Sprivacyandpersonalbelongingsfromanunknown threat.Itisallweknowingeneralsensebutwhya companyneedssecurityandwhatsecurityconcernsithas? Thesedays,fromanenterprise’sperspective,securityisa broadandverychallengingissue.Whether,itisphysical securityoradatasecurity,breachinanyoftwocanleada companyintovulnerability.
ecurityiswhatweneedtoprotectourselves,our
Sohowtheenterprisesecurityservicesarehelping organizationswithsecuritybreachandwhyitisnecessary toconsultwiththem?Todayalltheorganizationsaredriven byinformation,anddatabecomesthemostimportantasset. Mostofthecompaniesaretransformingtheirbusinesses intoe-businesswhereitiscrucialtopreserveintegrity, availabilityandconfidentialityofinformationdueto sensitivityandvalueofbusinessdata.Theamountofdata organizationshavetodayishugeandtheyfindthemselves overwhelmedinthefaceofunauthorizedaccessas networksareopenedwhenconnectedtotheinternet.The datacontainsconsumers’informationaswellas organization’scriticalinformationsuchasoperation records,financialaspects,cash-flowinformation,health careandadministration.
Thisdataandinformationislifebloodofanorganization andanydamagetoitcanbefataltotheircontinuedviability asalivingentity.Insuchsituationsenterprisesecurity servicesplaycrucialpartandensurethattheoriginalityand accuracyoftheinformationispreserved,anditshallnever beexposedtounauthorizedapproach.
Individualsororganizationsleveragetechnologytouseto meetorcompletedesiredgoalsanditisdifficulttoforesee allthreatsandvulnerabilitiesthatsurfaceintheprocess.In otherwords,theenterprisesecurityisreactivewhereno
technologyorsecuritysystemcanfullyassure protectionfromthreat.Butthereareseveralsecurity serviceprovidersarewhocanguideandprovidetheir deepinsightsinsecuritysolutionsandhelptoavoid anymajordatabreach.
Inthisissueof“The10MostTrustedCompaniesin EnterpriseSecurity”InsightsSuccesshasshortlisted thoseeecurityproviderswhichareprovidingnterprises solutionsthataresystematicallyprofileand contextualizesecuritythreatswithalevelofdetailand granularitythathasneverbeenachievedbefore.
ThecoverisfeaturingPentaSecuritySystems,a leadingproviderofwebanddatasecurityproducts, solutions,andservices.PentaSecurity’swebsecurity productrespondsfasttoproxydeployment,inline topology,cloud,andotherweb-relatedenvironment changes.Thecompany’sdataencryptionproductalso respondsfasttoDBMS,filesystems,cloud,andother datamanagement-relatedenvironmentchanges includinglogandimages,theunstructureddata.Ithas beenexpandingitsofferingsinordertomeetthe demandsofencryptionindifferentareas,withitsdata encryptionproducts.
Also,makessuretoscrollthroughthearticleswritten byourin-houseeditorialteamandCXOstandpointsof someoftheleadingindustryexpertstohaveabrief knowledgeofthesector.
HappyReading!
Rohit Chaturvedi
SeokwooLee Founder&CEO
oday,businessesandtheinternetareunited,as
Tbusinessesarerunontheinternet.Themarket demandsapplicationsofbothsafeandstable foundationoftechnologyaswellasapplicationsoffastand newtechnologies.Nonetheless,applicationsofenterprise securitymustneverbecompromisedregardlessofthe circumstantialchangesandbytakingthisintoconsideration, PentaSecuritySystems,aleadingproviderofwebanddata securityproducts,solutions,andservices,wasincepted.
Belowarehighlightsoftheinterviewconductedbetween Penta Security and Insights Success:
WhenIwaseagertopursuemyentrepreneurshipdesiresback in1997,theinternetstartedtogainpopularity.Inthisstage wherethingswererapidlychangingandmostcertainlyinthe connectivitysector,itmademerealizethateveryonewill soonerorlaterbeplacedinasituationwhereconnectivity securityisinevitableintheirlives.
Afterthefoundation,thecompanyfocusedonutilizingthe meritsofthiscounty,SouthKorea.Itwasnoteasyto establishPentaSecurityasanOSoranetworkingtechnology providerassomeofthefirmsintheUSwerealreadytaking theleadintheworld.ThisisthereasonwhyIhavedecided tofocusondevelopingsecurityforthedevelopers.InSouth Korea,thereisarelativelyhighnumberofapplication developers,thereforewethoughtwecouldlistentotheir demands,reflectthemonourproducts,andeventuallycreate somethingthatisdeveloper-centric.Asexpected,‘Web applicationsecurity’hasbecomeinevitableforthebusinesses becausetheirmostimportantassets,thedata,wentonthe applications.Asaresult,comparedtotheexistingsystemand networksecurity,‘datasecurity’becamethemostimportant partofmaintainingthebusinessesnowadays.
From‘things’to‘vehicles’andnow‘blockchain’that’s enormouslyandinnovativelyimpactingourdecision-making processes,wearecopingwithbigandimportantchangesas anITsecurityfirm.Westronglybelievethatsecuritymust keepupwithrapidtechnologicalchangesandbytakingthe lead,PentaSecurityhasbeenexpandingitssecurityofferings fromIoTtoallsortsofmobilityenvironments.
Howdoyoudiversifytheorganization’sofferingsinweb anddatasecuritytoappealtothetargetaudience?
Today,businessesandtheinternetareunited.Businessesare runontheinternet,whichnowaretheapplications.The marketdemandsapplicationsofbothsafeandstable
foundationoftechnologyaswellasapplicationsoffastand newtechnologies.
Intermsofapplyingsecuritytotherapidlychanging environment,PentaSecurityisconfidenttostressthat developingthemethodologiesinordertokeepupwiththe changesisoneofthebiggestandimportantgoalsofthe company.
PentaSecurity’swebsecurityproductrespondsfasttoproxy deployment,inlinetopology,cloud,andotherweb-related environmentchanges.Dataencryptionproductalsoresponds fasttoDBMS,filesystems,cloud,andotherdata management-relatedenvironmentchangesincludinglogand images,theunstructureddata.Wehavebeenexpandingour offeringsinordertomeetthedemandsofencryptionin differentareas,withourdataencryptionproducts.
Fromthenon,wefocusedonprovidingdifferentsolutionsto differentaudiences.Tobeginwith,wemanagedtoprovide ‘detection’solutiontocompensatethesecurityfeaturesthe developersmighthavemissed,then‘encryption’solutionto protectcriticaldataassets,andfinally,‘authentication’ solutiontoallowuserstoidentifythemselvesinthe interconnectingnetwork.Ourofferingshavemanagedto expandanddiversifyinIoT,automobiles,trains,andshipsas well,viaassociatingthesemainsecurityfeatures.
Inresult,PentaSecurityhasregistered95internationaland domesticpatentsandgained58internationalanddomestic certifications.Moreover,won37productawardsincluding thelatest‘CybersecurityExcellenceAwards’,‘GoldWinner ofDatabaseSecurity2018’,andTU-Automotive’s‘2019 BestAutoCybersecurityProduct/Service’withour authentication,detection,andencryptionsolutions.
