This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Everyone says there is an information security talent gap. In fact, some sources say the demand for security professionals exceeds the supply by a million jobs. Their argument is basically this: attacks are not being detected quickly or often enough, and the tools are generating more alerts than can be investigated, so we need more people to investigate those alarms.
Makes sense, right?
Wrong.
We believe that, even if companies aroaund the world miraculously hired a million qualified InfoSec professionals tomorrow there would be no change in detection effectiveness and we would still have a “talent gap.” The problem isn’t a people issue so much as it is an InfoSec infrastructure issue.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Enterprise chat applications have surged in popularity, driven in large part by Slack, which now claims to serve more than three million users daily. What’s more, the popularity of these apps has given rise to a new phenomenon known as ChatOps, which is what happens when these new messaging systems are used to automate operational tasks.
The ChatOps term was coined by GitHub to describe a collaboration model that connects people, tools, processes and automation into a transparent workflow. According to Sean Regan, Atlassian’s Head of Product Marketing for HipChat, this flow connects the work needed, the work happening and the work done in a consistent location staffed by people, bots and related tools. Its transparent nature hastens the feedback loop, facilitates information sharing, and enhances team collaboration, but also ushers in a new set of challenges for securityand risk professionals.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
There’s been a lot of talk about security automation, but it’s increasingly unclear what is what. For example, a Network World article on security automation last year focused mostly on threat detection, a Gartner report on Intelligent and Automated Security Controls focused on the threat intelligence component, and another recent piece referenced security automation simply as “the automation of cybersecurity controls.”
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Most CISOs receive a rude awakening when they encounter their first major security issue in the cloud. If they identify a critical vulnerability that requires a patch, they may not have the authorization to tweak the cloud provider's pre-packaged stack. And if the customer does not own the network, there may not be a way to access details that are critical to investigating an incident.
In order to avoid a major security issue in the cloud, CISO’s must have an incident response plan. Here is how to build one:
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
The first public cloud services went live in the late 1990s using a legacy construct called a multi-tenant architecture, and while features and capabilities have evolved, many cloud services are still based on this 20th century architecture. That raises serious questions about how legacy clouds prepare for calamity. While all architectures are susceptible to hardware failures and other issues that cause outages, the clouds that use a multi-instance architecture can better minimize the impact of an outage.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Node.js is an open source, cross-platform runtime environment for server-side and network applications. Since its inception, it’s also become widely used for front-end tooling, APIs, desktop applications, and even controlling IoT hardware like drones. Node.js applications are written in JavaScript. The growing popularity and adoption of Node.js is the result of a confluence of several factors.
First, there is an increasing need by companies of all sizes to quickly build scalable, fast, distributed web applications. Second, large enterprises are finding there is inherent risk associated with running large, complex monolithic applications due to the difficulty and cost of tuning, maintaining, patching, and debugging them — and the challenges this poses to business responsiveness. Third, software developers are looking to develop a skillset that prepares them for the new market reality of agile practices, continuous integration and delivery, cloud-scale application design and a highly mobile and demanding user base.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Software-defined Wide Area Networking is red hot. It is safe to assume that, going forward, every multi-location business will rely on SD-WAN for a cost-effective, high-quality, unified network solution.
In fact, IDC recently released a report predicting SD-WAN revenue will reach $6 billion in 2020. Why? Because SD-WANs are secure, affordable and easy-to-use. Those three magic words are enough to turn any CEO’s head, and the benefits go well beyond that. SD-WANs address a confluence of issues that multi-location businesses are facing right now.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Analysts estimate that 10% to 20% of telecom charges are billed in error, and the financial impact can range from a few dollars to tens of thousands of dollars a month.
On any given monthly statement the items being over-billed run the gamut of services delivered by the provider, and can include charges for invalid circuits, billing disputes, contractual issues, fraudulent charges, set-up fees and improper rates. These charges can appear on the invoice or can be buried within the bundled services comprising monthly recurring charges.
To read this article in full or to leave a comment, please click here
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
Finding a cloud provider you can trust has become a major responsibility. Cloud providers come in all shapes and sizes—from global organizations delivering a range of services to small shops specializing in a limited number of capabilities. To normalize the differences you need to ask consistent questions about key issues.
Security should be at or near the very top of your list, with their answers providing the transparency which will help build trust. An essential first step is to avoid making assumptions on what security is and isn’t with respect to a provider. Every provider is different, with different rules, service-level agreements (SLAs), and terms and conditions. Make sure you thoroughly understand what each service provider commits to you, the customer.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
A private cloud enables enterprises to secure and control applications and data while providing the ability for development teams to deliver business value faster and in a frictionless manner. But while building a private cloud can transform IT, it can also be an expensive science experiment without careful planning and preparation. Here are ten considerations that will help ensure success.
1. Involve the stakeholders. Private clouds are not purely an IT project. The various business units that will be the actual users should be involved in figuring out the specifications and deliverables. A cloud changes the transactional relationship between IT and business. Both sides have to be engaged in figuring out and accepting how that relationship changes with a private cloud.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Everyone is generally aware that MPLS is expensive compared to Internet connectivity (check out “Why MPLS is so expensive”), but are you aware exactly how enormous the difference is? Even with MPLS prices coming down, the precipitous drop in Internet prices has made the gap larger.
A few years ago MPLS typically cost $300-$600 per Mbps per month for the copper connectivity (i.e. n x T1/E1) typically deployed at all but the largest enterprise locations, while today in most of North America and much of Europe a more typical range is $100 - $300 per Mbps per month.
To read this article in full or to leave a comment, please click here
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
As euphemisms go, it's hard to beat the term “service outage” as used by IT departments. While it sounds benign -- something stopped working but tech teams will soon restore order -- anyone familiar with the reality knows the term really means “Huge hit to bottom line.”
A quick perusal of the tech news will confirm this. Delta Airline’s global fleet was just grounded by a data center problem. A recent one day service outage at Salesforce.com cost the company $20 million. Hundreds of thousands of customers were inconvenienced in May when they couldn't reach Barclays.com due to a “glitch.” And a service outage at HSBC earlier this year prompted one of the Bank of England's top regulators to lament that, “Every few months we have yet another IT failure at a major bank... We can’t carry on like this.”
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
According to some estimates, attackers have infiltrated 96% of all networks, so you need to detect and stop them before they have time to escalate privileges, find valuable assets and steal data.
The good news is an attack doesn’t end with an infection or a take-over of an endpoint; that is where it begins. From there an attack is highly active, and the attacker can be identified and stopped if you know how to find them. These five strategies will help.
* Search for the telltale signs of a breach. Look for port scans, excessive failed log-ins and other types of reconnaissance as an attacker tries to map out your network.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
In enterprise IT, disruptive technologies become commercially viable faster than you can say “Moore’s Law.” However, if corporate culture and processes don’t evolve in conjunction with the pace of technology, it can inhibit the benefits of even the most awesome of enterprise apps. One area of IT where corporate culture has stymied progress is cyber security, but the rise of software containers — arguably one of the most disruptive enterprise technologies on the horizon - provides an opportunity to get application security right, or at least make it a whole lot better.
To read this article in full or to leave a comment, please click here
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
Today, it’s rare to encounter a company that doesn’t use the cloud. According to a recent RightScale report, 93% of organizations surveyed are running applications in the cloud or experimenting with infrastructure-as-a-service, and 82% of enterprises have a hybrid cloud strategy, up from 74% in 2015.
As cloud adoption rises, employees skilled in cloud development and management are finding themselves a hot commodity in the job market. In fact, many organizations are fighting for highly-coveted cloud computing experts to optimize cloud performance and help them better compete in their respective markets.
To read this article in full or to leave a comment, please click here
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
In 2015 there were 781 publicized cyber security breaches which resulted in more than 169 million personal records being exposed – a number that’s steadily on the rise year over year. And with notable names like BlueCross, Harvard and Target being tossed into the mix, it’s obvious that no company is safe. Yet, only 38% of organizations across the globe can confidently say they are prepared to handle a sophisticated cyber-attack.
The numbers don’t lie. Cyber criminals are becoming savvier and their attacks are increasing faster than companies can keep up. Furthermore, it’s becoming increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe. To address this glaring need, many forward-thinking IT executives are fortifying their cyber security strategy using automation as a tool for greater defense.
To read this article in full or to leave a comment, please click here
In its first 27 years of existence we saw the introduction of six Ethernet rates – 10Mbps, 100Mbps, 1Gbps, 10Gbps 40Gbps and 100Gbps. And the Ethernet community is now working feverously to introduce six new rates -- 2.5Gbps, 5Gbps, 25Gbps 50Gbps, 200Gbps and 400Gbps-- in the next three years.
Higher Ethernet rates used to be introduced when industry bandwidth requirements drove the need for speed. Butwith Ethernet’s success, it soon became apparent that one new advance could satisfy the requirements of each Ethernet application space. This was clearly illustrated nearly 10 years ago when it was recognized that computing and networking were growing at different rates. This led to 40Gbps being selected as the next rate for servers beyond 10Gbps, while 100Gbps was selected as the next networking rate.
To read this article in full or to leave a comment, please click here
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
As business leaders grow their companies, corporate assets should always be top of mind. As such, business leaders should be implementing IT policies early on in order to set standards and expectations for employees when it comes to the use of corporate technology and managing corporate data.
In parts one and two of this three-part series, I rolled out a playbook on when companies should hire their first IT consultant and what to keep in mind when appointing a CIO. In this third and final part of this series on the IT Lifecycle I’ll discuss when companies should start rolling out formal IT policies and how to do so.
To read this article in full or to leave a comment, please click here
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
Timing is everything when hiring a CIO. The primary function of a CIO is to be forward-looking for developing and implementing IT initiatives, but it can be difficult for a CIO to fulfill this duty if he or she is brought in too late and provided with inadequate technologies and processes. The earlier a company invests in a CIO, the earlier everyone can be in tune with what will make the business most efficient. But most companies don’t know when it’s too early and when it’s too late.
In the first article of this three-part series on the IT Lifecycle, I discussed recommendations for when to hire an IT consultant, and what to consider when doing so. During this process, it’s important to recognize when a CIO will be a valuable addition. In this second part of the series, I will continue to follow Joe’s Widget Shop, a hypothetical software development company, as they move onto the next stage in the IT lifecycle. I’ll provide you with insight on what to look for when appointing a CIO Continue reading
Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.
Few companies are founded with a CIO. For many, the first IT “hire” is the company’s founder, whose job description may include activities like IT purchasing, networking and IT support, alongside planning, marketing and business development. Eventually, that changes. But when? And how?
In my role as a chief operations officer, I’ve helped many companies build out their IT operations as they grow from startups to SMBs and beyond. In this three-part series, I’ll explain the IT life cycle of a hypothetical startup called Joe’s Widget Shop, a software development company.
To read this article in full or to leave a comment, please click here