1 / 52

The 10 Best Performing Managed Security Service Providers 2018

Hence, Insights Success has shortlisted, “The 10 Best Performing Managed Security Service Providers 2018” who are aggressively establishing industrial perception towards organizations process management system.<br>

Insights_success
Télécharger la présentation

The 10 Best Performing Managed Security Service Providers 2018

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.insightssuccess.com August 2018 10 The Best Performing Managed Security forming 2018 Company of the Month Editor’s Pick John R. Riconda CEO & President Contemporary Computer Services Inc Data Center Security: Controlling Possible Threats In Brief The New Way Of Business- Mobility on Cloud Uzair Sattar Founder & CEO Reforming the MSSP Industry with Agility

  2. MSSP: Fortifying Organizations with Security Solutions I n recent times, an organization’s database plays a crucial role that represents its overall management system. In the present computing era, managed security solutions offer unified network security that has been outsourced to a service provider. Now, businesses are embracing managed security services to tackle information security related problems such as targeted malware, customer data theft, skill shortages, and resource constraint. Managed Security Services (MSS) is also considered as the systematic approach to managing an organization’s security needs. Its services include in-house and outsourced services that provide security to other companies’ network and information system. The functions of a managed security service offer round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. Hence, Insights Success has shortlisted, “The 10 Best Performing Managed Security Service Providers, 2018” who are aggressively establishing industrial perception towards organizations process management system. Our cover story features ICE Consulting, which is one such revolutionary MSSP that has been providing managed IT services for mid-sized enterprises for over 20 years. ICE is a leading IT managed security solutions provider specializing in a full range of vendor-independent managed IT services, for startups to established mid-sized firms. The organization specializes in managing and maintaining IT infrastructure services and aims to focus on its clients’ core business and data infrastructure.

  3. ICE is the only MSSP that has been identified, qualified and approved by California Life Science Association for providing exemplary IT managed services. The biotech and life science industries have been a sweet spot for the company as their dependency on IT is quite high in terms of various computing processes, such as in HPC (High-Performance Computing) and Big Data management - another area where ICE excels. The issue also features Contemporary Computer Services Inc. (CCSI) as the Company of the Month, which is a dynamic managed services and integration provider that delivers the finest quality engagement through careful discovery, planning, design, and implementation, followed up by a strong operational support. CCSI’s primary objective is to deliver business solutions that ensure its clients achieve and maintain a competitive edge. Following are the remaining best MSSPs which have been featured in the magazine; CRYPTYK which is a leading organization, providing decentralized cloud storage with blockchain auditing solutions. The firm’s mission is to “take the profit out of hacking and the risk out of the cloud” by integrating two, separate decentralized platforms into one integrated single vendor cloud storage and security architecture; Cipher Security which delivers a wide range of cutting-edge products and services. The company’s services are supported by one of the best-in-class security intelligence labs named CIPHER Intelligence; Hitachi Systems Security which is a US-based firm with a vision to optimize customers’ cybersecurity posture continuously through a variety of targeted security services in order to secure their business and propel it to the next level; Keypasco which delivers an award-winning solution which has contributed to a paradigm shift in internet security. The company’s unique and patented solution uses a revolutionary new technology for user authentication and provides security to online service providers and users. Also, make sure to go through the articles, written by our in-house editorial team and CXO standpoints of some of the leading industry experts to have a brief taste of the sector. Happy reading! Bhushan Kadam

  4. cover story ICE Consulting Reforming the MSSP Industry with Agility 08 38 46 28 Mentor’s Role Expert’s Thoughts What GDPR forgets: The Physical Security Maestro’s Viewpoint Cooling Solutions The Role of an MSP in your Cloud Strategy For Datacenters Articles In Brief Editor’s Prespectives Network Security Threats and Solutions 32 Editor’s Pick Data Center Security: Controlling Possible Threats 24 The New Way of Business- Mobility on Cloud 42

  5. Contents Company of the Month Contemporary Computer Services Inc.: A Leading Technology Services and Solutions Provider 18 Cipher Security: Delivering the Best Managed Security Services Globally 22 CRYPTYK: Achieving True Data Sovereignty and Security 30 Hitachi Systems Security: Converged Cybersecurity Solutions 36 Keypasco: An Unconventional Approach Securing IT Infrastructure 44

  6. Anish Miller Kedar Kulkarni Managing Editor Executive Editor Assistant Editors Jenny Fernandes Abhishaj Sajeev Hitesh Dhamani Contributing Editors Shubham Khampariya Visualiser David King Art & Design Director Amol Kamble Associate Designer Tejas Kulkarni Co-designer Savita Pandav Art & Picture Editors Paul Jayant Belin Khanna Senior Sales Manager Passi D. Business Development Manager Peter Collins Marketing Manager John Matthew Business Development Executives Steve, Joe, Alan, Tushar Sales Executives David, Kevin, Mark, Avinash Technical Head Jacob Smile Technical Specialists Amar, Pratiksha Digital Marketing Manager Marry D’Souza Online Marketing Strategists Alina Sege, Shubham, Vaibhav K SME-SMO Executives Prashant Chevale, Uma Dhenge, Gemson, Irfan Research Analyst Chidiebere Moses Circulation Managers Robert, Tanaji Database Management Stella Andrew Technology Consultant David Stokes sales@insightssuccess.com August, 2018 Corporate Ofces: Insights Success Media and Technology Pvt. Ltd. Off. No. 513 & 510, 5th Flr., Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: +91 7410079881/ 82/ 83/ 84/ 85 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com www.twitter.com/insightssuccess Follow us on : www.facebook.com/insightssuccess/ ollow us on : www We are also available on : Copyright © 2018 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.

  7. Cover Story The 10 Best Performing MANAGED SECURITY Service Providers 2018 ICE Consulting Reforming the MSSP Industry with Agility We take care of our client's IT so our clients can focus in building their business.

  8. Uzair Sattar Founder & CEO

  9. rganizations around the world understand all too O malware, data theft, unpredictable disaster emergencies, cloud security and more have forced companies to rethink how they address these challenges. To tackle such threats and incidents, Managed Security Service Providers (MSSPs) have entered the picture. An MSSP’s services are considered as an organized method to administer clients’ security needs. Association for providing exemplary IT managed services. The biotech and life science industries have been a sweet spot for the company as their dependency on IT is quite high in terms of various computing processes, such as in HPC (High Performance Computing) and Big Data management - another area where ICE excels. well the importance of having a secure IT infrastructure. Increasing threats such as targeted In addition to biotech, ICE supports clients in a range of industries. It has done audit assessments for companies like Farallon Capital, the fourth largest hedge fund in the world, and has also successfully designed, installed and maintained a data center for AT&T Big Data, contributing to about 4 petabytes of a Hadoop cluster. ICE Consulting is one such revolutionary MSSP that has been providing managed IT services for mid-sized enterprises for over 20 years. ICE is a leading IT managed solution provider specializing in a full range of vendor independent managed IT services for startups to established mid-sized firms. A Resilient Foundation Uzair Sattar, the Founder and CEO of ICE Consulting, started the company over 20 years ago, from his bedroom. He graduated from San Jose State University and studied Computer Information Systems. Initially, Uzair worked for a couple of years in other organizations. Speaking about his previous stints, Uzair recalls, “What I learned was how not to do things. Hence, I thought that I could do a much better job and so I started ICE.” Since 1996, the company has gained extensive expertise in networking, systems and security products and implementation with first-class software and system support to offer full-spectrum, end-to-end, managed IT services. ICE specializes in managing and maintaining IT infrastructure services and aims to focus on its client’s core business and data infrastructure. Infrastructure security, system virtualization, storage, Linux and Window servers, cloud services, user support, database administration, backup and disaster recovery are some of the services provided by the company, both off-premise and over the cloud. When Uzair started the company, he wanted it to be client focused. He wanted to build a solution based on real-world client business needs and requirements, rather than forcing a solution that might not meet their needs. “We are our clients’ trusted IT partner. We possess a very unique proactive IT management policy and so we have developed our own preventative maintenance checklist that we go over on a weekly basis,” explains Uzair. This proactive maintenance is focused on security, firewall, 20+ Years of Success Throughout its journey, ICE Consulting has had to keep up with the latest technology and industry trends. To do this best, ICE implements any new technologies in-house first. Then it deploys them over the cloud to receive real-world experience on any implementation and deployment challenges. The progress of our clients makes us feel that we've played a constructive and a signicant role in their growth. Another one of the challenges for the organization has been hiring in Silicon Valley, where it is constantly facing challenges competing for talent with multinational conglomerates such as Apple and Google. Yet ICE has done well with finding talent by growing organically through a combination of a strong culture and the challenging work it offers its team of experts. As an example, ICE realized and identified beforehand that biotech and life-science tech was an emerging and growing market and funneled its activities toward these areas. Today, it has a strong team of experts with years of experience in this area. In fact, ICE is the only MSSP that has been identified, qualified and approved by California Life Science

