Latest Posts:
TheTechAgents
Tag

trust

Browsing
Information Technology

New Research Shows Too Many Employees Value Trust Over Money By Techagents

According to new research released Tuesday, many employees and managers in the United States and United Kingdom value trust in the workplace more than financial compensation.

A survey of 500 workers and managers in the US and UK by Osterman Research for cybersecurity firm Cerbi found that nearly half of participants (47%) said they would take a 20% pay cut in exchange for higher trust by their employer.

Other characteristics the researchers found highly prized by employees included flexibility (48%), autonomy (42%), and being able to choose the applications needed to work effectively (39%).

The State of Employee Trust Report by Osterman and Cerby examines the impact of zero-trust principles that many companies are increasingly adopting as a solution to their cyber security needs as a result of the use of “unmanageable applications” by workers and managers.

“Apps are closely linked to the level of employee engagement and empowerment. If employers try to block apps, which they often do, it negatively affects trust,” in San Francisco said Matt Chiodi, chief trust officer at Cerbi, a zero-trust architecture provider for unmanaged applications located at .

“Sixty percent of employees said that if an application they want is blocked, it negatively affects how they feel about the company,” Chiodi told TechNewsWorld.

“The answer is not for employers to block these apps, but to find solutions that allow these unmanageable apps to be managed,” he said.

fret over control

Security teams resent the use of unmanaged applications, also known as shadow IT, for a number of reasons. “Employees come and go. An organization can end up with thousands of unused credentials accessing its resources,” explained Szilwezter Szebeny, CISO and co-founder of Tresorit, an email encryption-based security solutions company in Zurich.

“With a mountain of passive access, hackers are bound to find something that will go unnoticed and pave the way for them to infiltrate the organization through lateral movement,” Szebeny told TechNewsWorld.

Unsupportable applications can put an organization at risk because it has no control over the security practices imposed on the programs’ development and management, said John Yoon, vice president of product strategy at ColorTokens, an autonomous zero-trust cybersecurity solutions provider in San Jose. Caliph.

“In addition, the organization has no oversight of the applications’ security update requirements,” Yoon told TechNewsWorld.

Without any control over the application, organizations can’t trust it with access to their environments, said Mike Parkin, a senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk prevention in Tel Aviv, Israel.

“Letting employees choose the best tool for the job, especially when it’s running on their own device, is welcome,” Parkin told TechNewsWorld.

However, he stressed, “this requires some compromise with the organization choosing the application and the employees willing to give up if their preferred app is not on the approved list.”

Clearwater, Fla. Roger Grimes, data-driven defense evangelist at KnowBe4, a security awareness training provider in the U.S., took a hard look at the issue.

“It’s up to an organization’s cybersecurity risk managers to determine whether the risks incurred are worth the benefits,” Grimes told TechNewsWorld. “You don’t want the average end user to decide what is or isn’t risky for the organization any more than you want the average passenger flying an airplane.”

worth the risk?

The applications are considered unmanageable because they often don’t support common security measures, such as single sign-on and automatically adding or removing users, Chiody explained.

“It presents a risk to a business, but business users still need those applications,” he said. “Businesses need to find ways to get those applications to the point where they can be managed, so that those risks are reduced.”

Labeling applications unmanageable is misleading, says Marcus Smiley, CEO of Epoch Concepts, an IT solutions provider in Littleton, Colo.

“They’re built without support for modern, industry security standards, which makes them harder to monitor and secure,” Smiley told TechNewsWorld, “but means they can’t be managed like other applications.” , they can be managed in different ways. ,

“When unmanageable applications are being used, there is always some reason,” he said. “Many organizations need better communication between IT and employees to clarify company policies and the reasons behind them.”

“IT should also provide channels for requesting applications and be proactive in providing more secure options for problematic ones,” he added.

Smiley said that in some situations, allowing unmanaged applications with oversight is appropriate to ensure that best-identity-management practices and more secure configurations are implemented instead of less secure ones.

“Ultimately, there is no such thing as a risk-free cyber security strategy,” he added. “Every security program – even those that fall under zero trust – involves trade-offs between mission-critical business functionality, productivity and risk.”

balancing act needed

The safest approach is to have any application reviewed prior to adoption by an individual or team with cyber security expertise to identify any issues that may arise from the use of the software or service, ensure that Assuming the legal terms are acceptable, as well as a plan for ongoing maintenance, recommended Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Unfortunately, many organizations do not have the expertise or resources to properly assess these risks, resulting in the process not happening at all, or as bad, taking weeks or months,” Clements told TechNewsWorld. which hurts employee morale and productivity.” ,

“Balancing cyber security risk with employee needs is a practice that organizations need to take more seriously,” he said. “Allowing a Wild West approach will inevitably introduce cyber security risks. But on the other hand, being overly rigid can lead to choosing product or service solutions that heavily compromise usability and user convenience or completely Deny approval from.

