Leading Wi-Fi vendors have tailored their products to accommodate companies that want to use their wireless networks to lower the chances of a COVID-19 outbreak in their buildings.
Aruba and Juniper Networks have positioned their wireless systems as a means for collecting data that companies could use for contact tracing after an employee is infected with the virus. On the other hand, Cisco is focusing on companies that want to enforce physical distancing requirements in buildings to reduce the chances of the infection spreading.
Juniper said companies could use its Mist Wi-Fi access points to track employees outfitted with badges that emit a continuous Bluetooth signal. Mist’s cloud-based analytics engine would let organizations identify people with whom an infected person had been in close contact. It would also show the places the worker visited in a building, and how long he was there.
Jeff Aaron, vice president of marketing at Mist, said the Juniper cloud would not store data to identify employees. Instead, a company would use a separate product to redirect that information to an on-premises database.
Juniper is working with a couple dozen customers that want to use wearable tags for in-office tracking, Aaron said. Juniper offers the devices through partners HID Global and Kontakt.io.
Products coming soon from Wi-Fi vendors
Aruba currently provides third-party developers with software development kits that they can use to integrate Aruba’s Bluetooth-supported tracking features into products. However, the company is “on the cusp” of delivering technology that would complement software for in-office contact tracing, said Alan Ni, a director within Aruba’s digital workplace unit. Companies developing those products include Aruba partner CX App.
Most customers asking for Wi-Fi-enabled contact tracing are colleges and companies with large offices, Ni said. COVID-19 has forced organizations to consider gathering location data on employees that would have been unthinkable before the pandemic.
Alan NiDirector, Aruba’s digital workplace unit
“In the past, this was officially a no-fly zone,” Ni said. “We didn’t go there.”
Robert Mesirow, a partner in PwC’s IoT practice, said organizations still shouldn’t go there. He said tracking every employee’s movements is unnecessary. In April, PwC introduced an alternative called Check-In.
The mobile app collects only data that tells employers how long and how often employees were with an infected person, and how close they were to the virus carrier. Gathering more data could threaten employees’ sense of privacy and make it less likely they would reveal being infected to employers.
“You want to try to get as close to 100% [participation] as you possibly can, and to do that, you’ve got to have a trusted system,” Mesirow said. “And to have a trusted system, you probably shouldn’t be tracking.”
Meanwhile, Cisco plans to introduce on Monday features that let companies use its DNA Spaces platform to maintain safety in physical spaces. DNA Spaces comprises analytics, toolkits and an API for third-party software integration. The platform uses a Wi-Fi network to gather and analyze data on people’s movements within a store or a public venue, such as a museum or an airport.
The DNA Spaces upgrade would help organizations track the number of people in closed areas. It would also send notifications when an area exceeds its safe capacity, Cisco said in an email. Customers will also get a historical view of space use for future planning. Cisco declined to provide more details until it launches the product.
Though the Boston Red Sox and their IT team have had their share of challenges as a result of the coronavirus pandemic, the organization was already prepared for remote work and data protection.
Much of the baseball team’s staff worked remotely before the pandemic. Those employees who work around the country — not out of Fenway Park — include scouts, trainers and player development staff. And for those employees, the Red Sox implemented Acronis remote backup and protection in 2019.
“Having that additional layer of protection for endpoint data has been helpful,” said Randy George, senior director of IT operations for the Red Sox.
Little did the Red Sox know one year ago, when they agreed to a three-year technology partnership deal with Acronis and tapped the vendor as their official “cyber protection partner,” that these last few months almost every employee would be working remotely.
“We accelerated our deployment of Acronis cloud backup to remote staff to provide the needed data protection for a larger group of remote workers,” George said.
“Like many IT teams, we found ourselves in a bit of a scramble mode, engineering solutions to maintain critical call center operations, while also adding the required remote access capacity and collaboration tool licenses needed to keep everyone productive,” George said.
Red Sox IT found a silver lining in the shutdown and the ensuing work-from-home necessity.
“Our entire workforce is well versed in how to take full advantage of collaboration tools like Zoom, Teams, Dropbox, Trello and myriad other tools now in broad use around the organization as a result of this crisis,” George said.
With more employees working from home comes increased risk for cyberattacks. Remote applications like Zoom are especially susceptible, said Patrick Hurley, vice president and general manager of the Americas at Acronis.
So, Acronis recently reengaged with the Red Sox about its new Cyber Protect platform. It offers protection capabilities such as URL filtering and blocking remote control of endpoints, Hurley said.
Acronis Cyber Protect also provides security alerts related to COVID-19, secure file sync and share and remote data wipe.
For 15 years, Acronis was known primarily for its backup. In the last couple of years, the vendor — which is based in Switzerland and has an office just north of Fenway in Burlington, Mass. — has expanded to provide a combination of data protection and cybersecurity, which it calls cyber protection.
In the second half of 2020, the Red Sox plan to pilot and roll out Acronis Cyber Protect, George said. That platform would complement existing endpoint security tools that the team has in place through Major League Baseball’s cybersecurity program. George said he particularly likes Cyber Protect’s patch management and threat intelligence feeds.
The MLB program lacks a full endpoint recoverability platform. With Acronis, the Red Sox have a proper image-based data protection platform for endpoint recovery, George said.
Acronis remote backup and recovery provides quick hit
The Red Sox are moving forward with Acronis’ protection of 600 TB of media content and 30 TB for their physical and virtual server environment. Acronis will also provide a third tier of air-gapped data protection in case the team’s on-premises Dell EMC Data Domain can’t achieve a quick restore need.
Randy GeorgeSenior director of IT operations, Boston Red Sox
Improved recovery time was one of the major goals the Red Sox had for the Acronis remote backup platform when they started using it last year. Previously it would take up to five days to get a scout’s computer fully working again after a crash.
A couple of scouts have had hard drives fail, which is the most common issue, George said. Now the Red Sox overnight a new hard drive and the Acronis backup agent pushes the backup image down to the machine.
The organization previously used Carbonite and uses Veeam for VMware vSphere protection. George said the plan is to get all staff on Acronis cloud backup.
And hopefully soon, the workers who suddenly became remote — players included — will all be able to return to Fenway.
“We’re all champing at the bit to get back to work,” George said.
New software-enabled flash technology from Kioxia aims to give hyperscale developers and architects greater control over the way their drives store data — and leave the storage device building to the flash manufacturers.
Kioxia said it designed software-enabled flash (SEF) to address hyperscalers’ needs for more efficient flash storage to work with high-performance applications such as the RocksDB embedded database and Firecracker virtual machine monitor. But Kioxia expects the SEF technology would become more broadly useful as those types of applications move into traditional data centers.
Some major cloud providers and hyperscalers make their own flash drives, often using the Open Channel SSD specification, to better address their workload and data center needs. But Kioxia says Open Channel SSD efforts require too much host overhead and involvement with low-level media characteristics.
Kioxia demonstrated new software-enabled flash technology at the Open Compute Summit this month that it claimed would provide greater host control over the solid-state storage, data placement and data access. The technology removes the need for developers to manage the flash media.
“It is our intent to enable the hyperscalers to focus on their higher value-added work and let the flash manufacturers supply the storage devices,” said Scott Stetzer, a senior director in the memory and storage strategy division at Kioxia America (formerly Toshiba Memory Corp.).
Jim Handy, general director and semiconductor analyst at Objective Analysis, said hyperscalers and other sophisticated flash users that want to “eke out every last bit of performance” out of their flash investments turned to the Open Channel SSD architecture to offload many SSD housekeeping functions onto the host. But they also had to cope with chips that could behave differently depending on the manufacturer or the flash generation.
“The host-based software had to be reconfigured every time a new flash chip was used,” Handy said. “This is an untenable situation.”
Handy said Kioxia’s SEF approach would abstract theflash performance through a common API andmake the chipmakers responsible for translating the API commands to their particular flash chip‘sbehavior. That would allow userstomove from one vendor to anotherandfrom one generation of flashchip to thenext in a host–managed systemwithouthaving to change theapplication hostsoftware,Handy said.
SEF consists of an application programming interface (API), software libraries and sample code that Kioxia plans to release this summer. The vendor will manage development through an open source project. Kioxia also plans to deliver an API instruction and software development kit to show developers how to implement the API with working code they can use, modify or reference.
In addition to software components, SEF requires customized hardware flash modules with a purpose-built controller. Kioxia is developing a prototype SEF hardware unit. Other manufacturers could also build the SEF units based on the open-source SEF API and develop their own controller or buy it from a vendor such as Marvell, Stetzer said.
Eric Burgener, a research vice president at IDC, sees Kioxia’s SEF initiative furthering the trend to customize and add features to flash. He said few established enterprise storage vendors are satisfied with the firmware in commodity, off-the-shelf SSDs. But large vendors such as Dell EMC, Hitachi Vantara and Hewlett Packard Enterprise (HPE) can get SSD manufacturers to produce customized firmware that adds the capabilities they want. IBM and Pure Storage went farther, making their own flash devices with custom firmware, Burgener said.
Hyperscalers such as Amazon, Facebook, and Google developed much of their own web-scale infrastructures using off-the-shelf hardware and software they wrote in-house, Burgener noted. He said the logical next step for them was building their own custom storage devices.
Now Kioxia is providing a toolkit that makes it easier for hyperscalers to build storage devices tailored to their specific requirements. Burgener said he would not be surprised to see other flash memory suppliers — Intel, Micron, Samsung, SK Hynix and Western Digital — follow with similar toolkits.
Eric BurgenerResearch vice president, IDC
“What Kioxia gets out of it is that the hyperscalers will buy flash media from Kioxia if they do this,” Burgener said. “What customers get out of it is that it makes it easier and faster, and presumably less expensive, to produce custom devices.”
Burgener predicted demand for SEF will eventually filter down from the hyperscalers to other large internet-based businesses and perhaps even to large enterprises that have internal development capability and ample market power.
“I don’t ever see midrange enterprises doing this,” Burgener said. “But if an end user customer is large enough, buys enough storage devices and has the requisite internal development expertise, and there are meaningful benefits that they can accrue from doing this, then I could see it getting to the very large enterprises.”
As more of the workforce connects from their homes, there has been a spike in usage for remote productivity services. Many organizations are giving Microsoft Office 365 subscriptions to all of their staff, using more collaboration tools from Outlook, OneDrive, SharePoint, and Teams.
Unfortunately, this is creating new security vulnerabilities with more untrained workers being attacked by malware or ransomware through attachments, links, or phishing attacks.
This article will provide you with an overview of how Microsoft Office 365 Advanced Threat Protection (ATP) can help protect your organization, along with links to help you enable each service.
Microsoft Office 365 now comes with the Advanced Threat Protection service which secures emails, attachments, and files by scanning them for threats. This cloud service uses the latest in machine learning from the millions of mailboxes it protects to proactively detect and resolve common attacks. This technology has also been extended beyond just email to protect many other components of the Microsoft Office suite. In addition to ATP leveraging Microsoft’s global knowledge base, your organization can use ATP to create your own policies, investigate unusual activity, simulate threats, automate responses, and view reports.
Microsoft Office 365 ATP helps your users determine if a link is safe when using Outlook, Teams, OneNote, Word, Excel, PowerPoint and Visio. Malicious or misleading links are a common method for hackers to direct unsuspecting users to a site that can steal their information. These emails are often disguised to look like they are coming from a manager or the IT staff within the company. ATP will automatically scan links in emails and cross-reference them to a public or customized list of dangerous URLs. If a user tries to click on the malicious link, it will give them a warning so that they understand the risk if they continue to visit the website.
One of the most common ways which your users will get attacked is by opening an attachment that is infected with malware. When the file is opened, it could execute a script that could steal passwords or lock up the computer unless a bounty is paid, in what is commonly known as a ransomware attack. ATP will automatically scan all attachments to determine if any known virus is detected. You and your users will be notified about anything suspicious to help you avoid any type of infection.
When ATP anti-phishing is enabled, all incoming messages will be analyzed for possible phishing attacks. Microsoft Office 365 uses cloud-based AI to look for unusual or suspicious message elements, such as mismatched descriptions, links, or domains. Whenever an alert is triggered, the user is immediately warned, and the alert is logged so that it can be reviewed by an admin.
Approved users will have access to the ATP dashboard along with reports about recent threats. These reports contain detailed information about malware, phishing attacks, and submissions. A Malware Status Report will allow you to see malware detected by type, method, and the status of each message with a threat. The URL Protection Status Report will display the number of threats discovered for each hyperlink or application and the resulting action taken a user. The ATP Message Disposition report shows the different types of malicious file attachments actions in messages. The Email Security Reports include details about the top senders, recipients, spoofed mail, and spam detection.
Another important component of ATP is the Threat Explorer which allows admins or authorized users to get real-time information about active threats in the environment through a GUI console. It allows you to preview an email header and download an email body, and for privacy reasons, this is only permitted if permission is granted through role-based access control (RBAC). You can then trace any copies of this email throughout your environment to see whether it has been routed, delivered, blocked, replaced, failed, dropped, or junked. You can even view a timeline of the email to see how it has been accessed over time by recipients in your organization. Some users can even report suspicious emails and you can use this dashboard to view these messages.
Microsoft Office 365 leverages its broad network of endpoints to identify and report on global attacks. Administrators can add any Threat Tracker widgets which they want to follow to their dashboard through the ATP interface. This allows you to track major threats attacking your region, industry, or service type.
Another great security feature from Microsoft Office 365 ATP is the ability to automatically investigate well-known threats. Once a threat is detected, the Automated Incident Response (AIR) feature will try to categorize it and start remediating the issue based on the industry-standard best practices. This could include providing recommendations, quarantining, or deleting the infected file or message.
One challenge that many organizations experience when developing a protection policy is their inability to test how their users would actually respond to an attempted attack. The ATP Attack Simulator is a utility that authorized administrators can use to create artificial phishing and password attacks. These fake email campaigns try to identify and then educate vulnerable users by convincing them to perform an action that could expose them to a hacker. This utility can run a Spear Phishing Campaign, Brute Force Attack, and a Password Spray Attack.
This diverse suite of tools, widgets, and simulators can help admins protect their remote workforce from the latest attacks. Microsoft has taken its artificial intelligence capabilities to learn how millions of mailboxes are sharing information, and use this to harden the security of their entire platform.
If you want to learn more about Microsoft Office 365 ATP and Microsoft Office 365 in general, attend the upcoming Altaro webinar on May 27. I will be presenting that along with Microsoft MVP Andy Syrewicze so it’s your chance to ask me any questions you might have about ATP or other Microsoft Office 365 security features live! It’s a must-attend for all admins – save your seat now
Is Your Office 365 Data Secure?
Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts and calendar events are saved somewhere but they’re not. Secure your Office 365 data today using Altaro Office 365 Backup – the reliable and cost-effective mailbox backup, recovery and backup storage solution for companies and MSPs.
As hospitals and other healthcare delivery organizations accelerate their adoption of virtual care and mobile devices in response to the COVID-19 outbreak, it’s critical that providers can access cloud and on-premises apps quickly and securely. Imprivata is a healthcare-focused digital identity company that addresses this need. For today’s “Voice of the ISV” blog, I invited Kristina Cairns and Mark Erwich of Imprivata to provide insight into how Imprivata’s solutions are helping healthcare organizations deliver care beyond the four walls of the hospitals.
Supporting healthcare delivery organizations during COVID-19
By Kristina Cairns, Director of Product Marketing, Imprivata and Mark Erwich, VP Marketing, Imprivata
In response to COVID-19, hospitals and clinics have turned to remote tools to care for a surge of patients, while protecting the health of staff. These tools let clinicians connect remotely with patients, care teams, and other organizations, but they can be difficult to securely access from shared workstations or mobile devices, such as tablets. Imprivata digital identity solutions simplify access while maintaining security, so clinicians can deliver quality care safely and conveniently—no matter where they are located.
At the same time, healthcare staffing demands are skyrocketing, and these needs must be met in real time. This can mean quickly adding, or provisioning, new or re-allocated staff and ensuring they have proper access to applications, immediately. Once the crisis is over, these same staff will need to be de-provisioned to ensure security and compliance requirements are met.
Imprivata is a digital identity company that focuses on healthcare. We employ doctors and nurses who have a real-world understanding of the unique needs of hospital environments. Our solutions are designed to work with healthcare workflows and regulations, so hospitals can get up and running with new tools and upgrades, fast. In these challenging times, we’ve partnered with Microsoft to provide an integrated identity and access management platform that meets the needs of healthcare organizations. Our joint solutions make it easy to connect to healthcare’s existing identity and application data and automate at scale. Healthcare providers can use our platforms to address unique demands, such as:
Saving precious time in hospitals: Accessing necessary apps quickly while healthcare providers move between clinical workstations and new networked devices at the point of patient care.
Protecting healthcare staff and patients: Identifying providers potentially exposed to COVID-19.
Scaling up remote work and virtual care: Providing remote access to a diverse set of tools spanning on-premises and cloud infrastructure as providers and patients move outside of traditional healthcare environments.
Simplifying role-based access identity management: Securely manage access for temporary workers and existing staff who change roles or departments.
Saving precious time in hospitals
Healthcare workers are busy in the best of times. They juggle administrative tasks with a full day of patient care. As the pandemic has driven up the number of patients admitted to hospitals, time has become even more precious. Imprivata OneSignis a single sign-on (SSO) solution that enables care providers to spend less time with technology and more time with patients.
During a shift, healthcare workers use several cloud and on-premises applications including business and enterprise applications, electronic health records, medical imaging, patient management, and other systems. Each of these apps in this hybrid environment often requires a unique username and password. Imprivata OneSign eliminates the need for clinicians to memorize and manually enter their credentials. They can sign in once to access all their on-premises and cloud apps, including Microsoft Teams, Office 365, and 3,000+ Microsoft Azure Active Directory (Azure AD) Marketplace applications. No Click Access™ lets them sign in with a badge or fingerprint making it faster to access applications and workflows.
Protecting healthcare staff and patients
As healthcare delivery organizations treat patients under evaluation for COVID-19, they must also safeguard the health of clinicians. Yale New Haven Health is using Imprivata OneSign reporting capabilities to identify exactly where and when specific users accessed specific workstations in different patient care zones in the clinical environment. By combining these data with workstation mapping and electronic health record data, Yale can more accurately identify all providers potentially exposed to COVID-19 and take necessary actions.
Scaling up remote work and virtual care
To limit the spread of COVID-19, administrative roles at clinics and hospitals have migrated to remote work when possible. Care providers have rapidly scaled up virtual care services to provide non-emergency healthcare consultations. These providers need to access systems on personal laptops, mobile devices, and temporary devices in temporary care sites. It’s important that devices and individuals are authenticated to protect sensitive data and apps.
Imprivata Confirm ID for Remote Access improves security by enabling multi-factor authentication for remote network access, cloud applications, Windows servers and desktops, and other critical systems and workflows. Imprivata Confirm ID for EPCS (electronic prescribing of controlled substances) supports Drug Enforcement Agency (DEA)-compliant two-factor authentication methods so providers can quickly prescribe drugs using EPCS workflows. To support healthcare organizations during this crisis we are offering Imprivata Confirm ID licenses for free.
Simplifying role-based access identity management
As the number of patients increases, hospitals are rapidly re-assigning workers within the organization, while on-boarding clinicians from lower utilized hospitals. Healthcare organizations need easy and secure ways to manage user roles as they scale up and provision temporary workers.
Imprivata Identity Governance is an end-to-end solution with granular, role-based access controls and automated provisioning and de-provisioning. Streamlined auditing processes and analytics enable faster threat evaluation and remediation. These capabilities allow IT to respond to the needs of the organization without sacrificing security. Imprivata Identity Governance ensures that, on day one, the right users have the right access to the right on-premises and cloud applications, and the audit trail to prove it.
Making healthcare technology available to everyone
The following resources can help hospitals and clinics move quickly to support patient care beyond the four walls of the hospitals:
Solutions like the Imprivata Identity and Access Management platform, Microsoft Azure AD, and Microsoft Teams are helping keep healthcare workers productive and safe as they confront the current crises. As healthcare evolves, Microsoft and Imprivata will continue to innovate together to further enhance scenarios for in-person and remote access.
The current COVID-19 crisis brings new meaning to the term disruption. Organizations and their supply chain managers need new supply chain management best practices — and fast.
Coronavirus panic buying, national lockdowns, sudden changes in buying priorities and shipping challenges are each having a different impact on supply chains.
Companies are going to have to face the new reality, which is that we cannot make supply chain decisions based purely on economics, said Tom Derry, CEO of the Institute for Supply Management. Enterprises need to factor in a variety of disruptions, including geopolitical events, weather and health problems.
“For times like this, building innovative ways around supply chain production is not only urgent, but necessary,” said Deepak Lalwani, principal of Deepak Lalwani & Associates LLC, a management consultancy.
Experts see a variety of ways that enterprises can help improve their supply chains to keep customers happy in the short run and build resiliency in the long run. To that end, here are seven supply chain management best practices to explore during the ongoing coronavirus disruptions.
1. Set up supply command centers
Communication and agility have always been critical to successful supply chain management. In a COVID-19 world, they are even more critical and supply chain management best practices must put actionable communication front and center. Setting up a supply command center is one way to do that.
Several organizations have set up command centers to improve communication and manage material needs in real time, said Steve Abbott, subject matter expert at Patina Solutions, a professional services firm. Military, large OEMs and transportation and logistics firms have employed operational command centers — or OCCs — for years.
“The basic premise is to have a central management function with access to all information, and authority to direct resources and allocate materials in response to a dynamic environment,” Abbott said.
Business and supply chain leaders should understand this isn’t a traditional decision-making approach that requires repeated operational reviews and approvals, he said. Instead, the command center can act as a nerve center for helping executives to quickly identify and mitigate operational threats.
Operating in this way requires a balance of better technology for assessing the current situation and executive skills for acting on them.
The first consideration includes giving command center managers access to business key performance indicators and license to act, Abbott said. Other considerations include developing the analytics used to generate various functional KPIs related to the speed to deliver goods and upgrading ERP systems to improve visibility.
2. Run tabletop simulations
The COVID-19 pandemic and the response to it will continue to disrupt business processes in a variety of ways, including the loss of key people, suppliers and distribution channels. In the near term, every company should find ways to address business continuity needs.
“Run a tabletop business impact assessment for your organization to determine the impact on your company and your plan of action, should someone become affected in your company,” said Sam Dawes, a senior manager at West Monroe Partners, a business and technology consultancy.
Other tabletop exercises might look at how different policies and events occurring in other countries could affect the business if they occur at home.
Now is the time to reevaluate and soften your current demand plan, Dawes said. Although some exceptions exist, there is a general manufacturing and macroeconomic activity slowdown, so less supply will be required to meet demand.
These kinds of changes may also open opportunities to optimize the labor configuration. For example, it could be helpful to run two skeleton shifts in place of one.
In a COVID-19 world, supply chain leaders need to adjust best practices away from being reactive or bureaucratic.
This means shifting away from a pure cost-and-control mindset to instead consider proactive risk management, said Alberto Oca, a partner in the strategic operations practice of Kearney, a global strategy and management consulting firm. Supply chains need to be redesigned to treat disruptions as the norm, detect early warnings and be able to sense and pivot seamlessly to offset situations like this.
As part of this, the use of digital twins will increase, Oca said. Organizations can use them to create business process simulations that can be updated in real time as circumstances change. For example, this could include finding the best way to shift production to alternate locations, move inventory to different warehouses, increase or decrease safety stocks and be better prepared overall.
4. Explore supply chain regionalization
Regionalization is the process of moving more aspects of a supply chain closer to where a product is consumed. This can help reduce transit time, cut tariffs and bolster the appeal of products.
There has been a movement toward regionalization for a lot of reasons and COVID-19 will only accelerate this trend, Derry said.
Regionalization can also help boost the visibility and appeal of manufacturers such as Foxconn’s commitment to building its presence in Wisconsin, GM’s joint venture for a battery plant in Ohio, and Haier’s white goods in Kentucky, Abbott said. These moves are being bolstered by investments in AI, robots and IT systems to increase supply chain efficiency.
Regionalization will play out through nearshoring as a key part of U.S. companies’ shifting strategies, Dawes said. Mexico may be a major winner, as it is able to produce high-quality products with labor costs on par with China. Some industries, such as life sciences and health products, will reshore manufacturing as a defensive response, he said.
5. Create resilient supply webs
Relying on a single supply line puts a company at greater risk of disruption.
Businesses should consider ways to diversify their supply chains in ways the mimic the food webs of nature, said Kathleen Allen, author of Leading from the Roots: Nature-Inspired Leadership Lessons for Today’s World. This starts with reviewing the current supply lines with an eye on diversification.
Kathleen AllenAuthor, Leading from the Roots: Nature-Inspired Leadership Lessons for Today’s World
It’s also important to evaluate the risk of each supply line according to multiple factors such as risk of disruptions, ability to scale each way and the adaptability of suppliers, she said. Organizations can consider new supply lines as they emerge owing to new business models or improvements to technology.
Businesses shouldn’t just take a “get through this crisis” mindset since the virus may just be one example of unexpected disruption that will happen in the future, Allen said.
“Now is the time to create a resilient web of supply lines to feed your business,” she said.
6. Understand suppliers
Most companies have a pretty good handle on their key suppliers, but things get murkier with suppliers further up the supply chain. The need for greater visibility and stronger supplier relationships has only become more important with the disruptions of the coronavirus pandemic.
“You need to know who your suppliers are,” Derry said.
Now is a good time to do a deeper dive into the businesses that you are counting on. For example, many companies have invested in developing multiple tier 1 suppliers, but a deeper analysis reveals that these all depend on a single nexus supplier further up the supply chain.
“If there is an issue with the nexus supplier, it does not just affect one supply chain, but the whole industry,” Derry said.
Nestle is a classic example of this kind of analysis. A few years ago, the company analyzed the entire supply chain involved in pet food products and found that most of the protein came from fish sources that used slave labor. Nestle reportedly is working to redo its entire supply chain to eliminate these suppliers.
Many companies of all sizes, including large OEMs, are finally getting serious about really executing supplier assessments and performance audits rather than simply going through the motions, Abbott said. In his experience most supplier assessments and supply chain audits have been ineffective. This has been because business leaders sourced tier 2 and tier 3 suppliers without adequate due diligence, and consequently risk management and response plans were lacking as well.
7. Create innovation labs
As new developments unfold, organizational and supply chain leaders should explore how they can get agile and use technology to strengthen a company’s supply chain.
To this end, organizations should invest in creating innovation labs, Lalwani said. Innovation labs teams can work to come up with new ideas, execute them and iterate until the idea is fully executed or integrated into a business. This gives enterprises the opportunity to identify supply chain trends and apply innovative solutions to complex logistics issues.
For example, DHL has a 28,000-square-foot innovation center in Chicago where companies can learn about the latest supply chain technology and help them on their path toward digitization. The center provides customers and partners technical expertise with a variety of supporting technologies, including robotics, warehouse automation, AI, IoT and analytics.
As ERP software providers have created cloud-based versions of their products, they’ve opened up these capabilities to small businesses.
The per-user, per-month pricing model makes ERP software more accessible to small businesses, and running it in the cloud means that they don’t need to invest in servers or IT staff to deploy, manage and troubleshoot it.
ERP software is ideal for small businesses that have outgrown their spreadsheets, paper-based systems or general small business accounting software. These software systems are now more widely available to businesses that had outgrown spreadsheets or small business accounting software and are looking for something that could better handle accounting, customer relationship management and other business functions.
There’s no hard-and-fast rule as to when small businesses should switch to ERP software. But if they’re struggling with a lot of manual tasks, want to get a better picture of the financial health of their business and take advantage of analytics, it might be time to start evaluating different vendors. Some other indicators that it’s time to look at ERP software include spending too much time trying to integrate other software packages to get a full picture of inventory, supply chain and customers, as well as difficulty meeting customer demands.
Here are the top five ERP software choices for small businesses:
Aimed squarely at small businesses in the distribution, wholesale, retail and services sector, OnCloud ERP is a fully cloud-based ERP software product. The OnCloud ERP suite of applications includes the expected accounting modules for real-time information on cash flow, as well as sales, inventory, purchase order and receipt tracking, inventory management and production planning. Add-on modules provide the ability to manage payroll, track and maintain assets, leverage CRM functions like lead tracking and manage projects.
One of the most attractive features for small businesses is that companies can implement OnCloud ERP without an IT department and uses a single platform for all the ERP functions. The software also offers mobile device and remote access capabilities.
OnCloud ERP offers a free trial for 14 days. Pricing starts at $10 per user per month for the “StartUp” plan, with a minimum of five users.
Microsoft Dynamics Business Central
While Microsoft Dynamics 365 is geared toward larger businesses, Microsoft offers a Business Central application for small businesses. This product includes financials, supply chain management, customer service and project management in one product.
The analytics capabilities in Business Central include the ability to connect data across accounting, sales, purchasing, inventory and customer transactions, then run reports in real-time using business intelligence dashboards. The product also enables users to access data modeling and analysis to create financial forecasts.
Because it’s a Microsoft product, users can integrate the product with Excel, Word, Outlook and Azure. Microsoft also offers pre-built add-on products like Continia Document Capture 365 for recognizing documents and approving invoices and Jet Reports to create financial reports inside Excel.
The pricing model is a per-user, per-month fee, based on whether the company chooses a basic or premium version. Microsoft delivers Business Central entirely in the cloud, and the vendor also offers a mobile application for remote access.
While Oracle markets NetSuite as ideal for businesses of any size, where NetSuite really shines is with smaller businesses. It’s an all-in-one software suite that includes financials, customer service and e-commerce capabilities, so small business owners don’t have to figure out how to use APIs to connect different software packages. NetSuite also packages analytics in with its ERP software to provide insight into how the business is performing, using key performance indicators.
NetSuite is delivered entirely in the cloud, on the NetSuite Cloud Platform. This enables organizations to add other applications and modules — such as SuitePeople, its human capital management system — to the software. The product is billed as good for manufacturing, media and publishing, nonprofit, retail, services, advertising, distribution and wholesale and software industries.
Potential users must contact NetSuite for pricing information.
The focus of Sage Intacct is finance and accounting, and Sage bills it as being “built for finance by finance.” Some of the features it offers includes the ability to automate complex processes, analyze data, create structured transactions and approvals, and manage multiple currencies and locations. It also provides the ability to track multiple accounts in real-time.
For companies that want to extend Sage Intacct beyond core financial functions, the software offers modules for fixed assets, inventory management, and time and expense management, among others. It also offers web services in the form of APIs to integrate with other software systems, as well as a built-in Salesforce integration.
Sage Intacct is priced on a quote basis and is cloud-based.
SAP Business One
As SAP’s ERP product for small businesses, SAP Business One is a single suite that includes financial management, sales and customer management, purchasing and inventory control, and analytics and reporting capabilities. It also includes a mobile access module so that users can check inventory, manage sales and service, and complete approvals from iOS or Android devices.
Companies can customize SAP Business One for their industries, including consumer products, manufacturing, retail, wholesale distribution and professional services. The can also customize the software using application extensions from SAP partners, create web applications that run on desktops or mobile devices, and use self-service options within SAP Business One to create additional fields, tables and forms.
Unlike a lot of other small business ERP products, companies can implement SAP Business One on premises. It’s also delivered in a cloud-based model, priced on a per-user, per-month basis. It’s sold exclusively through SAP partners.
ERP selection advice
Before beginning the ERP software evaluation process, small business leaders need to first identify the business problems they’re trying to solve. They will also want to audit their existing processes to see if the ERP system they’re considering has these processes built in or will let them create workflows.
As small businesses begin the evaluation process, it’s important to keep in mind what the company actually needs and what it can support. Most of these systems will let companies add users as needed, as well as extend capabilities using APIs. These top five ERP software for small business have features that go beyond basic accounting and let small businesses compete with larger companies, using tools that previously were not affordable.
Every day, CISOs must decide which cyberthreats to prioritize in their organizations. When it comes to choosing which threats are the most concerning, the list from which to choose from is nearly boundless.
At RSA Conference 2020, speakers discussed several of the most concerning threats this year, from ransomware and election hacking to supply chain attacks and beyond. To pursue the topic of concerning threats, SearchSecurity asked several experts at the conference what they considered to be the biggest cybersecurity threat today.
“It has to be ransomware,” CrowdStrike CTO Mike Sentonas said. “It may not be the most complex attack, but what organizations are facing around the world is a huge increase in e-crime activity, specifically around the use of ransomware. The rise over the last twelve months has been incredible, simply because of the amount of money there is to be made.”
Trend Micro vice president of cybersecurity Greg Young agreed.
“It has to be ransomware, definitely. Quick money. We’ve certainly seen a change of focus where the people who are least able to defend themselves, state and local governments, particularly in some of the poorer areas, budgets are low and the bad guys focus on that,” he said. “The other thing is I think there’s much more technological capability than there used to be. There’s fewer toolkits and fewer flavors of attacks but they’re hitting more people and they’re much more effective, so I think there’s much more efficiency and effectiveness with what the bad guys are doing now.”
Sentonas added that he expects the trend of ransomware to continue.
“We’ve seen different ransomware groups or e-crime groups that are delivering ransomware have campaigns that have generated over $5 million, we’ve seen campaigns that have generated over $10 million. So with so much money to be made, in many ways, I don’t like saying it, but in many ways it’s easy for them to do it. So that’s driving the huge increase and focus on ransomware. I think, certainly for the next 12 to 24 months, this trend will continue. The rise of ransomware is showing no signs it’s going to slow down,” Sentonas explained.
“Easy” might just be the key word here. The biggest threat to cybersecurity, according to BitSight vice president of communications and government affairs Jake Olcott, is that companies “are still struggling with doing the basics” when it comes to cybersecurity hygiene.
“Look at all the major examples — Equifax, Baltimore, the list could go on — where it was not the case of a sophisticated adversary targeting an organization with a zero-day malware that no one had seen before. It might have been an adversary targeting an organization with malware that was just exploiting known vulnerabilities. I think the big challenge a lot of companies have is just doing the basics,” Olcott said.
Lastly, Akamai CTO Patrick Sullivan said that the biggest threat in cybersecurity is that to the supply chain, as highlighted at Huawei’s panel discussion at RSAC.
“The big trend is people are looking at their supply chain,” he said. “Like, what is the risk to the third parties you’re partnering with, to the code you’re developing with partners, so I think it’s about looking beyond that first circle to the second circle of your supply chain and your business partners.”
