As Principal Analyst for Security and Data Center Services at Current Analysis, Amy assesses the managed IT services sector, with an emphasis on security and data center solutions delivered through the cloud including on demand application and managed storage offerings.
• A bit late to the enterprise party, Google Cloud is looking to play catch up on the government front with a new public sector business.
• The business will operate autonomously while selling the full suite of Google products.
Looking to capture a bigger share of the public sector IT sales and challenge fellow hyperscale rivals Amazon Web Services and Microsoft Azure, Google Cloud is launching a separate subsidiary to serve US government clients, which will have its own separate board of directors to be named later. The Google Cloud Public Sector arm will sell the full suite of Google services, including cybersecurity solutions to federal, state, and local government entities. Will Grannis, Google Managing Director and Chief Technology Officer, will oversee the new business at launch until a permanent CEO is named. Lynn Martin, a Google vice president, will head the US Public Sector sales organization.
Facing serious internal IT security expertise limitations, many organizations are hiring lower-level staff and providing professional development on the job.
This strategy appears to be yielding good results with many prepared to work on assignment independently within six months, according to an (ISC)² survey of hiring managers.
IT security organizations are under acute pressure. Navigating an escalating threat environment often with a lack of internal expertise, companies are reassessing approaches to staffing and casting a wider net with respect to hiring for IT security roles.
• Often under-resourced from an IT perspective and possessing a wealth of valuable personal data, educational institutions are prime targets for ransomware.
• With incidents against K-12 school systems rising dramatically, IBM is looking to help districts mount a better defense through its cybersecurity grant program.
The number of ransomware incidents levied against educational institutions is soaring. K-12 school systems in particular have suffered a brutal few years. To help mount a better defense, IBM is again offering cybersecurity support to public school districts in the US and a number of other countries.
• As Russia continues to press into Ukraine, both countries are targets of cyberattacks raising concerns about emboldened hackers escalating their efforts to critical infrastructure in other regions
• With the SolarWinds hack of 2020 still a prominent memory, the US Senate passed legislation it promises to both improve transparency around security events and strengthen support for breached entities
With the Russian invasion of Ukraine looming large over the geopolitical climate, cyberattacks hitting both countries are evidence that threat actors are already playing a major role in the early days of the war. Cyberthreats have long been a top concern, but the current turmoil is lending an increasing urgency around threats to critical infrastructure beyond the current conflict. Russian-based threat actors proved their effectiveness with the SolarWinds attack in which multiple US government agencies including the Department of Defense, the State Department, and the Department of Homeland Security were breached.
One of the major challenges both public and private sector organizations face is a lack of information. This is in part because of actual security incidents getting buried in an impossibly high volume of false positives. But it is also the result of a lack of information sharing between and among peers. This week the US Senate passed legislation that promises to both help drive greater transparency around data breaches and ransomware payments and improve support for impacted organizations.
• In the months leading up to Russia’s invasion of Ukraine, the country was laying the groundwork for cyberwar.
• But Ukraine is fighting back with the support of its own underground hacking community and hackers from beyond its borders playing a part in interfering with Russian operations and trying to stall the invading country’s momentum.
Cyberattacks have been used by hacktivists in the past to wage political and ethical battles for years. But in the days following Russia’s invasion of Ukraine is taking cyberwarfare to a new level. Months before to Russia’s February 24th military invasion of Ukraine, Russia took to cyberspace to infiltrate and in some cases destabilize networks within its neighbor. Reports of distributed denial of service (DDoS) attacks allegedly initiated by Russia surfaced the week before the invasion, flooding the networks of Ukraine’s defense ministry and two banks. The attacks against the banks were launched in two waves, with the first interrupting service. The second stage involved text messages to clients telling them the bank was no longer functioning.
And there are indicators that Russia had breached Ukraine’s months before and was lying in wait to attack, installing data wiper malware on hundreds of computers In Ukraine. The wiper malware can delete all files from a computer, essentially making the computer unusable.
• Amazon Web Services (AWS) earmarked $40 million over the next three years to support organizations working to advance healthcare equity over the next three years via AWS credits and technical support
• This is a follow on to a program AWS launched in 2020 to improve health diagnostics in which it has so far assisted 87 organizations in 17 countries
AWS is flexing a fairly mighty philanthropic muscle with a new program dedicated to advancing global healthcare equity and improving medical outcomes. By offering qualified non-profits, research institutions, and other organizations computing credits, technology, and other supports, AWS is hoping to advance an agenda to better support underserved and underrepresented communities. The program is directed to organizations developing cloud-based healthcare solutions.
The AWS program is targeted at organizations that are addressing any of three major imperatives: Expanding access to health services; lessening disproportionate negative health outcomes in underrepresented communities by addressing root causes of disease and illness; and tapping into larger data sets to promote equitable care systems.
• Security researchers identified more than a dozen Bluetooth Classic stack vulnerabilities that affect at least 1,400 products
• This issue is highlighting broader cybersecurity challenges in the connected device world
Security researchers from Singapore University of Technology and Design cast a spotlight on vulnerabilities in 13 different Bluetooth chipsets that could put mobile and other connected devices at risk of breaches. Dubbed BrakTooth, with Brak being a Norwegian word for crash, the 16 identified vulnerabilities in the Bluetooth Classic stack can be exploited using a number of mechanisms including denial of service, firmware crashes, deadlocks, and arbitrary code execution (ACE). A wide range of devices from Dell laptops to consumer smart speakers and connected refrigerators could be vulnerable.
• IBM announced Kyndryl as the name of the legacy IT services business unit it will spin off later this year
• Reaction was swift and mocking as industry watchers collectively wondered what a brand master like IBM was thinking with the Kyndryl name.
When IBM disclosed plans in 2020 to shed its legacy IT services business at some point in 2021, the company emphasized that the move would allow it to concentrate on higher profit margin services. Industry watchers touted this as a way for IBM to become more of a pure-play cloud provider untethered from the challenge of managing a behemoth. Words like “dynamic”, “agile”, and “innovative” were bandied about but only minimal attention was directed toward what would become of the spin-off known as NewCo at the time.
That changed this week with the announcement of the future spin-off’s new moniker: Kyndryl. Critics reacted with skepticism almost instantly to the questionable name. Coming from a company as seasoned in branding as IBM, the rather odd name raised eyebrows and elicited questions. What is a Kyndryl? Kyndryl rhymes with Kindle? Why does Kyndryl sound more like a Kardashian than a company?
• The pandemic prompted a rapid shift to remote work and IT security professionals found themselves under pressure to prioritize other operational elements over mobile security
• While the number of reported compromises actually fell over the course of the last 12 months, there is real concern that incidents are going undetected
During the pandemic, organizations have radically altered their operating models, many pivoting overnight to largely remote work. This left IT professionals scrambling to get new collaboration and productivity tools working, often on employee-owned personal devices. Many of these are in fact mobile devices, giving the latest Verizon Mobile Security Index a definite COVID context. The survey of 856 professionals who purchase, manage, and or secure mobile devices showed a subset of IT staffers under acute pressure to balance the need to support more flexible operations against protecting against new vulnerabilities associated with the work from home (WFH) movement.