  10. ‘ ‘ ‘ ‘ “ “What I learned was how not to do things. Hence, I thought that I can do a much better job and so I started ICE.‘ ‘ ‘ ‘ “ “ Network, security and system design and implementation (Windows Server, Linux, firewall, switches and routers) Design, implement and manage cloud infrastructure on AWS or Azure. Manage and maintain all cloud services. Virtualization and storage area network, cloud services (VMware, Hyper-V, NetApp, EMC) Email solutions Single sign-on (SSO) and Multifactor Authentication (MFA) Desktop and CRM support Desktop support (Windows, Linux, Mac) switching, routing, servers, virtualization, storage, and applications. These checklists are then filled and sent to the client so that they can scrutinize what was done. We at ICE strongly believe in transparent IT services.” Ÿ Ÿ Exemplifying Distinctiveness Over the course of time, ICE has developed specialized software, processes and procedures to efficiently and effectively manage, monitor and analyze its clients’ IT infrastructure. ICE Consulting is a 24-by-7 company that offers live user support and network operations services. Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ ICE’s solutions are primarily focused on three domains: small- to medium-sized businesses (SMBs), biotech and life science, and data center and cloud services. Ÿ Strategic services for SMBs and biotech and life science companies include: Ÿ Comprehensive IT security and infrastructure audit, assessment and implementation. Ÿ Assist clients with meeting different compliance standards such as NIST, HIPPA, CLIA, ISO27001. Ÿ Design, implement and monitor cloud security. Ÿ Regular strategic meetings and planning sessions. Ÿ System and network design and security. Ÿ Storage, backup and redundancy. Ÿ Disaster recovery, business continuity planning and implementation. Cloud Infrastructure Services ICE carefully reviews the different variables before selecting the right cloud services and makes sure that they fit clients’ business requirements. It designs all aspects of the network and security, and then recommends the appropriate hardware, software, and connectivity. “Most companies think putting servers and applications on AWS or Azure is safe but that is incorrect. Cloud infrastructure providers only give you space to host servers and applications. It is YOUR responsibility to secure them with the right network configuration, installing a firewall, and/or implementing a WAF (Web Application Firewall) to name a few,” explains Uzair. Upgrade and Migration Services for SMBs and Biotech & Life Science include: Ÿ System, network, and application upgrade and migration. Ÿ Migration from on-premise to cloud services (AWS and Azure) or Colocation (colo) Ÿ Data line, wireless, and telephone/video solutions. Ÿ Server room and date center build-out (cabling, power, HVAC) Ÿ Physical office migration. ICE has a team of highly experienced engineers who can help with these issues. The team handles IT migration to the cloud and emphasizes planning and careful execution. The company offers complete solutions for cloud services, including options from a private and/or public cloud model. ICE’s Cloud services expertise includes: Ÿ Amazon Web Services (AWS) Ÿ Microsoft Azure Cloud Platform Ÿ Cloud security Ÿ Microsoft Office 365 Ÿ Google Cloud Platform Ÿ Manage and maintain different cloud services Proactive Maintenance and Support Services for SMBs and Biotech & Life Science are as follows: Ÿ Complete IT maintenance with 24/7 monitoring, notification and live tech support.

  11. Different cloud-based, backup solutions Implement SSO and 2FA Ÿ Ÿ We are ahead of our competitors when it comes to cloud offerings, infrastructure audit and assessment. Data Center Offerings ICE recognizes that a data center may be one of the biggest expenses of clients. Whether one has a few servers or hundreds of servers along with hundreds of terabytes of storage, the company’s managed IT services offer the capabilities needed, which include: Ÿ Select the data center that meets your business requirements Ÿ Assess and analyze power requirements Ÿ Assess and analyze network requirements Ÿ Assess and analyze ISP and connectivity Ÿ Storage infrastructure Ÿ Server and data migration Ÿ Data center monitoring Ÿ Data virtualization Ÿ Infrastructure consolidation Ÿ Backup and disaster recovery quote on all hardware, software and to manage and renew all hardware and software warranties and licensees. Manage vendors - everything from vendor selection to negotiations to purchasing. Ÿ “We at ICE strongly believe in transparent IT services, therefore all work performed by ICE is recorded, documented, and auditable. We are ahead of our competitors when it comes to cloud offerings, infrastructure audit, assessment and deployment. We also have a strong linux team which most of our competitors don’t provide,” says Uzair. The company’s Managed Services make managing IT easy and efficient and provide clients with the peace of mind needed to focus on their core business. Customer service is a top priority for ICE Consulting. The company does an extensive audit assessment to understand what the business objectives, processes and goals are at the onset of the project, and based on that it provides a solution. Those solutions are then discussed and with the client’s consent they are implemented and maintained. Following are the services inclusive in the Managed Services package: Ÿ Provide weekly proprietary Proactive Preventative Maintenance Checklist (PM) on network, servers, storage, and applications. Ÿ Maintenance Checklist (PM) on network, servers, storage, and applications. Ÿ Technical Manager assigned to the account that participates in monthly IT meetings to review state of IT affairs and make recommendations and provide solution. Ÿ Director, IT services. Ÿ Deliver comprehensive, monthly IT report. Ÿ Enhance transparency through regular IT meetings with your team. Ÿ Have primary and secondary engineers on all engagements – not only does this provide consistency of service, but offers you built in redundancy and specialization. Ÿ Provide dedicated support staff along with account manager. Ÿ Monitor IT 24x7x365. Ÿ Offer 24x7x365 ‘live’ help desk support and NOC (Network Operation Center) services. Ÿ Document all IT issues - details entire IT infrastructure, provides up-to-date information. Ÿ Provides experienced client success group to provide Empowering Progress While expressing his views about the MSSP industry, Uzair states, “I think most companies today recognize the value of outsourcing instead of building in-house capabilities — an expensive, time- and resource-intensive process. This is our value proposition to our clients.” Uzair believes that ICE Consulting can play a vital role in a client company’s success: “We have clients that started as a 20-person company and have since grown to 300+ employees, and some have resulted in billion-dollar buyouts. We are proud to have played a key role in this growth.” “The companies we work with are innovators. They’re creating new technologies and cutting-edge solutions, and in some cases lifesaving innovation. We are helping them to build their solutions while we’re managing their infrastructure 24x7,” adds Uzair. What many don’t realize is that the MSSP industry often has a direct impact on a firm’s success. If the IT falls behind, it hampers productivity and creativity.

  12. READ IT FIRST SUBSCRIBE T O D A Y Never Miss an Issue Yes, I would like to subscribe to Insights Success Magazine. Global Subscription 1 Year ......... (12 Issues) .... 6 Months ..... (06 Issues) ..... $130.00 $250.00 (01 Issue) ..... 3 Months ... (03 Issues) .... $70.00 $25.00 1 Month ...... Date : Name : Address : Telephone : Email : City : State : Zip : Country : Check should be drawn in favor of: INSIGHTS SUCCESS MEDIA TECH LLC CORPORATE OFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone: (614)-602-1754,(302)-319-9947 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com

  13. The 10 Best Performing MANAGED SECURITY Service Providers 2018 Management Company Name Brief CIPHER Security LLC cipher.com Cipher Security is one such MSS provider that delivers a wide- range of cutting-edge products and services. Ed Boucas Chairman & CEO Contemporary Computer Services Inc. (CCSI) is a dynamic managed services and integration provider that delivers the finest quality engagement through careful discovery, planning, design, and implementation, followed up by strong operational support. Contemporary Computer Services, Inc. ccsinet.com John R. Riconda CEO & President Cryptyk is a leading organization providing decentralized cloud storage with blockchain auditing solutions. Cryptyk cryptyk.com Dr. Adam Weigold CEO & Chairman Fortinet develops and markets cybersecurity software, appliances and services, such as firewalls, anti-virus, intrusion prevention and endpoint security, among others, is the fourth- largest network security company by revenue. Fortinet fortinet.com Ken Xie Founder & CEO HackerOne platform is the industry standard for hacker- powered security and it is partner with the global hacker community to surface the most relevant security issues of our customers before they can be exploited by criminals. HackerOne hackerone.com Mårten Mickos CEO Hitachi Systems Security Inc. is a global IT security service provider that builds and delivers customized cybersecurity services to monitor and protect the most critical and sensitive IT assets in its clients’ infrastructures 24/7. Hitachi Security Systems hitachi-systems- security.com Akira Kusakabe President and CEO ICE Consulting specializes in providing customized IT solutions to small and medium-sized companies by understanding their business and then providing IT solutions. ICE Consulting iceconsulting.com Uzair Sattar Founder and CEO Maw-Tsong Lin CEO and the Founder Per Skygebjerg COO and the Co-founder Keypasco offers a new software-based solution that is easy to integrate into your existing systems. Keypasco keypasco.com onShore Security is a leading provider of managed cybersecurity developing network consultants and software developers to launch to managed cybersecurity in early 90s. onShore Security onshore.com Stel Valavanis CEO Optiv Security is a market-leading provider of end-to-end cyber security solutions. Optiv Security Inc optiv.com Dan Burns CEO

