The business of security
Experts believe that the nature of I.T. threats have made a swift and alarming turn from being purely malicious to revenue-driven and even nation-state sponsored. Hackers look to crack into companies' security systems for financial gain, making the threat considerably larger. What’s more, as technology advances, more and more avenues to entry arise; e-mail, the internet, spyware.
However, the news isn’t all bad. By identifying these threats, businesses can limit their exposure to them. We speak with world-renowned Web security expert Jeremiah Grossman, Founder and Chief Technology Officer at WhiteHat Security and Co-founder of the Web Application Security Consortium (WASC), to find out more. “Computer security is a global problem and growing worse by the day. And there is no reason to believe that South Africa will not experience similar malicious incidents as the rest of the world,” he says.
So what are the top I.T. security threats at the moment? Globally speaking, Grossman, who previously held the role of Information Security Officer at Yahoo, says the major threats are web-based. “The threat to the security of a website and to the Web browser is a huge issue. An incident involving a website may lead to direct loss of sensitive information, fraud, embarrassment, and so on. When a Web browser is exploited, the result may be an infected machine where it is hijacked to send spam or liquidate their online financial accounts,” he says, outlining that South Africa is undoubtedly facing similar challenges to the rest of the world.
Grossman also highlights the rising trend of social networking as having had an effect on I.T. security recently. “It has had a negative effect. The use of social networks challenges organizations to track and control the location and flow of sensitive information. Their data and communications perimeter is no longer isolated to the corporate network, but expands to various online service providers whose systems they don't control or have visibility of.”
Another worrying issue lies within an organization’s employees. Whether carelessness or maliciousness, staff can potentially pose a significant threat to their companies’ assets, as Grossman attests: “The latest data indicates the insider threat is a real issue, but this pales in comparison to the losses sustained by outside hacking attacks.”
A SILVER LINING IN THE WEAK ECONOMY
There is no question that the challenging economic environment has led firms to tighten their budgets. And with less money for upgrades and new systems, this inevitably affects the security of a business - but not necessarily in an entirely negative way. “A weaker economy does indeed impact spending and of course emboldens the activities of cyber criminals. Fortunately, given the absolute necessity of computer security, the industry has not been as affected as other markets.
“There has been a silver lining with respect increased budgetary scrutiny. Forward thinking organizations are incentivized to take a closer look at the solution stack they are investing in, determining what has made real measure impact, or not, and adjusting accordingly. Purchasing decisions and security strategies solely based upon ‘best-practice standards’ is quickly becoming unacceptable.”
THE RIGHT STRATAGY
It is becoming clear that with data security, it is not so much about spending more, as it is about having the right strategy and keeping informed of the industry’s rising threats. “I prefer looking at the big picture of security and recommending strategies as opposed to particular point products.
“The majority of the computer security mindshare is spent attempting to address yesterday's threats, typically targeting host and infrastructure security. The reality is the majority of today's actual attacks have moved up the software stack to the application layer, specifically Web applications where traditional security products such as firewalls, anti-virus, and SSL provide very little protection.
“Strategically, an organization should first identify their I.T. assets - network, host, and application - then assign a business value relative to the I.T. investment, and treat security as a tax. Then I.T. security can smartly invest resources protecting the ecommerce business flows relative to their value to the organization.”
Although over the past years we have seen the ways and means of attacking data become more sophisticated, if companies can stay ahead of these advancements, attacks can be ward off, avoiding a potentially devastating outcome in an already challenging business environment.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”