Cyber threats are impacting the bottom line, leading to increased security spending.
Priority is being placed on managed firewalls, identity management, and SIEM.
Telcos like BT are stepping forward with shared threat intelligence initiatives.
Endless new threats impacting businesses and consumers are driving demand for IT and cybersecurity products and services both by besieged IT departments – with the thankless task of protecting against invisible thieves and miscreants – and by their bosses, who have been firmly pulled into cybersecurity decision making.
• The German appliance manufacturer Bosch has announced it is building its own cloud to serve customers that connect their Bosch devices to its own-brand Internet of Things. Once it’s up and running, Bosch will look to sell cloud services to other businesses—presumably adjacent manufacturers and service providers (but not direct competitors), e.g., suppliers of consumables such as soap or spare parts, and non-competing consumer product makers.
• It is not the first time a company operating in a sector other than ICT has planned to turn its ICT investment into a profit centre. Could this be one of the few successful examples?
Bosch announced at the Bosch ConnectedWorld event in Berlin last week the launch of its own cloud for web-based services. The Bosch IoT Cloud includes technical infrastructure owned by the company as well as platform and software offerings for the Internet of things (IoT), enabling solutions for smart cities and the connected home. To begin with, Bosch will use it for in-house solutions. From 2017, the Bosch IoT Cloud will be made available as a service to other companies, putting it in direct competition with IT and cloud service providers such as Amazon Web Services and Microsoft Azure.
Most vertical cloud solutions to date have been industry applications offered as a service
Public cloud services dedicated to key verticals could remove some barriers to utility computing adoption
Some vertical cloud service offerings have been around for some time, although not quite as long as horizontal SaaS offerings for applications like CRM. In Europe, there are a handful of consortia and trading platforms ranging from the UK public sector’s G-Cloud to the EU scientific community’s Helix Nebula cloud marketplace, the latter supported by Atos, CGI, CloudSigma, T-Systems and others. In both cases, end user organizations have the choice of a range of providers for a number of defined solutions across IaaS, SaaS, PaaS and value-added services. Individual service providers have well-developed solutions for core verticals – e.g., healthcare, financial trading and e-commerce – but the focus there tends to be on business applications. Continue reading “Could Vertical Public Clouds Become Reality in Europe?”→
• The 15-year old Safe Harbour agreement between the EU and US was effectively thrown out by the Court of Justice of the EU (CJEU).
• US companies (and all MNCs) are now vulnerable to litigation and loss of customers over privacy concerns.
• While authorities have been tasked with coming up with an alternative by January, that is highly unlikely. Enterprises may need managed security and cloud providers to secure customer data in specific jurisdictions.
October 6 Decision
The CJEU, which interprets EU law to make sure it is applied in the same way in all EU countries, ruled that the Safe Harbour agreement in place for the last 15 years between the European Commission and US authorities did not offer the necessary legal guarantees that it was supposed to have. This ruling erased the quasi-legal framework under which US companies have been handling their EU customers’ data, potentially creating a legal minefield. Continue reading “EU Puts Global Businesses on Notice as Safe Harbour is Struck Down”→
Crowdsourcing in cybersecurity is not new, but it is gaining significant traction with heavyweight sponsors
Enterprises can benefit from participating, with the potential value outweighing any perceived costs
It’s impossible for any one organization to keep up with every current security threat on its own. That’s why enterprises use tools and managed services from security vendors in the first place, right? But even those specialists who have invested millions in real-time security intelligence and analytics platforms–and/or armies of security analysts—can’t know or predict everything. That’s why numerous initiatives have been started to pool threat monitoring resources together in a cooperative fashion and on a large scale, using crowdsourcing techniques to protect the community as a whole.
On May 14th, IBM announced that more than 1,000 organizations across 16 industries are participating in its X-Force Exchange threat intelligence network, just one month after its launch. IBM X-Force Exchange provides open access to historical and real-time data feeds of threat intelligence, including reports of live attacks from IBM’s global threat monitoring network, to help enterprises defend against cybercrime. The company provided free access to its 700 terabyte threat database, including two decades of malicious cyberattack data from IBM, as well as anonymous threat data from thousands of its managed security clients. It already supports an average of 1,000 data queries from participating organizations each day. Continue reading “All in it Together: Enterprises Join Threat Intelligence Alliances to Combat Security Risk”→
Cybersecurity insurance has been around for a few years, but take-up in Europe has been very limited so far.
Rather than just try to sell customers insurance policies, network and cloud providers should share the cost of mitigating risk from use of their services.
Businesses routinely take out insurance in order to protect against a myriad of risks. In many industries and professions, of course, it is even a regulatory requirement. The risks from fraud and other cybercrime have not gone uncounted by insurance underwriters and brokers, leading to a spate of new product development over the last couple of years. In the U.S., the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) took a proactive role in bringing together a diverse group of stakeholders ranging from insurance carriers, risk managers, and IT/cyber experts to critical infrastructure owners and even social scientists, to encourage cybersecurity insurance adoption and improve cyber risk management. In Europe, the European Network and Information Security Agency (ENISA) studied incentives and barriers for the cyber insurance market and made a number of recommendations. Both of these efforts began back in 2012, so what is the state of play now? Continue reading “Cyber Insurance: Good Idea, So Why Isn’t It Taking Off in Europe?”→
With IT infrastructure being virtualized and moved off-premises into the cloud in an effort to manage fixed costs, IT organizations – including outsourced resources – will inevitably shrink. Automation cannot replace everything, however, so enterprises should continue to keep their IT service providers around.
Services integration may be the latest buzzword among key providers, but it makes sense to use an IT integrator to help navigate the simultaneous complexities of cloud migration, internal downsizing, use case development, and tactical IT purchasing. Knowledge of the business environment is an invaluable differentiator for in-house IT providers and they should capitalize on this to remain relevant.
As IT resources move off-premises into the cloud, IT organizations on-premises will get smaller. External services will replace those resources, but the expectation is that this will be achieved by increased automation via the cloud. So, on the one hand, enterprise services will need to replace management functions formerly offered by in-house IT, but on the other hand, do it more efficiently than traditional outsourcing. The pressure will be on IT service providers to take more responsibility, for potentially smaller contracts, from increasingly demanding customers. Continue reading “Moving to the Cloud Doesn’t Eliminate the Need for Integrated IT Services”→
The Orange Business Services/Atheos deal has a near-term impact for large enterprise and public sector clients in France.
Managed network and security service providers are partnering and acquiring security specialists to improve their offers.
Orange Business Services has acquired French security specialist Atheos and its 130 workers, rebranding at least part of its security business as ‘Orange CyberDefense.’ Atheos brings strong expertise in developing access control and data loss prevention policies for large French enterprises and government agencies. Its enterprise clients benefit from advanced identification of security breaches and vulnerabilities, the detection and analysis of ‘low-noise’ attack signals, and on-site crisis management. Continue reading “Orange Acquisition Reflects Strengthening Position of Network Providers in Enterprise Security”→
When public cloud computing services first emerged several years ago, little focus was placed on the network, with the initial value proposition leveraging the Internet for connectivity between virtual machines hosted by providers and their end users. Flexibility, availability, and affordability drove early market adoption by user groups which place a high value on those service attributes.
Fast-forward to 2013, and widespread adoption of cloud is coming closer to reality. Widely felt concerns about security and stability are being addressed in infrastructure and software as a service (IaaS and SaaS) solutions being rolled out by network service providers especially. Increasingly, service providers are positioning the network as a core component of their cloud solutions, citing advantages from managed connectivity to integrated network functions.
Cloud based applications are only as strong as the connectivity they run over. The network-centric cloud is increasingly being positioned against the ‘best effort’ server-centric cloud model because it delivers network-based security, strong SLAs and enterprise-class performance.
Globally, providers like AT&T have emphasized the “network enabled cloud” for some time, while Verizon is the latest to use its managed network to address performance, management, and security issues in public and hybrid cloud services. In Europe, Interoute’s VDC IaaS service, for example, leverages the fabric of the network to create virtual data centers that integrate computing power with network resources. Its API automates the MPLS core, allowing cloud computing functions to leverage network resources in real time. Uniquely, the service can create any relationship between the VLAN of the computing and the WAN equivalent on the MPLS network (i.e., the VRF). For the customer, this means any physical data center architecture, corporate IT environment or major SaaS platform can be replicated automatically, online and in real time, and with exactly the same level of performance and security that is in place with a dedicated capability. Interoute is working on additional integration of network and compute which will allow any IP address to become part of the enterprise WAN, enjoying VDC-hosted IT services globally. Continue reading “How European Providers are Leveraging the Network in Cloud Delivery”→
Most mobile security services for the enterprise still focus on advisory and integration, stopping short of fully managed services.
This should change soon, as managed solutions increasingly hit the market, but managed mobile security will be baked into more comprehensive mobile device management (MDM) solutions rather than packaged as a standalone offering.
In yesterday’s IT Connection blog post on IT service providers and mobility, Kitty Weldon wrote about how 2013 has seen noticeable activity – rather than just talk – when it comes to key players delivering mobile-centric services to the enterprise. “ITSPs are gaining an increasing share of mobility-oriented enterprise business, especially in areas such as mobile strategy and mobile application development and enablement (which is to be expected), but also for mobile device management and mobile security.” The security piece is especially intriguing, as a number of professional and managed services focused on the intersection of MDM and security have been rolled out (or at least announced) in the last couple months, and the impression given by service providers is that they cannot get their solutions out fast enough to answer enterprise demand for external knowledge, advice and operational assistance in the wake of the flood of devices overrunning their IT landscapes. Continue reading “Mobile Security Solutions Moving from Threat Assessment to Managed Services”→