Fresh Bluetooth Vulnerabilities Point to Underlying Concerns About Connected Device Security

Summary Bullets:

Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• Security researchers identified more than a dozen Bluetooth Classic stack vulnerabilities that affect at least 1,400 products

• This issue is highlighting broader cybersecurity challenges in the connected device world

Security researchers from Singapore University of Technology and Design cast a spotlight on vulnerabilities in 13 different Bluetooth chipsets that could put mobile and other connected devices at risk of breaches. Dubbed BrakTooth, with Brak being a Norwegian word for crash, the 16 identified vulnerabilities in the Bluetooth Classic stack can be exploited using a number of mechanisms including denial of service, firmware crashes, deadlocks, and arbitrary code execution (ACE). A wide range of devices from Dell laptops to consumer smart speakers and connected refrigerators could be vulnerable.

Continue reading “Fresh Bluetooth Vulnerabilities Point to Underlying Concerns About Connected Device Security”

Security and Networking Consolidation Needs Concrete Examples

Summary Bullets:

S. Schuchart

• Security and networking are converging, the evidence is clear, both from a technological and strategic standpoint, with security threats increasing.

• The enterprise needs tools to manage the human aspects of security and networking convergence and the fist instrument they need is real industry examples proving the trend from vendors, ITSP, carriers, and industry analysts.

By design and necessity, the security and networking industries are moving towards consolidation. Security companies are buying networking resources and networking companies are snapping up security vendors left and right. If you address a room full of vendors from the security and networking markets and proclaim that the two markets are converging, you will get heads nodding sagely. But the reality on the ground is much more complicated. Much like a stone arch, something has to move before things begin to fall in the direction gravity is pulling them.

Continue reading “Security and Networking Consolidation Needs Concrete Examples”

Real Security Demands a Fundamental Change to Software Updates

2019 Schuchart Headshot Cropped
S. Schuchart

Summary Bullets:

  • IT security issues are being exacerbated by unregulated auto-update mechanisms.
  • Systemic and fundamental change to a centralized, approval-based update system is necessary.

A simple rule of thumb for complex systems is that wherever simplicity is added, there is corresponding complexity added elsewhere. For instance, in early PC computing, only software updates were required when the latest version was bought.  Bug fixes sent to existing users were exceedingly rare, as they required physical media.  With the advent of the Internet, physical media was gradually shunted to the side as bandwidth increased.  Bug fixes were suddenly available to anyone who wanted to download and install them.  Then came auto updating.  Software began to reach out on its own to check to see if it were up to date and, if not, updated itself.  Bugs were eliminated and security enhanced.  In turn, this enabled rapid iteration software development and the so-called ‘fail fast’ mentality for startups and app developers. After all, if the app was flawed, a patch would simply be applied as fast as the developer could make it. Continue reading “Real Security Demands a Fundamental Change to Software Updates”

KubeCon Europe 2021: Key Themes Centered on Observability and Service Mesh

Dunlap-100143
C. Dunlap

Summary Bullets:            

  • Prominent KubeCon themes included observability and service mesh.
  • New Relic and F5/NGINX made key announcements.

The open source software (OSS) community huddled up last week during KubeCon Europe, clearly affected by the past year’s strain on companies and DevOps teams, resolving to refine digitization via emerging technologies. Twice a year, KubeCon provides the industry with a developer-focused gauge of key trends and innovations related to app modernization, DevOps, and Kubernetes/container innovations. Continue reading “KubeCon Europe 2021: Key Themes Centered on Observability and Service Mesh”

Dell to Spin Off VMware – Steady as She Goes for Now

S. Schuchart

Summary Bullets:

  • The spinoff of Dell from VMware is long-term good for VMware customers.
  • Enterprise IT buyers and enterprise IT rivals to Dell need make no changes for the immediate future.

