Tag

Standards

Browsing

Cyber ​​security professionals want the computer industry to emphasize vendor consolidation and open standards.

This major change in the security networks of IT professionals is long overdue, according to new research from the Information Systems Security Association (ISSA) International and the independent industry analyst firm Enterprise Strategy Group (ESG), a division of TechTarget.

Seller consolidation and the push toward open standards is driven by buyers themselves, who are challenged by increasing complexity, cost, and the promotion of best-of-breed technology “equipment sprawl”.

Nearly half (46%) organizations consolidate or plan to consolidate the number of vendors they do business with. Concerned by the growing complexities of security operations, 77% of InfoSec professionals would like to see greater industry collaboration and support for open standards that promote interoperability.

Thousands of cyber security technology vendors compete against each other in multiple security product categories. Organizations want to optimize all the security technologies in their stack at once.

According to the research report, vendors supporting open standards for technology integration will be best positioned to meet this shift in the industry.

“Given that nearly three-quarters (73%) of cybersecurity professionals feel that vendors are engaging in promotions on substance, vendors who demonstrate a genuine commitment to supporting open standards are more likely to engage industry-wide. would be in the best position to avoid consolidation,” he said. Candy Alexander, Board President, ISSA International.

He said CISO vendors have become so burdened with noise and security “equipment dispersion” that for many, the wave of vendor consolidation is like a breath of fresh air.

Shift to security platform

ESG studied 280 cyber security professionals, most of whom are ISSA members. The results, released last month, focused on security processes and technologies, and show that 83% of security professionals believe the technology interoperability of the future depends on setting industry standards.

The report’s details demonstrate a cybersecurity landscape that looks favorably toward a security product suite (or platform) as it moves away from a defense-intensive strategy based on deploying best-of-breed cybersecurity products. This approach is based on historical precedent that has consistently increased organizational complexity and contributed to substantial operations.

“The report shows that massive changes are taking place within the industry in what many believe is a long time to come,” said John Oltsik, Senior Principal Analyst and ESG Fellow.

“The fact that 36% of organizations may be willing to purchase most security technologies from a single vendor speaks volumes for a change in buying behavior as CISOs are openly considering security platforms in lieu of best-of-breed point of view devices. are,” he said.

Why Jump from Best-of-Breed

The number of competing security suites has skyrocketed with many organizations managing 25 or more independent security tools. It follows that security professionals are now stressing the need to juggle so many independent security products to do their job.

Managing an assortment of security products from different vendors has increased training requirements, makes it difficult to get an overall picture of safety, and requires manual intervention to fill in the gaps between products. As a result, 21% of organizations are consolidating the number of cybersecurity vendors they do business with, and another 25% are considering consolidating.

“In general, buying, implementing, configuring and operating too many different tools has become very difficult, let alone ongoing support relationships with vendors. Consolidation management/operations makes sense,” says Oltsik told TechNewsWorld.

This ongoing complication is prompting 53% of cybersecurity professionals to purchase security technology platforms instead of best-of-breed products. The study showed that 84% of respondents believe a product’s integration capabilities are important, and 86% consider it important or important that integration with other products create best-of-breed products.

According to 60% of IT teams, strict integration between already separate security controls is a primary requirement rather than a best buy. Improved threat detection efficiency such as accurate high-fidelity alerts and improved cyber-threat detection were on the wish list for 51%.

generalized government mandate

Cybersecurity products cover the basics, noted Oltsik. This includes antivirus software, firewalls, some sort of identity management system, and a range of products for endpoint encryption.

“In many cases, these technologies are mandated by government and industry regulations,” he said. “The biggest influencer in cybersecurity protections is the US federal government which can and does mandate certain standards.

For example, the Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community considerations. The In-Process Cyber ​​Security Maturity Model Certification (CMMC) standard mandates certain security certifications for DoD vendors.

“We have also seen standards from industry, such as the activity of the Organization for the Advancement of Structured Information Standards (OASIS) and other OASIS standards. This week, we introduced the Open Cyber ​​Security Framework (OCSF), a standard data schema for security data. Saw the beginning. There are also many identity management standards,” he said.

Finding a shared security base

After reviewing this data, ESG and ISSA recommend that organizations encourage their security vendors to adopt open industry standards, possibly in collaboration with the Industry Information Sharing and Analysis Center (ISAC). In addition, there are some established security standards available from MITER, OASIS and Open Cyber ​​Security Alliance (OCA).

Many vendors speak in favor of open standards, but most do not actively participate or contribute to them. However, this lukewarm behavior can change quickly.

For this to happen, cybersecurity professionals – especially large organizations big enough to send signals to the market – establish best practices for vendor qualification.

In addition, they need to emphasize process requirements that include adoption and development of open standards for technology integration as part of a broader process for all security technology procurement, according to the report.

expected result

Cyber ​​security standards and vendor integration will strengthen the cyber security landscape against the continuing increase in cyber threats by easing product development and integration. Oltsik explained that this will allow industry and security teams to focus more on innovation and security fundamentals and less on building connectors for interoperability.

He sees an opportunity within the industry to support these efforts.

“It seems that some industry leaders are collaborating. I point to OCSF where 18 vendors agreed to support it,” he said.

This group includes a number of leaders – AWS, CrowdStrike, IBM, Okta and Splunk, for starters. He said another potential driver would be the support of large security technology customers.

Oltsik concluded, “If Goldman Sachs, GM, Walmart and the US federal government said they would only buy from vendors that support OCSF, it would really hit the industry.”


The full ESG-ISSA report titled “Technology Perspectives from Cyber ​​Security Professionals” is available here. No form filling is required.

For most of us the metaverse is mostly hype about the promise of a new internet that we can explore virtually. As it is currently implemented, the world of the Metaverse network is reminiscent of the pre-Internet. It is represented by a group of very different and unique efforts than the post-Netscape Internet that seems more like a walled garden approach than today’s Netscape Internet.

Implementations range from useful – like those using Nvidia’s Omniverse – to promises of “something” from Meta (formerly known as Facebook) that, at least now, mostly disappoint. It is believed that disappointment is more likely to be caused by higher expectations than any sluggishness by the meta. This is often a problem with new technologies where expectations are dashed and then people become overwhelmed with the results.

Now, with the announcement of the Metaverse Standards Forum last week, it looks like the industry is headed for a bigger problem with the Metaverse, which is the lack of interoperability and Internet-like standards that could allow for a much more seamless future. . metaverse

Let’s talk about how important this movement is this week. Then we’ll close with our product of the week, a mobile solar solution that could help avoid the ecological and power outage problems that states like California and Texas are expected to experience as climate change damages their electric grids. makes it less reliable.

current metaverse

Currently, the metaverse isn’t as much of a thing as it is a lot of things.

The most advanced version of the Metaverse today is Nvidia’s Omniverse. The equipment is used to design buildings, train autonomous robots (including autonomous cars), and form the foundation for Prithvi-2, which is designed to better simulate and predict the weather – both To provide early information of major weather events and to design potential measures for global climate change.

While many people think the metaverse will grow to replace the Internet, I doubt it will or will happen. The Internet organizes information relatively efficiently. Moving from a test interface to a VR interface can slow down the data access process without any offsetting benefits.

The Metaverse is best for simulation, emulation, and especially for tasks where the use of virtual environments and machine speed can solve critical problems more quickly and accurately than existing alternatives. For those tasks, it is already proving itself valuable. While it will likely develop into something more like the holodeck in “Star Trek” or the virtual world depicted in the movie “The Matrix,” it hasn’t yet.

what do you need now

What we can do now is to create photorealistic images that can be explored virtually. But we can’t make realistic digital twins of humans to populate the metaverse. We can’t yet build the device of the human body so you can experience the metaverse as if it were real, and our primary interface, VR glasses, are big, bulky and create the 3D glasses that the market previously rejected. , on the contrary look much better .

These problems are not cheap or easy to fix. If they were to be solved uniquely for each of the Metaverse instances, then the evolution of the Metaverse and our experience in it would be years behind, not decades.

What is needed is the level of collaboration and collaboration that has now built the internet to focus on building the metaverse, and that is exactly what happened last week.

Acclaimed Founding Member

The formation of the Metaverse Standards Forum directly addresses this interoperability and standards problem.

Meta and Nvidia are both on this platform, including who’s who of the tech companies — except for Apple, a firm that generally wants to go it alone. Heavy hitters like Microsoft, Adobe, Alibaba, Huawei, Qualcomm and Sony are participating, along with Epic Games (Metaverse promises a future where you can play in the digital twin of your home, school or office).

Existing standards groups including the Spatial Web Foundation, the Web3D Consortium and the World Wide Web Consortium have also joined.

Hosted by the Khronos Group, membership to MSF is free and open to any organization, so look for companies from multiple industries to be listed. The forum meeting is expected to begin next month.

This effort should significantly increase the pace of progress for the Metaverse and make it more useful for more things; Nvidia is using it successfully for today and is reaching a future where we can use it for everything from entertainment and gaming to creating our own digital twins and the potential for digital immortality.

Wrapping Up: The Metaverse Grows Up

I hope that the formation of the Metaverse Standards Forum will accelerate the development of the Metaverse and move it towards a common concept that can interoperate between providers.

While I don’t believe it will ever replace the Internet, I do think it could evolve into an experience that, over time, we can largely live and play with for most of our lives, Can potentially enrich those lives significantly.

I envision virtual vacations, more engaging remote meetings, and video games that are more realistic than ever, all due to better collaboration and an effort to set standards that will benefit the mixed reality market as a whole.

The Metaverse is coming and, thanks to the Metaverse Standards Forum, it will arrive faster and it could have been better.

Technical Product of the Week

Sesame Solar Nanogrid

Those of us who live in states where electricity has become unreliable due to global warming and poorly planned electrical grids expect some serious problems in extreme weather.

Companies and institutions have generator backups, but gas and diesel shortages are on the rise. So, not only are these generators likely to be unreliable when used for extended periods, they are anything but green and will exacerbate the climate change problem they are supposed to mitigate.

Sesame Solar has an institutional solution to this problem, a large solar-generating trailer that also carries a hydrogen fuel cell to generate electricity at night or on cloudy days.

The trailer can also process and filter local water, which can relieve residents from weather or crisis-related water shortages.

It appears that Sesame Solar does a better job of mitigating power outages without producing greenhouse gases that will exacerbate the problem. As a result, the Sesame Solar Nanogrid is my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.