Keys to the cloud: Unlocking digital transformation to enhance national security

According to recent research, federal spending on cloud computing is anticipated to grow from $6.8 billion in 2020 to nearly $7.8 billion in 2022.

As this adoption accelerates, the information environment remains highly distributed and riddled with duplicative information, hindering decision makers with limited access to authoritative data, poor data integration across disparate systems, and low-quality data. This, paired with the “anything you can do, I can do better” mantra adopted by today’s nation-state threat actors, has left mission-critical information vulnerable to attack as it undergoes the great cloud migration.

These agile threat actors – without any red tape to stand in their way – have already adopted a cloud-centric mindset, oftentimes at the expense of our national security. Meanwhile, emerging technologies like artificial intelligence and machine learning that lend themselves to assisting defensive efforts are rendered useless unless the defense community focuses more time, energy and resources on becoming cloud-centric.

Ultimately, the issue of national security hangs in the balance, and the best way to ensure we stay ahead of the curve is by using the cloud to “digitally overmatch” our opponents and unlock the full potential of digital transformation.

Overwhelming opponents

Originally coined by the Army, the concept of “digital overmatch” stems from the idea that the respective branches of the military can easily overwhelm their opponents on the ground due to their superior resources. Now, in the era of cyber-enabled conflict, this concept can also be applied to the non-Defense space. Given that data is such a strategic asset, defenders must ensure they can outpace and outmaneuver adversaries by using data-driven technologies such as the cloud, and deliver on-demand resources across all domains whenever and wherever they’re needed.

Without commercial and government innovation in cloud-native technology, federal agencies and the military are unable to maximize the full potential of their modernization strategy.

“Digital overmatch” in action

By leveraging the concept of digital overmatch, a warfighter on the battlefield can become one with the sensor grid, capturing and receiving information – from instant language translation to situational awareness – in real-time. Simultaneously, commanders can see the big picture or drill down to a specific element on demand, accelerating decisions with accurate, timely information to deny adversaries any advantage. Additionally, the cloud offers the ability to hyperscale in real time.

For example, if a high-ranking official wants to see if they can move a specific group of soldiers who are currently overseas, there’s a great deal of information they must capture and digest as quickly as possible. Are they trained on artificial intelligence? Are their shots up to date? Are they adequately equipped for the desert terrain? This data currently may sit in 15 to 20 different systems, necessitating weeks or even months of analysis to determine if they’re ready to be deployed.

With a cloud-centric philosophy, commanding officers could have all this information at their fingertips and make well-informed decisions regarding their combat readiness in a matter of hours or even minutes. By having this information at the ready, better-trained troops with specialized equipment can be deployed faster, ultimately saving lives. Instead of hardware like aircraft carriers, guns or bullets being the deciding factors in modern conflict, data has quickly become the most valuable battlefield currency.

Digital transformation and national security: Implementation hurdles

Despite the clear benefits of a cloud-centric approach, there are still hurdles to overcome to move toward widespread adoption. First and foremost, all internal stakeholders must be trained to maintain a digital cloud mindset to use the latest technologies for their intended purposes, which can take valuable time. There’s also a common misconception that if data is in the cloud, it’s more susceptible to fraud, theft, or attacks by cyber actors, when the opposite is true.

With a properly designed cloud environment, data is more resistant to ransomware, while also being more accessible. In fact, without the cloud, a zero-trust architecture that ensures information is categorized and protected would be impossible to control. Regardless of these hurdles, a cloud-enabled future offers countless benefits and enables workflows to easily keep up with innovation, user demand and regulations.

A step in the right direction

So, where can federal agencies start on this digital transformation journey and what can they do to put together an operating model for multi-cloud capability? For some, the process might seem overwhelming or too expensive, but the reality is there’s no need to start from scratch.

Instead, agencies should look to their peers to guide and inform their cloud journey, as many organizations – public and private sector alike – already have the knowledge and solutions readily available to help expedite this migration at both speed and scale. For example, the Air Force has been recently leading the way via their Cloud One offering, which is able to migrate all their systems to the cloud while also developing them natively. Federal agencies don’t need to reinvent the wheel to successfully adopt a cloud mindset.

Originally found on Feedzy. Read More

You Can Now Sign-in to You Microsoft Accounts Without a Password

Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.

