Better Business Technology

C-suite executives must have ICT security education

MANADATORY breach notification legislation came into effect in Australia on February 22 – yet most business leaders seem to be unaware of its organisation-wide ramifications.

Recent research by Kaspersky Lab internationally revealed only 12 percent of employees know or understand their information security policy – and Australian ICT security group Aleron’s experience shows the situation may be even more acute in Australian businesses. In Australia, the main targets for cybercriminals using phishing scams, now, are C-suite executives and business leaders.

“When 88 percent of an organisation doesn’t even know what’s required of them to help keep the business secure, this indicates a significant problem,” Aleron director Alex Morkos said. 

“Even more worrisome, around a quarter of employees surveyed for the same report said they believe their organisation doesn’t even have any established security policies. This means either these organisations are trusting their continued ability to operate to luck, or their employees are simply unaware of what the organisations are doing to stay safe from cyberattacks.”

Mr Morkos said the most effective way for an organisation to comply with this new legislation was to ensure its security processes and tools were strong enough to prevent hackers from gaining unauthorised access to customers’ personal information.

“Since human error is a huge contributor to successful cyberattacks, this low level of awareness should prompt all Australian organisations to revisit their approach to the awareness of their security policies and communicate clearly to employees regarding what is expected of them,” he said.

“Employees have always been the top security risk factor in organisations. A business can have the most advanced security technology in place but if its employees don’t abide by security policies and processes, it will be easy for malicious hackers to get around the technology barriers.

“All it takes is for an employee to click on a suspicious link, provide their password to a third-party, or insert an infected USB stick into their laptop and the entire organisation could be compromised.”

Mr Morkos said cybercriminals were increasingly targeting top-level executives using social engineering schemes also known as phishing. These phishing attacks are becoming more sophisticated and hard to detect at first glance. 

For example, the CEO might receive an email that looks like it is from a reputable source, asking the CEO to re-enter their password. Once that’s done, the hacker now has all the credentials they need to enter the network and steal information, sabotage operations, or set the stage for a future attack.
 
High-ranking executives are major targets for cybercriminals because they are more likely to possess valuable information or have access to mission-critical systems and information. However, many C-level executives resist the suggestion that they need training and education to avoid such attacks. This can often be because they are busy with operational concerns or because they don’t believe they would fall victim to an attack.

“This is a risky approach because of the increasing frequency, prevalence, and sophistication of these attacks,” Mr Morkos said. “All senior business leaders must insist on receiving appropriate training to avoid the nightmare scenario of accidentally compromising their entire business.

“With the consequences of attacks being far-reaching and, potentially, expensive, security is no longer an IT-only concern. Rather, it’s now a boardroom issue that demands attention at the highest levels.

“Good corporate security culture starts from the top and trickles down. C-level executives and other business leaders must show their teams they are committed to security,” Mr Morkos said.

“They must then invest in ongoing education for themselves and their staffs to keep the organisation safe. This issue has never been more urgent as the threat landscape continues to expand and worsen. Companies must act now.”

www.aleron.com.au

ends

Nutanix innovations cut cloud costs, boost security

NUTANIX has launched its first software-as-a-service (SaaS) offering, Nutanix Beam, to help businesses control their ‘cloud’ spend, along with two other innovative products to boost security.

Nutanix Beam uses ‘deep visibility’ and analytics to help businesses control their cloud spend – an expense area that has caught many organisations off-guard.

The Beam SaaS system alerts businesses when they are wasting money and resources on services and applications that do not belong in the public cloud, preventing the shock of ‘runaway costs’.

With Australian public cloud spend predicted to hit $4.6 billion in 2018, according to analysts Gartner, keeping control of cloud costs and security is entering a new realm of governance. 

To deal with the evolving security challenges, Nutanix has also launched Nutanix Flow and Nutanix Era.

Flow is a software defined networking (SDN) service that provides app-centric security to protect against internal and external threats that are often not detected by traditional perimeter-based security products. Era is a Platform-as-a-Service (PaaS) database management tool that automates database operations, freeing up staff time to concentrate on business development.

All these applications are being tested by selected customers and will be made available to Nutanix’s Australian clients, which currently include Queensland Metro North Hospital and Health Service and Queensland’s Fraser Coast Regional Council, in late 2018.

