Skip to content
Advertisements

CIO’s Guide To Stopping Privileged Access Abuse – Part I

CIOs face the paradox of having to protect their businesses while at the same time streamlining access to the information and systems their companies need to grow. The threatscape they’re facing requires an approach to security that is adaptive to the risk context of each access attempt across any threat surface, anytime. Using risk scores to differentiate between privileged users attempting to access secured systems in a riskier context than normal versus privileged credential abuse by attackers has proven to be an effective approach for thwarting credential-based breaches.

Privileged credential abuse is one of the most popular breach strategies organized crime and state-sponsored cybercrime organizations use. They’d rather walk in the front door of enterprise systems than hack in. 74% of IT decision makers surveyed whose organizations have been breached in the past say it involved privileged access credential abuse, yet just 48% have a password vault. Just 21% have multi-factor authentication (MFA) implemented for privileged administrative access. These and many other insights are from Centrify’s recent survey, Privileged Access Management in the Modern Threatscape.

How CIOs Are Solving the Paradox of Privileged Credential Abuse

The challenge to every CIO’s security strategy is to adapt to risk contexts in real-time, accurately assessing every access attempt across every threat surface, risk-scoring each in milliseconds. By taking a “never trust, always verify, enforce least privilege” approach to security, CIOs can provide an adaptive, contextually accurate Zero Trust-based approach to verifying privileged credentials. Zero Trust Privilege is emerging as a proven framework for thwarting privileged credential abuse by verifying who is requesting access, the context of the request, and the risk of the access environment.

By taking a least privilege access approach, organizations can minimize attack surfaces, improve audit and compliance visibility, and reduce risk, complexity, and the costs of operating a modern, hybrid enterprise. CIOs are solving the paradox of privileged credential abuse by knowing that even if a privileged user has entered the right credentials but the request comes in with risky context, then stronger verification is needed to permit access.

Strategies For Stopping Privileged Credential Abuse

The following are five strategies CIOs need to concentrate on to stop privileged credential abuse. Starting with an inventory of privileged accounts and progressing through finding the gaps in IT infrastructure that create opportunities for privileged credential abuse, CIOs and their teams need to take preemptive action now to avert potential breaches in the future.

In Part 1 of a CIO’s Guide to Stopping Privileged Access Abuse, below are the steps they can take to get started:

  1. Discover and inventory all privileged accounts and their credentials to define who is accountable for managing their security and use. According to a survey by Gartner, more than 65% of enterprises are allowing shared use of privileged accounts with no accountability for their use. CIOs realize that a lack of consistent governance policies creates many opportunities for privileged credential abuse. They’re also finding orphaned accounts, multiple owners for privileged credentials and the majority of system administrators having super user or root user access rights for the majority of enterprise systems.
  2. Vault your cloud platforms’ Root Accounts and federate access to AWS, Google Cloud Platform, Microsoft Azure and other public cloud consoles. Root passwords on each of the cloud platforms your business relies on are the “keys to the kingdom” and provide bad actors from inside and outside the company to exfiltrate data with ease. The recent news of how a fired employee deleted his former employer’s 23 AWS servers is a cautionary tale of what happens when a Zero Trust approach to privileged credentials isn’t adopted. Centrify’s survey found that 63% or organizations take more than a day to shut off privilege access for an employee after leaving the company. Given how AWS root user accounts have the privilege to delete all instances immediately, it’s imperative for organizations to have a password vault where AWS root account credentials are stored. Instead of local AWS IAM accounts and access keys, use centralized identities (e.g., Active Directory) and enable federated login. By doing so, you obviate the need for long-lived access keys.
  3. Audit privileged sessions and analyze patterns to find potentially privileged credential sharing or abuse not immediately obvious from audits. Audit and log authorized and unauthorized user sessions across all enterprise systems, especially focusing on root password use across all platforms. Taking this step is essential for assigning accountability for each privileged credential in use. It will also tell you if privileged credentials are being shared widely across the organization. Taking a Zero Trust approach to securing privileged credentials will quickly find areas where there could be potential lapses or gaps that invite breaches. For AWS accounts, be sure to use AWS CloudTrail and Amazon CloudWatch to monitor all API activity across all AWS instances and your AWS account.
  4. Enforce least privilege access now within your existing infrastructure as much as possible, defining a security roadmap based on the foundations of Zero Trust as your future direction. Using the inventory of all privileged accounts as the baseline, update least privilege access on each credential now and implement a process for privilege elevation that will lower the overall risk and ability for attackers to move laterally and extract data. The days of “trust but verify” are over. CIOs from insurance and financial services companies recently spoken with point out that their new business models, all of them heavily reliant on secured Internet connectivity, are making Zero Trust the cornerstone of their future services strategies. They’re all moving beyond “trust but verify” to adopt a more adaptive approach to knowing the risk context by threat surface in real-time.
  5. Adopt multi-factor authentication (MFA) across all threat surfaces that can adapt and flex to the risk context of every request for resources. The CIOs running a series of insurance and financial services firms, a few of them former MBA students of mine, say multi-factor authentication is a must-have today for preventing privileged credential abuse. Their take on it is that adding in an authentication layer that queries users with something they know (user name, password, PIN or security question) with something they have (smartphone, one-time password token or smart card), something they are (biometric identification like fingerprint) and something they’ve done (contextual pattern matching of what they normally do where) has helped thwart privileged credential abuse exponentially since they adopted it. This is low-hanging fruit: adaptive MFA has made the productivity impact of this additional validation practically moot.