Giveadetaileddescriptionofthefeaturedperson’s influenceoverthecompanyandtheindustry.
SecuritymustbeattheheadofITanditstransformationin ordertoletthetechnologiesdevelopeachandeverypartof thebusiness.Therefore,astheCEOandFounderofanIT securitycompany,Ibelieveit’smostimportanttoprovidea clearvisionandroleofsecuritytotheemployees.Lettingthe professionalsdotheirjobs,whilsttheentrepreneurleadsthe directioniswhatIbelievemanagingandrunningasuccessful companyreallymeans.
Securityisnotonlydeeplyengagedwithintheindustry,but alsowithnationalpolicies.Evenwiththeslightestmisleading regulations,theresultandtheimpactcanbebeyondour control.Therefore,westronglybelievethatITsecurityfirms musttakepartintheprocessofpolicymaking.Inorderto
achievethis,wehavebeenactivelyparticipatingin developingnationalindustriesbyweighinginour opinions.We’realsoengagedwithtechnologyinstitutes aswebelieveeducatingthenextgeneration’s professionalsisoneofourimportantmissionsasthe leaderintheindustry.
Asperyouropinion,whatarethewebanddata securityroadblocksorchallengesorganizations facingtoday?Andwhatisyouradvicetoovercome them?
Thebiggestobstructionistheexistingcustomthatonly focusesonfindingthevulnerabilitiesandinturn, patchingthemtemporarily,assumingthattheinitial issueshadbeenresolved.Idefinitelyagreewiththeeffort atleast,however,lookingaheadtobuildinganimmune ITsystemfromthestartiswhatactuallymattersthe most.
Wemustletsecuritybecomeanimportantpartof buildingtheITsystem-especiallywhenweliveinsuch ahyperconnectedsociety.Thewholeconceptwell explainsPentaSecurity’sphilosophyandvision,whichis ‘SecureFirst,ThenConnect’.
Itisalsoverycommontofacesituationswherepolicymakerswithbiginfluencethatlackagood understandingofnewtechnologiesendupdevelopingwrongfulITpolicies.Therearetimeswhen industryrevitalizationagendasproduceactualregulationsandresultsthatstandintheway.Inorder topreventsocialresourcesfromstandinginthewayofdevelopments,PentaSecurityisputtinga lotofresourcestoeducate,inspire,andpromotebase-level,easilyunderstandableITsecurityto non-professionalsoutthere.
HowdoesPentaSecuritycopewiththevolatiletechnologicaltrendstoboostitsgrowth?
Whentryingtorespondquicklytothechanges,thereisalwaysamixofoldandnewways.Thisis notjustabouttheconflictoftheoldandnew,butit'saboutefficiency.PentaSecurityputsitsbest effortinsolvingthedeclineofefficiencyinstructuralandproceduralways.Ifwefeeltheneedto focusondevelopingandapplyingnew,innovative,anddisruptivetechnologies,weformanew teamoradepartmentaswellasnewlabsforin-depthdevelopmentsinordertomeettheneedsof newbusinessopportunities.Wealternativelyseparatethecompanythroughspin-offsifnecessary, aswetrulybelievethatrespondingfasttothechangesiswhatmakesus‘PentaSecurity’asa whole.
Couldyouthrowsomelightonyourmissionandvisionstatement?
Theconceptofrealizingan‘OpenSociety’,whichIdeliberatedwhenstartingthecompany,have becomethecompany’svision.Asmentioned,tryingtofixtheproblemonlyafteranincident occurs,istheworstwayofrealizingsecurityaswecanimagine.Modernizationisallabout communicating,interchanging,andsharing.Wecannotgrowanddevelopwithouttheseinanopen society.Ifwewanttofeelsecuredevenwithourdoorswideopen,wemustgivetrustandtrust otherswhoenteroursafetyzones.PentaSecurityisthecompanythatcanprovidethattrustandwe stronglybelievethisiswhat‘TrustforanOpenSociety’reallymeanstous.WithPentaSecurity’s securitysolutions,businessescantrustandfreelymanagebusinessesintheirowndisruptiveways.
Whatareyourcompany’sfutureaspirations?Whatstrategiesareyouundertakingto achievethosegoals?
WhatITsecuritymeanttootherindustriesbackinthedaysweren’tmuchatall-infact,itwasjust seenasacomponentpartthatsupportstheentireITsystem.WewantedtobuildanITsecurity companythatresolvesanyissuesrelatedtoITsecurityfromthefirststep,andthatstartswhen buildingtheinitialITsysteminabusiness.Wethrivetobuildasafeplatformandaninfrastructure basedontheconceptof‘SecuritybyDesign’.Asarecentexample,thereisautomotivesecurity. Inadditiontoautomobiles,weareplanningonexpandingourdesirestotrainsandships,by providingsecuritytoallsortsofmobilityenvironments.
TheestablishedITwasallaboutconnectinguserstothecentralsystem.Howevernow,different devicesareconnectedtoeachotherand‘connectedcar’isatypicalexample.Withourwholesystemapproachtosecurity,webelieveitenablesaneraofhyperwebintegrationandconnectivity. Therefore,weaimtodrivesafertransportthroughoureffortsinsmartmobility,provideautomotive securityforconnectedandelectricvehicles,automotiveblockchaintechnology,andamobilitydata intelligenceplatform.
We’regoingthroughabigchangewherethemethodofconnectivityhasbecomecompletely differentcomparedtothepast.This,itisnotanoverstatementtosaythatblockchain,anew computingsystemthatdrivesinnovativechangesindecision-makings,isleadingthischange. Thischangenotonlyimpactsotherindustriesbutmostly,impactsthesecurityindustryandof course,PentaSecurityaswell.Runningdifferenttechnologicallabs,subsidiaries,andteamsin eachsecuritysectorinordertoputourselvesoutofthecomfortzone,iswhatweconstantlyaimto achieve,withourbesteffort.
WithsomuchattentionfocusedonArtificial Intelligence(AI),it’sworthrememberingthat onesizedoesnotfitall.Therearespecific business-relatedpainpointsinmindwhenacompany decidestodeployAItechnology,somakingtheright choicescanbeatrickytask.
Forexample,severalmonthsago,anAIrelated breakthroughwasannounced–arobotlearnedand demonstratedtheabilitytoperformaperfectbackflip. Whileitiswellacknowledgedthattheinvestedresearch anddevelopmentforthismissionwashugeandthe commercialpotentialforsomeapplicationsisenormous,it issomewhatunclearhowthisspecificinnovationorthe coremodelsandalgorithmsofit,canserveotherindustries andverticals.Hereinliestheproblem.
Mr. Jay Klein drives Voyager Lab’s technology strategy and core intellectual property. He brings more than 25 years of experience in data analytics, networking and telecommunications to the Company. Before joining Voyager Labs, he served as CTO at Allot Communications where he steered Allot’s data inspection and analytics core technology offerings, and as VP Strategic Business Development at DSPG, where he was responsible for strategic technology acquisitions. He also co-founded and held the CTO position at Ensemble Communications while founding and creating WiMAX and IEEE 802.16. He also served as the CTO and VP of R&D at CTP Systems, acquired first by DSP Communications and later by Intel. Jay Klein holds a BSc in Electronics & Electrical Engineering from Tel Aviv University as well as numerous patents in various technology fields.
GaugingAIsuccessinonefieldinmanycasescanbe meaninglessforanother.Tomakethingsworse,evenwhen tryingtogodeeperintothetechnologyandattemptingto evaluate,forexample,whichMachineLearningalgorithms areutilizedbytheproduct,orwhatarethenumberof layersintheDeepNeuralNetworkmodelsmentionedby specificvendors,intheenditwillbepossiblypointlessas itdoesnotdirectlyreflectthesolutiondeployment ‘success’implications.
Nevertheless,itseemsthatthemarketignoresthisreality andcontinuestoevaluateAI-basedproductsbybuzzword checklistsusingfamiliarandrelatedAIterminology(e.g.,
Supervised,Unsupervised,DeepLearningetc.).While checklistsareaneffectivetoolforcomparativeanalysisit stillrequiresthe‘right’itemstobeincluded.
Unfortunately,whattypicallyisabsentaretheitemswhich areimportanttothecustomer,fromaproblem-solution perspective.
IntroducingAuthenticAI
Givenallofthis,thereisaneedtochangethenarrative aroundAItechnologyandsolutionstosomething meaningfulandauthenticthatreflectsthereal-life challengesandopportunitiesthatbusinessesarefacing. ThisisthetimetointroduceAuthenticAI.
TheMerriam-Websterdictionarydefines‘Authentic’as both ‘worthy of acceptance or belief as conforming to or based on fact’and ‘conforming to an original so as to reproduce essential features’.Thisisnotabout‘Fake’tobe contrastedwith‘Real’.It’sabouttheessentialfeaturesof AIwhichneedtobeacknowledged,andhence,redefine the‘checklist’.Often,theseessential‘authentic’features arehiddenandonlysurfacewhenaCIO/CDOisfaced withanewproblemtobesolved.Thisisseenespecially whentheAIaspectsofaproposedproductorsolutionare fullyexploredbyaskingquestionssuchas:
- IstheAItechnologyutilizedbytheproductaimed specificallyformyproblem,optimally(e.g., performance,cost,etc.)?
- Isitcapableofaddressingthecompleteproblemor onlyapartofit?
- Canitbeassimilatedintotheexistingecosystem withoutimposingnewdemands?
- Canitaddressthecompellingenvironmental conditionsoftheproblemspace?
Theseissuescanbegroupedintothreedifferent‘classes’‘Original’,‘Holistic’and‘Pragmatic’:
Original–Howinnovativeisthesolution?Thiscanbe quantifiedbyassessingthefollowing:
- theinventionofnewalgorithmsorevennewmodels and - theuseofcomplexorchestrationtechniquesor - throughthecapabilitytohandlecomplexdataformats andstructures.
Whilethereisnoneedtore-inventthewheelrepetitively foranyproblem,therearedistinctivecharacteristicswhich requireoptimizing.
Holistic–HowcompleteistheproposedAItechnology?It takesintoaccountthecapabilityofhandlingtheend-to-end aspectsofthesolution,thecompetenceofharmonizingthe operationofthevariousAIcomponentsofthesolutionand theabilitytoadapttoeverchangingconditionsoftheAI application.
Pragmatic–Canthetechnologysolverealworld problemsintheiractualandnaturalspaceina commerciallyviableway?Thismeansthatforexamplethe datasourcescanbeprocessedintheirmostnativeformat (bothunstructuredorstructured)aswellasprovide insightsorresultsmatchingthepragmaticneedsofthe specificmarketexpectations.Inaddition,theabilitytobe quicklydeployedandrapidtoactareassessed.
Alloftheseelementsshouldbeusedtosystematically assessandevaluateAI-basedproductsandsolutionsto assesstheirauthenticityandthereforeeffectivenessin specificusecases.
Forexample,manyhome-loanmortgageevaluationand recommendationsystemsutilizeasomewhatisolated machinelearningbasedapplicantclassificationmethod, oneofmanyotherprocessesincludedwithinthesolution. TheAIinthissolutioncannotbeconsideredAuthenticAI toahighdegreeasit‘scores’lowonthe‘Original’and ‘Holistic’classesasitisn’tinnovative‘enough’(froman AIsense).Inaddition,theAIcomponentitselfdoesnot coveronitsowntheend-to-endaspectsofthesolution (henceaffectingtheoverallperformanceandprecision).It couldbeconsideredtobe‘Pragmatic’tosomelevelifit canhandletherequireddatasourcesoffinancial institutionsorthecustomerapplicationsnatively,andifthe solution‘output’aretheexplicitresultsrequiredasa specificrecommendation(e.g.,loanconditions).However, thedeploymenttimeline(time-to-market)andcommercial aspectsneedtobeevaluatedaswell.Thisisjustone exampleofmanyothers,coveringallkindsofvariations.
Perfectbackflipsmaygrantyouagoldmedalifyouarea gymnastbutifyouareamasterchessplayerdon’texpecta winningmove.
obotshavealwaysbeen
Rpicturedasaman-made advancedtechnological creativity,whichdoandwillfavorthe humanspeciesforfuture.Asrobotics isvibrantlyglobalized,soonitwillbe mainstreamedinvariousfieldsand sectors.Currently,therearenumerous enterprisesworldwidewhichare implementingroboticsintoindustrial, healthcareandcommercialuse. Whereas,roboticshaveexperienceda lotofup’sanddown’sduringthis tenure,butwiththetime,ithelda strongholdinthedigitalworld.
Wheneverthediscussionarisesabout theapplicationsofrobotics,the industrialsectorhasbespoken benefits’.Robotshavebecomemore affordable,smartandproductiveover theyears.Thesectorslikeagriculture, construction,warehousingand logistics,andcustomerservices.By investingmoreinrobots,anenterprise
willbesolvingcertainproblemsmore accuratelyandefficiently.Meanwhile, utilizingrobotswillhelpenterprisesto pushtheirlimitsinordertofillupthe productivityvoids.
Witheachslippageoftime,the technologyisupgradingsodoesthe robotics.Theadvancementsinrobotics fieldwillbeaboontotheenterprisesin ordertoincreasegrowthand productivityrate.Therearecertain parametersthatshouldbeconsidered whileimplementingroboticsinthe enterprise,suchas
FollowingupParametersbefore ReachingtheDepthofRobotics Modifying; as per the user’s need Generally,robotsusedtorequire advancedtraininginordertooperate comfortably.It’snotanissueforthe bigenterprisesastheyacquirethe skilledpeopletodealwith,wherethe smallenterprisesarenotsogiftedwith
loadsofassetsinitially.But,withthe newadvancesinroboticstechnologies, ithasbecomeeasierforsmallventures toinvestinrobotsforincreasingthe productivitygeneratingmorerevenue. Justbygivingwirelesscommands fromanIOT,demonstratingtasksto therobotsgetseasier.Nowadays,there arenumerousvarietiesofrobotsto carryoutmultitasks,thusasperthe user’sneed,onecaninvestinrobots fortheindustrialpurpose.
Unlikethebigmanufacturingrobotsin hugeindustries,therearevarious collaborativerobotswhichare speciallydesignedtoworkalongside andtoassisthumanworkersina varietyoftasks.Earlieritwassortof stressfulforanenterprisetoallot specificman-powerforcertaintask, butbyimplementingco-botssuch issuesareresolved.Asthesizeand shapeofco-botsaregettingmore
compact,itmaybenefittheenterprises invariousterms.
Earlierrobotswerenotabletoprogram easilyduetotheincompatibility betweentheuserinterfaceand hardware.But,nowRoboticOperating System(ROS)isdominatingthe industrybyprovidingsolutionsfor variedrobotsinordertoperformthe taskwithoutlagging.It’sanopensourceframeworkwhichhelps developerstoredirecttheprogramming indifferentways.Thisopen-source frameworkisdominatingthegrowth towardstheconstructivedirection.
st
The21 century—istheeraof implementingnewideologyand technologiesinvarioussectors.While technologicaldisruptionhas collectivelyaffectedeverypossible
sector,roboticsisstillunaffected.Frompastfewyears,the technology,aswellasitsimplementation,hasincreased substantially.Havealookonsuchfewareasforpossible applications.
Unlikebigmanufacturingrobots,collaborativerobotsare designedtoworkwithemployeesinenterprisesand corporates.Thedesignissmartenoughtoassisthumans andalso,compactenoughtohandle.Generally,thesmall andmedium-sizedenterprises(SMEs)areslightlyboonby implementingco-botsindaytodaylife,astheyareeasily adaptable,easytoprocessandmostimportantlyit’s affordable.Accordingtosomeexperts,there’sapossibility ofenormousgrowthinthebusiness,ifCo-botsare implementedwidely.Themainmotiveofindustrialrobots istotheprioritizedsafetyofemployeesandworkers,yet thechancesofaccidentsarealwaysathighrisk.Whereas, co-botsworksasaservicerobot;theycomeinvarious shapeandsizeseasingtheworkabilityandreducingthe liabilityofemployees.Inordertogetsanctionedasservice robots,anyco-bothastopasscertaintestingparametersby robotmanufacturingcompanies,factorssuchaseasily compatiblewithotherdevicesandprograms,safein use,easytocommand,andprocessingatafaster rate.Currently,co-botsareusedforprocesses likemachinetending,packaging,andmaterial handling.Inspiteofindustries,co-botsare usedinvarioussectorssuchasinfarming, hospitals,healthcareandfacilities,and labs.Itdoescomeunderrobot-as-aserviceformat.
Imagineanenterprisewith robotsthataretotallyindependent totheusercommands,inother words,noexternalprogramming mayrequireinordertoprocessrobots forthevarioustasks.Inaccordanceto that,aUserInterfacetobeexactmightnot beneededinthefuture,asmachinelearningis alreadyonitsvergetogetexplored.Currently,in ordertocarryoutcertaintasksrobotsarebeentoldto whattodousingtheinterfacewhereas,cloudrobotics directlytwitchcompatiblecodefromthecloudswhich arerequiredforthetasks.Toworkalongsidewith humans,robotsmustbedeeplearningthesubjects simultaneouslyabletopointoutproblemsandprovide solutionsrightaway.Meanwhile,itwillbeaboonforthe enterprisesiftheemployeeswillgettointeractwithrobots asapersonifiedobjectratherthanamachine.Soon,there
withpersonalroboticscloudwhichwillhelprobotstotake andgiveinformationdirectly.Dependingontherobot,it canprocessvariousfunctionssuchaslifting,leveraging, handlevision,objectrecognitionandother,thuscertain robotsacquiresuchskillsandwillprovideinformationto thecloud.Then,thisinformationhelpsotherrobotstoget enlightened.Insimplewordstosay,robotswillteachother robotsforthebettergoodoftheenterprises.Ontheother hand,asrobotsaregettingmoreandmoreevolved,filtering ofessentialinformationfromrestwillgetmucheasier.This willcomfortbothbigandsmallenterprisestomanagebig datamoreprecisely.
Withtheemergenceofadvancementinrobotics,theyareon thevergetotouchskiesalready.Ifconsideringtheabove possiblefactors,thisevergreeneraofroboticsislesslikely togetsaturatedduetotechnologicaldisruption.Asthe technologiesaregrowingfaster,theenterprisesmustto catch-upwiththemaccordingly.It’shightimetoimplement newtechnologiesespeciallyoftheroboticsasitsutilization isnotonlysubjectedtowarehousesbutalso,towardstheinhouseenterprisework.Hopefully,there’sapossibilityof robot-orientedindustriesinthefuture.
Whetherit’stheiremployees orcustomers,organizations oftenstruggletofindthe rightbalancebetweensecurityanduser experience.Callsign,aComputer& NetworkSecuritycompanyprovides user-friendlyidentificationand authenticationsolutions,thathelp businessesbalancethetwo,whilstalso reducingcosts.
Belowarethehighlightsofthe interview:
GiveabriefoverviewofCallsign,its uniqueness,anditsvision.
Thedigitalworldisbasedonasimple premise–trust.Whenwe’re interactingwithapersonorentity–whetherit’sabusinessorsomeother transactionalinterface–weneedto knowwithnouncertaintytheyarewho theysaytheyare,doingwhattheysay theyare,wheretheysaytheyare.This isexactlywhereCallsignhelps.
Weareanidentityfraud,authorization &authenticationcompany,solvingthe challengesthatorganizationsfacein gettingtheirusersonto&interacting withtheirdigitalplatforms.
WedothisusingrealtimeAIdriven identityandauthenticationsolutions, thatconfirmtheuserreallyiswhothey saytheyare,nomatterwhattheir location.
DescribeCallsign’scuttingedge securitysolutionswhichaddressall theneedsofyourcustomers?
Asorganizationsstrivetosecuretheir systems,theaimistodosoinaway thatdoesn’thinderemployee productivity.Ideally,usingpoliciesthat allowforatailored,contextual approachtoworkforceidentification. What’smore,today’semployeesare increasinglyprioritisingprivacyover convenience,sothat’sgottobe factoredin,too.
OurIntelligenceDrivenAuthentication Platformconsistsofthreemodules–Intelligence,Policy&Authentication. Ourintelligenceengineusesmultiple datapointstocreateaconfidence score,tellingushowlikelyitisthat someoneiswhotheysaytheyare.If theconfidencescoreishigh,wecan safelyreducefrictionandifit’snot, authenticationisdynamicallyadjusted.
Thisorchestrationisachievedusing thePolicyManager.Organizationscan builddynamic,naturallanguage policiesandjourneysthatadapt,inreal time,tocontextualintelligence.Asa result,Callsign’sPolicyEnginecan dynamicallyadjusttothetypeof hardware,connectivityandeven preferencesofindividualusers(for exampleiffacialrecognitionisnot enabled).Becausethepoliciesarefully transparentandwritteninnatural language,leadersinrisk,compliance, userexperiencecanunderstandthem
aswellastechnicalpeersinITand fraudmakingthesolutionmucheasier tomanageandutilizeacross businesses.
Inall,theentireprocessisdesignedto determinewhatkindofauthentication journeysarebestusedinwhich circumstances,basedonwhatactionis beingperformed,bywho,where,and how.Meaningorganizationsaren’t isolatingswathesofuser’swith either/orchoicesofbiometrics,or additionalpasswordchecksandcan adheretoprivacyrequirementssuchas GDPRandCCPA.
Whattechnologiesareyou leveragingtomakeyoursolutions resourceful?
Collectingthousandsofdatapoints acrossdevice,locationandbehavior, weusestatisticalmodelingand advancedmachine&deeplearning techniques,tocreateauniqueidentity profileofthatusersothatthepolicy enginecandelivertheappropriate authenticationjourney.
Thislevelofintelligenceenablesusto deliverpassiveauthenticationasmuch aspossible–andonlycallingfor activeauthenticationwhenappropriate orrequired.Thismeanswecandeliver improvedlevelsofsecurityfor organizationswhilstimprovingthe userexperience,withonaverageover 80%ofauthenticationstepsremoved.
Whatarethechallengesfacedwhileprovidingsecurity solutionsandhowisCallsignservingtotacklethem?
Identityisthegatewaytoallthingsdigital,yetthemost commonauthenticatorintheworldwasinventedinthe 1960's–thepassword.This,andeveryotherauthentication/ authorizationsolutionsincethenrepresentsidentityproxies, notidentity.Manysolutionsweredesignedtoidentify fraud,notproveidentity.Callsignisthefirstsolutionthat buildsuniqueindividualdigitalprofiles,collecting thousandsofdatapoints,andverifyingandlearningwith eachinteraction.
PrivacyisalsoanessentialpartoftheCallsignplatform. Today,it’simportantthatusersaregiventherightchoice, control&consentaroundtheuseoftheirdata.With Callsign’sIntelligenceDrivenAuthentication(IDA),clients canallowtheiruserstodeterminejustwhichdatapointscan becollected,empoweringuserstoactivelyparticipatein securingtheirdigitalidentities.
Additionally,CallsignIDAservesalluserswhospana broadrangeofsocio-economicandgeographic backgrounds,aswellascapabilitiessuchasusersoptingout ofbiometricauthentication,oreventhosewithoutasmart phone.
Whataccordingtoyoucouldbethepotentialfutureof theenterprisesecurityindustryandhowdoesCallsign envisionsustainingitscompetency?
Assecurityingeneralevolvesasacorebusinessfunction, leadersneedtobalanceriskanduserexperiencetoagree theappropriatebusinessrisktolerance.
Manycurrentmethodsfocusonazero-trustapproachthat reliesonuser’sregularlyauthenticating,oftenwithfairly rigidmethods.Byusingthousandsofdatapointsinreal timetodetermineidentity,Callsignsafelyremoves authenticationfrictionforemployees–ensuringsolution adoptionandboostingproductivity.
Italsoremovesthecostsincurredbytokensthatarelostor needreplacing.Plusreducesrelianceonpasswords,and thereforethecostofsupportcallswhenthey’reforgotten.
ZiaHayatistheCEOandCo-founderofCallsign.Zia hasaPhDinInformationSystemsSecurityfromthe UniversityofSouthamptonandhasworkedincybersecurity forbothBAEsystemsandLloydsBankingGroup.
Alongsideoverseeingthecompanystrategyandinputting intotheresearchandtechnologyroadmap,heworkswith executivelevelsoforganizationstoexaminehowdigital identitycanbemademoresecure,simplertouseandmost critically,maintainingtheprivacyofindividuals.
Collaboratingwithindustryandacademiaheishelping driveawarenessandinnovationtoanticipatethechallenges oftomorrow.Thiscouldbedrivenbyusers'desiretohave choiceandcontrolovertheirdigitalidentities,and/orthe badactorsincreasinglygarneringgreaterlevelsof sophisticationaroundattacks.
A scalable “banking grade” user friendly, identity fraud, authentication & authorization platform.
“
VideoAmpturns4yearsoldthismonth.Somany memories,andsomuchgrowth.Let’sreflecton someoftheworstdecisionsandassociated learningsthathavebeenfundamentaltoourgrowth.Why theworstyousay?Becausewhenyouaccelerateyour learningrateinafail-fastenvironment,itthenallowsyouto makefastdecisionsvs.theanalysisparalysispredicament.
Oneofmyfavoritewildcardinterviewquestionsfor managersis:“Describethefailureyou’remostproudof.” Thissometimescatchespeopleoffguard,soI’llsharemine firsttogettheconversationgoing.Inevitablyitcomesdown tochoosingbecausetherearesomany.
Youcan’ttalkaboutgrowthandsuccesswithouttalking aboutthesefailures.Unlessyou’resomekindofhybrid AI-robot-space-alienwho’sabsolutelyperfect,there’sgoing tobemistakes.What’simportantisthatasaleaderyouown yourmistakesandbetransparentaboutthem.
Findingtherightpeopleisthesinglemostimportantaspect ofgrowingastartup.Thebiggestmistakesinhiringhave been:
Ÿ “Hiringoutofhand”,orshortcuttingthenormal processesbecausethecandidateiswellknownbyother engineersinthegroup.
Ÿ “Promotingoutofhand”isanothervariationofthis whereyoudon’tputsomeonethroughthenormaldue diligencebecausetheyalreadypresent.Inourcase, individualcontributor(IC)engineersdon’tgothrough therigorousreferencechecksthatnewmanagersdo.
Ÿ “Hiringunderduress”,orloweringyourbarsimplyto meetheadcountgoals.Istronglyadvisetohirefewer “full-fullstack”seniorengineersvs.abunchofjunioror mid-levelcareerdeveloperswhorequiremoretime, nurturingandpreciousattentionunitsfromyoursenior staff.
Thisisamovingtarget,andonewhichhasdefinitelybeen anongoingseriesofblogs.Intheearlystage,we“over prescribedscrum.”Somethingthataveryearlystage companycando,alongwithtoomuchagileprocessestoo soon.
Forexample,prototypesandproofofconceptsshouldnot havearigorousdefinitionofdone,withendlessunit, functional,andend-to-endtestsbecausetheproduct’s requirementswillprobablyzig-zagwildly.
Conversely,havingtoolittleprocesswhenyouare supportingenterprisecustomerscanalsobeaproblem.I spentmypriordaysasanICand
contractorretrofittingandscalingCI/CDpipelinesand trainingengineershowtowritebettertests.
Thechallengeisright-sizingthisallalongtheway,andthe triggerpointsonwhentochangemaynotbeobvious.Isay thisbecausewegrewheadcountby22engineersfromOct 2017toFeb2018,andintheprocesswedidnotmodifyour simplifiedKanbanapproachtoaprescribedScrumprocess quicklyenough.Growingpainsemerged,tosaytheleast. Nowwe’reinaspotwherewecanwithstandamagnitude scaleofgrowthwithroughlythesamesquadandtribe-level process.
RiffingoffrapidgrowthofBrainsinengineering,wedidn’t scalemanagementfastenough.Almostallstartup engineeringorgsstartveryflat,withallICsandno management.Youhave“techleads”whomaysplittheir timedoinglightmanagerialfunctions,buttheyallwrite codeanddiveintotheoperations.
ThebiggestfailhereinscalingtheICswasnotscalingthe organdmanagementstructuretofollow.At~44engineers anddatascientists,wehaveadutytodeliveronourmission toprovideanenvironmentwheretheyhavetheopportunity todothebestworkoftheirlivesandbeworthmoreinthe marketplace.
Withoutthisvitalmanagementstructure,thereisavacuum. Donotboltthisonlater,builditasyougo.Wetook inspirationfromSpotify’smodelofengineering organizationalscaling.
We’vetalkedaboutallofthesefails,howaboutsomething thathasworkedwellforus?
Whendoinginitialcontactwithacandidate,Ioftenask “whyareyouinmarket?”Ihaveseencountlessfolkswho arelookingbecausetheircurrentmanagementdoesnot havetheirgrowthandcareerpathinginmind.Inextreme cases,theycandoaday’sworkinfourhours,feellikethey areunder-challenged,andhavenotlearnedanythingin years.TheyworkinanenvironmentlikethemovieOffice Space.
Takinganoppositeapproachistoengageinthegrowthand pathingofeveryindividual.Wedothisby:
Ÿ aligningthegrowthoftheindividualwiththe company’sgrowth.
Ÿ havingmanagementcheckinfrequentlyonthesuccess ofthis,and
Ÿ settingupformalquarterlycheck-insonmeasuring thesegoals.GoogleadoptedthisearlyonfromJohn DoerrintheformofOKRs,andtherearegreat platformsouttherewhichcanformallymeasureand tracktheseobjectives.
Careerpathingisalonger-termconcern.Iaskcandidates fromthestart“sowhat’sthenextjobafterVideoAmp?” Thisoftencatchesthemoffguard,thenaftercarefulthought mostreplywitharole1-2levelsbeyondwherethey’reat now.It’sourgoaltohelpsteertheminwhateverpaththey currentlysee.
Manyearlier-careerengineersthinkmanagementistheir ultimatepath,butIhavefoundthatmanywillstayona tractofengineeringexcellence.Whetherit’saPrincipal EngineeroraVPofEngineering,thegoalistoorientthe newchallengesinamannerwhichgrowstheminthat direction,evenifwecan’tfullyrealizetheirultimate pathinggoalwhileatthecompany.
Bypayingcarefulattentiontothesedetails,wehavefound ourannualretentionrateinthehigh90%.
Foundedin1997,Cimcor Inc.isanindustryleaderin developinginnovative security,integrityandcompliance softwaresolutions.Thefirmison thefrontlinesofglobalcorporate, governmentandmilitaryinitiatives toprotectcriticalITinfrastructure andhasconsistentlybroughtIT integrityinnovationstomarket.
WhenCimcorwasstarted,ithada focusonprocessautomationand control.Thecompanywas responsibleforcreatingand implementingmission-critical applicationsinboththe manufacturingsectorandutilities. Itidentifiedtheneedfor corporationstoensurethatcritical systemscontinuetooperate appropriately,despitecyberthreats orevenhumanerror.The CimTrak Integrityproductlinewascreated inresponsetothisidentifiedneed. Overtheyears,Cimcorhas expandedthescopeofitsproduct linebeyondmanufacturing& utilitiestomeettheneedsofthe broaderenterpriseandrapidly growingcloudinfrastructures.Its visionisstraightforward;todetect changethroughouttheenterprise. However,theimplementationof thisvisionisquitecomplicated.Its dedicatedteamofengineershas
createdthemostadvancedintegrity monitoringsystemintheworld.Its next-generationfile/system integritymonitoringproductthat goesfarbeyondthestandard detectionofothertoolsinits marketplacefocusesnotonlyon changedetectionbutalsoon maintainingsystemuptime. Powerfulfeaturessuchasselfhealing/remediationcapabilities, reinforcethecompany’s commitmenttonotonlyproviding informationaboutchangestoyour ITinfrastructurebuthelpingyou manageitproactively.
Asacomprehensivesecurity, integrityandcompliancesolution, CimTrakiseasytodeployand scalestomeettheneedsofthe largestofglobalnetworks.Withan automateddetectionprocess, flexibleresponseoptions,and auditingcapabilities,CimTrakisa powerfulcompliance,information assurance,andsecuritytool. CimTrakprovidestotalsystem deviceandintegritymonitoring. OrganizationsusetheCimTrak IntegritySuitetomonitortheir servers,workstations,network devices,activedirectory/directory services,databases,POSsystems,
Docker/ContainerSecurity,and cloudsecurity,forunexpected change.
AneliteteamofCimcorisledby itsPresidentandCEO,RobertE. Johnson.Robertisaninventorand hasledthedevelopmentofseveral patentedandpatent-pending technologies.Asaresultofhis passionfortechnology,hehas authorednumerousarticles, contributedtobooksabout technology,anddevelopedseveral commercialsoftwarepackages.He hasappearedonCNN,World BusinessReview,andInside IndianaBusinessaswellas BloombergRadio.
Activelyinvolvedinthe community,hehasservedon numerousboardsincludingthe PurdueTechnologyCenterof NorthwestIndiana,theMethodist HospitalFoundation,Boardof AdvisorsforPurdueUniversity NorthwestComputerInformation Technologydepartment,the advisoryboardoftheDepartment ofComputerInformationSystems forIndianaUniversityNorthwest, andBoardofAdvisorsfor WestwoodCollege.
The CimTrak Integrity Suite monitors and protects a wide range of physical, network, cloud and virtual IT assets in real-time while providing detailed forensic information about infrastructure changes.
Mr.Johnson’scontributionstosecurityandinnovation havebeencommendedandwrittenintothe CongressionalRecordofthe112thCongress.Underhis leadership,Cimcorhasbeenfelicitatedbyvarious recognitionsandawards.In2015,Cimcor,Inc.was selectedbytheIndianaNW-ISBDCasExporterofthe YearinTechnology.Inthatsameyear,Cimcor,Inc.was selectedbyCyberSecurityVenturesas#82intheglobal compilationofthetop500informationsecurity companiestowatch. In2017,Cimcormovedupto#75 intheglobalCyberSecurityVenturesTop500 compilationandMr.Johnsonwasinductedintothe NWITimesBusiness&IndustryHallofFame,an accomplishmentthathasbeendocumentedinthe CongressionalRecordofthe118thCongress.In2019, CimcorwasnamedtotheHOT150Companiesto Watchin2020byCybercrimeMagazineandnamedin theTop25CybersecurityCompaniesof2019.
AccordingtoCimcor,thechallengewithinthis particularindustryistherapidpaceatwhichtechnology andmalwareevolve.In2018,therewere1.2million newvariantsofmalwarecreatedeverysingleday. Helpingorganizationscopewithzero-dayexploitsand malwaretrendsrequiresCimcortoinnovateconstantly. Succeedinginsuchafluidandever-changingthreat landscaperequiresthecompanytofosteracultureof continuouslearningandserialinnovation.This corporateculturehasenabledCimcortocontinuously improveitssecurityandcompliancesoftware, providinguserswithchangedetectioninreal-time, coupledwithremediationensuringanorganization’s systemisinasecurestate.
Cimcor,Inc.hasapatentonreal-timeintegrity monitoringwithremediationcapabilities.CimTrakhas beendevelopedbyitstalentedengineers.Itstechstack
iscenteredaroundC/C++,Angular,andGo.Allofits communicationsanddataatrestisencryptedand compressed.ThecompanyusesFIPS140-2certified cryptographicmethods.Inaddition,allcommunication isencryptedviaTLS1.2.Whencommunicatingwith externaldevices,Cimcorusesavarietyofsecure protocolsincludingSSHV2.Thismulti-protocol supportallowsthecompanytoconnectandmonitora rangeofservers,networkdevices.Itsfocuson applicationportabilityhasenabledCimcortotightly monitorWindows,Linux,Solaris,AIX,MacOS,and HP-UX.Therearefacilitiestomonitordatabases, ActiveDirectory,LDAP,andavarietyofnetwork devicessuchasCISCO,Juniper,PaloAlto,Checkpoint, andmore.Itevensupportsthemonitoringofcloud servicessuchasAmazonAWS,GoogleGCP,Microsoft Azure,DockerandKubernetes.
CimcorenvisionstwomajorshiftsintheenterpriseIT space.ItexpectsacontinuedshiftofITinfrastructures intothecloudandanincreaseinhybridcloud/brickand-mortarinfrastructures.Theothershiftisthe dramaticincreaseinIOTandIndustrialInternetof Things(IIOT)devices.CimTrakisuniquelypositioned tohelpprotectassetsbothwithintheenterpriseandin thecloud.
“CimTrakworksgreat.Itiseasytouseandthe supportteamisfantastic.”
“WhatIlikeaboutCimTrakisthatitissoeasyto setup.Withinahalf-hour,wewereupandrunning, withTripwire®,whichI’veworkedwithinpast organizations,itwasprettyintensetosetup.We lookedatafewothers.Manydidn’tofferthesame benefits.TheyarenothinglikeCimTrak.”
Theriseincyber-crimesisoneofthemaincausesof Datacenteroutages.Aspertherecentsurvey conductedbyindustryinsiders,cyber-crimecaused 22percentdatacenteroutagesin2015opposedto2percent outagesin2010.Addingtoallthese,nowmostofthedata centersarere-evaluatingtheirsecuritypoliciesafterthe recentWannaCryransomwareattack.
Datacenteroutagescausecompaniestolossrevenuein manyways.However,thecostliestlossisservice interruptionandlossofITproductivity.So,the organizationsarenowrealizingthattraditionalsecurityis nolongersecureenoughtosecureanydatacenter.Arecent studyhasfoundthat83percentoftraffictravelseast/west withinthedatacenter,whichstaysundetectedbythe perimetersecurity.Inthisenvironment,whenanattacker infiltratestheperimeterfirewall,thencanjumpacrossthe systemwithease,extractinformationandcompromise valuabledata.Additionally,datacenterscanfaildueto trespassersoraterroristattackorbynaturalcalamities.
So,howcanonesecureadatacenterinthebestway possiblefromanykindofcyberthreat?Don’tworrywe’ve gotyoucovered,withthepointsbelow.
Asthefirststep,oneshouldMaptheDataCenterandflag thehackerswithinthevirtualandphysicalinfrastructure. TheCSOsandCIOswithasystemmapoftheirsystems canreacttoanysuspiciousactivityandtakestepstostop databreaches.Beingabletovisualizedifferenttraffic patternswithinanetworkhelpstounderstandthreats,that eventuallyelevatesthelevelofsecurity.
Understandingandmeasurementoftrafficflowwithin thedatacenterboundaryareveryimportant.Inthecaseof
anyinterruptionintrafficacrosseast/westvsnorth/south, protectedvsunprotectedonecangettoknowaboutathreat. Additionally,vulnerablezonesandunprotectedtrafficneed tobemonitoredforabetterresult.
Firewallrulesneedtobedefinedandimplementedasper requirements.Additionally,oneshouldallowtrafficonly afterthoroughverificationandselectivelyallow communicationtoensuremaximumprotection.Thekeyis toidentify,what;slegalandsecuredandwhatcanbe blockedtoenhancesecurity.
OneneedstoBuildaTeamwithexecutiveswho understandhowtrafficflowswithinthepremisesandcan access&secureinformation,takenecessarymeasuresto secureimportantassetsalongwiththeimplementationof roadblocksfortheattackers.
Securitymustmoveasfastasadatacenter’stechnology adoptionandintegration.SecurityStrategyShould ChangeAlongsidetheTechnologyanditshouldnotbe treatedasanadd-onoption.Additionally,businessesalso shouldensurethattheirvirusprotection,signaturesother protectionfeaturesareuptodateforbetterprotection.
BusinessesshouldIdentifyandPlaceControlsoverhighvalueassets,whichwillhelptoreducerisk.However,older securitysolutionsarecompletelyblindtonewthreats,new securitycompanieshaveproducedlatestsolutionsthat protectdatainthevirtualworld.
AccessRestrictionalsoneedstobeimposed.Every businessshouldthoroughlycheckaperson’sbackground beforegivingtheaccesstoaprizedpossession.Accessto themainsiteandtheloadingbaymustbelimited,
additionally,two-factorauthenticationsandfortifiedinteriorswithsecurityguardsandrovingpatrolswouldhelpto safeguardtheemployeesandthedatacenter.
InstallingSurveillanceCamerasaroundthedatacenter,alongsideremovingsignswhichmayprovidecluestoitsfunction helpstolocateanintruder.Abufferzonebetweenthedatacenterandalltheentrypointswilllimitunlawfultrespassingtoa greatextent.Additionally,thedatacenterneedstobefarawayfromthemainroadanditshouldnothaveanywindowsother thanadministrativepurposesforbettersecurity.
AdatacentershouldCheckTestBack-UpSystemsregularlyasprescribedbythemanufacturer.Itshouldalsoensureto makealistandofDo’sandDon’tsintheeventofanattack.Recoveryplansandsecurityplansalsoneedtobechecked thoroughly.
DatacentersarealwaysaSoftTargetforTheTerrorists,asanattackonthemcandisruptanddamagemajorbusinessand communicationinfrastructure.So,securityneedstobetakenseriouslyandtodothatproactivestepsshouldbetakentolimit theimpactofaterroristattack.
TrainedSecurityGuardsneedstobepostedinsideadatacenterandtheyshouldbewelltrained.Securityofficersmust undergostrictsite-specifictrainingtomonitorsurveillancefootage.Dependingonthesizeofdatacenterandthenumberof securitycamerasmultiplesecurityofficersmayberequiredonduty.Securityofficersdedicatedtoinspectingsurveillance footagehelpswhenitcomestosecuringadatacenter.
DisasterRecoveryisverymuchimportant,thatmustbeinplace.Ifthedatacenterstopsfunctioningafteranattackor naturalcalamity,itmusthaveawaytorestoreoperationsassoonaspossible.Tobereadyforadisasterandtoevaluatethe disasterrecoveryplan,it’snecessarytotrainstaffswellandexperiencesimulateddisasters.
Toavoidtheseobstacles,oneneedsafairbitofknowledgeofnewsecuritysystems,solidplans,andcomprehensive visibility.Themoreworkadatacentercandoupfrontintheabove-mentionedareasthebetterthechancesofsuccesswith lesseroutages.
TheCloudskeeprollinginforenterprises.Inthe 2018StateoftheCloudSurveyperformedby RightScale,theyfoundthat96%ofrespondents nowusethepublic,private,hybrid,oramixofcloud computingmodels.Toaddsomeadditionalcomplexityto themix,fromthesamesurvey,organizationsarealready runningapplicationsin3.1cloudsandexperimentingwith 1.7moreforatotalof4.8clouds.
Businessesreportthekeyadvantagesofmovingworkloads totheCloudareflexibility,agility,easyaccessto information,andcostsavings.Allofthesegreatadvantages thoughcomewithaprice.Justlikeanymigrationproject, therearealotofmovingpiecesandalotofplacesa companycanrunintoissues.
Therearereallythreesilosofchallengesthatbothcloud migrationsandoperatingintheCloudfallinto.
– Planning–Withoutawellthoughtoutplan,your migrationisdestinedtohavearockyroadtooperational readiness.
– RiskMitigation–Itiskeytounderstandalltherisks, technologyandbusiness,thatmovingandoperatingin theCloudcreates.Addingriskmitigationtoyourinitial planwillhelpeasethetransitionandmakeasurprise freeenvironmentwhenservicesgointoproductionin theCloud.
Governance(CostandSecurity)–Theeaseofuse, agility,andelasticityoftheCloudaregreatbenefits, but,theycanalsoleadtorunawaycostsandalackof adherencetosecuritybestpractices.
AtCCSIwebreakthemigrationandoperationintheCloud into5keyareas.
Itisacriticalstartwithafullunderstandingofwhat existsintheenvironmenttoday.Allapplications, services,andsupportinginfrastructureshouldbe inventoriedanddocumented.Thiswillensurenothing getsleftbehindandthatthereisaclearunderstanding ofthecurrentsteadystateinfrastructure.
Onceacompleteinventoryiscreated,eachapplication andservicecanbeevaluatedtodetermineifitshouldbe movedtotheCloud.Ifitistomove,isitbestsuitedfor public,private,orhybriddeploymentorwoulditbe bettertomovetoaSaaS(SoftwareasaService) solution.Perhapsitcanbedecommissionedbecause thereareduplicateservices,oritisnotbeingused anymore.Itmayalsobedeterminedthattheapplication orserviceisnotagoodtargettomove.Perhapsitisa legacyapplicationthatcan’tsupportmoremodern infrastructures.
ThisisalsoagoodtimetostartreviewingCloudservice providersthatmayfittherequirementsofyour applications,yourinfrastructure,andyourbudget.
Nowthatweknowwhatwearemovingandwhereitis moving,wecanstarttoputtogetheraplan.Duringthe migrationplanningphaseworkloadsareprioritizedfor theordertheyaregoingtobemoved,abudgetisput together,abusinesscaseismadeforeachworkloadthat istobemoved,andpilotmigrationsareperformed wherefurtherdesign,performance,orreliabilitytesting isneeded.Oncethisstageiscomplete,afullmigration roadmapalongwithbuyinfromalltheinterested partieswithintheorganizationshouldbesecured.
Onceaworkloadismigrated,fulltestingshouldtake place.Testingforperformance,load,security,resiliency andreliabilityshouldbeperformed.Thisisoneofthe mostcriticalsteps.Itismucheasiertomitigateissues BEFOREgoingintoproduction.
Thisisprobablytheshortestbutscariestpartofthe process.Afterallthehardwork,theplugispulledon theoriginalsystemandthenewsystemintheCloud goeslive.Allsupportprocessesshouldbetransitioned tosupportthenewcloudinfrastructureandall documentationshouldbeupdated.Afteranyissuesare
ironedout,apostmigrationreviewis alwaysvaluabletoseeifthereareanywaysto improvethemigrationprocessforthenextworkload.
Nowthatyourorganizationisofficially“intheCloud”,the challengeofgovernancebegins.Foreffectivecostcontrol incloudcomputingservices,itisimportanttounderstand thedifferentfactorsthatimpactanorganization’scost. Cloudcostmanagementtoolsshouldbeusedtohelp discoverthesourceoftheseinefficiencies.Unplannedcosts areoftenduetoalackofvisibilityofcurrentconsumption andpasttrends.Whenorganizationsusedonpremise infrastructure,theyfinanceditwithfixedupfrontCAPEX investments.CloudconsumptionisanOPEXsubscription modelbasedonutilization.Ashiftintheapproachto operationalmanagementisnowneeded.Optimizingfor costisasimportantasoptimizingforperformance.
Cloud-basedgovernancetoolscantrackusageandcosts thenalertadministratorswhencostsaregreaterthan budgeted.Thesesametoolscanbeusedtoensurecorporate securitypoliciesarebeingappliedtoallworkloadsandthat bestpracticesecurityframeworkslikeCenterforInternet Security(CIS)arebeingapplied.
Ascloudservicesmovedeeperintotheorganization,it’sas importantaseverthattechnologyleadersmakeinformed decisionsaboutwhichproducts,services,andpayment
modelsdeliverthe bestresultsandhave adequateplanningin place-butit’snoteasy.
AboutCCSI
Formorethan40years,ContemporaryComputer ServicesInc.(CCSI)missionhasbeentohelpsolve modernbusinesschallengeswithtechnologysolutionsthat optimizecost,reducerisk,simplifyoperations,andincrease performance.CCSIprovidesthehighestqualityofservice intheindustryforthefullspectrumoftechnologies–from containerstoPCs,networkinfrastructures,managed services,IPtelephony,cybersecurity,cloudservices,SDWAN,tostoragesolutions.AtCCSI,webelievethat technologyexiststomakeourlives-andourbusinessessimpler,moreproductive,secure,andultimatelymore profitable.Let’sGrowTogether.Learnmoreat www.ccsinet.com.
Joe Goldberg Cloud Program Manager CCSI
Joe Goldberg is the Senior Cloud Program Manager at CCSI. Over the past 15+ years, Joe has helped companies to design, build out, and optimize their network and data center infrastructure. Joe is also ITIL certified. Joe can be contacted via Twitter handle
@DevOps_Dad or by email jgoldberg@ccsinet.com.
About the Author
