ITManagementNews https://www.webpronews.com/technology/itmanagementnews/ Breaking News in Tech, Search, Social, & Business Fri, 12 Apr 2024 18:55:28 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 https://i0.wp.com/www.webpronews.com/wp-content/uploads/2020/03/cropped-wpn_siteidentity-7.png?fit=32%2C32&ssl=1 ITManagementNews https://www.webpronews.com/technology/itmanagementnews/ 32 32 138578674 Google Releases Chrome Enterprise Premium for $6 a Month https://www.webpronews.com/google-release-chrome-enterprise-premium-for-6-a-month/ Fri, 12 Apr 2024 18:10:04 +0000 https://www.webpronews.com/?p=603242 Google is getting into the paid web browser game with a premium version of Chrome, Chrome Enterprise Premium.

Chrome is the most popular web browser on the market, dwarfing its closest rivals. As such, Chrome is a top target for bad actors looking for exploits. Google is now offering an Enterprise Premium version for $6 a month, bringing a number of security features and improvements.

“With Chrome Enterprise Premium, we have confidence in Google’s security expertise, including Project Zero’s cutting-edge security research, and fast security patches,” said Nick Reva, Head of Corporate Security Engineering, Snap. “We set up DLP restrictions and warnings for sharing sensitive information in applications like Generative AI platforms and noticed a noteworthy 50% reduction in content transfers.”

The Enterprise Premium version has the following features:

Credit Google

The free Enterprise Core edition includes the following:

Credit Google

Organizations looking to deploy Chrome Enterprise can begin speaking with a Chrome expert here.

]]>
603242
Canonical Launches Ubuntu Pro for IoT Devices https://www.webpronews.com/canonical-launches-ubuntu-pro-for-iot-devices/ Tue, 09 Apr 2024 22:09:30 +0000 https://www.webpronews.com/?p=603007 Canonical is expanding its Ubuntu Pro service, bringing the extended security maintenance plan to IoT devices, in addition to desktop and servers.

Ubuntu Pro is Canonical’s service that provides expanded security maintenance for Ubuntu packages outside of the main operating system. In fact, Ubuntu Pro adds security patches for more than 25,000 additional packages, reducing “average CVE exposure time from 98 days to 1 day.” The service increases the support period from the standard five years for LTS releases to 10 years, with an option add-on to extend it an additional two years, for a total of twelve.

The company has launched Ubuntu Pro for Devices, bringing security and long-term compliance to IoT.

Ubuntu Pro for Devices provides 10 years of security maintenance for Ubuntu and thousands of open source packages, such as Python, Docker, OpenJDK, OpenCV, MQTT, OpenSSL, Go, and Robot Operating System (ROS). The subscription also provides device management capabilities through Landscape, Canonical’s systems management tool, and access to Real-time Ubuntu for latency-critical use cases. Ubuntu Pro for Devices is available directly from Canonical, and from a wide range of original device manufacturers (ODMs) in Canonical’s partner ecosystem, including ADLINK, AAEON, Advantech and DFI.

The company says it is expanding its collaboration with ODMs to provide a best-in-class experience. Canonical says the service will be especially beneficial for organizations that lack the in-house resources or expertise to secure their entire open-source software stack.

Customers are already touting the benefits of the new service.

“As new legislation is introduced for IoT embedded devices, it is crucial that our customers have a means to securely maintain the operating system along with commonly used applications and dependencies”, said Ethan Chen, General Manager of the Edge Computing Platforms BU at ADLINK. “Ubuntu Pro ensures that IoT devices receive reliable security patches from a trusted source”.

“Many of our customers from across different sectors are using computer vision software that requires regulatory approval. In particular, the latest US regulation makes it important to provide timely CVE fixes for all of the components used in our products. Thanks to Ubuntu Pro for Devices, this is now covered”, said Jason Huang, Director of AAEON’s UP Division.

Canonical provides a datasheet for companies interested in learning more about Ubuntu Pro for Devices.

]]>
603007
The Future of Nearshore Outsourcing Companies: Challenges and Benefits https://www.webpronews.com/nearshore-outsourcing-companies/ Tue, 19 Mar 2024 20:38:05 +0000 https://www.webpronews.com/?p=601900 Nearshore outsourcing companies have become increasingly valuable to organizations of all sizes in today’s fast-paced global business environment. While nearshore staffing services have been around for decades, the ongoing COVID-19 pandemic highlighted their crucial role in enabling businesses to remain agile, competitive, and successful. Yet, as we look ahead to 2024 and beyond, nearshore outsourcing companies are also bound to face significant challenges. In this blog post, we’ll explore the challenges and benefits that organizations can obtain from partnering with nearshore outsourcing companies.

1. Technological Advancements:

One of the most significant challenges nearshore outsourcing companies will face in 2024 is keeping up with rapid technological advancements. Organizations looking to outsource their business processes can expect their nearshore providers to be at the cutting edge of digital transformation; offering advanced automation, Machine Learning, Artificial Intelligence, and other emerging technologies. Without keeping pace with these advancements, nearshore outsourcing companies risk falling behind and becoming less relevant to potential clients.

2. Talent Shortages:

Nearshore staffing services will face stiff competition in the coming years as the demand for high-quality employees continues to grow. Many nearshore outsourcing companies may struggle to find and retain the best talent, which is crucial to delivering quality services to clients. On the other hand, service providers that invest in building relationships with universities, training programs, and other talent pipelines will have a significant advantage in the marketplace.

3. Cybersecurity Risks:

As more organizations embrace digital transformation, cybersecurity risks will continue to increase. More sophisticated threats, such as advanced persistent threats and ransomware attacks, will require nearshore outsourcing companies to implement comprehensive security measures to protect their clients’ sensitive data. Service providers that invest in strong cybersecurity protocols and consistently monitor and update their security will be in high demand.

As companies become more globalized, regulatory compliance becomes a more considerable concern. Nearshore outsourcing companies will face increasing pressures to adhere to various regulatory and compliance standards in different countries where they offer their services. On the bright side, those that can demonstrate full compliance with regulations such as GDPR and HIPAA will be more attractive partners to organizations.

5. Increased Cost Pressures:

Finally, nearshore outsourcing companies will face increased cost pressures from clients looking to maximize the value of their outsourcing projects. We can expect clients to anticipate more significant cost savings while simultaneously demanding higher-quality services and faster delivery times. To deliver high-quality services while remaining competitive, nearshore outsourcing companies will need to develop innovative pricing models.