  14. Company of the month John R. Riconda CEO & President Contemporary Computer Services Inc.: A Leading Technology Services and Solutions Provider 18 August 2018|

  15. C and integration provider that delivers the finest quality engagement through careful discovery, planning, design, and implementation, followed up by strong operational support. CCSI’s primary objective is to deliver business solutions that ensure clients achieve and maintain a competitive edge. ontemporary Computer Services Inc. (CCSI) is a dynamic managed services The company later formed a networking division to provide full- service LAN/WAN design and support services. Since then, CCSI has continued to adjust to market shifts and to structure its offerings accordingly. It also maintains one of the most comprehensive Network Operation Centers (NOC) in the United States. This state-of-the art facility is located within the company’s 30,000 square foot corporate office in Bohemia, NY. and was a founding member of Microsoft’s Educational Partner Advisory Council. He has received numerous leadership awards and has been honored by the Suffolk County Organization of Public Educators, the New York State Council of School Superintendents, and the National Leadership Council for his commitment to public education. John also co-founded eSchoolData, LLC in 2008 and served as its Chief Executive Officer. For more than 40 years, CCSI has remained on the forefront of technological innovation, transforming clients through a complete IT revolution with a focus on helping them understand the practical business implications of emerging technologies. CCSI ’s approach is to improve customer’s business agility through technology solutions, reducing IT expenditure while maintaining the highest levels of network up-time, hardware reliability, data integrity, and application stability. Today, CCSI provides the highest quality of service in the industry for a full spectrum of technologies that includes network infrastructure, mobility, managed services, IP security, cybersecurity, SDWAN, IP telephony, cloud services and storage solutions. Revolutionary Solutions CCSI managed services are designed to be a client’s first line of defense for security and networking challenges. Whether they require product support or fully-managed security services, CCSI’s team of certified experts located at its Network Operations Center (NOC) and Security Operations Center (SOC) are ready around the clock to deliver. CCSI is SOC2 certified, which ensures CCSI A Widely Experienced Leader Mr. John R. Riconda hasserved as the CEO and President of Contemporary Computer Services, Inc., since 1996. He began his career as an IBM Mainframe trainee in 1979. In 1981, he became a Technical Specialist and was its Partner since 1985. Clients turn to CCSI for its comprehensive managed services and expertise which spans the full spectrum of an organization’s technology journey. By helping clients determine current challenges and opportunities, CCSI forges a path to implement the right solutions needed to achieve their business goals. Since then, he has created and built two new CCSI business units - the Networking Division and the Application Development Division. CCSI is a privately held company that was founded in 1974 by former IBM technical support specialists. They initially focused on providing installation and maintenance of IBM mainframe hardware. In 1980, CCSI expanded its hardware maintenance services to include 24/7 repair and/or replacement of desktops, printers, and LAN components. John currently serves as a Trustee of Northwell Health at Huntington Hospital, Inc. He has been a member of Cisco Systems’ VAR Council 19 |August 2018

  16. Company of the month customers that CCSI has the critical controls in place to provide security, confidentiality of stored information, processing integrity of transactions, system availability and privacy. CCSI’s MSSP program is unique in that its people are not just analysts but engineers who fully understand a customer’s environment. CCSI’s engineers have the latest certifications and can deliver across Planning, Discovery, Delivery, Implement and Operate models (PDDIO). The engineers have use AI for several years to maintain a secure customer networks. CCSI NOC is a 24x7 operations center that focuses on uptime, availability, and operations for its clients. Certified engineers monitor systems around the clock as an extension of the client’s operations team. CCSI SOC is a 24x7 security-focused team equipped to monitor and hunt for security incidents within the client’s network. CCSI has remained fully committed to its customers while weathering the ups and downs of the IT industry. Each solution they design is customized to the client and their respective unique business needs. The company’s diverse menu of services ranges from security and compliance to the latest in cloud and container technologies to more mundane network- and server-related work. CCSI’s SANS certified analysts are trained to find incidents and take the appropriate action as defined by the client. The company also provides Fault Management, Configuration Management, Performance Management, rd Performance Analytics, 3 Party Management, Solution- Oriented Monitoring, Cloud Management, Back up as a Service/DRaaS and Cloud Migrationunder the banner of MSP Services. Working Tirelessly for Industry Progress CCSI has been seeing burgeoning interest in both cloud and Infrastructure as Code (SD-WAN, SDN, CloudFormation, etc.) and, of course, how to integrate security into those solutions. By incorporating artificial intelligence into their development process, they have been able to integrate the latest technology trends and stay at the forefront of the industry. When it comes to MSSP Services, the organization provides Next-gen Endpoint Security, Incident Management & Response, Breach Detection as a Service, Virtual Ciso, SIEM/Log Management, Vulnerability Management/Pen Testing, Identity Access Management, Compliance/ Security Risk Assessment and Ransomware Assessments/NYS DFS. CCSI is already expanding its footprint as many of the services it offers are not tied to a specific geography. Its proficiency at the basics creates a strong foundation layer to support more advanced development. Standing Out from the Competition CCSI believes that its people are the differentiating factor that help it to stand out from the crowd. It has crafted a supportive and positive work culture that is responsible for CCSI boasting an industry-leading employee retention rate. Two critical elements of that culture are education and innovation. By fostering integrity and a “roll up your sleeves” work ethic, CCSI also manages to retain old clients while constantly attracting new ones. Instead of chasing every trend, CCSI focuses on observing and understanding the direction in which the industry is progressing before committing itself. Its strategic vision is one of steady growth that delivers strong, consistent and carefully-planned reliability to its clients. 20 August 2018|

  17. The 10 Best Performing MANAGED SECURITY Service Providers 2018 Cipher Security: Delivering the Best Managed Security Services Globally M managing an organization’s security needs. Businesses partner with MSS providers to resolve the issues they regularly face, related to information security such as targeted malware, data theft, and resource constraints. An MSS provider performs continuous monitoring and management of security devices, including intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to security incidents. An All-Inclusive Threat Protection Service Cipher offers a full array of cyber security solutions for SMBs and Enterprise Organizations. The umbrella services include Managed Security Services and Security Consulting Services. Under MSS, Cipher offers: anaged security services (MSS) are considered as a systematic approach to Ed Boucas Chairman & CEO •Threat Monitoring & Cyber-Attack Defense: Cipher offers advanced monitoring, analysis and investigation of malicious code and callbacks to detect attempted and/or successful security breaches. The service is supported by CIPHER Intelligence, the company’s highly qualified and technology-driven R&D laboratory, and 24x7x365 Security Operations Centers to ensure best-in- class defense, real-time incident response and operational optimization. Cipher Security is one such MSS provider that delivers a wide-range of cutting-edge products and services. Founded in 2000, the company’s services are supported by one of the best-in-class security intelligence labs named CIPHER Intelligence. The company has spread its branches in North America, Europe, and Latin America with round-the-clock Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe. •SIEM & Log Management: The Security Information and Event Management (SIEM) and Log Management service collects, correlates, analyzes and stores security events from networks, hosts, and critical applications. A team of highly skilled, certified security experts working from integrated 5th generation Security Operations Centers use all this information, correlating it with the company’s database of intelligence feeds. Cipher is a highly accredited Managed Security Service Provider holding many awards and recognitions including the Best MSSP award from Frost & Sullivan for the past five years. Its clientele consists of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. It provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance with innovative solutions. • Incident Response & Event Investigation: Cipher’s Incident Response and Investigation service offers unmatched experience in handling enterprise security incidents to prevent further harm to an organization, ranging from single-system compromises to enterprise-wide 22 August 2018|

  18. Get full visibility of your network and protect your organization against unknown attacks. expanded to global markets by establishing a U.S. Security Operations Center in Miami, Florida and operations in the United Kingdom. a structured distributed deployment, thus reducing costs from IT operations. intrusions by advanced attack groups. Its Incident Response team can quickly assess the challenges its customers faces and recommend specific actions. Under the Security Consulting Services Practice, Cipher offers expertise in Penetration Testing and Ethical Hacking, PCI DSS Assessment and Consulting, Risk and Compliance, GDPR Consulting, Forensic Analysis, and Vulnerability Assessments. An Epitome of Leadership Ed Boucas, the Chairman and CEO of Cipher, has headed the company from its foundling period to becoming a multinational leader in the Cyber Security industry. Ed played a key role in launching the company’s offices across North America, Latin America and Europe, covering over 15 countries in the process. He has successfully led two rounds of multi-million-dollar Private Equity investments, the acquisition of an intelligence lab and a security product company. •Managed Security Assets & Asset Management: The Managed Security Assets service includes a plethora of security technologies with endless opportunities in managed services for organizations of all sizes. Assets are continuously protected with feeds from CIPHER Intelligence on emerging threats. An organization’s security team receives unmetered remediation assistance from Cipher’s certified security analysts. Surpassing the Definition of Quality Cipher has been in the security industry for over 18 years and the company employs more than 150+ security experts who provide excellence in security. Another key differentiator for CIPHER is the accreditations that company holds, including ISO 20000 and 27001, SOC I and SOC II, PCI QSA and ASV certification, as well as individual certifications in pen testing and ethical hacking. By combining threat intelligence with event correlation, Cipher’s superior managed security services helps eliminate blind spots and provides visibility to what really matters. In addition to this, it gives customers total visibility and transparency of the environment and activities through the CIPHER Client Portal, a single window into the customers’ entire security posture. •Threat Protection as a Service: Cipher leverages the BLOCKBIT technology offering organizations the latest solution in advanced threat protection as a service. The services include sophisticated security technologies and the latest threat intelligence providing detection and protection against zero-day and targeted attacks, including Advanced Persistent Threats (APT) and malicious callbacks. Ed is a Production and Mechanical Engineer, an invited Professor for MBA courses, a former member of the ISO Committee for information security standards and a graduate of the Harvard Business School’s OPM program. Sculpting a Secure Future Cipher announced 38% growth in 2017 in Brazil and forecasts global growth of 25% in 2018. In the years ahead, Cipher is focused on bringing tailored security solutions to the market, including its new GDPR Managed Services. The General Data Protection Regulation (GDPR) will require expertise around people, process, and technology. As an MSSP, Cipher is well-positioned to serve customers globally in data protection, compliance, risk and governance. • Vulnerability Management as a Service: Cipher offers its customers best-in- class vulnerability and compliance management as a service. It provides accurate internal and external scans across your IT estate such as network assets, hosts, web applications and databases. The combination of people, process and technology lowers resource needs by automation through Journey towards Excellence Cipher has already seen significant growth in its initial expansion throughout Brazil and is now recognized as the largest MSS and Security Consulting Services firm in the country. In 2010, the company 23 |August 2018

  19. Editor’s Pick Data Center Security: Controlling Possible Threats T 22 percent data center outages in 2015 opposed to 2 percent outages in 2010. Adding to all these, now most of the data centers are re-evaluating their security policies after the recent WannaCry ransomware attack. he rise in cyber-crimes is one of the main causes of Data center outages. As per the recent survey conducted by industry insiders, cyber-crime caused any interruption in traffic across east/west vs north/south, protected vs unprotected one can get to know about a threat. Additionally, vulnerable zones and unprotected traffic need to be monitored for a better result. Firewall rules need to be defined and implemented as per requirements. Additionally, one should allow traffic only after thorough verification and selectively allow communication to ensure maximum protection. The key is to identify, what;s legal and secured and what can be blocked to enhance security. Data center outages cause companies to loss revenue in many ways. However, the costliest loss is service interruption and loss of IT productivity. So, the organizations are now realizing that traditional security is no longer secure enough to secure any data center. A recent study has found that 83 percent of traffic travels east/west within the data center, which stays undetected by the perimeter security. In this environment, when an attacker infiltrates the perimeter firewall, then can jump across the system with ease, extract information and compromise valuable data. Additionally, data centers can fail due to trespassers or a terrorist attack or by natural calamities. One needs to Build a Team with executives who understand how traffic flows within the premises and can access & secure information, take necessary measures to secure important assets along with the implementation of roadblocks for the attackers. Security must move as fast as a data center’s technology adoption and integration. Security Strategy Should Change Alongside the Technology and it should not be treated as an add-on option. Additionally, businesses also should ensure that their virus protection, signatures other protection features are up to date for better protection. So, how can one secure a data center in the best way possible from any kind of cyber threat? Don’t worry we’ve got you covered, with the points below. As the first step, one should Map the Data Center and flag the hackers within the virtual and physical infrastructure. The CSOs and CIOs with a system map of their systems can react to any suspicious activity and take steps to stop data breaches. Being able to visualize different traffic patterns within a network helps to understand threats, that eventually elevates the level of security. Businesses should Identify and Place Controls over high- value assets, which will help to reduce risk. However, older security solutions are completely blind to new threats, new security companies have produced latest solutions that protect data in the virtual world. Access Restriction also needs to be imposed. Every business should thoroughly check a person’s background before giving the access to a prized possession. Access to the main site and the loading bay must be limited, Understanding and measurement of traffic flow within the data center boundary are very important. In the case of 24 August 2018|

  20. additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to safeguard the employees and the data center. Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other than administrative purposes for better security. A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked thoroughly. Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit the impact of a terrorist attack. Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance footage helps when it comes to securing a data center. Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters. To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with lesser outages. 25 |August 2018

  21. Maestro’s Viewpoint Cooling SOLUTIONS FOR DATACENTERS D computing power and storage in a much smaller footprint. Datacenter floorspace is expensive, so space savings are great. But how do you maximize density without compromising cooling? atacenters are facing new cooling challenges. The servers and storage today are more efficient, faster, and incredibly dense. You can pack more scary, but when combined with their patented Leak Prevention System which maintains a negative pressure on the coolant, this becomes a non-issue. With 45% to 98% better performance you have several benefits. 1. Reduced operating cost We have watched datacenters evolve from general CRAC based cooling: where the entire room is cooled without any attention to the efficiency, to Aisle Containment, where there are hot aisles (backs of racks) and cool aisles (front of racks), to In-Row cooling where cool air is provided in cool aisles, and warm air is returned from the warm aisles, which provided a dramatic improvement. 2. Reduced demand on electrical sources, which makes more electricity available for computing without having to add more capacity, which can be extraordinarily expensive. 3. Greener datacenter with much lower carbon footprint. Most datacenters still use one of those methods, with a surprising number just cooling the entire facility with or without Aisle Containment. These methods are not only very inefficient, but also uncomfortable for staff working in those datacenters. 4. Higher density in each rack. More effective cooling allows much higher density racks, which also reduces TCO by reducing the number of racks and amount of floorspace required. In 2013 Cambridge University, using ColdLogik reduced their cooling power consumption to a super PUE of 1.05 placing them number 2 in the Green 500 datacenters in the world. The answer is LIQUID COOLING. The method the gaming industry has been using for years to cool overclocked processors and memory. A rear of cabinet cooler of this kind can save a lot of energy. Our UK partner USystems have documented energy savings of up to 98% over CRAC, 83% over Aisle Containment, and even 45% over In-Row cooling with their ColdLogik system. I know liquid in a datacenter sounds In 2012 STIHL needed a hurricane proof solution for their new 200KW datacenter in Virginia Beach. The ColdLogik team designed the most energy efficient solution for STIHL. Thanks to their access to a natural underground water supply, water was taken via a bore hole from the 28 August 2018|

  22. About the Author Andrew Lindzon is the President of Ashlin Technology Solutions Inc. Ashlin Technology Solutions specializes in Managed IT Support, providing Cloud Solutions and Network Services in Henderson, Las Vegas, Paradise, Enterprise, Summerlin South, and Sunrise Manor. Andrew Lindzon President President Andrew Lindzon patented Leak Prevention System which complements the ColdLogik rear cooler solution in many scenarios. underground springs with a nearby lake used as a back up resource. This solution was naturally hurricane proof as no water towers or external plant would be required. In 2008 Jaguar Land Rover expanded their data center with 40-foot containers due to space restrictions. Each container was to house 17 cabinets with a cooling capacity of 10-30kW per cabinet. Therefore, cooling for this project was the priority as there was no false floor, an extremely small footprint and a serious heat issue with such high densities. ColdLogik rear-cooler was the only viable option for this requirement. Three containers were deployed and allowed this datacenter in Spain to expand outside of the existing building. Because the datacenter cooling solution source was below ground the water supply temperature was a constant 64.4°F allowing for all year-round free cooling therefore benefiting hugely on cost savings as it took less than 7.5kW to cool 200kW IT heat load. The back up water source at the nearby lake had large coil heat exchangers deployed and a reverse cycle heat pump, this meant during the winter months the supply could switch so waste-heat from the datacenter could be recycled to heat their building free of charge. With ColdLogik you can be green and increase the density of your existing data center or build a state of the art high density data center from scratch. It can be phased-in rack by rack or implemented data center wide. In 2010 ARM, the world’s leading semiconductor intellectual property supplier, required a very small, very efficiently cooled datacenter. In 12m x 4m they were able to deploy 60 cabinets with a PUE of 1.045 on full load - 68% current load PUE of 1.08-1.16. Because ARM required the pipe work to run through their data center, they opted for the additional security and peace of mind that the If you want to reduce your carbon footprint while reducing your TCO, then you want to look at this innovative solution from ColdLogik. 29 |August 2018

  23. The 10 Best Performing MANAGED SECURITY Service Providers 2018 CRYPTYK Achieving True Data Sovereignty and Security T grow rapidly, today’s high- profile data breaches are inevitably reducing its adoption rate. Often, a single compromised connection to the cloud infects an entire organization’s sensitive data, and the cloud has grown to include IoT devices that are not held to a unified security standard and generally unsecured. “Challenges also appear in the form of hacker’s updated toolsets,” says Adam Weigold, CEO, Cryptyk. With the aim to avert impending security risks in cloud storage and enterprise network, Cryptyk leverages user- encrypted file management and decentralized network storage architecture with blockchain auditing in a “hybrid blockchain” architecture that eliminates the damage caused by potential hackers’ attacks. hough the global cloud computing market is expected to intelligent randomization process. VAULT then separately encrypts each of those 5 shards and distributes them onto 5 nodes. Each node is a different third party cloud storage provider such as Google, AWS, and IBM. This architecture makes any data a hacker acquires from a security breach useless, as the pieces are non- distinct and impossible to decrypt and put together without the magic addresses that only the user has.“Our ‘safe-to-hack’ Vault technology creates true data sovereignty and eliminates all significant threats to enterprise cloud use including hacking, ransomware, malware, server failure, even internal threats, while guaranteeing operational uptime, 24/7” notes Weigold. To guarantee uptime, Cryptyk uses a technique called Erasure coding, which creates multiple backups of each encrypted file shard distributed among the 4 other storage nodes. In the case of a DDoS attack or server failure on any of the nodes, Cryptyk users will not notice a change in service as files will be seamlessly constructed from the back up shards. Adam Weigold CEO Based in San Francisco, CA, Cryptyk’s mission is to “take the profit out of hacking and the risk out of the cloud” by integrating two, separate decentralized platforms into one integrated single vendor cloud storage and security architecture. Their decentralized multi-cloud storage platform called VAULT works like most cloud storage interfaces, except that each individual file is encrypted once, then split it into 5 shards using an 30 To protect VAULT, Cryptyk uses a robust security platform called SENTRY for auditing, tracking, August 2018|

  24. Our ‘safe-to-hack’ Vault technology creates true data sovereignty and eliminates all significant threats to enterprise cloud use including hacking, ransomware, malware, server failure, even internal threats, while guaranteeing operational uptime, 24/7. and monitoring all user access and file sharing. Cryptyk SENTRY features a full set of security tools, with a blockchain component that sets permissions, and monitors all file access and activity on VAULT. Its immutable record allows for real time auditing by AI, as well as behavior analysis and predictive measures that not only eliminate external threats but also internal threats from within an organization. Sentry is also a protected portal that enforces end-to-end security measures for every user accessing Cryptyk data. This allows IT departments to have a complete control over all devices accessing their data, and allows proactive enforcement of secure practices for all data in motion. the early stage there are 20-30 seconds of lag, imagine waiting 5 minutes to open a document if the blockchain gets popular.” points out Weigold. “Also, if the distributed storage is on a peer- to-peer network, or a blockchain, loss of crowd popularity will decrease users, reduce dedicated hardware, and thus transaction processing power”. Via their “Hybrid Blockchain” technology, Cryptyk stores files in double encrypted shards on 5 independent cloud storage providers online and protects access to the files with the blockchain. In addition, they utilize large enterprise accounts on these providers, guaranteeing speed, security, and uptime from each of these. The tested latency of files on the Cryptyk VAULT platform is less than 200ms, which is comparable to other cloud drives and enables real time file editing. Cryptyk Token (CTK), which creates a dynamic cyber security community of investors, developers, early alliance partners, and customers. This community has the singular goal of growing and extending the platform “We have already teamed up with several security- focused hardware and software companies to expand our capabilities. With distributed servers across the world, we will achieve a failsafe system that is independent of vulnerability to hackers, viral attacks or even pressure from nations or governments, creating true enterprise data sovereignty,” concludes Weigold. “Often technologies attempt to achieve the security of distributed storage by putting files on the blockchain directly. This has proven to be a mistake because of high latency. Even in Furthermore, Cryptyk’s blockchain is powered by the 31 |August 2018

  25. Editor’s Prespectives NETWORK SECURITY Threats Threats Threats & Solutions Solutions Solutions Solutions Solutions N Let’s Take a Look at Recurrent Security Threats Types- ovember 3, 1988, is considered as a turning point in the world of Internet. 25 Years ago a Cornell University graduate student created first computer worm on the Internet, “Morris Worm.” The Morris worm was not a destructive worm, but it permanently changed the culture of the Internet. Before Morris unleashed his worm, the Internet was like a small town where people thought little of leaving their doors unlocked. Internet security was seen as a mostly theoretical problem, and software vendors treated security flaws as a low priority. Denial of Service Attacks A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report. A standard approach is to overload the resource with illegitimate requests for service. Brute Force Attacks Today, there is a paradigm shift, Morris worm was motivated more by intellectual curiosity than malice, but it is not the case today. According to a 2015 Report, 71% of represented organizations experienced, at least, one successful cyber attack in the preceding 12 months (up from 62% the year prior). Brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any inventive techniques. According to survey report, discloses that, among 5500 companies in 26 countries around the world, 90% of businesses admitted a security incident. Additionally, 46% of the firms lost sensitive data due to an internal or external security threat. On average enterprises pay US$551,000 to recover from a security breach. Small and Medium business spend 38K. Identity Spoofing IP spoofing, also known as IP address forgery. The hijacker obtains the IP address of a legitimate host and alters packet headers so that the regular host appears to be the source. An attacker might also use special programs to construct IP packets that seem to originate from valid addresses inside the corporate intranet. Incidents involving the security failure of a third-party contractor, fraud by employees, cyber espionage, and network intrusion appear to be the most damaging for large enterprises, with average total losses significantly above other types of the security incident. Browser Attacks Browser-based attacks target end users who are browsing 32 August 2018|

  26. the internet which in turn can spread in the whole enterprise network. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application. Malicious and compromised websites can also force malware onto visitors’ systems. crime. Following are the methods used by security specialists to full proof enterprise network system- Penetration Testing Penetration testing is a form of hacking which network security professionals use as a tool to test a network for any vulnerabilities. During penetration testing IT professionals use the same methods that hackers use to exploit a network to identify network security breaches. SSL/TLS Attacks Transport layer security (TLS) ensures the integrity of data transmitted between two parties (server and client) and also provides strong authentication for both sides. SSL/TLS attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information. Secure Sockets Layer (SSL) attacks were more widespread in late 2014, but they remain prominent today, accounting for 6% of all network attacks analyzed. Intrusion Detection Intrusion detection systems are capable of identifying suspicious activities or acts of unauthorized access over an enterprise network. The examination includes a malware scan, review of general network activity, system vulnerability check, illegal program check, file settings monitoring, and any other activities that are out of the ordinary. Network Security is an essential element in any organization’s network infrastructure. Companies are boosting their investments in proactive control and threat intelligence services, along with better wireless security, next-generation firewalls and increasingly advanced malware detection. The U.S. Federal Government has spent $100 billion on cyber security over the past decade, $14 billion budgeted for 2016. Network Access Control Network Access Controls are delivered using different methods to control network access by the end user. NACs offer a defined security policy which is supported by a network access server that provides the necessary access authentication and authorization. Increased use of technology helps enterprises to maintain the competitive edge, most businesses are required to employ IT security personnel full-time to ensure networks are shielded from the rapidly growing industry of cyber Network Security is a race against threats, and many organizations are a part of this race to help enterprises to 33 |August 2018

