IDC IT Security Roadshow: Cybersecurity as Key Business Effectiveness

IDC Sala

1st article*: A professional marathon inviting industry specialists and business managers to think, to learn and to act against digital security threats.

Data security has always been one of the critical points in the IT industry, which has developed a real phobia for understanding, prevention and threat intelligence that addresses the inherent vulnerabilities of a system. The digital revolution generated by large technologies adoption in business processes has led on the one hand to mitigate risks but also generated new threats associated with key unexplored.

In his permanent engagements in innovative technology research and new trends adoption, IDC is developing a large frame of activities dedicated to data security and data privacy issues. Part of this engagement, IDC IT Security Roadshow examines global and regional trends related to security and provides actionable advice and best practices for organizations in an era of digital transformation.

IDC 3rd PLatformOrganizations increasingly invest in 3rd-Platform technologies primarily to spur business efficiency and improve business agility, and transform themselves into digital enterprises. These digital enterprises have dedicated fewer resources to securing their 3rd Platform-enabled technology infrastructure in recent years. They are now giving a higher priority to deploying advanced security solutions, as next generation technology investments pose higher security risks. IDC predicts that by 2017, over 10% of security investment will be spent in connection with personal data protection and regulatory compliance.

This year IT security conference series investigates the threats to key systems, data, and networks, and the main actions that organizations need to take to secure them. IDC is inviting security professionals not only to look at investing in security solutions, but also at people and processes, employees and business partners, helping individuals and organizations to develop a strategic thinking.

IDC IT Security Roadshow 2016 is first of all a powerful concentration of forces to communicate, to invite, support and disseminate information of the highest value to a heterogeneous community of specialists. It’s hard to organize and to hold an event. IDC Security Roadshow includes 20 events, in 20 locations in 18 countries from CEMA region, addressing over 3000 experts.

Bucharest was the 10th Roadshow location, after  the conferences that have already taken place starting February in Kiev (Ukraine), Prague (Czech Republic), Moscow (Russia), Belgrade (Serbia), Zagreb (Croatia),  Nicosia (Cyprus), Budapest (Hungary), Bratislava (Slovakia), and  St. Julians (Malta).

Until September 2016, other ten conferences will be held in: Warsaw (Poland), Almaty (Kazakhstan), Athens (Greece), Tbilisi (Georgia), Baku (Azerbaijan), Minsk (Belarus), St. Petersburg (Russia), Cluj (Romania), Vienna (Austria), and Tashkent (Uzbekistan).

Tomas Vavra

Thomas Vavra – Associate Vice President Software, IDC CEMA

Bucharest conference gathered together leading specialists in IT and cyber security independent experts, recognized analytics and key market players to discuss about:  threats and vulnerability management, identity & access management, Web security & mobile security, network security, endpoint protection and threat intelligence security services.

Within last three years, many Romanian companies were exposed to an increasing number of cyber-attacks and were forced to take emergency measures to prevent the threat and overcome the consequences. Unfortunately, the number of cyber-attacks will continue to increase exponentially in the coming years. During his introductory keynote, Thomas Vavra – Associate Vice President Software IDC CEMA, presented a series of facts shaping Romanian IT security landscape related to cybersecurity law adoption and the critical importance of European efforts toward a harmonized regulation frame for all the countries. European Data Protection and EU-US Safe-Harbor Privacy Shield are key part of European Commission strategy to create the Digital Single Market.

EU Originl Data Protection Keyboard

Source: EU Commission

A happy coincidence made that just during the conference in Bucharest in April 14th, the European Parliament announced final vote for the long-awaited General Data Protection Regulation (GDPR). EU members will now had two years to implement the new regulations, proposed by former EU justice commissioner Viviane Reding four years ago. The data protection reform package includes both the GDPR and the Data Protection Directive for Police and Criminal Justice Authorities. It replaces current rules based on directives laid down in 1995 and 2008.

Made in practice, GDPR will give citizens of all 28 member states more information on how their personal data is processed, presented clearly and understandably. They have now the right to know as soon as possible if their personal data is ever compromised, while the “right to be forgotten” has been clarified and strengthened. It will also become easier for people to transfer data between service providers, with the introduction of a right to data portability. The EU also said it saw benefits for businesses, with companies having only to deal with one supervisory authority across the EU, as opposed to one in each member state in which they operate.

