Posted on Author rmaximum Categories Cloud, Risk Management

10 key Microsoft Ignite takeaways for CIOs

Microsoft kicked off its 2021 Ignite customer conference on March 2 with some stunning demonstrations of Mesh, a mixed-reality working environment like Second Life on steroids, accessible to anyone with a $3,500 Hololens 2 headset and high-speed internet.

Out of the spotlight, though, there were other innovations — in Microsoft Azure, Teams, and Power Platform — more likely to help the majority of CIOs deliver computing, collaboration, and coding tools to a workforce that is still socially isolated and increasingly socially divided as a result of the pandemic.

Here are 10 key Ignite takeaways for CIOs that caught our attention.

Semantic search as a service

Do what I want, not what I said: OK, that may be a slight exaggeration, but that’s where Microsoft is going with the new semantic search capability it’s offering developers a preview of. An addition to its Azure Cognitive Search APIs, semantic search promises to deliver results based on user intent rather than on the keywords they used, thanks to a natural-language model that Microsoft has built.

Models like this will be hugely valuable — but also hugely resource-intensive, said Nick McQuire, chief of enterprise research at analyst firm CCS Insight. “Many businesses won’t be able to build this for themselves,” he says, so Microsoft offering developers semantic search as a service that they can integrate into their own applications is significant.

Microsoft is also offering enterprises a new connector to enable Azure Cognitive Search to ingest and explore their SharePoint content.

Line item extraction

Other Azure developer APIs are getting upgrades too. Form Recognizer 2.1 can already find data in scanned receipts to process expenses. From March 15 it will gain the ability to extract individual line items from invoices, simplifying payment processing.

 

Form Recognizer has also learned to extract names, expiry dates, and document numbers from US driving licenses and passports from around the world, a boon for customer onboarding — or controlling borders.

Mission-critical computing in the cloud

Azure is providing additional support for mission-critical cloud workloads, adding the option to make on-demand capacity reservations with service-level agreement (SLA) guarantees, making scale sets more flexible so applications will keep running under higher load, and adding new VMs that will support more memory-intensive workloads, including in single-tenant Azure Dedicated Host environments.

Machine learning where you want it

When it comes to training or running machine learning models, hyperscalers like Microsoft have traditionally offered CIOs one answer: Do it in our cloud. Now, though, with its hybrid cloud control plane, Azure Arc, Microsoft is offering enterprises a way to run ML workloads on premises, in a multicloud environment, or at the network edge.

“What is new about Arc and the integrations with Azure ML is, Microsoft is saying you can use your existing infrastructure,” said CCS’s McQuire.

At the other end of the machine learning scale there’s also Azure Percept, a set of pre-built AI models, development tools, and reference hardware for building cloud-connected low-power AI systems with cameras and audio capabilities on the network edge. It’s based on a Zero Trust security model and offers zero-touch WiFi provisioning.

Vertical clouds

Microsoft’s industry clouds offer automation and analytics tools tailored to specific vertical markets — initially telecommunications, retail, and healthcare. At Ignite, it expanded its healthcare cloud feature set and language coverage, and introduced three new industry clouds, for financial services, manufacturing, and nonprofits. If you’re in one of these sectors, you may find Microsoft has already done some of your development work for you.

Teams gets more connections…

Microsoft CEO Satya Nadella is clearly hoping CIOs will pay more attention to the way Teams is used in their organizations, saying the company is building it as “an organizing layer for all the ways we work.”

A new feature, Teams Connect, will soon enable enterprises to create and manage channels shared with customers, suppliers, and other partners in which they can co-author documents and collaborate in apps. There will also be an expanded role for Microsoft Viva: In addition to delivering corporate internet and training functions, it will bring Teams users the same well-being and productivity insights familiar to users of Outlook, and for an additional fee, Viva Topics will make documents and expertise more easily searchable across the enterprise from within Teams.

With hundreds of different applications tied into the Teams environment, CCS Insight’s McQuire said, “The risks are that it becomes this massively unwieldy thing, and the user experience gets confusing because there are too many different things going on.”

Neverthless, he said, the new features will be attractive to companies that want to consolidate the number of conferencing tools they have.

… better security controls…

By midyear, enterprises will also be able to control in which datacenter Microsoft stores documents shared through Teams, group by group or even for individual users, making it more useful in some regulated industries or where there are concerns about the security of data. These controls will mirror those available for Exchange and SharePoint. There will also be an option to make end-to-end-encrypted one-to-one voice or video calls, that CIOs can enable on a per-employee basis, and to limit meeting attendance only to invited participants. A future update could see the addition of end-to-end encrypted meetings, too.

For companies that are centralizing their investment in such collaboration, McQuire said, “Security is arguably the number one selection criterion.”

… and new presenter tools

Microsoft is adding new options to embed PowerPoint presentations right in Teams, where meeting participants can flip back and forth through a slide deck at their own pace. Presenters will have new options to position their video image in front of or beside their slides, and to place the gallery of meeting participants at the top of the screen, right under their camera, to improve eye-contact.

“The thing that really stood out is the whole focus on presenter tools,” said McQuire.

Yet another low-code development platform

As if there weren’t already enough low-code development platforms out there, Microsoft is adding its take on the genre, and it’s based on Excel formulas. Power Fx is used to build canvas apps in Microsoft Power Apps, and is destined to become the language across the Power Platform. Microsoft said Excel users will be able to draw on their existing knowledge to develop apps with the simplicity of formulas — so if your company’s spreadsheets are all error free, you have nothing to fear.

Microsoft Mesh and Azure mixed reality

There’s no getting away from it, Microsoft’s demonstrations of Mesh, a mixed-reality collaborative environment, were eye-catching, from the undersea scene created collaboratively with the audience to the Cirque-du-Soleil finale.

While there were glimpses along the way of a couple of industrial applications built using underlying components of Mesh, Azure Remote Rendering and Azure Object Anchors, CIOs were left with a lot of questions about how they would actually use Mesh in their organizations.

Among them, said McQuire, are, “How is Mesh going to help businesses improve their productivity?” and “How will the licensing and the costings work?”

He also called out bandwidth as a potential concern.

Two-way HD video over Hololens is bandwidth-hungry: Microsoft’s documentation for Dynamics 365 Remote Assist Hololens, its existing “holopresence” solution, says “even 4-5 Mbps up/down does not guarantee 1080p video calling at full quality.”

That will make life difficult for many remote users connecting over DSL, and require sophisticated wireless coverage in crowded workspaces, if we ever return to those.

While Microsoft’s goal is one day to deliver the impression that distant coworkers are virtually present, early Mesh users will have to work alongside cartoon-like avatars of their colleagues provided by AltspaceVR as a way to limit the computing and bandwidth demands of mixed-reality collaboration.

We can provide latest and proven Microsoft solutions and services to achieve any of the strategic business goals.

Read More
0
Posted on Author rmaximum Categories Cyber Security, Infrastructure

Highlighting the Value of an Integrated Security Platform

As organizations strive to modernize their networks, the latter will continue to expand and become increasingly complex. This will lead to a deeper fragmentation of traditional edges, like the data center, wide area network (WAN), and local area network (LAN). As a result of this fragmentation, partners may find it difficult to secure their customers’ networks, which now include new unique edges. 

Identifying New Challenges Impacting Networks

Even as they work from home, remote employees require the same level of access, speed, customization, and performance as their in-office peers. However, to secure these networks, organizations often turn to point solutions designed to cover only a particular network segment. This fact was underscored in a 2020 IBM survey, which found that organizations deploy approximately 45 different solutions on average, with most requiring coordination across 19 security tools. 

With IT staff already overwhelmed with monitoring, this disaggregation can create security gaps that cyber criminals use to gain unauthorized access, steal or corrupt data and systems, or even disrupt the economy. 

Converging Crucial Elements in An Integrated Security Platform

Establishing a flexible and adaptive network that connects in-person and remote workers is challenging. Similarly, managing security in a continuously evolving threat landscape becomes increasingly difficult, especially for organizations using legacy solutions and strategies. 

Partners can help their customers address these issues by working with them to implement a security-driven networking strategy. Converging networking and security breaks down silos and encourages collaboration across the network; when networking and security are integrated into the IT infrastructure, the organization can take various crucial factors into account, including the network, endpoints and devices, and the cloud and applications. Further, security can take key networking functions into account, enabling them to more appropriately adapt configurations, policies, and programs for more consistent protection. 

Today’s organizations need solutions that offer coverage across the ever-expanding attack surface. Understanding the components of the cyber kill chain is critical to maintaining a strong defense. This includes the following steps:

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and control
  • Action objectives

Customers rely on their partners to help them evaluate these factors across their digital attack surface so that they can thwart the cyber kill chain at any given point, in any location within the network. Therefore, partners must not only understand these factors themselves, but also know what it takes to address them. 

Using a Broad, Integrated, and Automated Security Platform

To address changes within their network environments, many organizations turn to integrated tools or platforms. Despite this demand, historically, the cybersecurity industry has failed to deliver the advanced solutions that could keep pace with continuous network changes. Instead of providing a comprehensive and integrated solution, many vendors have delivered security for a specific piece of a business’s network. 

With the right platform, however, customers can effectively deploy and manage security solutions. Because of this, security teams should consider a broad platform that can help improve performance and deliver automation that meets the advanced needs of today’s businesses. 

Additionally, partners can help customers ensure consistent security and performance spanning from edge to edge with comprehensive, deeply integrated solutions. They can also facilitate integration throughout their customers’ IT infrastructure by deploying a robust solution built on a common foundation that converges networking and security. This way, security teams can keep pace with shifts between the two, offering comprehensive visibility across the entire IT infrastructure, including hybrid hardware and software deployments. Security solutions that consider the various connected systems deployed across the network can more efficiently identify potential threats, share threat intelligence, and coordinate a unified and appropriate response. 

With increasingly sophisticated cyberattacks that happen at machine-level speeds, artificial intelligence (AI) and machine learning (ML) are more important than ever. Humans alone cannot respond quickly and effectively enough. Organizations embracing digital transformation of business processes need to embrace the digital transformation of security systems, as well. These types of security systems, often built into integrated platforms, provide real-time identification, analysis, and threat responses that eliminate security gaps and embrace dynamic changes. 

Short- and Long-Term Success with the Right Security Platform

Although more organizations are embracing a platform approach, many platforms still focus on a single security element. Businesses should consider whether the platform solution they look to implement truly offers end-to-end protection across the entire IT infrastructure, including across the network, endpoints, and cloud. 

Partners can enable coordination across their customers’ entire suite of security technologies with a platform approach that converges networking and security built on a common foundation. A unified, centralized source of threat intelligence enables a more collaborative response to emerging threats, making it easier for security teams to mitigate network security gaps and improve overall response protocols. 

Modern business requires advanced, modern solutions that flexibly respond to changes. The right platform should continuously adapt to the digital threat landscape and digital attack surface changes facing the organization. With a broad, integrated security platform, partners can more easily maintain and even improve their customers’ cyber health, enabling them to take advantage of digital innovation without compromising security. 

We strive to build network and security integrated service for our customers.

Read More
0
Posted on Author rmaximum Categories Cyber Security, Infrastructure

Creating a Cloud Risk Framework with Internal Audit Support

As organizations increasingly migrate to cloud computing they could be putting their data at significant risk. Positioning the internal audit (IA) function at the forefront of cloud implementation and engaging IA to create a cloud risk framework tool can provide organizations a view on the pervasive, evolving and interconnected nature of risks associated with cloud computing. Engaging IA in discussions with the business and IT units early on also is critical to addressing potential risks.

Not Every Cloud Has a Silver Lining

“Cloud computing is changing the technology landscape, and the changes are only likely to intensify,” says Khalid Wasti, a director at Deloitte & Touche LLP. “For many organizations, the question is not whether the cloud should be part of their technology strategy, but when and how.” Under pressure to provide solutions, organizations may be tempted to leverage cloud services quickly, without weighing the associated risks, such as:

 

Data breaches—Particularly in multi-tenant cloud service databases. A flaw in one client’s application could give an attacker entrance to other clients’ data as well. Breaches could expose email databases, putting email accounts of thousands of end customers at risk of increased spam and phishing scams. Worse yet, data breaches could also reveal customers’ passwords, and even personal and financial information, to hackers.

Data loss—Malicious hackers, natural disasters or lapses in provider services could result in a loss of customer data. For example, bugs in web-based email services could lead to the disappearance of users’ messages, folders, inboxes or entire email accounts. Data loss could be particularly detrimental to organizations that are required to store information in compliance with industry regulations, such as healthcare organizations that must comply with the Health Insurance Portability and Accountability Act.

Downed reservations systems and websites—Whether due to denial of service attacks, severe storms or technical glitches, outages could result in thousands of inconvenienced customers (for example, airline travelers) and the disruption of traffic (and commerce) at client websites.