  27. secure their network systems. Organizations like IBM, Symantec, Microsoft have created solutions to counter the global problem of network security threat. These cutting-edge products show genuine promise and are already being used by enlightened companies. Good Network Security Solutions Traits A real security solution should have four major characteristics; Detect Threats Targeted attacks are multi-faceted and specially designed to evade many point technologies attempting to identify and block them. Once they are inside, the only way to find these cyber threats is to understand the behavior of the individual attack components and use analytics to understand their relationships. Respond Continuously Today it is not important that an organization will be attacked, but important and more crucial is to identify when and how much they can limit the impact and contain their exposure. This means having the capability to respond quickly once the initial incident has been discovered. Prevent Attacks Malware is gettings quick-witted day by day. They utilize heuristics to change their code dynamically. A capable solution should have an adaptive architecture that evolves with the changing environment, and threats today’s business faces. Integration Today’s threats have multiple facets, and a single software or solution is not sufficient. Protection system should have the capability to integrate with other security tools from different vendors to work together as a single protection system, acting as connective tissue for today’s disjointed cyber security infrastructure. Solutions In Market Like infectious diseases, cyber threats will never be eradicated entirely, but they can be better contained and understood, and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive security architecture to battle today’s cyber pathogens. IBM has developed a vast fleet of products, QRadar, X-Force Threat Intelligence, Trusteer Pinpoint Malware Detection, IBM Threat Protection System a dynamic, integrated system to meddle the lifecycle of advanced attacks and prevent loss. The IBM Threat Protection System integrates with 450 security tools from over 100 vendors acting as connective tissue for today’s disjointed cyber security infrastructure. Symantec is another major player in catering enterprise network security systems with Symantec Advanced Threat Protection. Symantec ATP operates via a single console and works across endpoints, networks, and emails, integrating with Symantec Endpoint Protection (SEP), and Symantec Email Security cloud, which means organizations do not need to deploy any new endpoint agents. Symantec says, ATP is the only threat protection appliance that can work with all three sensors without requiring additional endpoint agents. With ATP, Symantec’s goal is to deliver end-to-end threat protection, prevention, detection, and response in a single pane of glass, offering more value to businesses than individual point products can provide. Symantec Advanced Threat Protection combines multiple layers of prevention, detection, and response. 34 August 2018|

  28. The 10 Best Performing MANAGED SECURITY Service Providers 2018 Hitachi Systems Security: Converged Cybersecurity Solutions M enterprises to fulfill their cyber security requirements, often due to lack of inhouse personnel, limited security expertise or budgetary constraints. It embeds various functions including 24/7 threat monitoring, regular security reporting and incident response. According to one research, around 74 % organizations manage security services in house, but 82% of them have agreed they have either partnered or are planning to partner with a Managed Security Services Provider (MSSP). marketing, information and communication technology. In his current position in the company, Akira’s efforts focus on defining the strategic long and mid-term strategic goals of the company, aligning the goals and objectives of Hitachi Systems Security Inc. and Hitachi Systems, Ltd., in order to expand the global reach to become a globally recognized leader in the information security space. anaged Security Services refers to services outsourced by Akira Kusakabe President & CEO After having joined Hitachi, Ltd. back in 1983, Akira has held a variety of positions in different Hitachi Group Companies to help achieve Hitachi’s mission of contribution to society through the development of superior, original technology and products. For instance, he played a key role in helping to grow Hitachi America and Hitachi Mexico, and he served as CEO of Hitachi Group Companies in South America at Hitachi Brazil. Hitachi Systems Security Inc., was founded in 1999 and is a global IT security service provider that builds and delivers customized cybersecurity services to monitor and protect the most critical and sensitive IT assets in its clients’ infrastructures 24/7. The objective of the enterprise is to deploy information security solutions that protect the customer’s brand, and allow them to harness the full potential of connecting people and businesses together. Hitachi Systems Security, formerly known as “Above Security”, was acquired by Hitachi Systems, Ltd. in 2015. From its five Security Operations Centres (SOCs) in Canada, the U.S.A., Mexico, Japan and Switzerland, Hitachi Systems Security has accumulated experience guarding the critical data of private and public entities in over 50 countries around the world. Offering Comprehensive Security Solutions Hitachi Security Systems offers two major types of cybersecurity services: 1. 24/7 Managed Security Services Hitachi Systems Security provides a full-scale Managed Security Service (MSS) that protects its client’s most valuable IT assets and data. The company’s managed security services, which are offered through its proprietary ArkAngel risk management program, are built to address its client’s growing IT security needs and to offer them the highest standard of protection with a Service Level Agreement customized to their needs and business requirements. Hitachi Systems Security’s MSS offering helps clients: The Torchbearer Akira Kusakabe is the President and CEO of Hitachi Security Systems. He is an experienced leader with over 30 years of experience in corporate management, sales and 36 August 2018|

  29. Our solution is flexible, self-scalable and provides you with a unique evolving risk engine for continuous improvement of your security, great privacy and integrity protection, and a blacklist of fraudulent devices. Hitachi Systems Security’s certified Security Consultants. The Cybersecurity Posture Assessmentis one of the most popular professional services of the company. It provides an overall view of the organization’s internal and external security posture by integrating all the facets of cybersecurity into only one comprehensive assessment approach. It is meant to improve the company’s cybersecurity posture through gap analysis and concrete recommendations. Other professional services include: approach to delivering integrated security solutions is unique in the market. · Detect, mitigate and prevent threats while keeping their network protected at all times · Extend their team and respond to incidents with 24/7 available security experts · Meet compliance or regulatory requirements · Get the best protection possible at a fraction of the cost of in-house security monitoring Long-Term Security Partnerships Security has been the exclusive focus of Hitachi Systems Security throughout their existence. The challenges of the company are that the cybersecurity space is inundated and very competitive. The company positions itself to be different as it offers an integrated approach to security services and is not interested in short-term selling but long-term partnerships with its global customer base. One of the other major challenges of cybersecurity industries in general is the skills shortage, as many organizations are struggling to find the necessary resources to secure their operations. The core services of MSS include 24/7 Real-Time Threat Monitoring, Monthly Security Reporting, 24/7 Access to Ark Angel Services, Monthly Service Review Meeting, Dedicated Information Security Specialist, Secure Communications Channel, Secure Retention of Sensible Documents, Security Control Integration, Business Detection Rule Implementation, 2- Hour Incident Escalation Guarantee and Control-Based Approach. Depending on the specific business context and requirements of its clients, Hitachi Systems Security also offers add-on services, including Vulnerability Management, Cyber security Analytics Dashboard, Office 365 Cloud Security Monitoring, ATM and POS Monitoring, File Integrity Monitoring, Security Device Management, Phishing Protection and Intrusion Detection Monitoring. · Risk Assessments · Penetration Testing · Vulnerability Assessments · PCI/GDPR Compliance Assessments · Security Program Review & Development · Web Application Assessments · Control Assessments The Future of Converged Cybersecurity Hitachi Systems Security’s vision is to optimize the customers’ cybersecurity posture continuously through a variety of targeted security services in order to secure their business and propel it to the next level. According to the company, it is leading the next wave of integrated cybersecurity by amalgamating IT security, OT security, organizational security and physical security. It is committed to supporting and securing IT,OT and IoT environments as part of Hitachi’s social innovation vision. Focusing on Differentiation According to Hitachi Systems Security, operational technology (OT) security is becoming increasingly important as the OT domain has become more exposed to cyberthreats. OT is a combination of hardware and software to control physical devices. In its origins, Hitachi, Ltd. is principally an OT company, so Hitachi Systems Security has a differentiating position to service these technologies and types of markets. It anticipated the market by focusing on delivering converged cybersecurity services for the IT, OT and IoT environment at the same time. This 2. Professional Consulting Services Unlike 24/7 managed security services, professional services are project-based engagements carried out by the team of 37 |August 2018