On April 15, 2021, Dell announced plans to spin off its VMware business, which will likely net Dell around $9 billion (USD) that it can used to pay down debt or go on an acquisition spree. Dell currently owns 81% of VMware, which it gained during its acquisition of EMC in 2015.  Beyond the obvious need to reduce its debt, it is widely believed that VMware (which still had its own stock) and Dell will both have higher values when they are evaluated as separate entities.  Michael Dell will remain chairman of the board for both companies. Continue reading “Dell to Spin Off VMware – Steady as She Goes for Now”

Verizon’s Mobile Security Index Highlights the Pandemic Effect

Summary Bullets:

decarlo-70100
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

• The pandemic prompted a rapid shift to remote work and IT security professionals found themselves under pressure to prioritize other operational elements over mobile security

• While the number of reported compromises actually fell over the course of the last 12 months, there is real concern that incidents are going undetected

During the pandemic, organizations have radically altered their operating models, many pivoting overnight to largely remote work. This left IT professionals scrambling to get new collaboration and productivity tools working, often on employee-owned personal devices. Many of these are in fact mobile devices, giving the latest Verizon Mobile Security Index a definite COVID context. The survey of 856 professionals who purchase, manage, and or secure mobile devices showed a subset of IT staffers under acute pressure to balance the need to support more flexible operations against protecting against new vulnerabilities associated with the work from home (WFH) movement.

Continue reading “Verizon’s Mobile Security Index Highlights the Pandemic Effect”

Blockchain Rivals Seek Out Banking Customers via Foreign Opportunities

C. Dunlap

Summary Bullets:

  • ConsenSys is partnering with the Chinese government’s blockchain network to integrate its technology across a nationwide system to spur blockchain use, focused on the financial sector.
  • Oracle has gained an edge in the competitive blockchain platforms space by integrating a new blockchain data format into its flagship relational database offering.

This quarter’s issue of GlobalData’s “Blockchain Watch highlights a set of aggressive moves between blockchain competitors, including the establishment of global partnerships (which involve foreign government entities) as well as the development of deeper integration between blockchain and traditional operational systems, further adoption of Ethereum, and the formation of partnerships that highlight unique use cases. Continue reading “Blockchain Rivals Seek Out Banking Customers via Foreign Opportunities”

SASE for Enterprises in the Post-COVID World

G. Barton
G. Barton

Summary Bullets:

  • SASE promises the unification of security and network routing policies.
  • To achieve a SASE methodology, enterprises need to think about both policies and technology.

The COVID-19 crisis has accelerated the move towards cloud/SaaS adoption and work from home (WFH).  The crisis has proven that, even with rushed deployments in less than ideal circumstances, both cloud and WFH are efficacious ways of doing business.  However, they are not without challenges, and one of the biggest challenges is how to architect and secure networks when dealing with a more distributed IT estate – particularly given the significant increase in cyberattacks that has occurred during the pandemic. Continue reading “SASE for Enterprises in the Post-COVID World”

Digital Acceleration – For When Digital Transformation Is Too Slow

G. Barton
G. Barton

Summary Bullets:          

  • Digital acceleration implements short-term tactical changes over longer-term strategic projects.
  • Digital acceleration is a response to changing customer demands, not just COVID-19.

Digital transformation has been an industry catchphrase for some time now.  Its definition is both vague and changeable, but it speaks to using technology to improve internal processes within an enterprise to deliver cost savings and/or improved performance.  It encompasses a wide range of technologies including cloud, SD-WAN, collaboration, IoT, 5G, blockchain, AI, and SaaS. 

However, there is a new buzz phrase on the block: digital acceleration.  So, is there a difference between digital transformation and digital acceleration?  The ‘helpful’ answer to that is ‘yes and no.’  The intentions of both digital transformation and digital acceleration are the same, as are the technologies involved.  The big difference is in methodology. Continue reading “Digital Acceleration – For When Digital Transformation Is Too Slow”

Telco Edge Computing in ASEAN

A. Amir

Summary Bullets:

  • Edge computing is still new in the ASEAN region, with very limited initiatives by providers and enterprises.
  • Providers and enterprises should start exploring the opportunity to gain a first-mover advantage.

The edge computing market is still new, but the ecosystem is developing fast with various initiatives and collaborations announced by key players in the last 12 months. This includes SK Telecom’s recent partnerships with VMware and Dell to offer edge computing in private 5G networking solutions (January 2021), AWS and Vodafone’s collaboration to roll out distributed multi-access edge computing (MEC) services in the UK (December 2020), Ericsson and Telstra’s initiative to develop enterprise use cases in verticals such as agriculture and smart cities in Australia, and many more. Edge computing has become a key focus for every provider across the technology stacks, including hardware vendors, cloud providers, telcos, and device manufacturers. Continue reading “Telco Edge Computing in ASEAN”