Time for a new take on IT security

The digital transformation is speeding up and the world is increasingly running on data. In its wake cyber criminals are getting a whole lot smarter and over the past year we’ve seen massive ransom- and malware attacks resulting in global headlines, and cybersecurity is now a priority for everyone. But building huge walls in order to prevent attacks is no longer the solution. Instead we need a different mindset, focusing more on detection, and on building organisations infused with security thinking.

Big data as a security tool

As organisations become more security aware their cybersecurity efforts have made it harder for attackers to remain undetected. Attackers don’t want to get caught while stealing valuable data so, and as many businesses have data protection solutions in place, for example malware detection systems, they opt for standard Windows tools instead, like Microsoft Power Shell, to snoop around in the network.

This is where big data analytics can really help by setting a baseline for the internal users of the system and warn when anomalies occur. For instance, technicians will have certain work routines, while finance department employees will have a different workflow. When all of a sudden someone in the finance department opens Power Shell, this is not a standard behaviour and it will trigger warning signals even though it just happens to be a standard Windows application. Organisations with high security risks, like government bodies and companies with significant volumes of IP or critical data to protect, already rely on big data for security.

Your servers turn into secret bitcoin miners

The rise of cryptocurrencies has created a new security risk. Cryptomining requires large amounts of computing power and criminals are regularly “recruiting” individual computers in order to creating vaste crypto-mining networks. One or two computers might not show up on the radar, but with proper detection measures in place, like monitoring of resource usage you are able to keep intruding miners away. In general the very best strategy is to ensure all your systems are up to date. Don’t leave things unpatched or run old versions of software. And of course: don’t click on everything you see. Attackers still see e-mail scams as an attractive “way in.

Impossible to keep attackers out

Of course it’s important to try and protect your company, but let’s be honest, there is no way you’re ever going to be 100% protected. This is why we’re now moving away from prevention to focusing on detecting intrusions as soon as they happen. In a world of changing threats and compute-everywhere environments, the old security paradigm of just building bigger walls will be replaced by a continuum from block to allow. Machine Learning is becoming the key technology for predicting, detecting and preventing known and unknown threats. According to Gartner, deploying threat detection and response tools is a top priority for Chief Information Security Officers (CISOs). These investments can make a big difference. A report published by the US Ponemon Institute calculates that when an intrusion is found in less than 100 days, the average cost is $2.8 million. When detection takes longer than 100 days, the expense jumps to $3.8 million.

Security awareness

With the increase in cybercrime the hottest experts are those in IT security. But what can you do when there aren’t enough security experts to go around? The best immediate bet is to look for external partners to help secure the organisation’s IT.

Not every company needs a team of security professionals, but everyone needs people who are security aware. By ensuring the organisation has the right knowledge and culture a lot of threats can be avoided. For example, developers should always have security in the back of their minds while working on their projects. But all employees have to become more aware of security risks and take responsibility.:

  1. Everyone in the organisation must be aware about the threats and know some really simples rules: Firstly not all e-mails should be opened. Secondly, not all attachments should be opened. Thirdly, do not reply to everything. And do not insert any unknown memory stick into the computer!
  2. Establish routines for handling attacks and ensure everybody knows about them. An employee takes the chance of opening an e-mail and then they don’t want to be a nuisance or expose their “stupidity” so they don’t tell anyone. Clearly not a good idea. People need to know who to contact, and they need to be met in a friendly and professional way
  3. If something occurs, the notification procedures must be crystal clear, the distribution of responsibility indisputable and the measures immediate. Surveillance equipment must be routinely controlled, and there has to be subscribers to security updates.
  4. Practice, which is part of the contingency, may be done at different levels: from within the IT department to the entire organisation, but it’s really important that it happens.

When security experts are hard to find a great way to infuse security thinking into the organisation is by creating a multicompetence team. Look for employees with integrity and a personal interest in security, people who are spending time outside of work searching for security holes and keeping up with the latest trends and tools. With this team in place, not only can you use their combined expertise, they will also act as ambassadors and spread security awareness to their respective departments.

Do you want to transform how you work with information security to speed up innovation in your company? Download our Digital Ability Report HERE and get some insights on how to take security and innovation to the next level!

Author: Fredrik Svantes, Senior Information Security Manager, Basefarm

Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .

Data Thinking: A Guide to Success in the Digital Age

How do we keep up with the pace of digitalization and take control over our own digital development? And how do we learn new skills and routines that lead to successful digitalization? It all starts with a modern way of thinking and acting. At Basefarm we call it Data Thinking.

CIOs don’t know what DevOps is

‘DevOps is not an IT platform but a culture: that’s where it often goes wrong’

It seems that only one of every ten innovative software projects sees the light of day, despite CIOs setting up agile DevOps teams that develop new functionalities at a lightning pace. ‘CIOs have the world at their feet, but become the victim of their own success,’ says Jan Aril Sigvartsen of Basefarm.

How does digital transformation actually work?

To master digital transformation in your business and put data-driven business models into practice, a digital mindset and comprehensive empowerment originating with corporate management is required.

Fast innovation starts with automating development workflows

You have to be able to try out new concepts faster in order to dial up the innovation speed. This requires a different way of thinking and a more modern software development method.

“Thanks to OpenShift, developers can concentrate fully on functionality and on writing code.”

You have to be able to try out new concepts faster in order to dial up the innovation speed. But this requires a different way of thinking and a more modern software development method than most companies are used to.

“In an ideal situation, you would be so flexible that you could turn an idea for an app or a new product, for example, into a working prototype that you could offer to a group of customers within a very short time frame,” says Stefan Månsby, Innovation Officer at Basefarm. “This way you would get feedback as quickly as possible, be able to monitor customer behaviour and continuously roll out changes and improvements.”

The problem, however, is that the IT department is often far removed from the business side of things at many companies. IT primarily has a supporting role there. “Take ITIL processes, for example. These are primarily aimed at guaranteeing a stable and high-quality operating environment for the lowest possible costs. Being innovative and experimenting does not fit in to this picture at all.”

Development and seamless administration

Hence, not only does software development need to be faster and more flexible, operational efficiency must also be improved. Månsby: “That is why it is desirable for administrators and developers to cooperate in devops teams and use shared workflows.” Everything that developers produce can then be administered quickly and efficiently.

“Often companies stop before they have even begun, simply because there are too many barriers. But you have to be able to try out new things. You do not want to wait for a server for weeks. And should something not be successful, you should be able to stop doing it immediately without this resulting in consequences.” You do not want to get stuck with expensive, superfluous servers, for example. Everything should just disappear, so that you can start trying out something else.

Workflow automation

You should automate workflows because it is too labour-intensive to manually process sizeable checklists. The open source platform OpenShift was developed especially for setting up and working with workflows. “Thanks to OpenShift developers can concentrate fully on functionality and on writing code, without worrying about the hardware, the operating system or the cloud environment where the application will soon be running,” continues Månsby.

Technologies such as Docker and Kubernetes are used in OpenShift for neatly bundling everything needed to run an application on a specific infrastructure. “Administrators can easily roll out these bundles and know for sure that the correct modules for processes such as monitoring, logging, auditing and passing on of costs will be included automatically.”,

Orchestration

One aspect of a workflow is automatic verification of whether all the required modules that together comprise an application are still able to work together properly and whether no conflicts arise due to a change. Månsby: “Modern software development uses so-called microservices. These are bits of functionality that you can add, adapt and remove quickly and easily, without affecting the remaining functionality.” Any application easily consists of hundreds of microservices that talk to each other through APIs. “This creates many thousands of integration checkpoints that all need to be carefully checked every time. This makes orchestration a very complex and labour-intensive task which is impossible to do manually. OpenShift shoulders the heavy work. It is also possible to visualise the connection between all the components.”

With OpenShift you can ensure that you remain compliant and optimally prepare yourself for audits. “You can carry out the necessary controls and generate the needed reports with the platform.” Code is packaged and provided with checksums in such a way that it is impossible to tamper with the software, guaranteed. “You always have 100% certainty that what is in production is correct and that no one messed with it somewhere along the line.”

Adaptation and customisation

OpenShift takes a great deal of work out of developers’ hands by providing a comprehensive framework for setting up and using workflows in a cost-effective manner. Månsby does, however, issue a caveat: the platform is not a ‘miracle cure’ that will resolve everything for you right out of the box. “OpenShift entails an enormous amount of functionality,” he explains. “Usually you only need a part of it. It will be an enormous help if you involve a party who will assist you in finding the right way to get the best possible use out of the platform. You can try to discover everything yourself, but that takes a lot of time and there is a big chance that you will not even use the platform in an optimal manner afterwards. And why would you want to reinvent the wheel anyway?”

You should also examine how OpenShift and the workflows fit best with your organisation. There will be a need to adapt existing workflows in certain aspects if you want to get the greatest benefit from OpenShift. “It’s important to realise that a digital transformation is needed. The goal is to decrease time to market, increase innovation speed, accelerate software development and improve operational efficiency. And this will not be possible if you want to keep doing things exactly as you’ve always done them before.”