__MAIN_TEXT__

Page 1

Volume-4 Issue-6

www.insightssuccess.com April 2019

1 SECURITY

Paul J. Cella CEO Security Control, LLC

Jeanne A. Travis President Security Control, LLC

Security Control Ensuring Security Solutions for All Requirements


E Delivering Efficient, Effective and Compliant Security Solutions

I

n the world in which information is flooded all over the internet, protecting the business data and critical data has become more critical than ever. Today, the business processes and many kinds of data exchange of more and more enterprises are mostly online. As the enterprise data is proliferating and business processes are becoming completely online, organizations need to have a proper enterprise security solution provider program to ensure the safety of their vital information. Every organization faces security challenges. In the ultra-connected world the threat to the digital data as well as the purposeful disruption of the online business processes are the most critical challenges that organizations face today. Federal defense contractors as well as Government agencies also hold the crucial national information and protecting that information is essential from the national security point of view. To address all the security challenges organization or government institutions should have an appropriate enterprise security solution provider. These solution providers should have a competent software program in order to be compliant with the requirements of the clients. These software programs should have the latest technological enhancements integrated in it so that it can be intuitive for the clients to use. The security program should also be efficient and effective. The software program offered by the security solution providers should also reduce labor costs through built-in workflow modules that facilitate and speed up employee interaction with Facility Security Officers. In order to successfully fight cyber-criminality, security providers must display a very high level of innovation integrated into their security program. To provide quality security services to the clients some enterprises invest a lot in enhancing the quality of the security system against the threat from malicious attacks. Failure to protect sensitive information costs a lot and no organization wants to afford a petty theft of their vital information. Therefore having a secure enterprise platform is critical to protect organizational data from IT security issues. To defy any kind of cyber-attacks, security system software should be integral part of any kind of institution. The efficient, effective, and compliant enterprise security solution providers hold the capacity to help the businesses and institutions take advantage of their expertly enhanced security software program to protect all vital information. These


Efficient security solution providers improve the profitability of the organizations by safeguarding their most valuable information from all possible threats.

Sharad Chitalkar

security programs ensure security solution to all kind of security threats to the information of the organizations. These programs safeguard sensitive information against all types of possible dangers. The services provided by them give almost unlimited scalability. These solution providers continuously compete against hackers and criminals in a struggle to outdo them by harnessing the latest state-of-the-art technology. Some of the competent security solution providers provide strategic consulting, data recovery and investigation, and managed data services to commercial, non-profit, and government organizations. Efficient security solution providers improve the profitability of the organizations by safeguarding their most valuable information from all possible threats. Recognizing the renowned enterprise security solution providers, Insights Success has enlisted “The 10 Most Promising Enterprise Security Solution Providers, 2019” Featuring as our Cover Story is a notable Enterprise security solution provider Security Control. Security Control, LLC is a United States based leading, privately owned security software Company. It believes in risk, vulnerability, and threat management by utilizing the latest technologies for Industrial Security solutions. It offers a wide range of integrated service solutions to meet and satisfy specific security requirements of Clients while increasing efficiency and productivity. Also, make sure to flip through articles, written by our in-house editorial team as well as CXO standpoints of notable industry personalities to have a brief taste of the sector. Let’s start reading!


Cover Story

SECURITY CONTROL:

08

Ensuring Security Solutions for All Requirements

16

26

36

Maestros Insights

Leadership Viewpoint

CXO Standpoint

AI: From ArtiďŹ cial to Authentic

Challenges in Cloud Computing

Leverage Existing SAP Solutions with Cloud Procurement


CONTENTS ARTICLES

18 KIANA.IO: Augmenting Safety, Security, Awareness and Engagement

24 METACOMPLIANCE: Resolving Data Breaches through a One-stop-shop Management Solution

30

22

PDFI: A Reliable Provider of Defensible and Accurate Digital Forensics Solutions

Digital Revolution Data Center Security: Controlling Possible Threats

32 Editor’s Pick Migrating the Data Warehouses into the Cloud

38 SECUCLOUD GMBH: The Cyber-Security Expert


Editor-in-Chief Pooja M. Bansal Executive Editor Kaustav Roy

Managing Editor Anish Miller

Assistant Editors Jenny Fernandes Bhushan Kadam

Visualizer

Art & Design Director

Associate Designer

David King

Amol Kamble

Iresh Mathapati

Senior Sales Manager Co-designer

Co-designer Karan Gaikwad

Business Development Manager

Kshitij S

Peter Collins

Marketing Manager

Sales Executives

John Matthew

David, Kevin, Mark, Vaibhav

Technical Head

Business Development Executives

Jacob Smile

Steve, Joe, Alan, Tushar

Technical Specialist Aditya

Digital Marketing Manager Marry D'Souza

SME-SMO Executive Prashant Chevale

Research Analyst Patrick James

Database Management Stella Andrew

Circulation Manager Robert Brown

Technology Consultant David Stokes

sales@insightssuccess.com April, 2019 Insights Success Media Tech LLC

Insights Success Media and Technology Pvt. Ltd.

555 Metro Place North, Suite 100,

Off. No. 22 & 510, Rainbow Plaza, Shivar Chowk,

Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com

Follow us on :

www.facebook.com/insightssuccess/

Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: +91 7410079881/ 82/ 83/ 84/ 85 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in

www.twitter.com/insightssuccess

We are also available on : Copyright Š 2019 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.


1

Cover Story

SECURITY

Security Control Ensuring Security Solutions for All Requirements

Our vision is for Industry and Government to have a single platform to maintain security clearances and requirements across all Agencies.

“

“


Paul J. Cella CEO Security Control, LLC

Jeanne A. Travis President Security Control, LLC


n an interview with Insight Success, the President of Security Control, Jeanne A. Travis and CEO, Paul J. Cella share their logic that showcases the composition of the organization ensuring compliance to various programs for their Clients. Security Control, LLC is a United States based leading, privately owned security software Company. It believes in risk, vulnerability, and threat management by utilizing the latest technologies for Industrial Security solutions. It offers a wide range of integrated service solutions to meet and satisfy specific security requirements of Clients while increasing efficiency and productivity.

I

Give a brief overview of the Company and its vision.

Below are highlights from the interview conducted between Jeanne A. Travis, Paul J. Cella and Insights Success:

We are a wholly owned subsidiary of IsI Enterprises that provides a wide array of services to Federal Defense Contractors and Government Agencies. In addition, we are working with two Government customers to create

Our vision at Security Control is to ensure that our Client’s security program has the tools necessary to be effective, efficient and compliant. We support companies with a service plan on the Cloud, via Amazon GovCloud (AWS GovCloud) or, as an alternative option, an on premises (On-Prem) environment that is fully deployed on our Client’s internal network. We accomplish this through a powerful software package called Security Control. This software package is developed by Facility Security Officers (FSOs) for FSOs.


