The weakest link

You may never find yourself exchanging phone numbers with a Saudi prince, but CEOs and business leaders swap contact details all the time. For Jeff Bezos at Amazon, this was just another routine step along the path that led to a massive breach of his security.  After a personal connection, what is more natural than accepting social media contacts?

Today, companies are under ever increasing pressure to ensure their business processes are robust enough to withstand a cyberattack. Firewalls and anti-virus software are installed, patches applied and staff required to change their passwords on a regular basis. Access to files is restricted to those who need them for particular aspects of their work, processes are put in place for staff who leave and user access to the computers they use is restricted to ensure they don’t do something stupid.

Yet at the same time, we see a rise in the number of possible attack vectors open to the criminals. Social media channels offer new ways to get past the watchdogs and security measures in place. Staff are making great use of cloud-based storage to share documents and larger files. Everyone in your business has a smartphone that’s capable of wreaking havoc yet we regularly let staff ‘bring their own device’ and companies like it because there’s more appeal for staff to work late or on weekends if they do so remotely.

All of this creates more opportunity for the bad guys and more risk for organisations, and especially for business leaders. Because while security restrictions are usually put in place vigorously across the company, the one person who should have extra layers of protection tends to demand fewer.

The boss tends to get the special treatment which allows him or her to have greater access to files and services. They may receive more leniency around passwords and security protocols, and have a hands-on role with their marketing team when it comes to a presence on social media including Twitter, Snapchat and WhatsApp, even if company rules prohibit such activity for others.

Jeff Bezos’s (and other high-profile business and political leaders) Twitter use demonstrates CEOs and organisational leaders are willing to live by a different rule to the rest of the team, and that leaves the organisation open to some serious challenges.

How do you tell the boss that he or she shouldn’t have admin rights on their laptop? That they shouldn’t give out their contact details to everyone they meet, no matter how royal? What about insisting they don’t use their work phones for personal use, such as social media, even when they use social media to talk with customers and represent the company?

It’s a minefield for the security team because, of all the staff in the organisation, those at the top are more likely to be targeted by criminals trying to harvest information and access sensitive information. ‘Spear phishing’, where criminals attempt to pass off communications as being from the CEO or financial department, is a growing area of concern. Having senior leaders who are active on social media, and use it interchangeably with email and other more formal channels of communication, makes life doubly difficult for the security team.

So in light of Jeff Bezos’s breach, here are five tips about cybersecurity for CEOs:

  1. Private vs company

If you do want to share your contact details, use a cut-out service. A phone number that you only use for those instances or an email address that your executive assistant (EA) manages. Keep some distance, and keep it ring-fenced so if there is a problem, it’s limited.

  1. Security isn’t optional

Boring but true. Talk to your cybersecurity leads about how best to handle your specific needs. Routine sweeps of your accounts and devices might be required – especially if you travel overseas a lot – so be prepared for some hassle and annoyance. It’s not their fault – it’s good that they nag.

  1. Set the boundaries for staff

Make it clear how you’ll communicate with the rest of the company. You might use a social media account to talk about the company publicly but you won’t use it to message the CFO at midnight to make an urgent transfer of money, for instance. That way if you are hacked it shouldn’t lead to the company running into financial strife.

  1. If in doubt, there is no doubt

Be suspicious of every communication you receive. If a competitor suddenly wants to share files with you, if a new supplier sends you something directly via an unusual channel, if someone offers to invest large amounts of money out of the blue, be suspicious and if in doubt, check in with your cybersecurity team.

  1. Less is more when travelling

Sure, you might need a laptop and a phone when you’re travelling but you’re also more vulnerable to an attack. Talk to your cybersecurity teams about risk mitigation when on the road and how best to handle that. You should back everything up before you go. You may also be advised to take a ‘travel-only’ laptop (and, depending on the country you are travelling to, perhaps a tablet only) and a phone that can be wiped when you return.

The best defence against cyberattacks is both preparation and planning. Consider the risks, and plan and anticipate the consequences of a breach in terms of your company, your business and you personally.  Doing these things means you’re in a better place to manage any potential attack. And remember that we all suffer from ‘optimism bias’ – “why would anyone target me?” Don’t rely on having never been attacked as proof that you won’t be. Just ask Jeff Bezos how that worked for him.

David Eaton is Associate Director of Cyber Security for Datacom.

Datacom data centres classed among the top 5 in ANZ

By Tom Jacob

IT infrastructure operations and data centres were on the agenda at the Gartner Summit in Sydney this year. The two-day event was centred on maximising value and managing change in a cloud-driven world.

During the summit, Gartner provided its perspective on the data centre and infrastructure utility providers, where Datacom is seen to be ranked by size and category amongst the top five providers across ANZ. This chart, organised alphabetically, is based on Gartner’s estimate of the providers IT outsourcing – data centre and infrastructure outsourcing – revenues in 2013 in $US.

datacentrerankings

 

Competition is fierce, but the data centre market is fragmented with many organisations providing a variety of infrastructure services.

Gartner analyst Rolf Jester, VP Distinguished Analyst at Gartner, explains.

“The Asia-Pacific data centre market is more complex and difficult to compete in due to a number of market pressures, ranging from inconsistent offerings and pricing terms to the increased hyper competition from cloud, Telco, hosting and Indian/Japanese providers.”

Here are some key questions asked and takeaways from the summit.

The theme for this year’s summit was on maximising value in a cloud driven market. What are your views, and key takeaways?

In the past when I have attended data centre conferences the content has primarily focused on the facility services side of the data centre: power, cooling, design concepts and management practices. This year’s summit was very different as the time spent on the physical facility was less than five percent and the remainder was heavily focused on cloud, networking and global data centre connectivity.

It was interesting to note that Gartner’s definition of a data centre has evolved to be considered more as a network of places where IT services are delivered from, rather than a purpose-built facility providing power, cooling and facilities management to support customer IT workloads. Gartner regularly referred to a data centre as being a place where cloud based services are delivered from by either known or unknown locations.

The relationship between the customer and the data centre will now more than ever be managed by contracts, rather than the customer having a say in how the facility is run and managed which is something that has occurred in the past.

What do you see as the main considerations or constraints for organisations reviewing their data centre strategies?

In the past typical constraints were mainly capacity constraints for power, cooling, space, specialist data centre/server room management skills and ongoing funding. We have observed a change in the last 18 months where these issues are diminishing mainly due to consolidation with the aid of improved IT infrastructure and virtualisation technologies. Cloud Services (IaaS and SaaS) are also maturing and customers are seriously considering how these services will fit inside their organisations. Early adopters are already consuming services such as email, digital image storage and test and development services. We only need to look at the success of our own Datacom Cloud Services (DCS) and Datacom Cloud Services Government (DCSG), along with the global success of AWS, Azure and Office 365.

We see customers’ own facility constraints becoming less and less of an issue and we are already observing customers repurposing their old server rooms back to productive office space. And when organisations relocate premises it’s clear that moving the IT equipment to a data centre makes more sense than reconstructing a server room.

How do you see the future of the data centre market evolving in ANZ market, considering the analyst view on market pressures, consolidation, competition and partnerships?

The future is uncertain and depends on where customers are comfortable having their services and data stored and delivered from. There are current customer concerns about data sovereignty, network access and the high availability and locality of these facilities. But we don’t expect to see many more new data centres being built and we’re certain we’ll see a number of the older data centres empty out and close down. We’re confident that if customers choose New Zealand-based cloud service providers then there’ll be a healthy local market and, in time, additional Tier 3 data centres may be commissioned. Datacom is well-placed for this growth as both of our Tier 3 Data Centres (Orbit in Auckland and Kapua in Hamilton) have plenty of capacity. Datacom also actively promotes the use of these data centres to competing cloud and service providers with the aim of giving customers plenty of choice and retaining them.

What criteria do you think we have that places us in that class of providers as mentioned by Gartner?

Firstly it’s because Datacom covers all the bases. It has high-quality, innovative data centres, and the right policies to encourage service providers and customers to host there. And Datacom has a wide range of cloud offerings that give customers convenient access to services.

The design choices Datacom made in the initial design 6-7 years ago have proven to be winners. The use of outdoor air to cool the IT equipment has been a consistent factor in the energy efficiency of the data centre improving, making a significant contribution to customers’ sustainability goals. And the flexibility of Datacom’s solutions means we can always find a way to make it work for a customer—it’s not one size fits all.

Tom Jacob is Datacom’s General Manager of Data Centres.