IDC’s critical considerations exposed by Tomas Vavra in Bucharest refers to the necessity for a correct evaluation of the impact of proposed data protection rules by a continuous monitoring of data processing procedures. Extending existing solutions to meet specific requirements of national and regional data protection regulations is also a must. Any company and any organization had to plan ahead to have data protection solutions in place prior to their impact in business and operations.

IDC Top 3 Cybersecurity Predictions

#1: Data Protection Regulations – By 2019, 25% of security spend will be driven by the EU and other jurisdictional data regulations, leading to a patchwork of compliance regimes;

#2 Data Breach Impact – By 2020, more than 1.5 Billion People will be affected by data breaches, increasing calls for regulation and alternative authentication measures;

#3: Biometric Authenticated Transactions – By 2020, one-fourth of all worldwide electronic transactions will be authenticated biometrically, driven by the use of biometric-enabled devices.

What is clear in this moment is organizations should rethink their security strategies and to adapt their prevention and protection platforms to the new paradigm. In the actual context of digital transformation, data protection and data privacy are between most disrupted factors. Cloud intensive adoption, Internet of Think platform impact in all industries and mobile apps explosion opened new fronts for new vulnerabilities and more dramatic threats.

IDC Sala 3Adoption of 3rd platform and innovation driven business demands security evolution. Next-generation security solutions should be designed for distributed architecture, incorporating intelligent threat tools offered by Big data and Analytics technologies and data security anomaly detection based on contextual awareness and machine learning advanced mathematical models.

One of the newest and most emerging trend in data security is integration of biometric identification technologies. IT providers have quickly adopted alternative identification technics launching new smartphone models with fingerprint sensors, electronic payment with fingerprint reader as secondary validation system, voice recognition sensors in call centers, facial recognition scanners at events, or iris scan authentication at ATMs.

Unfortunately, a long series of incidents caused by hackers who broke biometric safety barriers and stole entire fingerprint data bases dismounted limits of new technologies credibility. A very active opposition is generated also by a large diversity of lobby groups demonstrating against privacy issues generated by large biometrics adoption.

In his critical considerations and advises for the industries, IDC specialists recommend a carefully adoption of biometric technologies and only as supplementary identification. Passwords are not death.  Any biometric system should be designed on deeply analysis of customer behaviour, consolidating the traditional methods of biometric data protection.

Ending opening keynote Thomas Vavra outlined the IDC’s key takeaways relating to security protection and data privacy:

  • Organizations should achieve full compliancy to rapid development of national and regional regulations;
  • Legacy security solutions are insufficient against modern and advanced threats opened by digital transformation;
  • New strategies should be based on intelligent solutions and services, engaging expert partners able to deliver proactive prevention;
  • 3rd Platform development requires optimum solution for improving identity and authentication;
  • Security specialists are key assets in any organization which should consolidate more efficient recruitment and retention program, providing also properly security training for all employees.

Concluding, we have to be optimistic. Keep strong passwords and your data will be safe. Even for security industry the best is yet to come. The staffing impact of the GDPR will be huge. More than 28,000 data protection officers (DPOs) will be required in whole Europe alone according GDPR regulations, says the International Association of Privacy Professionals (IAPP).

*Note: This is the first episode in a mini-series of articles dedicated to Bucharest conference included in the IDC IT Security Roadshow.  

Photo Sources: IDC

Cu ochii catre viitoarea piata unica digitala, Parlamentul European voteaza reforma protectiei datelor propusa acum 4 ani

Photo Source: Pixabay

Joi 14 Aprilie 2016 va rămâne o zi memorabilă în istoria digitală a Europei. Un mare pas înainte către mult dorita Piață Digitală Unică, program care a preluat din mers demersurile pentru Agenda Digitală Europeană. Noile norme europene de Protecție a Datelor Generale au primit aprobarea finală. Noile reglementări stabilesc de asemenea standardele minime privind utilizarea datelor de către poliție și în scopuri judiciare.

