Top 5 IT Security Trends in 2017

IoT complexity to lead towards security vulnerability

As per Cisco’s Visual Networking Index (VNI), it is predicted that there will be around 26 billion IP network-connected devices by 2020. With Internet of Things (IoT) reaching the levels of enterprise networks, government systems and general user’s handsets at such a large scale, security vulnerability will continue to plague these connected devices. Due to complexity in protocols and standards, absence of skilled resources to manage IoT environment, low-quality products with vulnerable security measures, and intricate architectures, IoT devices have already been under attacks from hackers, which is predicted to get worse in 2017. In fact, organizations are still not equipped enough to review even their popular apps for malware, which is resulting into DDoS attacks, and even leading to providing an entry point into the networks of enterprises for APTs and ransomware.

The way forward: The battle will be won by those who will be able to secure their IoT devices with customized solutions.

Cloud-security to gain prominence

Cloud security breaches have kept many organizations from embracing cloud computing for long. However, this year may see a reverse pattern with cloud-security expected to gain prominence in the IT ecosystem. Cloud security certifications such as Certificate of Cloud Security Knowledge (CCSK), Cloud Security Alliance’s (CSA), and Certified Cloud Security Practitioner (CCSP) are providing a sense of refuge to organizations planning to join the cloud computing bandwagon. Further, the industry in general is being seen to share best practices and advices on how to embark on integrating cloud in a secure manner. With organizations gaining confidence in deploying cloud, just as their on-premises solutions, it is expected that cloud adoption may increase in the coming year. However, the rate of acceleration would depend entirely on strengthening the security practices in the cloud and curbing cloud security breaches.

The way forward: Investing in Cloud Security-as-a-Service would make sense for enterprises as it will help in minimizing security breaches, while cutting cost to buy and maintain firewalls.

Ransomware and malware everywhere

Malware attacks have become sophisticated over the years as they continue to transform, going beyond the defenses offered by most antivirus products and security vendors. As businesses are seen to adopt telecommuting, introduce wearables and connect dispersed workforce through IoT-enabled devices, attackers are also expected to use technology to gain access to the enterprise networks through employees’ devices and hack the system. Mobile malware could be one of the leading issues in 2017 that the enterprises would have to tackle in a proactive manner. In fact, mobile data breach may cost an enterprise around USD 26 million, as per a study by Lookout, a mobile security company, and Ponemon Institute, an independent research company focused on privacy, data protection, and information security. Also, with proliferation of 4G and 5G services and increase in Internet bandwidth, mobile devices may witness higher vulnerability to DDoS attacks.

Along with malware, ransomware will also continue to evolve in the coming year. Ransomware attacks on cloud and critical servers may witness an increase, as the hackers would hold the organizations on tenterhooks to part with the extortion amount or face the risk of shutting down of an entire operation. However, such payouts may not even guarantee enterprises the future safety of their data or even the recovery of their current data.

The way forward: Stop being held at ransom. Secure your devices and servers with customized security solutions.

Automation to circumvent skill gap

Finding skilled IT resources will continue to be a major issue for the industry, and with it, newer methods to bridge this gap are also expected to surface. One of the major trends predicted this year would be using automation to perform certain duties, especially those which are repetitive or redundant. This would help IT professionals in focusing on important tasks at hand and enterprises gain maximum utilization of their manpower.

The way forward: Implementation of the right automation solution will assist IT professionals to gain instant access to any malicious threats instead of manually scouting for breaches.

Secure SDLC, the way forward

Although testing is seen to be an important part of application security, it is often relegated at a later stage in code development. In the absence of regulations or industry standards, companies are often seen to adopt their own methods when it comes to coding, with focus on developing codes quickly rather than securely.

The current process for the Software Development Life Cycle (SDLC) with its five main phases – design, development (coding), testing, deployment and maintenance – has a major shortcoming of testing being done at a later stage. Security vulnerabilities are usually checked with the use of methods such as pen-testing at a time when the solution is almost ready to be released in the market. This could lead to the system being susceptible to attacks for any code that remains unchecked. In the coming year, it is expected that the industry may take a step further by adopting Secure-SDLC (sSDLC) to circumvent such issues. With sSDLC, changes in the code will be analyzed automatically and the developers will be notified on an immediate basis in case of any vulnerability. This will help in educating the developers about mistakes and making them security-conscious. Further, vendors will also be able to prevent vulnerabilities and minimize hacking incidents.

The way forward: Moving towards secure-SDLC will help enterprises to get the code right from the beginning, saving time and cost in the long-run.

MSP will still remain the need of the hour

Managed services provider (MSP) was adopted to assist enterprises manage their hosted applications and infrastructure, and many predicted that with the implementation of cloud, it could become redundant. However, over the course of time, it has been seen that MSP is still at a core of many business services. While most businesses have shifted to cloud, many enterprises with critical applications cannot take their infrastructure to the cloud ecosystem due to compliance or regulatory issues. These still need to be managed and maintained.

Further, implementation and management of mixed environments, cloud and on-premises, require mature skillsets. MSP not only help in providing the right guidance, but even help enterprises to choose appropriate hosting, taking into consideration the budget of the company, and compliances and security policies prevalent in the industry.

The way forward: MSP is expected to move beyond managing IT environment. Such providers may become business extension for enterprises to advise them on policy and process management.

Threat intelligence to become strategic and collaborative

As per EY’s Global Information Security Survey, although organizations are seen to be making progress in the way they sense and resist current cyber-attacks and threats, there is still need for considerable improvement to tackle sophisticated attacks. For instance, 86 per cent of the respondents of the survey stated that their cyber-security function did not fully meet their organization’s needs. It is expected that the growing threats, increase in cybercrime, geopolitical shocks, and terrorist attacks will continue to drive organizations to evolve their approach to being resilient towards cyber-attacks.

Incorporating cyber security strategy in business process may become a major component as well. Microsoft, for instance, has recently unveiled its USD 1 billion investment plans to implement a new integrated security strategy across its portfolio of products and services.

The way forward: Cyber security can no longer be tackled in silo by a company. Enterprises need to address the issue by working in a collaborative manner by sharing best practices and creating war-room programmes.



Source by Aaryan Kapur

About Gregory Masley

Gregory Masley CNE, CNA, MCSE
(714)975-3656
greg@masleyassociates.com

SUMMARY:

• Twenty years of Network Engineering hands on experience, with a demonstrated ability to quickly learn and integrate new technology in a variety of industries
• Proven expertise in various network including Novell Netware and Microsoft Windows networks.
• Proven expertise in large scale network, wireless and cloud-based network build-outs and migrations
• Proven success in implementing management, operations, technical and interpersonal skills to increase productivity, reliability and teamwork to benefit the company
• Team Lead, Project Manager, IT Manager, Network Administrator, Network Engineer and sole IT support for security, repair, installation, migration, reconfiguration and maintenance of large-scale Windows and Novell networks ranging from 5 users to over 8000 users
• Hands on experience in Wireless Networking, 10/100/1000 Ethernet, Optical Networking, Switching/Bridging (VLAN, Spanning Tree), VPNs, LAN/WAN/MAN, TCP/IP Protocol, IP Addressing and Subnetting, IP Access Lists, Routing Protocols, Token Ring, ATM, Frame Relay, HP OpenView NNM, Cisco Works for Switched Internetworks, Resource Manager Essentials, Cisco Security Management Center (PIX, IDS), Microsoft Visio, WebNM, IBM compatible computers, Windows 2008/2003/2000/7/Vista/NT/XP, Remote Desktop Management, Microsoft Office 2010/2007/2003/2000/XP, Norton, Remedy, Compupic Pro, Network Security and MicroStation (95/SE/J/8)
• Active Directory migrations 2003 to 2008
• Hands on experience with Cisco 2600/3600/4000/7200/7500 series routers, Cisco Catalyst 1900/2900/5000/5500 series switch, Cisco 3550 Multilayer Switch, Cisco PIX Firewall, Cisco IDS 515E, CAD/CAM Systems, Netopia Routers, Sonicwall, IBM Compatible Workstations and Servers and Printers
• Hands on experience with Microsoft Windows Enterprise Server, Office 365, Small Business Server and Workstation NT through 2008, Active Directory, Novell 3.1-6.0, UNIX, SCOM, SCCM, Microsoft Exchange, Microsoft SQL, Microsoft SharePoint, Citrix, Microsoft Office, Word Perfect, AutoCAD, MAPICS, Rhumba Reflections and ISA Server, Active Directory migrations 2003 to 2008
• Programming experience in Visual Basic, Basic, COBOL, FORTRAN, SQL, HTML, Wordpress, CSS, DreamWeaver, Oracle and DBASE
• MCSE, CNA, and CNE Certified
• United States Department Of Defense SECRET Security Clearance 2005

TECHNICAL SKILLS:

• Networking: Wireless Networking
• 10/100/1000 Ethernet
• Optical Networking
• Parsed Cloud
• Switching/Bridging (VLAN, Spanning Tree)
• VPNs, LAN/WAN/MAN
• TCP/IP Protocol
• IP Addressing and Subnetting
• IP Access Lists, Routing Protocols
• Token Ring, ATM
• Frame Relay
• HP OpenView NNM
• Cisco Works for Switched Internetworks
• Resource Manager Essentials
• Cisco Security Management Center (PIX, IDS)
• Microsoft Visio
• WebNM
• IBM compatible computers
• Windows Enterprise Server, Small Business Server and Workstation 2008/2003/2000/NT/XP/Vista/7
• Exchange 5.5/2000/2003/2007/2010
• Remote Desktop Management
• Microsoft Office 2010/2003/2000/XP
• Windows 95/98/Vista/XP/7
• Norton
• Remedy
• Compupic Pro
• Network Security
• MicroStation
• (95/SE/J/8) HP Openview
• OSPF,BGP,VLAN,IPSEC, routing and bridging protocols
• Citrix XenApp
• VmWare

Hardware:

• Cisco 2600/3600/4000/7200/7500 series routers
• Cisco Catalyst 1900/2900/5000/5500 series switch
• Cisco 3550 Multilayer Switch
• Cisco PIX Firewall
• Cisco IDS 515E
• CAD/CAM Systems
• Netopia Routers
• Sonicwall
• IBM compatible Workstations and Servers
• Printers

Software/OS:

• Microsoft Windows Servers (all versions) NT 3.51 through 2008 R2
• Microsoft Windows Desktop (all versions) Windows 95 through Windows 7
• Novell 3.1-6.0
• UNIX
• Parsed Cloud
• Microsoft Exchange 2000/2003/2007/2010
• SharePoint 2007/2010
• SQL Server 2005/2008
• Lotus Notes
• Microsoft Office XP/2000/2003/2007/2010/365
• Word Perfect
• AutoCAD
• MAPICS
• SCOM, SCCM
• Rhumba Reflections
• ISA Server RAID Storage Devices SAN Storage Devices
• Citrix
• Active Directory
• Citrix XenApp
• VmWare

Programming:

• Visual Basic, Basic
• COBOL
• FORTRAN
• SQL
• Oracle and DBASE
• HTML
• Wordpress
• MySQL
• CSS
• DreamWeaver

EDUCATION & TRAINING:

California State University Fullerton
• Novell Certified Network Administration and
• Engineering Program – Graduated in the top 10% of the JTPA Grant Class of 93
• BS – Computer Science 1997

CERTIFICATES & LICENSES:

• CNE – Certified Novell Network Engineer 1993
• CNA – Certified Novell Network Administrator 1992
• MCSE – Microsoft Certified Systems Engineer 1997

PROFESSIONAL EXPERIENCE

Senior Computer Network Consultant - Masley and Associates - Owner
Orange County, CA Jan 1994 to Present

Senior Network Consultant (Masley & Associates)
Lynx Grills, Downey, CA
Feb 2013 - April 2015
• Lead network technical support engineer onsite for 70 user network reconfiguration and move from Commerce California to Downey California with Microsoft Windows Server 2008 R2, Microsoft SQL 2008, Navision, Microsoft Exchange and Office 365

Security First Corporation, Rancho Santa Margarita, CA
Sep 2011 – Feb 2013
• Built and tested over 20 new Microsoft Windows 2008 R2 Servers with Microsoft Exchange 2010 in DAG failover clusters and SQL and SharePoint with Active Directory configurations from scratch to test Security First Corporation’s SPX Connect and BitFiler Encryption Software with and documented and reported findings, as well as Office 365, VmWare and Citrix Xenapp
• Built and tested new encrypted Cloud Based Parsed Cloud Secure network encrypted Cloud network environment
• Active Directory migrations 2003 to 2008
• Network Engineer responsible for system configuration, communications, and installation of hardware, operating systems, and software applications in multiple client locations
• Design, instillation, and maintenance of all computer networks for major Southern California and Colorado companies including:JNIC Missile Defense Agency Schreiver Air Force Base Department Of Defense, Net Solutions, Planet Network, Analysts International, Accucode, Capitol Records, Unihealth Insurance, Fuji Bank, UNOCOL 76, and Price Company
• Performed nationwide wireless network upgrade for The Sports Authority and Gart Sports on multi-tier network with over 1000 users.
• Migrated St. Joseph’s Hospital from Novell to Windows 2000 Server with Exchange 2000 on multi-site network with over 2000 users.
• Migrated Anaheim Memorial Hospital from Windows 98, NT Server, and Exchange 5.5 to Windows XP, 2000 Server, and Exchange 2000 on multi-site network with over 4000 users.
• Designed and documented data and voice networks from the ground up.
• Trained customers and managers on system capabilities and usage.
• Website programming in CSS, HTML, Wordpress and Dreamweaver

Aug 2010 - Sep 2011 Network Consultant- EdgeMac Finance, Anaheim, CA (Masley & Associates)
Jul 2009 – Aug 2010 Network Consultant- Microtek, Anaheim, CA (Masley & Associates)
Jun 2008 – Jul 2009 IT Manager - Bert Howe & Associates, Anaheim, CA (Masley & Associates)
Consolidated List of Duties/Roles
• Edge Mac Finance:
Moved, reconfigured and supported sixty user network with Windows 2003 and Windows 2008 Servers, Exchange Server, SharePoint Server, SQL Server, Active Directory, Windows XP Professional and Windows 7 Professional, as well as VmWare and Citrix Xenapp. Active Directory migrations 2003 to 2008
• Microtek-Bert Howe & Associates:
Reconfigured and supported sixty user network with Windows 2003 and Windows 2008 Servers, SCOM, SCCM, Exchange Server, SharePoint Server, SQL Server, Active Directory, Windows XP Professional and Windows 7 Professional, as well as VmWare and Citrix Xenapp. Active Directory migrations 2003 to 2008

2GWLAN Engineer (Masley & Associates)
Peterson Air Force Base/ Luke Air Force Base
May 2005 – Jun 2008
• Designed and implemented 2GWLAN system for both Air forcebases
• Worked with Aruba Controllers, Aruba Access Points, RADIUS and TACACS Servers, and used Motorola LAN Planner, VmWare and Citrix Xenapp to do the design
• Configured and tested all necessary network platforms under extreme time constraints resulting in successful customer acceptance of required test bed network
• Active Directory migrations 2003 to 2008
• Established network security measures in order to support defense agency accreditation for The Department Of Defense at Schreiver Air Force Base JNIC Missile Defense Agency
• Recommended and implemented network wide security management solution, including Firewall policies and configuration, router access-lists, and agent based network monitoring

Lead Network Engineer (Masley & Associates)
St. Joseph Hospital, Orange, CA
Apr 2003 – May 2005
• Primary support and lead Novell Network migration specialist for multi-site 500 user Novell Network, as well as VmWare and Citrix Xenapp

Lead Network Engineer (Masley & Associates)
Network Planet, Beverly Hills, CA
Mar 2001- Apr 2003
• Primary support for Novell Networks, VmWare and Citrix Xenapp at Fortune 500 law firms in Los Angeles, California

Lead Network Engineer (Masley & Associates)
Network Solutions, Tustin, CA
Feb 1999 – Mar 2001
• Primary support for Novell, Microsoft Networks, VmWare and Citrix Xenapp at Fortune 500 companies in Orange County, California
• Network Engineer responsible for system configuration, communications, and installation of hardware, operating systems, and software applications
• Installed and maintained entire computer networks for major Southern California companies including:Mellon Financial, Mallinckrodt Medical, Shiley Medical, AJS Accounting Service, Online Connecting Point, Sandpiper Computer, Nadek, ARC, Farmers Insurance, Classic Homes, Horizon, Qualtek Manufacturing, Powell Manufacturing, RL Holdings, COACT, St. Joseph’s Hospital, Anaheim Memorial Medical Center, Computer Support Network and Manpower Technical
• Performed nationwide wireless network upgrade for The Sports Authority and Gart Sports on multi-tier network with over 1000 users
• Migrated St. Joseph’s Hospital from Novell and Lotus Notes to Windows 2000 Server with Exchange 2000 on multi-site network with over 2000 users
• Migrated Anaheim Memorial Hospital from Windows 98, NT Server, and Exchange 5.5 to Windows XP, 2000 Server, and Exchange 2000 on multi-site network with over 4000 users in Active Directory
• Designed and documented data and voice networks from the ground up.
• Trained customers and managers on system capabilities and usage
• Performed Systems Administration on Windows Servers and Clients for Local and Wide Area Networks
• Recommended and implemented network wide security management solution, including Firewall policies and configuration, router access-lists, and agent based network monitoring
• Administered and supported Citrix network environment for Classic Homes including building new Citrix servers and load balancing, as well as VmWare and Citrix Xenapp

Network Administrator (Masley & Associates)
Mallinckrodt Medical, Irvine, CA
Jan 1994 To Feb 1999
• Sole onsite IT support for 400 user network
• Managed all aspects of several network implementations including network planning, design, testing, documentation, deployment and maintenance of Novell and Windows based network systems
• Responsible for complete support, installation, maintenance and training for all network and system components
• Developed training and support plans for 400 user network
• Lead effort to migrate Novell based Microsoft and Lotus Notes servers with upgraded Windows NT based Exchange Servers to Active Directory. Included development and implementation of plan to provide remote access to e-mail and database servers via Windows NT RAS
• Administered Windows NT, Back Office, Exchange, RAS, AS400s, Lotus Notes, MAPICS, JD Edwards, Rhumba and Reflections, as well as VmWare and Citrix Xenapp

%d bloggers like this: