Tech M ties up with Hinduja CyQureX

Covid-19: Reimagining work with a zero-trust lens

by | Apr 22, 2020 | IT Security

Ensuring business continuity for borderless offices demands more extensive IT security frameworks.
Share to lead the transformation

The COVID-19 pandemic has resulted in widespread lockdowns. Commuting to workplaces has been suspended for all but a few essential-service organizations and personnel. To ensure business continuity, many organizations had to rush almost overnight to implement work-from-home (WFH) policies for their entire workforce. Understandably, when viewed from a ‘zero-trust lens,’ few have found themselves fully equipped to handle the surge in WFH scale, which is testing the robustness of the IT security fabric.

The state of running entire operations remotely is unprecedented! IT heads are scrambling with issues such as infrastructure availability and sizing to meet the growing demands. From a security readiness perspective, CISOs are seen doing comprehensive assessments to map the network usage patterns and risk aspects. With more employees working remotely today than ever before, the odds of potential threats have grown manifold. The biggest challenge for CISOs today is to make necessary tools and resources available to their virtual workforce without compromising confidential data.

The practical and effective strategy that works to address this challenge is ‘zero-trust lens’ approach to information security—a contemporary lens that treats everyone who access organizational network as suspicious and distrustful.

The concept of zero trust security framework distinguishes between what’s necessary and what’s not. It stresses that everything cannot be critical and hence need not require full network access. Contrary to the trust-based perimeter defense approach, zero trust defines users and their job requirements. It provides people with adequate permissions to access applications and tools relevant to perform their job virtually, while withholding the rest of the corporate data. For instance, an HR department employee working remotely need not be given access to the sales department database.

In the current setup, it becomes even more important for CISOs to have visibility on what’s happening on the network. Looking at the fact that many employees may be accessing corporate information through personal and unfamiliar devices remotely, CISOs are expected to incorporate strong multi-factor authentication protocols to strengthen the zero-trust security framework. A strong multi-factor authentication protocol ensures controlled access to data repositories and specifies who may access information and under what conditions.

It is equally important for CISOs to educate their users regularly about not clicking insecure links and staying watchful of phishing emails, thereby preventing easy doorways to hackers and cyber crooks.

Even during these difficult times, organizations can operate to their fullest potential, if they enable their people in a right manner, using a ‘zero-trust lens’ framework to secure the borderless networks.

MORE FROM BETTER WORLD

Here’s why the ‘seth’s’ wealth will never become a ‘chavanni’

Here’s why the ‘seth’s’ wealth will never become a ‘chavanni’

Let me make it clear at the outset that the purpose of this analysis is not to delve into the research merit of the Hindenburg report on Adani Group of companies. That is because there is hardly anything in the report that has not been known to the media or the investors prior to this. It is just that the report has succeeded in amalgamating all the available ammunition in one place in an explosive manner.

The purpose of this analysis is also not to defend the Adani Group in any manner whatsoever. This analyst does not hold any recent positions in any of Adani Group stocks for that matter.

The focus here is on the long-term impact that the report may have on the Adani Group as well as on the Indian economy in the aftermath of its publication.

Hindenburg’s intent

It is important to look at the core intent of Hindenburg in ‘revealing’ the open secrets of Adani Group to the world.

Let it be very clear that if Adani Group is not an epitome of business ethics, then Hindenburg is no charitable organization either. It is, well, just another shortseller, which has the singular aim of maximizing profits to a hilt.

The timing of publishing the report simply confirms that. Why, otherwise, did Hindenburg not publish it at least a couple of months or weeks earlier, when, by its own account, it has been researching the Adani Group for two long years?

Very clearly, Hindenburg was waiting until the shares of Adani Group reaching a high and when the Adani Enterprises FPO was on. Hindenburg knows better than many that investor sentiments can best be manipulated at such times. So the sole purpose of this report was to maximize profits for Hindenburg. Also, in doing so, Hindenburg was hiding ‘precious’ information from other investors, and in the process, was being unethical, to say the least.