Parlamentul European a votat noua legislație privind Protecția Datelor la doar două zile după ce s-a primit unda verde de la Comisia Libertăților Civile (LIBE). Cu toate acestea, noua legislație s-a evidențiat ca una dintre cele mai îndelung dezbătute reglementări legislative europene, aprobarea finală venind la mai mult de patru ani de la propunerea lansată de Viviane Reding, fostul comisar european pentru justiție, in ianuarie 2012.

Ce este programul Digital Single Market?

Înlocuind tradiționalul program UE axat pe Agenda Digitală, noua strategie Digital Single Market reprezintă principalul program al Comisiei Europene de focalizare pe dezvoltarea digitală. În noua viziune, cetățenii, guvernele și mediile de business pot avea acces egal la beneficiile erei digitale, favorizând unificarea celor 28 de piețe ale țărilor membre. Asta ar putea contribui cu peste 415 miliarde de euro la economia UE și ar putea crea mii de noi locuri de muncă.

Strategia Digital Single Market este bazată pe următoarele direcții strategice: ⇒Facilitarea accesului online la bunuri și servicii digitale; ⇒Un mediu emulativ pentru rețelele și serviciile digitale; ⇒Transformarea Digitală ca driver de creștere economică.

Noua legislație va înlocui actuala directivă privind protecția datelor, care datează din 1995 când Internetul era încă într-o fază incipientă, cu un regulament general prin care se dorește ca cetățenii unei Europe digitale să beneficieze de mai mult control asupra propriilor lor informații private.

“Noile norme garantează dreptul fundamental la protecția datelor cu caracter personal pentru toți. General Data Protection Regulation va contribui la stimularea pieței unice digitale din UE prin promovarea încrederii în serviciile online de către consumatori și securitate juridică pentru întreprinderi, bazate pe reguli clare și uniforme “, se afirmă într-o declarație comună semnată de Frans Timmermans – prim vicepreședinte al Comisiei Europene, Andrus Ansip – vice-președinte responsabil cu programul Digital Single Market și Věra Jourová – comisar pentru justiție, protecția consumatorilor și egalitatea între sexe în cadrul CE. “Aceste reglementări sunt în beneficiul tuturor celor din UE. Persoanele implicate trebuie să știe care sunt drepturile lor și să știe cum să-și apere drepturile în cazul în care simt că acestea nu sunt respectate. “

Noile norme europene privind Protecția Datelor includ prevederi referitoare la:

  • data privacy-policy

    Photo Source: Pixabay

    dreptul de ”a fi uitat”;

  • “consimțământ clar și afirmativ” la prelucrarea datelor cu caracter personal de către persoana în cauză;
  • dreptul de a transfera datele către un alt furnizor de servicii;
  • dreptul de a ști când datele au fost piratate;
  • asigurarea că politicile de confidențialitate sunt explicate într-un limbaj clar și ușor de înțeles;
  • o aplicare mai strictă și amenzi de până la 4% din totalul cifrei de afaceri anuale la nivel mondial al firmelor, ca un factor de descurajare pentru încălcarea regulilor.

În practică, UE speră că noile reglementări vor oferi cetățenilor din toate cele 28 de state membre, mai multe informații cu privire la modul în care sunt prelucrate datele personale, prezentate în mod clar și pe înțelesul tuturor.

logo_it_trendsMai multe despre prevederile noilor normative pentru organizatii, care sunt pedepsele celor care le incarca si cum pot fi folosite datele judiciare de catre politie si sistemul judecatoresc, cititi în forma integrala a articolului ”Parlamentul European aprobă reforma Protecției Datelor pentru era digitală”, publicat în revista IT Trends.

Network Security in Virtualized Data Centers for Dummies

Book of the Month: April 2016

Here is cloud☁mania recommendation of April in Book of the Month category. Edited by Lawrence C. Miller, with over 20 year experience in information security. He is the co-author of CISSP for Dummies and more than 30 other titlesSponsored by Palo Alto Networks – the network security company. 

Book: “Network Security in Virtualized Data Centers for Dummies

 

Palo Alto Network Security Book

Publisher:

John Wiley & Sons, Inc.

Short description:

To realize the benefits of virtualization you must adapt your security architecture to address new challenges, and today’s application and threat landscape.

Read the book and learn: 

  • How virtualization enables cloud computing
  • How Applications use SSL hiding and other techniques to thwart traditional port-based firewalls
  • What new security challenges virtualization introduces in the modern data center
  • How security needs differ for internal data centers and internal-facing data centers.

Summary:

Are security implications in a virtualized computing environment essential from the cloud perspective? The book outlines the challenges of securing the virtualized data center and cloud computing environments and how to address them with next-generation firewalls.  Virtualization topics cover many technologies, including servers, storage, desktops, and applications, among others.

More info and Where to order: HERE

Thanks to Palo Alto Networks to share this book during IDC Security Roadshow, Bucharest 14 April 2016.

Industria Producătoare – marele câștigător al avalanșei IoT

Photo SourceȘ Pixabay: Industry IoT Automotive

Într-o economie globalizată, cu un climat competitiv tot mai tensionat, diferențierea produselor și a serviciilor este o direcție constantă în dezvoltarea afacerilor. Tendința ca serviciile să preia tot mai mult din ceea ce era asigurat de produse, câștigă tot mai mult teren. Să ne gândim la amplele transformări ale industriei de software, odată cu migrarea în Cloud și transformarea licențelor perpetue în subscripții.

Acest scenariu este valabil pentru toate industriile în care produsul în sine deținea până acum rolul dominant. ”Produs” – ”Producție” – ”Producător” – ”Industrie producătoare”, este un lanț ale căror verigi vor exista în continuare, dar totul va fi radical diferit datorita mutațiilor induse de ampla metamorfoză digitală. Deocamdată aceste mutații aduse de transformările digitale au fost preluate și dezvoltate în concepte precum ”Product-as-a-Service”.

Orice clasament al industriilor verticale care pot beneficia cel mai intens de avantajele oferite de sistemele IoT este dominat de industria producătoare. Potrivit IDC, astăzi peste 50% din activitatea IoT e concentrată în manufacturing, transport, smart city și aplicații client, dar în următorii 5 ani toate industriile vor beneficia de inițiative IoT;

Concentrându-ne pe manufacturing, tehnologiile IoT pot contribui la succesul acestui demers într-o multitudine de feluri, dar în special prin: dinamizarea fluxurilor tehnologice din industriile producătoare, administrarea mai eficientă a relațiilor cu clienții și partenerii pe toată durata ciclului de viață al produselor și creșterea transparenței și capacității de a răspunde așteptărilor clienților pe baza experienței de utilizator.

MS IoT Manufacturing

Sursa: Microsoft Romania

IoT ca avantaj competitiv pentru companiile producătoare

Iată câteva considerații legate de importanța IoT pentru manufacturing recomandate de Microsoft România și partenerul sau Crescendo, care deține experiența necesară pentru a consilia companiile de producție în stabilirea și implementarea cu succes a unei strategii IoT.

Deci care sunt companiile cele mai influențate de dezvoltarea sistemelor IoT? În primul rând, cele din sfera producției, care migrează spre modelul de business „product-as-a-service”, unde elementul vândut nu mai este doar produsul fizic, ci şi serviciul oferit.

Evoluția de la vânzarea de produse la vânzarea de servicii oferite alături de produse schimbă complet ecosistemul industriei producătoare – de la modalitățile de facturare şi plată – care acum devin abonament la un serviciu, până la structura echipelor de suport, a modului de lucru cu clienții şi furnizorii, sau a designului de produs.

De ce ar face o companie aceste schimbări radicale? Ca urmare a evoluției business-ului şi a mentalității clienților, piața se orientează spre servicii tip „pay-as-you-go”, unde funcționarea serviciului (nu doar a produsului) este responsabilitatea furnizorului acestuia.

Specialiștii de la Crescendo, parteneri Microsoft care dispun de o bogată experiență acumulată în proiecte de eficientizare industrială, recomandă pasul de la serviciile de mentenanţă reactivă la cele de mentenanţă proactivă prin:

  • echiparea utilajelor cu senzori care să monitorizeze modul de lucru în timp real, 24/7;
  • prevenirea defecţiunilor majore ale utilajelor;
  • optimizarea activităţii de service prin automatizarea operaţiunilor specifice.

Să luăm ca exemplu echiparea unei pompe de mare capacitate cu senzori care măsoară debitul şi vibraţiile. În cazul unei defecţiuni, care se traduce prin scăderea debitului şi creşterea în amplitudine a vibraţiilor, senzorii vor transmite informaţiile către o echipă de intervenţii, care va primi în timp real toate datele despre tipul echipamentului şi localizarea acestuia. Echipa va interveni sau va programa o intervenţie în funcţie de informaţiile primite, minimizând astfel riscul şi perioada de nefuncţionare.

Articol realizat pe baza materialului ”IoT ca avantaj competitiv pentru producători”, publicat în Catalogul Cloud Compution Romania, ediția a 4-a, Internet of Things, Decembrie 2015

How IDC Sustain CIOs in Digital Transformation Process

Photo Source: pixabay

Ten years ago any second slide from any IT corporate presentation started with inevitable title: “Networking Industry Challenges”… Five years ago the same introductory slide started with: “Internet resources challenges”. Now, every 8 from 10 corporate presentations from all industries are using as introductory buzz: “Digital transformation challenges”…

It’s interesting the digital transformation tsunami looks to disrupt in the same way all companies, from any industry, but IT providers are affected first of all. From the managerial perspective, the responsibilities for “What are next?” be involving at the same time CEOs, CFOs, CDOs, but first of all CIOs…

How is disrupted the CIO role in organization level

The disruption power of digital waves is leading CIOs to fundamentally change the traditional technologies issues. Until yesterday the main CIOs attribution was more related to IT operations management, packaged software deployment, security prevention and risk minimization, having as main goals the general systems stability and cost reduction.

Today CIOs are forced to embrace a more expansive view of their roles, involving direct participation in company’s revenues increasing, customer experience improving and digital strategy shaping.

Who should conduct digital transformation process?

digital 3

Photo Source: pixabay

Analyst community is still divided discussing the main role in the digital economy. While majority opinion shows that CEOs should have the main contribution in digital vision and strategy establishment, it is clear that the major role in the transformation process coordination should be played by CIOs.

Looking to the business implication at organization level, it’s hard to see the limits. The goals for different departments should be aligned internally like general strategy, operational issues and process evaluation also. At the same time, the leader who establishes the vision and strategy needs strong technology knowledge and a clear understanding of transformation processes as well.

Anyway the biggest issues in CIO’s leadership will be focusing on digital business needs function of the organization’s capabilities and resources availability.  According IDC FutureScape: Worldside CIO Agenda 2016 Predictions”, 66% of CEOs plan to focus on digital transformation strategies for 2016 having in CIOs the major players in leading every department through this shift. The same report shows not many CIOs are confident in their managerial skills, only 25% being confident in how they will drive new digital streams.

Organizations have to solve now this dilemma: CEOs need CIOs in conducting role of business transformation process but CIO’s majority looks to be not ready for this demanding role. Without CIO’s technology skills a company will have not the power to adopt the key drivers of digital transformations: innovation, integration and incorporation.

While digital transformation is crucial on business success IDC predicts that by 2018, 70% of digital transformation initiatives could ultimately fail because of „ insufficient collaboration, integration, and sourcing or project management. In order to have successful digital transformation in a company, the same study shows „leaders need to encourage cross-functional collaboration around digital initiative”. IT teams will also need to use the “maturity it has achieved in agile project management, integrated service management and enterprise security to support the transformation engine,” according IDC.

6 ways CIOs should conduct digital transformation in the enterprises

digital 2

Photo Source: pixabay

Synthesizing the main conclusions of specialists researches, we can discuss about six essential powers CIOs needs to win in today’s digital transformation war:

  • Digital strategy – CIO must be able to articulate a coherent digital strategy, aligned with business objectives and to make that well understood at organization level;
  • Technology innovative leader: will continue to be the main charge of any CIO able to build and deploy the basic high-tech requirements;
  • Transformation leader – CIO will play a key role in digital business vision, helping to align digital initiatives with business goals;
  • Leadership abilities – any CIO should have a leading position in the strategy setting and execution;
  • Operational and financial knowledge – CIO should understand and assimilate the better cost of digital processes, being able to estimate ROI metrics;
  • Establishing and deploying process standards – is also critical to IT to deliver into digital business potential.

