Your Cloud Solutions Deserve Zero-Trust Networking - CompTIA Certifications

Too often cloud users get burned by their own cloud service providers when it comes to security. The marketplace has created a large demand around cloud security by allowing cloud service providers to sidestep the responsibility for securing the data as it sits within the facility. 

Sure, cloud service providers are still responsible for defending the physical server racks like a small militia, but when it comes to the far more likely prospect of a hacker infiltrating your systems, cloud service providers push the burden of responsibility back to you, the end user. Cloud service providers are not held to a high security standard when it comes to releasing their products, and they tend to have massive holes that need to be plugged with another solution.

More Properties Equals Greater Risk

Moving to the cloud does not increase your security. That would be like buying a second home with an expensive alarm system and saying your overall real estate portfolio is safer. And while the salesperson of the alarm system may say (or even believe) that it’s true, it’s not. We are talking about simple math. You used to have one environment to secure. Now you have two. That does not increase your security. In fact, it spreads out your risk and increases your attack vectors.

Add to that the nuances of accessing and transporting information from your main site to your cloud environment, or vice versa, and you have a tricky security issue on your hands.

Zero-Trust Networking for Your Cloud Solutions

Your cloud solutions deserve zero-trust networking. Zero-trust networking is a self-explanatory approach, but the way it is implemented and monitored is where you will find a major difference. 

It’s no longer enough to defend your network with a perimeter (firewall). While firewalls are important, how do they help you protect the information that already resides within your network? What do firewalls do to detect bogus process threats that are active in your network but remain undetected? 

Even major routing players like Cisco are still in the process of closing off backdoors that they are only discovering from firewall hardware and firmware released years ago. This is why zero-trust networking is the only sane way to approach network security.

None of this is information is revelatory, but some of the solutions being deployed today are when it comes to extending this type of zero-trust networking approach to your cloud environment.

How to Apply Zero-Trust Networking to Your Cloud Solutions

Today there are context-based security solutions that will segment what assets can be accessed by end users. They depend on real-time factors, such as the following, and react to what’s taking place on the network and across the global cybersecurity landscape.

• Location: If your employees and assets are in a country that is flagged by your company, assets will be restricted or blocked.
• Network: Assets will be made available when accessed by an approved network. For example, the corporate network or virtual private network (VPN) may be approved, but public Wi-Fi or unknown networks may not.
• User: Who are you, and what are you trying to access? What’s your title, what department are you in and why do you need to pull the asset from the cloud? Risk can be mitigated ​based on access credentials and a combination of the above factors.
• Devices and Processes: Why are these two systems communicating? Does that communication make sense? Is it a logical and approved communication? If not, this can be blocked and logged.

Solutions like these take zero-trust networking out of the local area network (LAN) and into your dispersed mobile workforce accessing the cloud. It’s a nice maturation step for these security solutions as they look to become more intelligent and responsive reacting to policy.

Bringing Zero-Trust Networking on Premise

For all the focus on securing the cloud, be mindful that the bulk of cyberthreats happening across the globe are not nearly this sophisticated. 

Most cyberthreats and hacks are moving down the stack into firmware and inter-process communications. This is because most IT shops don’t watch inside the firewalls – they watch the firewall itself.

Threat actors are countering sophisticated cybersecurity solutions that attempt to look around all corners by dumbing down their breach efforts. The context-based solution discussed above can also help you monitor your inter-process communications. 

In a zero-trust cloud-based networking solution, access privileges can be managed on not only end users, but also on the devices communicating with one another. Having policies in place can stop threat actors from landing successful attacks on your cloud assets.

Our experts say about CompTIA Certification Exams

Tech News That Black Mirror Anticipated - CompTIA Certifications

When a newer television anthology gets compared to an institution as groundbreaking as The Twilight Zone, it’s natural to assume that the hype machine is overstating the case. But Black Mirror, which debuted in 2011 in the U.K. and on Netflix in 2014 in the U.S., is one of the rare instances in which the publicity matches up with the reality. With The Twilight Zone, Rod Serling and a stable of top science fiction writers deftly wove the pertinent fears and moral conflicts of the 1950s into timeless works of speculative fiction – giving viewers a weekly dose of fictional futures that oftentimes double as clear commentary on the present. In today’s world of rapid technological change, Charlie Brooker’s Black Mirror manages to fill the same role.  

What Cold War paranoia and nuclear annihilation were to The Twilight Zone, mass communication and the fast pace of technological change are to Black Mirror. Not to mention there’s a generous helping of farther-future fables – perennial cyberpunk speculation on what it means to be human in virtual worlds, updated with an iPhone aesthetic. It’s television that entertains as much as it tells us something about ourselves, and with each passing year it seems as though there are handful of real-life events that fans can’t help but point to as Black Mirror moments – where the world seems to be referencing Black Mirror rather than the opposite.

In the wake of Black Mirror’s interactive film Black Mirror: Bandersnatch, let’s examine three recent tech stories that came eerily close to events on the show.

“Nosedive” and China’s Social Credit Score

While some Black Mirror episodes are uncompromisingly dark, season three’s first episode “Nosedive” gave use a view of a kinder, gentler dystopia. The main character, Lacie, lives in a world in which every interaction between people gets its own star rating. In this pastel panopticon, dropping beneath a certain rating negatively impacts where you can live, work and travel. A few chance encounters as she sets out on a rating-boosting trip to a childhood friend’s wedding send her down a spiral to the bottom of the social milieu.  

Plenty of fans saw an eerie overlap between this world of ever-smiling, star-rating hungry Stepford folk and today’s real world, where cutting a poor figure on social media can doom businesses and even ruin relationships. But the 2018 media focus on China’s social credit system showed us that “Nosedive” may – by the year 2020 – be even more of a reality in some parts of the world. Indeed, reports indicate that based on some elements of social credit now being consolidated by the Chinese government, citizens have already been deprived rights such as traveling, renting hotels and using credit cards.

China’s plan has been decried as chilling, arbitrary and downright creepy, and has also raised eyebrows among critics who have wondered if Western governments aren’t at risk of meandering into the same territory – and if there needs to be something done to stop it from heading in that direction. If we imagine a world in which having a dissident opinion – or a bad day – can impact, for instance, our right to go grocery shopping, we find “Nosedive” to be a rare occasion in which Black Mirror is lighter than the world it reflects.  

“Metalhead” and 2018’s Laws about LAWs 

  

One of the most stylistically distinct Black Mirror episodes, “Metalhead” is a piece of science fiction shot like an old-school horror movie. A woman in a post-apocalyptic future is on the run from a killer AI. But the robot-run future of “Metalhead” isn’t the full-on, chaotic, bombs-away nightmare that Terminator fans associate with a self-aware Skynet. Rather it’s one where simple, dog-like androids chase down their prey in dogged pursuit – with every movement they make aimed at the singular goal of tracking and killing. The sparse look and feel of the episode seem to drive the point home – a robot that just won’t stop coming is classically horrific; as scary as a real-life Michael Meyers or Jason Voorhees.

Our experts say about CompTIA Certification Exams

COMPTIA EXPANDS PUBLIC SECTOR PRACTICE WITH ADDITION OF PUBLIC TECHNOLOGY INSTITUTE (PTI)

The Computing Technology Industry Association (CompTIA) today merged with the Public Technology Institute (PTI), enabling increased collaboration between local government executives and elected officials and private industry to solve society’s most critical challenges.

Today’s agreement brings together PTI, the industry’s leading resource for the wise deployment of technology at the county and city level, with the significant public sector, association and certification resources of CompTIA. Both PTI and CompTIA share common values with the ultimate goals of providing quality programming, networking opportunities, and timely research to city and county agencies and providers.

“We welcome PTI and its members to the CompTIA family,” said Todd Thibodeaux, president and CEO of CompTIA. “Private/public partnerships are critical to tackling our country’s most important opportunities – from IT modernization to broadband to smart cities. We look forward to advancing the work of PTI and augmenting its programs to make a difference in the everyday lives of citizens.”

PTI’s corporate vendor members will integrate into the CompTIA State & Local Government and Education Public Sector Council (SLED).  “PTI will put the “L” in CompTIA’s SLED activity as we work together to grow our resources and relevance at the local level, especially as it pertains to the growing and important market of smart cities,” said Nancy Hammervik, executive vice president, industry relations, CompTIA.  The addition of PTI will also help CompTIA round out its portfolio of public sector programs now covering street to space, offering government resources and benefits for the new PTI Council, SLED Council, Health Services IT Advisory Group (HSITAG) and Space Enterprise Council (SEC).

PTI’s jurisdiction and state agency members will form a new CompTIA Public Sector Council, PTI, with its own set of association governance and bylaws. These members will participate in CompTIA events when appropriate and will not engage in public policy committees nor will they help define the associations legislative priorities. The current PTI Board of Directors will become an executive council serving in an advisory capacity to CompTIA.

PTI and CompTIA will develop a roadmap for growth as well as program enhancements geared towards local governments, both domestically and world-wide.  PTI will continue its strategic partnerships with industry media and other national associations that represent the interests of local government technology executives and practitioners. PTI will continue to deliver programming to its membership in 2019 by focusing on several initiatives to include:

• The start of the 2019-2020 Certified Government CIO (now in its 8th year) program
• An expanded Certified Government Digital Services Professional certification program
• PTI’s popular Tech Matters weekly email highlighting technology news and government services
• The annual CIO and Leadership Summit and “hot topic” events and webinars
• Research (survey analysis, articles, identifying leading practices)

“This is an exciting time for PTI,” said PTI Executive Director Alan Shark, who will remain as head of PTI at CompTIA. “We are looking forward to continuing to provide our members with the world-class level of professional development, technology thought leadership, industry research and insight, consulting services, networking and other important resources they have come to expect and enjoy from PTI, while expanding our reach and our relevance with the support of CompTIA.”

The merger brings 14 new members to CompTIA’s PSA Program to include ESRI, Allied Telesis, Kronos, Nutanix, Motorola, Qualtrics, Ricoh, RSM, Symantec, Tyler Technologies, Information Builders and Plante Moran.

About PTI

Established in 1971 by the several major national associations representing state and local governments, PTI has been viewed as the focal point for thought leaders who have a passion for the furtherance and wise deployment of technology. PTI's initial funding was through a grant from the National Science Foundation. Today, PTI actively supports local government officials through research, education, professional development, executive-level consulting services, and national recognition programs.

About CompTIA

The Computing Technology Industry Association (CompTIA) is the leading voice and advocate for the $4.8 trillion global information technology ecosystem; and the more than 35 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, market research and membership programs, CompTIA is the hub for advancing the tech industry and its workforce.

Our experts say about CompTIA Certification Exams