Google Cloud Launches New Subsidiary Catering to Government Clients

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• A bit late to the enterprise party, Google Cloud is looking to play catch up on the government front with a new public sector business.

• The business will operate autonomously while selling the full suite of Google products.

Looking to capture a bigger share of the public sector IT sales and challenge fellow hyperscale rivals Amazon Web Services and Microsoft Azure, Google Cloud is launching a separate subsidiary to serve US government clients, which will have its own separate board of directors to be named later. The Google Cloud Public Sector arm will sell the full suite of Google services, including cybersecurity solutions to federal, state, and local government entities. Will Grannis, Google Managing Director and Chief Technology Officer, will oversee the new business at launch until a permanent CEO is named. Lynn Martin, a Google vice president, will head the US Public Sector sales organization.

Continue reading “Google Cloud Launches New Subsidiary Catering to Government Clients”

Organizations Combat Chronic Security Understaffing by Hiring Less-Experienced Professionals

A. DeCarlo
A. Larsen DeCarlo

Summary Bullets:

  • Facing serious internal IT security expertise limitations, many organizations are hiring lower-level staff and providing professional development on the job.
  • This strategy appears to be yielding good results with many prepared to work on assignment independently within six months, according to an (ISC)² survey of hiring managers.

IT security organizations are under acute pressure.  Navigating an escalating threat environment often with a lack of internal expertise, companies are reassessing approaches to staffing and casting a wider net with respect to hiring for IT security roles.

Continue reading “Organizations Combat Chronic Security Understaffing by Hiring Less-Experienced Professionals”

IBM Expands Cybersecurity Grant Program to Help K-12 Institutions Battle Ransomware

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Often under-resourced from an IT perspective and possessing a wealth of valuable personal data, educational institutions are prime targets for ransomware.

• With incidents against K-12 school systems rising dramatically, IBM is looking to help districts mount a better defense through its cybersecurity grant program.

The number of ransomware incidents levied against educational institutions is soaring. K-12 school systems in particular have suffered a brutal few years. To help mount a better defense, IBM is again offering cybersecurity support to public school districts in the US and a number of other countries.

Continue reading “IBM Expands Cybersecurity Grant Program to Help K-12 Institutions Battle Ransomware”

In the Shadow of a War, the US Senate Passes Legislation to Drive Data Breach Transparency


Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• As Russia continues to press into Ukraine, both countries are targets of cyberattacks raising concerns about emboldened hackers escalating their efforts to critical infrastructure in other regions

• With the SolarWinds hack of 2020 still a prominent memory, the US Senate passed legislation it promises to both improve transparency around security events and strengthen support for breached entities

With the Russian invasion of Ukraine looming large over the geopolitical climate, cyberattacks hitting both countries are evidence that threat actors are already playing a major role in the early days of the war. Cyberthreats have long been a top concern, but the current turmoil is lending an increasing urgency around threats to critical infrastructure beyond the current conflict. Russian-based threat actors proved their effectiveness with the SolarWinds attack in which multiple US government agencies including the Department of Defense, the State Department, and the Department of Homeland Security were breached.

One of the major challenges both public and private sector organizations face is a lack of information. This is in part because of actual security incidents getting buried in an impossibly high volume of false positives. But it is also the result of a lack of information sharing between and among peers. This week the US Senate passed legislation that promises to both help drive greater transparency around data breaches and ransomware payments and improve support for impacted organizations.

Continue reading “In the Shadow of a War, the US Senate Passes Legislation to Drive Data Breach Transparency”

Cyberwarfare in the Digital Age: Ukraine vs. Russia


Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• In the months leading up to Russia’s invasion of Ukraine, the country was laying the groundwork for cyberwar.

• But Ukraine is fighting back with the support of its own underground hacking community and hackers from beyond its borders playing a part in interfering with Russian operations and trying to stall the invading country’s momentum.

Cyberattacks have been used by hacktivists in the past to wage political and ethical battles for years. But in the days following Russia’s invasion of Ukraine is taking cyberwarfare to a new level. Months before to Russia’s February 24th military invasion of Ukraine, Russia took to cyberspace to infiltrate and in some cases destabilize networks within its neighbor. Reports of distributed denial of service (DDoS) attacks allegedly initiated by Russia surfaced the week before the invasion, flooding the networks of Ukraine’s defense ministry and two banks. The attacks against the banks were launched in two waves, with the first interrupting service. The second stage involved text messages to clients telling them the bank was no longer functioning.

And there are indicators that Russia had breached Ukraine’s months before and was lying in wait to attack, installing data wiper malware on hundreds of computers In Ukraine. The wiper malware can delete all files from a computer, essentially making the computer unusable.

Continue reading “Cyberwarfare in the Digital Age: Ukraine vs. Russia”

Amazon Web Services Commits $40 Million to Improve Health Outcomes in Underserved Communities

Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• Amazon Web Services (AWS) earmarked $40 million over the next three years to support organizations working to advance healthcare equity over the next three years via AWS credits and technical support

• This is a follow on to a program AWS launched in 2020 to improve health diagnostics in which it has so far assisted 87 organizations in 17 countries

AWS is flexing a fairly mighty philanthropic muscle with a new program dedicated to advancing global healthcare equity and improving medical outcomes. By offering qualified non-profits, research institutions, and other organizations computing credits, technology, and other supports, AWS is hoping to advance an agenda to better support underserved and underrepresented communities. The program is directed to organizations developing cloud-based healthcare solutions.

The AWS program is targeted at organizations that are addressing any of three major imperatives: Expanding access to health services; lessening disproportionate negative health outcomes in underrepresented communities by addressing root causes of disease and illness; and tapping into larger data sets to promote equitable care systems.

Continue reading “Amazon Web Services Commits $40 Million to Improve Health Outcomes in Underserved Communities”

Fresh Bluetooth Vulnerabilities Point to Underlying Concerns About Connected Device Security

Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• Security researchers identified more than a dozen Bluetooth Classic stack vulnerabilities that affect at least 1,400 products

• This issue is highlighting broader cybersecurity challenges in the connected device world

Security researchers from Singapore University of Technology and Design cast a spotlight on vulnerabilities in 13 different Bluetooth chipsets that could put mobile and other connected devices at risk of breaches. Dubbed BrakTooth, with Brak being a Norwegian word for crash, the 16 identified vulnerabilities in the Bluetooth Classic stack can be exploited using a number of mechanisms including denial of service, firmware crashes, deadlocks, and arbitrary code execution (ACE). A wide range of devices from Dell laptops to consumer smart speakers and connected refrigerators could be vulnerable.

Continue reading “Fresh Bluetooth Vulnerabilities Point to Underlying Concerns About Connected Device Security”

IBM Reveals the Name of Its Soon-to-Be Independent Legacy IT Services Company

Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• IBM announced Kyndryl as the name of the legacy IT services business unit it will spin off later this year

• Reaction was swift and mocking as industry watchers collectively wondered what a brand master like IBM was thinking with the Kyndryl name.

When IBM disclosed plans in 2020 to shed its legacy IT services business at some point in 2021, the company emphasized that the move would allow it to concentrate on higher profit margin services. Industry watchers touted this as a way for IBM to become more of a pure-play cloud provider untethered from the challenge of managing a behemoth. Words like “dynamic”, “agile”, and “innovative” were bandied about but only minimal attention was directed toward what would become of the spin-off known as NewCo at the time.

That changed this week with the announcement of the future spin-off’s new moniker: Kyndryl. Critics reacted with skepticism almost instantly to the questionable name. Coming from a company as seasoned in branding as IBM, the rather odd name raised eyebrows and elicited questions. What is a Kyndryl? Kyndryl rhymes with Kindle? Why does Kyndryl sound more like a Kardashian than a company?

Continue reading “IBM Reveals the Name of Its Soon-to-Be Independent Legacy IT Services Company”

Verizon’s Mobile Security Index Highlights the Pandemic Effect

Summary Bullets:

decarlo-70100
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• The pandemic prompted a rapid shift to remote work and IT security professionals found themselves under pressure to prioritize other operational elements over mobile security

• While the number of reported compromises actually fell over the course of the last 12 months, there is real concern that incidents are going undetected

During the pandemic, organizations have radically altered their operating models, many pivoting overnight to largely remote work. This left IT professionals scrambling to get new collaboration and productivity tools working, often on employee-owned personal devices. Many of these are in fact mobile devices, giving the latest Verizon Mobile Security Index a definite COVID context. The survey of 856 professionals who purchase, manage, and or secure mobile devices showed a subset of IT staffers under acute pressure to balance the need to support more flexible operations against protecting against new vulnerabilities associated with the work from home (WFH) movement.

Continue reading “Verizon’s Mobile Security Index Highlights the Pandemic Effect”

Haven’s Heathcare Ambitions Come to a Fast End

• Haven was founded to address the problem of escalating healthcare costs

• From the beginning, critics questioned exactly how Haven would tackle that issue

Because of both the collective power of its backers and Amazon’s gift for commercializing services and revolutionizing delivery models, hopes were high that Haven could tackle arguably the thorniest problem in healthcare: out of control costs. Continue reading “Haven’s Heathcare Ambitions Come to a Fast End”