Don’t have your head in the clouds when it comes to modern data protection

cybersecurity, cyber crime

By Pam Napier, senior manager of cloud UK&I at Veeam

Cloud adoption is a critical part of a business’ digital transformation journey, and a non-negotiable in order to continue competing and offering exceptional service in today’s digital landscape.

Simply put, it’s a must-do rather than a nice-to-have. In fact, Gartner research suggests enterprise IT spending on cloud computing will overtake spending on traditional IT by 2025, after previously predicting that 75% of all databases will be migrated to the cloud by the end of this year, a shift being driven by the enhanced data and analytics capabilities it will provide. In support of this, the Veeam Data Protection Trends Report 2022 found that 41% of European IT leaders consider hybrid-cloud workload protection as the most important aspect of enterprise data backup this year.

Initially catalysed by the pandemic to enable the shift to working from home, the benefits of cloud adoption in all areas of enterprise IT are still ringing true. Alongside more sophisticated data and analytics tools, this includes a reduction in risk and admin pressures on IT staff, more agility to respond to market changes and launch new capabilities and services to market. Some suggest that the pandemic actually validated the cloud’s position.

However, it’s vital that as cloud adoption and usage continue to grow, that businesses are putting the correct security measures in place for this new environment. Lifting and shifting current security processes isn’t enough. To put this in perspective, when it comes to data protection, Veeam’s research found that 65% of UKI businesses use cloud services as part of their data backup solution, meaning 35% are only using on-premises solutions. If Gartner’s research is correct, and 75% of databases are hosted in the cloud by the end of this year, a certain number of businesses won’t have suitable Modern Data Protection measures in place for this new environment.

Assess and mitigate the risks involved

Data migration is a vital part of cloud adoption, but one that’s easy to get wrong. A key reason moving data to the cloud fails, becomes vulnerable or falls victim to a cyberattack, is poor planning and implementation. In order to succeed at this process, businesses must ensure they have a fool-proof plan in place before getting started that encompasses the full spectrum of threats and vulnerabilities that they may face. To accompany this process, they must also have contingency plans for these vulnerabilities: what countermeasures need to be taken to ensure that they can still access their data if the worst should happen?

Furthermore, when migrating data to the public cloud, it’s vital that IT decision-makers fully understand who is responsible for the data hosted there and the repercussions this ownership may have in the event of a breach. They are putting their data in the hands of another entity, so they need to be confident that it’s secure and protected.

Level Up Summit 2022

Don’t miss our Level Up Summit on 06 December, where we’re tackling the barriers for women in tech head on. Join us for keynotes, panels, Q&A’s & breakout sessions on finance, people management, negotiation, influencing skills, confidence building, building internal networks, maximising the power of mentorship, and much more. 

BUY YOUR TICKETS

Give your employees the tools they need

The speed with which cloud adoption has taken hold means that there is a damaging digital skills shortage facing the IT industry, which is providing a barrier to seamless cloud migration. Veeam’s research found that a lack of IT staff skills or transformation expertise was preventing 54% organisations from moving forward with their digital transformation initiatives. Therefore, staff need to be proactively trained on how to use the new cloud services they have access to and the new security risks they may now face. The insider threat is a common cause of enterprise data breaches, but one that is preventable, if employees are given the correct tools and training. This goes for both IT staff, who are more directly involved in the process, but also colleagues in other departments who may not be as aware of the complexities that it brings. To facilitate staff education, businesses should invest in thorough inductions and annual training courses, as employees are always the first line of defence when it comes to security and compliance. Furthermore, to foster a positive security culture, organisations should have a CISO or similar who oversees these processes and can provide clear security guidance that can be rolled out company-wide.

The benefits of the cloud are obvious – such as its scalability, agility and flexible pricing – proven by the rapid adoption and vast increase in spending enterprises are pouring into it. Veeam’s research predicts that by 2023, 81% businesses are expected to use cloud services as part of their data backup solution, up from 67% this year. However, in their rush to take advantage of what the cloud can offer, it’s crucial that businesses don’t forget to take data security into account. Data is their most valuable asset, so moving it to a new environment doesn’t come without risks. If the data is not properly cared for or protected, this could have vast legal, financial and reputational consequences. However, the solution is simple: adopting a modern approach to data protection that is tailored specifically to the cloud to support this modern IT environment.

About the author

Pamela Napier is senior manager of cloud for the UK and Ireland at Veeam. In this position, she oversees the strategic direction of the UK&I cloud team, driving the Veeam Cloud and Service Provider (VCSP) partner ecosystem and increasing growth. She joined Veeam in January 2018, having previously held positions in channel management, SIs and end user sales during her 20 years in IT. During her initial tenure at Veeam, Pamela participated in much of the business’ early success in the VCSP team and went on to expand responsibility as team lead and was then promoted to manager of the VCSP team in October 2019.

Pamela came to Veeam after seeing the IT market shift to cloud, and took a move away from vendor sales to cloud providers to gain valuable knowledge in order to follow her ambition to move back to vendor cloud sales. She has a real passion for sales, problem solving and developing people, and prides herself on her empathetic approach. Pamela has a wealth of knowledge and experience and is always willing to share that knowledge through coaching and mentoring.


Why addressing software security could help businesses remove risk and improve organisational performance

cybersecurity, cyber crime

Article by Stefania Chaplin, solutions architect, GitLab

As the world becomes increasingly digital, a new approach to software security that leads to better applications, enhanced collaboration and improved performance, has become mission critical.

Why now? Software underpins every aspect of modern life, resulting in almost every organisation becoming a software company.

For example, an airplane has close to 15 million lines of code and a modern car over 100 million.

These huge volumes of code mean that the traditional route of a team of developers writing every line of every program is no longer viable.  A far quicker and more cost effective approach is developers stitching together reusable libraries of code, often called components.

New routes usually create new challenges. An increased reliance on software for almost all operational activities means that the security aspects of software development take on a far greater importance.

Regrettably, security is often an afterthought or added at the end of development. So what happens when things go wrong?

Poor software development processes can cause delays, failures or worse, such as product recall, fines and loss of brand reputation.

Buggy software can result in ransomware, stolen data, crypto-mining and fraud. It’s a long, potentially career-damaging list.

What can business leaders and managers do to avoid these negative outcomes, gain competitive advantage for the business and possibly boost their own promotion prospects?

  • Make an effort to understand the principles underlying best practices in software security development – usually referred to as DevSecOps. These help reduce costs, catch vulnerabilities fast, reduce rework, improve software delivery and enhance organisational performance.
  • Develop close relations with your technical team leaders, and ask them to explain the purpose, processes and control of their key projects with minimal use of jargon.
  • Set clear goals and milestones for each development project in consultation with the technical team and end users.
  • Use a reporting system to identify and correct emerging issues, allowing collaboration between teams.
  • When things go wrong (and they will), treat failure as an opportunity to learn lessons and make improvements. Create a culture of psychological safety and schedule a debrief to analyse what went wrong and what can be done to improve the system. This will prevent the same failure happening again, improving efficiency and organisational performance.

If a business manager or leader wants to become more involved in the technical process, these are typical security questions that could be asked of a technical team:

  • What is the DevOps platform?
  • What is the software creation and deployment process?
  • Is security scanning automated throughout the development process?
  • How much time is needed to patch typical vulnerabilities?
  • What is the mean time to recovery when there is a failure? (MTTR)

Avoid asking a technical question but failing to understand the response. If in doubt, consult a security expert and work with them. For those interested in learning more, I am working with organisations staging exciting education events, adopting DevSecOps to reduce risk, improve software delivery, boost organisational performance and outperform competitors.

About the author

Stefania ChaplinStefania’s (aka DevStefOps) experience as a Solutions Architect within DevSecOps, Security Awareness and Software Supply Chain Management means she’s helped countless organisations understand and implement security throughout their software development lifecycle (SDLC). As a Python developer at heart, Stefania enjoys optimising and improving operational efficiency by scripting, automating and creating integrations. She is a member of OWASP DevSlop, hosting their technical shows. When not at a computer, Stefania enjoys surfing, yoga and looking after all her tropical plants.


Black woman working on computer, engineering, CodeGen Developer Challenge

Calling all security innovators! TCG are inviting you to participate in their CodeGen Developer Challenge

Black woman working on computer, engineering

Calling all security innovators! TCG are inviting you to participate in their CodeGen Developer Challenge.

The week-long event, taking place 18-22 October 2021, will ask developers to create a functional prototype built off a TCG standard.

The challenge will provide an opportunity for brilliant talents to create their works with the help of TCG mentors, who will be virtually available throughout the event, while also experiencing the unforgettable thrill of coming together with peers who share the same passion for digital technology and innovation. Competing developers have the chance to win up to US$5,000.

The theme of the challenge will be “Pervasive Security and Application of TCG standards in software and hardware development”. Participants will have the opportunity to create solutions that can make an impact for the security community, as well as SW and HW developers seeking to integrate security into their platforms. The challenge is open to both teams and individuals, and whoever impresses the judges most will be awarded. The event is free and open to non-TCG members only, as well as individuals from TCG member companies who have not had an active member login to the technical Work Groups.

Registration for Trusted Computing Group (TCG)’s Virtual CodeGen Developer Challenge is open now!

Registration deadline for the challenge is Monday, October 11, 2021.

REGISTER HERE

For more information on how to get involved, please visit the TCG website. An overview video about participation and the prizes that are up for grabs is also available on YouTube.

TCG CodeGen Developer Challenge

Women on the frontline of security

When you think of a ‘bouncer’ or a security guard, you may think of a large male, but women are ideal for frontline security services, as Joy Darch, security officer at VIP Security Services explains…

Being a good security officer isn’t just about how to have the physical strength to defend someone or something, for the majority bearing in mind we have to “do the job” when it comes to it, it’s more about communication, attention to detail, multi-tasking and empathy.

On a day-to-day basis we work alongside our male colleagues and deal with all incidents on equal terms. Many male security guards have quite a physical presence, which can help ward off threats, but not all of us ladies are built in the same way. We may not be the same size or have the same physical strength, but women on the frontline can be more adept at reacting to situations and dealing with potential problems professionally without the need for physical intervention.

It’s tricky to generalise, but like in life, women are usually better than men at dealing with males in heated situations. We’re good mediators and we’re able to get guys to see another side of the argument and to just ‘quieten down’ take some time out, which in many incidents is enough to quell a situation.It’s also ideal for women to see female security guards, as sometimes they may feel more able to talk or reach out to a woman than a man. For example: if a female is in a nightclub and she fears that her partner has given her cause for concern, it’s much easier for her to walk up to a female security guard and ask for help, than one of my male counterparts.

Women are great at empathising with people and able to show compassion. Security officers who work in large retail outlets are often called upon to find lost children. Whilst searching for a lost child it’s also vital to calm down fraught parents. Here it seems females find it easier to step into someone else’s shoes, understand how they feel and give support at a time of need.

It’s often been said that women are great at attention to detail and multi-tasking, it’s true, which also makes us ideal for surveillance or cyber work. Here we’re strong at analysing a situation, watching hours of filmed data whilst also managing other duties at the same time and working as part of a team.

Women are also great communicators and that’s a key skill for frontline security services. Strong communication is ideal on the ground to ensure all team members know exactly what they’re doing, any change of duties. Communication is also ideal to create great working relationships with clients and their customers. The majority of situations can be diffused quickly and efficiently by excellent interpersonal skills and keeping a flow of communication to large groups in queues is also ideal in keeping everyone safe and secure.

We’re also essential onsite at airports and venues where ‘pat-down’ searches need to be conducted; because there is physical contact these ‘frisk’ searches must be carried out by a searcher of the same sex as the person being searched to comply with legislation.

Most women still face a lot of prejudice when they tell others that they work as a security guard as so many people still stereotype. But the world is changing, and the security industry is a great place for women to display their key strengths and nurture a fulfilling and very worthwhile career.

To discover more, visit www.vipsecurityservices.co.uk

Joy DarchAbout the author

Joy has spent the past five years at VIP Security Services working in various security roles, she is currently a team leader. Joys spends the majority of her time front-of-house in licensed properties and acting as the ‘eyes and ears’ at large events. Joy is also a carer to her retired husband, mother and grandmother, with little time for anything else!


Women's Security Society


Sally Napper

Inspirational Woman: Sally Napper | Head of Security Assistance, International SOS & Control Risks

 

Sally Napper

As Head of Security Assistance for International SOS and Control Risks, Sally Napper is responsible for driving and continually enhancing the delivery of market-leading security advice and assistance in support of our customers’ business travel and operations.

Sally also plays a key role in managing security crises globally.

Tell us a bit about yourself, background and your current role

As the global Head of Security Assistance at International SOS and Control Risks I oversee a team of security experts who work 24/7 with our 26 Assistance Centres and network of providers all over the world to provide security advice and assistance in support of our clients’ mobile workforce and overseas operations. On any given day you will find us supporting our clients in many different ways from advising travellers on specific risks they may face in a new environment to helping managers respond to security-related crises.

Before joining International SOS, I worked for the Australian government for more than 10 years.  I spent most of that time working in a civilian operational support role for the Australian military, including on deployment to Iraq and during military exercises in the Pacific. My background is in international relations, a degree choice that stemmed from my desire to travel for work. I think I can confidently say that I got what I wanted, and perhaps a little more.

Did you ever sit down and plan your career?

To be honest, no, I have never actively planned my career. Instead I took every opportunity as it came along and then worked really hard to try and succeed in every single one. Fortunately for me this approach has led to an incredibly interesting and diverse career so far. I’m lucky to have had some incredible opportunities to grow my career, including my deployment to Iraq; the honour of representing my country at the Australian embassy in Washington DC; and the chance to join the incredible team at International SOS and Control Risks.

Being open to these chances – each varied and equally exciting – has led me to where I am today. I always recommend leaping at any opportunity that comes your way and then working really hard to make the most of every chance to grow. Even if it doesn’t work out, there will always be something you can learn about a job or about yourself. Plenty of new opportunities will lie around the corner if you work hard.

You were deployed to Baghdad for 6 months – how did this come about? What did you learn from this experience?

Quite early in my career my boss at the time walked past my desk one day and asked if I wanted to go to Baghdad. Looking back I probably wasn’t the exact fit for the role. They wanted someone with more experience and a military background but I had proven willing to work hard. I was invested in supporting the military so they took a risk. Fortunately it worked out and became one of the most challenging and rewarding experiences of my career. It certainly set me up for my role today, which involves helping our clients tackle similarly challenging work environments.

Working in a male dominated sector, like security, I’ve had to learn how make myself heard. Something that can be especially challenging when you’re one of the only women in the room. Those who work with me will know that I’m generally not the first to speak. I often find my skill lies in taking the time to listen and choosing the best moment to share my opinion in a clear and considered way. I’m unsure how much of this approach is because I’m a woman and how much is because I’m an introvert, but, in a world where people can be highly opinionated and loud, the quiet voices can be very powerful. Sometimes as a woman it takes a little longer to be taken seriously but if you’re good at what you do, it won’t take long to have a voice.

What is your next challenge and what are you hoping to achieve in the future?

I am currently working on completing my MBA. Combined with my unusual, and at times crazy, work schedule (I take an average of 1-2 long haul flights a month), this can prove a bit challenging. I remember once being in Papua New Guinea, standing on top of a Jeep to try and get enough signal to send an assignment back to my university in Australia! I love a challenge and certainly got one when I decided to work towards my MBA.

What would you say is your coping mechanism?

A good work life balance is a challenge for anyone, me included! Fortunately I love my job, which makes it much easier to sustain the high tempo. I have great empathy for working parents. I don’t have children myself and can’t imagine juggling deadlines and family commitments. I try to be supportive of my colleagues in more challenging situations than me. I am fortunate to have an amazing husband, and I wouldn’t be able to do what I do without his support. I really appreciate the fact that he’s often willing to accompany me on a business trip at a moment’s notice. While this might sound glamorous, and I never thought I would say this, but travel can get tiring at times.

I am also a certified yoga instructor, and try to do at least 10-15 minutes of yoga or other form of exercise per day no matter where I am. It helps me to clear my head and let my creativity flow. I don’t know many people in the security industry or in International SOS who don’t exercise on a really regular basis – it’s such a good stress relief.

What advice do you have for women who would like to follow a similar path to you?

My advice to women is to be yourself. There can be a lot of pressure on women to behave like men, particularly in business, or to behave like other women who have gone before them (to wear certain clothes, take certain roles etc). While I appreciate the amazing efforts of women who have paved the way for female careers in security, I never listened when anyone said there was only one path. I’ve been myself and I’ve worked really hard at every opportunity I‘ve been given. From my experience I can guarantee that if you work hard you will ultimately be recognised, and if you do it with integrity, the success will be even sweeter.


GDPR featured

GDPR and WeAreTheCity

 

GDPR is a hot topic for everyone at the moment, with us all receiving emails from companies requesting for your consent or updating your preferences. At this stage we wanted to take a moment to reach out to you all, not only to let you know what how we are tackling GDPR and what it means to you.

The team have taken alot of time to understand the full policies in their written form and speaking to industry experts and data experts, below is our brief summary of what GDPR means to WeAreTheCity and you. Although this article is not exciting to some, we urge you to read if you have 5 minutes.

What is GDPR?

“The General Data Protection Regulation (GDPR) is a regulation (binding legislation, not just a directive) by which the EU intends to strengthen and unify data protection for all individuals from the European Union (EU). It also addresses the export of personal data outside the EU.

It aims primarily to give control back to EU citizens and residents over their personal data and to simplify the regulatory environment for international business (any company that is gathering, processing or storing the personal data of EU citizens).”

GDPR also includes steep sanctions for any company that is not compliant with the GDPR regulation after May 25th, 2018, when the GDPR goes into effect.

Key Principles of GDPR

Here are the key principles you need to be aware of:

  1. Personal data collected needs to be processed in a fair, legal, and transparent way. It should not be used in any way that a person would not reasonably expect.
  2. Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it.
  3. Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
  4. EU citizens have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization without hindrance.
  5. All personal data needs to be kept safe and secure, and companies undertaking certain types of activities are now required to appoint a data protection officer.Data privacy policy and GDPR

What is WeAreTheCity doing about GDPR?

We know that personal information, privacy and GDPR are big deals. Which is why we are focusing specifically on getting us ready for the GDPR. We strongly believe this a step in the right direction for our users.

Here’s how we’ve divided our time and resources:

  • Identifying Personal Data: We are currently in the process of mapping the different levels of personal data that is collected, stored, used, and disposed of.
  • Data Privacy Impact Assessment: Analyzing the risk to data that a system might pose. Systems that collect, transmit, process, or store personal data are validated to ensure processing is consistent with our privacy notices.
  • Data Portability, Update & Erasure: While the ability to change or delete your data was already in place through our support teams, we are a looking at a more streamlined version that will allow for the automation of these tasks.
  • Consent: We are drawing up data processing agreements that will clearly define what data we need, for what purposes, and will require your explicit consent in order to process your data after May 25th.
  • EU-US data storage and Swiss-US Privacy Shield Certification: EU customer’s data may be transferred to and processed by our US entities as well (for example, we mainly house WeAreTheCity in the US). In accordance with the GDPR, we need to ensure that our US entity offers the same level of protection of the EU data, as guaranteed in the GDPR, even though it is subject to US jurisdiction. This has been confirmed and our server farm is held under the Privacy Shield Certification.
  • Enhancing Data Security: Data security has always been a critical issue for us. We are reviewing our policies to further enhance data privacy and data security measures.
  • Changes in the services and websites: If you are a returning and loyal member of WeAreTheCity, you will have noticed that we have changed the look and feel of the site, this echoes some of the hardened security and policies we have put in place to protect you, your data and security.
  • Being Visible & Achieving Transparency: Providing visibility and transparency on how collected personal data is used is of utmost importance. We identified different levels at which we are using personal data and are in the process of mapping and clarifying this information in order to achieve transparency and provide visibility to our users.

What does this mean for me?

Here’s what you need to be aware of:

Your Rights

  • Transparency: We are making it even easier to understand what is happening to your personal data.
  • Consent: Choose what data is collected about you (with the ability to change that choice).
  • Update and Erasure: Update or request deletion of your data.
  • Portability: Take your data elsewhere in a portable format.

Our Obligations

  • Due Care: Safeguard your data.
  • Minimization: Minimize the risk of your data being exposed.
  • Privacy By Design: Analyze the risk a system might pose to your data.
  • Notification: Communicate data breaches quickly.

What’s coming next?

What else can you expect to change in the coming months? Here’s what we have on our plan:

  • New Privacy Policy
  • Revised Terms of conditions
  • Introduction of GDPR forms and requests
  • Email verification for existing subscribers
  • Changes to our data collection policy and online forms
  • Revised website policies for the entire WeAreTheCity Network
  • Changes to our premium membership program and data security

 

If you have any specific questions around our plans, intentions and policies, please do get in contact with us.

 

The WeAreTheCity Team


Stephanie Daman featured

Cyber Security Challenge UK launches Foundation to boost diversity in security in memory of Stephanie Daman

 

Cyber Security Challenge UK has launched a charity, in memory of Cyber Security Challenge UK’s late chief executive, Stephanie Daman.
Stephanie Daman, CEO of Cyber Security Challenge UK
Stephanie Daman, late CEO of Cyber Security Challenge UK

The Cyber Challenge Foundation, aims to support accessibility and diversity in cyber security, with an emphasis in supporting those from a disadvantaged background - fulfilling her vision of creating a support system for individuals across the UK who wish to learn about cyber security, but may not have the resource to do so.

The Foundation will provide grants towards the provision of education, training, mentoring and hardship relief across the UK. Through doing so the Foundation aims to promote better diversity within the cyber security profession.

According to industry association (ISC)2, only 11 per cent of the UK cyber security workforce is female (seven per cent global average) and only 12 per cent are from ethnic minorities.

Nigel Harrison, acting Chief Executive at Cyber Security Challenge UK said: “At the Challenge we are continually working to encourage diversity throughout the cyber security industry. It was Stephanie’s vision to expand this work and provide real help to those who struggle to find support in the usual places. Diversity increases creativity, productivity and culture, and at a time when the cyber security threat continues to grow, making this sector more accessible is a logical and much-needed step.”

Cyber Security Challenge UK will raise capital for the Foundation through corporate sponsorship, fundraising events and private donations with the first fundraising evening, in partnership with BT, taking place during the Challenge’s Masterclass competition on Monday 13 November.


Women Talk IT: Women in Security | Bank of America Merrill Lynch and WeAreTheCity Event | In Pictures

 

Bank of America Merrill Lynch recently held an event called Women Talk IT: Women in Security, which brought together information security professionals for networking and roundtable discussions.

Taking place at Bank of America Merrill Lynch's central London offices the event connected female professionals in the information security industry and offered an opportunity to learn from experienced senior leaders on how to successfully navigate the information security landscape.

The agenda consisted of a panel discussion followed by a round table and networking session over drinks and canapés. The panel provided an overview of challenges and opportunities for women in information security, ways to attract and retain women in this industry, and share lessons learned from their own careers. This event was also open to aspiring information security professionals.

The evening's panel discussion included:

  • Simon Riggs, Regional Information Security Officer, Global Information Security, EMEA
  • Ursula Mapley, Managing Director, Global Banking and Markets, EMEA
  • Andrew Butcher, head of Technology & Operations, Bank of America Merrill Lynch, EMEA
  • Moderator: Polly Cameron, COO, Global Information Security, EMEA