“These can create frustration and lead personnel to leave the organization or actively subvert security controls,” he continued.

Misusing zero-trust principles can also add to that frustration. “Zero trust is for data, access, applications and services,” Chiodi argued. “But when it comes to building trust on the human side, companies should aim for higher trust. The two are not mutually exclusive. It’s possible, but there’s going to be a shift in how employers use security controls.”

“By giving employees technology choices, companies can show that they trust their employees to make technology decisions that help them do their jobs better,” says Allegro Solutions, a cybersecurity consulting company in West Hartford, Conn. Principal Karen Walsh said.

“By reinforcing it with education around the mindset of compromising,” they build a stronger relationship with the members of their workforce, Walsh told TechNewsWorld.

Read More
By
Information Technology

Zero Trust SIM enhances BYOD protection By Techagents

For years companies have been allowing their employees to mix business and pleasure on their mobile devices, a move that has raised concerns among cybersecurity professionals. Now a network security organization says it has a way to secure personal mobile devices that could allow cyber warriors to sleep less comfortably.

Cloudflare on Monday announced its Zero Trust SIM, which is designed to secure every packet of data except mobile devices. Once installed on a device, the ZT SIM drives network traffic from the device to Cloudflare’s cloud, where its zero trust security policies can be applied to the data.

According to a company blog written by Cloudflare Director of Product Matt Silverlock and Innovation Head James Allworth, by combining software layer and network layer security through ZT SIM, organizations can benefit from:

  • Preventing employees from visiting phishing and malware sites. DNS requests leaving the device can automatically and implicitly use the Cloudflare Gateway for DNS filtering.
  • Reducing common SIM attacks. An eSIM-first approach could prevent SIM-swapping or cloning attacks, and could bring similar security to physical SIMs, by locking SIMs to individual employee devices.
  • rapid deployment. eSIM can be installed by scanning the QR code with the mobile phone’s camera.

distrust of personal devices

“A lot of organizations don’t trust the tools they’re managing to access sensitive corporate data because of it,” said analyst Charlie Winkless, senior director at Gartner.

“Most of us are a little less careful with our personal devices than with our business tools,” he told TechNewsWorld. “There are also fewer controls on a personal device than a business device.”

“The Zero Trust SIM is a way to try to allow some of those individual devices to take control of the corporate network as they connect.”

With a distributed workforce, the classic hub-and-spoke model for security has become obsolete, explained Malik Ahmed Khan, an equity analyst at Morningstar in Chicago.

“So, you have employees across the country accessing company resources with a mobile device sitting in their home,” he told TechNewsWorld. “How do you secure their access? That’s a big question for firms to answer.”

The answer to that question for many organizations is installing software agents on their employees’ phones as part of a mobile device management (MDM) system, which can rank employees.

“It’s inherently difficult to protect anyone’s personal equipment because owners don’t want their equipment to be managed by someone else,” said Roger Grimes, a data-driven defense campaigner at KnowBe4, a security awareness training provider in Clearwater, Fla.

Khan said adoption will be a significant challenge for Cloudflare. “There are two degrees of believing that needs to happen,” he said. “First, Cloudflare needs to convince firms to take it and second, firms need to convince their employees to use eSIM.”

hardware limitations

Grimes said there are other roadblocks facing organizations dealing with BYOD. “Phone operating systems simply don’t come with the complexity that is needed to enable and implement the methods that are typically applied to regular computers,” he told TechNewsWorld.

“For example,” he continued, “it is very difficult to implement patching so that phones and all their apps are up to date. Many times a phone’s OS will only be patched if the phone’s network provider, such as Verizon or AT&T, Decides to push the patch.

“The user can’t just click on an update feature and get a new patch, unless the phone vendor has approved it and decided to allow it to be installed,” he said.

When considering an eSIM solution, it’s important to know what it does and doesn’t do, observed Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz.

“Cloudflare’s use of eSIM links the mobile device’s cellular data connection to Cloudflare’s network, where malicious domains or sites not approved by the organization’s policies cannot be blocked,” he told TechNewsworld.

“There are also capabilities for logging connections going over cellular data networks that companies typically are not able to monitor,” he said.

MDM complications

He continued, however, that there is no end-to-end encryption and that blocking and logging is limited to cellular data connections only. For example, Wi-Fi data connections are unaffected by eSIM offerings.

CloudFlare’s eSIM solution may be cheaper and simpler than deploying a full mobile device management solution and a whole network VPN that covers both Wi-Fi and cellular data connections, but it offers the same level of control and security of those solutions. does not do.” Told.

“The ability to reduce user account hijacking by preventing SIM swapping to intercept multifactor authentication codes is useful, but in reality, implementing MFA via SMS codes is no longer a best practice,” he said.

Khan pointed out, however, that there are problems with the agent-based solutions that ZeroTrust SIM has to offer. “The problem with these deployments is that they require the user to deep dive into their device’s settings and enable them to accept a bunch of certificates and permissions for the agent,” he explained.

“While it is very easy to do this on a company-issued laptop or mobile device – since the agent will be pre-configured – it is quite difficult to do it on BYOD, as the employee cannot set things up properly leaving the endpoint still partially exposed,” he said.

“Imagine having an IT security team for a firm with thousands of employees and each of them trying to follow a series of steps on their individual devices,” he continued. “It can be a nightmare, logically speaking.”

“Furthermore,” he said, “there may be a problem with updating agents uniformly and constantly asking employees to stay on the latest operating system.”

mobile headache

In addition to the ZT SIM introduction, Cloudflare also announced its Zero Trust program for mobile operators, which is designed to give mobile carriers the opportunity to give their customers access to Cloudflare’s Zero Trust platform.

“When I talk to CISOs I hear over and over again that effectively securing mobile devices at scale is one of their biggest headaches,” Cloudflare co-founder and CEO Matthew Prince said in a statement. , it’s a flaw in everyone’s deployment of Zero Trust.

“With Cloudflare ZeroTrust SIM,” he said, “we will offer the one-stop solution to secure all device traffic, helping our customers plug this hole in their ZeroTrust security posture.”

However, how the market will react to this solution remains to be seen. “I haven’t heard Gartner customers asking for this,” Winkless said. “Maybe they’ve seen something I haven’t seen. So, we’re going to see if this is an answer to a question that no one needs to answer or a transformative way of providing security.”

Read More
By
Computing

The big challenge of data observability: Build trust at scale By Techagents

The cost of cleaning up data is often beyond the comfort zone of businesses full of potentially dirty data. This paves the way for reliable and compliant corporate data flows.

According to Kyle Kirwan, co-founder and CEO of data observability platform BigEye, few companies have the resources needed to develop tools for challenges such as large-scale data observability. As a result, many companies are essentially going blind, reacting when something goes wrong instead of continually addressing data quality.

A data trust provides a legal framework for the management of shared data. It promotes cooperation through common rules for data protection, confidentiality and confidentiality; and enables organizations to securely connect their data sources to a shared repository of data.

Bigeye brings together data engineers, analysts, scientists and stakeholders to build trust in data. Its platform helps companies create SLAs for monitoring and anomaly detection and ensuring data quality and reliable pipelines.

With full API access, a user-friendly interface, and automated yet flexible customization, data teams can monitor quality, consistently detect and resolve issues, and ensure that each be able to rely on user data.

uber data experience

Two early members of the data team at Uber — Kirvan and bigeye co-founder and CTO Egor Gryznov — set out to use what they learned to build Uber’s scale to build easy-to-deploy SaaS tools for data engineers. prepared for.

Kiran was one of Uber’s first data scientists and the first metadata product manager. Gryaznov was a staff-level engineer who managed Uber’s Vertica data warehouse and developed a number of internal data engineering tools and frameworks.

He realized that his team was building tools to manage Uber’s vast data lake and the thousands of internal data users available to most data engineering teams.

Automatically monitoring and detecting reliability issues within thousands of tables in a data warehouse is no easy task. Companies like Instacart, Udacity, Docker, and Clubhouse use Bigeye to make their analysis and machine learning work consistently.

a growing area

Founding Bigeye in 2019, he recognized the growing problem of enterprises deploying data in operations workflows, machine learning-powered products and services, and high-ROI use cases such as strategic analysis and business intelligence-driven decision-making.

The data observability space saw several entrants in 2021. Bigeye differentiates itself from that pack by giving users the ability to automatically assess customer data quality with over 70 unique data quality metrics.

These metrics are trained with thousands of different anomaly detection models to ensure data quality problems – even the most difficult to detect – are ahead of data engineers ever. Do not increase

Last year, data observability burst onto the scene, with at least ten data observability startups announcing significant funding rounds.

Kirwan predicted that this year, data observation will become a priority for data teams as they seek to balance the demand for managing complex platforms with the need to ensure data quality and pipeline reliability.

solution rundown

Bigeye’s data platform is no longer in beta. Some enterprise-grade features are still on the roadmap, such as full role-based access control. But others, such as SSO and in-VPC deployment, are available today.

The app is closed source, and hence proprietary models are used for anomaly detection. Bigeye is a big fan of open-source alternatives, but decided to develop one on its own to achieve internally set performance goals.

Machine learning is used in a few key places to bring a unique mix of metrics to each table in a customer’s connected data sources. Anomaly detection models are trained on each of those metrics to detect abnormal behavior.

Built-in three features in late 2021 automatically detect and alert data quality issues and enable data quality SLAs.

The first, deltas, makes it easy to compare and validate multiple versions of any dataset.

Issues, second, brings together multiple alerts at the same time with valuable context about related issues. This makes it easier to document past improvements and speed up proposals.

Third, the dashboard provides a holistic view of the health of the data, helps identify data quality hotspots, close gaps in monitoring coverage, and measures a team’s improvement in reliability.

eyeball data warehouse

TechNewsWorld spoke with Kirwan to uncover some of the complexities of his company’s data sniffing platform, which provides data scientists.

TechNewsWorld: What makes Bigeye’s approach innovative or cutting edge?

Kyle Kiran Bigey Co-Founder and CEO
Kyle Kiran, BigEye Co-Founder and CEO

Kyle Kiran: Data observation requires a consistent and thorough knowledge of what is happening inside all the tables and pipelines in your data stack. It is similar to SRE [site reliability engineering] And DevOps teams use applications and infrastructure to work round the clock. But it has been repurposed for the world of data engineering and data science.

While data quality and data reliability have been an issue for decades, data applications are now important in how many major businesses run; Because any loss of data, outage, or degradation can quickly result in loss of revenue and customers.

Without data observability, data dealers must continually react to data quality issues and entanglements as they go about using the data. A better solution is to proactively identify the problems and fix the root causes.

How does trust affect data?

Ray: Often, problems are discovered by stakeholders such as executives who do not trust their often broken dashboards. Or users get confusing results from in-product machine learning models. Data engineers can better get ahead of problems and prevent business impact if they are alerted enough.

How does this concept differ from similar sounding technologies like Integrated Data Management?

Ray: Data observability is a core function within data operations (think: data management). Many customers look for best-of-breed solutions for each task within data operations. This is why technologies like Snowflake, FiveTran, Airflow and DBT are exploding in popularity. Each is considered an important part of the “modern data stack” rather than a one-size-fits-none solution.

Data Overview, Data SLA, ETL [extract, transform, load] Code version control, data pipeline testing, and other techniques must be used to keep modern data pipelines working smoothly. Just like how high-performance software engineers and DevOps teams use their collaborative technologies.

What role do data pipelines and dataops play with data visibility?

Ray: Data Observability is closely related to the emerging practice of DataOps and Data Reliability Engineering. DataOps refers to the broad set of operational challenges that data platform owners will face. Data Reliability Engineering is a part, but only part, of Data Ops, just as Site Reliability Engineering is related but does not include all DevOps.

Data security can benefit from data observation, as it can be used to identify unexpected changes in query volume on different tables or changes in the behavior of ETL pipelines. However, data observation by itself will not be a complete data protection solution.

What challenges does this technology face?

Ray: These challenges include issues such as data discovery and governance, cost tracking and management, and access control. It also includes how to handle queries, dashboards, and the growing number of ML features and models.

Reliability and uptime are certainly challenges many DevOps teams are responsible for. But they are also often charged for other aspects such as developer velocity and security reasons. Within these two areas, data overview enables data teams to know whether their data and data pipeline are error free.

What are the challenges of implementing and maintaining data observability technology?

Ray: Effective data observability systems must be integrated into the workflows of the data team. This enables them to continuously respond to data issues and focus on growing their data platform rather than putting out data fires. However, poorly tuned data observability systems can result in a flood of false positives.

An effective data system should perform more maintenance than just testing for data quality issues by automatically adapting to changes in the business. A poorly optimized data observation system, however, may not be accurate for changes in business or more accurate for changes in business that require manual tuning, which can be time-consuming.

Data observability can also be taxing on a data warehouse if not optimized properly. Bigeye teams have experience in optimizing large-scale data observation capability to ensure that the platform does not impact data warehouse performance.

Read More
By