  30. Expert’s Thoughts Gisle M. Eckhoff CEO , DigiPlex 38 August 2018|

  31. The Physical Security About the Author Gisle M. Eckhoff joined DigiPlex in August 2014 as Chief Executive Officer. He brings nearly thirty years’ experience in senior positions in the IT industry in the US, Sweden, UK and Denmark as well as at home in Norway. Gisle is the former Senior Vice President and Managing Director of CGI’s operation in Norway, and has also held a number of senior management roles at both country and regional levels in CSC Computer Sciences Corporation. The experience and knowledge gained from heading up the Financial Services vertical in the Nordic region, before becoming Vice President and Managing Director of CSC in both Norway and Sweden, is of great value when implementing DigiPlex’ growth strategy in the Nordic markets. T DigiPlex urges companies to focus on another important aspect: physical security. he EU’s GDPR legislature will have consequences for every company doing business in Europe, including American companies. The new directive promises sizeable fines to anyone that does not take personal data seriously. Meanwhile, the data centre company The General Data Protection Regulation’s (GDPR) purpose is to harmonize legislation related to personal information across the EU’s member states. It does however also create radical challenges for American businesses holding information on EU customers. Come May 2018, when the legislation enters into force, companies will have publicly disclosed how the data is used, in addition to offering transparency for individuals seeking access to their data. The GDPR includes a sanction mechanism, and the fines for non-compliance can reach 4 percent of a company’s annual revenue. • Business will obviously change for everyone not taking personal information seriously. This will clearly raise awareness regarding how the data is secured, but it’s also vital not to forget where the information is located, says DigiPlex CEO, Gisle M. Eckhoff. 39 |August 2018

  32. Moving data to safety American computer security company, McAfee, published a study of over 800 company leaders from different sectors. The report reveals that 50 percent of the respondents state that they would like to move their data to a more secure location. A motivating factor is the new EU legislation. The report also reveals that 74 percent of the business leaders specified that they thought protecting the data correctly would attract new customers. • Data security is not just about protecting yourself against hacking and other digital threats. The overall security critically depends on where your data is stored. Companies who actively select a secure data centre to host their data will gain a competitive advantage in the market as the management of personal information is in the spotlight, says Eckhoff. Physical security is forgotten While EU-based companies are in the process of adapting to the GDPR, Gartner predicted only 50 percent of American firms will be ready for the strict regulation by the end of 2018. It’s primarily the largest companies and public enterprises that are furthest along in the process of adaptation. According to Eckhoff, they are usually the ones that are the most concerned with data security and where it is stored. Fire and operational safety are two obvious challenges, but physical security also includes securing yourself against theft. • Several smaller businesses and organizations keep their data servers at their offices, and the physical security in many of the smaller data centers is almost absent. If your data is stored in such a data center, where someone easily could break in and physically remove the hardware containing your information, then you are very vulnerable – both operationally and in relation to GDPR, says Eckhoff. At DigiPlex’s data centers, several layers of security ensure the safety of the data and the personal information that is stored there. Physical security is one of the most complicated and expensive features when building or updating a data center. That is why newly established data centers have to reach critical mass, allowing them to store enough data to compensate for the large security investment. Adapting to GDPR One consideration to take, as we are getting closer to the implementation date of GDPR, is where your data center should be located. Several US based companies are already relocating their centers to the EU in order to comply. Multiple database providers are helping non-EU companies organize and segregate EU data from other personal information. The data center industry is well established in Europe, and some of the most cost and climate efficient centers are located in the Nordic countries. In the Nordics, the cool climate helps chill down vast amounts of hardware that otherwise would have been cooled down solely by electricity. Additionally, the electricity that is required by data centers to run their operations is supplied through easy access to affordable renewable energy. • In recent years, we have seen political turbulence in larger parts of the world, Europe included. The stabile political environment in the Nordic countries is also a climate to consider, as the establishment of data centers is a long-term investment, says Eckhoff. 40 August 2018|

  33. In Brief T businesses today is very much affected by the convergence of enterprise mobility with Cloud Computing, Big Data Analytics and Social Media. The mantra for a successful business today is to observe and adopt the way employees, partners and customers connect and energetically engage in fulfilling business objectives and attaining the enterprise goals in record time. This is the reason, that the enterprises of today have to follow the current trends in the real time. he radical change in the innovative technology, is changing the basics of the enterprises function. The way of the There is one more paradigm shift the IT industry is observing, and that is the entrance of Enterprise Mobility in the business. With the use of it now critical business data, complex analytics and reports are getting available to the decision makers and executives in no time. The vast acceptance of the Mobile Phones and Tablets burgeon the businesses. With anytime-anywhere access to the business data for swift decision making and improved customer service, is only getting possible with the use of Enterprise Mobile Device Management (MDM). In this way Mobility on Cloud is helping SME’s to get benefited by the technological advances. Approximately, 70% of the North American workforce is now mobile, cloud-based environments require a transparent mobile policy management strategy. As is observed, more and more data of the companies, nowadays is residing on mobile devices and is distributed on off-site servers, protecting that data is becoming a mission-critical priority. That is the reason that security concerned enterprises are more concentrating on the three critical mobility factors as they evaluate and deploy cloud computing. The three important factors are: Easy access to cloud-based data and applications from anywhere at any time The availability of the flexibility of the mobile workforce is only possible with the enablement of easy access to the cloud-based data and applications from anywhere at any time. The workers today have to travel from one place to 42 August 2018|

  34. another switching between various public, private, wired and wireless networks in order to get access to the corporate applications. Mobile workers have to manually select and connect to the best available network in the given location because of this. This creates a confusion in between the workers what network to select, what policies to apply and etc. just because of the connectivity process is left on the end-users. This whole process is the reason of less productivity on the part of the mobile workers. cloud and non-cloud data and application access. By automating network selection and mobile access policies, MPM boosts the mobile workforce productivity. Additionally, MPM helps IT to pre-define network selection rules and assign mobile policies to each type of network. MPM solution automatically selects the best available network as defined by IT, connects the user and applies the relevant mobile policies, while the mobile workers roam around. This gives the worker a remote access and connectivity transparent to end-users, saving their valuable time when accessing cloud and non-cloud data and applications. Unnecessary Access Costs Wi-Fi and 3G like technologies are getting used to access cloud-based data and applications by the mobile workers today, from anywhere, on the road, from a hotel or a home office. This is becoming a reason of extra cost, when you are supposed to gain from the cloud computing environment. Most of the time this cost becomes unnecessary, like paying for LAN or Wi-Fi fees when a mobile worker is in an area covered by his paid 3G subscription, using 3G when roaming internationally or using 3G when a free or low-cost Wi-Fi or LAN option is available. Enables to cost-optimizing network selection MPM enables an option of ’cost-optimizing network selection’ to reduce the cost of mobile data usage by cost- optimizing network selection. Leaving network selection up to the end-user can drive data costs far over budget and create significant cost liabilities, for the enterprises. For an instantance, a mobile worker with an unlimited 3G subscription should avoid connecting to, paying for and expensing hotel Wi-Fi when in an area covered by a 3G local provider. For the enterprises benefit, MPM platform avoids unbudgeted data costs by helping IT to define and enforce a network white list, preventing users from adding unsanctioned laptop communications options to their mobile Pcs. Security Concern Today, many enterprises are investing on endpoint security solutions and corporate VPNs, data compromise is still a big threat for enterprises because of a variety of threats that stem from network bridging, visits to malicious Web sites, download of malicious software, and use of open and unencrypted networks. The process of connecting to wired and wireless networks is a manual, user-driven process makes the risk high. Despite these high risks, enterprises can maintain itself against these risks with the Mobile Policy Management (MPM): Avoids common Data-Security Threats The data security threats occur only because of the rogue access points or networks that are in place to lure mobile workers onto them in order for hackers to gain access to corporate data like public Wi-Fi access points in airports labeled “free Wi-Fi” or rogue Wi-Fi placed in proximity to corporate offices. Though there are security solutions working for the same, but of no use. When a mobile worker is working and visiting various places an MPM platform enables IT to dynamically automate and enforce network- specific security policies. The critical mobility factors of cost control, security and end-user connectivity for cloud-based enterprises, comes under a term, ’Mobile Policy Management (MPM)’. MPM adds to the overall return on investment of cloud-based initiatives through reduced costs and improved security. MPM helps enterprises to: Enterprises who are deploying cloud computing are influencing Mobile Policy Management to gain organization-wide visibility and control over their mobile workforce. Pre-define network prioritization policies MPM helps IT to pre-define network prioritization policies and assign specific mobile policies to a given network for 43 |August 2018

  35. The 10 Best Performing MANAGED SECURITY Service Providers 2018 Keypasco: An Unconventional Approach Securing IT Infrastructure T significance of its security. Managed Security Services (MSS) market is expected to grow up to 29 billion by 2020, as IT industry is totally reliant on security. The financial loss enterprises bear, due to security breech, is a subject of concern and it has become very difficult for them to keep up with the constant upgrade for security as cyber-attacks are growing complicated every day. With the assistance of MSS providers, enterprises can save a lot of resources as it takes huge investment to set up in house security. MSS providers feature better customization in terms of security against organized and sophisticated cyber threats. Amongst such MSS providers, Keypasco is a kind of company delivering award winning solution which contributed to a paradigm shift in internet security. Founded in 2010, it is a Swedish IT company in Gothenburg on the Swedish west coast. The company’s unique patented solution uses a revolutionary new technology for user authentication and provides security to online service providers and users. The company uses the unique DeviceID on the end users device to make sure that a username and password works only on the right device and in the right location. Keypasco’s cutting edge technology constantly works in the background to maintain the security behind the provider’s ordinary application interface. Other than DeviceID, the company has three more patents including: he Information Technology sector is growing like never before and so is the Proximity: The user’s own devices / wearables in close position to each other as unique identity to enhance security. Keypasco PKI Sign: A unique solution for PKI in a mobile device without the need for a Secure Element. By using Keypasco PKI Sign no private key is stored at any one place, but it is still PKI compliant, making the solution extremely safe. Dynamic URL: This allows for single sign-on with one single trusted security app linking multiple Internet content providers on one side and multiple ID providers on the other. Ÿ Maw-Tsong Lin CEO & Founder Per Skygebjerg COO & Co-Founder Ÿ Ÿ A Noble Combination of Dual Leadership Maw-Tsong Lin has been leading the company since September 2010 as the CEO and the Founder along with Per Skygebjerg, who is the current COO and the Co-founder of the company. Maw-Tsong has done mechanical engineering from Chalmers University of technology. Before Keypasco, the two have worked together in Todos. Todos developed hardware tokens for the e-banking market and its products are still used by a large number of banks worldwide. Per and Maw-Tsong took their experience and network with them and founded Keypasco. 44 August 2018|

  36. Our solution is flexible, self-scalable and provides you with a unique evolving risk engine for continuous improvement of your security, great privacy and integrity protection, and a blacklist of fraudulent devices. Delivering Topnotch Security The decision to switch to another security solution is not a spontaneous decision. The users have to go through the details thoroughly in order to make the switch. Challenging Traditions location, and a unique Risk Engine, the company instantly raises the level of security for its users. The company also distinguishes itself from the traditional solutions. For instance, traditional solutions stores personal information such as name, ID number, email address, and credit card numbers in databases, whereas Keypasco do not collect or store this type of information. Also, traditional digital ID consists of passwords and distributed credentials, which are prone to theft, while the security solution provided by the company does not have any distributed credentials. Keypasco provides services to any enterprise that delivers certain services and wants to secure their systems from intrusion. It offers various services including secure authentication, digital signatures and access control for all types of application and online services, such as banking and payments, gaming, betting, e-commerce, accounting, e- government and e-healthcare, smart home, and car haring. The company also provides its users with their own digital identity, based on their device properties, location and proximity to any external device they choose to be a part of. The company offers mobile security to millions of users across the world and opens up for new innovative business models and enables the creation of new services. Keypasco asserts itself to be on a mission to secure all the digital assets. The company believes that by challenging traditions and making things easier and more adapted to human behavior, it can make the internet a safer space. The company is constantly questioning old habits and seeking answers beyond established solutions to find the best methods to improve internet security. Its latest move is to develop a security solution that is designed for block chain technology. Building Trust is the Key It is likely for enterprises to counter obstacles in the initial stages of business, especially in IT security, where the technology changes at rapid speed and uncertainty is on the edge. In case of Keypasco, one of the biggest challenges they face is taking the risk of innovation. When it comes to security solutions, it takes time to build the trust needed to dare to take the decision to try something new. Standing Tall with Innovation One of the features of Keypasco, that differentiates it from the competition, is its core technology which comprises of device-related data. With features like DeviceID, 45 |August 2018

  37. Mentor’s Role MSP in your The Role of an Cloud Stratergy I have to take a serious look at their cloud strategy and make sure it's aligned to their business goals. Whether these goals are to increase operational efficiency, drive new revenue streams, improve customer service or disrupt the market, there are key principles I advise businesses to follow. Working with a Managed Service Provider with strong credentials in security can help you to lock down any potential vulnerabilities in your network. n my experience, when businesses are looking to fundamentally transform the way they work, they Firstly, upskilling your internal IT team to manage the migration can be a real challenge when the skills required are fundamentally different to those of a traditional IT team. Furthermore, it can be risky to divert your team away from managing business critical IT infrastructure to plan and implement a cloud migration strategy. This can be a very significant undertaking, and one that often makes sense to outsource to an MSP with the specialist skills you don’t have in-house. If you decide that working with a Managed Service Provider is right for your business, look for a partner with demonstrable expertise in architecting, implementing and managing cloud- based network infrastructures and applications that can flex with your business. They should also offer a security portfolio that supports both public internet and private networking environments. The approach you take will depend on what stage your business is at. A cloud first strategy is appropriate if you have the flexibility to move your core business applications to the cloud because you’re a new business or you’re not encumbered by legacy infrastructure. A hybrid approach works if you have a clear plan on which applications you feel comfortable moving to the cloud, versus those you’d prefer to keep within your own private network or at a data centre. Many businesses will need to redesign their legacy networks and infrastructure to support this migration, which can be complex. For example, data that was previously routed via a private network to head office, may now be serviced via the internet, which creates a big shift in data and networking requirements. Many IT decision makers come unstuck when they select service providers who don’t invest enough in cutting-edge technology. Even though IT services are often viewed as a commodity, working with a partner who can predict where the market is going can really help to transform your business. Another big decision is which technology provider to go with. With so many options available it can be challenging to decide which one is right for your business. For example, do you go with Microsoft Azure, Amazon Web Services (AWS) or a mix of the two? It’s easy to get distracted by service features, so it’s important to keep focused on the business outcomes you’re trying to achieve when going through the vendor selection process. There’s nothing worse than investing time and money in technology that becomes obsolete. Work with someone who has a strong reputation in delivering market leading technology in data centres, data security and cloud based services. If you’re at an early stage in your cloud strategy and are still getting to grips with the options available, it can help to work with a managed service provider who will map out the most appropriate migration path based on what you’re trying to achieve. The right MSP will be much more than a supplier. They’ll be an extension to your IT team; a true partner who’s committed to delivering outcomes and is happy to share the risk of the Irrespective of what stage you’re at, there are challenges that most businesses face as they journey to the cloud. With all the benefits that the cloud offers in terms of cost savings, agility and innovation, it can also expose your business to increased security threats. 46 August 2018|

  38. About The Author As the CEO of Enablis Pty Ltd, Jon leads a passionate and focused team delivering Managed IT Communication and Cloud Services to mid-sized organizations in Australia and New Zealand. A 25-year industry ICT veteran, in 2006 Jon founded the Australian business for Sirocom Ltd, a leading UK Managed Virtual network operator (MVNO) that later became Azzurri Communications Pty Ltd. Eleven years on, John has grown Enablis, the Australian division of Azzurri Communications, from one employee to over 50 employees with offices in Sydney and Melbourne. His zeal and vision to deliver smarter ways for organizations to procure and operate complex communication estates coupled with his experience in leading and driving a strong business culture focused on doing “right by the customer” have resulted in Enablis winning multiple industry awards for growth and service quality every year for the past six years. Jon Evans CEO Working with an MSP who speaks your language is vital. This means that they should know your industry and ideally, already have customers in your sector. Even though every business is unique, there’s a lot to be said for working with service providers who understand your business objectives and the risk profile you’re trying to manage. Prior to Enablis, Jon held Senior Partner roles at major carriers such as Verizon and Optus where he helped develop and grow key integrator relationships in Europe, and later on, in Australia. Before that, he worked at Cabletron and 3Com. Jon has sat on and assisted in technology steering panels at St Vincent de Paul. He has a passion for helping and getting involved in raising awareness and donations for a number of charities focused on homelessness and under privileged youth. In my experience, IT budgets are generally flat or falling, whereas demand for high priority strategic projects such as migrating to the cloud, is only increasing. This means that IT decision makers are often under increasing pressure to achieve more with less. Work with an MSP who can help you deploy your budget and resources more effectively; who can build a business case for you and back it up with hard numbers. Ultimately, they need to convince you and the rest of the business that a cloud strategy is going to deliver measurable improvements to your business before you bring them on board. technology deployment. Much like any relationship, a good partnership is based on chemistry, transparency, shared goals and mutual respect. Most importantly, you need to be certain they’ve got your back. 47 |August 2018

More Related