As the world comes together to combat COVID-19, and remote work becomes a critical capability for many companies, customers have asked us how to best maintain the security posture of their cloud assets while enabling more remote workers to access them.
Misconfiguration of cloud security controls has been at the root of several recent data breaches, so it’s extremely important to continue monitoring your security posture as usage of cloud assets increases.
To help you prioritize the actions that you need to take, we are listing three common scenarios for remote workers and how to leverage Azure Security Center security controls to prioritize relevant recommendations for these scenarios:
Azure Security Center has a security control called Enable MFA, ideally you should remediate all recommendations that are part of this security control, as shown below:
2. Some users might need remote access via RDP or SSH to servers that are in your Azure infrastructure.
Instead of allowing full 24 x 7 access to those servers, ensure that you are using Just-In-Time (JIT) VM access to those servers. Make sure to review the Secure management ports control in Azure Security Center and remediate the recommendations that are relevant for this scenario.
3. Some of the workloads (servers, containers, databases) that will be accessed remotely by users might be missing critical security updates.
Review the Remediate vulnerabilities control in Azure Security Center to prioritize the updates that must be installed. Make sure to review the result of all recommendations in built-in vulnerability assessment and remediate those items.
Security posture management is an ongoing process. Review your secure score to understand your progress towards a fully compliant environment.
Users of Azure are likely just a portion of your user base. Below is additional guidance on enabling and securing remote work for the rest of your organization:
According to a good few reviews, the best GTX 1070 card money can buy It comes factory overclocked, with a hefty 8Gb of VRAM to handle any AAA game, runs super quiet and cool, and has the bonus of software controllable LEDs onboard which look great in the right case (see pics). Selling very reluctantly to finance an upgrade to a Ray Tracing card. In excellent condition, in original box with manual, cables, etc. £190 inc.
Amazon is a powerhouse when it comes to recruiting. It hires at an incredible pace and may be shaping how other firms hire, pay and find workers. But it also offers a cautionary tale, especially in the use of AI.
Amazon HR faces a daunting task. The firm is adding thousands of employees each quarter through direct hiring and acquisitions. In the first quarter of 2019, it reported having 630,000 full and part-time employees. By the third quarter, that number rose 19% to 750,000 employees.
Amazon’s hiring strategy includes heavy use of remote workers or flex jobs, including a program called CamperForce. The program was designed for nomadic people who live full or part-time in recreational vehicles. They help staff warehouses during peak retail seasons.
Amazon’s leadership in remote jobs can be measured by FlexJobs, a site that specializes in connecting professionals to remote work. Amazon ranked sixth this year out of the 100 top companies with remote jobs. FlexJobs’ rankings are based on data from some 51,000 firms. The volume of job ads determines ranking.
The influence of large employers
Amazon’s use of remote work is influential, said Brie Reynolds, career development manager and coach at FlexJobs. There is “a lot of value in seeing a large, well-known company — a successful company — employing remote workers,” she said.
In April, Amazon CEO Jeff Bezos challenged other retailers to raise their minimum wage to $15, which is what Amazon did in 2018. “Better yet, go to $16 and throw the gauntlet back at us,” said Bezos, in his annual letter to shareholders.
But the impact of Amazon’s wage increase also raises questions.
“Amazon is such a large employer that increases for Amazon’s warehouse employees could easily have a large spillover effect raising wage norms among employers in similar industries and the same local area,” said Michael Reich, a labor market expert and a professor of economics at the University of California at Berkeley. But without more data from Amazon and other companies in the warehouse sector, he said it’s difficult to tell where the evidence falls.
Amazon HR’s experience with AI in recruiting may also be influential, but as a warning.
The warning from Amazon
In late 2018, Reuters reported that Amazon HR developed an algorithm for hiring technical workers. But because of its training, the algorithm was recommending men over women. The technical workforce suffers from a large gender gap.
The Amazon experience “shows that all historical data contains an observable bias,” said John Sumser, principal analyst at HRExaminer. “In the Amazon case, utilizing historical data perpetuated the historical norm — a largely male technical workforce.”
Any AI built on anything other than historical data runs the distinct risk of corrupting the culture of the client, Sumser said.
In July, Amazon said it would spend $700 million to upskill 100,000 U.S. workers through 2025. The training program amounts to about $1,000 a year per employee, which may be well less than Amazon HR’s cost of hiring new employees.
Josh BersinIndependent HR analyst
In late 2018, Amazon HR’s talent acquisition team had more than 3,500 people. The company is interested in new HR tech and takes time to meet with vendors, said an Amazon recruiting official at the HR Technology Conference and Expo.
But Amazon, overall, doesn’t say much about its HR practices and that may be tempering the company’s influence, said Josh Bersin, an independent HR analyst.
Bersin doesn’t believe the industry is following Amazon. And part of his belief is due to the company’s Apple-like secrecy on internal operations, he said.
“I think people are interested in what they’re doing, and they probably are doing some really good things,” Bersin said. “But they’re not taking advantage of the opportunity to be a role model.”
WASHINGTON, D.C. — Government agencies face the same problems as enterprises when it comes to turning their vast data stores into useful information. In the case of government, that information is used to provide services such as healthcare, scientific research, legal protections and even to fight wars.
Public sector IT pros at the Veritas Public Sector Vision Day this week talked about their challenges in making data useful and keeping it secure. A major part of their work currently involves finding the right people to fill data analytical roles, including hiring data scientists. They described data science skills as a combination of roles that require technical, as well as subject matter expertise, which often requires a diverse team to become successful.
Tiffany Julian, data scientist at the National Science Foundation, said she recently sat in on a focus group involved with the Office of Personnel Management’s initiative to define data scientist.
“One of the big messages from that was, there’s no such thing as a unicorn. You don’t hire a data scientist. You create a team of people who do data science together,” Julian said.
Julian said data science includes more than programmers and technical experts. Subject experts who know their company or agency mission also play a role.
“You want your software engineers, you want your programmers, you want your database engineers,” she said. “But you also want your common sense social scientists involved. You can’t just prioritize one of those fields. Let’s say you’re really good at Python, you’re really good at R. You’re still going to have to come up with data and processes, test it out, draw a conclusion. No one person you hire is going to have all of those skills that you really need to make data-driven decisions.”
Wanted: People who know they don’t know it all
Because she is a data scientist, Julian said others in her agency ask what skills they should seek when hiring data scientists.
Tiffany JulianData scientist, National Science Foundation
“I’m looking for that wisdom that comes from knowing that I don’t know everything,” she said. “You’re not a data scientist, you’re a programmer, you’re an analyst, you’re one of these roles.”
Tom Beach, chief data strategist and portfolio manager for the U.S. Patent and Trademark Office (USPTO), said he takes a similar approach when looking for data scientists.
“These are folks that know enough to know that they don’t know everything, but are very creative,” he said.
Beach added that when hiring data scientists, he looks for people “who have the desire to solve a really challenging problem. There is a big disconnect between an abstract problem and a piece of code. In our organization, a regulatory agency dealing with patents and trademarks, there’s a lot of legalese and legal frameworks. Those don’t code well. Court decisions are not readily codable into a framework.”
‘Cloud not enough’
Like enterprises, government agencies also need to get the right tools to help facilitate data science. Peter Ranks, deputy CIO for information enterprise at the Department of Defense, said data is key to his department, even if DoD IT people often talk more about technologies such as cloud, AI, cybersecurity and the three Cs (command, control and communications) when they discuss digital modernization.
“What’s not on the list is anything about data,” he said. “And that’s unfortunate because data is really woven into every one of those. None of those activities are going to succeed without a focused effort to get more utility out of the data that we’ve got.”
Ranks said future battles will depend on the ability of forces on land, air, sea, space and cyber to interoperate in a coordinated fashion.
“That’s a data problem,” he said. “We need to be able to communicate and share intelligence with our partners. We need to be able to share situational awareness data with coalitions that may be created on demand and respond to a particular crisis.”
Ranks cautioned against putting too much emphasis on leaning on the cloud for data science. He described cloud as the foundation on the bottom of a pyramid, with software in the middle and data on top.
“Cloud is not enough,” he said. “Cloud is not a strategy. Cloud is not a destination. Cloud is not an objective. Cloud is a tool, and it’s one tool among many to achieve the outcomes that your agency is trying to get after. We find that if all we do is adopt cloud, if we don’t modernize software, all we get is the same old software in somebody else’s data center. If we modernize software processes but don’t tackle the data … we find that bad data becomes a huge boat anchor or that all those modernized software applications have to drive around. It’s hard to do good analytics with bad data. It’s hard to do good AI.”
Beach agreed. He said cloud is “100%” part of USPTO’s data strategy, but so is recognition of people’s roles and responsibilities.
“We’re looking at not just governance behavior as a compliance exercise, but talking about people, process and technology,” he said. “We’re not just going to tech our way out of a situation. Cloud is just a foundational step. It’s also important to understand the recognition of roles and responsibilities around data stewards, data custodians.”
This includes helping ensure that people can find the data they need, as well as denying access to people who do not need that data.
Nick Marinos, director of cybersecurity and data protection at the Government Accountability Office, said understanding your data is a key step in ensuring data protection and security.
“Thinking upfront about what data do we actually have, and what do we use the data for are really the most important piece questions to ask from a security or privacy perspective,” he said. “Ultimately, having an awareness of the full inventory within the federal agencies is really all the way that you can even start to approach protecting the enterprise as a whole.”
Marinos said data protection audits at government agencies often start with looking at the agency’s mission and its flow of data.
“Only from there can we as auditors — and the agency itself — have a strong awareness of how many touch points there are on these data pieces,” he said. “From a best practice perspective, that’s one of the first steps.”