n recent times, an organization’s database plays a crucial role that represents its overall management Isystem. In the present computing era, managed security solutions offer unified network security that has been outsourced to a service provider. Now, businesses are embracing managed security services to tackle information security related problems such as targeted malware, customer data theft, skill shortages, and resource constraint.
Managed Security Services (MSS) is also considered as the systematic approach to managing an organization’s security needs. Its services include in-house and outsourced services that provide security to other companies’ network and information system. The functions of a managed security service offer round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies.
Hence, Insights Success has shortlisted, “The 10 Best Performing Managed Security Service Providers, 2018” who are aggressively establishing industrial perception towards organizations process management system.
Our cover story features ICE Consulting, which is one such revolutionary MSSP that has been providing managed IT services for mid-sized enterprises for over 20 years. ICE is a leading IT managed security solutions provider specializing in a full range of vendor-independent managed IT services, for startups to established mid-sized firms. The organization specializes in managing and maintaining IT infrastructure services and aims to focus on its clients’ core business and data infrastructure.
ICEistheonlyMSSPthathasbeenidentified,qualifiedandapprovedbyCaliforniaLifeScience AssociationforprovidingexemplaryITmanagedservices.Thebiotechandlifescienceindustries havebeenasweetspotforthecompanyastheirdependencyonITisquitehighintermsofvarious computingprocesses,suchasinHPC(High-PerformanceComputing)andBigDatamanagementanotherareawhereICEexcels.
TheissuealsofeaturesContemporaryComputerServicesInc.(CCSI)astheCompanyofthe Month,whichisadynamicmanagedservicesandintegrationproviderthatdeliversthefinestquality engagementthroughcarefuldiscovery,planning,design,andimplementation,followedupbya strongoperationalsupport.CCSI’sprimaryobjectiveistodeliverbusinesssolutionsthatensureits clientsachieveandmaintainacompetitiveedge.
FollowingaretheremainingbestMSSPswhichhavebeenfeaturedinthemagazine;CRYPTYK whichisaleadingorganization,providingdecentralizedcloudstoragewithblockchainauditing solutions.Thefirm’smissionisto“taketheprofitoutofhackingandtheriskoutofthecloud”by integratingtwo,separatedecentralizedplatformsintooneintegratedsinglevendorcloudstorageand securityarchitecture;CipherSecuritywhichdeliversawiderangeofcutting-edgeproductsand services.Thecompany’sservicesaresupportedbyoneofthebest-in-classsecurityintelligencelabs namedCIPHERIntelligence;HitachiSystemsSecuritywhichisaUS-basedfirmwithavisionto optimizecustomers’cybersecurityposturecontinuouslythroughavarietyoftargetedsecurity servicesinordertosecuretheirbusinessandpropelittothenextlevel;Keypascowhichdeliversan award-winningsolutionwhichhascontributedtoaparadigmshiftininternetsecurity.Thecompany’s uniqueandpatentedsolutionusesarevolutionarynewtechnologyforuserauthenticationand providessecuritytoonlineserviceprovidersandusers.
Also,makesuretogothroughthearticles,writtenbyourin-houseeditorialteamandCXO standpointsofsomeoftheleadingindustryexpertstohaveabrieftasteofthesector Happy reading!
Bhushan Kadam
Organizationsaroundtheworldunderstandalltoo
welltheimportanceofhavingasecureIT infrastructure.Increasingthreatssuchastargeted malware,datatheft,unpredictabledisasteremergencies, cloudsecurityandmorehaveforcedcompaniestorethink howtheyaddressthesechallenges.Totacklesuchthreats andincidents,ManagedSecurityServiceProviders (MSSPs)haveenteredthepicture.AnMSSP’sservicesare consideredasanorganizedmethodtoadministerclients’ securityneeds.
ICEConsultingisonesuchrevolutionaryMSSPthathas beenprovidingmanagedITservicesformid-sized enterprisesforover20years.ICEisaleadingITmanaged solutionproviderspecializinginafullrangeofvendor independentmanagedITservicesforstartupstoestablished mid-sizedfirms.
Since1996,thecompanyhasgainedextensiveexpertisein networking,systemsandsecurityproductsand implementationwithfirst-classsoftwareandsystemsupport toofferfull-spectrum,end-to-end,managedITservices. ICE specializes in managing and maintaining IT infrastructure services and aims to focus on its client’s core business and data infrastructure. Infrastructuresecurity, systemvirtualization,storage,LinuxandWindowservers, cloudservices,usersupport,databaseadministration, backupanddisasterrecoveryaresomeoftheservices providedbythecompany,bothoff-premiseandoverthe cloud.
Throughoutitsjourney,ICEConsultinghashadtokeepup withthelatesttechnologyandindustrytrends.Todothis best,ICEimplementsanynewtechnologiesin-housefirst. Thenitdeploysthemoverthecloudtoreceivereal-world experienceonanyimplementationanddeployment challenges.
Anotheroneofthechallengesfortheorganizationhasbeen hiringinSiliconValley,whereitisconstantlyfacing challengescompetingfortalentwithmultinational conglomeratessuchasAppleandGoogle.YetICEhasdone wellwithfindingtalentbygrowingorganicallythrougha combinationofastrongcultureandthechallengingworkit offersitsteamofexperts. Asanexample,ICErealizedand identifiedbeforehandthatbiotechandlife-sciencetechwas anemergingandgrowingmarketandfunneleditsactivities towardtheseareas.Today,ithasastrongteamofexperts withyearsofexperienceinthisarea.
Infact,ICEistheonlyMSSPthathasbeenidentified, qualifiedandapprovedbyCaliforniaLifeScience
AssociationforprovidingexemplaryITmanagedservices.
Thebiotechandlifescienceindustrieshavebeenasweet spotforthecompanyastheirdependencyonITisquite highintermsofvariouscomputingprocesses,suchasin HPC(HighPerformanceComputing)andBigData management-anotherareawhereICEexcels.
Inadditiontobiotech,ICEsupportsclientsinarangeof industries.Ithasdoneauditassessmentsforcompanieslike FarallonCapital,thefourthlargesthedgefundintheworld, andhasalsosuccessfullydesigned,installedandmaintained adatacenterforAT&TBigData,contributingtoabout4 petabytesofaHadoopcluster.
UzairSattar,theFounderandCEOofICEConsulting, startedthecompanyover20yearsago,fromhisbedroom. HegraduatedfromSanJoseStateUniversityandstudied ComputerInformationSystems.Initially,Uzairworkedfor acoupleofyearsinotherorganizations.Speakingabouthis previousstints,Uzairrecalls,“WhatIlearnedwashownot todothings.Hence,IthoughtthatIcoulddoamuchbetter jobandsoIstartedICE.”
WhenUzairstartedthecompany,hewantedittobeclient focused.Hewantedtobuildasolutionbasedonreal-world clientbusinessneedsandrequirements,ratherthanforcing asolutionthatmightnotmeettheirneeds.
“We are our clients’trusted IT partner. We possess a very unique proactive IT management policy and so we have developed our own preventative maintenance checklist that we go over on a weekly basis,” explains Uzair. This proactive maintenance is focused on security, firewall,
The progress of our clients makes us feel that we've played a constructive and a signicant role in their growth.
switching, routing, servers, virtualization, storage, and applications. These checklists are then filled and sent to the client so that they can scrutinize what was done. We at ICE strongly believe in transparent IT services.”
Overthecourseoftime,ICEhasdevelopedspecialized software,processesandprocedurestoefficientlyand effectivelymanage,monitorandanalyzeitsclients’IT infrastructure.ICEConsultingisa24-by-7companythat offersliveusersupportandnetworkoperationsservices.
ICE’ssolutionsareprimarilyfocusedonthreedomains: small-tomedium-sizedbusinesses(SMBs),biotechandlife science,anddatacenterandcloudservices.
Ÿ StrategicservicesforSMBsandbiotechandlifescience companiesinclude:
Ÿ
ComprehensiveITsecurityandinfrastructureaudit, assessmentandimplementation.
Ÿ Assistclientswithmeetingdifferentcompliance standardssuchasNIST,HIPPA,CLIA,ISO27001. Ÿ Design,implementandmonitorcloudsecurity. Ÿ Regularstrategicmeetingsandplanningsessions.
Ÿ Systemandnetworkdesignandsecurity.
Ÿ Storage,backupandredundancy.
Ÿ Disasterrecovery,businesscontinuityplanningand implementation.
UpgradeandMigrationServicesforSMBsandBiotech& LifeScienceinclude:
Ÿ System,network,andapplicationupgradeand migration.
Ÿ
Migrationfromon-premisetocloudservices(AWSand Azure)orColocation(colo)
Ÿ Dataline,wireless,andtelephone/videosolutions.
Ÿ Serverroomanddatecenterbuild-out(cabling,power, HVAC)
Ÿ Physicalofficemigration.
ProactiveMaintenanceandSupportServicesforSMBsand Biotech&LifeScienceareasfollows:
Ÿ CompleteITmaintenancewith24/7monitoring, notificationandlivetechsupport.
Ÿ
Network,securityandsystemdesignand implementation(WindowsServer,Linux,firewall, switchesandrouters)
Ÿ
Design,implementandmanagecloudinfrastructureon AWSorAzure.
Manageandmaintainallcloudservices. Ÿ
Ÿ
Virtualizationandstorageareanetwork,cloudservices (VMware,Hyper-V,NetApp,EMC) Ÿ
Emailsolutions Ÿ
Singlesign-on(SSO)andMultifactorAuthentication (MFA) Ÿ
DesktopandCRMsupport Ÿ
Desktopsupport(Windows,Linux,Mac)
ICEcarefullyreviewsthedifferentvariablesbefore selectingtherightcloudservicesandmakessurethatthey fitclients’businessrequirements.Itdesignsallaspectsof thenetworkandsecurity,andthenrecommendsthe appropriatehardware,software,andconnectivity.
“Most companies think putting servers and applications on AWS or Azure is safe but that is incorrect. Cloud infrastructure providers only give you space to host servers and applications. It is YOUR responsibility to secure them with the right network configuration, installing a firewall, and/or implementing a WAF (Web Application Firewall) to name a few,” explainsUzair.
ICEhasateamofhighlyexperiencedengineerswhocan helpwiththeseissues.TheteamhandlesITmigrationtothe cloudandemphasizesplanningandcarefulexecution.The companyofferscompletesolutionsforcloudservices, includingoptionsfromaprivateand/orpubliccloudmodel.
ICE’sCloudservicesexpertiseincludes: Ÿ
AmazonWebServices(AWS) Ÿ
MicrosoftAzureCloudPlatform
Cloudsecurity Ÿ
MicrosoftOffice365 Ÿ
GoogleCloudPlatform Ÿ
Manageandmaintaindifferentcloudservices
‘‘
“
What I learned was how not to do things. Hence, I thought that I can do a much better job and so I started ICE. ‘‘ “
Ÿ
ImplementSSOand2FA
DataCenterOfferings
ICErecognizesthatadatacentermaybeoneofthebiggest expensesofclients.Whetheronehasafewserversor hundredsofserversalongwithhundredsofterabytesof storage,thecompany’smanagedITservicesofferthe capabilitiesneeded,whichinclude:
Ÿ Selectthedatacenterthatmeetsyourbusiness requirements
Ÿ
Ÿ
Assessandanalyzepowerrequirements
Assessandanalyzenetworkrequirements
We are ahead of our competitors when it comes to cloud offerings, infrastructure audit and assessment.
quoteonallhardware,softwareandtomanageand renewallhardwareandsoftwarewarrantiesand licensees.
Ÿ
AssessandanalyzeISPandconnectivity Ÿ
Ÿ
Storageinfrastructure Ÿ
Serveranddatamigration Ÿ
Ÿ
Datacentermonitoring
Datavirtualization
Managevendors-everythingfromvendorselectionto negotiationstopurchasing.
Infrastructureconsolidation Ÿ
Ÿ
Backupanddisasterrecovery
Thecompany’sManagedServicesmakemanagingITeasy andefficientandprovideclientswiththepeaceofmind neededtofocusontheircorebusiness.
FollowingaretheservicesinclusiveintheManaged Servicespackage:
Ÿ ProvideweeklyproprietaryProactivePreventative MaintenanceChecklist(PM)onnetwork,servers, storage,andapplications.
Ÿ MaintenanceChecklist(PM)onnetwork,servers, storage,andapplications.
Ÿ
TechnicalManagerassignedtotheaccountthat participatesinmonthlyITmeetingstoreviewstateof ITaffairsandmakerecommendationsandprovide solution.
“We at ICE strongly believe in transparent IT services, therefore all work performed by ICE is recorded, documented, and auditable. We are ahead of our competitors when it comes to cloud offerings, infrastructure audit, assessment and deployment. We also have a strong linux team which most of our competitors don’t provide,” saysUzair
CustomerserviceisatoppriorityforICEConsulting.The companydoesanextensiveauditassessmenttounderstand whatthebusinessobjectives,processesandgoalsareatthe onsetoftheproject,andbasedonthatitprovidesasolution. Thosesolutionsarethendiscussedandwiththeclient’s consenttheyareimplementedandmaintained.
WhileexpressinghisviewsabouttheMSSPindustry,Uzair states, “I think most companies today recognize the value of outsourcing instead of building in-house capabilities — an expensive, time- and resource-intensive process. This is our value proposition to our clients.”
Ÿ
Director,ITservices.
Ÿ
Ÿ
Delivercomprehensive,monthlyITreport.
EnhancetransparencythroughregularITmeetingswith yourteam.
Ÿ Haveprimaryandsecondaryengineersonall engagements–notonlydoesthisprovideconsistency ofservice,butoffersyoubuiltinredundancyand specialization.
Ÿ Providededicatedsupportstaffalongwithaccount manager.
Ÿ MonitorIT24x7x365.
Ÿ
Offer24x7x365‘live’helpdesksupportandNOC (NetworkOperationCenter)services.
Ÿ DocumentallITissues-detailsentireITinfrastructure, providesup-to-dateinformation.
Ÿ Providesexperiencedclientsuccessgrouptoprovide
UzairbelievesthatICEConsultingcanplayavitalroleina clientcompany’ssuccess:“Wehaveclientsthatstartedasa 20-personcompanyandhavesincegrownto300+ employees,andsomehaveresultedinbillion-dollar buyouts.Weareproudtohaveplayedakeyroleinthis growth.”
“The companies we work with are innovators. They’re creating new technologies and cutting-edge solutions, and in some cases lifesaving innovation. We are helping them to build their solutions while we’re managing their infrastructure 24x7,” addsUzair.
Whatmanydon’trealizeisthattheMSSPindustryoften hasadirectimpactonafirm’ssuccess.IftheITfalls behind,ithampersproductivityandcreativity.
CIPHERSecurityLLC cipher.com
ContemporaryComputer Services,Inc. ccsinet.com
EdBoucas Chairman&CEO
CipherSecurityisonesuchMSSproviderthatdeliversawiderangeofcutting-edgeproductsandservices.
JohnR.Riconda CEO&President
Cryptyk cryptyk.com
Dr.AdamWeigold CEO&Chairman
ContemporaryComputerServicesInc.(CCSI)isadynamicmanaged servicesandintegrationproviderthatdeliversthefinestquality engagementthroughcarefuldiscovery,planning,design,and implementation,followedupbystrongoperationalsupport.
Cryptykisaleadingorganizationprovidingdecentralizedcloud storagewithblockchainauditingsolutions.
Fortinet fortinet.com KenXie Founder&CEO
HackerOne hackerone.com
HitachiSecurity Systems hitachi-systemssecurity.com
ICEConsulting iceconsulting.com
MårtenMickos CEO
AkiraKusakabe PresidentandCEO
Fortinetdevelopsandmarketscybersecuritysoftware, appliancesandservices,suchasfirewalls,anti-virus,intrusion preventionandendpointsecurity,amongothers,isthefourthlargestnetworksecuritycompanybyrevenue.
HackerOneplatformistheindustrystandardforhackerpoweredsecurityanditispartnerwiththeglobalhacker communitytosurfacethemostrelevantsecurityissuesofour customersbeforetheycanbeexploitedbycriminals.
HitachiSystemsSecurityInc.isaglobalITsecurityservice providerthatbuildsanddeliverscustomizedcybersecurity servicestomonitorandprotectthemostcriticalandsensitiveIT assetsinitsclients’infrastructures24/7.
UzairSattar FounderandCEO
Keypasco keypasco.com
onShoreSecurity onshore.com
Maw-TsongLin CEOandtheFounder PerSkygebjerg COOandtheCo-founder
ICEConsultingspecializesinprovidingcustomizedITsolutions tosmallandmedium-sizedcompaniesbyunderstandingtheir businessandthenprovidingITsolutions.
Keypascooffersanewsoftware-basedsolutionthatiseasyto integrateintoyourexistingsystems.
StelValavanis CEO
onShoreSecurityisaleadingproviderofmanagedcybersecurity developingnetworkconsultantsandsoftwaredevelopersto launchtomanagedcybersecurityinearly90s.
OptivSecurityInc optiv.com
DanBurns CEO
OptivSecurityisamarket-leadingproviderofend-to-endcyber securitysolutions.
Contemporary Computer Services Inc. (CCSI) is a dynamic managed services and integration provider that delivers the finest quality engagement through careful discovery, planning, design, and implementation, followed up by strong operational support. CCSI’s primary objective is to deliver business solutions that ensure clients achieve and maintain a competitive edge.
For more than 40 years, CCSI has remained on the forefront of technological innovation, transforming clients through a complete IT revolution with a focus on helping them understand the practical business implications of emerging technologies.
CCSI ’s approach is to improve customer’s business agility through technology solutions, reducing IT expenditure while maintaining the highest levels of network up-time, hardware reliability, data integrity, and application stability.
Clients turn to CCSI for its comprehensive managed services and expertise which spans the full spectrum of an organization’s technology journey. By helping clients determine current challenges and opportunities, CCSI forges a path to implement the right solutions needed to achieve their business goals.
CCSI is a privately held company that was founded in 1974 by former IBM technical support specialists. They initially focused on providing installation and maintenance of IBM mainframe hardware. In 1980, CCSI expanded its hardware maintenance services to include 24/7 repair and/or replacement of desktops, printers, and LAN components.
The company later formed a networking division to provide fullservice LAN/WAN design and support services. Since then, CCSI has continued to adjust to market shifts and to structure its offerings accordingly. It also maintains one of the most comprehensive Network Operation Centers (NOC) in the United States. This state-of-the art facility is located within the company’s 30,000 square foot corporate office in Bohemia, NY.
Today, CCSI provides the highest quality of service in the industry for a full spectrum of technologies that includes network infrastructure, mobility, managed services, IP security, cybersecurity, SDWAN, IP telephony, cloud services and storage solutions.
A Widely Experienced Leader
Mr. John R. Riconda has served as the CEO and President of Contemporary Computer Services, Inc., since 1996. He began his career as an IBM Mainframe trainee in 1979. In 1981, he became a Technical Specialist and was its Partner since 1985.
Since then, he has created and built two new CCSI business units - the Networking Division and the Application Development Division.
John currently serves as a Trustee of Northwell Health at Huntington Hospital, Inc. He has been a member of Cisco Systems’ VAR Council
and was a founding member of Microsoft’s Educational Partner Advisory Council.
He has received numerous leadership awards and has been honored by the Suffolk County Organization of Public Educators, the New York State Council of School Superintendents, and the National Leadership Council for his commitment to public education. John also co-founded eSchoolData, LLC in 2008 and served as its Chief Executive Officer.
CCSI managed services are designed to be a client’s first line of defense for security and networking challenges. Whether they require product support or fully-managed security services, CCSI’s team of certified experts located at its Network Operations Center (NOC) and Security Operations Center (SOC) are ready around the clock to deliver. CCSI is SOC2 certified, which ensures CCSI
customers that CCSI has the critical controls in place to provide security, confidentiality of stored information, processing integrity of transactions, system availability and privacy.
CCSI NOC is a 24x7 operations center that focuses on uptime, availability, and operations for its clients. Certified engineers monitor systems around the clock as an extension of the client’s operations team. CCSI SOC is a 24x7 security-focused team equipped to monitor and hunt for security incidents within the client’s network.
CCSI’s SANS certified analysts are trained to find incidents and take the appropriate action as defined by the client. The company also provides Fault Management, Configuration Management, Performance Management, rd Performance Analytics, 3 Party Management, SolutionOriented Monitoring, Cloud Management, Back up as a Service/DRaaS and Cloud Migration under the banner of MSP Services.
When it comes to MSSP Services, the organization provides Next-gen Endpoint Security, Incident Management & Response, Breach Detection as a Service, Virtual Ciso, SIEM/Log Management, Vulnerability Management/Pen Testing, Identity Access Management, Compliance/ Security Risk Assessment and Ransomware Assessments/NYS DFS
CCSI believes that its people are the differentiating factor that help it to stand out from the crowd. It has crafted a supportive and positive work culture that is responsible for CCSI boasting an industry-leading employee retention rate. Two critical elements of that culture are education and innovation. By fostering integrity and a “roll up your sleeves” work ethic, CCSI also manages to retain old clients while constantly attracting new ones.
CCSI’s MSSP program is unique in that its people are not just analysts but engineers who fully understand a customer’s environment. CCSI’s engineers have the latest certifications and can deliver across Planning, Discovery, Delivery, Implement and Operate models (PDDIO). The engineers have use AI for several years to maintain a secure customer networks.
CCSI has remained fully committed to its customers while weathering the ups and downs of the IT industry. Each solution they design is customized to the client and their respective unique business needs. The company’s diverse menu of services ranges from security and compliance to the latest in cloud and container technologies to more mundane network- and server-related work.
CCSI has been seeing burgeoning interest in both cloud and Infrastructure as Code (SD-WAN, SDN, CloudFormation, etc.) and, of course, how to integrate security into those solutions. By incorporating artificial intelligence into their development process, they have been able to integrate the latest technology trends and stay at the forefront of the industry.
CCSI is already expanding its footprint as many of the services it offers are not tied to a specific geography. Its proficiency at the basics creates a strong foundation layer to support more advanced development.
Instead of chasing every trend, CCSI focuses on observing and understanding the direction in which the industry is progressing before committing itself. Its strategic vision is one of steady growth that delivers strong, consistent and carefully-planned reliability to its clients.
Managed security services (MSS) are considered as a systematic approach to managing an organization’s security needs. Businesses partner with MSS providers to resolve the issues they regularly face, related to information security such as targeted malware, data theft, and resource constraints. An MSS provider performs continuous monitoring and management of security devices, including intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to security incidents.
Ed Boucas Chairman & CEO
Cipher offers a full array of cyber security solutions for SMBs and Enterprise Organizations. The umbrella services include Managed Security Services and Security Consulting Services. Under MSS, Cipher offers:
• Threat Monitoring & Cyber-Attack Defense:
Cipher Security is one such MSS provider that delivers a wide-range of cutting-edge products and services. Founded in 2000, the company’s services are supported by one of the best-in-class security intelligence labs named CIPHER Intelligence. The company has spread its branches in North America, Europe, and Latin America with round-the-clock Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe.
Cipher is a highly accredited Managed Security Service Provider holding many awards and recognitions including the Best MSSP award from Frost & Sullivan for the past five years. Its clientele consists of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. It provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance with innovative solutions.
Cipher offers advanced monitoring, analysis and investigation of malicious code and callbacks to detect attempted and/or successful security breaches. The service is supported by CIPHER Intelligence, the company’s highly qualified and technology-driven R&D laboratory, and 24x7x365 Security Operations Centers to ensure best-inclass defense, real-time incident response and operational optimization.
• SIEM & Log Management:
The Security Information and Event Management (SIEM) and Log Management service collects, correlates, analyzes and stores security events from networks, hosts, and critical applications. A team of highly skilled, certified security experts working from integrated 5th generation Security Operations Centers use all this information, correlating it with the company’s database of intelligence feeds.
• Incident Response & Event Investigation: Cipher’s Incident Response and Investigation service offers unmatched experience in handling enterprise security incidents to prevent further harm to an organization, ranging from single-system compromises to enterprise-wide
intrusions by advanced attack groups. Its Incident Response team can quickly assess the challenges its customers faces and recommend specific actions.
• Managed Security Assets & Asset Management: The Managed Security Assets service includes a plethora of security technologies with endless opportunities in managed services for organizations of all sizes. Assets are continuously protected with feeds from CIPHER Intelligence on emerging threats. An organization’s security team receives unmetered remediation assistance from Cipher’s certified security analysts.
• Threat Protection as a Service: Cipher leverages the BLOCKBIT technology offering organizations the latest solution in advanced threat protection as a service. The services include sophisticated security technologies and the latest threat intelligence providing detection and protection against zero-day and targeted attacks, including Advanced Persistent Threats (APT) and malicious callbacks.
• Vulnerability Management as a Service:
Cipher offers its customers best-inclass vulnerability and compliance management as a service. It provides accurate internal and external scans across your IT estate such as network assets, hosts, web applications and databases. The combination of people, process and technology lowers resource needs by automation through
a structured distributed deployment, thus reducing costs from IT operations.
Under the Security Consulting Services Practice, Cipher offers expertise in Penetration Testing and Ethical Hacking, PCI DSS Assessment and Consulting, Risk and Compliance, GDPR Consulting, Forensic Analysis, and Vulnerability Assessments.
Surpassing the Definition of Quality Cipher has been in the security industry for over 18 years and the company employs more than 150+ security experts who provide excellence in security. Another key differentiator for CIPHER is the accreditations that company holds, including ISO 20000 and 27001, SOC I and SOC II, PCI QSA and ASV certification, as well as individual certifications in pen testing and ethical hacking. By combining threat intelligence with event correlation, Cipher’s superior managed security services helps eliminate blind spots and provides visibility to what really matters. In addition to this, it gives customers total visibility and transparency of the environment and activities through the CIPHER Client Portal, a single window into the customers’ entire security posture.
Journey towards Excellence Cipher has already seen significant growth in its initial expansion throughout Brazil and is now recognized as the largest MSS and Security Consulting Services firm in the country. In 2010, the company
expanded to global markets by establishing a U.S. Security Operations Center in Miami, Florida and operations in the United Kingdom.
An Epitome of Leadership
Ed Boucas, the Chairman and CEO of Cipher, has headed the company from its foundling period to becoming a multinational leader in the Cyber Security industry. Ed played a key role in launching the company’s offices across North America, Latin America and Europe, covering over 15 countries in the process. He has successfully led two rounds of multi-million-dollar Private Equity investments, the acquisition of an intelligence lab and a security product company.
Ed is a Production and Mechanical Engineer, an invited Professor for MBA courses, a former member of the ISO Committee for information security standards and a graduate of the Harvard Business School’s OPM program.
Sculpting a Secure Future Cipher announced 38% growth in 2017 in Brazil and forecasts global growth of 25% in 2018. In the years ahead, Cipher is focused on bringing tailored security solutions to the market, including its new GDPR Managed Services. The General Data Protection Regulation (GDPR) will require expertise around people, process, and technology. As an MSSP, Cipher is well-positioned to serve customers globally in data protection, compliance, risk and governance.
Get full visibility of your network and protect your organization against unknown attacks.
The rise in cyber-crimes is one of the main causes of Data center outages. As per the recent survey conducted by industry insiders, cyber-crime caused 22 percent data center outages in 2015 opposed to 2 percent outages in 2010. Adding to all these, now most of the data centers are re-evaluating their security policies after the recent WannaCry ransomware attack.
Data center outages cause companies to loss revenue in many ways. However, the costliest loss is service interruption and loss of IT productivity. So, the organizations are now realizing that traditional security is no longer secure enough to secure any data center. A recent study has found that 83 percent of traffic travels east/west within the data center, which stays undetected by the perimeter security. In this environment, when an attacker infiltrates the perimeter firewall, then can jump across the system with ease, extract information and compromise valuable data. Additionally, data centers can fail due to trespassers or a terrorist attack or by natural calamities.
So, how can one secure a data center in the best way possible from any kind of cyber threat? Don’t worry we’ve got you covered, with the points below.
As the first step, one should Map the Data Center and flag the hackers within the virtual and physical infrastructure. The CSOs and CIOs with a system map of their systems can react to any suspicious activity and take steps to stop data breaches. Being able to visualize different traffic patterns within a network helps to understand threats, that eventually elevates the level of security.
Understanding and measurement of traffic flow within the data center boundary are very important. In the case of
any interruption in traffic across east/west vs north/south, protected vs unprotected one can get to know about a threat. Additionally, vulnerable zones and unprotected traffic need to be monitored for a better result.
Firewall rules need to be defined and implemented as per requirements. Additionally, one should allow traffic only after thorough verification and selectively allow communication to ensure maximum protection. The key is to identify, what;s legal and secured and what can be blocked to enhance security.
One needs to Build a Team with executives who understand how traffic flows within the premises and can access & secure information, take necessary measures to secure important assets along with the implementation of roadblocks for the attackers.
Security must move as fast as a data center’s technology adoption and integration. Security Strategy Should Change Alongside the Technology and it should not be treated as an add-on option. Additionally, businesses also should ensure that their virus protection, signatures other protection features are up to date for better protection.
Businesses should Identify and Place Controls over highvalue assets, which will help to reduce risk. However, older security solutions are completely blind to new threats, new security companies have produced latest solutions that protect data in the virtual world.
Access Restriction also needs to be imposed. Every business should thoroughly check a person’s background before giving the access to a prized possession. Access to the main site and the loading bay must be limited,
additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to safeguard the employees and the data center.
Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other than administrative purposes for better security.
A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked thoroughly.
Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit the impact of a terrorist attack.
Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance footage helps when it comes to securing a data center.
Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters.
To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with lesser outages.
Datacenters are facing new cooling challenges. The servers and storage today are more efficient, faster, and incredibly dense. You can pack more computing power and storage in a much smaller footprint. Datacenter floorspace is expensive, so space savings are great. But how do you maximize density without compromising cooling?
We have watched datacenters evolve from general CRAC based cooling: where the entire room is cooled without any attention to the efficiency, to Aisle Containment, where there are hot aisles (backs of racks) and cool aisles (front of racks), to In-Row cooling where cool air is provided in cool aisles, and warm air is returned from the warm aisles, which provided a dramatic improvement.
Most datacenters still use one of those methods, with a surprising number just cooling the entire facility with or without Aisle Containment. These methods are not only very inefficient, but also uncomfortable for staff working in those datacenters.
The answer is LIQUID COOLING. The method the gaming industry has been using for years to cool overclocked processors and memory.
A rear of cabinet cooler of this kind can save a lot of energy. Our UK partner USystems have documented energy savings of up to 98% over CRAC, 83% over Aisle Containment, and even 45% over In-Row cooling with their ColdLogik system. I know liquid in a datacenter sounds
scary, but when combined with their patented Leak Prevention System which maintains a negative pressure on the coolant, this becomes a non-issue.
With 45% to 98% better performance you have several benefits.
1. Reduced operating cost
2. Reduced demand on electrical sources, which makes more electricity available for computing without having to add more capacity, which can be extraordinarily expensive.
3. Greener datacenter with much lower carbon footprint.
4. Higher density in each rack. More effective cooling allows much higher density racks, which also reduces TCO by reducing the number of racks and amount of floorspace required.
In 2013 Cambridge University, using ColdLogik reduced their cooling power consumption to a super PUE of 1.05 placing them number 2 in the Green 500 datacenters in the world.
In 2012 STIHL needed a hurricane proof solution for their new 200KW datacenter in Virginia Beach. The ColdLogik team designed the most energy efficient solution for STIHL. Thanks to their access to a natural underground water supply, water was taken via a bore hole from the
underground springs with a nearby lake used as a back up resource. This solution was naturally hurricane proof as no water towers or external plant would be required.
Because the datacenter cooling solution source was below ground the water supply temperature was a constant 64.4°F allowing for all year-round free cooling therefore benefiting hugely on cost savings as it took less than 7.5kW to cool 200kW IT heat load.
The back up water source at the nearby lake had large coil heat exchangers deployed and a reverse cycle heat pump, this meant during the winter months the supply could switch so waste-heat from the datacenter could be recycled to heat their building free of charge.
In 2010 ARM, the world’s leading semiconductor intellectual property supplier, required a very small, very efficiently cooled datacenter. In 12m x 4m they were able to deploy 60 cabinets with a PUE of 1.045 on full load68% current load PUE of 1.08-1.16. Because ARM required the pipe work to run through their data center, they opted for the additional security and peace of mind that the
patented Leak Prevention System which complements the ColdLogik rear cooler solution in many scenarios.
In 2008 Jaguar Land Rover expanded their data center with 40-foot containers due to space restrictions. Each container was to house 17 cabinets with a cooling capacity of 10-30kW per cabinet. Therefore, cooling for this project was the priority as there was no false floor, an extremely small footprint and a serious heat issue with such high densities. ColdLogik rear-cooler was the only viable option for this requirement. Three containers were deployed and allowed this datacenter in Spain to expand outside of the existing building.
With ColdLogik you can be green and increase the density of your existing data center or build a state of the art high density data center from scratch. It can be phased-in rack by rack or implemented data center wide.
If you want to reduce your carbon footprint while reducing your TCO, then you want to look at this innovative solution from ColdLogik.
Andrew Lindzon is the President of Ashlin Technology Solutions Inc. Ashlin Technology Solutions specializes in Managed IT Support, providing Cloud Solutions and Network Services in Henderson, Las Vegas, Paradise, Enterprise, Summerlin South, and Sunrise Manor.Though the global cloud computing market is expected to grow rapidly, today’s highprofile data breaches are inevitably reducing its adoption rate. Often, a single compromised connection to the cloud infects an entire organization’s sensitive data, and the cloud has grown to include IoT devices that are not held to a unified security standard and generally unsecured. “Challenges also appear in the form of hacker’s updated toolsets,” says Adam Weigold, CEO, Cryptyk. With the aim to avert impending security risks in cloud storage and enterprise network, Cryptyk leverages userencrypted file management and decentralized network storage architecture with blockchain auditing in a “hybrid blockchain” architecture that eliminates the damage caused by potential hackers’ attacks.
Adam Weigold CEO
Based in San Francisco, CA, Cryptyk’s mission is to “take the profit out of hacking and the risk out of the cloud” by integrating two, separate decentralized platforms into one integrated single vendor cloud storage and security architecture. Their decentralized multi-cloud storage platform called VAULT works like most cloud storage interfaces, except that each individual file is encrypted once, then split it into 5 shards using an
intelligent randomization process. VAULT then separately encrypts each of those 5 shards and distributes them onto 5 nodes. Each node is a different third party cloud storage provider such as Google, AWS, and IBM. This architecture makes any data a hacker acquires from a security breach useless, as the pieces are nondistinct and impossible to decrypt and put together without the magic addresses that only the user has.“Our ‘safe-to-hack’ Vault technology creates true data sovereignty and eliminates all significant threats to enterprise cloud use including hacking, ransomware, malware, server failure, even internal threats, while guaranteeing operational uptime, 24/7” notes Weigold. To guarantee uptime, Cryptyk uses a technique called Erasure coding, which creates multiple backups of each encrypted file shard distributed among the 4 other storage nodes. In the case of a DDoS attack or server failure on any of the nodes, Cryptyk users will not notice a change in service as files will be seamlessly constructed from the back up shards.
To protect VAULT, Cryptyk uses a robust security platform called SENTRY for auditing, tracking,
and monitoring all user access and file sharing. Cryptyk SENTRY features a full set of security tools, with a blockchain component that sets permissions, and monitors all file access and activity on VAULT. Its immutable record allows for real time auditing by AI, as well as behavior analysis and predictive measures that not only eliminate external threats but also internal threats from within an organization. Sentry is also a protected portal that enforces end-to-end security measures for every user accessing Cryptyk data. This allows IT departments to have a complete control over all devices accessing their data, and allows proactive enforcement of secure practices for all data in motion.
“Often technologies attempt to achieve the security of distributed storage by putting files on the blockchain directly. This has proven to be a mistake because of high latency. Even in
the early stage there are 20-30 seconds of lag, imagine waiting 5 minutes to open a document if the blockchain gets popular.” points out Weigold. “Also, if the distributed storage is on a peerto-peer network, or a blockchain, loss of crowd popularity will decrease users, reduce dedicated hardware, and thus transaction processing power”. Via their “Hybrid Blockchain” technology, Cryptyk stores files in double encrypted shards on 5 independent cloud storage providers online and protects access to the files with the blockchain. In addition, they utilize large enterprise accounts on these providers, guaranteeing speed, security, and uptime from each of these. The tested latency of files on the Cryptyk VAULT platform is less than 200ms, which is comparable to other cloud drives and enables real time file editing.
Furthermore, Cryptyk’s blockchain is powered by the
Cryptyk Token (CTK), which creates a dynamic cyber security community of investors, developers, early alliance partners, and customers. This community has the singular goal of growing and extending the platform “We have already teamed up with several securityfocused hardware and software companies to expand our capabilities. With distributed servers across the world, we will achieve a failsafe system that is independent of vulnerability to hackers, viral attacks or even pressure from nations or governments, creating true enterprise data sovereignty,” concludes Weigold.
Our ‘safe-to-hack’ Vault technology creates true data sovereignty and eliminates all significant threats to enterprise cloud use including hacking, ransomware, malware, server failure, even internal threats, while guaranteeing operational uptime, 24/7.
November 3, 1988, is considered as a turning point
in the world of Internet. 25 Years ago a Cornell University graduate student created first computer worm on the Internet, “Morris Worm.” The Morris worm was not a destructive worm, but it permanently changed the culture of the Internet. Before Morris unleashed his worm, the Internet was like a small town where people thought little of leaving their doors unlocked. Internet security was seen as a mostly theoretical problem, and software vendors treated security flaws as a low priority.
Today, there is a paradigm shift, Morris worm was motivated more by intellectual curiosity than malice, but it is not the case today. According to a 2015 Report, 71% of represented organizations experienced, at least, one successful cyber attack in the preceding 12 months (up from 62% the year prior).
According to survey report, discloses that, among 5500 companies in 26 countries around the world, 90% of businesses admitted a security incident. Additionally, 46% of the firms lost sensitive data due to an internal or external security threat. On average enterprises pay US$551,000 to recover from a security breach. Small and Medium business spend 38K.
Incidents involving the security failure of a third-party contractor, fraud by employees, cyber espionage, and network intrusion appear to be the most damaging for large enterprises, with average total losses significantly above other types of the security incident.
A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report. A standard approach is to overload the resource with illegitimate requests for service.
Brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any inventive techniques.
IP spoofing, also known as IP address forgery. The hijacker obtains the IP address of a legitimate host and alters packet headers so that the regular host appears to be the source. An attacker might also use special programs to construct IP packets that seem to originate from valid addresses inside the corporate intranet.
Browser-based attacks target end users who are browsing
the internet which in turn can spread in the whole enterprise network. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application. Malicious and compromised websites can also force malware onto visitors’ systems.
Transport layer security (TLS) ensures the integrity of data transmitted between two parties (server and client) and also provides strong authentication for both sides. SSL/TLS attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information. Secure Sockets Layer (SSL) attacks were more widespread in late 2014, but they remain prominent today, accounting for 6% of all network attacks analyzed.
Network Security is an essential element in any organization’s network infrastructure. Companies are boosting their investments in proactive control and threat intelligence services, along with better wireless security, next-generation firewalls and increasingly advanced malware detection. The U.S. Federal Government has spent $100 billion on cyber security over the past decade, $14 billion budgeted for 2016.
Increased use of technology helps enterprises to maintain the competitive edge, most businesses are required to employ IT security personnel full-time to ensure networks are shielded from the rapidly growing industry of cyber
crime. Following are the methods used by security specialists to full proof enterprise network systemPenetration Testing
Penetration testing is a form of hacking which network security professionals use as a tool to test a network for any vulnerabilities. During penetration testing IT professionals use the same methods that hackers use to exploit a network to identify network security breaches.
Intrusion detection systems are capable of identifying suspicious activities or acts of unauthorized access over an enterprise network. The examination includes a malware scan, review of general network activity, system vulnerability check, illegal program check, file settings monitoring, and any other activities that are out of the ordinary.
Network Access Controls are delivered using different methods to control network access by the end user. NACs offer a defined security policy which is supported by a network access server that provides the necessary access authentication and authorization.
Network Security is a race against threats, and many organizations are a part of this race to help enterprises to
secure their network systems. Organizations like IBM, Symantec, Microsoft have created solutions to counter the global problem of network security threat. These cutting-edge products show genuine promise and are already being used by enlightened companies.
Targeted attacks are multi-faceted and specially designed to evade many point technologies attempting to identify and block them. Once they are inside, the only way to find these cyber threats is to understand the behavior of the individual attack components and use analytics to understand their relationships.
Today it is not important that an organization will be attacked, but important and more crucial is to identify when and how much they can limit the impact and contain their exposure. This means having the capability to respond quickly once the initial incident has been discovered.
Malware is gettings quick-witted day by day. They utilize heuristics to change their code dynamically. A capable solution should have an adaptive architecture that evolves with the changing environment, and threats today’s business faces.
Today’s threats have multiple facets, and a single software or solution is not sufficient. Protection system should have the capability to integrate with other security tools from different vendors to work together as a single protection system, acting as connective tissue for today’s disjointed cyber security infrastructure.
Like infectious diseases, cyber threats will never be eradicated entirely, but they can be better contained and understood, and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive security architecture to battle today’s cyber pathogens. IBM has developed a vast fleet of products, QRadar, X-Force Threat Intelligence, Trusteer Pinpoint Malware Detection, IBM Threat Protection System a dynamic, integrated system to meddle the lifecycle of advanced attacks and prevent loss.
The IBM Threat Protection System integrates with 450 security tools from over 100 vendors acting as connective tissue for today’s disjointed cyber security infrastructure.
Symantec is another major player in catering enterprise network security systems with Symantec Advanced Threat Protection. Symantec ATP operates via a single console and works across endpoints, networks, and emails, integrating with Symantec Endpoint Protection (SEP), and Symantec Email Security cloud, which means organizations do not need to deploy any new endpoint agents. Symantec says, ATP is the only threat protection appliance that can work with all three sensors without requiring additional endpoint agents. With ATP, Symantec’s goal is to deliver end-to-end threat protection, prevention, detection, and response in a single pane of glass, offering more value to businesses than individual point products can provide. Symantec Advanced Threat Protection combines multiple layers of prevention, detection, and response.
Managed Security Services refers to services outsourced by enterprises to fulfill their cyber security requirements, often due to lack of inhouse personnel, limited security expertise or budgetary constraints. It embeds various functions including 24/7 threat monitoring, regular security reporting and incident response. According to one research, around 74 % organizations manage security services in house, but 82% of them have agreed they have either partnered or are planning to partner with a Managed Security Services Provider (MSSP).
Akira Kusakabe President & CEOmarketing, information and communication technology. In his current position in the company, Akira’s efforts focus on defining the strategic long and mid-term strategic goals of the company, aligning the goals and objectives of Hitachi Systems Security Inc. and Hitachi Systems, Ltd., in order to expand the global reach to become a globally recognized leader in the information security space.
Hitachi Systems Security Inc., was founded in 1999 and is a global IT security service provider that builds and delivers customized cybersecurity services to monitor and protect the most critical and sensitive IT assets in its clients’ infrastructures 24/7. The objective of the enterprise is to deploy information security solutions that protect the customer’s brand, and allow them to harness the full potential of connecting people and businesses together.
Hitachi Systems Security, formerly known as “Above Security”, was acquired by Hitachi Systems, Ltd. in 2015. From its five Security Operations Centres (SOCs) in Canada, the U.S.A., Mexico, Japan and Switzerland, Hitachi Systems Security has accumulated experience guarding the critical data of private and public entities in over 50 countries around the world.
Akira Kusakabe is the President and CEO of Hitachi Security Systems. He is an experienced leader with over 30 years of experience in corporate management, sales and
After having joined Hitachi, Ltd. back in 1983, Akira has held a variety of positions in different Hitachi Group Companies to help achieve Hitachi’s mission of contribution to society through the development of superior, original technology and products. For instance, he played a key role in helping to grow Hitachi America and Hitachi Mexico, and he served as CEO of Hitachi Group Companies in South America at Hitachi Brazil.
Hitachi Security Systems offers two major types of cybersecurity services:
Hitachi Systems Security provides a full-scale Managed Security Service (MSS) that protects its client’s most valuable IT assets and data. The company’s managed security services, which are offered through its proprietary ArkAngel risk management program, are built to address its client’s growing IT security needs and to offer them the highest standard of protection with a Service Level Agreement customized to their needs and business requirements. Hitachi Systems Security’s MSS offering helps clients:
· Detect,mitigateandpreventthreats whilekeepingtheirnetwork protectedatalltimes
· Extendtheirteamandrespondto incidentswith24/7availablesecurity experts
· Meetcomplianceorregulatory requirements
· Getthebestprotectionpossibleata fractionofthecostofin-house securitymonitoring
ThecoreservicesofMSSinclude24/7 Real-TimeThreatMonitoring,Monthly SecurityReporting,24/7AccesstoArk AngelServices,MonthlyService ReviewMeeting,Dedicated InformationSecuritySpecialist,Secure CommunicationsChannel,Secure RetentionofSensibleDocuments, SecurityControlIntegration,Business DetectionRuleImplementation,2HourIncidentEscalationGuarantee andControl-BasedApproach. Dependingonthespecificbusiness contextandrequirementsofitsclients, HitachiSystemsSecurityalsooffers add-onservices,including VulnerabilityManagement,Cyber securityAnalyticsDashboard,Office 365CloudSecurityMonitoring,ATM andPOSMonitoring,FileIntegrity Monitoring,SecurityDevice Management,PhishingProtectionand IntrusionDetectionMonitoring.
Unlike24/7managedsecurityservices, professionalservicesareproject-based engagementscarriedoutbytheteamof
HitachiSystemsSecurity’scertified SecurityConsultants.The Cybersecurity Posture Assessment is oneofthemostpopularprofessional servicesofthecompany.Itprovidesan overallviewoftheorganization’s internalandexternalsecurityposture byintegratingallthefacetsof cybersecurityintoonlyone comprehensiveassessmentapproach.It ismeanttoimprovethecompany’s cybersecurityposturethroughgap analysisandconcrete recommendations.Otherprofessional servicesinclude:
· RiskAssessments
· PenetrationTesting
· VulnerabilityAssessments
· PCI/GDPRComplianceAssessments
· SecurityProgramReview& Development
· WebApplicationAssessments
· ControlAssessments
AccordingtoHitachiSystemsSecurity, operationaltechnology(OT)securityis becomingincreasinglyimportantasthe OTdomainhasbecomemoreexposed tocyberthreats.OTisacombinationof hardwareandsoftwaretocontrol physicaldevices.Initsorigins,Hitachi, Ltd.isprincipallyanOTcompany,so HitachiSystemsSecurityhasa differentiatingpositiontoservicethese technologiesandtypesofmarkets.It anticipatedthemarketbyfocusingon deliveringconvergedcybersecurity servicesfortheIT,OTandIoT environmentatthesametime.This
approachtodeliveringintegrated securitysolutionsisuniqueinthe market.
Securityhasbeentheexclusivefocus ofHitachiSystemsSecuritythroughout theirexistence.Thechallengesofthe companyarethatthecybersecurity spaceisinundatedandvery competitive.Thecompanypositions itselftobedifferentasitoffersan integratedapproachtosecurityservices andisnotinterestedinshort-term sellingbutlong-termpartnershipswith itsglobalcustomerbase.Oneofthe othermajorchallengesofcybersecurity industriesingeneralistheskills shortage,asmanyorganizationsare strugglingtofindthenecessary resourcestosecuretheiroperations.
HitachiSystemsSecurity’svisionisto optimizethecustomers’cybersecurity posturecontinuouslythroughavariety oftargetedsecurityservicesinorderto securetheirbusinessandpropelitto thenextlevel.Accordingtothe company,itisleadingthenextwaveof integratedcybersecurityby amalgamatingITsecurity,OTsecurity, organizationalsecurityandphysical security.Itiscommittedtosupporting andsecuringIT,OTandIoT environmentsaspartofHitachi’s socialinnovationvision.
Our solution is flexible, self-scalable and provides you with a unique evolving risk engine for continuous improvement of your security, great privacy and integrity protection, and a blacklist of fraudulent devices.
Gisle M. Eckhoff joined DigiPlex in August 2014 as Chief Executive Officer. He brings nearly thirty years’ experience in senior positions in the IT industry in the US, Sweden, UK and Denmark as well as at home in Norway. Gisle is the former Senior Vice President and Managing Director of CGI’s operation in Norway, and has also held a number of senior management roles at both country and regional levels in CSC Computer Sciences Corporation. The experience and knowledge gained from heading up the Financial Services vertical in the Nordic region, before becoming Vice President and Managing Director of CSC in both Norway and Sweden, is of great value when implementing DigiPlex’ growth strategy in the Nordic markets.
The EU’s GDPR legislature will have consequences for every company doing business in
Europe, including American companies. The new directive promises sizeable fines to anyone that does not take personal data seriously. Meanwhile, the data centre company DigiPlex urges companies to focus on another important aspect: physical security.
The General Data Protection Regulation’s (GDPR) purpose is to harmonize legislation related to personal information across the EU’s member states. It does however also create radical challenges for American businesses holding information on EU customers. Come May 2018, when the legislation enters into force, companies will have publicly disclosed how the data is used, in addition to offering transparency for individuals seeking access to their data. The GDPR includes a sanction mechanism, and the fines for non-compliance can reach 4 percent of a company’s annual revenue.
• Business will obviously change for everyone not taking personal information seriously. This will clearly raise awareness regarding how the data is secured, but it’s also vital not to forget where the information is located, says DigiPlex CEO, Gisle M. Eckhoff.
American computer security company, McAfee, published a study of over 800 company leaders from different sectors. The report reveals that 50 percent of the respondents state that they would like to move their data to a more secure location. A motivating factor is the new EU legislation. The report also reveals that 74 percent of the business leaders specified that they thought protecting the data correctly would attract new customers.
• Data security is not just about protecting yourself against hacking and other digital threats. The overall security critically depends on where your data is stored. Companies who actively select a secure data centre to host their data will gain a competitive advantage in the market as the management of personal information is in the spotlight, says Eckhoff.
While EU-based companies are in the process of adapting to the GDPR, Gartner predicted only 50 percent of American firms will be ready for the strict regulation by the end of 2018. It’s primarily the largest companies and public enterprises that are furthest along in the process of adaptation. According to Eckhoff, they are usually the ones that are the most concerned with data security and where it is stored. Fire and operational safety are two obvious challenges, but physical security also includes securing yourself against theft.
• Several smaller businesses and organizations keep their data servers at their offices, and the physical security in many of the smaller data centers is almost absent. If your data is stored in such a data center, where someone easily could break in and physically remove the hardware containing your information, then you are very vulnerable – both operationally and in relation to GDPR, says Eckhoff.
At DigiPlex’s data centers, several layers of security ensure the safety of the data and the personal information that is stored there. Physical security is one of the most complicated and expensive features when building or updating a data center. That is why newly established data centers have to reach critical mass, allowing them to store enough data to compensate for the large security investment.
One consideration to take, as we are getting closer to the implementation date of GDPR, is where your data center should be located. Several US based companies are already relocating their centers to the EU in order to comply. Multiple database providers are helping non-EU companies organize and segregate EU data from other personal information. The data center industry is well established in Europe, and some of the most cost and climate efficient centers are located in the Nordic countries.
In the Nordics, the cool climate helps chill down vast amounts of hardware that otherwise would have been cooled down solely by electricity. Additionally, the electricity that is required by data centers to run their operations is supplied through easy access to affordable renewable energy.
• In recent years, we have seen political turbulence in larger parts of the world, Europe included. The stabile political environment in the Nordic countries is also a climate to consider, as the establishment of data centers is a long-term investment, says Eckhoff.
The radical change in the innovative technology, is changing the basics of the enterprises function. The way of the businesses today is very much affected by the convergence of enterprise mobility with Cloud Computing, Big Data Analytics and Social Media. The mantra for a successful business today is to observe and adopt the way employees, partners and customers connect and energetically engage in fulfilling business objectives and attaining the enterprise goals in record time. This is the reason, that the enterprises of today have to follow the current trends in the real time.
There is one more paradigm shift the IT industry is observing, and that is the entrance of Enterprise Mobility in the business. With the use of it now critical business data, complex analytics and reports are getting available to the decision makers and executives in no time. The vast acceptance of the Mobile Phones and Tablets burgeon the businesses.
With anytime-anywhere access to the business data for swift decision making and improved customer service, is only getting possible with the use of Enterprise Mobile Device Management (MDM). In this way Mobility on Cloud is helping SME’s to get benefited by the technological advances.
Approximately, 70% of the North American workforce is now mobile, cloud-based environments require a transparent mobile policy management strategy. As is observed, more and more data of the companies, nowadays is residing on mobile devices and is distributed on off-site servers, protecting that data is becoming a mission-critical priority. That is the reason that security concerned enterprises are more concentrating on the three critical mobility factors as they evaluate and deploy cloud computing. The three important factors are:
Easy access to cloud-based data and applications from anywhere at any time The availability of the flexibility of the mobile workforce is only possible with the enablement of easy access to the cloud-based data and applications from anywhere at any time. The workers today have to travel from one place to
another switching between various public, private, wired and wireless networks in order to get access to the corporate applications. Mobile workers have to manually select and connect to the best available network in the given location because of this. This creates a confusion in between the workers what network to select, what policies to apply and etc. just because of the connectivity process is left on the end-users. This whole process is the reason of less productivity on the part of the mobile workers.
Wi-Fi and 3G like technologies are getting used to access cloud-based data and applications by the mobile workers today, from anywhere, on the road, from a hotel or a home office. This is becoming a reason of extra cost, when you are supposed to gain from the cloud computing environment. Most of the time this cost becomes unnecessary, like paying for LAN or Wi-Fi fees when a mobile worker is in an area covered by his paid 3G subscription, using 3G when roaming internationally or using 3G when a free or low-cost Wi-Fi or LAN option is available.
Today, many enterprises are investing on endpoint security solutions and corporate VPNs, data compromise is still a big threat for enterprises because of a variety of threats that stem from network bridging, visits to malicious Web sites, download of malicious software, and use of open and unencrypted networks. The process of connecting to wired and wireless networks is a manual, user-driven process makes the risk high. Despite these high risks, enterprises can maintain itself against these risks with the Mobile Policy Management (MPM):
The critical mobility factors of cost control, security and end-user connectivity for cloud-based enterprises, comes under a term, ’Mobile Policy Management (MPM)’. MPM adds to the overall return on investment of cloud-based initiatives through reduced costs and improved security. MPM helps enterprises to:
Pre-define network prioritization policies
MPM helps IT to pre-define network prioritization policies and assign specific mobile policies to a given network for
cloud and non-cloud data and application access. By automating network selection and mobile access policies, MPM boosts the mobile workforce productivity. Additionally, MPM helps IT to pre-define network selection rules and assign mobile policies to each type of network. MPM solution automatically selects the best available network as defined by IT, connects the user and applies the relevant mobile policies, while the mobile workers roam around. This gives the worker a remote access and connectivity transparent to end-users, saving their valuable time when accessing cloud and non-cloud data and applications.
Enables to cost-optimizing network selection
MPM enables an option of ’cost-optimizing network selection’ to reduce the cost of mobile data usage by costoptimizing network selection. Leaving network selection up to the end-user can drive data costs far over budget and create significant cost liabilities, for the enterprises. For an instantance, a mobile worker with an unlimited 3G subscription should avoid connecting to, paying for and expensing hotel Wi-Fi when in an area covered by a 3G local provider. For the enterprises benefit, MPM platform avoids unbudgeted data costs by helping IT to define and enforce a network white list, preventing users from adding unsanctioned laptop communications options to their mobile Pcs.
The data security threats occur only because of the rogue access points or networks that are in place to lure mobile workers onto them in order for hackers to gain access to corporate data like public Wi-Fi access points in airports labeled “free Wi-Fi” or rogue Wi-Fi placed in proximity to corporate offices. Though there are security solutions working for the same, but of no use. When a mobile worker is working and visiting various places an MPM platform enables IT to dynamically automate and enforce networkspecific security policies.
Enterprises who are deploying cloud computing are influencing Mobile Policy Management to gain organization-wide visibility and control over their mobile workforce.
The Information Technology sector is growing like never before and so is the significance of its security. Managed Security Services (MSS) market is expected to grow up to 29 billion by 2020, as IT industry is totally reliant on security. The financial loss enterprises bear, due to security breech, is a subject of concern and it has become very difficult for them to keep up with the constant upgrade for security as cyber-attacks are growing complicated every day. With the assistance of MSS providers, enterprises can save a lot of resources as it takes huge investment to set up in house security. MSS providers feature better customization in terms of security against organized and sophisticated cyber threats.
Amongst such MSS providers, Keypasco is a kind of company delivering award winning solution which contributed to a paradigm shift in internet security. Founded in 2010, it is a Swedish IT company in Gothenburg on the Swedish west coast. The company’s unique patented solution uses a revolutionary new technology for user authentication and provides security to online service providers and users. The company uses the unique DeviceID on the end users device to make sure that a username and password works only on the right device and in the right location. Keypasco’s cutting edge technology constantly works in the background to maintain the security behind the provider’s ordinary
Ÿ
application interface. Other than DeviceID, the company has three more patents including:
Ÿ
Proximity: The user’s own devices / wearables in close position to each other as unique identity to enhance security.
Keypasco PKI Sign: A unique solution for PKI in a mobile device without the need for a Secure Element. By using Keypasco PKI Sign no private key is stored at any one place, but it is still PKI compliant, making the solution extremely safe.
Ÿ
Dynamic URL: This allows for single sign-on with one single trusted security app linking multiple Internet content providers on one side and multiple ID providers on the other.
Maw-Tsong Lin has been leading the company since September 2010 as the CEO and the Founder along with Per Skygebjerg, who is the current COO and the Co-founder of the company. Maw-Tsong has done mechanical engineering from Chalmers University of technology. Before Keypasco, the two have worked together in Todos. Todos developed hardware tokens for the e-banking market and its products are still used by a large number of banks worldwide. Per and Maw-Tsong took their experience and network with them and founded Keypasco.
Maw-Tsong Lin CEO & Founder
Keypasco provides services to any enterprise that delivers certain services and wants to secure their systems from intrusion. It offers various services including secure authentication, digital signatures and access control for all types of application and online services, such as banking and payments, gaming, betting, e-commerce, accounting, egovernment and e-healthcare, smart home, and car haring. The company also provides its users with their own digital identity, based on their device properties, location and proximity to any external device they choose to be a part of. The company offers mobile security to millions of users across the world and opens up for new innovative business models and enables the creation of new services.
One of the features of Keypasco, that differentiates it from the competition, is its core technology which comprises of device-related data. With features like DeviceID,
location, and a unique Risk Engine, the company instantly raises the level of security for its users. The company also distinguishes itself from the traditional solutions. For instance, traditional solutions stores personal information such as name, ID number, email address, and credit card numbers in databases, whereas Keypasco do not collect or store this type of information. Also, traditional digital ID consists of passwords and distributed credentials, which are prone to theft, while the security solution provided by the company does not have any distributed credentials.
It is likely for enterprises to counter obstacles in the initial stages of business, especially in IT security, where the technology changes at rapid speed and uncertainty is on the edge. In case of Keypasco, one of the biggest challenges they face is taking the risk of innovation. When it comes to security solutions, it takes time to build the trust needed to dare to take the decision to try something new.
The decision to switch to another security solution is not a spontaneous decision. The users have to go through the details thoroughly in order to make the switch.
Keypasco asserts itself to be on a mission to secure all the digital assets. The company believes that by challenging traditions and making things easier and more adapted to human behavior, it can make the internet a safer space. The company is constantly questioning old habits and seeking answers beyond established solutions to find the best methods to improve internet security. Its latest move is to develop a security solution that is designed for block chain technology.
Our solution is flexible, self-scalable and provides you with a unique evolving risk engine for continuous improvement of your security, great privacy and integrity protection, and a blacklist of fraudulent devices.
In my experience, when businesses are looking to fundamentally transform the way they work, they have to take a serious look at their cloud strategy and make sure it's aligned to their business goals. Whether these goals are to increase operational efficiency, drive new revenue streams, improve customer service or disrupt the market, there are key principles I advise businesses to follow.
The approach you take will depend on what stage your business is at. A cloud first strategy is appropriate if you have the flexibility to move your core business applications to the cloud because you’re a new business or you’re not encumbered by legacy infrastructure.
A hybrid approach works if you have a clear plan on which applications you feel comfortable moving to the cloud, versus those you’d prefer to keep within your own private network or at a data centre.
If you’re at an early stage in your cloud strategy and are still getting to grips with the options available, it can help to work with a managed service provider who will map out the most appropriate migration path based on what you’re trying to achieve.
Irrespective of what stage you’re at, there are challenges that most businesses face as they journey to the cloud.
Firstly, upskilling your internal IT team to manage the migration can be a real challenge when the skills required are fundamentally different to those of a traditional IT team. Furthermore, it can be risky to divert your team away from managing business critical IT infrastructure to plan and implement a cloud migration strategy. This can be a very significant undertaking, and one that often makes sense to outsource to an MSP with the specialist skills you don’t have in-house.
Many businesses will need to redesign their legacy networks and infrastructure to support this migration, which can be complex. For example, data that was previously routed via a private network to head office, may now be serviced via the internet, which creates a big shift in data and networking requirements.
Another big decision is which technology provider to go with. With so many options available it can be challenging to decide which one is right for your business. For example, do you go with Microsoft Azure, Amazon Web Services (AWS) or a mix of the two? It’s easy to get distracted by service features, so it’s important to keep focused on the business outcomes you’re trying to achieve when going through the vendor selection process.
With all the benefits that the cloud offers in terms of cost savings, agility and innovation, it can also expose your business to increased security threats.
Working with a Managed Service Provider with strong credentials in security can help you to lock down any potential vulnerabilities in your network.
If you decide that working with a Managed Service Provider is right for your business, look for a partner with demonstrable expertise in architecting, implementing and managing cloudbased network infrastructures and applications that can flex with your business. They should also offer a security portfolio that supports both public internet and private networking environments.
Many IT decision makers come unstuck when they select service providers who don’t invest enough in cutting-edge technology. Even though IT services are often viewed as a commodity, working with a partner who can predict where the market is going can really help to transform your business.
There’s nothing worse than investing time and money in technology that becomes obsolete. Work with someone who has a strong reputation in delivering market leading technology in data centres, data security and cloud based services.
The right MSP will be much more than a supplier. They’ll be an extension to your IT team; a true partner who’s committed to delivering outcomes and is happy to share the risk of the
As the CEO of Enablis Pty Ltd, Jon leads a passionate and focused team delivering Managed IT Communication and Cloud Services to mid-sized organizations in Australia and New Zealand.
A 25-year industry ICT veteran, in 2006 Jon founded the Australian business for Sirocom Ltd, a leading UK Managed Virtual network operator (MVNO) that later became Azzurri Communications Pty Ltd.
Eleven years on, John has grown Enablis, the Australian division of Azzurri Communications, from one employee to over 50 employees with offices in Sydney and Melbourne.
His zeal and vision to deliver smarter ways for organizations to procure and operate complex communication estates coupled with his experience in leading and driving a strong business culture focused on doing “right by the customer” have resulted in Enablis winning multiple industry awards for growth and service quality every year for the past six years.
Prior to Enablis, Jon held Senior Partner roles at major carriers such as Verizon and Optus where he helped develop and grow key integrator relationships in Europe, and later on, in Australia. Before that, he worked at Cabletron and 3Com.
Jon has sat on and assisted in technology steering panels at St Vincent de Paul. He has a passion for helping and getting involved in raising awareness and donations for a number of charities focused on homelessness and under privileged youth.
technology deployment. Much like any relationship, a good partnership is based on chemistry, transparency, shared goals and mutual respect. Most importantly, you need to be certain they’ve got your back.
Evans CEOWorking with an MSP who speaks your language is vital. This means that they should know your industry and ideally, already have customers in your sector. Even though every business is unique, there’s a lot to be said for working with service providers who understand your business objectives and the risk profile you’re trying to manage.
In my experience, IT budgets are generally flat or falling, whereas demand for high priority strategic projects such as migrating to the cloud, is only increasing. This means that IT decision makers are often under increasing pressure to achieve more with less.
Work with an MSP who can help you deploy your budget and resources more effectively; who can build a business case for you and back it up with hard numbers. Ultimately, they need to convince you and the rest of the business that a cloud strategy is going to deliver measurable improvements to your business before you bring them on board.
