or more members of Rimini Street’s management team; our ability to attract and retain qualified employees and key personnel; uncertainty as to the long-term value of Rimini Street’s equity securities; the effects of seasonal trends on our results of operations, including the contract renewal cycles for vendor supplied software support and managed services; our ability to prevent unauthorized access to our information technology systems and other cybersecurity threats, protect the confidential information of our employees and clients and comply with privacy and data protection regulations; and those discussed under the headings “Risk Factors” and “Cautionary Note About Forward-Looking Statements” in Rimini Street’s Quarterly Report on Form 10-Q filed on August 3, 2022, and as updated from time to time by Rimini Street’s future Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and other filings by Rimini Street with the Securities and Exchange Commission. In addition, forward-looking statements provide Rimini Street’s expectations, plans or forecasts of future events and views as of the date of this communication. Rimini Street anticipates that subsequent events and developments will cause Rimini Street’s assessments to change. However, while Rimini Street may elect to update these forward-looking statements at some point in the future, Rimini Street specifically disclaims any obligation to do so, except as required by law. These forward-looking statements should not be relied upon as representing Rimini Street’s assessments as of any date subsequent to the date of this communication.

© 2022 Rimini Street, Inc. All rights reserved. “Rimini Street” is a registered trademark of Rimini Street, Inc. in the United States and other countries, and Rimini Street, the Rimini Street logo, and combinations thereof, and other marks marked by TM are trademarks of Rimini Street, Inc. All other trademarks remain the property of their respective owners, and unless otherwise specified, Rimini Street claims no affiliation, endorsement, or association with any such trademark holder or other companies referenced herein.

The post Racing and Wagering Western Australia Turns to Rimini Street for Better Support and Advanced Security for its Oracle Technology Landscape appeared first on Cybersecurity Insiders.

August 30, 2022 at 09:09AM

Read More