Our strategic planning process is the key to successful business outcomes.

rentable Sensitive Compartmented Information Facility (SCIF) space for short term use. This allows our Client’s that do not have SCIF space, the ability to respond to classified Government Request for Proposals (RFPs) and other sensitive requests. What inspired Security Control (Sec-Con) to enter into its respective segment? Our Company started out using a competing software product which initially worked well for our Clients. As Government processes changed and our Company grew over time, the software we were using became ineffective with our Client’s needs and Government customer regulations. Therefore, this determined the development of our own unique software in order to be current and compliant with Government requirements. Furthermore, we included enhancements in our software so that it would be intuitive for our Clients to use. The software also assists in reducing labor costs through built in

workflow modules that facilitate and speed up employee interaction with their FSOs.

Ÿ

What are the cutting-edge products/services offered by Security Control (Sec-Con)? Our eight workflow modules provide automated notifications, management and tracking of employee security clearance needs, requests and requirements. These eight modules include the following features: Personnel – this module is for tracking all information regarding cleared personnel including multiple clearances, special accesses, and investigations, assignments such as badges, contracts, outgoing visits, safes /closed areas, and classified material. Also included, are extensive workflows and business rules so nothing is overlooked. Ÿ Contracts – this module is for tracking the details of each classified contract including the DD254’s, personnel assigned to the contract (past and present), classified materials held for each contract along with built in workflows for items, such as, reporting new contract awards or changes to existing contracts. Ÿ Facilities – this module is used to track details of the host facilities and other facilities including clearance verifications, Cognizant Security Authority (CSA), and the ability to initiate automated selfinspections and Facility Clearance (FCL) requirements.

Ÿ

Ÿ

Ÿ

Ÿ

Ÿ

Reports & Incidents – this module gives employees the ability to submit outgoing visit requests, report incoming visits, report foreign travel, as well as, report incidents, such as, suspicious contacts, security violations, insider threats, network and cyber breaches, as well as, self-reportable items, for example, arrests, drug use, DUI’s, bankruptcies, and wage garnishments. Incoming Visits – this module is for managing incoming classified visits at your facility giving you the ability to track dates, attendees, clearance levels and point of contact information. Outgoing Visits – this module is for tracking details of your companies classified visits to Clients sites and other facilities. This information includes dates of the visit, “to” facility details, clearance level, special accesses required, contract the visit is associated with, and ability to print VAR’s. Safes & Closed Areas – this module allows you to maintain detail information on your safes & closed areas but also track who has access, classified materials stored in each safe, or closed area and combination change information Classified Materials – this module is for managing and tracking classified material stored at your facility but also track custodians, safe assignments, and contracts the materials are associated with.


the most stringent U.S. Government security and compliance requirements.

We have not just created a powerful software solution, but where we have advantage over our competition is in our workflow modules, which are built into our software. As you can see in our testimonials, our Clients really find our software easy to use and extremely helpful in managing their security program.

With the growing competition, how does your Company ensure optimal efficiency for its Client’s?

Describe the experiences, achievements, or lessons learned that has shaped the journey of the company. As mentioned earlier, we initially started the business to assist FSOs and then further developed the software to enhance and improve managing this process for other Clients. The workflow modules make a large difference in keeping our processes current. We are always improving the needs our Client’s and their Customers, making them more productive.

Our software is the only product on the market that is hosted on the Amazon GovCloud and contains built in workflows to reduce labor costs and inefficiencies. Currently there are more than 420 Client’s actively using the software on a daily basis. Where does Security Control (SecCon) sees itself in the long run and what are its future goals? We see ourselves as the market leader. We believe it is in the best interest to support our Client’s by providing the best software and services that deliver the necessary documentation on cleared personnel for the Government to supplement their staff with Contractors. Testimonials by Clients

What are the current trends in Industrial Security and how is the Company accustomed to those trends? The current Industrial Security trend is moving from On-Prem to the Cloud. Amazon GovCloud was selected as it is the most reliable, secure, and economical route to go with any enterprise hosting option. We do offer an On-Prem option, but it isn’t necessarily better, as companies move to AWS to address

“Envistacom has contracted with Industrial Security Integrators (IsI) to help support our DSS personnel and facilitate our security needs. IsI has developed Security Control (SecCon) software/system where our employees have access to submit Visit Requests, Foreign Travel, and check details regarding status of their Security Clearance. As well as, our employees are able to view their records for training and special briefings that may be missing.

What strategies has Security Control (Sec-Con) undertaken to stay ahead of the competition?

We strongly believe in “Success lies in team work”. We dene path to follow the project needs and guide lines with our experience and project management.

As an FSO, I utilize Sec-Con to manage multiple facilities to keep track of the required DSS facility documentation (i.e., KMP Listing, DD Form 441 & 441-1, SF-328, appointment letters, self-assessments and DSS SVA), this eliminates the need to have paper copies. Sec-Con allows me to monitor personnel clearances, contracts, incoming and outgoing visit, incident report, and training. In addition, Sec-Con can be used to keep track of all classified documents, transmitted and destroyed.” - Robin Taylor, Envistacom “ACES Group evaluated several companies when looking for someone to support our Security requirements and IsI stuck out due to their responsiveness, knowledgeable staff and vision for automation that revolved around a modern web portal. After several years we can testify everything we saw when we first crossed paths with IsI has only gotten better. We have grown to view their team as are own. They are


among our most trusted inner circle advisors and we wouldn’t be where we are today without them. Their portal has gotten so good we are using it as the single authoritative source for our company’s most sensitive data – this is worth noting as our company’s core competency is developing web portals and automating business processes for the Department of Defense. Bottom Line: IsI delivers results in a complex, no-fail area for small businesses.” - Jason Marshall, ACES Group. About the Leaders It was during his days at SAIC, a company that provides integration of technology, systems, and operational solutions across a number of intelligence disciplines, that Paul J. Cella observed the sheer number of calls made by small and medium businesses seeking support in managing their security programs. Having spent almost two decades in the field of security operations and beginning his career in intelligence with the U.S. Marine Corps, Cella was well aware of the indispensable need for a sustainable company that can provide Facility Security Officer (FSO) and Personnel Security Services

for small to medium Cleared Defense and Intelligence Community Contractors. While still being employed with other companies, Cella, along with Jeanne A. Travis, started supporting a handful of Clients. These Client’s service needs varied from applying for Facility Security Clearances (FCL) to day-to-day security operations. The initiative started in Cella’s basement in 2010, which soon witnessed both its pioneers, completely dedicate themselves to growing IsI, and, in turn, Security Control, into the Companies they are today. With headquarters in Herndon, VA, IsI and Security Control are now the largest security service providers in the U.S. Numerous companies today rely on IsI for FCL and PCL service which is critical to establish a footprint in the Department of Defense (DoD) and Intelligence Community (IC) spaces while remaining compliant with Federal regulations. From its humble beginnings, IsI and Security Control have grown to manage all the security needs of its Clients while providing confidence that they will be in full compliance and at a reasonable cost basis. It is also one of the few companies in existence to be approved by the Federal Government to support all cleared defense contractors across the globe.


SUBSCRIBE

READ IT FIRST

TODAY Never Miss an

Issue

Yes, I would like to subscribe to Insights Success Magazine.