Are CIOs prepared for transformation leadership role?

Big majority of researches are showing a negative answer. What we have gone to do in such a short time? The better solution is to assist CIOs with digital transformation consultancy support. Are CIOs opens up this assistance? They don’t have too many to choose if they want to be digital transformation drivers for their organizations.

Could we teach CIOs in digital technologies? The answer should be definitively yes: CIOs has the technical skill to understand the innovation and to promote the value of change.

Could be CIOs good managers? This is function of their entrepreneurial skills and the opening on business metrics. Statistics shows more than 40% CIOs are ready to become CEOs in the next few years. This is part of business transformation process. In IT and other technical industries the limits of CEO’s and CIO’s competences are not so pregnant.

In other industries we can assume a lot of CIOs having managerial and economic skills, but average CEO’s technical level is under the understanding limits. This is the reason for the lack of reaction to digital changes in large categories of managers.

IT Executive Program for the CEE CIO proposed by IDC

IDC recently announced the extension of his IT Executive Program in the Central and Eastern Europe (CEE) Region. What is IDC’s IT Executive Program? This is an IDC initiative already tested for the US market featuring a comprehensive mix of fact-based research and advisory services for IT managers from all industries. The main goals of the program are to help organizations of the region to maximize the effectiveness of their IT investments, advising them how to identify new opportunities, how to mitigate the risks, and how to perform in business transformation process.

IDC’s initiative is starting from the clear necessity to better sustain CIOs and business leaders especially from the industries that were not considered technology dependent until recently. “IDC’s IT Executive Program is tailored to support the CIO to understand what digital transformation means for his or her industry. The program is designed to empower the CIO to be a driver of innovation in the organization, to help the CIO define his/her new role as technology becomes more integral to the business, and to concurrently support the real need to “keep the lights on” by maintaining and optimizing the existing infrastructure, service levels, and unavoidable legacy systems.” says Tom Schwieters, VP of Sales for IDC CEE and MEA.

Which are IDC’s main strengths offered as tools for specific expertise in key industries?  First of all is the analyst task force. More than 120 regional analysts and another 1,000 worldwide collaborated last year helping CIOs in CEE to receive the best answer to many specific questions like:

  • How will big data impact the pharmaceuticals manufacturing market?
  • How can oil and gas enterprises adapt to digital office trends?
  • What technologies and vendors should a large utilities firm consider when implementing its private Cloud service?
  • How should a national emergency authority organize its IT team?

 

After that, IDC has a lot of experience sourcing from best practices and a deeply knowledge of specifics in each market. IDC developed also some analytical processes like IDC Maturity framework which enables the measurement of organization’s development in various tech areas and management flows, providing a valuable guidance to lead the company to the desired level of development. Other example is IDC “Concierge” Service delivered as annual subscription model to IDC’s research database, including direct inquiry access to IDC’s research analysts around the globe, or to different projects to meet CIOs specific needs.  Each CIO has to solve a specific set of challenges, and IDC’s flexible delivery model is designed to adapt to these needs.

“The IT Executive Program is our fastest growing line of business and our number one investment priority over the medium term. We are very excited to broaden and deepen our advisory to CIOs around the region as they embark on the digital transformation journey,” explains Jan Siroky, VP and head of CEE Region at IDC.

Schloss Schonebrunn

Photo Source: schoenbrunn.at

IDC CIO Summit Vienna

Part of IDC’s support for CIOs are the specific events with different focus organised periodically around the CEE and MA regions. The next IDC event in Central East Europe is CIO Summit Vienna 20-22 of April,  organised in the imperial ambiance offered by Schönbrunn Palace.

The Summit will bring together top CIOs, thought-leading IDC analysts, and innovative vendors from 30 countries offering them good moments for networking, learning, and experience exchange. Having as key message: “Rise of the Disruptive CIO”, the main topics proposed by IDC’s analysts for this Summit addressing a lot of hot subject for this digital revolution period, like: real world experiences with the today and tomorrow key technologies (Cloud, Big Data, IoT), IT security for IoT, digital transformation in the Public Sector, banking OmniChannel, and others.

%d bloggers like this: