Three Technology Trends and Tips for 2018 from four Cleveland experts
The web and data centric world we live in has made it more and more important for all companies to understand both the ever fast changing Technology curve and how the laws affect them and their employees. Companies must rely on their data management and keen ability to provide optimal data security. Every industry has a unique set of requirements for data security, and that those requirements are very rarely static. A company must have a multi-pronged strategy and solution for Technology to effectively help support and grow its business. In the Digital age companies must effectively embrace technology and innovation in order to reduce costs and improve efficiencies and facilitate the ability to compete and survive ongoing in a Global marketplace.
From data center facility-based Cloud operator Kevin Goodman, managing director and partner, BlueBridge Networks
- The adoption of Cloud Computing continues to escalate. Companies are increasingly outsourcing various aspects of their businesses to the Cloud. In its simplest form, the cloud consists of services and software that are accessed through the Internet instead of or in combination with your local network. Cloud environments are housed in highly available, fully redundant and compliant third-party audited data centers and are built on enterprise hardware. It’s safe to return to an old business axiom: When transformation occurs it brings new challenges; it also brings opportunity. Small and midsize businesses must become comfortable understanding the cloud infrastructure and all they can gain from utilization. Careful due diligence will help businesses make confident decisions in finding the right providers to launch them into this space. Reasons to move to a cloud platform are many. Perhaps you are facing a hardware refresh, new levels of compliance requirements, security and /or law, or your company may wish to move toward applications that can drive and grow your business. You may want to beef up your disaster recovery and business continuity strategies or be prepared to scale your IT to meet varying customer demands. Connecting your mission critical apps into facilities that have faster performance and higher security than your own makes good business sense. The idea that the cloud is only for larger companies is inaccurate. There are many budget-friendly cloud options for small and medium-sized businesses. Find a cloud company that will work with you on a Proof of Concept (POC) and, in phases, fit you into the cloud. A POC will determine the feasibility of moving to the cloud; it can also be a useful tool to see how well you and the vendor work together.
- With the advent of improved cloud backups, planning for failure is readily available, cost effective and needed now more than ever. Cloud and Hybrid environments can be designed to respond to failure, contingencies and breaches. Having a solid backup and business continuity strategy can allow for swift restoration of data to a certain point prior to the incident. A company can move quickly to a return of “business as usual” and thwart or mitigate various outages, errors and data breaches as a result. Architecting for failures today can help companies avoid costly repercussions of system failures while protecting its data.
- Consider outsourcing Managed Services in the coming year. Having an organization who is third party audited, compliant and demonstrates solid resources (strong ecosystem of partners, educated and certified staff along with an array of appliances and tools) can allow your IT and Business Teams to focus on your core business and more adequately protect your systems. With the complexities of today’s internet and interconnected systems cybersecurity is no longer just security, it is also business defense. Leveraging an outside source can help your organization by tying it to a 24 hour 365 days a year Operation Center while leveraging applied intelligence. If one thought 2017 was a year for data breaches, wait till 2018 as many agencies are forecasting an increase in the number and impact of data breaches. Monitoring systems and patching environments continuously will help to enable limited business interruptions.
From cyber security and computer forensics expert Timothy M. Opsitnick, Executive Vice President and General Counsel Technology Concepts & Design, Inc. (“TCDI”) https://www.tcdi.com/
“Trends & Tips for Cybersecurity in 2018”
- The Internet of Things (IoT) touches each aspect of everyday life. The IoT is a network of devices that connect to one another and exchange data, for example cell phones, tablets, coffee pots, thermostats, and refrigerators. Indeed, the number of devices and the data IoT will produce continues to grow as will the security risks and privacy needs. As companies try to navigate the IoT “wild west,” they must develop methods to protect their network and data.
- “The time to repair the roof is when the sun is shining.” – John F. Kennedy. The same is true in cybersecurity. The difference between taking a proactive stance on security versus reactive is considerable, and companies are beginning to evaluate their strategic partnerships with vendors based on those who have chosen to protect proactively. Vendor risk assessment questionnaires are routine and are used to evaluate a third party vendor’s or business partner’s security policies and protocols. The answers to these questions can mean the difference between winning or losing a client.
- Security will become more tightly integrated with the development and operations life cycle in the upcoming year. As new products are developed and current products are updated, security will become an important part of the process before deploying any changes. The integration of security into the DevOps team will drastically reduce potential cybersecurity vulnerabilities.
From third-party auditor Tom Aumiller, director of information tech, Maloney + Novotny LLC
- Vendor Management – Businesses continue to move key processes to external sources such as Software as a Service, Infrastructure as a Service, third party support and outsourcing. Trusting a third party with your process also means that they will have responsibility for some of your internal controls (such as logical security). Major breaches (e.g. Target, Equifax) often point to weaknesses in a third party vendor. Auditors are now focusing more effort on the steps that businesses take to assure that their third party contractors are living up to appropriate standards. It is important to develop a Vendor Management policy that includes annual evaluations, among other components. Where appropriate reviewing independent assessments of your vendor contractors is important (PCI, SOC, ISO, NIST). The American Institute of Certified Public Accountants is also developing a SOC audit standard specifically to meet Vendor Supply Chain control issues. Expect to see this new SOC audit in the near future.
- Big Data comes to the rest of us – For years businesses with the resources have used data and trends to spot audit and compliance issues. Often this meant hiring a forensic specialist or having expensive analytic tools along with experienced staff to find outlier data that indicated a compliance problem. Well we may not be able to replace the value in that expertise, but now entry level tools can help accounting, audit and compliance staff cull through the mountains of data using add on tools for Excel. Most have built in functionality such as statistical sampling, heat matrix, duplicates, gaps, Benford’s analysis and more. Google data analytics add ins.
- Security Awareness Training, a “must do” – Investments in cybersecurity have increased exponentially, and most organizations are discovering that the investment in the people side (weakest link) of the security equation is a necessity. Businesses need to ensure that every employee in an organization is aware of the potential threats they could face, whether it’s a phishing email, sharing passwords, or using an insecure network. Hackers are always finding new ways to access information, which is why creating a culture of consistent awareness of threats is so important. Creating a “security culture” within a business is all about training and awareness, hybrid programs which include CBT videos and interactive gamification of cybersecurity best practices combined with social engineering and phishing exercises ensure that employees get a thorough understanding of threats, as well as the implications of a breach. Phishing and social engineering are still the weapons of choice for hackers and the entry point for a broad range of attacks, so the inclusion of these types of tools to an organizations security training is imperative for its success in preparing its employees to protect its most critical assets.
From attorney Michael D. Stovsky, partner and chair of innovations, information technology and intellectual property practice group, Benesch, Friedlander, Coplan & Aronoff LLP
- Compliance with the EU General Data Protection Regulation is MANDATORY for any company that has operations in the EU or EEA or that transmits data from the EU or EEA to the United States. The potential penalties for non-compliance are extreme – up to a maximum penalty of the greater of EUR 20 million, or 4% of global gross turnover. The compliance deadline is May 25, 2018. Companies that have not yet begun their compliance efforts should do so immediately. It is a complicated process and cannot be completed in a short period of time. Boards of Directors are encouraged to become educated participants in the process of compliance as well so that they can properly and effectively oversee the companies that they are obligated to supervise.
- Blockchain will revolutionize virtually every industry. Clearly, Bitcoin, which is merely one embodiment of blockchain, has become a global force in global currencies and payment systems. But there are a virtually unlimited number of potential uses and benefits for blockchain-based technologies and platforms. Blockchain is at its core a digital ledger (think spreadsheet) that is distributed (i.e., can be accessed by industry participants) and stores a record in real time of transactions. It is strongly encrypted. It is used to ensure that transactions using an embodiment of blockchain technology (e.g., Bitcoin, Litecoin, Ethereum, etc.…) are recorded in an environment that is highly secure, and therefore preserves the integrity of the data recorded in the ledger. One of the up and coming blockchain platforms is Ethereum. Ethereum utilizes blockchain to create “smart contracts” – self executing contracts that can be used by parties for a variety of purposes. Business are encouraged to learn more about blockchain and how it may impact your particular industry.
- Boards of Directors will face increasing scrutiny in the coming months and years regarding cybersecurity preparedness. It is only a matter of time before the plaintiff’s bar begins to target with zeal boards of directors that do not have the requisite expertise in cybersecurity to ask tough questions, and mandate that their companies take action on cybersecurity risks. The fact is that the boards of directors of most large entities do not have the right type of experience represented in their ranks in many instances. The advent of cybersecurity committees of boards of directors is expected to become more popular, as is the frequency with which independent directors knowledgeable about cybersecurity risk and compliance issues are added to corporate boards. New pronouncements are also expected from the SEC and other regulatory bodies pertaining to cybersecurity disclosure issues. Further, companies are encouraged to review their D&O policies carefully to see if cybersecurity risks are covered so that boards are adequately protected from an insurance perspective.
Companies need to be well poised for this important work and change in the Digital Age. There is a strong chance much of what you do as a business is as a result of or relies on the Internet. Most have some data that indeed should be handled in a way that is in compliance with the Law no matter your industry. Take the time to review the laws, best practices and seek outside guidance to be prepared. Frequent review, training, support, investment and preparation will go a long way in ensuring the necessary safety and security of your data and your success in the Digital Transformation.
Kevin Goodman is managing director and partner with Blue Bridge Networks, a cloud data center and managed services business headquartered in downtown Cleveland.
Article taken from Crains Cleveland – Original Article