When a company opts for the speed and convenience of moving to the cloud, it also may relinquish control not only of its own data, but that of its customers.

Internal Audit and the Cloud Risk Framework

“Cloud computing presents a new frontier for many organizations, and IA can help provide the context and risk framework an organization should consider when moving to the cloud,” says Michael Juergens, principal, Deloitte & Touche LLP. “For internal auditors, meeting the challenges of cloud computing may mean stretching beyond their traditional audit roles, adding greater value as they assist the organization in building the required control environment,” he adds.

As an initial step, an organization should work with IA to create a cloud risk framework tool. “The tool can help the organization get to the heart of risks by providing a view on the pervasive, evolving and interconnected nature of risks associated with cloud computing,” adds Mr. Wasti. These include governance, risk management and compliance; delivery strategy and architecture; infrastructure security; identity and access management; data management; business resiliency and availability; and IT operations. Such a tool can also improve efficiency in compliance and risk management efforts and be used to develop risk event scenarios that require integrated responses.

To be more effective, the framework tool should be customized to include regulatory, geographic, industry and other specific issues that impact the organization. As IA modifies its organizational risk framework and guides the risk conversation with IT and the business, the following issues pertaining to infrastructure security, identity and access management and data management should be taken into account:

Infrastructure Security—Companies should verify that cloud providers have acceptable procedures in areas such as key generation, exchange, storage and safeguarding, as flawed security could result in the exposure of infrastructure or data.

Identity and Access Management—Organizations should consider how their authorization and access models will integrate with new cloud services and assess whether they are using appropriate identity and authorization schemes.

Data Management—Because organizations may have to relinquish control over their data to cloud providers, it is crucial that they fully understand how data will be handled in the cloud environment.

Moving Forward

Implementing a cloud strategy changes the risk landscape in profound ways. As some risks are minimized, others spring up in their place. “Recognizing and responding to this shifting organizational risk profile is IA’s purview,” says Charlie Willis, a senior manager at Deloitte & Touche LLP. “Because internal auditors understand the interplay between business processes and risk, they can help business leaders to articulate their appetite for risk and help develop strategies for mitigating it,” he adds. As the organization adopts technology initiatives that involve cloud computing, IA should consider taking proactive steps, including the following:

Engage stakeholders—Encourage IT and business executives to have an informed conversation about the move to the cloud. Help stakeholders understand the potential for rogue IT environments. Explore which applications and data are candidates for transfer to a cloud environment and be prepared to discuss the risk implications of the move.

Review the organizational risk framework—Revise the company’s risk framework, minimizing risks that are no longer a concern. This framework tool should measure the organization’s cloud capability state across the different cloud risk domains.

Evaluate potential cloud vendors—IT will be most familiar with the range of vendors, and the business leaders will be able to articulate the objectives of a move to the cloud. “IA should also be engaged in risk discussions,” notes Mr. Willis, “along with the organization’s security, risk and compliance groups, and help the organization develop an assessment profile for vendors.

Donec ornare, est sed tincidunt placerat, sem mi suscipit mi, at varius enim Mauris ienim id purus ort. Aene auat riss. Proin viverra. enim maurisupn est sed tincidunt placerat, ienim id purus ort

 

Read More
0
Posted on Author rmaximum Categories Uncategorized

As Cyberthreats Mount, Internal Audit Can Help Play Defense

Bolstered by technology expansion, a surge in data growth, evolving business models and motivated attackers, the threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses more than $2 trillion by 2019, nearly four times the estimated 2015 expense.* In response to the increasing threat, many audit committees and boards have set an expectation for internal audit to perform an independent and objective assessment of the organization’s capabilities of managing the associated risks. A first step in meeting this expectation is for internal audit to conduct a cyber risk assessment and distill the findings into a concise report for the audit committee and board, which can provide the basis for a risk-based, multiyear internal audit plan to help manage cyber risks.

“The forces driving business growth and efficiency are also opening pathways to cyber assaults,” says Michael Juergens, an Advisory managing principal at Deloitte & Touche LLP. “Internet, cloud, mobile and social technologies—now mainstream—are platforms inherently oriented for sharing. At the same time, outsourcing, contracting and remote workforces are shifting operational control,” he adds.

Many organizations are addressing cyberthreats with multiple lines of defense. For example, business units and the information technology (IT) function at many organizations integrate cyber risk management into day-to-day decision-making and operations, which comprises an organization’s first line of defense. Making up a second line of defense are information and technology risk management leaders who develop governance and oversight protocols, monitor security operations and take action as needed, often under the direction of the chief information security officer (CISO).

“Increasingly, many companies are recognizing the compelling need for a third line of cyber defense—independent review of security measures and performance by the internal audit function,” says Sandy Pundmann, an Advisory managing partner at Deloitte & Touche LLP. “Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. Advising stakeholders on trends and leading practices in cyber and other areas is a growing expectation for internal audit leaders,” she adds.

At the same time, internal audit has a duty to inform the audit committee and board that the controls for which they are responsible are in place and functioning correctly—a growing concern across boardrooms as directors face potential legal and financial liabilities. Since many organizations have cyber readiness initiatives still in flight, some internal audit departments have elected to defer audit procedures until these projects are completed. While this may allow for a deeper level review, deferring cyber assurance procedures may not be the right answer.

Cyber Risk Assessment Framework

Many internal audit functions have developed and tested procedures for evaluating components of the organization’s preparedness for cyberthreats. These targeted audits, such as attack and penetration procedures, are valuable, but do not provide assurance across the spectrum of cyber risks. To provide a comprehensive view of an organization’s ability to be secure, vigilant and resilient in the face of cyber risks, internal audit should consider taking a broad programmatic approach to cyber assurance and not perform only targeted audits, which could provide a false sense of security.

 

In assessing cyber readiness, internal audit can benefit from understanding the capabilities across a number of domains, how they are addressed today and gaps that may exist within the organization. Several factors are noteworthy as internal audit professionals conduct a cyber readiness assessment:

—It is vital to involve people with the necessary experience and skills. Internal audit has the know-how to conduct assessments. However, understanding whether the IT department or the CISO is doing an effective job of threat modeling can require subject matter specialists who ask effective questions to help evaluate the strength of modeling exercises. A technology-oriented audit professional versed in the cyber world can be an indispensable resource.

—It is important to evaluate the full cyber readiness framework, rather than cherry pick items. This evaluation involves understanding multiple plan components, including the current state of readiness against framework characteristics, where the organization is moving with respect to improving its cyber preparedness plan, and the minimum expected practices across the industry or business sector.

—The initial assessment should be a broad evaluation. The first assessment is not intended to be an exhaustive analysis requiring extensive testing. Instead, it should drive additional risk-based, deep-dive reviews of the organization’s preparedness against cyberattack.

Maturity Analysis

Some organizations may prefer to use a maturity analysis approach, rather than a risk assessment strategy. “A maturity analysis can provide additional value to management and boards by providing a quick visual reference that provides clear cues about areas they may want to explore further,” says Mr. Juergens.

The five maturity stages—initial, managed, defined, predictable and optimized—reflect the progress the organization has made in maintaining security capabilities to help mitigate cyberthreats and achieve its desired maturity level. In a visual representation (click on “full” image link below), dotted lines indicate the level of maturity an organization is targeting, potentially identified in a remediation roadmap.

“In practice, the board would agree on the desired maturity level upon completion of the remediation work, at which point internal audit would test once again and come back to the board to confirm the targeted level has been achieved,” notes Ms. Pundmann.

In addition, a separate assessment scorecard would support the maturity evaluation, highlighting in detail the cyber risks surrounding people, process and technology. For the analysis to be effective, findings should be documented and recommendations made for closing identified gaps.

In some cases, a cyber risk assessment can also be structured to generate a list of gaps and provide the organization with a roadmap for short- and long-term remediation activities.

Building the Foundation for Ongoing Assessment

The cyber-risk assessment underpins both the maturity analysis provided to the audit committee and board, and the development of a risk-based, multiyear internal audit plan for cybersecurity. The multiyear plan can be developed through the results of the assessment, with some audits occurring at a higher frequency than others based upon urgency and consideration of other testing and assessment activities underway in the organization.

It is important to remember that the internal audit approach to cyber assurance is not set in stone. Adjustments can be made based on the emergence of new risks, changes in the relative intensity and importance of existing threats, and other organizational developments.

“Internal audit has a critical role in helping organizations in the ongoing battle of managing cyberthreats, both by providing an independent assessment of existing and needed controls, and by helping the audit committee and board address the diverse risks of a technology-driven world,” says Mr. Juergens.

We are experts in IT audits with rich experience in enterprise market. Please contact us for details.

 

Read More
0
1 2