Hindenburg’s past trophies

Let’s pick up three of such trophies, namely, Nicola, Clover Health, and Jinhua An Kao, for the purpose of this analysis. Nikola Corporation is an US manufacturer of electric vehicles (EV) and energy solutions that had not delivered a single EV to the market when Hindenburg filed its report indicting Nikola of a “fraud” in September 2020. It would roll out its first two EV trucks only in December 2021. The report caused its Nasdaq listed shares to drop in value to USD12 from an earlier high of USD65.

Clover Health, which was founded in New Jersey, USA, in 2012, began selling Medicare Advantage in 2013. It was said to be one of the fastest growing Medicare Advantage insurers in the USA. Interestingly, Clover’s board members included a former first daughter Chelsea Clinton, while its investors included Sequoia and Alphabet’s GV. When Hindenburg made its expose on Clover in February 2021, the company’s shares were trading on Nasdaq at USD12.23 a piece. In the subsequent three months, the value of a share dropped to USD6.59. However, quite significantly, in September 2021, the share price briefly touched a record high of more than USD28 and it was not until November 2021 that the price fell below USD7.0 again. At the time of writing this article, however, the share was trading in the range of USD1.27.

Jinhua An Kao (now Kandi Technologies) too is an EV maker with China being its primary revenue market. Its shares dropped on Nasdaq from USD14.44 a share to USD7.88 a share in about a month’s time. Kandi’s shares now trade slightly above USD2 a share.

Impact on Adani Group

First and foremost, it is important to realize that Adani Group is not just a Nicola, a Clover Health, or a Jinhua, which have been mostly focused on one or two businesses. Moreover, these were yet to become mainstream businesses generating large revenue streams.

It would be too naïve to assume that the Hindenburg report could impact the Adani Group on a scale similar to Nicola, Clover, or Jinhua. This is simply because unlike these companies, Adani Group’s overall businesses are far from being vulnerable. Most of the Adani businesses are having revenue streams that are unlikely to get affected by their share prices. Take the ports or airports for example. Will ships stop docking at the Mudra port or will passengers stop boarding flights at the airports because Adani Group’s shares have fallen?

In fact, even the Adani Enterprises FPO ‘managed’ to get fully subscribed amidst all the Hindenburg hoopla in the media and the simultaneous bloodbath on the bourses.

It will be just a matter of time when the Adani Group shares, and any other shares that may have got dragged along, will find their previous levels. In fact, it won’t be surprising if that happens in a span of months rather than years. Signs of a recovery are already visible, as some of the group shares edged up, even if briefly, on the day of writing this article.

That a shortseller’s report can turn an Adani share into a penny stock can, at best, be a wishful thinking. The ground realities, aka the group’s assets and cashflows, are way too big to get dwarfed.

Milind Khamkar, Group CIO, Super-MAX

Milind Khamkar, Group CIO, Super-MAX

Viewpoint

Milind Khamkar

Senior IT Leader

“Storage versus applications continues to be a chicken-and-egg story.”

Storage versus applications has always remained a chicken-and-egg story. What comes first, storage or applications, is an interesting conundrum. Moreover, it is very difficult to predict how much of storage is enough. These two things keep the IT situation always fluid and the IT teams on their toes. A perfect solution remains ever elusive and a predictability around storage is hardly achieved.

CIOs start with some resources, and then the demand scales and sometimes goes out of scope. So the intelligence around storage requirements always remain a burning issue.

The landscape is constantly transforming. Original equipment manufacturers (OEMs) need to develop strategies to provide some predictability in terms of the applications’ storage requirements.

Also, it is of enormous significance to separate the professional and personal data, mainly in the context of regulation and compliance coming into force.

To my mind, cloud is an integral part of digital transformation. And the adoption of the cloud has been accelerated in this pandemic time. On a positive note, the pandemic has brought in some good changes, accelerated cloud adoption being one of them. Businesses that are embarking the digital transformation journey cannot ignore the importance of cloud. Hence, cloud is essential in today’s era, especially if you are going for new digital technologies. The kind of security questions we were grappling with before are no more there. Now, even the regulatory and compliance issues are taken care of to a large extent.

However, with new digital applications, latency is likely to be a key issue that public cloud may not be able to address adequately. That is where the significance of on-prem models becomes vital again.

Also read Viewpoint by Archie Jackson, Head – IT and Security, Incedo Inc. 

Storage Transformation Viewpoints

The new digital technologies are what we call the wave-2 digital technologies. They are getting developed with no precedence. So, the predictability about their behavior is extremely low. Plus, they are extremely resource hogging technologies. They put high demand on processing and storage resources, and the volume of data they generate is phenomenonal. The traditional storage technologies that were not developed for this era were tasked with matching the data needs of these technologies.

Going forward, storage elasticity will be extremely important in meeting these needs. On-premise data centers will therefore need to exhibit a cloud-like behavior. In fact, new-generation data centers are already providing storage on demand. That is going to become the new norm.

“Intelligence around storage requirements remains a burning issue. OEMs need to develop strategies to provide some predictability in terms of the applications’ storage requirements.”

Storage Transformation Viewpoints
Greesh Jairath, Senior IT leader

Greesh Jairath, Senior IT leader

Viewpoint

Greesh Jairath

Senior IT Leader

“AI has started playing a key role in ensuring SLA s and business availability.”

Storage is the underlying foundation of IT. Everything, including the applications and the structured as well as unstructured data, resides on storage media. However, storage solutions have move much beyond the hardware layer. Today, the virtualization layer has become the heart and center of all data centers, be it a private data center or a public cloud. Moreover, in the last three years or so, artificial intelligence (AI) has become a critical part from a storage perspective, and has started playing a significant role in ensuring SLA s and business availability.

Whenever an IT issue comes up, there has be either a storage problem, a network problem, or an application problem. AI simplifies the task of pinpointing the problem. And if you’re able to solve those issues immediately, it helps.

That’s point number one. Point number two is definitely in terms of scalability. Today, data has been growing from terabytes to gigabytes and exabytes, and the kind of scalability available within the controller set is enormous. So, it enables people running on-prem data centers to scale it almost on a demand basis, which has come very far in terms of intelligent storage on the data centers. Third is the agile part and the security that need to be factored into the storage component.

Also read Viewpoint by Archie Jackson, Head – IT and Security, Incedo Inc. 

Storage Transformation Viewpoints

The industry is witnessing a massive amount of transformation, and that is impacting storage as well. Storage transformation is already underway, though there are relative challenges on the ground.

Earlier data used to be about read and write, but now it’s mostly about write and read. Plus, we have big data, where there is lot of unstructured data.

Whenever we plan for storage or its replacement or scalability, we always look at it from a hybrid perspective. While some of the data will be available on prem, some of it will be available in the cloud. And if there are multiple clouds, then we have a provision available to move data from one cloud to another. The entire scope or design of storage has been taken at a different level altogether, wherein you provide the best-in-class security to fulfill the needs of compliance, security, and agility.

Today, data centers could very well be managed through automation to ensure that they run fine if errors happen due to known issues. Some alerts can go to the system admin or the backup admin for respective measures. So I think the intelligent data center is developing and progressing well. It’s not fully developed yet, but things are moving well in the right direction.

So, typically, when you look at the front cache or the cache available and the indexing on the storage, they are algorithms. They understand how to address structured data versus unstructured data. Also, with AI, provisions are available, either through an open stack or through our existing vendors, to ensure that those are being looked at differently.
Compliance is a key issue that one needs to factor in. Particularly, when GDPR aspects are involved, data retention can be a key challenge. It is important to differentiate between personally identifiable information (PII) and normal data. In terms of data, we have been ensuring that all the storage needs to be encrypted. A key question that CIOs must answer is: in case of an attack or a security threat, what data has been moved out? This could be of great importance because most organizations don’t even understand what information has been lost during an attack.

These are very grave concerns for organizations. While we try protecting data right from the endpoint to the perimeter, but in case an event happens, often one doesn’t even understand that the event has occurred.

Going forward, among other things, blockchain-based mechanisms are likely to evolve such that data may be protected in a far more better way.

“Whenever there is an IT issue, there is either a storage problem, a network problem, or an application problem. AI simplifies the task of pinpointing the problem.”

Storage Transformation Viewpoints
Charu Bhargava, Vice President – IT, Sheela Foam

Charu Bhargava, Vice President – IT, Sheela Foam

Viewpoint

Charu Bhargava

Vice President – IT, Sheela Foam

“One must maintain an equilibrium between convenience and compliance.”

Storage is becoming everyone’s necessity and the size of storage is increasing phenomenally. In the current scenario where virtualization plays a very important role, storage solutions should be able to provide an expandable or rather an ever-increasing input–output ratio because when everything and anything has to be stored and retrieved, you don’t know where the volumes are going. So storage has started playing a very important role in day-to-day operations, and it is ever-growing. It, therefore, has to be agile and scalable, right from the design stage.

Earlier, organizations used to struggle with files. Today, everyone is working with electronic data as digitalization has become the buzzword. So, organizations want to digitalize and store everything that is raw. The goal is to have zero paper but lots of electronic data. One needs that kind of ample space and storage to keep everything. Structured as well as unstructured data are exponentially growing, and before you process that and take out useful data, first you need to store it. The storage space needs to have a modular approach because you need to decide what comes first and how to store the data such that you optimize the resources to the best extent possible. That is where the trend is moving.

Also read Viewpoint by Archie Jackson, Head – IT and Security, Incedo Inc. 

Storage Transformation Viewpoints

You also need to maintain an equilibrium between convenience and compliance. It is never this way or that way, and you have to take both things into account because compliance has to go with convenience. Second, one also needs to consider the data type and how long it is to be stored. You need to identify data that is not useful or an absolute space wastage, and consider how you get rid of it such that it also takes care of your security and compliance obligations. As a data incharge or data custodian, you have to be very mindful of these things.

In fact, this is a struggle that everyone today faces because the volume keeps exponentially increasing. And it is not just structured data, but also unstructured data that is coming in from everywhere, be it text, images, or videos. Everything is getting into your data center. We have 7,000 showrooms and we use visual merchandising, so a phenomenal volume of images is flowing in each day. With AI, ML, and IoT, we work on these data sets. The data sets become so huge that someday you actually need to segregate them and throw things out of your data center, because after a period of time it is of no good.

As an organization we are following a hybrid approach. We have our own data center where all our core applications are residing. To hedge the risk, we have our DR on cloud. For all non-core applications, we use cloud. Security risk is still there on cloud, because cloud being open is vulnerable. On the other hand, a private cloud in an enterprise space, or dedicated to an enterprise, is more secure. As a philosophy, we have been using our own core applications, developed and designed by our own IT team. From a safety, security, and compliance perspective, we have far more control over it. We are working on this kind of hybrid environment and the cloud is actually being used for R&D-oriented applications, where you need expandability.

“We have our own data center where all our core applications are residing. To hedge the risk, we have our DR on cloud.”

Storage Transformation Viewpoints
Archie Jackson, Head – IT and Security, Incedo., Viewpoint

Archie Jackson, Head – IT and Security, Incedo., Viewpoint

Viewpoint

Archie Jackson

Head – IT and Security, Incedo Inc.

Modern storage solutions will require massive reimagining.

At this point in time, enterprises are racing towards an anywhere and everywhere work environment. The pandemic has made it imperative for organizations to transform themselves to meet the core needs of their employees who are scattered across geographies and sites. As a result, organizations are moving away from the erstwhile centralization mindset and going for decentralized architectures.

At the same time, there is a rapid evolution of cloud in the works. Several new technologies, such as analytics and business intelligence, are responsible for the evolution of the cloud in terms of scalability and agility. This evolution has also become a key catalyst for storage transformation. 

Storage Transformation Viewpoints

Today, we operate in a multi-cloud hybrid environment. It’s rare to find an organization working either fully on-premise or being fully dependent on a single cloud, thanks to the multitude of applications we work with and kind of architectures we use. Organizations are using different clouds and are essentially using a hybrid environment. All of this is often supported by multiple technology partners.

Identifying the most optimal solution around storage involves designing something that would be highly scalable, agile, and available as well as be cost-effective, unrestricted, and act as a disaster recovery (DR) option to ensure business continuity. It should integrate new technologies such as artificial intelligence.

Considering all these factors together is extremely important. This leads us more towards soft storage.

Today, application development is happening in a DevOps environment, which is increasingly distributed as well. Individuals may be working in small agile pods, with some storage, some activities, some gits, and so on. Now, when designing a solution, it is important to join all these dots and create a complete architecture and consequently a solution at the very foundation. Storage should enable such a foundation.

To sum up, today we are operating in a dynamically changing environment. So storage solutions should be in an agile format and also move away from a centralized architecture towards a decentralized one.

Also read: New Dropbox features could make pro remote workers more sticky

“Storage solutions should be highly scalable, agile, available, and cost-effective, and also meet DR needs, while integrating new technologies such as artificial intelligence.”

Storage Transformation Viewpoints
Time to get ‘responsible’ with AI systems

Time to get ‘responsible’ with AI systems

Humans have built very complex robotic systems, such as convoys and airplanes, and even neural networks to communicate with each other, but we’re only starting to scratch the surface of what artificial intelligence (AI) can do. It’s also about time we started paying more attention to ‘responsible AI.’

A future with artificial intelligence would be very mixed. It would be an actuality that could not only eliminate many of today’s human jobs, but also allow us to solve complex problems much faster than we could if we used a human brain to solve those same complex problems.

As technology gets closer to achieving full intelligence, we will start seeing the artificial intelligence (AI) systems that are fully self-aware and can think, reason, and act like a human would. This may raise some concerns, because some people fear that as artificially intelligent computers become more advanced, they might start to have a good enough IQ to be more intelligent than humans. The concern is not if, but when, it might happen.

In future we will have artificial intelligent robotic ‘teams’ of robots that can do all the menial tasks which we traditionally assign to humans such as vacuuming, picking up items, cooking, shopping and more. All jobs will eventually be done by artificially intelligent robotic machines. Even without this new development, all work will still be based on traditional methods such as task assignment, task resolution, and reward and punishment systems.

Today, we are beginning to see the first AI machine prototypes at work and many exciting projects are in the works. One such project is a robotic dog, which can recognize objects, humans and other dogs. Other projects include self-driving cars, self-piloted planes, artificial intelligent robots, and new weather systems.

The future of artificially intelligent robotic androids is exciting but also scary due to the autonomous capabilities of these machines. These robotic androids may be made up of two different types of artificial intelligence, a human-like non-conscious neural network (NCL) and a fully conscious human mind with all its own memory, thoughts, and feelings. Some NCL robots may have both systems in one system or may only have one. Many experts believe a full AI will be closer to human intelligence than any current technology can ever make.

Such concerns and apprehensions around AI have triggered the need for AI developments and implementations to be humanly, ethically, and legally more responsible.

Microsoft recognizes six principles that it believes should guide AI development and use (see link). These are fairness; reliability and safety; privacy and security; inclusiveness, transparency; and accountability.

PwC Responsible AI frameworkPwC has created a ‘Responsible AI Toolkit,’ which is a suite of customizable frameworks, tools, and processes designed to help organizations “harness the power of AI in an ethical and responsible manner, from strategy through execution.”

The field of ‘Responsible AI’ is generating more and more interest from various stakeholders, including governments, developers, human-resource experts, and user organizations, among others.

0 Comments