Windows administrators must maintain constant vigilance over their systems to prevent a vulnerability from crippling their systems or exposing data to threat actors. For shops that use Hyper-V, Microsoft offers another layer of protection through its virtualization-based security.
Virtualization-based security uses Hyper-V and the machine’s hardware virtualization features to isolate and protect an area of system memory that runs the most sensitive and critical parts of the OS kernel and user modes. Once deployed, these protected areas can guard other kernel and user-mode instances.
Virtualization-based security effectively reduces the Windows attack surface, so even if a malicious actor gains access to the OS kernel, the protected content can prevent code execution and the access of secrets, such as system credentials. In theory, these added protections would prevent malware attacks that use kernel exploits from gaining access to sensitive information.
Code examining, malware prevention among key capabilities
Virtualization-based security is a foundation technology and must be in place before adopting a range of advanced security features in Windows Server. One example is Hypervisor-Enforced Code Integrity (HVCI), which examines code — such as drivers — and ensures the kernel mode drivers and binaries are signed before they load into memory. Unsigned content gets denied, reducing the possibility of running malicious code.
Other advanced security capabilities that rely on virtualization-based security include Windows Defender Credential Guard, which prevents malware from accessing credentials, and the ability to create virtual trusted platform modules (TPMs) for shielded VMs.
In Windows Server 2019, Microsoft expanded its shielded VMs feature beyond the Windows platform to cover Linux workloads running on Hyper-V to prevent data leakage when the VM is both static and when it moves to another Hyper-V host.
New in Windows Server 2019 is a feature called host key attestation, which uses asymmetric key pairs to authenticate hosts covered by the Host Guardian Service in what is described as an easier deployment method by not requiring an Active Directory trust arrangement.
What are the virtualization-based security requirements?
Virtualization-based security has numerous requirements. It’s important to investigate the complete set of hardware, firmware and software requirements before adopting virtualization-based security. Any missing requirements may make it impossible to enable virtualization-based security and compromise system security features that depend on virtualization-based security support.
At the hardware level, virtualization-based security needs a 64-bit processor with virtualization extensions (Intel VT-x and AMD-V) and second-level address translation as Extended Page Tables or Rapid Virtualization Indexing. I/O virtualization must be supported through Intel VT-d or AMD-Vi. The server hardware must include TPM 2.0 or better.
System firmware must support the Windows System Management Mode Security Mitigations Table specification. Unified Extensible Firmware Interface must support memory reporting features such as the UEFI v2.6 Memory Attributes Table. Support for Secure Memory Overwrite Request v2 will inhibit in-memory attacks. All drivers must be compatible with HVCI standards.
GumGum developed computer vision and NLP technology to help clients better advertise to their users.
The Santa Monica, Calif.-based vendor, founded in 2008, automatically scans video, audio, images and text on webpages, identifying and extracting key elements. It then uses that data to help advertisers place relevant ads on the webpages.
To power its machine learning and computer vision technology, GumGum needs a lot of training data. To meet its data needs, about two years ago the company turned to Figure Eight, a crowdsourcing machine learning annotation vendor.
Acquired by Appen, another crowdsourcing machine learning annotation company, in April 2019, Figure Eight provides training data to a variety of similar vendors. Figure Eight relies on a network of contributors to annotate huge amounts of data.
The contributors are trained, although they are mostly not data scientists, and are screened for security purposes. Their large contributor network enables Figure Eight to train data at scale, as well as continue to review annotated data while a job is running.
Getting training data
Before using Figure Eight, GumGum employed full-time staff for machine learning annotation, said Erica Nishimura, data curator at GumGum. That worked, but it was costly and, at times, slow. With large amounts of data, it could take months to get useable training data. Besides, the staff could only work in English, but GumGum has clients internationally.
Figure Eight, meanwhile, works in a number of languages. At the time, Nishimura said, it was one of the only companies that worked in Japanese. As GumGum has a thriving Japanese division, the language support was one of the main reasons it chose Figure Eight.
Scalability, said Lane Schechter, product manager at GumGum, was the other reason GumGum chose Figure Eight.
Working with Figure Eight has increased GumGum’s data capacity tenfold, Schechter said. Also, instead of taking months to get completed machine learning annotation, it now happens in about a week.
Still, that’s not to say that working with Figure Eight has been without its share of problems.
One of the biggest challenges has been communicating directly with Figure Eight’s crowdsource contributors, Nishimura said.
At times, the contributors have had trouble understanding exactly what GumGum wants, but, because there is no way to directly interact with the contributors, Nishimura said it is hard to know if the contributors are having problems, or what they might be.
The best GumGum can do is put in a message, Nishimura said, but there is no way to alert each contributor to the message. Besides, a single message isn’t the same as having a conversation, she added.
While she was unsure if other similar crowdsourcing machine learning annotation companies have a better way to communicate with contributors, Nishimura said some other companies have their own checkers, who do spot-checks on completed annotations.
“It’s one more step to ensure quality,” Nishimura said. But, she added, the prices of those services are generally higher than those of Figure Eight’s.