2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud

Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.

After shrinking in 2020, cybersecurity budgets in 2021 climb higher than pre-pandemic limits. Authentication, cloud data protection and application monitoring will top the list of CISO budget and cybersecurity priorities. According to experts, these are just a few of the themes to dominate the year ahead.

Here is round-robin of expert opinions illuminating the year ahead.

Home is Where the Attacks Will Happen in 2021

There is no question IT staffs are still reeling from the massive work-from-home shift that forced them to rethink cybersecurity and placed new dependencies on technologies such as cloud services and digital collaborative tools such as Zoom, Skype and Slack. Those 2020 trends will have a lasting impact.

Nearly 70 organizations surveyed by Skybox said over a third of their workforce would remain remote for at least the next 18 months. That will trigger an uptick on endpoint protection in the year ahead, according to Adaptiva CEO Deepak Kumar. He told Toolbox Security that endpoint protection will impact 55 percent of IT team, as companies look to protect assets purchased and deployed to remote workforces.

Bitdefender researchers agree and say securing remote workers will become a major focus for organizations. In fact, it will be an imperative, since remote workers will continue to present a unique set of opportunities for the bad guys.

“As more and more people adhere to the work-from-home schedule imposed by the coronavirus pandemic, employees will take cybersecurity shortcuts for convenience,” according to researchers at Bitdefender. “Insufficiently secured personal devices and home routers, transfer of sensitive information over unsecured or unsanctioned channels (such as instant messaging apps, personal e-mail addresses and cloud-based document processors) will play a key role in data breaches and leaks.”

Insider Threats

Upheaval in staffing needs and continued dependence on a remote workforce will create fertile attack vector for criminals looking to exploit insider threats. Forrester researchers believe the remote-workforce trend will drive uptick in insider threats. They explain, already 25 percent of data breaches are tied to insider threats and in 2021that percentage is expected to jump to 33 percent.

Forcepoint warns in 2021 the growth of an “insider-as-a-service” model. This, they describe as organized recruitment infiltrators, who offer up highly-targeted means for bad actors to become trusted employees in orderto gather sensitive IP.

“These ‘bad actors,’ literally, will become deep undercover agents who fly through the interview process and pass all the hurdles your HR and security teams have in place to stop them,” said Myrna Soto, chief strategy and trust officer for Forcepoint.

Inbox Bullseye

Endpoint security issues equal some of the most challenging today and tomorrow. Inboxes are the chink in the armor security front lines, often the perfect vector for ransomware attacks, business email compromise scams and malware infection, according to a Crowdstrike analysis of the challenges.

Moving forward, researchers warn that enterprises should expect a “major increase” in spear phishing attacks in 2021 – due to automation.

“Cyber criminals have already started to create tools that can automate the manual aspects of spear phishing,” said WatchGuard researchers in a recent blog. “This will dramatically increase the volume of spear phishing emails attackers can send at once, which will improve their success rate. On the bright side, these automated, volumetric spear phishing campaigns will likely be less sophisticated and easier to spot than the traditional, manually generated variety.”

Cybersecurity Cloud Burst

Cloud adoption, spurred by pandemic work realities, will only accelerate in the year ahead with software-as-a-service, cloud-hosted processes and storage driving the charge. A study by Rebyc found that 35 percent of companies surveyed said they plan to accelerate workload migration to the cloud in 2021.

Budget allocations to cloud security will grow from single-digit to double as companies look to protect 2020 cloud buildouts in the year ahead.

A Gartner analysis of 2021 cloud priorities names “distributed cloud” as a future focus for businesses which will have significant security implications. Distributed cloud is the migration of business processes to the public and private cloud – or hybrid cloud.

“[Companies] by shifting the responsibility and work of running hardware and software infrastructure to cloud providers, leveraging the economics of cloud elasticity, benefiting from the pace of innovation in sync with public cloud providers, and more,” says David Smith, Distinguished VP Analyst, Gartner.

According to Muralidharan Palanisamy, chief solutions officer at AppViewX, that shift will drive Cloud Security Posture Management (CSPM) in 2021. CSPM includes finding misconfigured network connectivity, assessing data risk, detecting liberal account permissions, cloud monitoring for policy violations, automatic misconfiguration detection and remediation and regulatory compliance with GDPR, HIPAA, and CCPA.

Automation, Artificial Intelligence and Machine Learning

Defensive applications of artificial intelligence will have their moment in 2021, driving a trend of hyper automation, said Palanisamy.

“Hyper automation is a process in which businesses automate as many business and IT processes as possible using tools like AI, machine learning, robotic process automation, and other types of decision process and task automation tools,” he said.

A study by Splunk, it reported 47 percent of IT executives interviewed said cyberattacks were up since the pandemic began. More recently, 36 percent said they experienced an increased volume of security vulnerabilities due to remote work.

“The sheer amount of security alerts, of potential threats, is too much for humans to handle alone. Already, automation and machine learning help human security analysts separate the most urgent alerts from a sea of data, and take instant remedial action against certain threat profiles,” Splunk wrote.

The report acknowledged that meaningful, practical application of AI is still a way out. But Ram Sriharsha, Splunk’s head of machine learning said he “expects AI/ML security tools to grow in their sophistication and capability, both in terms of flagging anomalies and in automating effective countermeasures.”

Mobile Menace 

Mobile threats accelerated in the backdrop of the COVID-19 pandemic – a trend expected to continue. Threats ranged from specialized spyware designed to snoop on encrypted messaging applications to criminals exploiting a slew of Android  critical security vulnerabilities. 

For those reasons, defenders need to heed last year’s lessons and create mobile-focused security programs, experts say Mobile will contribute to the ongoing “de-perimeterization” and cloudification of the corporate network. 

“The next big thing in security is the inversion of the corporate network,” Oliver Tavakoli, CTO at Vectra said. “It used to be that everything truly important was kept on-premise and a small number of holes were poked into the protective fabric to allow outbound communications. 2021 is the year where de-perimeterization of the network (which has been long predicted) finally happens and does so with a vengeance. The leading indicator for this is companies who are ditching AD (on-premise legacy architecture) and moving all their identities to Azure AD (modern cloud-enabled technology).”

As ever, user awareness will need to be a priority, according to Bill Harrod, Federal CTO at Ivanti.

“In the new work-from-home era, we’re constantly working on the go using a range of mobile devices, such as tablets and phones, relying on public Wi-Fi networks, remote collaboration tools and cloud suites for work,” he said. “As we settle into a new year of this reality, mobile workers will be the biggest security risk as they view IT security as a hindrance to productivity and believe that IT security compromises personal privacy.”

Meanwhile, 5G security took a backseat in 2021 even as those networks continued to roll out; but 2021 will see it return to the conversation — because 5G adoption won’t be seamless.

“When it comes to adopting all of the benefits of 5G, it won’t be an easy transition — both for enterprises and for consumers,” said Russ Mohr, 5G security expert at Ivanti. “Between the security vulnerabilities bound to be exploited, the time it takes to patch those vulnerabilities, and the constant protocols being rolled out, using secure 5G networks won’t be a seamless experience in 2021.”

Source: https://threatpost.com/2021-cybersecurity-trends/162629/

4 open source lessons for 2021

2020 fundamentally changed how many companies and teams work—seemingly overnight, remote-first cultures became the new norm and people had to change how they communicate and collaborate. However, for those of us who have been deeply engaged in open source, remote work has been our norm for many years because open source communities are large, globally distributed, and require effective collaboration from developers around the world. We’ve had ample time to create and refine many digital-first practices.

It’s no surprise that open source adoption and usage grew significantly this year. New data from GitHub’s 2020 Octoverse report shows there were over 60 million new repositories created this past year, and more than 56 million developers on GitHub. When people had to stay home, developers came together to find community and connections through open source. And though open source developers had a lot of established remote practices, this year challenged companies of all sizes to integrate their open source software experiences and development models in new ways, bringing new learnings as a result.

We wanted to share four places where Microsoft is learning from and growing our engagement in open source over the last year that we hope can be useful for any developer or team looking to build and collaborate in 2021.

1. Seeking different perspectives makes better software

Success in open source is just as much about your own contributions to the community as it is about what you learn from the community. Behind every pull request, issue, and code snippet, is a person. It’s important to connect with them—to listen, learn, and empathize with them. They offer a different perspective and feedback that your team may not be thinking of.

I hear conversations in meetings (one of the new virtual hallways) about making sure we get feedback from industry users who are well outside the Microsoft faithful. With this new feedback, I hear a collective sound of Microsoft’s perspective expanding and our gratitude for the new and different views we are receiving.

One example of community feedback changing our perspective was when the Dapr project received a lot of user feedback requesting a streamlined API to retrieve application secrets. The Microsoft team working on Dapr had not planned that work in the current cycle, but the community made it very clear that this new API would solve a lot of problems that developers were facing.

The Dapr maintainers worked closely with community members who submitted multiple PRs to add this functionality, covering everything from code to documentation to samples. After this was added, we found that customers also picked up this functionality and used it in their Dapr implementation.

This reminded us that listening to community feedback is extremely valuable, and that given opportunity, encouragement and support, community members will contribute effort to make requirements a reality.

2. Finding the balance between policy and autonomy

To help drive Microsoft’s open source efforts, we have an Open Source Programs Office (OSPO), whose goal is to help our employees consume and participate in open source safely, effectively, and easily.

Over the last year, we have heard from more and more enterprise customers—from retailers to banks to auto makers—who are looking to establish similar offices and practices internally. We share and discuss best practices on how to find the balance between setting policy while also empowering employees to do the right thing. While OSPOs will look different depending on your company’s needs, a few common practices we often discuss include creating a cross-functional group, setting clear policies (and making them easy to find and understand!), investing in tooling, and providing rewards and motivation. We’ve shared our guidance and policies and we look forward to continuing to build out our own internal practices, and to share our learnings along the way to help others do the same.

3. Securing every link in your supply chain is critical

Using open source in your development process has many advantages, including increased time to market, reduced cost of ownership, and improved software quality. However, open source, like any software, has its risks—open source can contain security defects that lead to vulnerabilities—and new research shows security vulnerabilities often go undetected for more than four years before being disclosed. Because open source software is inherently community-driven, there is no central or single authority responsible for quality and maintenance. Source code can be copied and cloned, leading to outsized complexity with versioning and dependencies. Worse yet, attackers can become maintainers and introduce malware.

As more systems and critical infrastructure increasingly rely on open source software, it’s more important than ever that we build better security through a community-driven process. Securing open source is an essential part of securing the supply chain for every company. In 2020, we came together alongside GitHub, Google, IBM and others to create the Open Source Security Foundation (OpenSSF). The group is helping developers with resources to identify security threats to open source projects, providing education and learning resources, and finding ways to speed up vulnerability disclosures. In the coming year, the OpenSSF looks to provide hands-on help to improve the security of the world’s most critical open source projects.

4. Over communicate

Big companies and big open source projects know that important information has to be communicated broadly and frequently across different channels. Even with this knowledge, Microsoft had to change rapidly this year just as so many other companies did. We no longer had moments of serendipitous interaction where you learn something helpful from bumping into someone in the coffee line, walking with a colleague to a meeting, or waiting with someone for the elevator.

This year, we learned the importance of over communication, which has been a hallmark of open source communities. Over communication is key because uncertainty can be more stressful than either good or bad news.

Take, for example, the Kubernetes project—it has never had an office and today they have 407 chat channels, which run the gamut from regional user groups to developer discussions about particular technology subsystems. These chat rooms—whether they are IRC channels, Twitter hashtags, Teams, or Slack —*are* the offices of open source projects.

While chat rooms are the new water cooler, they are temporal and transient. They are not the new announcement email or documentation repository. In the same way that no one is expected to know what happened in every meeting or conversation in the office kitchen, few people read the history of chat rooms when they return to their desk. Understanding how communication has changed and what expectations are set for every medium allows internal communication to remain a critical support of a good collaborative culture.

Looking ahead to 2021, together

These four investment areas are just as important to good corporate culture and health, as they are part of open source collaboration. We strongly believe that most of the hard (and, by that we mean interesting) problems of today will take a team or the whole industry to solve. This means we all need to be trustworthy and (corporately) self-aware participants in open source.   

A few years ago if you wanted to get several large tech companies together to align on a software initiative, establish open standards, or agree on a policy, it would often require several months of negotiation, meetings, debate, back and forth with lawyers… and did we mention the lawyers? Open source has completely changed this: it has become an industry-accepted model for cross-company collaboration. When we see a new trend or issue emerging that we know would be better to work on together to solve, we come together in a matter of weeks, with established models we can use to guide our efforts.

As a result, companies are working together more frequently, and the amount of cross-industry work we’re able to accomplish is accelerating. In 2020 alone, Microsoft participated in dozens of industry groups, associations, and initiatives—from long-standing established organizations, like the Linux Foundation and Apache Foundation, to new emerging communities like Rust and WebAssembly. This work across companies and industries will continue in the year ahead and we look forward to learning, growing, and earning our place in open source.

Source: https://cloudblogs.microsoft.com/opensource/2021/01/14/four-open-source-lessons/

Enterprise Software Development Will Break the Speed Limit in 2021

For some, 2020 was the year for software development speed … but not for everyone. Startups and SMEs climbed on board the CI/CD, shift-left and agile development train en masse – and reaped the benefits of faster iterations and tighter release schedules.

But the “big kids” got left behind. Core enterprise applications – the legacy systems with 1+ million lines of code that do the heavy lifting in many corporations – have not yet made the switch to the world of rapid release cycles. And this is natural; enterprises are rightfully more cautious by nature, and because the technology driving this evolution was not mature by enterprise standards.

But in 2021, that’s going to change.

Here are four speedy predictions for pushing enterprises over the speed limit in 2021, and some of the companies making it happen.

Four Enterprise Software Development Speed Predictions

#1: AI-based test generation will make enterprise development faster and better

Testing automation is crucial for any software development organization trying to transition to CI/CD. But enterprise stakes are arguably high, and enterprise code is by nature inflated, often carrying significant technical debt. Preparing suitable test coverage manually is resource-heavy, to say the least. But a new generation of AI-powered testing automation tools solves this problem for you. Solutions from companies like Ponicode and Diffblue allow enterprises with large code base apps to embrace CI/CD by bridging the technical debt gap in testing while still meeting release cycles.

#2: Test avoidance tech will make a dent in unnecessary testing

Running tests on an entire build for one small code change is overkill – no one’s arguing that. But until recently, there wasn’t much of an alternative to ensure the ironclad quality that enterprises require. In 2021, solutions from companies like Sealights and Launchable (which counts among its investors Jenkins creator Kohsuke Kawaguchi) will help enterprise software development teams deliver quality at speed. The key is the effective use of machine learning to reduce test cycle times and run only relevant tests, not the entire test suite, to ensure faster iteration cycles.

#3: High Performance Computing will move toward distributed computing

Compute power will remain a bottleneck to development in 2021 – but the processing arms race will likely change. As enterprises get used to virtualizing their infrastructure, they will think twice about investing heavily in dedicated multicore build/render machines powered by next-gen processors. Instead, they will look to virtualized processing power like distributed computing, cloud bursting, and spot instances – which provide the massive scalability enterprises require at build time, while still maintaining a more reasonable price-performance ratio.

#4: Managed CI/CD in the cloud will automate enterprise release pipelines

Managed CI/CD, like Amazon’s CodePipeline and Azure Pipelines, help enterprises save time setting up and maintaining CI/CD infrastructure, scaling up during peak times and maintaining security. These services, while not for everyone, will continue to gain popularity in 2021. A key reason for increased adoption is that they allow companies to scale much faster: without hardware or software, development teams can push a button and suddenly gain 20 more build servers. Moreover, managed CI/CD enables faster onboarding of new teams, simpler creation of repositories and more streamlined work with multiple geolocations. Finally, pay-as-you-go models, no upfront fees and no commitments are increasingly attractive to enterprises in tough times.

Put the Pedal to the Metal

Newly released AI-powered products and mature hosted services from big-name cloud providers are changing the face of enterprise-level development. In 2021, we’re going to see teams supporting backbone enterprise applications increasingly moving to CI/CD, shift left and agile development methodologies. Because everyone – even enterprises – deserves to break the speed limit.

Source: https://devops.com/enterprise-software-development-will-break-the-speed-limit-in-2021/

The Role of Big Data in Human Resource Management

Pic source: Data Science Central

The most successful business organization understands the role and importance of HR to the organization, especially when it comes to acquiring top talent and keeping them. To remain competitive and at the top of their game, HR departments are now looking to leverage big data analysis. This way, they will be able to quickly identify the best performers before others go ahead and hire them. This will also ensure that they can keep the employees engaged and happy and improve their employee retention level.

The advancement of technology to handle big employee data is continuing to advance. As a college paper writer states on the write my dissertation platform, it’s only a matter of time before this competitive advantage becomes normal. The fierceness in the job market and the candidate-driven approach that many companies take mean no better time for HR professionals to embrace data analytics.

There are several roles and advantages that big data offers the HR departments. Some of these are:

Reduces the risk and cost associated with a bad hire

A bad hire can be costly for the business in many ways. Many businesses invest their time and resources into training new hires. If they turn out to be a bad hire, they would have wasted the resources spent on them. Not to mention the cost of sending them off, looking for a replacement, and affecting the business operation.

A bad hire is bad for any business. This is why HR managers are now turning to analytics to help them choose the right candidate. If they’re able to find the best candidates then, the company can save the cost of recruitment, productivity loss, training expenditures, loss of clients due to negative experience and reviews about the employee, etc.

A bad hire is too costly a mistake for companies to make. That is why they use big data to reduce the possibility of that mistake.

Improve the rate of retention

It is more profitable for a business to retain its staff than to hire a new one regularly. Matt Law, an author who writes essay review service for do my assignment Australia platform, states that a business with a low employee retention rate is very likely to suffer. This is very much the truth.

Once an organization makes a hire, they tend to invest in that person the energy, time, and resources needed to bring them up to standard. However, when they resign, what happens? They have to start the process all over again and continue that cycle.

By using big data technology, it is possible to spot employees who are likely to walk out on the company by going through their job performances, employment history, payroll data, profile updates, and other online activities.

If the algorithm finds that the employee is a high-value employee, you know you have to try and retain them. This might mean that you offer them a more challenging role within the organization, increase their wage, etc. This is an effective strategy that many top companies use, and it works for them.

Predicting performances

Big data makes it possible to predict the performances of employees upon or before hiring them. For instance, HR personnel needs to determine if the person they are hiring can fit into the work culture and offer a satisfactory work level like other employees. Having to rely on gut feeling in cases like these isn’t reliable. It is also extra work if they have to compare individual prospects to the current set of top performers employees in line with the job requirement.

Instead, HR departments can use analytics to build a high performer profile with the employee records. This will make it easy to headhunt for specific targets. This will make it much easier to find and pick out the best talent.

There are several freelancing platforms for assignment help that already use this model. These predictions are very strong and significant, so you can use them in evaluating layoffs, promotions, and other job openings within the company. This will help the organization save its resources and time on recruitment.

Improving benefit packages

There are many perks that employees would love to have with their salary package, but many organizations don’t realize this. However, organizations can take a cue from insurance companies by gathering health information about their staff and prospective candidates to provide them with a good health package or benefit.

According to a custom paper writing service, this is one way to remain attractive to both your staff and prospects in the market. However, transparency is a critical factor with issues like this so that you don’t have to face the legal problems arising from discrimination practices. You can do this by openly revealing how you get the data and how you are using it.

Dealing with legal and ethical issues

When it comes to big data, one thing that you can never take away from it is privacy. It is a big concern, and rightly so. There’s a legitimate fear in people about the possibility of using those numbers against them, which is described as being discriminatory. The use of big data for the Human Resource department has to be considered a technique for risk management.

Conclusion

There are many ways that HR can use big data. The truth is big data is useful in many parts of an organization, and the HR department isn’t left out. The advantages they stand to gain and the roles that it could play far outweigh whatever possible downside that might be there to it. So, it is worth looking into for organizations that don’t already take advantage of it. Some of its most significant benefits are described in this article.

Source: https://www.datasciencecentral.com/profiles/blogs/the-role-of-big-data-in-human-resource-management

4 Ways to Scale DevOps in 2021

January is a month often dedicated to planning, setting intentions and preparing ourselves professionally and personally for a fresh year. In my own capacity as a DevOps and SRE leader, many of the clients I work with will reinvigorate internal efforts to streamline how they work in Q1.

I often advise clients to make very concrete goals and milestones for their technology organizations to become more agile, streamlined and modernized. Setting these goals is helpful to articulate to the wider business where you want to go and how you plan to get there. Here are a few DevOps-related initiatives your team may want to tackle in the first half of this year.

#1: Tighten Security through DevOps

Securing your organization’s infrastructure is an evergreen priority for technology leaders. When done properly, security should be baked into all DevOps processes (sometimes called DevSecOps) from the design phase all the way to application maintenance. To be effective and not slow down development, security processes need to move at the speed of today’s fast-moving environments, which is near impossible, or, at least very challenging, unless security is well automated.

Automated security measures can be applied to the full life cycle of product development and should make development time faster and smoother in the long run if you can catch vulnerabilities early. Identify automation tools that work for your team and experiment with what works best.

Similarly, in fast-moving environments, it’s tempting to play fast and loose with privileged access to unblock individuals and teams. Lax policies for user rights exposes the organization to too much risk from potential hackers. Implement a solution or protocol to keep access controlled. Policy and governance are critical for well-rounded DevSecOps. Communicate policies regularly with the entire organization. Ensure that all engineers know how to comply and enforce them.

#2: Make DevOps an Organizational Culture

Much like security, DevOps needs to evolve from an individual role to a cross-functional, holistic, cultural approach to developing software. Organizations should foster a DevOps culture rather than identifying specific individuals in DevOps roles.

So how do you know when this culture shift has happened? A good pulse check is to see how quickly your company can adapt to change. How mired is your team in legacy code or infrastructure? Can individual teams operate autonomously? Teams and individuals that are independent and accountable are able to continuously experiment and learn at a much faster rate.

DevOps cultural transformation won’t happen overnight – but it can be expedited if embraced by the entire company. I typically advise companies to focus on making incremental, consistent progress that builds autonomy, trust and transparency. These are the building blocks of a thriving DevOps culture.

#3: Simplify Your Infrastructure

Complexity, over time, creates duplication, unnecessary systems and technical debt. All of these have a cost, and create security vulnerabilities. Create organizational goals to clean up and reduce complexity. I often suggest teams create a roadmap to move toward self-service and building platforms. As you focus on building a DevOps organizational culture, you will likely notice that teams will identify opportunities to simplify and standardize, which will also remove complexity.

#4 Review system SLAs and SLOs

Establishing and monitoring key metrics are a fundamental part of any SRE role. Service level agreements (SLAs) and service level objectives (SLOs) need to be defined and monitored to ensure your team is fulfilling them. System availability (uptime, latency, etc) is core to any cloud SRE team. Define what reliability means for your organization. January is a good time of year to start fresh and articulate these metrics, how they relate to your core business and what investments or changes need to be made to achieve them.

Source: https://devops.com/4-ways-to-scale-devops-in-2021/