ON THE BEAM

Beam is based on Nutanix’s recently-acquired Minjar Botmetic service, which is already used to manage more than US$1 billion worth of cloud spend across Amazon Web Services (AWS) and Microsoft Azure.

According to a report by Gartner researchers: “Achieving governance with cloud computing can be a daunting task. The nature of cloud services natively encourages users to go directly to the public cloud, resulting in cloud projects that IT may not even be aware exist.”

A Nutranix spokesperson said for businesses adopting hybrid cloud architectures, this creates an unenviable scenario – managing IT costs and security across third-party cloud deployments.

The Nutanix Enterprise Cloud OS software aims to help companies reduce complexity of their multi-cloud architectures by melding private, public and distributed clouds into a common IT operating model for their end-to-end infrastructure.

Beam, the first SaaS offering from Nutanix, further reduces complexity by providing customers with deep visibility and rich analytics detailing how they are using the public cloud. It also provides one-click recommendations based on machine intelligence so IT teams can immediately optimise their cloud spend and enhance their security posture for improved compliance across clouds.

Beam helps give IT organisations a clear view into the entirety of their public cloud deployments so unexpected costs and potential security gaps can be addressed before they turn into business challenges. Beam helps organisations make better decisions when operating multi-cloud architectures.

“For us, integrity, security and compliance are of the utmost importance, especially across our multi-client, multi-technology environment with a large application landscape,” ZS Associates cloud solution architect manager Rustum Virani said.

“It was becoming a nightmare to keep track of everything. That’s when we came across Nutanix Beam.

“Beam is an excellent tool that provides single pane of glass to see the state of our infrastructure, automate tasks, provide cost-saving recommendations and also generate billing reports.”

Nutanix Beam customers better manage their multi-cloud deployments with:

  • Cost optimisation and cloud visibility – IT teams get full visibility into their overall cloud costs. They can then optimise their spending by identifying unused and underutilised resources, and select more size and cost appropriate cloud resources for each application.
  • Centralised financial governance – businesses get streamlined visibility into the entire cloud footprint so IT departments can track the consumption of cloud resources by department and group, make data-driven decisions balancing IT needs and cost constraints, and enforce policies based on allocated budgets.
  • Continuous cloud security and regulatory compliance – customers can define custom health check policies for compliance audits, and proactively analyse cloud security operations, while real-time scans for cloud compliance identify risks and violations.

“In the multi-cloud era, IT organisations need a unified, real-time view of all of their private, public and distributed clouds,” Nutanix general manager for engineering, Vijay Rayapati said.

Beam services help our customers optimise their cloud spend and manage compliance, putting them back in control of their IT assets.

“We’re so pleased to be a part of the Nutanix family and bring our ‘botmetric’ technology to Nutanix customers as Nutanix Beam.” 

ERA BOOSTS DATABASE LIFECYCLES

Nutanix announced the development of its PaaS offering, Era, at its recent .NEXT Conference in New Orleans.

Era is designed to to streamline and automate database operations so database administrators (DBAs) can focus on initiatives to drive business.

“Nutanix Era should save our organisation time and money by replacing our complex and costly copy data processes, which are impacting IT productivity and slowing down our app developers,” said Mark Maplethorpe, EMEA hosting manager at Nasdaq-listed Bottomline Technologies, whose Asia Pacific headquarters is in Sydney.

“We are actively working with Nutanix to validate that Era will streamline the provisioning and lifecycle management of our databases, allowing our teams to devote more time to strategic IT projects.”

Era extends the Nutanix Enterprise Cloud OS software stack beyond core infrastructure-as-a-service (IaaS) capabilities for private cloud environments to platform-layer services that bring Nutanix one-click simplicity to database operations.

The initial release of Nutanix Era aims to provide rich copy data management services to address the increasing complexity and burdensome cost of managing multiple copies of databases across organisations.

With Era, Nutanix is targeting one of the most prodigious consumers of enterprise storage capacity. According to International Data Corporation (IDC), 60 percent of total storage capacity is dedicated to simply storing copies of data, with the total cost for copy data storage estimated to reach about US$55 billion by 2020.

Nutanix Era’s copy data management service will initially support Oracle and Postgres database engines, with planned support for other popular databases.

Building on Nutanix’s snapshot technology, Era will also incorporate new ‘time-machine’ capabilities, along with application-specific APIs, for creating point-in-time database copies. This enables application developers to quickly select the exact database copy they need, and empowers database administrators to restore or refresh any database instance with the confidence that every recorded transaction is captured.

Key capabilities of Nutanix Era include:

  • One-click time machine – leveraging integrated Nutanix snapshot technology, Era creates space-efficient database snapshots to lower capital expenditure (CapEx) costs, and enable databases running on Nutanix to be cloned or recovered to any specific point in time – up to the last recorded transaction.
  • One-click clone/refresh – Nutanix Era lowers OpEx costs with one-click clone/restore database operations that take just minutes to complete, and include all targeted database transactions. Automating database cloning eliminates the complex and time-consuming process of locating a specific snapshot, finding the right database logs and then initiating a database recovery operation.

Era plans to later extend this technology to include full database provisioning, delivering a lifecycle management solution for all databases in an organisation.

FLOW OFFERS ONE-CLICK SECURITY

Nutanix Flow was also presented at the .NEXT Conference in New Orleans.

Flow utilises Nutanix’s newly-acquired Netsil technology to add non-intrusive application visibility across multiple clouds.

Nutanix Flow is described as a ‘software-defined networking (SDN) solution built for the multi-cloud era’.

Flow capabilities are fully integrated into Nutanix’s Acropolis software for easy deployment and will be enhanced with real-time application visibility and discovery technology from the company’s recent acquisition of Netsil.

Nutranix senior director for product and engineering, based in San Francisco, Harjot Gill said Enterprise IT teams were turning to cloud-based infrastructure to deliver today’s modern business applications, many of which are built from discrete but interconnected services.  

He said protecting these applications requires the micro-segmentation capabilities of software like Nutanix Flow, which enforces app-centric policies that govern communications between individual application services. Nutanix will also leverage Netsil’s advanced stream processing, application discovery and mapping technology to simplify security policy definition for applications running in both public and private clouds.

Mr Gill said IT teams and business owners gained confidence that their business applications were protected from both internal and external security threats.

“The next frontier of networking is about providing customers with visibility into their networks so they can track and analyse data, improve cloud application performance and optimise their resources,” Mr Gill said.

“We have worked hard to integrate Netsil’s advanced functionality into Nutanix Flow and we’re proud our customers will soon be able to take advantage of the visibility and discovery technology we pioneered.”

Nutanix Flow is built into the Nutanix Enterprise Cloud OS, and now provides:

  • Network visualisation – giving application owners an at-a-glance view of network performance and availability per application.
  • Application-centric micro-segmentation – providing granular control and governance for all application traffic to protect sensitive workloads and data.
  • Service insertion and chaining – integrating additional network functions from multiple Nutanix Ready ecosystem partners into a single networking policy.
  • Network automation – streamlining and automating common network configuration changes, like VLAN configuration or load balancer policy modifications, based on application lifecycle events for VMs running on Nutanix AHV

To accelerate infrastructure innovation and agility, Gartner research recommends that infrastructure and operations leaders “make network automation, visualisation and optimisation capabilities an integral part of their selection process by prioritising vendors that provide an application-specific view of cluster performance”.

“Nutanix Flow completes Nutanix’s mission to make IT infrastructure invisible,” Nutranix chief product and development officer, Sunil Potti said.

“As we looked to simplify networking, we took a modern approach to enable visibility and control for both enterprise apps and next-generation cloud-native services. Nutanix Enterprise Cloud OS now converges the compute, storage, virtualisation and networking resources to power nearly any application, at any scale.”

Nutanix had more than 5000 people participate in its recent .NEXT Conference, including more than 35 customer speakers and more than 40 partner sponsors. Keynote addresses were delivered by industry leaders including Anthony Bourdain and renowned TED talk speaker Brené Brown; partners including Jason Lochhead, CTO for infrastructure at Cyxtera; customers including Vijay Luthra, senior vice president and global head of Northern Trust’s Technology Infrastructure Services, Chicago; and strategic alliances including Brian Stevens, Google Cloud’s chief technology officer.

www.nutanix.com

ends

Building group JWH adapts Boomi tech to beat market downturn

WESTERN AUSTRALIAN residential builder, JWH Group, has discovered a way to hedge against the current property market downturn: new technology.  

JWH Group, is using Dell’s Boomi platform to enable better client insights while protecting its various brand positions, helping to cope with turbulent conditions in the Western Australian property market.

JWH Group comprises eight prominent companies in the building sector, with its four major brands – Plunkett Homes, WA Country Builders, Residential Building WA and Oswald Homes – considered competitors. 

According to JWH, while the company maintains strong presence in the large state, it faces challenging conditions – the WA property market is currently in decline, with prices having dropped significantly since the end of the mining boom.

To help overcome this downturn and maintain its market share, JWH initiated a five-year information technology (IT) overhaul under a program of work to ‘rip-and-replace’ its business-critical administration, construction, and estimating and scheduling systems.

The work covered three major projects. Two fundamental components of one of those projects were to provide employees with more detailed insights into their clients, and ensure that data generated by its new solutions would be restricted to the companies that own the data.

Having replaced its lead management system with a modern, best-of-breed solution, JWH introduced Boomi cloud-based integration as the mechanism to connect these new applications, and enable data generated by them to synchronise seamlessly.

“We have quite a unique operation in that the four main building companies within JWH compete with one another – this means we need to serve the best interests of every business while preserving the operational boundaries between them,” said JWH Group IT manager Pep Oliveri.

“Once we decided to refresh our software environment, we needed an integration tool to make our new cloud-based apps – namely SugarCRM and Marketo – talk to one another.

“Importantly, the solution would need to allow duplicates of data at the group level, while restricting it to single instances at the company level, and at the same time prevent client information from one of our competing brands being accessed by another. Having reviewed several options, we found Boomi was the only solution that could tick all these boxes.” 

Using Dell Boomi,  JWH has been able to connect SugarCRM and Marketo, and consequently streamlined data synchronisation while keeping information segregated. As customer data is automatically integrated across the appropriate applications, JWH has also eliminated significant manual input.

This has not only improved employee productivity, but also reduced risk of human error, according to Mr Oliveri.

He said the synchronised customer relationship management (CRM) and marketing data has provided JWH’s companies with greater visibility into client activities, allowing employees to boost relationships.

“For example, when a client downloads a particular plan, the sales representative is notified, and can leverage that information to advise the customer of their best options on purchasing and building a property,” Mr Oliveri said.

Boomi has also saved significant time and resources for JWH’s IT department, which is no longer required to manually code and manage connectors between its applications. The low-code design of the Boomi integration platform as-a-service (iPaaS) means integrations can be easily initiated and maintained so that the IT team can focus on qualitative projects to generate value for JWH’s brands and therefore deliver greater value to clients.

“Managing a large organisation while sustaining the operational integrity of multiple companies is challenging, and even more so within a turbulent climate such as the Western Australian property market,” Dell Boomi managing director for Asia-Pacific and Japan, Michael Evans said.

“By integrating its core customer applications using Boomi, JWH has both improved the efficiency and productivity of its IT team, while providing real time information and better insights to its customer facing staff.”

Dell Boomi is an independent business unit of Dell that provides cloud integration and workflow automation software to more than 7000 organisations worldwide, to build integrated and connected businesses.

www.boomi.com

www.jwhgroup.com.au

ends

           

Consider the physical risks of cybersecurity

By Lyndon Broad >>

CYBERSECURITY is a hot topic. Businesses of all sizes are becoming acutely aware of the damage caused by data loss, leakage and theft.

They are aware of the threat posed by malicious intrusions such as denial of service attacks and ransomware infections.

Business leaders know they need to develop strategies based on technology, processes and education to mitigate these risks. Yet many fail to make the link between digital and physical risks.

Protecting business systems from unauthorised physical access is a vital first step in preventing malicious or inadvertent damage. 

To properly mitigate cyber risks, it makes sense to adopt an engineering-based approach. This should include three levels of cyber-risk assessment – physical, information security and industrial control systems.

SHUTTING THE DOOR

So while businesses must be alert to the risks presented by high-profile ransomware attacks like WannaCry and Petya, or employees opening emails containing malicious code, they should also be shutting the door on unnecessary physical exposure.

A recent story in the Seattle Times highlights the cyber risks posed by physical breaches. Washington State University warned a million people that their personal data may have been accessed by thieves who stole a safe.

This contained a backup drive used by the university’s Social and Economic Sciences Research Center.

FM Global is developing a risk assessment framework to cover all aspects of cyber security risk. We currently conduct physical assessments on all commercial and industrial properties we insure, supplemented with a digital security risk assessment which is about to be released.

We’ll start assessing industrial control system risks in 2018. Our analytics team is working with external cybersecurity experts to gather intelligence and develop this comprehensive framework.

The FM Global research team then apply our proven loss-prevention approach to create thorough account-level cyber-risk assessments.

Our approach extends beyond providing insurance coverage that helps clients manage risk. We also provide coverage for loss of business due to a cyberattack. 

For example, if a large manufacturer’s industrial control systems fell victim to a malware attack, we would cover loss of production as well as the hardware damage.

COMMON MISTAKES

We have recently started physical assessments of cyber risk at client premises. These have revealed a number of common mistakes that are easily prevented:   

  • Having a network port on a door intercom.
  • Unsecured server rooms.
  • Server racks installed in open areas.
  • Easily accessible cables and ports.
  • Data backups stored in accessible areas.
  • Infrequently used building entrances that are unsecured.

Our in-depth research and physical assessments show how the physical component of cyber risk is often overlooked.

This exposes companies to considerable financial and reputational damage.

We encourage all businesses to evaluate the physical risks inside their doors and implement solutions to protect their future.

  • Lyndon Broad is the operations manager at FM Global, a business insurance, loss prevention and risk management organisation that uses engineering rather than actuarial principles to help protect organisations.

www.fmglobal.com.au

LYNDON BROAD is the operations manager at FM Global, a business insurance, loss prevention and risk management organisation that uses engineering rather than actuarial principles to help protect organisations.

Aussie retailers fuel own online shopping growth

RESEARCH from Australia Post shows Australians are increasingly shopping online – and mainly from local retailers.

Australia Post’s second annual Inside Australian Online Shopping Report showed online sales surging more than 11 percent in the past year.

The report, which draws on all of Australia Post and subsidiary StarTrack’s customer and delivery data, showed online shopping sales soared 11.5 percent in 2016 compared with 2015, and domestic retailers accounted for 79 percent of the total online spend. 

Australia Post's general manager of eCommerce and international, Ben Franzi, said Australians' love of fashion and department/variety store items continued, with the two categories accounting for more than half of all online sales.

“Price, range and convenience are the three main reasons why consumers shop online, and why growth rates remain strong,” Mr Franzi said. “Online shopping empowers people to shop at a time that suits them.

“Almost one third of all online purchases were made from 7pm to10pm, while 18 percent were made from 2pm to 5pm. Australians are increasingly using their smart phones to shop online, with purchases made from a mobile device growing 52 percent.”

Other popular items included personalised goods, which grew 28.2 percent. Mr Franzi said more online retailers were offering shoppers the ability to co-design and add their own personal brand to products such as watches, handbags and other accessories.

Point Cook in Victoria was the number one buying location for the second consecutive year, reporting 13.2 percent growth, followed by Toowoomba in Queensland (7.6% growth)  and Liverpool in NSW (15% growth).

Mr Franzi said Australia Post and StarTrack combined delivered more than four billion items to 11.6 million addresses across the country annually. Mr Franzi said the data provided critical information for businesses looking to get ahead in a tough retail market.

“Here in Australia we know the online shopping industry is about to be disrupted, and retail as we know it won't ever look the same,” Mr Franzi said.

“The Inside Australian Online Shopping Report is a powerful tool to help businesses understand their existing and potential customers better, so they can create targeted offers and grow their sales by giving consumers what they want based on facts and data.”

www.startrack.com.au/ecommerce.

Top 10 online shopping buying locations and annual growth:

Point Cook +13.2%

Toowoomba +7.6%

Liverpool +15%

Gosford +12.8%

Cranbourne +17.6%

Hoppers Crossing +16.8%

Mackay +1.7%

Mandurah +4.8%

Baulkham Hills +21.1%

Campbelltown +13.7%

*Results are from the 2016 calendar year compared with the 2015 calendar year.

ends

CatchData aces service industries

FINDING the right software and apps to effectively operate his air conditioning and industrial cooling services business was raising Gavin Bailey’s own temperature to boiling point. So he designed and built his own.

CatchData is the resulting intelligent system that not only lifted his core business, PREH, to new levels of client service and satisfaction, it has developed into a successful platform in its own right.

Continue reading

Contact Us

 

PO Box 2144
MANSFIELD QLD 4122