Daniel C.’s Post

Revolutionize your Incident Management Managing incidents efficiently is crucial to: → Building customer trust → Maintaining operational stability → Delivering seamless user experiences. As applications & services become more critical you need: → To move from reactive to be proactive → Real-time detection of issues → To minimize downtime Moving to be proactive and automating incident management will transform your response strategy: 1. Faster Resolution: ↳ Automated workflows streamline incident detection, triage, and resolution, reducing downtime and enhancing productivity. 2. Consistency: ↳ Standardized processes ensure consistent responses, minimizing human error and improving reliability. 3. Scalability: ↳ Automation handles increasing volumes of incidents without adding to the workload, making it easier to scale operations. 4. Data-Driven Insights: ↳ Automated systems collect and analyze data, providing actionable insights to preempt future incidents. So how do you do this? Later this week, I'll be releasing an article here to talk to it in more detail. Hit the follow button to get notified. ——————————- Hello, I’m Rowan Geere, an IT leader who simplifies complex IT infrastructures for global organizations. I specialize in innovative technologies, enhancing cybersecurity, & driving operational efficiencies.

Continuous testing

Your Daily Security Dose: Towards the end of the week: An exemplary list of typical tasks to be expected before and during a recovery / restore exercise. (list is not exhaustive & each topic can fill pages) Stay safe, enjoy your WE & greetings to the community PROACTIVE TASKS ·      Know your environment ·      Know your Crown Jewels ·      Know the Solution / Technical Owners ·      Know Roles & Responsabilities ·      Plan / make general company philosophy and legal decisions ·      Know the technical contacts (plus 3rd party partners) ·      Plan Communication (internal & external) ·      Prioritize Applications (BIA) ·      Verify that Backup has low likelihood to get impacted ·      Know dependencies / prerequisites (IT / OT) ·      Know RTO & RPO (temporary emergency modes) ·      Prepare Restore-Playbook(s) ·      Estimate Restore capabilities: amount of: systems/time; TB/time, people/initiative ·      Train People / Processes / Tools ·      Align the overall architecture REACTIVE TASKS ·      Contain the threat ·      Document changes to update standard doc after crisis ·      Initiate crisis management ·      Having conference bridges and drive decision and communication (out of band?) ·      Collect incident information (impact / scope) ·      Do forensic analysis (IOC / TTP) ·      Ensure visibility (EDR..) ·      Decide start of remediation / restore ·      Plan for required Credential reset and security improvements ·      Define how good looks like (protect new systems with controls specific to IOC) ·      Do essential verification and plausibility tests ·      Restore systems aligned with Forensic / Business / recovery planning ·      Do post mortems and establish mid-term / strategic initiatives (safe budget)

It is positive to see Crowdstrike sharing their full Provisional Post Incident Review (PIR). It is always easy for everyone not involved to believe nothing like that could happen in their business. But Crowdstrike work in an sector where threats need to be dealt with fast and to a customer base of millions. This brings pressures and risks. In summary Crowdstrike are saying test more and deploy slower. Testing by developers can always be challenging. Replicating the live scenario for every customer may not be practical in budgets or time frames. In consumer cloud software each customer doesn’t have their own test area. So the company takes the full burden of testing. A risk based approach is needed in any test planning. Asking “What is the worst damage that could be done to my customers businesses, if this deployment causes issues?”. I doubt Crowdstrike had actually answered this with “We can close airports, banks and major retailers globally & simultaneously !”. The moving to a wave deployment will defintely reduce the impact of any issues. When I was initially involved with software deployment, we had to drive with discs to sites and physically deploy. This meant there was always time between deployments to either fix or delay roll outs if there were issues found by customers. I understand Crowdstrike deployed to circa 8.5 million windows PCs last week in one deployment. If they had initially released to 1000 PCs, the issue may not have hit the headlines or their share price. The size & profile of this failure, and the fact Crowdstrike are being open with their investigation, will mean that a lot of cloud based software providers are able to review their own testing and deployment plans based on the findings. And I am pretty sure some will be making changes as they find the Crowdstrike approach was not unusual. It is also important that Customers play their part and understand: - Your own system map and integrations - How and when software is updated - What are the risks to your business if a deployment goes wrong - What is the Business Continuity Plan if a deployment goes wrong - Have you tested the Business Continuity Plan recently…dusty folders of procedures from 2 years ago are unlikely to be effective #LogisticsTechnology #SoftwareDeployment #SoftwareTesting #BusinessContinuityPlanning

An incident involving Crowdstrike has raised several pertinent questions regarding IT strategy: 1. Auto-patch updates versus testing on a dedicated server and releasing only verified patches: Should we consider discouraging auto-updates of patches moving forward? I am inclined to favor this approach. 2. An immediate consequence is the erosion of trust between cloud and security vendors. There will likely be a greater emphasis on agent-less solutions to safeguard against vulnerabilities associated with traditional agent-based systems. I believe an agent-less software design is the way forward. 3. Single point of failure – Do we need to re-evaluate our dependence on a single vendor? Achieving a balance will become increasingly crucial shortly. Strengthening vendor relationships and negotiating liability terms for third-party software are becoming essential components of our contracts. 4. Single cloud versus multi-cloud strategies – Are single cloud deployments more beneficial than previous arrangements? It may be necessary to refocus on fundamental principles, including hybrid cloud solutions, multi-cloud approaches, and adaptive or transformative resilience patterns for software design. 5. Communication and crisis response management for various organizations – Recent events have tested organization's ability to respond to externally induced issues. There is growing interest in simulating and training staff for crisis management, hinting at the potential for a market in chaos engineering. 6. It is important to consider the continued investment for enhancing risk management, refining change management, and improving resilience. While these points may seem apparent, I believe it would be valuable to solicit comments and feedback from colleagues and experts. What are your key takeaways from this incident?

Security leaders find modernizing identity security daunting and focus instead on seemingly simpler challenges like implementing single sign-on, multifactor authentication, and privileged access management. However, this reactive approach can be more costly over time. Developing a comprehensive IAM strategy and roadmap is a proactive, high-value initiative that will drive the effective modernization of the identity management program. Our new blueprint might help you to define a clear IAM strategy that aligns with the organization’s security objectives and regulatory requirements, and establish standardized processes for user onboarding, provisioning, deprovisioning, and access changes throughout the user's lifecycle.

Are you confident in your IT asset inventory? Accurate IT discovery isn’t a myth—it’s the key to strengthening security and resilience in your IT operations. Join OpenText expert Travis Greene at Gartner IT IOCS in Las Vegas for a power-packed session on how to achieve trust in your IT inventory. When: Thursday, Dec. 12 | 11 a.m. PST Session Highlights: • Strengthen change & incident management • Reduce system vulnerabilities & downtime • Enhance audit readiness Learn best practices for accurate IT discovery and configuration management. It’s time to stop flying blind and start building a more resilient IT environment! Book a 1:1 meeting today! https://lnkd.in/ggjNn_H6 #GartnerIO #ITDiscovery #ITOps #CyberResilience #ChangeManagement #IncidentManagement #AuditReadiness #ITSecurity #TechLeadership

How can you ensure your systems run smoothly and avoid costly disruptions? Maintaining an effective maintenance activity plan over a two-week period is crucial for ensuring the smooth operation of any system or application. This strategic approach helps identify potential issues before they escalate into major problems, minimizing downtime and maximizing productivity. Regular maintenance allows teams to optimize system performance, address vulnerabilities, and implement necessary updates, which is essential for sustaining business continuity. The importance of this bi-weekly routine cannot be overstated. It fosters a proactive rather than reactive approach to system management, reducing the likelihood of unexpected failures and costly disruptions. Moreover, it provides a structured timeline for implementing changes, ensuring that all updates are thoroughly tested and integrated without compromising system stability. By dedicating time every two weeks for maintenance, organizations can ensure their systems remain resilient, secure, and efficient, ultimately supporting long-term business goals and enhancing overall operational effectiveness. Take the next step- Are you incorporating regular maintenance into your schedule? Share your strategies or challenges in the comments, and let's discuss how to keep systems running optimally!

24-021/ Using the 3-4-5 Method - part 4d Performing the Risk Assessment (continued) Resilience Quadrant 19 Are contractual protections for enterprise data in place and periodically verified for all offboard cloud applications, storage, and functional systems?  20 Are identities of users of all organizational applications and systems recorded and periodically audited against the authorized user access rolls?   21 Are protective systems - including offboard cloud-based protective functions - protected from unauthorized access? Are they protected from insider attacks? Reliability Quadrant (address the 5 principles) 22 How many critical processes have backup procedures to keep the processes operating if automated systems fail, or if they are unavailable?  23 Do organizational safety and security policies and employee training materials include backup procedures that will keep critical processes operating in case of automated system failure?  24 Are security controls delineated and cataloged for periodic verification, validation, and audit?  25 Are risk assessment results checked against security controls to verify sufficient coverage of enterprise assets?  26 Are security controls documented in organizational policy and training materials to ensure employees are trained in security and safety expectations? WHAT IT MEANS If the first pass can reveal potential areas of liability or cultural deficiencies, the second pass will show subjective areas of knowledge, activity, coverage, and security sufficiency that actively contribute to the efforts that secure the organization. The second pass, with greater detail, means to show any gaps that should mitigate, or better remediate, deficiencies from the first pass. Representation of answers may be visualized as color codes in the quadrants of the Risk Profile.  (Continued)

Mastering IAM without Losing Your Sanity: 5 Essential Tips 1. Understand the Basics of IAM Before diving into implementation, familiarize yourself with IAM fundamentals like roles, policies, and users. Know the difference between authentication and authorization, and get a grip on key concepts like least privilege, multi-factor authentication (MFA), and role-based access control (RBAC). 2. Start Small with Clear Objectives Don’t try to overhaul your entire access management system at once. Start with small, manageable tasks that address the most critical areas. For instance, begin by securing sensitive resources with MFA, then gradually apply IAM policies to other parts of your system. 3. Automate Where Possible Manual management of IAM can quickly become overwhelming. Leverage automation tools to streamline tasks like user provisioning, role assignments, and policy enforcement. Automation not only reduces human error but also helps maintain consistency across your environment. 4. Use Groups and Roles Strategically Instead of assigning permissions to individual users, create groups and roles that reflect your organizational structure and common access needs. This approach simplifies management and ensures that permissions are applied consistently. 5. Regularly Review and Update Access IAM is not a set-it-and-forget-it system. Schedule regular reviews of your IAM policies and access rights to ensure they still align with your organization’s needs. Remove unnecessary permissions and adjust roles as your organization evolves to minimize security risks.