The change is expected to be rolled out in the coming weeks.

“Except for auto-generated passwords that are nearly impossible to remember, we largely create our own passwords,” said Vasu Jakkal, Microsoft’s corporate vice president for Security, Compliance, and Identity. “But, given the vulnerability of passwords, requirements for them have gotten increasingly complex in recent years, including multiple symbols, numbers, case sensitivity, and disallowing previous passwords.”

“Passwords are incredibly inconvenient to create, remember, and manage across all the accounts in our lives,” Jakkal added.

Over the years, weak passwords have emerged as the entry point for a vast majority of attacks across enterprise and consumer accounts, so much so that Microsoft said there are about 579 password attacks every second, translating to a whopping 18 billion every year.

The situation has also been exacerbated by the need to create passwords that are not only secure but are also easy to remember, often resulting in users reusing the same password for multiple accounts or relying on easy-to-guess passwords, ultimately making them vulnerable to brute-force password spraying attacks.

Jakkal notes that 15% of people use their pets’ names for password inspiration, not to mention utilize family names and important dates like birthdays, with others banking on a formula for their passwords — “like Fall2021, which eventually becomes Winter2021 or Spring2022.

By dropping passwords out of the equation, the idea is to make it difficult for malicious actors to gain access to an account by leveraging a combination of factors such as your phone (something you have) and biometrics (something you are) for identification.

Customers can use the new feature to sign in to Microsoft services such as Microsoft 365, Teams, Outlook, OneDrive, and Family Safety, but after linking their personal accounts to an authenticator app like Microsoft Authenticator, and turning on the “Passwordless Account” setting under Advanced Security Options > Additional Security Options.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Originally found on Feedzy. Read More

FTC: Health Apps Must Notify Consumers of Data Breaches

The United States Federal Trade Commission (FTC) has warned the developers of health apps and connected devices that they must disclose data breaches to consumers or face a fine.

In a policy brief issued Wednesday, the Commission clarified that healthcare apps that collect or use consumers’ health information are subject to the Health Breach Notification Rule requiring entities not covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to notify consumers when their health data is breached.

In a 3-2 vote held during an open virtual meeting, the FTC agreed to approve a policy statement affirming that developers of health apps and connected devices are considered to be healthcare providers, and that sensitive information disclosed by them without authorization constitutes a breach.

Every breach, even breaches that did not occur as the result of a malicious cyber-attack, must be reported. The FTC stated that companies that fail to comply with the rule could be subject to financial penalties of up to $43,792 per violation per day.

The FTC said in a statement that “health apps, which can track everything from glucose levels for those with diabetes to heart health to fertility to sleep, increasingly collect sensitive and personal data from consumers.

“These apps have a responsibility to ensure they secure the data they collect, which includes preventing unauthorized access to such information.”

The Commission noted that the use of health apps and other connected devices that collect personal health data increased during the COVID-19 pandemic. It observed that despite being a “ripe” target for scammers and cyber-attackers, “too few privacy protections” were in place for such apps.

“While this Rule imposes some measure of accountability on tech firms that abuse our personal information, a more fundamental problem is the commodification of sensitive health information, where companies can use this data to feed behavioral ads or power user analytics,” said FTC chair Lina M. Khan.

“Given the growing prevalence of surveillance-based advertising, the Commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk.”

Originally found on Feedzy. Read More

The science behind liberalism and conservatism

Tales from the Mark side: The conservative voice of Manatee County

By Mark Young

We as human beings are similar in so many ways and yet so very different. Nothing defines our divide like politics.

Have you ever wondered why?

I’m sure if you are a conservative, you have probably wracked your brain like I have when trying to understand the black hole that is liberal logic. And I’m sure, like me, you have come away from that experience more perplexed than ever. Well, there is a lot of reading material out there on why liberals are so different from conservatives. I came across several studies that prove areas of gray matter are enlarged in separate brain areas of conservatives and liberals.
Both areas impact the critical thought process and emotional response to information, but both are different in how the process works.

But is liberalism a mental disorder as many conservatives, including me, have claimed? Well, let’s follow the science, something liberals say we should do, but never actually do. I believe it was last year that the Pew Research Center showed a viable link between liberalism and mental disorders, particularly among young white liberals. The Pew study showed 62% of young white liberals were told by their doctors that they have a mental disorder.

The Washington Times, in April of this year did a piece on the study which shows liberalism, “forces its followers to wallow in feelings of helplessness and victimhood,” as opposed to “building resilience against hardship,” which combats depression. That inner working of a liberal brain makes them much more susceptible to things like “white guilt,” and other levels of nonsense.

Pew pointed out that an overwhelming number of liberals believed the false narratives pushed by the left that 1,000 blacks were “murdered” by police in 2019 following the death of George Floyd. In fact, there were 13 black people killed by police in 2019. The liberal Washington Post reported that from 2015 through this year that 1,552 blacks were killed by police compared to 2,962 whites. The number of Hispanics killed were similar to the number of blacks and more than 230 Native Americans also were killed by police, but no ever mentions Hispanics or Native Americans. Conservatives do because we believe that all lives matter, to include police lives. Of course the media likes to push the narrative that blacks are killed more disproportionately than whites based on percentages simply because there are more whites than blacks. It’s an easy argument to make but lacks substance.

The media doesn’t do its job very well, but that shouldn’t be a surprise at this point. If they did, they would take into account the facts surrounding the shootings, the criminal history of those shot and the high-crime areas involving the shootings. They don’t do that. Or perhaps they do and decide it doesn’t fit their anti-police, racist narratives that lead liberals down a mentally dangerous path of white guilt and self-loathing. 

You’ve seen how much these young white liberals hate themselves for being white. It’s beyond comprehension, but once you understand that there is an actual answer to your question of, “What is wrong with these people?” perhaps some level of empathy can replace the frustration? Perhaps just knowing that a mental illness might be causing young white liberals to get on their knees and lick the boots of a black man in a display of asking for forgiveness for their whiteness will bring conservatives some relief. Nah, not for me either.

I grew up an Army brat and then joined myself. I never saw color growing up and I only see it now when it’s forced upon me. When I was battling liberal logic for four years as a columnist in Nebraska, there was a very loud and aggressive group of liberals who attacked me on a regular basis. However, attacks are not the same thing as presenting an argument and they could never dispute my facts or bring a logical argument to the table. The debates always ended with me being called a name and them storming off into their black hole existence. The one thing that would offend them is when I actually called them a liberal.

Back in 2010 or so, liberals were desperately trying to get away from the negative aspects of the word. Instead, they insisted they were not liberals, but progressives. Progressive sounds a lot more appealing until the real progressives actually took over their party and now liberals no longer want to be called progressives. Now they are desperately trying to reclaim their liberal title.

Oh the hell it must be to be trapped inside a liberal mind.

Now, I’m certainly not saying every liberal is mentally ill, but I’d say the Pew Research Center’s 62% is fairly accurate. The scary part is that number will increase as liberalism continues to infect our education system. It has had a firm hold on our universities for decades but as you’ve seen, it is now rampant in our K-12 schools. But I still know moderate liberals and they can still present a decent argument whether I agree with them or not. And it’s a myth that moderate liberals and conservatives disagree on everything.

Conservatives for the most part absolutely believe that we need to take care of our environment. We just happen to also believe that drilling and pipelines can be done safely. Now I do part ways with a lot of conservatives in saying gay marriage is absolutely fine. I just personally believe that everyone has the right to be miserable.

Liberals, the research shows, are highly prone to fear-based media coverage. About 90% of liberals believe that you have a 50% chance of being hospitalized from COVID-19. Only 10% knew that the correct answer is between 1 and 5%.

The research indicates that liberals are much more prone to the misinformation spread by fear mongering media outlets. Just look at how the local media has covered things like COVID and red tide. I know for a fact that my former editors milked public health stories for all they were worth. That’s not to say COVID or red tide isn’t real, but at some point editors knew they were manipulating the stories to get those all-valuable clicks to make themselves look good.

However, because liberals are so susceptible to misinformation, it contributes to the decline in their mental health, the study noted. It’s ironic considering that the actions of the liberal media in Manatee County are contributing to hurting their liberal readers. Ironic, but self-servingly sad.

It also shows why liberal-run states have handled the pandemic so differently and why some of those states continue to suffer the economic pains of shutdowns and ridiculous mandates. But you’ll also notice how many of these Democratic leaders make over-the-top restrictions but never abide by their own rules.

The Washington Times concludes that, “Yes, there’s a lot of drawbacks to believing in liberalism.”

I would have to agree. 

Modern security strategies key to support remote workforce demands

COVID-19 quickly ushered in the era of remote work, introducing new risks that IT professionals are struggling to manage with existing security tools, according to a Thales study.

Six in 10 respondents said traditional security tools such as VPNs are still the primary vehicle for employees accessing applications remotely — likely the reason why 44% were not confident that their access security systems could scale effectively to secure remote work.

These are among the key insights from a global survey of 2,600 IT decision makers, conducted by 451 Research, to better understand the new security risks and challenges caused by the rise of remote working and cloud transformation caused by the COVID-19 pandemic.

Last year saw a surge in cybercrime exploiting the various aspects of the COVID-19 pandemic and the shift to remote work, with ransomware attacks soaring by 150%. The survey found the pandemic’s effects have had a significant impact on security infrastructure, particularly on access management and authentication frameworks, pushing organizations to adopt modern security strategies like zero trust to support the demands of a more mobile and remote workforce.

Era of remote working: Concerns catalyse change

According to the index, respondents have many different systems deployed for remote access. When asked about the technologies that were in place, VPN was the most common, with 60% of IT professionals identifying the capability.

Virtual Desktop Infrastructure, cloud-based access and zero trust network access/software defined perimeter (ZTNA/SDP) closely followed. However, when asked what new access technologies respondents were planning to deploy due to the pandemic, 44% indicated ZTNA/SDP was the top technology choice.

The survey also explored respondents’ plans to move beyond traditional VPN environments, and found that nearly 40% expect to replace their VPN with ZTNA/SDP, while 38% expect to move to a Multi-Factor Authentication (MFA) solution. This confirms the need for more modern, sophisticated authentication capabilities is driving change in many organizations and is perceived as a key enabler of zero trust security.

“Seemingly overnight, remote access went from being an exception to the default working model for a large swath of employees. As a result, businesses are navigating a volatile and complex world, and adopting a zero trust model of cybersecurity will enable them to continue to conduct operations safely amidst the uncertainty,” said Francois Lasnier, VP of Access Management solutions at Thales.

“One of the core barrier businesses face when starting their zero trust journey is the balance between locking down access without interrupting workflow. People require access to sensitive data in order to work and collaborate and businesses leaders will need to ensure that a drop in productivity doesn’t become an unwanted side effect. The research shows that IT professionals increasingly see access management and modern authentication capabilities as key component in achieving a zero trust model.”

Room to grow with modern security strategies like zero trust

The report found that zero trust models are the solution of choice for respondents seeking to improve access environments, yet many are still in the early stage of adoption.

According to the research, 30% of the respondents claim to have a formal strategy and have actively embraced a zero trust policy. Additionally, 45% are either planning, researching or considering a zero trust strategy. Surprisingly, less than a third (32%) of the respondents indicated that zero trust shapes their cloud security strategy to a great extent.

Access security needs to adapt to deal with dynamic workplaces

A silver lining of the pandemic-driven rush to remote working is the acceleration of improved approaches to access security. 55% of respondents currently have adopted two-factor authentication within their organizations. Regionally, there was notable variation, with the UK leading (64%), followed by the U.S. (62%), APAC (52%) and LATAM (40%). These varying degrees of adoption may be due to the level at which better access management is prioritised in security investments.

Yet, despite the well-known limitations of passwords, investment in MFA still trails other security tools like firewalls, endpoint security, SIEM and email security. Remote access users are still the main use case for MFA adoption (71%). One-third of respondents that have adopted MFA use more than three different authentication tools, signaling the need for a more unified approach to access management in the future.

“Security tools and approaches need to adapt to better support the era of remote working,” said Eric Hanselman, chief analyst at 451 Research.

“The shift towards a zero trust model, along with increasing use of modern authentication technologies, like adaptive and multifactor authentication (MFA), will improve organizations’ security posture. This will be an exciting space to watch as businesses continue to deal with dynamic workplace environments.”

Originally found on Feedzy. Read More