Conclusion:

Overall, nearshore outsourcing companies will face many challenges in the coming years. Nonetheless, as organizations can also attain many benefits from partnering with these service providers, nearshore outsourcing companies can seize the wealth of expertise, resources, and technological know-how they bring to help organizations remain agile, competitive, and successful. Nearshore outsourcing companies can effectively deliver high-quality services to a vast array of clients, making the overcoming of obstacles a clear hurdle they can work at overcoming to stay competitive. If your organization is considering outsourcing, now’s the perfect time to jump into exploring the many benefits of partnering with a nearshore outsourcing company.

]]>
601900
AWS Using Bottlerocket Linux For Container Hosting https://www.webpronews.com/aws-using-bottlerocket-linux-for-container-hosting/ Sat, 02 Mar 2024 22:42:16 +0000 https://www.webpronews.com/?p=501242 AWS has revealed that Bottlerocket Linux is the operating system (OS) it is using for container hosting.

Containers are packages containing all the apps, code, libraries and dependencies necessary to run. Containers can be easily moved from one host to another, without worrying about the underlying OS and environment. Containers can also be managed to prevent any one app or process from hogging a system’s resources, making them the ideal way to scale cloud, hosting and IT systems.

Bottlerocket is a new Linux distribution that AWS designed and optimized specifically to work with containers.

“Bottlerocket reflects much of what we have learned over the years,” writes Jeff Barr, Chief Evangelist for AWS. “It includes only the packages that are needed to make it a great container host, and integrates with existing container orchestrators. It supports Docker image and images that conform to the Open Container Initiative (OCI) image format.

“Instead of a package update system, Bottlerocket uses a simple, image-based model that allows for a rapid & complete rollback if necessary. This removes opportunities for conflicts and breakage, and makes it easier for you to apply fleet-wide updates with confidence using orchestrators such as EKS.

“In addition to the minimal package set, Bottlerocket uses a file system that is primarily read-only, and that is integrity-checked at boot time via dm-verity. SSH access is discouraged, and is available only as part of a separate admin container that you can enable on an as-needed basis and then use for troubleshooting purposes.”

AWS is launching a public preview of the OS and inviting others to try it.

]]>
501242
The CIO Is Now Central To The Business Strategy https://www.webpronews.com/cio-business-strategy-2/ Thu, 30 Nov 2023 23:33:01 +0000 https://www.webpronews.com/?p=503035 “The CIO now has become front and center and central to the business strategy,” says Aongus Hegarty, President of International Markets at Dell Technologies. “From the c-suite perspective, they are now seen as a key individual around investment in technology to enable the business from a growth and transformation point of view. There has been a fundamental change in the role of the CIO.”

Aongus Hegarty, President of International Markets at Dell Technologies, says that the CIO role is now core to the business strategy in the enterprise. Hegarty was interviewed by Tim Crawford, ranked as one of the most influential CIOs and is the CIO Strategic Advisor at AVOA:

The CIO Is Now Central To The Business Strategy

If you stand back and look at the CIO role I think it’s gone from being a role traditionally which was very much in the back office. The CIO was focused on keeping the systems working and maybe often only out in the c-suite discussions when there was a challenge or an issue with systems or email, etc. The CIO now has become front and center and central to the business strategy. From the c-suite perspective, they are now seen as a key individual around investment in technology to enable the business from a growth and transformation point of view. There has been fundamental change.

What’s driving the change is the recognition by CEOs, c-suite, and companies that technology is disrupting industries and disrupting businesses. It’s driving significant efficiency and operational enhancement and/or a brand new set of business models, products, and services enabled by technology. Companies need to quickly move forward around their digital transformation or they will be left behind or significantly disadvantaged quite quickly. There’s an urgency in the c-suite to bring the technology strategy front and center underpinning the business strategy.

The CIO: A Critical Role Now And Into The Future

The CIO within that c-suite is in an absolutely critical role now and into the future. The breadth of skills and competencies required has broadened significantly. Now the CIO role very much encompasses an individual who has vision and collaborates across the organization. The CIO has strong communication skills and ability and can work and navigate between obviously the tactical and executional elements of the role but also the strategic elements of the IT strategy. They they must match that and understand how it fits into the business strategy. 

To all the CIOs out there I think it’s absolutely an exciting time and a great opportunity. You can be sure that Dell Technologies will be there every step of the way with you.

The CIO Is Now Central To The Business Strategy
]]>
588579
Oracle CIO: Every Enterprise Has the Security it Deserves https://www.webpronews.com/oracle-cio-security-2/ Wed, 29 Nov 2023 14:25:45 +0000 https://www.webpronews.com/?p=495340 “Every Enterprise has the security it deserves,” says Oracle Chief Information Officer Mark Sunday. “It begins at the very top. It truly begins with the board, CEO, and the Executive Committee to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of customers, companies, and employees information.”

Mark Sunday, CIO of Oracle, discussed the increasing need for enterprises to take a holistic, comprehensive, and automated approach towards information security in an interview with Michael Krigsman of CXOTALK:

Security is Increasingly a Big Part of the Discussion

It’s really been interesting to see the dramatic change in the awareness around security. Quite frankly, the threats have gotten much greater. Security is increasingly a big part of the discussion. If I look at the one area that my organization has increased year on year on year, it’s what we’re investing in security. We’re the norm in that. We’re not the exception. Then also the increased sophistication of the threats, the increased sophistication of the tooling, and so forth required, is putting more and more focus on this. It really becomes job one.

I think that boards have now become aware and that they are accountable to assure that the people, the processes, the technology, that all the steps that one needs to do in order to ensure the integrity, confidentially, privacy, and security, of not only a customer’s data, the company’s data, but in fact the employees data as well.

Security is Not Just the Role of the CIO

Security is getting its place at the table, whether it’s within the IT organizations, at the corporate level, or at the board level. Security has always been something that’s been out there, something that we’ve had to take into account, but more recently there have certainly been more high profile incidents that have highlighted just what the impact of security can have. But also it’s been highlighted that you need to have the focus that security is not just the role of the CIO, not just the role of the CISO, but it’s everyone’s responsibility.

It begins with making people aware of what they need to do, what the threats and the vulnerabilities are, and what their role is in defending against that. Security needs to be built into every line of code we write, every configuration we enable, every computer that we manage the configuration asset the patching level on and the updates on. It affects essentially most roles within the organization.

Every Enterprise Has the Security it Deserves

Just given the scale, size, complexity, and the opportunity for human error, you really need to take a holistic, comprehensive, and automated approach towards how you deal with configuration management, change management, and vulnerability management. All of these are key aspects. It’s very difficult if it’s done you know manually. You have to look at a comprehensive program that allows you to simplify, standardize, centralize, and automate all the aspects of how you deal with those things that you know could expose your company to security and privacy concerns.

Every Enterprise has the security it deserves. It begins at the very top. It truly begins with the board, CEO, the Executive Committee, to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of customers, companies, and employees information.

Oracle CIO Mark Sunday: Every Enterprise Has the Security it Deserves

Related Articles:

Huge Volume of IoT Data Managed via AI Creates Real Value, Says Oracle VP

Oracle CEO: Applications Market Changes Significantly As It Moves to Cloud

Oracle CEO: Three Big Things in the Gen 2 Cloud… Security, Security, Security

]]>
588577
BBC Now Relies on Google Cloud Serverless Architecture https://www.webpronews.com/bbc-now-relies-on-google-cloud-serverless-architecture/ Tue, 14 Nov 2023 18:13:40 +0000 https://www.webpronews.com/?p=523355 The BBC has announced it now relies on Google Cloud serverless architecture to process up to 26 billion log lines per day.

The BBC relies on Traffic Manager and CDN access logs to identify issues and make sure its online properties are running efficiently. According to Neil Craig, part of the BBC’s Digital Distribution team, the outlet sees anywhere from 3 billion to 26 billion log lines per day.

In a blog post for Google Cloud, Craig highlights the challenges of dealing with that much data:

As initially designed, we stored log data in a Cloud Storage bucket. But every time we needed to access that data, we had to download terabytes of logs down to a virtual machine (VM) with a large amount of attached storage, and use the ‘grep’ tool to search and analyze them. From beginning to end, this took us several hours. On heavy news days, the time lag made it difficult for the engineering team to do their jobs.

Craig goes on to describes the changes moving to Google Cloud’s serverless architecture brought:

In this new system, we still leverage Cloud Storage buckets, but on arrival, each log generates an event using EventArc. That event triggers Cloud Run to validate, transform and enrich various pieces of information about the log file such as filename, prefix, and type, then processes it and outputs the processed data as a stream into BigQuery. This event-driven design allows us to process files quickly and frequently — processing a single log file typically takes less than a second. Most of the files that we feed into the system are small, fewer than 100 Megabytes, but for larger files, we automatically split those into multiple files and Cloud Run automatically creates additional parallel instances very quickly, helping the system scale almost instantly.

In addition to improved speed and scaling, Craig says cost was a major benefit of the transition:

Our initial concern about choosing serverless was cost. It turns out that using Cloud Run is significantly more cost-effective than running the number of VMs we would need for a system that could survive reasonable traffic spikes with a similar level of confidence.

Switching to Cloud Run also allows us to use our time more efficiently, as we no longer need to spend time managing and monitoring VM scaling or resource usage. We picked Cloud Run intentionally because we wanted a system that could scale well without manual intervention. As the digital distribution team, our job is not to do ops work on the underlying components of this system — we leave that to the specialist ops teams at Google.

The BBC’s experience is a ringing endorsement of Google’s Cloud architecture and should serve as a reference point for companies in similar situations.

]]>
523355
Microsoft Announces Secure Future Initiative to Improve Its Cybersecurity https://www.webpronews.com/microsoft-announces-secure-future-initiative-to-improve-its-cybersecurity/ Mon, 13 Nov 2023 19:01:45 +0000 https://www.webpronews.com/?p=599722 Microsoft has announced its Secure Future Initiative, the company’s latest effort to address serious security issues.

Microsoft’s security reputation has taken a beating in recent years, with a hack that compromised US government email address bring the straw that broke the camel’s back. To make matters worse, Amit Yoran, CEO of security firm Tenable, blasted the company’s Azure security as “grossly irresponsible.”

It appears Microsoft is finally working to address both the problem — and its reputation — with its new initiative, which was revealed in an internal company memo from company President Brad Smith:

Satya Nadella, Microsoft Chief Executive Officer; Rajesh Jha, Microsoft Executive Vice President, Experiences and Devices; Scott Guthrie, Microsoft Executive Vice President, Cloud and AI; and I have put significant thought into how we should anticipate and adapt to the increasingly more sophisticated cyberthreats. We have carefully considered what we see across Microsoft and what we have heard from customers, governments, and partners to identify our greatest opportunities to impact the future of security. As a result, we have committed to three specific areas of engineering advancement we will add to our journey of continually improving the built-in security of our products and platforms. We will focus on 1. transforming software development, 2. implementing new identity protections, and 3. driving faster vulnerability response.

Smith goes on to outline the company’s plan which will rely heavily on artificial intelligence and automation to improve the software development process, as well as increase the use of memory safe languages:

This means we’re going to apply the concept of continuous integration and continuous delivery (CI/CD) to continuously integrate protections against emerging patterns as we code, test, deploy, and operate. Think of it as continuous integration and continuous security.

We will accelerate and automate threat modeling, deploy CodeQL for code analysis to 100 percent of commercial products, and continue to expand Microsoft’s use of memory safe languages (such as C#, Python, Java, and Rust), building security in at the language level and eliminating whole classes of traditional software vulnerability.

Smith also says the company will enable more secure defaults:

We all realize no enterprise has the luxury of jettisoning legacy infrastructure. At the same time, the security controls we embed in our products, such as multifactor authentication, must scale where our customers need them most to provide protection. We will implement our Azure tenant baseline controls (99 controls across nine security domains) by default across our internal tenants automatically. This will reduce engineering time spent on configuration management, ensure the highest security bar, and provide an adaptive model where we add capability based on new operational learning and emerging adversary threats. In addition to these defaults, we will ensure adherence and auto-remediation of settings in deployment. Our goal is to move to 100 percent auto-remediation without impacting service availability.

Microsoft will work to continue improving identity management in an effort to combat identity-focused espionage:

We will enforce the use of standard identity libraries (such as Microsoft Authentication Library) across all of Microsoft, which implement advanced identity defenses like token binding, continuous access evaluation, advanced application attack detections, and additional identity logging support. Because these capabilities are critical for all applications our customers use, we are also making these advanced capabilities freely available to non-Microsoft application developers through these same libraries.

To stay ahead of bad actors, we are moving identity signing keys to an integrated, hardened Azure HSM and confidential computing infrastructure. In this architecture, signing keys are not only encrypted at rest and in transit, but also during computational processes as well. Key rotation will also be automated allowing high-frequency key replacement with no potential for human access, whatsoever.

Finally, Smith says Microsoft will rely on AI to improve vulnerability response time:

Lastly, we are continuing to push the envelope in vulnerability response and security updates for our cloud platforms. As a result of these efforts, we plan to cut the time it takes to mitigate cloud vulnerabilities by 50 percent. We are in a position to achieve this because of our long investment and learnings in automation, monitoring, safe deployment, and AI-driven tools and processes. We will also take a more public stance against third-party researchers being put under non-disclosure agreements by technology providers. Without full transparency on vulnerabilities, the security community cannot learn collectively—defending at scale requires a growth mindset. Microsoft is committed to transparency and will encourage every major cloud provider to adopt the same approach.

It remains to be seen if Microsoft can deliver on its promise, but it’s a promising sign that the company’s executives see the need to do something different.

]]>
599722
Managed IT in Healthcare Settings https://www.webpronews.com/managed-it-in-healthcare/ Sun, 12 Nov 2023 20:33:00 +0000 https://www.webpronews.com/?p=599632 Managed IT services for healthcare have significantly evolved in recent years, becoming integral to the provision of quality patient care and the efficient operation of healthcare facilities. As technology continues to advance at a rapid pace, healthcare organizations are increasingly turning to managed IT services to help navigate the complex IT landscape, ensuring their systems are secure, compliant, and operating at peak efficiency. This comprehensive approach to IT management is particularly crucial in healthcare settings, where the stakes are exceptionally high and the margin for error is minimal.

Comprehensive Security Solutions

One of the most notable advancements in managed IT services for healthcare is the enhanced focus on cybersecurity. With the healthcare sector being a prime target for cyberattacks due to the wealth of sensitive patient data stored, robust security measures are non-negotiable. Managed IT services now offer comprehensive security solutions, including advanced threat detection, encryption, and 24/7 monitoring to identify and mitigate potential threats before they can cause harm. Moreover, these services ensure that healthcare organizations comply with stringent healthcare regulations like the Health Insurance Portability and Accountability Act (HIPAA), protecting patient privacy and safeguarding against legal repercussions.

Cloud Computing and Data Management

The adoption of cloud computing in healthcare has revolutionized data management, providing a secure and scalable solution for storing patient information. Managed IT services have played a crucial role in this transition, helping healthcare providers migrate to the cloud and manage their data more effectively. By leveraging cloud technologies, healthcare organizations can ensure that patient data is accessible when and where it’s needed, facilitating better collaboration among healthcare professionals and ultimately leading to improved patient outcomes.

Telemedicine and Remote Patient Monitoring

Telemedicine has seen exponential growth, especially in the wake of the COVID-19 pandemic, and managed IT services have been pivotal in its widespread adoption. By providing the necessary infrastructure and support, these services enable healthcare providers to offer virtual consultations, enhancing accessibility to medical care, especially for patients in remote or underserved areas. Additionally, the integration of remote patient monitoring technologies ensures continuous monitoring of patients’ vital signs and health status, allowing for timely interventions and personalized care plans.

Interoperability and Integration

Interoperability, the ability of different IT systems and software applications to communicate, exchange data, and use the information that has been exchanged, is crucial in healthcare settings. Managed IT services have significantly advanced interoperability by facilitating the integration of disparate systems, ensuring seamless data flow across various platforms and devices. This not only streamlines administrative processes but also ensures that healthcare providers have access to comprehensive patient information, leading to more informed decision-making and better patient outcomes.

Artificial Intelligence and Machine Learning

The integration of artificial intelligence (AI) and machine learning (ML) in healthcare is another area where managed IT services are making a significant impact. These technologies are being utilized for a variety of applications, including predictive analytics, diagnostic assistance, and personalized treatment plans. Managed IT services ensure that healthcare organizations have the necessary computational power and expertise to leverage these advanced technologies, unlocking new possibilities in patient care and operational efficiency.

Enhanced Collaboration and Communication

Managed IT services facilitate enhanced collaboration and communication within healthcare settings, connecting doctors, nurses, and administrative staff across various departments and locations. By implementing unified communication systems and collaboration tools, these services ensure that healthcare professionals can work together effectively, regardless of their physical location, leading to improved coordination and patient care.

Continuous Monitoring and Proactive Maintenance

The continuous monitoring and proactive maintenance of IT systems are crucial in healthcare settings, where system downtime can have severe implications. Managed IT services provide 24/7 monitoring of healthcare organizations’ IT infrastructure, identifying potential issues before they can escalate and cause disruptions. Additionally, regular maintenance and updates are performed to ensure that systems are operating at optimal levels, minimizing the risk of downtime and ensuring the continuous delivery of critical healthcare services.

Customization and Scalability

Healthcare organizations vary significantly in terms of size, complexity, and the services they offer. Managed IT services for healthcare recognize this diversity, providing customized solutions tailored to meet the unique needs of each organization. Whether it’s a small clinic requiring basic IT support or a large hospital needing a comprehensive IT infrastructure, managed IT services can scale their offerings to provide the necessary level of support.

Conclusion

Managed IT services for healthcare have become indispensable in today’s digital age, offering a range of solutions that enhance security, improve efficiency, and enable the adoption of the latest technologies. As healthcare organizations continue to navigate the complex IT landscape, these services will play a crucial role in ensuring they are well-equipped to provide exceptional patient care and meet the challenges of the modern healthcare environment. With continuous advancements and a relentless focus on innovation, managed IT services for healthcare are set to play an even more significant role in shaping the future of healthcare.

]]>
599632
Linux Mint Team Announces Definitive Wayland Roadmap https://www.webpronews.com/linux-mint-team-announces-definitive-wayland-roadmap/ Sun, 12 Nov 2023 01:04:31 +0000 https://www.webpronews.com/?p=599610 The Linux Mint team has announced definitive plans to implement Wayland in their Cinnamon desktop environment, with the first release slated for end-of-year.

Linux Mint is one of the most popular Linux distributions (distros), the highest rated among those we have reviewed at WPN, and this writer’s personal favorite. The distro comes in two editions, one based on Ubuntu and the other based on Debian. While the Ubuntu-based version comes with a choice of desktop environments, Cinnamon is the default option and the one that is directly developed by the Linux Mint team.

Cinnamon is one of the most well-rounded desktop environments, offering most of the customization options of KDE combined with the stability and reliability of Gnome or Xfce. One glaring omission, however, has been Wayland support. Wayland is the successor to X11, offering a number of performance and security improvements. The Mint team had hinted they would begin looking at Wayland implementation, but there had been no firm information, at least not until today.

In a blog post, project lead Clément (Clem) Lefèbvre outlined the team’s plans:

The work started on Wayland. As mentioned earlier this year, this was identified as one of the major challenges our project had to tackle in the mid to long term. Priority had been given to ISO tools and Secureboot over new features for 21.3 already, we felt it was time to invest some resources into Wayland as well.

Clem says experimental Wayland support will show up in the 21.3 release slated for Christmas:

Cinnamon 6.0, planned for Mint 21.3 this year, will feature experimental Wayland support. You’ll be able to select between Cinnamon (the default session, running on Xorg) and Cinnamon on Wayland from the login screen.

Clem cautions that Wayland won’t be ready for most users for a couple of years, but the team wanted to start working in that direction and give adventurous users the ability to test it:

We wanted to have a clear picture of the work involved, so we wanted to start now. In terms of timing we don’t think we need Wayland support to be fully ready (i.e. to be a better Cinnamon option for most people) before 2026 (Mint 23.x). That leaves us 2 years to identify and to fix all the issues. It’s something we’ll continue to work on. Whenever it happens, assuming it does, we’ll consider switching defaults. We’ll use the best tools to do the job and provide the best experience. Today that means Xorg. Tomorrow it might mean Wayland. We’ll be ready and compatible with both.

Overall, Clem’s announcement is very much in line with the project’s overall direction. The Mint team is known for taking measured action and making calculated decisions that emphasize stability and reliability. Given the many issues Wayland still has — with even some Wayland developers cautioning against using it in a production environment — the Mint team’s decision to proceed slowly and carefully should serve its users well.

]]>
599610
Why Your IT Costs Are So High (and What to Do About Them) https://www.webpronews.com/it-costs/ Tue, 24 Oct 2023 15:46:50 +0000 https://www.webpronews.com/?p=599196 Technology can be powerful for your business, but it can also be exorbitantly expensive. Countless businesses, from small startups to large enterprises, struggle with excessive IT costs. 

What should you do if your IT spending starts to exceed your capacity? How can you keep these costs down without making major functionality or security sacrifices?

The Universal Solutions to High IT Costs

Because there are so many different types of businesses and so many philosophies for running an IT department, it’s hard to form truly universal strategies that work for all contexts. 

However, there are a few universal approaches that can be used to address almost any application of high IT spending.

·       Utilize managed IT services. Arguably the best solution is to utilize managed IT services. In this arrangement, you’ll work with a third party for most or all of your IT team needs. This addresses many issues simultaneously, reducing your personnel costs, improving overall efficiency, and potentially connecting you to cheaper and more efficient IT strategies without forcing you to sacrifice any functionality or security. The trick is to find the right IT service provider; you need to find a competent team of experts with genuine experience working with businesses like yours, and you need to find a set of services that works for your needs and budget. This isn’t always easy, but if you can find a good fit, most of your IT spending problems can be resolved.

·       Diagnose the root causes. If you choose not to work with managed IT service providers, it’s going to be on you to diagnose the root causes of your high IT spending. There are hundreds of little factors that can force your IT spending unnecessarily higher, and it’s your job to figure out what those are so you can address them.

·       Address the root causes. Making things even more complicated, each root cause of high IT spending can typically be addressed with a wide variety of potential solutions. The best solution is going to depend on your specific circumstances, and it’s not always clear.

Why Your IT Costs Are So High

These are some of the most common root causes of high IT costs, which can typically be addressed in many different ways.

·       Generally rising prices. Costs are rising across the board, thanks to a combination of economic issues. Unfortunately, there isn’t much you can do about this, but it’s still important to acknowledge. Check to see if your IT costs are rising disproportionately to your other business costs.

·       Core personnel costs. Many businesses strive to maintain an internal IT team. There’s nothing inherently wrong with this, and it does bring some advantages, but it also increases your personnel costs – which can be prohibitively expensive. If you feel like your department is hemorrhaging money, it might be time to reduce personnel costs by reducing staffing and working with a third party instead.

·       Employee turnover. Employee turnover can be ridiculously expensive, especially for technical positions. If your IT department is a revolving door, it’s important to take a look at why people are leaving so you can figure out a way to address it. Is morale low? Are people leaving your business for better-paying or more exciting positions? What can you do to retain your best talent?

·       In-house resources. Similarly, your IT department might face higher costs because it’s relying too extensively on in-house resources. For example, managing your own servers comes with several advantages, including total accessibility and transparency, but it’s also much more expensive than utilizing cloud services. Even if you’re not willing to abandon your in-house infrastructure entirely, you can benefit from hybridization or virtualization.

·       Hardware and software bloat. Some businesses spend too much on IT because of hardware or software bloat. In other words, they spend money on equipment and services that they don’t really need. Effective trimming can assist you here.

·       Inefficient resource allocation. Inefficient IT planning and resource allocation can cripple your budget, minimizing your capabilities while consistently increasing your spending. Visualizing your network and achieving greater transparency can help you diagnose these specific issues so you can effectively address them.

·       Lack of a coherent purchasing strategy. You might also be spending too much money upfront. If you’re willing to pursue alternative options, like purchasing used hardware or using open-source software, and you’re willing to negotiate with your suppliers, you can save a lot of money.

·       Scaling issues. Scaling your business is always expensive, but it’s even more expensive if you don’t have an efficient scaling strategy in place. In an ideal situation, a business would proactively plan for scaling, creating IT infrastructure that’s easy to expand over time – but unfortunately, many young businesses rely on improvisation, so by the time they achieve a bigger size, they have inordinately complex IT problems to solve. It’s tough to correct this after the problem has already set in, but a “back to basics” approach could help you strip down your architecture and achieve the scalability you always should have had.

High IT costs can bog your business down, especially if you don’t address them proactively. But with the help of a managed IT service provider, and a willingness to pin down and address specific root causes, you’ll be in a much better position to keep these expenses under control.

]]>
599196
Google Expands Android Malware Scanning to Sideloaded Apps https://www.webpronews.com/google-expands-android-malware-scanning-to-sideloaded-apps/ Mon, 23 Oct 2023 20:46:59 +0000 https://www.webpronews.com/?p=599434 Google is taking a major step toward improving Android security, expanding its malware scanning to include sideloaded apps.

Google Play Protect already provides protection for Android users, scanning apps on phones that have Google Play Services installed. The company is now expanding that protection even more, scanning sideloaded apps — apps installed outside the Play Store — in real-time when they are installed.

The company announced the change in a blog post:

Today, we are making Google Play Protect’s security capabilities even more powerful with real-time scanning at the code-level to combat novel malicious apps. Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats.

Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.

Jurisdictions have increasingly been forcing Google and Apple to allow application sideloading. It’s encouraging to see Google embracing that reality by ensuring customers who take advantage of that option are still protected.

]]>
599434
D-Link Announces Data Breach As a Result of a Phishing Attack https://www.webpronews.com/d-link-announces-data-breach-as-a-result-of-a-phishing-attack/ Sun, 22 Oct 2023 18:19:03 +0000 https://www.webpronews.com/?p=599424 D-Link Corporation has announced a data breach that resulted from an employee falling victim to a phishing attack.

Reports began circulating via online forums that D-Link had suffered an attack, prompting the company to investigate. According to the company’s findings, the reports online were exaggerated and filled with half-truths.

D-Link has now issued a statement, outlining the extent of the attack:

The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015. The data was used for registration purposes back then. So far, no evidence suggests the archaic data contained any user IDs or financial information. However, some low-sensitivity and semi-public information, such as contact names or office email addresses, were indicated.

The incident is believed to have been triggered by an employee unintentionally falling victim to a phishing attack, resulting in unauthorized access to long-unused and outdated data. Despite the company’s systems meeting the information security standards of that era, it profoundly regrets this occurrence. D-Link is fully dedicated to addressing this incident and implementing measures to enhance the security of its business operations. After the incident, the company promptly terminated the services of the test lab and conducted a thorough review of the access control. Further steps will continue to be taken as necessary to safeguard the rights of all users in the future.

The company reiterated that it believes most customers are unaffected by the breach:

The post claimed to have millions of user data. Based on the investigations, however, it only contained approximately 700 outdated and fragmented records that had been inactive for at least seven years. These records originated from a product registration system that reached its end of life in 2015. Furthermore, the majority of the data consisted of low-sensitivity and semi-public information.

Judging by the facts, we have good reasons to believe that most of D-Link’s current customers are unlikely to be affected by this incident.

]]>
599424
Experts: More Cybersecurity Firms Will Follow IronNet’s Collapse https://www.webpronews.com/experts-more-cybersecurity-firms-will-follow-ironnets-collapse/ Sun, 22 Oct 2023 16:36:03 +0000 https://www.webpronews.com/?p=599456 Experts are issuing strong warnings to the cybersecurity industry, saying more companies will follow IronNet into bankruptcy.

IronNet surprised the industry when it announced it would file for bankruptcy and shut down. The firm originally launched to much fanfare, boasting former NSA director Keith Alexander as one of its founders.

Unfortunately, experts warn IronNet is just the beginning. The industry’s issues stem from what many see as unrealistic expectations regarding potential growth, setting firms up for disaster.

“We will see more of these bankruptcies with highly leveraged cybersecurity companies, even those with ‘unicorn status’,” Approov CEO Ted Miracco told SC Media, highlighting an IANS Research report showing a 6% expansion in security budgets.

“This is fundamentally incompatible with the large cadre of VC backed companies that expect triple-digit growth figures, especially in this current economic environment,” he added.

Mirraco says the firms that are best-positioned to survive are those that already have a track record of thriving in challenging environments and have a solid focus on innovation and profitability.

“With a fragile economy and a very crowded NDR market, it’s even more critical for those of us in this space to get back to these basic principles,” said Stamus Networks CEO Ken Gramley.

]]>
599456
Microsoft Will Disable Third-Party Printer Drivers by 2027 https://www.webpronews.com/microsoft-will-disable-third-party-printer-drivers-by-2027/ Mon, 11 Sep 2023 23:58:09 +0000 https://www.webpronews.com/?p=598712 Microsoft is sounding the death knell for third-party printer drivers, saying it will no longer allow them in Windows by 2027.

Printing is one of the most problematic issues for operating systems, with stability, compatibility, and reliability issues often plaguing users, with much of the trouble coming from third-party drivers. Microsoft wants to eliminate that pain point, saying it will eliminate them from Windows by 2027, with security-related fixes being the only exception.

Microsoft developer Jonathan Norman took to Mastodon to tout the benefits:

I’ve been working on this for a bit. In the near future Windows will default to a new print mode that disable 3rd party drivers for Printing. That new system will have quite a few big security improvements which we plan to detail in a future blog post.

Jonathan Norman (@spoofy@infosec.exchange) — September 6, 2023

Moving forward, Windows will Mopria-compliant printer drivers, according to a company blog post:

With the release of Windows 10 21H2, Windows offers inbox support for Mopria compliant printer devices over network and USB interfaces via the Microsoft IPP Class Driver. This removes the need for print device manufacturers to provide their own installers, drivers, utilities, and so on.  Device experience customization is now available via the Print Support Apps that are distributed and automatically installed via the Windows Store. This framework improves reliability and performance by moving customization from the Win32 framework to the UWP software development framework. Finally, print device manufacturers no longer have to rebuild their software since this solution is supported across all Windows versions and editions.

With these advancements in the Windows print platform, we are announcing the end of servicing of the legacy v3 and v4 Windows printer drivers. As this is an impactful change, end of servicing will be staged over multiple years. See the following Timeline and FAQ sections for guidance on the end of servicing roadmap.

Eliminating third-party printer drivers will undoubtedly present short-term issues, but the long-term benefits should make the transition worth it.

]]>
598712
Microsoft Is Deprecating Its Windows Troubleshooters https://www.webpronews.com/microsoft-is-deprecating-its-windows-troubleshooters/ Fri, 08 Sep 2023 16:15:49 +0000 https://www.webpronews.com/?p=598668 Microsoft is deprecating its Windows Troubleshooters, a staple of the OS for more than a decade since their introduction in Windows 7.

Troubleshooters are utilities and wizards that help users diagnose and correct common problems. Microsoft announced will will phase them out over the course of the next three years:

Microsoft is retiring the Windows legacy inbox Troubleshooters, such as Keyboard troubleshooter and Speech troubleshooter, and the Microsoft Support Diagnostic Tool (MSDT) that runs them. The legacy inbox Windows Troubleshooters are built-in tools that, when launched, automatically diagnose and correct common problems for a variety of Windows features. MSDT Troubleshooters will be deprecated in the next Windows 11 release, with the date to be determined.