Global Subscription Date :

Name : Address :

Telephone : Email :

City :

State :

Zip :

Country :

Check should be drawn in favor of: INSIGHTS SUCCESS MEDIA TECH LLC

CORPORATE OFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone: (614)-602-1754,(302)-319-9947 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com


Maestros Insights About the Author Mr. Jay Klein drives Voyager Lab’s technology strategy and core intellectual property. He brings more than 25 years of experience in data analytics, networking and telecommunications to the Company. Before joining Voyager Labs, he served as CTO at Allot Communications where he steered Allot’s data inspection and analytics core technology offerings, and as VP Strategic Business Development at DSPG, where he was responsible for strategic technology acquisitions. He also co-founded and held the CTO position at Ensemble Communications while founding and creating WiMAX and IEEE 802.16. He also served as the CTO and VP of R&D at CTP Systems, acquired rst by DSP Communications and later by Intel. Jay Klein holds a BSc in Electronics & Electrical Engineering from Tel Aviv University as well as numerous patents in various technology elds.

AI: Artificial From

W

ith so much attention focused on Artificial Intelligence (AI), it’s worth remembering that one size does not fit all. There are specific business-related pain points in mind when a company decides to deploy AI technology, so making the right choices can be a tricky task. For example, several months ago, an AI related breakthrough was announced – a robot learned and demonstrated the ability to perform a perfect backflip. While it is well acknowledged that the invested research and development for this mission was huge and the commercial potential for some applications is enormous, it is somewhat unclear how this specific innovation or the core models and algorithms of it, can serve other industries and verticals. Herein lies the problem.

16

to Authentic

Gauging AI success in one field in many cases can be meaningless for another. To make things worse, even when trying to go deeper into the technology and attempting to evaluate, for example, which Machine Learning algorithms are utilized by the product, or what are the number of layers in the Deep Neural Network models mentioned by specific vendors, in the end it will be possibly pointless as it does not directly reflect the solution deployment ‘success’ implications. Nevertheless, it seems that the market ignores this reality and continues to evaluate AI-based products by buzzword checklists using familiar and related AI terminology (e.g.,

|April 2019


Supervised, Unsupervised, Deep Learning etc.). While checklists are an effective tool for comparative analysis it still requires the ‘right’ items to be included. Unfortunately, what typically is absent are the items which are important to the customer, from a problem-solution perspective. Introducing Authentic AI Given all of this, there is a need to change the narrative around AI technology and solutions to something meaningful and authentic that reflects the real-life challenges and opportunities that businesses are facing. This is the time to introduce Authentic AI. The Merriam-Webster dictionary defines ‘Authentic’ as both ‘worthy of acceptance or belief as conforming to or based on fact’ and ‘conforming to an original so as to reproduce essential features’. This is not about ‘Fake’ to be contrasted with ‘Real’. It’s about the essential features of AI which need to be acknowledged, and hence, redefine the ‘checklist’. Often, these essential ‘authentic’ features are hidden and only surface when a CIO/CDO is faced with a new problem to be solved. This is seen especially when the AI aspects of a proposed product or solution are fully explored by asking questions such as: - Is the AI technology utilized by the product aimed specifically for my problem, optimally (e.g., performance, cost, etc.)? - Is it capable of addressing the complete problem or only a part of it? - Can it be assimilated into the existing ecosystem without imposing new demands? - Can it address the compelling environmental conditions of the problem space?

These issues can be grouped into three different ‘classes’ ‘Original’, ‘Holistic’ and ‘Pragmatic’: Original – How innovative is the solution? This can be quantified by assessing the following: - the invention of new algorithms or even new models and - the use of complex orchestration techniques or - through the capability to handle complex data formats and structures.

|April 2019

While there is no need to re-invent the wheel repetitively for any problem, there are distinctive characteristics which require optimizing. Holistic – How complete is the proposed AI technology? It takes into account the capability of handling the end-to-end aspects of the solution, the competence of harmonizing the operation of the various AI components of the solution and the ability to adapt to ever changing conditions of the AI application. Pragmatic – Can the technology solve real world problems in their actual and natural space in a commercially viable way? This means that for example the data sources can be processed in their most native format (both unstructured or structured) as well as provide insights or results matching the pragmatic needs of the specific market expectations. In addition, the ability to be quickly deployed and rapid to act are assessed. All of these elements should be used to systematically assess and evaluate AI-based products and solutions to assess their authenticity and therefore effectiveness in specific use cases. For example, many home-loan mortgage evaluation and recommendation systems utilize a somewhat isolated machine learning based applicant classification method, one of many other processes included within the solution. The AI in this solution cannot be considered Authentic AI to a high degree as it ‘scores’ low on the ‘Original’ and ‘Holistic’ classes as it isn’t innovative ‘enough’ (from an AI sense). In addition, the AI component itself does not cover on its own the end-to-end aspects of the solution (hence affecting the overall performance and precision). It could be considered to be ‘Pragmatic’ to some level if it can handle the required data sources of financial institutions or the customer applications natively, and if the solution ‘output’ are the explicit results required as a specific recommendation (e.g., loan conditions). However, the deployment timeline (time-to-market) and commercial aspects need to be evaluated as well. This is just one example of many others, covering all kinds of variations. Perfect backflips may grant you a gold medal if you are a gymnast but if you are a master chess player don’t expect a winning move.

17


1 Kiana.io:

Augmenting Safety, Security, Awareness and Engagement

I

n an interview with Insights Success, Nader Fathi, CEO of Kiana, shares insights on how the company empowers businesses worldwide with accurate location and real-time footfall analysis to improve physical safety and security as well as proximity services. Also, he broadly discusses on the company’s core competencies and the services it offers. Below are the highlights of the interview conducted between Nader and Insights Success. Give a brief overview of the company and its vision. Kiana enables enterprises to be more effective by providing the required process and effective tools to create a safe and secure environment. To date, Kiana has processed more than 490 million unique wireless device IDs across 50 countries worldwide, driven by adoption of the company’s IoP (Internet of Persons) technologies, used for greater security and visitor engagement across an array of industry use cases. The platform’s universal device detection recognizes all mobile devices and wearables – connected, detected, Android, and iOS – enabling companies to determine recognizable, as well as potentially undesirable, visitors. In 2018, Kiana was awarded two important patents by the United States Patent and Trademark office. The patents cover technologies powering KianaSecure and KianaEngage, which detect and analyze tens-of-thousands of visitors per day, making the cloud-based software ideal for corporate campuses, convention centers, airports, malls, and other large venues. Next in Kiana’s roadmap is leveraging the power of 5G, the next-generation of mobile networks beyond the 4G LTE mobile networks of today. What inspired Kiana Analytics to enter into its respective segment? What we saw on the rise was; internal or external physical threats in corporate campuses, hospitals, schools, arenas and other public areas; corporate compliance regulations and insurance premiums for workplace safety; data Integrations from disparate building management systems; stricter & rapidly changing security regulations; and 18

mergers/acquisitions to enable full-stack security solutions for business process/building management. In the other hand there were various aspects that were declining including; cost of video surveillance equipment; desire for stand-alone building management use-cases; and non-IP cameras. These were the trends that inspired us to enter the physical security and safety segment. What are the cutting-edge products/services offered by Kiana Analytics? Kiana offers two cloud-based solutions, Kiana Engage and Kiana Secure. These solutions use patented technology to assist clients with the management of threats. Kiana Engage collects and evaluates data on the people in a specified location by leveraging real-time location services. This can help organizations direct individuals to their nearest exit based on their position, resulting in the efficient evacuation of the building in case of emergencies. Kiana Secure makes the current infrastructure of a building smarter without replacing any of the existing hardware. By leveraging forensic analytics, the solution combines video streams with location analytics to provide vital information for crime scene investigations. What strategies has Kiana Analytics undertaken to stay ahead of the competition? Kiana is the only commercial solution that detects both logged and unlogged mobile devices and has fused camera images with WIFI signals. Plus, it makes our customers successful with our solution and continues to develop breakthrough technology and protect those innovations by filling US Patents. Moreover, it expands Kiana’s customer base in North America and worldwide. Kiana also forges a worldwide partnership with leaders with the sensor, WiFi, Bluetooth and camera manufacturers, system integrators and telcos. Describe the experiences, achievements or lessons learnt that has shaped the journey of the company. According to Gartner Report, Kiana was included as a |April 2019


“Kiana is the Security & Safety Fabric for the Internet of People (IoP).

— Nader Fathi CEO

Tech Center in Silicon Valley. He is currently on the advisory board of Glassbeam, Machine-to-Machine analytics. representative vendor in Gartner’s Market Guide for Indoor Location Application Platforms in Oct 11, 2018. As per the DHS Award, as part of the Silicon Valley Innovation Program (SVIP), the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) awarded Kiana two projects to develop technology to enhance the U.S. Customs and Border Protection counting and measuring capabilities at ports of entry. The information provided by the Telco Innovation Award states that Kiana has received the “Rocket to Success” Award at the Telecom Council’s 2018 Innovation Showcase between other 150 companies who applied. The company was recently selected by Verizon’s 5G First Responder Lab to develop next-generation technology for the first responders. Where does Kiana Analytics see itself in the long run and what are its future goals? We see new companies driving the multi-billion dollar service economies. For example, Airbnb is the world’s largest accommodation provider, and owns no real estate. Uber is the world’s largest taxi company and owns no vehicles. Facebook is the world’s most popular media owner, and creates no content. Kiana will be the world’s first IoPsec (Internet of People Security) framework, owns no security infrastructure.

Nader has coached Big Data companies in various vertical markets including sports, retail, finance, health/fitness, and environmental analytics. Previously, Nader held executive positions at IntraStage, IKOS, Cadence, and Daisy systems. He started his career as a software and chip designer at Xerox Microelectronics. Nader holds a bachelor and masters in electrical engineering from the University of Southern California and completed his coursework toward a Ph.D. Clientele Assessments “What we like is Kiana’s software-only solution that uses existing infrastructure to capture data from disparate systems, and brings it to a central location to identify desirables and undesirables. In the case of an Active shooter in workplace, it can send a mass notification to the device to tell staff what to do or what is going on. This can save lives” – Head of worldwide security for a global corporation “We have only scratched the surface of what we can do with our visitor analytics the Kiana system allows us to capture. We are achieving a very fast ROI from it.” – CIO of Large Amusement Park

About the Leader Nader Fathi is a serial entrepreneur and veteran of the Big Data and IoT industry. He was CEO of SigmaQuest, a Big Data for Supply Chain solution, which he co-founded in 2002. Nader mentors and advises startups as the Executivein-Residence (EIR) at the University of Southern California Stevens Institute for Innovations and the Plug and Play

|April 2019

19


Digital Revolution

Data Center Security: Controlling Possible Threats

T

he rise in cyber-crimes is one of the main causes of Data center outages. As per the recent survey conducted by industry insiders, cyber-crime caused 22 percent data center outages in 2015 opposed to 2 percent outages in 2010. Adding to all these, now most of the data centers are re-evaluating their security policies after the recent WannaCry ransomware attack. Data center outages cause companies to loss revenue in many ways. However, the costliest loss is service interruption and loss of IT productivity. So, the organizations are now realizing that traditional security is no longer secure enough to secure any data center. A recent study has found that 83 percent of traffic travels east/west within the data center, which stays undetected by the perimeter security. In this environment, when an attacker infiltrates the perimeter firewall, then can jump across the system with ease, extract information and compromise valuable data. Additionally, data centers can fail due to trespassers or a terrorist attack or by natural calamities. So, how can one secure a data center in the best way possible from any kind of cyber threat? Don’t worry we’ve got you covered, with the points below. As the first step, one should Map the Data Center and flag the hackers within the virtual and physical infrastructure. The CSOs and CIOs with a system map of their systems can react to any suspicious activity and take steps to stop data breaches. Being able to visualize different traffic patterns within a network helps to understand threats, that eventually elevates the level of security. Understanding and measurement of traffic flow within the data center boundary are very important. In the case of

22

any interruption in traffic across east/west vs north/south, protected vs unprotected one can get to know about a threat. Additionally, vulnerable zones and unprotected traffic need to be monitored for a better result. Firewall rules need to be defined and implemented as per requirements. Additionally, one should allow traffic only after thorough verification and selectively allow communication to ensure maximum protection. The key is to identify, what;s legal and secured and what can be blocked to enhance security. One needs to Build a Team with executives who understand how traffic flows within the premises and can access & secure information, take necessary measures to secure important assets along with the implementation of roadblocks for the attackers. Security must move as fast as a data center’s technology adoption and integration. Security Strategy Should Change Alongside the Technology and it should not be treated as an add-on option. Additionally, businesses also should ensure that their virus protection, signatures other protection features are up to date for better protection. Businesses should Identify and Place Controls over highvalue assets, which will help to reduce risk. However, older security solutions are completely blind to new threats, new security companies have produced latest solutions that protect data in the virtual world. Access Restriction also needs to be imposed. Every business should thoroughly check a person’s background before giving the access to a prized possession. Access to the main site and the loading bay must be limited,

|April 2019


additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to safeguard the employees and the data center. Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other than administrative purposes for better security. A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked thoroughly. Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit the impact of a terrorist attack. Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance footage helps when it comes to securing a data center. Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters. To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with lesser outages.

|April 2019

23


1 MetaCompliance: Resolving Data Breaches through a One-stop-shop Management Solution

e live in a world where a digital presence is considered a necessity. Be it an individual, entity, solution or company, the digital identity has become a standard to analyze social existence. Although this digital identity and presence is significantly beneficial, it is vulnerable to outside attack.

W

MetaCompliance’s cloud-based software is recognized for its flexibility. Not only has it enabled the organization to solidify its position in Ireland and the UK, but it has enabled it to seal new business in other regions across the globe including North America, Latin America, AsiaPacific, and the Middle East.

Despite having the most secure structure in place, cybercriminals will often gravitate towards the weakest point in a company’s defenses, which is often its employees. This has demonstrated that staff are the key element that need to be strengthened and helped.

A Comprehensive Suite of Products and Services MetaCompliance’s visually engaging and user-friendly product range combines eLearning, simulated phishing solutions, policy management, incident management and GDPR to create compliance and security awareness within organizations around the globe. The company’s product list includes:

Founded with the vision to help organizations keep their staff safe online, secure their digital assets and protect their reputation and brand, London based cyber security specialist MetaCompliance has created a product range that addresses the specific challenges that arise from cyber threats and corporate governance. Its one-stop shop platform for staff awareness and privacy provides the highest quality cyber security and compliance content available on the market. The cloud-based platform provides customers with a fully integrated and multi lingual suite of compliance capabilities that includes policy management, e-learning, simulated phishing, incident management and privacy management, all of which can be purchased on a modular basis or as a complete system. Its ease of use, engaging user experience and regularly updated content ensures staff satisfaction; and enables cyber and compliance professionals to easily track implementation progress and demonstrate ongoing accountability. Evolving Transition Having started out as a company dealing in physical off the shelf products, MetaCompliance made the transition from physical to digital and its products are now hosted on its innovative cloud platform. The cloud platform combines the key pieces of software functionality needed for companies to stay cyber secure and regulatory compliant. 24

MetaLearning MetaLearning Fusion is the next generation of eLearning. It’s been specifically designed to provide the best possible Cyber Security and Privacy training for staff. It enables organizations to build tailored courses for their employees from an extensive library of short eLearning courses. The courses are easy to create and can be personalized and branded to make the content more relevant to staff. MetaPhish The company’s MetaPhish solution provides customers with a powerful defense against phishing attacks by training employees how to identify and respond appropriately to these threats. MetaPhish enables organizations to find out just how susceptible their company is to fraudulent phishing emails and helps identify users that require additional training. MetaPrivacy MetaPrivacy is an automated best practice approach to data privacy compliance and helps organizations streamline their GDPR requirements. The platform provides management dashboards and a detailed reporting structure that allows Data Protection Officers to easily track implementation and demonstrate ongoing accountability.

|April 2019


“Our innovative cloud platform provides a

one-stop-shop management solution that helps organizations keep their sta safe online, secure their digital assets and protect their reputation and brand.

— Robert O’ Brien Founder & CEO

Policy Management The MetaCompliance Policy Management software contains all the key elements required to automate, deliver and manage the policy management life cycle. It enables organizations to enforce and sustain compliance and information governance communications that develop an educated and vigilant workforce. MetaIncident MetaIncident provides a platform for staff to report any cyber security issues enabling organizations to respond to the reported incidents in a timely manner. Instrumental Leadership Robert O’ Brien is the Founder and CEO of MetaCompliance. He has been instrumental in driving the business forward and ensuring the company remains at the forefront of innovation. With more than 30 years’ experience in the IT industry, Robert is a serial technology entrepreneur with a wealth of experience in executing and developing strategies for high growth businesses. Committed to Innovation MetaCompliance’s commitment to innovation, and the development of a product range that meets and exceeds the needs of organizations around the world has enabled it to stay ahead of the competition. The company designs its entire Cyber Security eLearning catalogue using its inhouse design team and releases new titles every 3 months to ensure that customers are receiving the most up to date and relevant content available.

compliance, and by having a clear focus on its customers, MetaCompliance will continue to develop innovative and cost-effective products that will reinforce its local and global offerings. Client Admirations “We have been using the MetaCompliance bundle package for the last couple of months and we are very happy with the package and the support from the company in accessing and using their portal. I can honestly say that since we started using MetaCompliance, we have raised security awareness within our company on a major scale. The content is relevant, informative and interesting for the end user. I would happily recommend MetaCompliance to other organizations.” - Maxol Group – Oil Group “Since we started using the MetaCompliance software, we have noticed a number of benefits including; increased staff awareness, greater reporting, better employee engagement and a more interactive delivery of security awareness training. I would have no hesitation in recommending MetaCompliance and feel the benefits we have felt from acquiring this service would also benefit other organizations.” - Viridian – Energy Company

Reinforcing the Local and Global Offerings As challengers in the industry, the company consistently strives to create the best offering in cyber security and

|April 2019

25


Leadership Viewpoint

Challenges in Cloud Computing T

he Clouds keep rolling in for enterprises. In the 2018 State of the Cloud Survey performed by RightScale, they found that 96% of respondents now use the public, private, hybrid, or a mix of cloud computing models. To add some additional complexity to the mix, from the same survey, organizations are already running applications in 3.1 clouds and experimenting with 1.7 more for a total of 4.8 clouds.

2

Businesses report the key advantages of moving workloads to the Cloud are flexibility, agility, easy access to information, and cost savings. All of these great advantages though come with a price. Just like any migration project, there are a lot of moving pieces and a lot of places a company can run into issues. There are really three silos of challenges that both cloud migrations and operating in the Cloud fall into. 1 Planning – Without a well thought out plan, your migration is destined to have a rocky road to operational readiness. 2 Risk Mitigation – It is key to understand all the risks, technology and business, that moving and operating in the Cloud creates. Adding risk mitigation to your initial plan will help ease the transition and make a surprise free environment when services go into production in the Cloud. 3 Governance (Cost and Security) – The ease of use, agility, and elasticity of the Cloud are great benefits, but, they can also lead to runaway costs and a lack of adherence to security best practices.

This is also a good time to start reviewing Cloud service providers that may fit the requirements of your applications, your infrastructure, and your budget. 3

Migration Planning Now that we know what we are moving and where it is moving, we can start to put together a plan. During the migration planning phase workloads are prioritized for the order they are going to be moved, a budget is put together, a business case is made for each workload that is to be moved, and pilot migrations are performed where further design, performance, or reliability testing is needed. Once this stage is complete, a full migration roadmap along with buy in from all the interested parties within the organization should be secured.

4

Migration and Testing Once a workload is migrated, full testing should take place. Testing for performance, load, security, resiliency and reliability should be performed. This is one of the most critical steps. It is much easier to mitigate issues BEFORE going into production.

5

Go Live This is probably the shortest but scariest part of the process. After all the hard work, the plug is pulled on the original system and the new system in the Cloud goes live. All support processes should be transitioned to support the new cloud infrastructure and all documentation should be updated. After any issues are

At CCSI we break the migration and operation in the Cloud into 5 key areas. 1

26

Discovery It is a critical start with a full understanding of what exists in the environment today. All applications, services, and supporting infrastructure should be inventoried and documented. This will ensure nothing gets left behind and that there is a clear understanding of the current steady state infrastructure.

Assessment Once a complete inventory is created, each application and service can be evaluated to determine if it should be moved to the Cloud. If it is to move, is it best suited for public, private, or hybrid deployment or would it be better to move to a SaaS (Software as a Service) solution. Perhaps it can be decommissioned because there are duplicate services, or it is not being used anymore. It may also be determined that the application or service is not a good target to move. Perhaps it is a legacy application that can’t support more modern infrastructures.

|April 2019


About the Author Joe Goldberg is the Senior Cloud Program Manager at CCSI. Over the past 15+ years, Joe has helped companies to design, build out, and optimize their network and data center infrastructure. Joe is also ITIL certified. Joe can be contacted via Twitter handle @DevOps_Dad or by email jgoldberg@ccsinet.com.

Joe Goldberg

Cloud Program Manager

CCSI

ironed out, a post migration review is always valuable to see if there are any ways to improve the migration process for the next workload. Now that your organization is officially “in the Cloud”, the challenge of governance begins. For effective cost control in cloud computing services, it is important to understand the different factors that impact an organization’s cost. Cloud cost management tools should be used to help discover the source of these inefficiencies. Unplanned costs are often due to a lack of visibility of current consumption and past trends. When organizations used on premise infrastructure, they financed it with fixed upfront CAPEX investments. Cloud consumption is an OPEX subscription model based on utilization. A shift in the approach to operational management is now needed. Optimizing for cost is as important as optimizing for performance. Cloud-based governance tools can track usage and costs then alert administrators when costs are greater than budgeted. These same tools can be used to ensure corporate security policies are being applied to all workloads and that best practice security frameworks like Center for Internet Security (CIS) are being applied.

models deliver the best results and have adequate planning in place - but it’s not easy. About CCSI For more than 40 years, Contemporary Computer Services Inc. (CCSI) mission has been to help solve modern business challenges with technology solutions that optimize cost, reduce risk, simplify operations, and increase performance. CCSI provides the highest quality of service in the industry for the full spectrum of technologies–from containers to PCs, network infrastructures, managed services, IP telephony, cybersecurity, cloud services, SD-WAN, to storage solutions. At CCSI, we believe that technology exists to make our lives - and our businesses - simpler, more productive, secure, and ultimately more profitable. Let’s Grow Together. Learn more at www.ccsinet.com.

As cloud services move deeper into the organization, it’s as important as ever that technology leaders make informed decisions about which products, services, and payment |April 2019

27


1 PDFI:

A Reliable Provider of Defensible and Accurate Digital Forensics Solutions

F

ounded in December 2016, Precision Digital Forensics, Inc. (PDFI) provides strategic consulting, data recovery and investigation, and managed data services to commercial, non-profit, and government organizations. The strength of PDFI lies in developing and delivering innovative solutions and services and an out-of-the-box approach that addresses today’s digital evidence and electronic data challenges. Its solutions mobilize the right people, skills and technologies adding value to customer operations, increasing their capabilities, and enhancing their ability to complete their missions. PDFI are proven performers in solving mission critical and complex technological and data management challenges. As a CVE certified Service Disabled Veteran Owned Small Business (SDVOSB), PDFI is committed to good professional practice and to providing the highest quality and best valued innovative solutions and services on the market today. The company accomplishes this through reliably delivering timely, accurate, and thorough results, remaining compliant with industry accepted best practices and standards, and continually improving its business processes through communication, education, innovation, and technology. Inspiration behind the Inception After working in the digital forensics industry for almost two decades, the Founder of PDFI Clayton D. Schilling witnessed firsthand the out of the control growths in data and the accelerated technological evolutions that are now plaguing the digital forensics industry. The reality is now, there is just simply too many devices and too much data to collect, process and analyze everything. Practitioner, investigators, and legal teams need to change the way they think, start leveraging technology to their advantage, and focus their examination efforts on relevant digital evidence and electronic data only. Realizing the absence of suitable solutions and services, he decided to build an agile company that could flex with industry changes, grow as needed to meet demand, and provide innovative solutions and services to help its

30

customers manage today’s ever-growing challenges associated with the rapid advancement and proliferation of digital devices. “The key is being able to take off the blinders and think outside the box. Leveraging technological advances and improved examination methodologies, such as automation, AI, and triage will be needed to keep pace with the fast-evolving digital landscape.” says Schilling. According to research, the digital forensics market is expected to grow at a compound annual growth rate (CAGR) of 15.9% through 2022; and PDFI is strategically poised to address this growth and help its customers navigate its challenges. All-inclusive Digital Forensics Solutions PDFI technology experts and forensic professionals analyze, research, design and implement solutions in the areas of: Strategic Consulting Services PDFI powered strategic consulting services focus on integrated solutions designed to enhance supported client’s operational and technical performance. By incorporating industry best practices into organizational business processes and management strategies, PDFI helps supported clients stay ahead of the competition and better serve their customers. PDFI consulting services include: Ÿ Business Strategy & Planning Support; Ÿ Strategic Change Management & Facilitation Support; Ÿ Process Development and Assessment Services; Ÿ Training Data Recovery and Investigation Solutions and Services PDFI solutions leverage innovative technologies, automation, Artificial Intelligence (AI), and digital forensic industry best practices to provide efficient end-to-end data collection, preservation, processing, and analysis solutions for criminal and civil investigations, eDiscovery, post intrusion incident response, and intelligence collection missions. By incorporating PDFI’s creative solutions, industry accepted digital forensic best practices, and

|April 2019


At PDFI, we are committed to good professional practice and to providing the most innovative, highest quality, and best valued solutions and services on the market.

— Clayton D. Schilling President & CEO

international quality standards, PDFI ensures the timely production of defensible, accurate, and reliable high-quality deliverables. PDFI services include; Ÿ Computer Forensics / Media Exploitation Ÿ eDiscovery Ÿ Mobile Device, Tablet and UAS Forensics Ÿ Incident Response / Network Forensics Ÿ Audio / Video Forensics

pace with today’s ever-increasing digital volume,” says Schilling. In the near future, PDFI envisions building a 5000 sq.ft full service digital forensics laboratory in Northern Virginia and getting it accredited under ISO/IEC 17025; a move that will place it among only a handful of private accredited providers in the world .

Managed Services PDFI managed services focuses on providing resources and innovative solutions that help supported clients improve and streamline their operations and cut expenses. By incorporating PDFI’s managed services into business processes and management strategies, PDFI helps organizations stay up-to-date on technology, gain access to current skills, and address issues related to cost, quality of service, and risk. PDFI services include; Ÿ Data Storage / Digital Evidence Management Ÿ Business Process Outsourcing Ÿ Resource Management Ÿ Technical Support

Excellence Personified Clayton D. Schilling is President and Chief Executive Officer of Precision Digital Forensics, Inc. He is responsible for leading the development and execution of the Company’s short- and long-term strategies with a view to creating innovative defensible solutions and exceptional customer value. A proven industry leader, with extensive experience in digital forensics operations and organizational management, Mr. Schilling has worked in, managed, and assessed accredited laboratory environments and has built local and regional federal and private digital forensics laboratories and programs from the ground up.

Future Aspirations PDFI’s goal is to be the company that best understands and satisfies the digital forensics and digital evidence management needs of supported clients world-wide. This means being the best in terms of customer value, customer service, employee expertise and competence, innovation, and providing impartial, accurate, and defensible solutions and services consistently. With that in mind, PDFI has developed innovative solutions that not only enhance digital evidence management capabilities, but also improves examination methodologies using automation and AI to reduce collection overages, improve processing turnaround times, and significantly reduce digital evidence backlogs. “At PDFI, we strongly believe technological advances and improved examination methodologies are needed to keep

Mr. Schilling has spent more than 27 years supporting federal law enforcement beginning his career as a U.S. Army Criminal Investigation Division (CID) Special Agent, joining the Drug Enforcement Administration’s (DEA) Digital Evidence Laboratory as a Group Supervisor after retiring from the military, and in April 2012, joining CACI, Inc. as Forensics Senior Manager and Laboratory Director of the CACI Digital Forensics Laboratory (CDFL); a full service ISO accredited facility he built from the ground-up. He is a certified ANAB Digital Forensics Technical Assessor and has assessed federal, state/local, international, and commercial digital forensics operations and was the first and only digital forensics practitioner to sit on the ASCLD/LAB Board of Directors, prior to its merger with ANAB in 2016.

|April 2019

31


Editor’s Pick

Migrating the

Data Warehouses into the

Cloud T

he cloud has now become a well-established deployment option for business applications. It provides an exceptional ground for grounding the business intelligence systems, as it provides business agility, scalability, and lowers the total cost of ownership. So, it is a little uncharacteristic that although most applications have migrated to the cloud, data warehouses the fundamental of any business intelligence structures - are still mostly on proposition.

There could be multiple business users and business units who are using the data. We can also ease out the migration process by prioritizing and breaking down the whole data warehouse into significant business process subject areas. Select the right cloud vendor for your warehouse

Of course, that's not entirely surprising given that businesses have invested heavily in an on-premise data warehouse technology, with strong concerns about protecting sensitive data. Being seamless, migration of the data warehouse to the cloud must ensure that additional cloud security measures are addressed.

There are numerous cloud providers out there in the market. Amazon, Google Cloud, Microsoft Azureare some of the market leaders in among cloud solution provider’s industry. Based on the outcome of the classification of the existing warehouse, we must create a matrix of the functionalities required vs. existing features in respective cloud provider’s environment and then make the final choice. Of course, the monetary expenses also play a vital role in making this decision.

Steps required to be supervised while migration of the Data Warehouses

Identify technology choices depending on there siliency of concept projects

Characterize the current data warehouse along multiple dimensions

Choosing the appropriate database technology for hosting the warehouse is the most important technology decision to be made. You are required to identify the queries symbolizing the typical workload based on performance tests. The factors needed to be considered while making this decision are:

Detailed analysis should be carried out to cover the sensitive data aspects very carefully. It should be taken under consideration on what options are provided by the cloud vendor, and what are the organizational needs for the confidentiality. Thorough analysis of the regulatory standards must be carried out.

32

Data types needed by the application Ÿ Ÿ

Database technologies available from the cloud provider Database features required |April 2019


Number of concurrent users Performance needs etc. The compute and the storage necessities will decide the infrastructure needed for hosting the data warehouse.

is desirable to run the modeled data migration project in parallel with the legacy system so that it is easier to test and determine the success of the migration. The migration and extraction needs to be setup in a repeated manner so that in case there are some concerns with the migration, it can be re-processed.

Preparing a surefire migration plan

Test the success of migration

Preparing a well thought out project plan is certainly crucial for a successful migration. You must primarily involve business users in the entire decision making and project plan. They should be fully aware of the migration strategy and in fact they must contribute in testing the new system.

In the primary stage of the data migration, we typically test and compare one or several sample queries and data sets. In addition, we would like to commend comparison of row counts of objects, min and max values as well as sample data row assessments. Outlining the success criteria for the migration and testing is of greatest importance to ensure long term success of the cloud data warehouse. You also need to reassure that incremental data loads work correctly throughout.

Ÿ

Real-time data processing needs

Ÿ Ÿ

Infrastructure readiness Most data warehouse projects on the cloud are required to set up a VPC. A VPC houses the entire production warehouse setup. It is very important to create corresponding environments for development, UAT and QA to ensure smooth operations of the systems. Set up access control and security on each of the environments. Also lay out the complete architecture beforehand. Complete the migration Migration embroils initial movement of the old data followed by the incremental tug of the data from the various sources. A thorough description needs to be in place that plots the source data elements to the target data elements. It |April 2019

Conclusion Nowadays, there has been a lot of support for data warehouses in the cloud. Moving data warehouses to the cloud is yielding real business benefits, since many vendors are expanding the breadth and depth of services for warehousing and analysis of the data. However, migration is not exempted of challenges. Make sure you think through all the different aspects of data warehouse migration and then come up with an infallible plan to address those challenges. 33


CXO Standpoint

Leverage Existing

SAP Solutions

with Cloud Procurement

C

ompanies that have already invested in SAP find that they can achieve even better results from their existing investment with cloud technology and eProcurement. After the initial investment, companies find certain roadblocks preventing mass user adoption and diminishing cost savings. Issues such as inability to stay connected, lack of insight into data, and complex and fragmented business rules stop businesses from using the full power of SAP. As cloud application technologies advance, companies gain the benefits of rapid deployment cycles, increased self-service tools, and faster performance. Vroozi delivers on the promise and power of eProcurement in the Cloud with seamless integration into SAP. SAP users looking to the cloud generally face a few questions, including: · How can I benefit from using cloud procurement? · Will my transition to the cloud be cost-effective? · How will my business processes be affected by cloud technology? To understand the benefits of cloud technology to existing SAP users, let’s evaluate three procurement strategies that highlight the power of cloud procurement. Value Realization Return on Investment (ROI) is a central factor in any

36

procurement strategy. Buyers and trading partners of cloud procurement solutions need to feel confident that solutions will lead to cost savings and higher productivity and efficiency. Users quickly see returns by focusing on user adoption, compliance, and spend management. Spend Management allows companies to visualize purchasing spending patterns and usage and drives employees to leverage preferred pricing with contract suppliers. To increase user adoption and compliance, the cloud empowers a mobile workforce with the right resources and experience so everyone stays connected and available so that business is not disrupted. As user adoption and compliance frameworks increase with cloud-based systems, organizations gain immediate cost savings in procurement by decreasing transaction costs and preventing spend leakage with your supply chain. Efficiencies Process efficiency is key for a successful, healthy business. Cloud technology enables better processes by keeping everyone connected through a mobile experience and automating transaction tasks through the use of machine learning and pattern matching. With a centralized, unified system, cloud automation can yield immediate benefits in requisition to invoice and payment business processes and reduced errors and issues leading to higher productivity and decreased processing costs. Further, by allowing employees

|April 2019


to interact with cloud procurement via smart Phones and tablets, business can continue to move with efficiency and speed. IT Cost Savings Perhaps no determinant is more important in realizing the benefits of cloud technologies versus traditional on premise software is in IT Cost Savings. Systems and applications which required large physical infrastructure and monetary investments can now provide inexpensive and scalable solutions through the Cloud and cloud infrastructure providers. A procurement solution that integrates with SAP is easier to access, less expensive, and takes a fraction of the implementation time companies once faced with traditional software solutions. Cloud technology relieves the user of hidden costs such as hardware, consultants, infrastructure, maintenance, and costly upgrade cycles, providing lower risk and lower total cost of ownership. Conclusion The cloud offers little upfront expense, automatic upgrades, and pre-integrated best practices which allow organizations to focus on business growth and improved operating margins. Vroozi’s eProcurement solution that takes SAP solutions to the cloud empower users with better returns, better processes and higher savings, so their overall SAP investment’s ROI is accelerated. According to IDC, spending on Cloud computing is growing at 4.5 times the rate of IT spending since 2009 and is expected to continue growing at more than 6 times the rate of IT spending from 2015 through 2020. (via Forbes) This massive growth is easily understood when businesses understand the power and value of cloud solutions. With the Vroozi Platform, companies can take advantage of robust eProcurement technology delivered in the Cloud and integrated seamlessly with SAP.

|April 2019

Brad Hill Director of Global Sales & Marketing Vroozi Brad Hill, Director of Global Sales & Marketing of Vroozi is a passionate leader and is responsible for expanding the Vroozi Product Suite, Brand Adoption, Partnership Network & ensuring our customers receive an unparalleled experience with Vroozi. Brad spent the last 20 years building Enterprise Sales and Product strategies with leading IT Services organizations. His entrepreneurial strategies have served a vast number of Fortune 500 industries and verticals. He is also an aspiring mechanic and frustrated golfer, two good reminders to keep his day job.

37


1 Secucloud GmbH: The Cyber-Security Expert

H

eadquartered in Hamburg, and represented in USA, India, Latin America, Southeast Asia, Africa and Middle East, Secucloud GmbH is active worldwide as a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform for clients. Founded in 2013, the company is led by a team of managers and experts on network security with international experience. Right from the start, Secucloud solutions were conceived as purely cloud-based, enabling customers to take direct advantage of the elasticity of the cloud and flexible consumer offerings for the benefit of their own business models. Secucloud’s Elastic Cloud Security System (ECS2) enables a wide range of markets and target groups (mobile communications & landline consumers, small businesses & home offices, SMEs) to enjoy the benefits of enterpriselevel security solutions. This innovative platform does not require any special hardware or proprietary appliances, scales automatically, and is capable of supporting more than 100 million users and their connected devices. Solutions that Keep Cyber Crime at Bay The technological core of Secucloud’s solution is the Elastic Cloud Security System (ECS2). Here, the platform combines a variety of powerful enterprise-grade security mechanisms like sandbox technologies, deep packet inspection as well as IDS and IPS systems to analyze incoming data streams and test their harmfulness – in the cloud and therefore separated from the customer’s systems. Thus, there is no longer any need to deploy a local security solution. The advantage of this is obvious: No performance losses on the edge device, no need for constant updating and maintenance of an onsite installed security solution. On the one hand, the company’s offering is directed at telcos, which can implement its solution directly in their infrastructure and then provide their customers with its highperformance security in the form of a subscriptionbased service. Since Secucloud’s solution provides almost 38

unlimited scalability, even large customer bases of 100 million users and more can be protected at the same time. On the other hand, the organization also offers a managed service in the B2B segment, in the form of “Secuscaler”. Secuscaler enables vendors and resellers in the firewall-asa-service business to act as Managed Security Service Providers (MSSPs) and provide small and medium-sized businesses with a suite of powerful security technologies that scale as needed and stay up-to-date without any maintenance. Tech Expertise Ensuring Success Dennis Monner is the Founder of Secucloud and serves as its Chief Executive Officer. He is a true technology entrepreneur: He was also the founder and chairman of the executive board of the IT security manufacturer gateprotect, which was aquired by Rohde & Schwarz Cybersecurity in 2014. Under his direction, the company was able to outperform 500 international competitors and is considered today to be among the top 10 in the industry, ranking in the Magic Quadrant by the Gartner consulting firm. Fostering New Innovations Secucloud believes that, in order to successfully fight cybercriminality, security providers must display a very high level of innovation. In that regard, the company is certain that the cybercrime industry is its true competition. Secucloud is continuously competing against hackers and criminals in a struggle to outdo one another by harnessing the latest state-of-the-art technology. In order to stay ahead in this everlasting race, evolving technologies and fostering innovation has to be at the center of the organization’s work. For example, it is currently working on ways of utilizing artificial intelligence in the form of neural networks to classify network traffic. A neural network would be ideal to recognize and identify the continuously changing and evolving harmful data streams on the Internet – not based on known attack patterns, but rather thanks to a true understanding of the difference between good and bad network traffic. |April 2019


With many years of experience in the global cloud security business, Secucloud is an international provider of innovative cyber-security solutions, offering global clients a powerful, cloudbased security-as-aservice platform.

Dennis Monner founder & CEO

Evolving with Changing IT Landscape According to Secucloud, the IT landscape has been changing rapidly for many years now, as has the security threat landscape. Thanks to digitization, internationalization and the increasingly widespread use of IoT and mobile devices, today’s corporate networks are more complex than ever. And with that, the task of ensuring protection against hackers and industrial espionage are also becoming more and more complex. By accompanying its clients through these ever-changing times, Secucloud has always been able to stay at the forefront of the latest technological developments and contunualy adapts its portfolio accordingly. For example, one of the most important current technology trends that will revolutionize the market in the near future is the Firewall as a Service (FWaaS). As early as 2017, Gartner included the technology in its hype cycle, calling it one of the emerging technologies (“on the rise”), and gave it a ‘high’ benefit rating. Even then, Gartner named Secucloud as one of the few vendors for this emerging technology trend. With Secuscaler, the company has been able to tap into a further field of application for its innovative cloud offering and to provide the customers with a turnkey solution for this major future technology today.

Client Feedback “Given the sheer number of connected devices in companies and households, it’s simply not possible to provide an appropriate level of protection on the individual device level,” explained Saud Bin Nasser Al Thani, CEO of the Ooredoo Group. “Instead, efficient protection today needs to be integrated natively into the network. And that’s exactly what we’ve found with the German security specialist Secucloud.” “What VinaPhone customers needed was a security solution that provided reliable protection simply and effectively while they were using the net”, said Tuan Nguyen, CEO at VKAS, a business partner of the Vietnamese telco VinaPhone. “And that’s exactly what we’ve been able to find with the Secucloud solution. Another benefit is that the solution enables VinaPhone to handle peak user traffic, even several million customers simultaneously, with no negative impact on performance. We’ve chosen a solution that’s capable of supporting the future evolution of the telco and that is flexible enough to grow along with the company.”

Backed by the experience gathered on its journey so far, Secucloud’s goal is to always stay ahead of upcoming trends and further affirm its market position as the ideal solution provider and consulting partner for any organization that wants to provide their users with a powerful protection technology adequate for today’s requirements.

|April 2019

39


Profile for Insights Success Media

The 10 Most Promising Enterprise Security Solution Providers 2019  

Recognizing the renowned enterprise security solution providers, Insights Success has enlisted “The 10 Most Promising Enterprise Security So...

The 10 Most Promising Enterprise Security Solution Providers 2019  

Recognizing the renowned enterprise security solution providers, Insights Success has enlisted “The 10 Most Promising Enterprise Security So...

Advertisement