Where Are You on the Spectrum of Cyber-Security Maturity?

first_imgAlong with the Department of Homeland Security and others, we at RSA sponsor National Cyber Security Awareness month in October. But, we need more than just awareness. We need context, not a litany of the latest breaches, but an understanding – a better, broader, more collaborative understanding of the problems IT organizations are facing and the enemies we are fighting.Is it possible that the problem is overhyped? Yes and No. This is a complex issue that the press has a hard time reporting. And perhaps, just perhaps, they occasionally over-sensationalize what happens. But no, it’s not overhyped. The press unfortunately doesn’t see what we, law enforcement, and defense organizations see. Nobody wants their breach or loss exposed. So, like an iceberg, the true depth of the problem remains hidden. The result is a serious gap between the perception and the reality of the problem.According to Verizon Research Reports, most organizations don’t even know they’ve been breached. And the lack of a comprehensive system to share information in timely manner only exacerbates the problem.The implication is that security models are not moving fast enough to make the transition from traditional perimeter-based security to new intelligence-based security, while adversaries become more sophisticated.In the last year, in my conversations with CIOs, Boards of Directors and customers, I get agreement that a new model of cyber-security is needed. What is it? An intelligence-based security system consisting of multiple components. The first is qualitative – a thorough understanding of risk – with risk mitigation strategies that, when implemented, produce compliance as a by-product. The next two are technology-oriented – the use of agile controls based on pattern recognition and predictive analytics, and the use of big data analytics to give context to vast streams of data from numerous sources to produce timely, actionable information. These types of controls and analytic engines are dynamic and synergistic giving you true defense in depth. Of course there is a requirement for personnel with the right skill set to operate the system. And the final component that intelligence-based security requires is information sharing at scale.Confusion about what to do abounds because of this perception gap as well as an increasing gap between sophisticated and naive IT organizations, largely based on the aptitude of personnel. The scariest part of this is that size doesn’t matter. Let me illustrate a spectrum of cyber-security maturity. These four blocks represent the primary attributes of the least mature to the most mature – going from left to right.Cyber-Security Maturity SpectrumThose in the Control category are stuck in the most elementary approach that doesn’t see or go far enough. They just want the problem to go away. Give me a box or a piece of software and as the commercial says, let me set it and forget it. These are the uninformed ones. If they are not totally compromised, they are lucky. They are just a botnet node in the making.The Compliance category is about organizations that just want to tick a box to say they have complied with policy. They are heavily regulated or so monomaniacally focused on ISO 27001 that they are more concerned with the form over the substance of what they’re doing. What they don’t seem to understand is that a good governance model, a thorough understanding of risk and related mitigation capabilities, will create compliance as a bi-product of doing the right thing in the first place. In fairness to them, they are usually under extreme pressure from those above or from regulators.The IT Risk category is about organizations that understand the threat and are taking the right steps to evolve their security infrastructures. They are only slightly behind the Business Risk category – which is the highest level of maturity. These organizations see opportunities to change their business models based on all the technology available to them, taking maximum advantage of mobility and the cloud, and they’re moving their security infrastructures in concert with these changes. Where the IT Risk category is tactical, the Business Risk category is the most focused and strategic. That’s what we should all aspire to.The less mature categories are not just small and medium size organizations. Some of these organizations are quite large and I see them all the time. They are part of critical infrastructures or they have valuable IP that is critical to a nation’s economy and health. It’s a cliché, but we are only as strong as our weakest link and we are interdependent as never before. Attacks on one of us have the potential to be attacks on us all.last_img read more