The estimated deprecation timeline will take place over the next three years:

  • 2023 – Begin redirecting some of the troubleshooters to the new Get Help troubleshooting platform
  • 2024 – Complete the troubleshooter redirection and remove the rest of the troubleshooters
  • 2025 – Remove the MSDT platform

Instead of Troubleshooters, Microsoft says it will roll out a new Get Help platform. The deprecated Troubleshooters will begin redirecting to Get Help.

]]>
598668
Latest Windows Update Results In Blue Screens & “UNSUPPORTED_PROCESSOR” Errors https://www.webpronews.com/latest-windows-update-results-in-blue-screens-unsupported_processor-errors/ Sat, 26 Aug 2023 01:18:27 +0000 https://www.webpronews.com/?p=598424 The latest Windows 10 and Windows 11 updates are causing some PCs to display a blue screen with an “UNSUPPORTED_PROCESSOR” error.

Some users reported seeing the error after installing the latest update and rebooting their system. Microsoft has investigated and determined the issue is not with the updates directly, but with a small subset of processors.

Microsoft has received reports of an issue in which users are receiving an “UNSUPPORTED_PROCESSOR” error message on a blue screen after installing updates released on August 22, 2023 ( KB5029351) and then restarting their device. KB5029351 might automatically uninstall to allow Windows to start up as expected. If this occurs, we recommend that you do not attempt to reinstall KB5029351.

Next steps: After investigating these reports, we have found that the “UNSUPPORTED_PROCESSOR” error was not caused by issues in KB5029351 and is limited to a specific subset of processors. We are collaborating with device manufacturers (OEMs) and will temporarily mitigate this issue by not offering KB5029351 to Windows devices that might be affected by this issue. If you still experience this issue, please contact your device’s processor manufacturer.

Hopefully Microsoft and the relevant OEMs will have a permanent fix soon.

]]>
598424
Change Management: Successfully Leading Your Organization Through Transitions https://www.webpronews.com/change-management-organization/ Sun, 16 Jul 2023 21:51:30 +0000 https://www.webpronews.com/?p=524038 Change is a constant in today’s dynamic business environment, and organizations must adapt and evolve to stay competitive, meet customer demands, and seize new opportunities. However, leading a company through transitions can be challenging and often met with resistance. This article will explore the importance of change management and provide strategies for successfully navigating organizational transitions.

The Need for Change Management

Statistics indicate that the businesses that effectively manage change have a higher likelihood of success:

  1. According to McKinsey & Company, only 30% of change initiatives are successful. The remaining 70% either fail outright or fall short of their intended outcomes. This highlights the critical need for effective change management practices.
  2. A study conducted by Prosci found that organisations with excellent change management practices are six times more likely to meet or exceed project objectives. This demonstrates the significant impact of effective change management on project success.
  3. The Project Management Institute (PMI) reports that organisations prioritising change management are more likely to achieve project outcomes within budget, on time, and with higher customer satisfaction rates.

Strategies for Successful Change Management

1. Develop a Compelling Vision:

· Clearly communicate the purpose and benefits of the change to all stakeholders. Create a compelling vision that inspires and motivates individuals to embrace the transition.

· Emphasise the positive outcomes of the change, such as improved efficiency, increased customer satisfaction, or enhanced competitiveness.

2. Build a Strong Change Management Team:

· Assemble a team of change agents passionate about the change and have the necessary skills to guide the organisation through the transition.

· Ensure that the team represents diverse perspectives and includes individuals who can effectively communicate and influence others.

3. Communicate Openly and Frequently:

· Establish open and transparent communication channels to keep employees informed throughout the change process.

· Provide regular updates, address concerns, and encourage two-way communication to foster trust and engagement.

4. Empower and Involve Employees:

· Involve employees in the change process by seeking their input, feedback, and ideas. This fosters a sense of ownership and encourages commitment to change.

· Empower employees by providing the necessary resources, training, and support to adapt to the new ways of working.

5. Address Resistance:

· Anticipate and address resistance to change by understanding employees’ underlying concerns and fears. Develop strategies to address these concerns proactively.

· Communicate the reasons behind the change and emphasise the potential benefits for individuals and the organisation as a whole.

6. Provide Training and Support:

· Offer training programs, such as Introduction to Management, to equip managers with the skills needed to lead their teams through change effectively.

· Provide ongoing support, coaching, and resources to help employees navigate the transition and develop the skills necessary to thrive in the new environment.

7. Monitor Progress and Adjust:

· Continuously monitor the progress of the change initiative and gather feedback from stakeholders. Use this feedback to make necessary adjustments and course corrections along the way.

· Celebrate milestones and achievements to recognise the progress made and reinforce the positive outcomes of the change.

Final Words

Change is an inevitable part of organisational growth and success. By effectively managing change, companies can navigate transitions with resilience and achieve their desired outcomes. Embrace change management strategies such as developing a compelling vision, building a strong change management team, and empowering employees. Open and frequent communication, addressing resistance, providing training and support, and monitoring progress are essential components of successful change management.

Remember, change management is not a one-size-fits-all approach. Each organisation and transition is unique, requiring a tailored strategy that aligns with its culture, goals, and specific challenges. Embrace flexibility, adaptability, and a growth mindset as you navigate change.

As you embark on the journey of change management, remember that effective leadership, clear communication, employee engagement, and continuous monitoring are key to overcoming resistance and driving positive outcomes. The ability to navigate change successfully will not only benefit your organisation but also create a culture of resilience and agility.

Embrace the challenges and opportunities that change brings. Equip yourself and your organization with the necessary tools and knowledge to navigate transitions successfully. Embrace change management as a strategic advantage, and watch as your organization thrives and evolves in today’s ever-changing business landscape.

]]>
524038
8 Best Practices for Call Centers Management in 2023 https://www.webpronews.com/best-call-centers-management/ Mon, 08 May 2023 22:45:55 +0000 https://www.webpronews.com/?p=523568 Poor call center management results in ineffective customer service, low customer satisfaction rates, low call quality, poor agent scheduling, hard-to-manage call volumes, and extended customer wait times. This negatively impacts customer experience, customer satisfaction, brand reputation, and revenue.

With the right practices and strategies, you can provide a better customer experience, boost your brand’s reputation, increase customer retention rates, and improve revenue while ensuring success and growth. This article discusses eight best practices for call center management in 2023.

Invest in call center agent training

Call center coaching lets your agents get real-world cases, performance assessments, and feedback. It helps them build their skills to ensure they offer excellent customer service because they learn the best practices to implement. Call center coaching aims to improve performance while giving your staff tailored feedback, helping them work optimally. Customer satisfaction and happiness are core to the success of your call center. Effective call center agent training can help you achieve that by improving customer experiences and meeting their expectations.

Contact centers can attract top talent through call center coaching, giving them a competitive advantage. It is also for agent happiness and satisfaction. When employees get training, they’re less likely to leave your company, reducing turnover rates. They’re encouraged to work harder and stay longer because they feel you value their career growth and satisfaction. When your call center agents get learning and development chances, it builds their confidence and helps them reach their maximum potential. It also makes them more efficient, increasing productivity and profits.

Set SMART call center goals

Setting Specific, Measurable, Attainable, Relevant, and Time-based goals is essential for your call center’s success. Setting SMART call center goals is vital for outstanding operational efficiency and employee engagement. These goals help determine legitimate improvement opportunities and create a successful and engaging work environment. Without SMART objectives, your contact center may not readily recognize whether it’s on the right track.

Smart goals ensure your team is focused and has direction while helping you manage staff performance. They align everyone’s actions and slowly enhance customer service. Increased customer satisfaction, improved net promoter score, channel-specific metrics, reduced customer wait time, reduced cost per contact, better customer service response quality, and enhanced leadership skills are examples of call center goals you can set in 2023.

Track call center metrics

Contact center metrics measure your customer service team’s overall effectiveness. They help measure agent productivity, performance, and other things that improve customer satisfaction. Call center managers track KPIs (key performance indicators) to measure how efficiently and effectively call center solutions attain business goals.

Average call abandonment rate, service level, the average time in queue, blocked calls percentage, average answer speed, first call resolutions, average handle time, occupancy rates, and average after-work call time are top call center metrics to track.

To maintain a high-performance and efficient call center while maximizing customer satisfaction, consider measuring customer experience, call initiation, agent productivity, and contact center operations.

Recruit the best call center agents

Excellent customer service begins with the right team. This is why recruiting the right agents is essential for your call center’s success. Before reviewing potential agent applications, determine the qualities you want in your employees, the least requirements for consideration, the skills that can help compensate for missing qualifications, what you want to see in a cover letter, and more. This will help you sift through the applications faster. Call potential candidates and schedule video-call or in-person interviews.

Test potential agents with a skills evaluation to assess if they’re a good fit for the role. The best call center agent should have effective communication skills, knowledge recall and retention, problem-solving skills, and the ability to work under pressure. They should also have emotional stability, efficiency, speed, empathy, and organizational skills and be team players. Prepare a list of your questions before the interview starts.

Ensure clear communication

Excellent call center communication is crucial for the success of your customer service. When your staff has an in-depth understanding of the call center’s current practices and values, they can perform their duties better and with skill and confidence. Clear communication in your call center improves employee motivation, reduces costs, greater customer satisfaction, and SMART goal setting.

You can enhance communication in your contact center by establishing your brand’s values and mission, developing clear rules for peer communication, communicating call center news regularly, and offering off-site team-building activities.

Leverage call center technology

Call center technology involves hardware and software that outbound and inbound contact centers use to facilitate daily operations. With functionalities like supervisor features, auto attendants, queuing, and more, this technology empowers agents to improve customer service. Call center technology streamlines internal processes, ensures more efficient customer service, and reduces operational costs. It also provides better customer experience, improved productivity, better quality service, improved reporting, and creates omnichannel and multi-channel environments.

VoIP, CRM, screen pop, skill-based call routing, interactive voice response, call queuing, call recording, queue callback, conversational AI, predictive dialer, and call analytics are modern technologies your call center can leverage. Familiarize yourself with the latest call center technology trends and how you use them to better your services.

Consider employee motivation

Motivating call center agents lowers absenteeism, reduces agent turnover, improves work performance, enhances relationships between employees and management, and improves service quality and customer service. You can motivate your agents by implementing the right tools, offering incentives and rewards, encouraging feedback, fostering open communication, creating SMART goals, providing growth opportunities, creating a warm and fun work environment, and instituting team-building games. Promoting a healthy work-life balance and allowing for work flexibility can also keep your staff motivated.

Concentrate on customer experience

Customer satisfaction is an essential element for best call center practices. It involves providing adequate customer service, excellent product development, and boosting customer experience. Clients engage with your call center via multiple mediums, including email, phone, chat, website, and more. Ensure their experience on these platforms is great and acceptable. Solving problems quickly, minimizing wait times, responding effectively and fast, and providing multi-channel support can help improve customer experience.

Endnote

Effective call center management is essential for quality service, improved customer experience, and enhanced contact center growth and success. Implement these best practices for successful call center management.

Call

]]>
523568
84% of Companies Using Multiple Breached SaaS Apps https://www.webpronews.com/84-of-companies-using-multiple-breached-saas-apps/ Mon, 24 Apr 2023 16:01:15 +0000 https://www.webpronews.com/?p=523175 A new report is bad news for the tech industry, with the vast majority of companies using multiple SaaS applications that were recently breached.

Wing Security analyzed more than 550 companies to gain insight into the state of SaaS application usage. A disturbing issue was the prevalence of “Shadow IT,” a term used for when employees use apps and services that are not provided or vetted by the company’s IT department.

According to the study, in large part as a result of Shadow IT, “in a staggering 84% of companies, employees were using an average of 3.5 SaaS applications that were breached in the past 3 months.”

Wing Security attributes this to the decentralized, easy access to SaaS apps:

This occurs because of the decentralized and ungoverned nature of SaaS applications. When an employee needs a quick fix to a problem or a tool to help them do their job, chances are they will “Google it” and find a SaaS application, often a free one or with a free version, to help them. These “quick fixes” often completely by-pass company procedures. It is important to keep in mind that as small and benign as an application may seem, it can still be connected (with high permissions) to one of the organization’s major SaaS applications such as Salesforce, Slack, Zoom and others.

Another major concern was the number of data permissions apps had, including apps that were not even in use. According to the company, some “76% of all permissions that were given to applications by the users were not in use for over 30 days.”

In many cases, the need for SaaS applications is in question, with a slight majority of such apps only being used by a single employee. According to Wing Security, “55% of SaaS applications are used by only one employee, raising questions about their necessity – and making it unlikely that they were known and protected by the security team.”

Another major concern is outside access. According to the company, “20% of SaaS users to be external to the organization. These are contractors, freelancers or agencies that your employees work with and have received access to your SaaS applications.”

SaaS use is on the rise, with many companies seeing it as a way to keep costs down while scaling to meet demand. Unfortunately, it appears the industry still has a long way to go before SaaS deployment matches the security of other options.

]]>
523175