Skip to main content


Showing posts with the label Tech

CISA issues Top 2 Cyber Security Bad Practices

  HAPPY CANADA DAY to our Canadian Readers !!   In an effort to alleviate the cyber defense of the Country and the Private Sector, CISA (Cybersecurity & Infrastructure Security Agency) is creating a " Catalog of Bad Practices that are exceptionally risky ". This will be an ever evolving list where items will be constantly added.  CISA suggests that all organizations must have an effective Cyber Security Program that avoids or mitigates these bad practices and protects their assets in line with the criticality of risk. The list suggests two Bad Practices that must be avoided or mitigated. 1. Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies. 2. Use of known/fixed/default passwords and credentia

Lessons from Volkswagen Data Breach - 2021

  When the money is scarce, you have a difficult choice to make. Whether that money is well spent in Cyber Security or for the growth of the organization. Large organizations have a well-funded cyber security group, but organizations that are not large do not often have that liberty. They work on low margins, or have cash flow or P&L issues that they are dealing with. I am not saying that was the case with "Shift Digital", a Volkswagen vendor that cased the leak of 3.3Million customer's data . However it is a harsh reality that smaller organizations do not often have the funding, talent or focus to create a strong security practice. Technology vendors and the organizations who use their products are on their toes all the time to find Zero Day vulnerabilities to mitigate them. This requires grit, board commitment, a talented cyber security team and funding at the least. Hacker groups have possibility realized that not every organization is able to create strong securit

Cyber Insurance Prices are Going Up: Should you be worried?

With the spate of Cyber crimes and spike in ransomware incidents in 2020, CXOs and Board Members in every organization have Cyber Risk on their agenda regularly. A single incident of unwanted ransomware could prove to be detrimental to the existence of few organizations, and a significant dent to the bottom line for others. Chief Risk Officers are crafting plans to reduce and mitigate this risk at mission critical speed. One thing is pretty clear, you don’t have a defense if you don’t have a well thought out strategy. I am not saying that having a good strategy will prevent you from falling victim to ransomware, but it can significantly reduce the risk and if it actually happens then it reduces the impact to your bottom line as well.  The first thing anyone would think is that there is Cyber/Breach Protection Insurance to protect us. And you are not wrong, Cyber Insurance is there to protect. However I’d like to draw your attention to changes happening in the Insurance industry that co

How Far is Far Enough for the Disaster Recovery Site

 I am sure you must have had this question asked at least once, if you work in an area that deals with business continuity. Whether you represent business or technology, you would be losing a good night's sleep over it. Should we be creating the DR within 25Kms, 50Kms, 100Kms, or 500Kms, across the country, or across the continent? Question becomes even more complicated when you are dealing with a vendor hosted solution. Regulators also do not provide a straight answer except having it at a safe distance. Like many things in life, there is no one-size-fits-all answer to this question. It depends on a lot of factors that I will cover below. Internal There are things that you can control when it comes to planning a DR site. If planned meticulously, it will avoid many issues later when it's time to actually fall back on DR. Power:  You must not place your DR in a zone that is backed by a single source of electricity for both DC & DR. that is a big no-no. Ideally if you can aff

Why Should Technology Currency be Your Top Priority in 2021 and 2022?

Investment in Technology, be it a Hardware or Software, is a significant investment for any company in current economy. We need the most sophisticated tech to enable products, retain profitable customers, maintain a competitive edge and also to secure of digital assets from unauthorized access. When the technology is purchased, it comes with latest OS, latest hardware, and latest version of the software itself. When time passes (an year or two or may be more), new hardware with increased capacity and new version of software with more features is introduced. HP, IBM, Intel, and other biggies introduce new hardware with new chipsets, increased RAM, new software to enable a faster and secure product.  Sometimes there are technical limitations of the new software features to work on old hardware and a hardware upgrade is required for it to work. Other times, the technology vendor would provide bug fixes and security patches to make it equivalent to the latest version. Most of the times, th

New Challenge for CTOs and CIOs

Introduction  I am not an engineer by background, but I am always interested in anything related to Tech, Innovation, current trends. Ever since I started working on Technology Sourcing projects, I consistently tried to feed my curiosity to learn about the technology I am supporting. How is it helping my bank? What problem is it solving for us? When I understood the role that technology plays in my business, I was well equipped to understand what my CIO and CTO want(s) to achieve. The Traditional Target The CTOs and CIOs have a very critical role to play in the success of an organization. They have to invest in advanced tech to keep the company competitive in market place, they need keep the organization agile and nimble, but they also have a serious responsibility to save/cut technology costs. Never goes an year, when that savings target is kept the same or dropped, essentially saying we need the best at lowest cost. Leaders in Tech partner with Vendor Management and Strategic Sourcin

How do I calculate my Software Entitlement?

Introduction Most software companies invest millions of dollars to create a world class product. They want your organization to use the software as much as possible as it is their major source of revenue. Software companies usually have a software management tool that they expect the client to install so that anyone with the access to that tool (usually IT Administrators at both ends) can track the usage and if you are reaching the entitlement threshold then you can get alerts or the vendor would point that it's time to release the next Purchase Order. However it is not always possible to get the management tool to a point where it is fully functional and it is connected to all endpoints. Sometimes there are legacy software issues that prevent the client organization to complete the install and track usage. If the installs are not tracked, then you can easily go over the entitlement before you even know it. So, unless you are in an unlimited licensing usage agreement for the softwa

What Are The Types Of Software Licensing Models That Vendors Offer?

Introduction In the advent of current technological evolution, it is unimaginable how far we have reached since the first Fortran was made commercially available in 1950s to current state where we are talking about Artificial Intelligence, Machine Learning, etc. The enhancement in technology, computing power, competition, adoption is so rapid that most software companies release new versions with new updates as quickly as possible. In 2 to 3 years, the software is obsolete because the upgrades in underlying hardware will not completely support it. Depending upon the application and use, the software companies largely offer three types of licenses. Perpetual, Subscription and Open Source. The software is same, how they charge the customer is different. However it still important to understand how the models work. Perpetual Licenses Generally speaking, Perpetual licensing model has following characteristics: It is a Vendor's proprietary computer software that the vendor provides to t