Conclusion

Every CIO I know is now expected to be a business strategist first, and a technologist second. At the top of many of their list of priorities is securing the business so it can achieve uninterrupted growth. The CIOs I regularly speak with running insurance and financial services companies often speak of how security is as much a part of their new business strategies as the financial products their product design teams are developing. The bottom line is that the more adaptive and able to assess the context of risks for each privilege access attempt a company’s access management posture can become, the more responsive they can be to employees and customers alike, fueling future growth.

Advertisements

The State Of Cloud Business Intelligence, 2019

  • An all-time high 48% of organizations say cloud BI is either “critical” or “very important” to their operations in 2019.
  • Marketing & Sales place the greatest importance on cloud BI in 2019.
  • Small organizations of 100 employees or less are the most enthusiastic, perennial adopters and supporters of cloud BI.
  • The most preferred cloud BI providers are Amazon Web Services and Microsoft Azure.

These and other insights are from Dresner Advisory Services’ 2019 Cloud Computing and Business Intelligence Market Study. The 8th annual report focuses on end-user deployment trends and attitudes toward cloud computing and business intelligence (BI), defined as the technologies, tools, and solutions that rely on one or more cloud deployment models. What makes the study noteworthy is the depth of focus around the perceived benefits and barriers for cloud BI, the importance of cloud BI, and current and planned usage.

“We began tracking and analyzing the cloud BI market dynamic in 2012 when adoption was nascent. Since that time, deployments of public cloud BI applications are increasing, with organizations citing substantial benefits versus traditional on-premises implementations,” said Howard Dresner, founder, and chief research officer at Dresner Advisory Services. Please see page 10 of the study for specifics on the methodology.

Key insights gained from the report include the following:

  • An all-time high 48% of organizations say cloud BI is either “critical” or “very important” to their operations in 2019. Organizations have more confidence in cloud BI than ever before, according to the study’s results. 2019 is seeing a sharp upturn in cloud BI’s importance, driven by the trust and credibility organizations have for accessing, analyzing and storing sensitive company data on cloud platforms running BI applications.

  • Marketing & Sales place the greatest importance on cloud BI in 2019. Business Intelligence Competency Centers (BICC) and IT departments have an above-average interest in cloud BI as well, with their combined critical and very important scores being over 50%. Dresner’s research team found that Operations had the greatest duality of scores, with critical and not important being reported at comparable levels for this functional area. Dresner’s analysis indicates Operations departments often rely on cloud BI to benchmark and improve existing processes while re-engineering legacy process areas.

  • Small organizations of 100 employees or less are the most enthusiastic, perennial adopters and supporters of cloud BI. As has been the case in previous years’ studies, small organizations are leading all others in adopting cloud BI systems and platforms.  Perceived importance declines only slightly in mid-sized organizations (101-1,000 employees) and some large organizations (1,001-5,000 employees), where minimum scores of important offset declines in critical.

  • The retail/wholesale industry considers cloud BI the most important, followed by technology and advertising industries. Organizations competing in the retail/wholesale industry see the greatest value in adopting cloud BI to gain insights into improving their customer experiences and streamlining supply chains. Technology and advertising industries are industries that also see cloud BI as very important to their operations. Just over 30% of respondents in the education industry see cloud BI as very important.

  • R&D departments are the most prolific users of cloud BI systems today, followed by Marketing & Sales. The study highlights that R&D leading all other departments in existing cloud BI use reflects broader potential use cases being evaluated in 2019. Marketing & Sales is the next most prolific department using cloud BI systems.

  • Finance leads all others in their adoption of private cloud BI platforms, rivaling IT in their lack of adoption for public clouds. R&D departments are the next most likely to be relying on private clouds currently. Marketing and Sales are the most likely to take a balanced approach to private and public cloud adoption, equally adopting private and public cloud BI.

  • Advanced visualization, support for ad-hoc queries, personalized dashboards, and data integration/data quality tools/ETL tools are the four most popular cloud BI requirements in 2019. Dresner’s research team found the lowest-ranked cloud BI feature priorities in 2019 are social media analysis, complex event processing, big data, text analytics, and natural language analytics. This years’ analysis of most and least popular cloud BI requirements closely mirror traditional BI feature requirements.

  • Marketing and Sales have the greatest interest in several of the most-required features including personalized dashboards, data discovery, data catalog, collaborative support, and natural language analytics. Marketing & Sales also have the highest level of interest in the ability to write to transactional applications. R&D leads interest in ad-hoc query, big data, text analytics, and social media analytics.

  • The Retail/Wholesale industry leads interest in several features including ad-hoc query, dashboards, data integration, data discovery, production reporting, search interface, data catalog, and ability to write to transactional systems. Technology organizations give the highest score to advanced visualization and end-user self-service. Healthcare respondents prioritize data mining, end-user data blending, and location analytics, the latter likely for asset tracking purposes. In-memory support scores highest with Financial Services respondent organizations.

  • Marketing & Sales rely on a broader base of third party data connectors to get greater value from their cloud BI systems than their peers. The greater the scale, scope and depth of third-party connectors and integrations, the more valuable marketing and sales data becomes. Relying on connectors for greater insights into sales productivity & performance, social media, online marketing, online data storage, and simple productivity improvements are common in Marketing & Sales. Finance requiring integration to Salesforce reflects the CRM applications’ success transcending customer relationships into advanced accounting and financial reporting.

  • Subscription models are now the most preferred licensing strategy for cloud BI and have progressed over the last several years due to lower risk, lower entry costs, and lower carrying costs. Dresner’s research team found that subscription license and free trial (including trial and buy, which may also lead to subscription) are the two most preferred licensing strategies by cloud BI customers in 2019. Dresner Advisory Services predicts new engagements will be earned using subscription models, which is now seen as, at a minimum, important to approximately 90% of the base of respondents.

  • 60% of organizations adopting cloud BI rank Amazon Web Services first, and 85% rank AWS first or second. 43% choose Microsoft Azure first and 69% pick Azure first or second. Google Cloud closely trails Azure as the first choice among users but trails more widely after that. IBM Bluemix is the first choice of 12% of organizations responding in 2019.

Public Cloud Soaring To $331B By 2022 According To Gartner

Gartner is predicting the worldwide public cloud services market will grow from $182.4B in 2018 to $214.3B in 2019, a 17.5% jump in just a year. Photo credit: Getty

  • Gartner predicts the worldwide public cloud service market will grow from $182.4B in 2018 to $331.2B in 2022, attaining a compound annual growth rate (CAGR) of 12.6%.
  • Spending on Infrastructure-as-a-Service (IaaS) is predicted to increase from $30.5B in 2018 to $38.9B in 2019, growing 27.5% in a year.
  • Platform-as-a-Service (PaaS) spending is predicted to grow from $15.6B in 2018 to $19B in 2019, growing 21.8% in a year.
  • Business Intelligence, Supply Chain Management, Project and Portfolio Management and Enterprise Resource Planning (ERP) will see the fastest growth in end-user spending on SaaS applications through 2022.

Gartner’s annual forecast of worldwide public cloud service revenue was published last week, and it includes many interesting insights into how the research firm sees the current and future landscape of public cloud computing. Gartner is predicting the worldwide public cloud services market will grow from $182.4B in 2018 to $214.3B in 2019, a 17.5% jump in just a year. By the end of 2019, more than 30% of technology providers’ new software investments will shift from cloud-first to cloud-only, further reducing license-based software spending and increasing subscription-based cloud revenue.

The following graphic compares worldwide public cloud service revenue by segment from 2018 to 2022. Please click on the graphic to expand for easier reading.

Comparing Compound Annual Growth Rates (CAGRs) of worldwide public cloud service revenue segments from 2018 to 2022 reflects IaaS’ anticipated rapid growth. Please click on the graphic to expand for easier reading.

Gartner provided the following data table this week as part of their announcement:

  • Business Intelligence, Supply Chain Management, Project and Portfolio Management and Enterprise Resource Planning (ERP) will see the fastest growth in end-user spending on SaaS applications through 2022.  Gartner is predicting end-user spending on Business Intelligence SaaS applications will grow by 23.3% between 2017 and 2022.  Spending on SaaS-based Supply Chain Management applications will grow by 21.2% between 2017 and 2022. Project and Portfolio Management SaaS-based applications will grow by 20.9% between 2017 and 2022. End-user spending on SaaS ERP systems will grow by 19.2% between 2017 and 2022.

Sources: Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17.5 Percent in 2019 and Forecast: Public Cloud Services, Worldwide, 2016-2022, 4Q18 Update (Gartner client access)

5 Things Every Executive Needs To Know About Identity And Access Management

  • For new digital business models to succeed, customers’ privacy preferences need to be secure, and that begins by treating every identity as a new security perimeter.
  • Organizations need to recognize that perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity and credential-based threats. Until they start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches.
  • 74% of data breaches start with privileged credential abuse that could have been averted if the organizations had adopted a Privileged Access Management (PAM) strategy, according to a recent Centrify survey.
  • Just 48% of organizations have a password vault, and only 21% have multi-factor authentication (MFA) implemented for privileged administrative access.

New digital business models are redefining organizations’ growth trajectories and enabling startups to thrive, all driven by customer trust. Gaining and strengthening customer trust starts with a security strategy that can scale quickly to secure every identity and threat surface a new business model creates. Centrify’s recent survey, Privileged Access Management in the Modern Threatscape, found 74% of data breaches begin with privileged credential abuse. The survey also found that the most important areas of IT infrastructure that new digital business models rely on to succeed — including Big Data repositories, cloud platform access, containers, and DevOps — are among the most vulnerable. The most urgent challenges executives are facing include protecting their business, securing customer data, and finding new ways to add value to their business’ operations.

Why Executives Need to Know About Identity and Access Management Now  

Executives have a strong sense of urgency to improve Identity and Access Management (IAM) today to assure the right individuals access the right resources at the right times and for the right reasons. IAM components like Access Management, Single Sign-On, Customer Identity and Access Management (CIAM), Advanced Authentication, Identity Governance and Administration (IGA), IoT-Driven IAM, and Privileged Access Management address the need to ensure appropriate access to resources across an organization’s entire attack surface and to meet compliance requirements. Considering that privileged access abuse is the leading cause of today’s breaches, they’re especially prioritizing Privileged Account Management as part of their broader cybersecurity strategies to secure the “keys to their kingdom.” Gartner supports this view by placing a high priority on Privileged Account Management, including it in its Gartner Top 10 Security Projects for 2018, and again in 2019.

During a recent conversation with insurance and financial services executives, I learned why Privileged Access Management is such an urgent, high priority today. Privileged access abuse is the leading attack vector, where they see the majority of breach attempts to access the company’s most sensitive systems and data. It’s also where they can improve customer data security while also making employees more productive by giving them access systems and platforms faster. All of them know instances of hackers and state-sponsored hacking groups offering bitcoin payments in exchange for administrative-level logins and passwords to their financial systems.

Several of the executives I spoke with are also evaluating Zero Trust as the foundation for their cybersecurity strategy. As their new digital business models grow, all of them are focused on discarding the outdated, “trust, but verify” mindset and replacing it with Zero Trust, which mandates a “never trust, always verify” approach. They’re also using a least privilege access approach to minimize each attack surface and improve audit and compliance visibility while reducing risk, complexity, and costs.

The following are the five things every executive needs to know about Identity and Access Management to address a reality that every company and consumer must recognize exists today: attackers no longer “hack” in, they log in.

  1. Designing in the ability to manage access rights and all digital identities of privileged users require Privileged Access Management (PAM) and Identity Governance and Administration (IGA) systems be integrated as part of an IAM strategy. For digital business initiatives’ security strategies to scale, they need to support access requests, entitlement management, and user credential attestation for governance purposes. With identities being the new security perimeter, provisioning least privileged access to suppliers, distributors, and service organizations is also a must-have to scale any new business model. Natively, IGA is dealing only with end users – not privileged users. Therefore integration with PAM systems is required to bring in privileged user data and gain a holistic view of access entitlements.
  2. IAM is a proven approach to securing valuable Intellectual Property (IP), patents, and attaining regulatory compliance, including GDPR. The fascinating digital businesses emerging today also function as patent and IP foundries. A byproduct of their operations is an entirely new business, product and process ideas. Executives spoken with are prioritizing how they secure intellectual property and patents using an Identity and Access Management strategy.
  3. Knowing with confidence the identity of every user is what makes every aspect of an IAM strategy work. Having Multi-Factor Authentication (MFA) enabled for every access session, and threat surface is one of the main processes that make an IAM strategy succeed. It’s a best practice to reinforce Zero Trust principles through multi-factor authentication enforcement on each computer that cannot be circumvented (or bypassed) by malware.
  4. Designing in transaction verification now for future e-commerce digital business models is worth it. Think of your IAM initiative as a platform to create ongoing customer trust with. As all digital business initiatives rely on multi-channel selling, designing in transaction verification as part of an IAM strategy is essential. Organizations are combining verification and MFA to thwart breaches and the abuse of credential access abuse.
  5. In defining any IAM strategy focus on how Privileged Access Management (PAM) needs to be tailored to your specific business needs. PAM is the foundational element that turns the investments made in security into business value. It’s a catalyst for ensuring customer trust turns into revenue. Many organizations equate PAM with a password vault. But in a modern threatscape where humans, machines, applications, and services dynamically require access to a broadening range of attack surfaces such as cloud, IoT, Big Data, and containers, that outdated legacy approach won’t effectively secure the leading attack vector: privileged access abuse. Vendors such as Centrify and others are looking beyond the vault and offering Zero Trust solutions for PAM that address these modern access requestors and attack surfaces.

Conclusion

Insurance and financial services executives realize, and even predict, that there’s going to be an increase in the number and intensity of efforts to break into their systems using compromised credentials. Prioritizing Privileged Access Management as part of the IAM toolkit is proving to be an effective cybersecurity strategy for protecting their businesses and customers’ data while also making a valuable contribution to its growth. The bottom line is that Identity and Access Management is the cornerstone of any effective Zero Trust-based strategy, and taking an aggressive, pre-emptive approach to Privileged Access Management is the new normal for organizations’ cybersecurity strategies.

The Most Innovative Companies of 2019 According to BCG

Google Press

Alphabet/Google is now the most innovative company in the world according to BCG, unseating Apple’s 13-year dominance of their annual rankings.

  • Alphabet/Google is now the most innovative company in the world according to BCG, unseating Apple’s 13-year dominance of their annual rankings.
  • Strong AI innovators are over three times more likely to have deep expertise in Big Data Analytics.
  • The ten most innovative companies in the world extensively use AI and platforms today to grow faster than competitors and markets.
  • T-MobileDow DuPontValeStryker, and Rio Tonto join the list of the top 50 most innovative companies for the first time this year.
  • Fastest movers include Adidas, who jumped from 35th to 10thSAP who increased from 42nd to 28th and Phillips who improved from 49th to 29th.

These and many other insights are from the Boston Consulting Group’s 13th annual report defining the world’s most innovative companies in 2019. The Most Innovative Companies 2019: The Rise of AI, Platforms, and Ecosystems is a fascinating glimpse into the rising importance of Artificial Intelligence (AI) and of platforms that support innovation. What makes this survey noteworthy is how it captures how AI’s use is rapidly expanding and how enterprises are relying on platforms to scale their efforts in this area. BCG is providing an Interactive Guide that compares the 50 most innovative companies in the world, sortable by industry, company and year. There’s also interactive analysis of Steady Innovators or those companies who’ve appeared on the list every year since 2005. There are breakouts of New Entrants, Returnees, and Movers for easier analysis. The report is available for download here (28 pp., PDF, free). Forbes also has an annual list of the world’s most innovative companies you can find here. The methodology Forbes uses is explained in the post, How We Rank The Most Innovative Companies 2018. Key insights from BCGs’ most innovative companies of 2019 include the following:

  • What differentiates the world’s most innovative companies are their creation and use of AI and platforms with Alphabet/GoogleAmazonApple, and Microsoft leading all others. Each of them is actively creating and providing AI-based applications, platforms and ecosystems that enable enterprises to improve customer experiences, creating entirely new revenue streams, business models and competitive advantages. Alphabet/Google has defined its direction as an “AI first” company, intentionally creating a culture of AI-driven innovation. The following is BCG’s list of the most innovative companies of 2019:

  • Enterprises who rate themselves strongest at innovation and better than average at AI base their self-evaluations on successfully changing customer experiences. BCG found that the most advanced enterprises using AI today are succeeding at changing customer experiences, creating new business models and measuring AI’s contribution to streamlining internal processes. 19.2% of all enterprises interviewed perceive themselves as being better than average at AI and strong innovators. The following graphic compares how enterprises rate themselves at AI versus their strength at innovation:

  • Strong AI innovators are over three times more likely to have deep expertise in Big Data Analytics. Enterprises who perceive themselves as strong AI innovators based on their success using AI to improve customer experiences, create new business models and streamline operations are two times as likely to be faster at adopting new technologies. They’re also 65% more likely to be actively targeting technology platforms to scale their AI initiatives and strategies further. The following graphic compares strong and weak innovators’ relative levels of adoption across 15 different innovation and product development categories:

  • Big Data Analytics, the speed of adopting tech, digital design, and technology platforms are the four areas enterprises who consider themselves strong innovators have the widest perceived advantage over weak innovators. When enterprises were asked which of the following 15 areas of innovation and product development will be the most impactful over the next 3 to 5 years, Big Data Analytics was far and away the most valued by strong versus weak innovators. Digital Design and Speed of Adopting Tech are two additional areas of innovation and product development that most differentiate the most and least innovative companies.

 

The Best Cloud Computing Companies And CEOs To Work For In 2019 Based On Glassdoor

  • SysdigFivetranNuxeoCloudianMendixStreamSetsZscalerZohoSAPOutSystemsKony, and Netskope are the most likely to be recommended by their employees to friends looking for a cloud computing company to work for in 2019.
  • Cloud platform and development companies dominate the highest rated cloud businesses when indexed by the percent of employees who would recommend their company to a friend.
  • Taken together, the 12 CEOs leading the top-rated cloud computing companies are approved by 98% of employees as of March 3, 2019, on Glassdoor. CEOs in this group include Thomas Hogan of Kony, Paulo Rosado of OutSystems, Bill McDermott of SAP, and Sridhar Vembu of Zoho.

These and many other insights are from an analysis completed today comparing Computer Reseller News’ 100 Coolest Cloud Computing Vendors of 2019 by their respective Glassdoor scores. The Computer Reseller News annual list of the 100 coolest cloud computing vendors is an impartial, 3rd party benchmark of the fastest-growing and most likely to hire cloud businesses expanding today.  By far the most common request from Forbes readers is which cloud computing companies are the best to work for. The goal of this analysis is to provide readers with insights into which cloud computing companies best fit their skills and at the same time have a strong reputation based on feedback from existing employees.

Indexing the most interesting and fastest growing cloud computing companies by their Glassdoor scores and reputations is a great way to begin defining a long-term career growth strategy. One factor not quantified is how well of a fit an applicant is to company culture. Take every opportunity for in-person interviews, read Glassdoor ratings often and observe as much as possible about daily life in companies of interest to see if they are a good fit for your skills and strengths.

Using the 2019 CRN list as a baseline to compare the Glassdoor scores of the (%) of employees who would recommend this company to a friend and (%) of employees who approve of the CEO, the table below is provided. You can find the original dataset here. There are 15 companies on the CRN list that don’t have that many or any entries on Glassdoor, and they are excluded from the rankings shown below. You can find their mention in the original dataset. If the image below is not visible in your browser, you can view the rankings here.

The highest rated CEOs on Glassdoor as of March 3, 2019, include the following. Please click on the graphic and dataset to expand for easier reading.

The original dataset is shown below:

Machine Learning Engineer Is The Best Job In The U.S. According To Indeed

  • Machine Learning Engineer job openings grew 344% between 2015 to 2018, and have an average base salary of $146,085.
  • At $158,303, Computer Vision Engineers earn among the highest salaries in tech
  • The average base salary of the 25 best jobs in the U.S. according to Indeed is $104,825, and the median base salary is $99,007.
  • Agile Coach is the highest paying job with an average base salary of $161,377.
  • 9 of the top 25 jobs in the U.S. this year are in tech fields according to Indeed.
  • Five jobs are heavily dependent on applicants’ Artificial Intelligence (AI) skills and expertise.

These and many other insights are from this Indeed’s The Best Jobs in the U.S.: 2019 study released this week. Indeed defined the best jobs as those experiencing the fastest growth measured by the increase in job postings between 2015 and 2018, in conjunction with those offering the highest pay using a baseline salary of $75,000. Indeed’s best jobs of 2019’s data set is available here in Microsoft Excel.

Key insights from Indeed’s ranking of the best jobs of 2019 include the following:

  • At $158,303, Computer Vision Engineers earn among the highest salaries in tech according to Indeed, followed Machine Learning Engineers with a base salary of $146,085. The average base pay of the nine tech-related jobs that made Indeed’s list is $122,761, above the median salary of $99,007 for the entire group of the top 25 jobs. Indeed’s top 25 jobs for 2019 are illustrated below in descending salary order with the median salary providing a benchmark across the group. Please click on the graphic to expand for easier reading.

  • Three of the top 10 fastest growing jobs as measured by percentage growth in the number of job postings are in tech. From 2015 to 2018, job postings for Machine Learning Engineers grew 344%, followed by Full-stack developers (206%) and Salesforce developers (129%). In aggregate, all nine technology-related job postings increased by 146% between 2015 and 2018. The graphic below illustrates the percentage of growth in the number of postings between 2015 and 2018. Please click on the graphic to expand for easier reading.

  • Comparing average base salary to percentage growth in job postings underscores the exceptionally high demand for Machine Learning Engineers in 2019. Technical professionals with machine learning expertise today are in an excellent position to bargain for the average base salary of at least $146,085 or more. Full-stack developers and Salesforce developers are in such high demand, technical professionals with skills on these areas combined with experience can command a higher salary than the average base salary. The following graphic compares the average base salary to percentage growth in job postings for the years 2015 – 2018. Please click on the graphic to expand for easier reading.

5 Ways To Demystify Zero Trust Security

Bottom Line: Instead of only relying on security vendors’ claims about Zero Trust, benchmark them on a series of five critical success factors instead, with customer results being key.

Analytics, Zero Trust Dominated RSA

Analytics dashboards dominated RSA from a visual standpoint, while Zero Trust Security reigned from an enterprise strategy one. Over 60 vendors claimed to have Zero Trust Security solutions at RSA, with each one defining the concept in a slightly different way.

RSA has evolved into one of the highest energy enterprise-focused conferences today, and in 2019 Zero Trust was center stage in dozens of vendor booths. John Kindervag created the Zero Trust Security framework while at Forrester in 2010. Chase Cunningham, who is a Principal Analyst at Forrester today, is a leading authority on Zero Trust and frequently speaks and writes on the topic. Be sure to follow his blog to stay up to date with his latest research. His most recent post, OK, Zero Trust Is An RSA Buzzword — So What?, captures the current situation on Zero Trust perfectly. Becca Chambers’ blog post, Talking All Things Zero Trust at RSA Conference 2019, includes an insightful video of how the conferences’ attendees define Zero Trust.

With so many vendors claiming to offer Zero Trust solutions, how can you tell which ones have enterprise-ready, scalable solutions?  The following are five ways to demystify Zero Trust:

  1. Customer references are willing to talk and case studies available. With the ambitious goal of visiting every one of the 60 vendors who claimed to have a Zero Trust solution at RSA, I quickly realized that there’s a dearth of customer references. To Chase Cunningham’s point, more customer use cases need to be created, and thankfully that’s on his research agenda. Starting the conversation with each vendor visited by asking for their definition of Zero Trust either led to a debate of whether Zero Trust was needed in the industry or how their existing architecture could morph to fit the framework. Booth staffs at the following companies deserve to be commended for how much they know about their customers’ success with Zero Trust: AkamaiCentrifyCiscoMicrosoftMobileIronPalo Alto NetworksSymantec, and Trend Micro. The team at Ledios Cyberwho was recently acquired by Capgemini, was demonstrating how Zero Trust applied to Industrial Control Systems and shared a wealth of customer insights as well.
  2. Defines success by their customers’ growth, stability and earned trust instead of relying on fear. A key part of de-mystifying Zero Trust is seeing how effective vendors are at becoming partners on the journey their customers are on. While in the Centrify booth I learned of how Interval International has been able to implement a least privilege model for employees, contractors, and consultants, streamline user onboarding, and enable the company to continue its rapid organic growth. At MobileIron, I learned how NASDAQ is scaling mobile applications including CRM to their global sales force on a Zero Trust platform. The most customer-centric Zero Trust vendors tend to differentiate on earned trust over selling fear.
  3. Avoid vendors who have a love-hate relationship with Zero Trust. Zero Trust is having an energizing effect on the security landscape as it provides vendors with a strategic framework they can differentiate themselves in. Security vendors are capitalizing on the market value right now, with product management and engineering teams working overtime to get new applications and platforms ready for market. I found a few vendors who have a love-hate relationship with Zero Trust. They love the marketing mileage or buzz, yet aren’t nearly as enthusiastic about changing product and service strategies. If you’re looking for Zero Trust solutions, be sure to watch for this and find a vendor who is fully committed.
  4. Current product strategies and roadmaps reflect a complete commitment to Zero Trust. Product demos at RSA ranged from supporting the fundamentals of Zero Trust to emulating its concepts on legacy architectures. One of the key attributes to look for is how perimeterless a given security application is that claims to support Zero Trust. How well can a given application protect mobile devices? An IoT device? How can a given application or security platform scale to protect privileged credentials? These are all questions to ask of any vendor who claims to have a Zero Trust solution. Every one of them will have analytics options; the question is whether they fit with your given business scenario. Finally, ask to see how Zero Trust can be automated across all user accounts and how privileged access management can be scaled using Identity Access Management systems including password vaults and Multi-Factor Authentication (MFA).
  5. A solid API strategy for scaling their applications and platforms with partner successes that prove it. One of the best questions to gauge the depth of commitment any vendor has to Zero Trust is to ask about their API strategy. It’s interesting to hear how vendors with Zero Trust-based product and services strategies are scaling inside their largest customers using APIs. Another aspect of this is to see how many of their services, system integration, technology partners are using their APIs to create customized solutions for customers. Success with an API strategy is a leading indicator of how reliably any Zero Trust vendor will be able to scale in the future.

Conclusion

RSA is in many ways a microcosm of the enterprise security market in general and Zero Trust specifically. The millions of dollars in venture capital invested in security analytics and Zero Trust made it possible for vendors to create exceptional in-booth experiences and demonstrations – much the same way venture investment is fueling many of their roadmaps and sales teams. Zero Trust vendors will need to provide application roadmaps that show their ability to move beyond prevention of breaches to more prediction, at the same time supporting customers’ needs to secure infrastructure, credentials, and systems to ensure uninterrupted growth.

74% Of Data Breaches Start With Privileged Credential Abuse

Centrify’s survey shows organizations are granting too much trust and privilege, opening themselves up to potential internal and externally-driven breaches initiated with compromised privileged access credentials. Photo credit: iStock

Enterprises who are prioritizing privileged credential security are creating a formidable competitive advantage over their peers, ensuring operations won’t be interrupted by a breach. However, there’s a widening gap between those businesses protected from a breach and the many who aren’t. In quantifying this gap consider the typical U.S.-based enterprise will lose on average $7.91M from a breach, nearly double the global average of $3.68M according to IBM’s 2018 Data Breach Study.

Further insights into how wide this gap is are revealed in Centrify’s Privileged Access Management in the Modern Threatscape survey results published today. The study is noteworthy as it illustrates how wide the gap is between enterprises’ ability to avert and thwart breaches versus their current levels of Privileged Access Management (PAM) and privileged credential security. 74% of IT decision makers surveyed whose organizations have been breached in the past, say it involved privileged access credential abuse, yet just 48% have a password vault, just 21% have multi-factor authentication (MFA) implemented for privileged administrative access, and 65% are sharing root or privileged access to systems and data at least somewhat often.

Addressing these three areas with a Zero Trust approach to PAM would make an immediate difference in security.

“What’s alarming is that the survey reveals many organizations, armed with the knowledge that they have been breached before, are doing too little to secure privileged access. IT teams need to be taking their Privileged Access Management much more seriously, and prioritizing basic PAM strategies like vaults and MFA while reducing shared passwords,” remarked Tim Steinkopf, Centrify CEO. FINN Partners, on behalf of Centrify, surveyed 1,000 IT decision makers (500 in the U.S. and 500 in the U.K.) online in October 2018. Please see the study here for more on the methodology.

How You Choose To Secure Privileged Credentials Determines Your Future 

Identities are the new security perimeter. Threats can emerge within and outside any organization, at any time. Bad actors, or those who want to breach a system for financial gain or to harm a business, aren’t just outside. 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.

Attackers are increasingly logging in using weak, stolen, or otherwise compromised credentials. Centrify’s survey underscores how the majority of organizations’ IT departments have room for improvement when it comes to protecting privileged access credentials, which are the ‘keys to the kingdom.’ Reading the survey makes one realize that forward-thinking enterprises who are prioritizing privileged credential security gain major cost and time advantages over their competitors. They’re able to keep their momentum going across every area of their business by not having to recover from breaches or incur millions of dollars on losses or fines as the result of a breach.

One of the most promising approaches to securing every privileged identity and threat space within and outside an organization is Zero Trust Privilege (ZTP). ZTP enables an organizations’ IT team to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

Key Lessons Learned from the Centrify Survey

How wide the gap is between organizations who see identities as the new security perimeter and are adopting a Zero Trust approach to securing them and those that aren’t is reflected in the results of Centrify’s Privileged Access Management in the Modern Threatscape surveyThe following are the key lessons learned of where and how organizations can begin to close the security gaps they have that leave them vulnerable to privileged credential abuse and many other potential threats:

  • Organizations’ most technologically advanced areas that are essential for future growth and attainment of strategic goals are often the most unprotected. Big Data, cloud, containers and network devices are the most important areas of any IT infrastructure. According to Centrify’s survey, they are the most unprotected as well. 72% of organizations aren’t securing containers with privileged access controls. 68% are not securing network devices like hubs, switches, and routers with privileged access controls. 58% are not securing Big Data projects with privileged access controls. 45% are not securing public and private cloud workloads with privileged access controls. The study finds that UK-based businesses lag U.S.-based ones in each of these areas as the graphic below shows:

  • Only 36% of U.K. organizations are very confident in their company’s current IT security software strategies, compared to 65% in the U.S. The gap between organizations with hardened security strategies that have a higher probability of withstanding breach attempts is wide between U.K. and U.S.-based businesses. 44% of U.K. respondents weren’t positive about what Privileged Access Management is, versus 26% of U.S. respondents. 60% of U.K. respondents don’t have a password vault.

  • Just 35% of U.S. organizations and 30% of those in the UK are relying on Privileged Access Management to manage partners’ access to privileged credentials and infrastructure. Partners are indispensable for scaling any new business strategy and expanding an existing one across new markets and countries. Forward-thinking organizations look at every partner associates’ identity as a new security perimeter. The 35% of U.S.-based organizations doing this have an immediate competitive advantage over the 65% who aren’t. By enforcing PAM across their alliances and partnerships, organizations can achieve uninterrupted growth by eliminating expensive and time-consuming breaches that many businesses never fully recover from.
  • Organizations’ top five security projects for 2019 include protecting cloud data, preventing data leakage, analyzing security incidents, improving security education/awareness and encrypting data. These top five security projects could be achieved at scale by having IT teams implement a Zero Trust-based approach to Privileged Access Management (PAM). The time, cost and scale advantages of getting the top five security projects done using Zero Trust would free up IT teams to focus on projects that deliver direct revenue gains for example.

Conclusion

Centrify’s survey shows organizations are granting too much trust and privilege, opening themselves up to potential internal and externally-driven breaches initiated with compromised privileged access credentials. It also reveals that there is a strong desire to adhere to best practices when it comes to PAM (51% of respondents) and that the reason it is not being adequately implemented rarely has to do with prioritization or difficulty but rather budget constraints and executive buy-in.

The survey also shows U.K. – and U.S.-based organizations need to realize identity is the new security perimeter. For example, only 37% of respondents’ organizations are able to turn off privileged access for an employee who leaves the company within one day, leaving a wide-open exposure point that can continue to be exploited.

There are forward-thinking organizations who are relying on Zero Trust Privilege as a core part of their digital transformation efforts as well. The survey found that given a choice, respondents are most likely to say digital transformation (40%) is one of the top 3 projects they’d prefer to work on, followed by Endpoint Security (37%) and Privileged Access Management (28%). Many enterprises see digital transformation’s missing link being Zero Trust and the foundation for redefining their businesses by defining every identity as a new security perimeter, so they can securely scale and grow faster than before.

Vodafone’s 2019 IoT Barometer Reflects Robust Growth In The Enterprise

  • 85% of enterprises who develop deep expertise with IoT succeed at driving revenue faster than competitors.
  • 81% of enterprises say Artificial Intelligence streamlines interpreting and taking action on data insights gained from IoT systems and sensors.
  • 68% of enterprises are using IoT to track the security of physical assets, making this use case the most common across enterprises today.
  • Transport & Logistics and Manufacturing & Industrials saw the most significant increase in adoption between 2018 and 2019.

These and many other fascinating insights are from the 6th annual Vodafone IoT Barometer, 2019.  The entire report can be downloaded here (PDF, 32 pp., e-mail opt-in). The methodology is based on 1,758 interviews distributed across the Americas (22%), EMEA (49%) and Asia-Pacific (29%). Eight vertical markets were included with manufacturing (22%), healthcare and wellness (14%) and retail, leisure, and hospitality (14%) being the three most represented markets.  Vodaphone is making an interactive tool available here for exploring the results.

Key insights from Vodafone’s 2019 IoT Barometer include the following:

  • 34% of global businesses are now using IoT in daily operations, up from 29% in 2018, with 95% of IoT adopters are already seeing measurable benefits. 81% of IoT adopters say their reliance on IoT has grown, and 76% of adopters say IoT is mission-critical to them. 58% are using analytics platforms to get more insights from their IoT data to improve decision making. 71% of enterprises who have adopted IoT expect their company and others like them will start listing data resources on their balance sheets as assets within five years.

  • 95% of enterprises adopting IoT are achieving tangible benefits and positive ROI. 52% of enterprises report significant returns on their IoT investments. 79% say IoT is enabling positive outcomes that would have been impossible without it, further reflecting robust growth in the enterprise. Across all eight vertical markets reducing operating costs (53%) and gaining more accurate data and insights (48%) are the most common benefits. Transitioning an IoT pilot to production based on cost reduction and improved visibility creates a compelling ROI for many enterprises. The following graphic compares IoT’s benefits to enterprises. Please click on the graphic to expand for easier reading.

  • Transport & Logistics and Manufacturing & Industrials saw the greatest increase in adoption between 2018 and 2019. Transport and Logistics had the highest IoT adoption rate at 42% followed by Manufacturing and Industrials at 39%. Manufacturers are facing the challenges of improving production efficiency and product quality while accelerating time-to-market for next-generation smart, connected products. IoT contributes to productivity improvements and creates opportunities for services-based business models, two high priorities for manufacturers in 2019 and beyond.  The following graphic from the interactive tool compares IoT adoption by industry based on Vodaphone’s IoT barometer data over the last six years:

  • 89% of most sophisticated enterprises have multiple full-scale projects in production, orchestrating IoT with analytics, AI and cloud, creating a technology stack that delivers real-time insights. Enterprises who lead IoT adoption in their industries rely on integration to gain scale and speed advantages quickly over competitors. The greater the real-time integration, the greater the potential to digitally transform an enterprise and remove roadblocks that get in the way of growing. 95% of adopters where IoT is fully integrated say it’s enabling their digital transformation, compared with 55% that haven’t started integration. The following graphics reflect how integrated enterprises’ IoT projects are with existing business systems and processes and the extent to which enterprises agree that IoT is enabling digital transformation.

  • 68% of enterprises are using IoT to track the security of physical assets, making this use case the most common across enterprises today. 57% of all enterprises are using IoT to manage risk and compliance. 53% are using it to increase revenue and cut costs, with 82% of high performing enterprises rely on IoT to manage risk and compliance. The following graphic compares the types of variables enterprises are using IoT to track today and plan to in the future.

  • IoT adoption is soaring in Americas-based enterprises, jumping from 27% in 2018 to 40% in 2019. The Americas region leads the world in terms of IoT usage assessed by strategy, integration, and implementation of IoT deployments. 73% of Americas-based enterprises are the most likely to report significant returns from their IoT investments compared to 47% for Asia-Pacific (APAC) and 45% for Europe, Middle East and Africa (EMEA).
  • 52% of IoT-enabled enterprises plan to use 5G when it becomes available. Enterprises are looking forward to 5G’s many advantages including improved security via stronger encryption, more credentialing options, greater quality of service management, more specialized services and near-zero latency. Vodafone predicts 5G will be a strong catalyst of growth for emerging IoT applications including connected cars, smart cities, eHealth and industrial automation.

 

%d bloggers like this: