Ajay Kumar, CISSP, CGEIT, PMP, Director, Internal Audit (IT), Citizens Property Insurance Corporation

Ajay Kumar, CISSP, CGEIT, PMP, Director, Internal Audit (IT), Citizens Property Insurance Corporation

Cloud computing benefits are widely understood, and it has become one of the essential ingredients for continued innovation in today's fast-paced business transformations. Even after understanding all these benefits and the desire to provide outstanding service to customers and end users, why are businesses still hesitating to move to the Cloud? Based on my decades of IT consulting and IT leadership experience, the top 3 reasons are:

1. Information Security, Governance, Risk, and Compliance Concerns

2. Challenges with core systems integration and Legacy Systems redesign

3. Lack of understanding of Cloud Costs optimization

Concerns about security and the fear of losing control are one of the top reasons holding businesses back from accelerating their digital transformation journey through cloud migration. So, the question is, Do we have a way to mitigate these concerns and ensure that businesses feel at ease with their decision to move to the Cloud?

The evolution of cloud computing has emerged with new solutions that have the potential to mitigate Security, Governance, Risk, and Compliance concerns of the public Cloud. This evolution has led to a Hybrid Cloud strategy combining processing, data, and storage environments of On-premises, Private Cloud, and Public Cloud - such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). A Hybrid Cloud can help to address security, Governance, Risk and Compliance concerns, control issues, and other barriers that can cause cloud migration to derail. Hybrid clouds combine the benefits of both public and private clouds to offer a responsive, secure option to businesses. Public clouds are well suited for many front-office workloads. However, the private clouds are well suited for mission-critical workloads, where the benefits of the Cloud are most sought-after but the security and assurance of a closed environment are critical.

Hybrid clouds combine the benefits of both public and private clouds to offer a responsive, secure option to businesses

Hybrid Cloud provides the benefits of the best of both worlds. It enables businesses and Technology professionals to have complete autonomy in defining where workloads, data, and processing need to exist based on audit findings, the organization's policy, compliance needs, and regulatory requirements. It offers both the control of on-premises hosting and the flexibility of cloud storage, all while reducing the overall risk exposure of data confidentiality, availability, and integrity. As a result, it mitigates security, governance, risk, and compliance concerns. It empowers companies to store data in specific environments that align with business strategy and the industry's regulatory requirements. The centralized management system of the hybrid Cloud makes it easier to strategize, implement, manage and audit technical controls. The controls are centrally accessible whether organizations leverage encryption to reduce the risk of data confidentiality, integrity, and availability or end-point security for data loss prevention. Application deployed on a Hybrid cloud runs with much greater security than on a public cloud. Hybrid Cloud technologies also allow on-premise infrastructure and Clouds (private and Public) to operate seamlessly across multiple standardized technology interfaces. It provides ease of implementation and enables businesses to innovate with agility, improving responsiveness and lowering operating costs even with the added layers of complexity.

As hybrid Cloud continues to grow in popularity, there are many variations in adoption across different industries. In regulated sectors which are more concerned with security and have stringent audit requirements (such as insurance, banking, telecom, government, and healthcare), the cloud mix still leans heavily toward the private Cloud. However, in less regulated industries, it tips the other way. Hybrid Cloud's interoperability means that organizations aren't forced into either environment. Hybrid clouds share services and allow applications, workloads, and resources to migrate between and among public and private clouds. Also, hybrid clouds can help to avoid vendor lock-in. Vendor lock-in creates risk if a vendor suffers production, legal, or financial issues. With the freedom to find the best solution and cloud provider suited for their needs, companies now have access to the most cloud ecosystem opportunities.

Hybrid cloud strategy and implementation continue to be on the rise. It provides better support in a distributed workforce environment, reduces overall costs, improves scalability and control, increases innovation and agility, and improves Business continuity and disaster recovery. It has given businesses more choices than ever to migrate to Cloud and securely accelerate their digital transformation journey.

Read more:
Transform Digital Journey With Confidence Using Hybrid Cloud ... - backup.cioreview.com

Licel has recently released their comprehensive guide to mobile application protection. This invaluable resource is specifically tailored for software engineers and architects, providing them with essential knowledge and practical strategies for enhancing app protection.

As per Ivan Kinash, the CEO of Licel, the guide represents a logical progression of the companys long-standing objective to advocate for app security among developers.

Weve always had a close bond with the app developer community because of our own background as a company. And we know that right now the best way to balance the scales with bad actors is to promote the benefits to developers of understanding the basics of app security. Engineers need to know how attackers operate and what they can do to mitigate the threats their mobile apps are up against.

Given the prevailing circumstances in 2023 where attackers seem to hold an advantage, the guide on application protection is especially timely and imperative.

Weve arrived at a curious intersection with mobile apps, says Kinash. While many companies might readily admit their application is one of their most vital assets, this doesnt always translate into security being prioritized as much as it should. Theres also some unhelpful misinformation out there about what mobile app protection is and the level of security thats required.

Licels guide aims to educate developers on the critical significance of app protection and explain the multifaceted layers of security required to effectively stop contemporary attacks.

The guide is structured into three primary sections, providing comprehensive coverage on the following topics:

Principles: This section delves into the crucial elements of mobile apps that require protection, elucidates tips for creating a threat model, and outlines Licels four essential layers of mobile application protection.

Threats: Here, various threats and attacks are discussed in detail, along with strategies for mitigation and prevention. Topics covered include decompilation and modification, dynamic analysis and tampering, emulators and virtualization apps, malware, and network communications interception.

Practice: This section offers a practical checklist for safeguarding mobile apps, along with insights on how and why security should be treated as an ongoing and continuous process.

Read Licels guide to application protection.

Read Next: Virtuozzo Simplifies WordPress-as-a-Service for All Online Businesses

Continued here:
Licel release their guide to mobile application protection - Daily Host News

Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns.

The basic concept of the new service, launched at RSA Conference in San Francisco today, is simple Akamai, via its large array of global points of presence, monitors vast volumes of traffic, looking for indicators of intellectual property or client resources being misused, like corporate branding or certificates being used from IPs that arent associated with that company.

Akamai said that it can use that intelligence to detect brand abuse often, before an attack campaign launches, according to its official announcement.

This shields businesses from revenue loss and increased risk by combating fake goods sales, phishing sites and unauthorized use of brand elements outside of its environment and across the Internet, the company said.

Akamai said that Brand Protector pairs its wide detection net with AI and heuristics to provide real-time analysis of threats to users in a dashboard view. The product uses a threat score metric to weigh the relative severity of potential attacks, but the underlying data used to make those calculations are easily available from the management console.

Its a completely different approach to the problem than anything thats been tried before, according to IDC group vice president for security and trust Frank Dickson.

A traditional security product is normally looking at streams of ingress, like whats coming into a [customer] environment, or egress, he said. Akamai will tell you they have a massive footprint and can look at a whole host of traffic.

Akamais outsized web presence is a key piece of leverage in Brand Protectors automated mitigation feature, as well, Dickson said. Where takedown notices for fake sites would sometimes take days or months to be processed by ISPs in the past, Akamai has an API-based approach to sending those notices, letting ISPs act on notifications much more quickly.

Every hosting provider wants to maintain a certain level of legitimacy, he said. If they start getting downgrades to reputation, then all of their customers get downgraded as well, so then theres a problem that [the hosting provider] will start losing customers.

Akamai said in its statement that Brand Protector is available as of today. Details on pricing were not immediately available.

Go here to read the rest:
Akamai debuts Brand Protector service to combat phishing, online forgery - CSO Online

Bad digital ad spending is very bad for the environment. Thats the finding of Scope3s State of Sustainability Report which found that media properties with the biggest carbon footprint are typically fraud, click-bait or offer low-value inventory.

These Climate Risk websites, which make up 10% of the domains in the five countries studied by the report the U.S., U.K., France, Germany and Australia, contribute 33,500 metric tons (mt) of carbon dioxide equivalent (CO2e) greenhouse gases per month. Thats equal to driving a car 86,000,000 miles or 3,449 times around the earth. Between January 2020 and May 2022, $115 million was spent on advertising on these sites.

The big picture. Overall, the energy used by programmatic advertising in these five countries every month generates the same amount of greenhouse gas as 24 million gallons of gasoline, according to the report.

Dig deeper: How advertisers can take the lead in reducing carbon emissions

This includes energy used in

Global emissions per 1000 programmatic ad impressions are approximately 514.8 gCO2PM (grams of carbon dioxide and equivalent greenhouse gasses). Thats the same amount of energy as washing a load of laundry.

Average publisher emissions can range anywhere from as low as 187 gCO2PM all the way up to 1772 gCO2PM.

Why we care. Climate change is the greatest threat to human existence and we are running out of time to do anything about it. This is why every action matters.

Its easy to get overwhelmed by the scale of the problem and think this one change wont accomplish anything. Repurposing ad spend away from those problematic websites only cuts 33,500mt out of programmatic advertisings monthly total of 215,000mt. Even if we could get that amount to zero, it is a fraction of a percent of the 50,000,000,000mt of greenhouse gases produced each year.

Heres the thing: Were in the marketing business. Were all about the cumulative impact of incremental change in attitudes. We dont know where the tipping point is for this change. We could be a very small step away from it. Every action matters in getting to that.

Doing less with more isnt only in your own self-interest, its also good business. Retail giant Walmart has saved billions of dollars by requiring more environmentally friendly packaging for the products it sells.

What can be done: Each ad impression travels through an advertising life cycle, which starts with the programmatic selection process and ends when the ad is delivered. Every step along the way contributes to the ads emissions. Knowing the impact of each part of the journey will help you discover excess energy uses.

For example, ad selection is responsible for upwards of 60% of the energy used in programmatic advertising. You can lower that amount significantly by adjusting things like your programmatic supply chain.

Get MarTech! Daily. Free. In your inbox.

Read the rest here:
'Bad' digital ad spending can harm the environment - MarTech

Digital is transforming businesses and embedding innovation into all aspects of it, from daily operations to strategic decision making. CIOs and business leaders are required to entirely integrate their business, technology and sustainability strategies. According to Accenture's Uniting technology and sustainability report, only 7 percent of companies have fully integrated their technology strategies with their sustainability strategies. And only 49 percent of CIOs are a part of the leadership team setting sustainability goals.

Technology is a fundamental element in enabling business sustainability from improving transparency and traceability in global supply chains, to helping measure and reduce carbon emissions. Organizations tend to perform better financially with higher sustainability performance across environmental, social, and governance (ESG). This will require a blend of advanced technologies to measure, reduce, and remove an organizations carbon footprint.

CIOs are the driving force, they need to have green practices across the software development lifecycle. According to Accenture, a green lifecycle will save energy, reduce emissions, and develop carbon-efficient software. Building green software improves efficiencies across processes, deployment, usage and maintenance. Organizations can advocate and drive green as a mission while striving for a connected user and customer experience. Green software is carbon efficient and carbon aware; and integrates privacy, fairness, transparency, robustness and accessibility.

Designing and deploying an extensive sustainable technology strategy one that uses technology to drive sustainability at scale while also making technology itself more sustainable is now the core mission of the purpose-driven CIO. The responsibility is huge, but the opportunity to drive new sources of value and lead the way to a more sustainable future is even bigger.

Business. Moving forward, leaders will have to collaborate with their ecosystem to initiate the progress beyond the company and across the world.

Identify a holistic approach to interact with investors, partners, regulators and customers; consider the global impact of the products and services you create.

Think of zero carbon and embrace green software. Make the user experience sustainable, enable green AI and data practices; and sustainably manage the physical layer on which software runs.

Adopting energy efficient and green practices across the software development lifecycle. Reduce the emissions, and develop carbon-efficient software right from selecting platforms, programming languages, to designing software architecture and DevOps.

Leaders must Evaluate energy efficiency and accuracy of the AI/ML models. And repurposing existing models for a different task to cut down energy and time and in turn emissions.

Promoting data center to cloud migrations. Hosting decisions and green application development on cloud for hardware and energy efficiency. Assess implementation of edge computing inherently a low energy technology,

Driving reduction in environmental impact of IT infrastructure - end-user devices, networking components and data center by considering both usage emissions. Encouraging responsible procurement and end-of-life management amongst others.

It is necessary to leverage advanced tech AI, ML to pursue digital transformation, and undertake sustainability goals on an individual level and collaborate with business objectives.

CIOs must reassess their technologies through the lens of sustainability, and further establish and implement a comprehensive sustainable technology strategy. They should use technologies sustainably to lead growth while also delivering the environmental and social progress that their stakeholders desire.

Watch all the episodes of Digital Compass

Join the community of 2M+ industry professionals Subscribe to our newsletter to get latest insights & analysis.

Go here to read the rest:
Driving Green Software In the Connected World - ETCIO