Flexible Consumption Models—Transforming How IT Invests for the Future

first_imgTechnology innovation is advancing at an exponential rate, powering a new era of digital transformation. We’re seeing organizations use technology to fundamentally rethink their business models and disrupt entire industries. And we’re seeing IT evolve from a support organization to a prime mover of the business itself. So it’s no wonder most organizations today invest heavily in IT innovation to transform for the future.But there are financial roadblocks. Many organizations are cash-starved with scarce financial capital and resources for major investments in innovation. And many IT leaders are apprehensive when adopting new technologies due to unforeseen costs and risks. Yet despite these challenges, the crux remains the same—organizations that do not shift financial resources toward IT innovation risk falling behind.To address these issues, Dell Financial Services (DFS), the global in-house financial services provider for Dell EMC distributors, channel partners and customers, created a broad range of innovative payment solutions engineered to help organizations choose the technology they need and pay for it on their own terms, enabling them to better thrive in today’s digital economy. We call them flexible consumption models—an innovative way to pay.Consumption-based payment solutions more closely align your technology expenses with actual usage. By shifting cost-prohibitive capital expenditures to more favorable ongoing operating expenses, you can overcome financial anxieties associated with new technology adoption, while freeing up discretionary IT spend. Pay-per-use strategies offer superior financial elasticity when dealing with unpredictable spikes in demand or changing business requirements. And flexible consumption helps you adopt a better long-term business solution today, reducing potential costs and risks in the future.Dell EMC believes flexible consumption models will become standard for infrastructure investments going forward, and DFS is committed to expanding our payment solutions in this area. We are further ahead already, offering greater breadth and depth across our innovative financial services portfolio than others in our industry.Three payment solutions, in particular, help bring to life the reasons why customers are turning to flexible consumption.Flex On Demand – Deploy base capacity now. Pay for buffer capacity as you use it.Predicting the future is hard. That’s why flexible consumption is the closest thing to having a crystal ball. For businesses that have seasonal or irregular peaks in storage demand, the OpenScale Flex On Demand payment solution reduces costs associated with overprovisioning, enabling you to pay only for needed capacity as you use it. Dell Financial Services offers a lower capacity commitment and a more flexible payment period than other companies—and this offer applies on all Dell EMC storage products. Watch how British video game developer Splash Damage uses Flex On Demand to support the growth of its business.https://www.youtube.com/watch?v=sDaRgZCJE5ICloud Flex for HCI – Minimize the risk of moving to a modernized hyper-converged infrastructure solution. The cloud ushered in a new way to pay for infrastructure as a service, but created an ‘on-premises’ vs hosted dilemma for IT leaders. In response, we created a payment solution that combines the strengths of both approaches, bringing a cloud-like economic model to our hyper-converged infrastructure (HCI) portfolio—covering the complete solution in one simple payment plan. The new OpenScale Cloud Flex for HCI payment solution offered by Dell Financial Services dramatically reduces upfront costs and ongoing financial risk, by spreading and adjusting payments over time—with no obligation after the first year. Better yet, monthly payments decline up to 30 percent annually.Transformational License Agreements – Break free of traditional enterprise software licensing constraints.Software is a driver of innovation. Yet maintaining a dynamic assortment of titles is daunting for most IT organizations, especially as they undergo transformation. The enhanced Dell EMC Transformational License Agreement (TLA) program lets you consolidate software licenses and billing in one simplified agreement—with the ability to choose from CapEx and OpEx-focused models—making annual spend more predictable. Our TLAs offer unprecedented flexibility in the way you consume software, allowing you to freely add or exchange titles and pre-pay for anticipated future software and services, which is ideal for dynamic environments with evolving business requirements.At Dell EMC, we believe strategic partnerships matter more today than ever. That’s why we help you adopt the right long-term business technologies, while ensuring your investments pay big dividends. We are the only technology provider in the world with a portfolio that spans the entire IT ecosystem—from the edge to the core to the cloud. And Dell Financial Services has the financing expertise and global servicing capabilities to help you find the right payment solution to streamline your IT innovation initiatives.So, realize digital transformation today, the flexible consumption way. Contact your local Dell EMC or DFS account representative to learn more about the flexible payment solutions available in your country.last_img read more

The Power of One: Tis the Season to Mentor Youth & Spark STEM Passion

first_imgEach week, 13-year-old Jailimar spends a few hours with her Girls Who Code team to learn the finesse of coding.There is such a thing, she explains. By building her own website – one that can teach you how to cook – she is gaining the skills to work through coding kinks.“You encounter a lot of problems in coding, but you have to work through it – so that helps with problem-solving in other subjects,” she says. “For my website, we were having trouble finding the right tag to align the picture correctly, so our mentors helped us figure that out. It’s fun to eventually get it right.”Jailimar is a great spokesperson for the things that make coding cool – and the value of Science, Technology, Engineering, and Math (STEM) mentors!She participates in the free after-school club offered by Girls Who Code (GWC) for 6th- to 8th-grade girls – this one offered at Worcester Polytechnic Institute (WPI) in Worcester, Massachusetts. In a few weeks, Jailimar and her team will share their completed websites with their families to celebrate the completion of their GWC projects.Emily Stiles, a senior analyst on the Dell Data Sciences team will be there to celebrate, too. Stiles has been mentoring Jailimar and other program participants for the past several months by attending their weekly sessions. A number of Dell professionals mentor with GWC, as part of the WPI-based program and elsewhere.Emily Stiles guides Jailimar as she learns to use HTML to build a website that instructs on how to cook. Another team of girls is creating a website that will help users mix and match outfits – using HTML and CSS.This is Stiles’ first volunteer gig since joining Dell four months ago. Dell promotes skills-based volunteering to Dell team members by connecting them with organizations in need of their unique skills.A typical volunteer session for Stiles involves helping the girls to reason through their ideas and figure out how to translate them into a language the computer can understand. At the end, a quick ‘stand-up’ meeting encourages each girl to talk about what they were able to achieve. This is when frustrations are shared – and ideas are bounced around.Stiles says coding often involves working with a team. Her job at Dell taps into her expertise to perform advanced analyses on the many different kinds of data Dell collects. That data can reveal things like how our Dell technology is performing. Coding is the tool to mine the data. But like the young girls she has met, Stiles came into her computer science education with no previous experience.“My first course showed me that anyone with a computer and a desire to learn could code. When the opportunity arose to volunteer, I thought it was a great chance to ignite the spark for learning code in young girls who might not realize it is even a possibility,” Stiles explains.Stiles helps guide conversations with the girls around how computer science drives the technological and data-driven world we live in. It’s clear these talks resonate with Jailimar, an 8th grader. She points out how doctors rely on technology throughout their days now – and how that technology relies on coding. And, how coding will continue to grow in importance given technology’s increasing role in our lives.Very intuitive. Given her point, it’s little surprise that there’s been such a push to educate more people – especially girls and people of color – in Computer Science and programming. The IT sector continues to be a growing place to find a job. Even for those who don’t plan to become programmers, understanding code is like understanding a popular language – it’s at the center of how we communicate in this digital world!Still, as Stiles points out, computer sciences and coding are intimidating to some. This is where the power of mentorship comes in.“I think it’s important now more than ever for STEM professionals to pass their knowledge and love for coding onto the next generation through mentoring,” Stiles says. “When kids see how passionate we are about coding, they become passionate about it too.”The future belongs to those who can build digital technologies — and those who can use them to solve problems. We need everyone’s participation. We’re challenging team members, partners & leaders to spend 1 hour with a girl talking about careers in technology. Do they know technology is the backbone of business today? Are they aware of technology’s role transforming industries & addressing society’s biggest challenges? Start the conversation. Ignite change.“I am trying to find things that will help them in the future. I feel as a mother I want to make sure my daughters understand they can be whatever they want to be, even in a male-dominated industry and I’m glad GWC is advocating for more women in tech,” Yolimar says.And this is where I’ll make my own plug. Many nonprofits like GWC are in need of volunteers with the professional skills our team members possess, such as translation, marketing or IT training. So in recognition of the Hour of Code initiative, we’re rallying behind our Dell Power of One Mentor Challenge to encourage anyone – including our employees – to spend one hour with one young person and talk to them about what it’s like to have a career in STEM and why they should consider it. See what kind of spark you can ignite!Find out more about Dell’s efforts to involve girls and women in STEM fields.This article shares one example of how Dell is committed to driving human progress by putting our technology and expertise to work where it can do the most good for people and the planet.  We call this our Legacy of Good.Explore our FY17 Annual update on our 2020 Legacy of Good Plan at legacyodgood.dell.com.last_img read more

Evolution of HCI: Greater Flexibility Than Ever Before

first_imgNo matter the product, a large purchase is an important decision—all the more so if it is for your business. But often times the choice we make—even after careful consideration and plenty of research—can leave us with a feeling of buyer’s remorse. In IT this could happen for any number of reasons—as change and churn occur, business needs evolve and requirements from development teams shift, and you may find yourself in an environment that you did not anticipate. What you really need then is a multi-talented, agile architecture designed with the future in mind. Luckily, this type of flexibility is exactly where VxFlex (formerly known as the Flex family) shines.The VxFlex family is an offering within the Dell EMC HCI portfolio whose strength is its… you guessed it: FLEXibility! VxFlex can adapt to heterogeneous environments, support multi-hypervisor environments and bare metal options, and even give customers the ability to scale storage and compute independently or together. We can offer this while enabling a modular expansion that truly adds incremental IOPS and compute performance without introducing increased latency in an all flash solution.The VxFlex family offers several deployment options depending on your needs. VxFlex Ready Nodes provide great flexibility through pre-validated and optimized HCI building blocks, whereas the integrated rack (formerly known as VxRack FLEX) is a fully engineered system with networking included that accelerates IT outcomes through full lifecycle management. Both are powered by VxFlex OS, the enabling software defined technology for the VxFlex family (with over an exabyte sold).Since HCI is all about agility and simplicity, it was a logical next step for us to expand Dell EMC’s VxFlex portfolio with a new offering to complement the existing Ready Nodes and integrated rack. And that’s what we just announced at Dell Technologies World. I am excited to introduce the newest member of the family: VxFlex appliance!VxFlex appliance offers a crucial middle ground by delivering many of the HCI benefits of a turnkey, integrated system (such as integrated lifecycle management, easy scale out capabilities, faster deployment and single source for support) but in a simplified and more economic form factor.This new offering makes the VxFlex family even more versatile by taking the best of what’s offered in the Ready Node and integrated rack and blending it together with the power of VxFlex OS software to deliver the following flexibility and cost saving features:Bring your own networking (like Ready Node)Smaller starting point with massive growth potential (like Ready Node)Controller running on a VM saving you a management controller node (like Ready Node)Unified management with VxFlex Manager (like integrated rack)VxFlex OS for software defined (like the entire family)Customers of all sizes and verticals are loving their transformation with VxFlex. From the biggest enterprises with over 3,500 nodes in their environment capable of millions of IOPs with consistent low latency to smaller companies just starting out with eight nodes (but with the ability to scale out as their needs grow)—VxFlex enables them to innovate and boldly go where no one has gone before and focus on what they do best to make the world a better place. These high-performance capabilities set VxFlex apart from other leading HCI appliances that support multi-hypervisor or bare metal environments. This enables us to offer you VxFlex as the premier HCI appliance option for these environment types with enterprise-grade resiliency and high performance for the fastest access to data and applications.Regardless of the VxFlex family option you decide to adopt, you’ll benefit from one number to call for the full solution. Also, with all the underlying hardware, networking and VxFlex OS software under one roof, we can get innovation and new updates to you as fast as we can churn them out.So, when it comes time for your next IT infrastructure decision, consider the newest addition to the VxFlex family. VxFlex appliance demonstrates Dell EMC’s continued investment and commitment to growing and innovating the VxFlex family, it’s a decision you won’t regret.For more information about VxFlex, check out these resources:Dell EMC VxFlexVxFlex overview videoVxFlex infographicVxFlex family white paperlast_img read more

Lawyer who pushed voter fraud claims under investigation

first_imgATLANTA (AP) — Election officials in Georgia are investigating the residency of one of the biggest proponents of the claim that fraud cost Donald Trump his re-election. They’re trying to determine whether attorney Lin Wood already moved for good to South Carolina before voting in Georgia last fall. Wood announced his change of residency this week. He acknowledges buying property in South Carolina last April, and spending time in the state, but he says he considered himself a Georgia resident throughout 2020. He told The Associated Press on Wednesday that he voted in person in Georgia on Oct. 21 but didn’t vote again in the Senate runoffs in January.last_img

Woman indicted in Detroit-area election threats case

first_imgDETROIT (AP) — A federal grand jury has indicted a woman who is accused of threatening a Detroit-area election official after a stormy meeting to certify local results in the presidential race. Katelyn Jones was charged with making threats of violence with a phone and through social media. Investigators say Jones’ target was Monica Palmer, a Republican member of the Wayne County Board of Canvassers. Jones apparently was upset that Palmer and another Republican on the board initially refused to certify local election results in favor of Joe Biden back on Nov. 17. They subsequently changed their position after people watching the public meeting criticized them during a comment period.last_img

Jamaica faces marijuana shortage as farmers struggle

first_imgKINGSTON, Jamaica (AP) — Jamaica is running low on ganja. The shortage in the famed but illegal market is due to heavy rains followed by an extended drought, an increase in consumption and a drop in the number of traditional marijuana farmers. Experts say it’s the worst shortfall they’ve seen. One even calls it “a cultural embarrassment” given the Rastafarian traditions that draw many tourists to Jamaica. The island authorized a regulated medical marijuana industry and decriminalized small amounts of weed in 2015. But that market is limited and prices are higher than on the street.last_img

Joint Base Andrews breach triggers broad security review

first_imgWASHINGTON (AP) — The Air Force has ordered a broad review of security at all its installations after an unarmed man got access to the flightline at Joint Base Andrews in Maryland and entered an aircraft used by top U.S. and military officials. The base says the man entered a C-40 aircraft on Thursday. The C-40 is primarily used to transport members of the Cabinet, Congress and military combatant commanders. Chief Pentagon spokesman John Kirby says the Air Force has already adjusted some of its security protocols at Andrews. He did not provide details on the adjustments, but President Joe Biden is expected to arrive at Andrews later on Friday to fly home to Wilmington, Delaware.last_img