// archives

Cloud

This category contains 20 posts

Cybersecurity: greater opportunity, less risk

Trust in sharing economy businesses is built primarily on peer group usage and ratings. The fact that peers not only reveal their opinions, but a huge amount of information as well, inevitably raises the question of cybersecurity. Providers, users and regulators all share responsibility for providing a satisfactory response.

cyber_blog

Trust: the key ingredient of success

Consumers making use of conventional business offerings place their trust in a combination of proprietary brand reputation and industry-specific regulation. But the recipe for success in the sharing economy includes another basic ingredient: the trust of the peer group. Peers share ratings and recommendations that are visible everywhere in real time, in personalised form. For example Uber passengers rate their ride and the driver; in turn, drivers get to rate their passengers. This way, depending on the trust they place in the judgement of their peers, new customers can decide whether or not to do business with a particular provider. Monolithic, laws-based regulation thus gives way to a peer-to-peer trust model. This creates enormous opportunities for providers for new, interesting business.

Blessing and a curse

The trust model on which the sharing economy is based can enable companies to respond more quickly and precisely to changing customer needs, market developments or their own weaknesses. It also provides highly relevant information for people with similar interests. Broad-based ratings create transparency – for better or for worse. Because the system can cut both ways: just as a positive rating can help attract new customers, bad marks can destroy the trust of prospective customers before they’ve even been able to try out the offering for themselves.

The main disadvantage of the sharing economy is its vulnerability to manipulation. An aggressive competitor, frustrated customer or disgruntled former employee can easily torpedo a platform’s reputation by posting fake ratings.

Where there’s data there are also people wanting to steal it

The security and data privacy risks of a sharing economy structure shouldn’t be underestimated. A peer-to-peer provider very rapidly gathers, processes and saves a huge mass of personal data, including credit card or user information and consumer profiles. This information is what cybercriminals are after. Just imagine the economic, social and emotional damage that would ensue if someone were to steal and make public the entire bookings made by regular customers of a hotels platform. Unfortunately, the levels of protection defined for data of this type vary from country to country around the world. Each provider is basically free to do what they think is right.

Taking responsibility as a provider

Data security is in large part the responsibility of sharing platform providers. In other words, peer-to-peer providers have to adapt their systems and technologies to the information they gather, and assure appropriate protection. In concrete terms this means a sharing provider should only gather data relevant to their core business, and publish clear, concise terms and conditions governing their use. A layperson must be able to understand and accept these terms in good conscience.

Given the lack of standards and the complexity of the issue, at the moment there are big differences in how conscientiously providers fulfil this duty. And there are also big differences in the rules and regulations governing these matters in different countries and industries. Most digital players capture more data than they need for their core business and have terms and conditions designed to cover them for any eventuality – pages and pages of legal fine print that the average reader will have problems reading through, never mind understanding.

Anyone shifting all or part of their business model to the digital space should start thinking about and incorporating the data privacy issues right from the conceptual phase. New technologies can help bring a market-ready idea to success by delivering it in a contemporary package. But by the same token the rigours of cybersecurity can nip a sharing economy idea in the bud or derail a digital project before it’s reached its goal.

Users: take responsibility for yourself!

The people who use sharing platforms have only limited tools at their disposal to prevent the data privacy rules from being violated. So if you choose to engage in this type of business you should take responsibility for your own actions. For example you should be careful about what personal information you reveal to what providers. This means that you should pay attention to how the platform’s trustworthiness is rated, read the terms and conditions, and decide for yourself whether you’re prepared to take the described risks. If you want to avoid credit card fraud, for example, you may want to use a prepaid card with a limited amount on it for sharing purchases, or make payments via a separate account which you don’t keep much money in.

Assuring cybersecurity also means protecting your own platform, making sure that your computer, tablet and smartphone are sufficiently shielded from attach from cyberspace. There are already many powerful applications available to do so.

Regulators: create a basic framework

The role of the regulator in the digital economy is to require basic protection of customer data and make sure the legislation keeps pace with the times and technology. Against this backdrop the European Parliament has revised the EU’s General Data Protection Regulation (GDPR), scheduled to come into force at the end of May 2018. The regulations contain important additional rights, provisions to protect users, and substantial penalties for violation.

Also relevant is the PCI DSS, the international credit card standard (Payment Card Industry Data Security Standard). The PCI DSS, formulated in 2006 by a council established by credit card organisations, is designed to ensure a uniform approach to implementing security requirements for credit card transactions.

The data privacy legislation in Switzerland incorporates most of the existing international data protection rules, and is likely to adopt many of the new ones. Although the implications of the revised GDPR on a national and European level aren’t yet clear, we believe the enforcement of the regulation and any penalties that are imposed will prompt companies to tighten their data privacy rules and security controls on their customer data.

In a nutshell

Providers, users and regulators all share responsibility for cybersecurity. We can only keep the internet healthy, clean and economically beneficial if everyone involved plays their part. Regulation should create the framework for basic protection and transparency. Users have to act circumspectly to ensure their personal data don’t end up in the wrong hands. And last but not least, peer-to-peer providers have to comply with the data protection requirements.

Modern technologies such as the cloud enable companies to deliver new business models very rapidly. It’s rarely the technical implementation that stands in the way of success, but rather a failure to translate a promising idea into a business model capable of responding to change and the needs of the market. Looked at this way, cybersecurity is no longer an obstacle to success but a welcome springboard.

 

Joining PwC – some thoughts at the start of the journey

It has been an interesting week to say the least and this morning I have time to catch my breath and reflect on the last few days – my first week at PwC as Partner, Cybersecurity. First and foremost, I want to thank everybody who reached out and sent me their congrats and wished me a good start. I will get back to you and answer personally but it still might take a few days. With the congratulations came also quite often the question why change to PwC? It is a good question – one that I will try to answer in this post.

The “why change” has really two factors. First, why leave Microsoft and second why join PwC and I will address them in that order. Leaving Microsoft has been a difficult decision. I am looking back at the last 5 years and it has been an extremely interesting time where I had the possibility to grow and show what impact security can have. Being able to help clients take advantage of modern technologies and being part of a company that is developing leading edge technology has been very inspiring and in the process I have made great friends and met many inspiring people. At the 5-year mark came the time where I had a hard look at where Microsoft is going and where I believe the needs of our clients are. In the end my view was that I cannot really help solve many of the big challenges in Cybersecurity when I look at it from a predominantly Microsoft perspective. To make myself clear – I actually believe Microsoft has a huge impact, will stay relevant and become probably even more relevant under the lead of Satya in the coming years but with the strategy being very clearly “cloud first” it leaves a big gap at today’s clients that is not really addressed from a cybersecurity perspective as there Microsoft is “just one” component. So I took a step back and looked at the big picture. In the end security is my passion (I know – it sounds weird…) and I want to be part in solving the really hard problems. And that is where PwC comes into the picture.

Joining PwC and not another of the big four or one of the leading global security providers comes in the end down to culture, capabilities, ambition and if it feels right. With PwC I ended up with the fantastic situation that all of these factors are in good shape. While not many people yet think first of PwC when they think about Cybersecurity the firms’ and my ambition is that this will change. PwC is doing a strategic investment push into technology – namely “digital, analytics and cyber”. The people that have had (sometimes long) discussions with me know that I see Cybersecurity as one of the biggest challenges today but more important as an enabling factor and not mainly a topic by itself. Cybersecurity and Privacy are the cornerstones for our society to function and grow. The present technologies that we all depend on, and even more the ones to come to play in the next years, will only be used when we trust them. And we typically only trust something that we know is secure and sufficiently private or would you sit in a car that is not safe and broadcasts to everybody at what locations you have stopped during the last half year? So being part of a big technology push together with digital and analytics is exactly where I want to be. And PwC itself has a fantastic brand, incredible capabilities and a corporate culture that I feel at home in. And the last part was for me something especially important. There are plenty of enterprises where the words say that it’s about the people and in the end it is predominantly about the numbers in spreadsheets and people don’t matter really and are looked at purely as an interchangeable resource. On a short term that might even be successful but I am not into this for the short term. I want to have a long-term impact and do something that I believe is worthwhile doing and that has a positive impact on clients, my firm, people and society in general. And that is where I felt that PwC really shines. A respectful culture, a group of very smart people that want to make a difference and a company that has the ability and the willingness to solve the hard problems.

This shows some aspects of my thoughts and why I changed to PwC. Obviously not everything will go as expected and not everything will work out perfectly and there are many challenges to solve. But I am in it for making a difference and we have very ambitious plans. So if you feel that my thoughts resonate – join me and ideally bring your team with you . We want to grow and have only just started this journey. If you are a security professional and/or cloud assurance specialist contact me through LinkedIn or Xing and let’s discuss it. I am looking forward hearing from you.

In the spirit of happy holidays

It isn’t quite the holidays yet but browsing through my LinkedIn feed I liked the video from HP Enterprise and while it is an obvious marketing video it is cute and it brings a little bit more of the anticipation for the holidays into my morning. It also has a nice tagline of thanking people that make things happen and gives a glance on how modern cloud and hybrid services can increase the efficiency of processes. While I don’t have an independent verification that Santa’s operations adopted cloud for scale, big data analytics for improving the insight into kids behavior and IoT to track shipments it is not so far off what technology can do. As my passion lays in security I especially appreciate the cyber threat map of course and overall the “bah humbug meter” should be adopted much more widely also in the non-holiday world.

So in the spirit of enabling people and organizations to reach their full potential enjoy this little video!

New choices on cloud data location and welcome Secure Islands!

This week is pretty packed with security relevant Microsoft announcements and here a quick summary.

Satya Nadella was in the UK yesterday and in Germany today where he announced that Microsoft is expanding the cloud strategy in Europe with two new interesting offerings.

Firstly he disclosed yesterday November 10 the plans to offer commercial cloud services from the UK where Azure and Office 365 will be generally available from local UK-based data centers in late 2016 and Dynamics CRM following shortly thereafter. These services will offer customers data residency in the UK. You can read the blog post with more information here.

Secondly, and maybe more interesting from a Swiss perspective, he announced today November 11 plans to offer cloud services from German datacenters. The main difference between the UK announcement and the German one is that the second is using a trustee model. The services offered will comply with the Microsoft trusted cloud principles on security, privacy, control, compliance and transparency but is combined with a German data trustee model. That means concretely that access to customer data stored in the two new datacenters will be under the control of T-Systems which acts as a data trustee and Microsoft will have no access to this data independently. Cloud services will be made available to customers in the EU and the EFTA and roll-out is planned to begin in 2016. With this Microsoft has a new and unique solution for cuttomers in Germany and the wider Europe that want local control of their data. In my view an important next step in the discussion on data location. You can read more on today’s announcement here.

Independently from the two cloud announcements came the confirmation on Monday November 9 that Microsoft is acquiring Secure Islands. There were lately a few security acquisitions but I am especially excited about this one. I was working often with Secure Islands as their technology to protect customer data using Rights Management technology is second to none and widely adopted especially in the Swiss Financial Services Sector but also with other large customers. Microsoft will now integrate Secure Islands’ technology into Azure Rights Management Service to provide a flexible architecture to meet protetion and compliance requirements. Many of you know that I am a great supporter of Rights Management and this will give new possibilities on-premises, hybrid and cloud. Congratulations to Akie and Yuval Eldar who are the founders of Secure Islands and welcome to the Microsoft Family! You can read the announcement with more information here.

 

This weeks top of the news in Cybersecurity (week 45)

Information on Cybersecurity is becoming almost overwhelming. The series on “this weeks top of the news in Cybersecurity” is a collection of a few articles that I found noteworthy throughout the week. Perfect Friday or weekend reading to catch up on events if you have missed them or have been too preoccuppied or swamped with the Bond Spectre movies review!

 

Blackberry Priv. Can an awesome keyboard justify the Blackberry Priv?
Wired

It has been a (very) long time since I have used a Blackberry and frankly I am not missing it. I have also not tested the Blackberry Priv and will not do so but I still found the review interesting as I like some of the features that Blackberry built in it. For example I would like to have a notification if an app tries to access something and then bind it back if I don’t like it. But the more interesting and yet also more alarming part is that Blackberry will patch the Android OS on a monthly basis with security updates and in addition hotfixes when things cannot wait a month. More information can be found here but I ask myself if it really needs to be the phone vendor and not the OS vendor that should do that as this way we will never get to a better protected overall mobile phone base.

 

The Role of Machine Learning in Cyber Security
IT Pro Portal

 I believe that machine learning and big data will have a huge impact on cybersecurity and we will see impactful applications especially of machine learning more and more in the close future. With that in mind I found the Q&A with Garry Sidaway (SVP Security Strategy & Alliances at NTT Com Security) interesting. It is fairly short but gives a few ideas on the topic.

 

Security Tools’ Effectiveness Hampered by False Positives 
CSO

False positives are a significant problem at many enterprises and valuable events get burried under large amount of data. It goes so far that I have talked to large companies who invested substantial money into SIEM’s only to then turn them off again as they could not handle the amount of information. This article takes a look at the problem of false positives and how they distract companies from dealing with legitimate security alerts.

 

U.S. and U.K. Testing Response Scenarios for FinancialSector Cyberattacks
The Daily Dot

As cyberattacks don’t just target typically one country it makes sense to approach the defense against them with a wider view than most of today’s critical infrastructure protection efforts do. The U.S. and UK have scheduled test response scenarios that will take place later this month in an effort to mitigate the consequences of a large-scale cyberattack again their respective financial sectors.

 

More Companies Form Data Breach Response Plans  
Business Insurance

Being prepared for a data breach is critical today as realistically your company will be breached or has been breached and you may or may not know about it. A new study by the Ponemon Institute finds that although more companies are launching new data breach response plans (good!), relatively few have confidence in their effectiveness (bad). Talking to many CISO’s and CIO’s it seems to me that most companies just don’t have the resources for this and in my view will have to more and more use managed security services and work with retainers for such events.

 

U.S. Retailers Push Banks to Use PINs on Credit Cards as Confusion Reigns
Reuters

From a european perspective this is just plain silly. I have a few credit cards and only my american one does not have a chip and pin. Looking around there seems to be no problem whatsoever to use pins with credit cards on a quite large scale throughout Europe. Now some US retailers are looking to use PINs (personal identification numbers) on their store-branded credit cards that are embedded with computer chips, but are getting resistance from the banking industry. Really?

 

SnowdenBlessed ‘Signal’ Encrypted Calling, Messaging App Comes to Android
NBC News

A new Android app is claimed to securely make phone calls and send messages , which Edward Snowden says he uses “every day.” I found that a bit a special statement and probably would touch that app even less if I would have an Android phone as now the attack motivation just skyrocketed and I have a hard time seeing how Edward Snowden would have the actual technical capabilities to verify the security of such an app.

 

ACSC Releases 2015 Threat Report  
US-CERT

I always like to look through the different threat reports so will include this one here in my recommended reading list. The Australian Cyber Security Centre (ACSC) has released its 2015 Threat Report. It provides information about threats that Australian organizations are facing, such as cyberespionage, cyberattacks, and cybercrime and conclusions towards other geographies are certainly realistic.

 

And that is it for today and best wishes for the weekend!

This weeks top of the news in Cybersecurity (week 42)

Information on Cybersecurity is becoming almost overwhelming. The series on “this weeks top of the news in Cybersecurity” is a collection of a few articles that I found noteworthy throughout the week. Perfect weekend reading to catch up on events if you have missed them!

A Second Snowden Has Leaked a Mother Lode of Drone Docs
Wired

Another leak of classified documents on the use of America’s unmanned vehicles. It is not the first release of sensitive documents (remember Snowden and Chelsea Manning of course) and most likely it will not be the last. Everybody involved in sensitive topics should have a very hard look into their Cybersecurity investments and also put Information Rights Management on the list.

 

CyberAttack Warning After Millions Stolen from UK Bank Accounts  
The Guardian

Law enforcement in the UK, U.S., as well as Interpol, are searching for cyberattackers who have stolen at least £20 million from British bank accounts through the Dridex malware. On the good news side is that with most security products (including Microsoft’s) the malware is detected now and removed.

Additional Information: The United States Computer Emergency Readiness Team (US-CERT) has released an alert to provide further information about the Dridex botnet.

 

Consumer Alert: Debit Card Fraud at Walmart Discovered in 16 States
CSO

There has been an increase in fraudulent purchases made at Walmart, most of which include charges that are US$50 and under. While this is US centric it serves as a warning to check your credit card statement diligently to detect such fraud activities. No credit card is safe today any more.

 

FBI Takes Down Alert on Chip Credit Cards After Bankers Complain
Network World

Wrong priorities in my view for the financial services institutions. A warning from the US Federal Bureau of Investigation (FBI) on October 8, 2015, was removed the next day. The announcement warned that chip-enabled credit cards should only be used with a PIN (personal identification number). The message was removed after there were complaints from banks that issue the credit cards. I know that many banks are very hesitant to talk about fraud and cyberrisks but if we want to make progress in this we need to be more open for information exchange.

 

87% of Android Devices Are Exposed to at Least One Critical Vulnerability
Sophos

The University of Cambridge reports that 87 percent of Android devices are exposed to at least one known critical vulnerability. I know that it is not always easy or even possible to update Android devices but it is crucial to do it as quickly as possible once an update is available. The latest Android version is called Marshmallow right in time for making smores – yumm!

 

Amazon, Google Boost Cloud Security Efforts
eSecurity Planet

Kudos to Amazon and Google as they have announced new features to provide security safeguards on their cloud services. One of the areas where Microsoft’s cloud services are heavily investing and in my view market leaders. It is good to see Amazon and Google investing here too significantly.

This weeks top of the news

Information on Cybersecurity is becoming almost overwhelming. Here you will find a few articles that I found noteworthy during last week. Happy reading!

Microsoft Renews InformationSharing Partnership with NATO
PCWorld

A bit on what we are doing providing transparency to our customers and partners. Microsoft and NATO (North Atlantic Treaty Organization) have agreed to renew their partnership where NATO receives access to source code for key Microsoft products including Windows and Office, information about Microsoft’s cloud services, and intelligence about cybersecurity threats.

 

China Tries to Extract Pledge of Compliance from U.S. Tech Firms
The New York Times

A worrysome but not really surprising push. The Chinese government is asking some tech firms to pledge their commitment to policies that could require them to turn over user data and intellectual property.

 

White House Urged to Support Encryption
SC Magazine

I believe encryption is one of the main ways to keep our data secured also in the future. Unfortunately many governments see it more as a threat. US President Obama reportedly is being urged to support encryption and shun legislation that would force companies to unlock customers’ smartphones and apps when presented with a court order. This raises the question what they then do if they actually don’t hold the encryption keys and cannot unlock them?

Related reading: Obama Advisors: Encryption Backdoors Would Hurt Cybersecurity, Net Infrastructure Vendors.

 

Vodafone Australia Admits to Hacking Journalist’s Phone in Public Statement
Neowin

This was a disapointing article. Vodafone has admitted that it improperly accessed the phone of a reporter — who was writing an article about the online accessibility of personal information of millions of Vodafone customers — in an effort to find the reporter’s source.

 

GM Took 5 Years to Fix a FullTakeover Hack in Millions of OnStar Cars
Wired

As you can see I like Wired a lot. University researchers in 2010 privately disclosed their ability to hack into a car to the US National Highway Traffic and Safety Administration and also shared their exploit code with General Motors. However, the vulnerability was not patched until 2015. Vulnerabilities will continue existing but the key is to address them swiftly once they are discovered. 5 years is NOT swiftly! Google 90 days disclosure policywith exceptions if it is highly complicated.

Related reading: Automakers Asked to Explain CyberSecurity Protections, Your ‘Check Security’ Light Is on, and Intel Sets Up Talking Shop to Improve Automotive Security.

RSA 2015 – Microsoft Key Announcements in Security

 

The US RSA conference is probably the world’s leading security conference with about 30’000 participants and took place last week in San Francisco. Scott Charney, Microsoft’s CVP Trustworthy Computing, gave a noteworthy keynote on Enhancing Cloud Trust that can be watched here. It is well worth the time.

The announcements made by us and the presence that Microsoft had at the conference was impressive. The main theme was very clearly that we truly live in a mobile first, cloud first world and that with the explosion of devices and apps come new challenges. Security has been a top priority for Microsoft for a long time already and Microsoft is committed to providing customers with transparency and control over their data in the cloud. Here are the highlights that we announced:

  • New Security & Compliance signals and activity log APIs so that customers can access enhanced activity logs of user, admin and policy related actions through the new Office365 Management Activity API.
  • New customer Lockbox for O365 that brings the customer into the approval workflow if one of our service engineers would have to troubleshoot an issue that requires elevated access. With the customer lockbox the customer has the control to approve or reject that request.
  • Device guard is the evolution of our malware protection offering for Windows 10 and brings a new capability to completely lock down the Windows desktop such that it is incapable of running anything other than trusted apps on the machine.
  • Increasing levels of encryption where O365 will implement content level encryption for e-mail in addition to the BitLocker encryption we offer today (similar to OneDrive for Business’ per-file encryption). In addition we expect enabling the ability for customers to require Microsoft to use customer generated and controlled encryption keys to encrypt their content at rest.
  • Microsoft Passport is a new two factor authentication designed to help consumers and businesses securely log-in to applications, enterprise content and online experiences without a password.
  • Windows Hello which will provide that Microsoft Passport can be unlocked using biometric sensors on devices that support that (most notably iris and face unlock feature in addition to fingerprint).
  • Azure Key Vault which helps customers safeguard and control keys and secrets using FIPS 140-2 Level 2 certified Hardware Security Modules in the cloud with ease and at cloud scale and provides enhanced data protection and compliance and control.
  • New Virtual appliances in Azure where we work with industry leaders to enable a variety of appliances so that customers have greater flexibility in building applications and enabling among others network security appliances in Azure.
  • Enterprise Mobility where we have the Enterprise Mobility Suite (EMS) bringing customers enterprise grade cloud identity and access management, mobile device management and mobile app management and data protection (Reto’s comment: not new but worthy to call out having grown our install base by 6x just in the last year)

More information can be found on Scott Charney’s blog on “Enabling greater transparency and control” that also has further links to more in-detail information on the individual technologies mentioned above.

European Union’s recent activities on Security

The European Union is quite active on security and especially cybersecurity issues but is less present in the media for it than for example the US. To raise awareness on current reports and recommendations that I see as relevent please find some links below. We can now debate if this is too much, just raight or not enough but for that discussion knowing more about what actually exists or is in process is a prerequisite of course.

Joint Supervision Tool for Telecom Security
On 9 April, ENISA published a joint framework to supervise the security of services and personal data processing by telecom providers in the EU in accordance with Article 13a and Article 4. Full report is available here.

Electronic Evidence – a Basic Guide for First Responders
On 25 March, ENISA published a report based on past work done in the field of good practices for CERTs and LEAs in the fight against cybercrime. The main aim of the report is to provide a guide for first responders with a special emphasis in evidence gathering.

National/Governmental CERTs – ENISA’s Recommendations on Baseline Capabilities
On 20 March, ENISA published recommendations on baseline capabilities. The document covers ENISA’s updated considerations for capabilities of so called national / governmental CERTs, thus teams who serve the government of a country to protect critical information infrastructure. The primary target audience of this document are these CERTs and those policy-making bodies in the European Union Member States that are responsible for initiating and planning the establishment and operation of a national / governmental CERT. Still quite an interesting reading.

Standardisation in the Field of Electronic Identities and Trust Service Providers
On 24 March, ENISA published a paper that explains why standards are important for cybersecurity, specifically in the area of electronic identification and trust services providers. Additionally, the paper also discusses concrete standardisation activities associated with electronic IDs and trust service providers, providing an overview of standards developed under the mandate from the European Commission and others, related to eIDAS Regulation. It concludes with a proposal of a standard on cryptographic suites for electronic signatures and infrastructures, put forward by ENISA and related to the ETSI TS 119 312. Full report is available here.

Motion for a European Parliament Resolution on Cybersecurity
On 30 March, Italian MEP Nicola Caputo published a motion for resolution on cybersecurity and calls on the Council and the European Commission to strengthen the EU’s response capability to this global threat, to strengthen network and information security and to support Member States in their research and innovation aimed at promoting public and private digital security. steps on the dossier were not disclosed. Interesting though that the security of IoT (Internet of Things) starts to become also a policy topic. I expect that we will see more to come and hope that it will help in addressing the real challenges that we face.

Security Webinars on Cloud Resilience and Addressing Modern Cyberthreats

Security Webinar I recently gave two live webinars as part of a security webinar series of Microsoft Switzerland where I covered aspects of cloud resilience and achieving resilience against modern cyberthreats. The webinars are in German and if you are interested you can get access to the recording below.

 

 

 

Webinar 1: Schutz vor Gefahren aus dem Cyberspace
Die heutigen Gefahren aus dem Cyberspace sind immer grösser, Angriffe werden immer ausgefeilter, die Hacker selbst immer professioneller. Traditionelle Schutzmechanismen, wie beispielsweise Virenschutzprogramme und Firewalls, sind angesichts der neuen Entwicklungen nicht mehr ausreichend. Erfahren Sie in diesem Webinar alles über die Vorteile eines dynamischen Sicherheitskonzepts, das Ihre IT-Landschaft basierend auf den Prinzipien Protect – Detect – Respond effektiv vor modernen Cybergefahren schützen kann und für hohe Resilienz sorgt. Das Webinar ist hier verfügbar.

Webinar 2: Resilienz und Cloud Computing
Cloud Computing verändert und beschleunigt die Arbeitswelt; standardisierte Services aus der «Rechenzentrumswolke» entlasten Unternehmen von Investitionen in eigene, teure Server-Infrastrukturen. Dennoch bestehen grosse Vorbehalte hinsichtlich Verfügbarkeit, Sicherheit und Datenschutz – speziell in einem Umfeld, in dem Gefahren durch kriminelle Aktivitäten lauern und NSA-/PRISM-Aktivitäten für Rechtsunsicherheit sorgen. In diesem Webinar dreht sich daher alles um Fragen wie Resilienz mit der Cloud, Resilienz in der Cloud oder Resilienz trotz der Cloud. Das Webinar ist hier verfügbar

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex