How Climate Change Impacts IT

Whether we like it or not, our planet is facing some detrimental damage. Ntirety CEO Emil Sayegh reminds us that IT is not immune to climate change in our latest blog. 

 How Climate Change Impacts IT 

 While our heads (and data) might be in the cloud, ultimately our IT and technology infrastructure lives right here on a planet that is facing an existential crisis. Global climate change is happening, though its causes continue to be a societal debate. While we know that global climate has changed since before recorded human history, many pinpoint the source of our current pattern changes to man-made reasons, with a steady focus on greenhouse gases, carbon emissions, and energy consumption. In any case, the planet is experiencing greater weather swings and events than recent memory can extend — floods, severe heat, blizzards, hurricanes, intense rain, and droughts appear to occur more often. 

These climate events do not only have an impact on lives. Significant events can affect the continuity and survival of industries and businesses, especially when they affect information technology systems. Climate change has a tangible and increasingly critical effect on IT — it is a business continuity issue, it is a cost issue, and it is also a core strategy issue. It is high time that we consider the impact of climate change on IT. 

Elon Agrees 

Tech legend Elon Musk halted purchases of Tesla vehicles with Bitcoin last year due to the “rapidly increasing use of fossil fuels for Bitcoin mining,” which experts estimate uses more energy than entire countries such as Sweden and Malaysia. Musk is not the only one to sound the alarm on the environmental impact of Bitcoin — Treasury Secretary Janet Yellen has also warned that it uses a “staggering” amount of power. Regardless of whether Bitcoin and other cryptocurrencies are a polluters or not, the negative connotations around the impact of its enormous energy consumption on the environment has affected its valuation, and even maybe its future trajectory. 

Threats are Significant and Real 

Historical weather events such as hurricanes Sandy and Katrina continue to echo years after their arrival. However, these unstoppable and formerly outlier events occur every year with greater frequency, causing hundreds of billions in damages and massive outages. Their aftermath must always be dealt with. In February of 2021, Texas endured a weeklong flash winter storm completely out of the weather norm. Known as the Great Texas Snow Storm, “Snovid,” or the “Snowmageddon,” the economic impact of that event was a staggering $200 billion. 

Disaster preparation and recovery are just a couple of reasons why organizations must focus on continual backups, replication to offsite locations, and the drive to create zero-downtime resilience through disaster recovery plans, power backups, and nimble cloud architectures. We do this because the threats are real and becoming more frequent. With enough planning, the right partners, tools and capabilities, you can get through these incidents with a minimal interruption to the business. 

Inside a Crisis 

Rather than drive inside all the reasons why you should prepare for a crisis and how, it would be better to set the tone of what happens behind the scenes When a crisis hits, it can appear to be a frantic scene. When a severe weather event hits and creates an IT disruption, efficient operations and a return to normal operations are more critical than ever for all impacted. 

The early moments are the most critical, but recovery events include: 

  • Emergency Notifications
  • Assessment
  • Monitoring of Disaster Recovery Operations
  • Triage\Troubleshooting
  • Analysis
  • Reassessment
  • Status updates

In a pressure-filled scenario, the impact of any potential missteps is amplified, adding time to the recovery efforts. Your IT disaster recovery plan must be clear, it must be relevant, and your team must be ready to execute its well-rehearsed disaster recovery plan. This is where all the documentation, preparation, planning, and partnerships meet the road. 

Hackers Ready to Pounce 

Here’s the bad news. When a weather disaster strikes an organization or locality, it is public information. You can expect that opportunistic scammers are somewhere close behind, just like vultures. That’s where you will see the relief scams, phony fundraisers, and other schemes that follow weather events. You will also see social hack attempts and phishing attempts come through when there are known disruptions in the air. 

Unexpected disruptions and recovery efforts can open security vulnerabilities. For example, in the event where a backup or tertiary site comes online, there is an opening to take advantage of the possibility that the backup systems are exposed in any way—patches, permissions, vulnerabilities, default passwords, configuration, etc. Just as in all cybersecurity, it comes down to the weakest link in the chain. If one entry point behind the virtual security wall can be exploited during a weather-related recovery, that is all an outsider needs to find. 

Tech as Climate Readiness 

The challenge of business continuity is a core business mission, but with an increase in climate change related events around us, this challenge is more critical than ever before. Preparations, planning, and the right partnerships matter. Capabilities matter. Depending on the business in question and the locality of its IT systems, the impact that climate bears upon business continuity will vary. Almost every organization should prepare to leverage principles including offsite strategies, resiliency, security considerations, geographic strategy, and cloud technology in order to step up to this modern-day challenge. 

With one part process, another part readiness, and another part technology-focused, organizations that embrace cloud infrastructure have greater capabilities to roll through crisis scenarios because they have improved resiliency, speed, and the very nature of security is aligned with the fluid nature of cloud. We cannot know in advance the timing and arrival of every calamitous weather event, but we can prepare with better process, enabled by better tools to adapt through multiple situations. 

 Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Cloud, Data And PET Adoption

Furry, fluffy pets bring us comfort in our homes, and similarly, Privacy Enhancing Technologies (PETs) provide comfort by keeping your data safe. The following piece, Cloud, Data and PET Adoption, From Ntirety CEO Emil Sayegh was originally published in Forbes. 

 

Cloud, Data And PET Adoption

Let’s face it— the world we live in is not a very private place. Try as we might, we can never really be left alone. We are always under the watchful eye of big data and in a state of constant connection. Before you think too long of how your fluffy cat, or a watchful dog will fit in a cloud privacy discussion, let’s break this down. Privacy Enhancing Technologies (PETs) are a suite of privacy technologies that protect data and minimize exposure of unintended personal data, placing variable control of data in the hands of the user. An increase in PET adoption could change all that in the data world. This is about new and comprehensive integrations of privacy and security technologies, largely based on cloud tools and APIs that will evolve the nature of data itself. 

Faster. Cheaper. Easier.  

There is no denying that technologies have evolved along these lines over time. In the big picture, computer, storage, and cloud infrastructures have similarly become more of a commodity than ever before. Metric barriers will continue to be broken through innovations that lead on those three characteristics. The direction for data, however, is more sophisticated than that because we continually find new use cases for data. The future of cloud technologies is interwoven with the application of data science as they head forward on a course together that is rife with the implications of privacy and security. We are only at the beginning.  

Cloud meets Privacy Enhancing Technologies (PETs) 

With roots that go back to early computing, you can find traces of PET technology and practices among everyday internet behaviors and tools. There are soft privacy technologies which are software-based, such as tunnel encryption (SSL/encryption), access controls, and data anonymity systems. There are also hard privacy technologies which include hardware VPNs, anonymous routing, and devices that leverage cryptography. Communication anonymizers hiding the real online identity (email address, IP address, etc.), Enhanced Privacy ID (EPID) , Homomorphic encryption, Non-Interactive Zero-Knowledge Proof (NIZKs), Format-Preserving encryption (FPE), Differential Privacy, and Pseudonymization are other evolving forms of PETs.  

It is an accepted fact that smartphones and apps are continually sharing location, usage data, and untold valuable information about that phone’s owner. From stores to street corners, highways, neighborhoods, and everything in between, video cameras are everywhere we can reasonably go. I haven’t even gotten to the invisible satellites that continually race around us in the heavens above and often cluttering our ability to star gaze.  

The point is that the proliferation of technology, especially those of cloud and data technologies ricocheted past what would have been more favorable in terms of privacy by design. Privacy regulations have tried and had some effect, but the industry still endures painful and devastating breaches of sensitive data. Privacy regulations have always and will always lag behind technology and hackers. Building around this and scaling up securely is clearly a task that is too difficult for many enterprises to deploy on their own. PETs can bridge that gap, and maintain privacy even as the underlying computer technology evolves and morphs. 

Collaboration: Trusting Zero Trust 

As the proposition of PET grows, what is developing is a new horizon coined as collaborative computing. Its proposition is simple. Collectively, PETs are advancing into technology stacks with the aim of creating a continuously verified plane of data privacy, advanced processing, and ultimately, a complete shift in principles of how platform-based data communicate towards an ecosystem of data collaboration. In essence, through ensuring security and privacy, sharing data becomes a more inviting focus.  

A New World of Data Enabled by Comprehensive Security 

It is clear that the drive for greater data acceleration and global availability balanced with the increasing focus on security and privacy are on track for a significant breakthrough that can unlock dynamic data markets and economies of scale. For example, marketplaces will feature the ability to federate queries and share tranches of non-specific data instantly. Whether that outside party is a partner, supplier, consumer or supply chain, regardless of country, information can be shared instantly across the world.  

The journey of cloud technologies and the data that comes with it have long counted on the tenets of security, privacy and integrity. The continuing evolution and adoption of PET, followed by the establishing field of collaborative computing are leading the way to a redefined global economy where opportunities are both unleashed and balanced by the characteristics of secure, private, and available data systems with its linchpin being a comprehensive security approach. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Supply Chain Firm Makes IT Transformation to AWS with Ntirety

SCM Makes IT Transformation to AWS Through Ntirety’s Continued Guidance and Support

Quickly becoming an industry leader, this supply chain and parts management company (AKA SCM) improved the parts supply-chain for a consistent and accurate flow of parts so shops can get customers back on the road.  This business sought to provide marketing, support, and safety certification training to collision repair shops and automotive parts suppliers. 

As technology in the supply-chain industry advanced and supply chain issues became problematic, the SCM IT team concluded that they had to make a digital transformation to maintain their forefront position supporting retailers and customers. It was time to leave their traditional VMware instance behind and move to AWS to enhance their overall application functionality and scalability. 

Through multiple assessments and collaborations, the SCM team successfully made the transition to AWS with Ntirety’s guidance – but the transformation didn’t end there. Along with managing and maintaining their IT environment through multiple AWS services, they saw continuous improvement through Ntirety’s Guidance Level Agreement (GLA). A step beyond the traditional Service Level Agreement (SLA), the industry-first GLA committed Ntirety to provide actionable recommendations based on their experience and the parts management company’s specific IT stack.  

Read more on how the Ntirety solution increased IT efficiency for this SCM here. 

IoT Devices May Not Be the ‘Smart’ Choice

Tis the season to start hunting for the latest and greatest gifts, and smart technology is making just about anything, from homewares to exercise equipment, hot ticket tech toys. Are these smart devices on your shopping list this holiday? Buyer beware – there’s often not any consumer warnings about the cybersecurity risks these new IoT toys can bring. 

Ntirety CEO Emil Sayegh has done deep dives into the potential hazards of smart mirrors in his article Mirror, Mirror On The Wall and the very real consequences of IoT cyber-attacks in Peloton Breach Reveals a Coming IoT Data Winter both published in Forbes.  

Mirror, Mirror On The Wall and Peloton Breach Reveals a Coming IoT Data Winter 

Recently, attacks against Internet of Things (IoT) systems have emerged. With the technology in billions of everyday items, the scope of these attacks is worrisome. Because the migration to Internet-everything is unstoppable, we’ll be seeing these security incidents for a long time unless we adjust course quickly. 

The financial motive to add Web features to every device known to mankind is clear. It seems everyone wants to be on the Web, uploading data from their bicycles, sprinkler systems, refrigerator energy consumption, and just about everything you can possibly think of.  

Consumers accept risks, sometimes unknowingly, because many assume that the worst-case scenario will not happen to them or affect them significantly. 

The Peloton Breach 

That leads us to the breach of Peloton, the at-home connected fitness equipment company. A security researcher discovered an open unauthenticated API in Peloton bikes and treadmills, which revealed an open channel to information about users such as age, weight, gender, workout statistics, and birthdays. A significant amount of scrutiny has fallen on Peloton, which made a mess of remediation communications and deadlines. It appears that this is just the beginning of issues to come, as more items from the physical world come online, handling sensitive information that few people think about protecting until it is too late. 

In the wake of consumerized products from all walks of life, IoT systems and online accounts are under significant threat. It does not matter what the product is. An increasing number of smart camera platforms are being targeted by thieves. At risk are privacy, security, and the risk of fraud, and criminal gangs are exploiting the spoils of data to their merciless benefit. 

The Smart Mirror 

A recent story getting a lot of attention involves an interconnected “smart mirror.” With a price tag of $1,495, this mirror provides tips, suggestions, can set and keep progress on fitness goals, as well as delivering streaming workout classes. The company was picked up by the sportswear giant Lululemon for $500 million last year. Under the home exercise boom precipitated by the global pandemic, the product could be finding a mainstream groove. Reviews for the new product are trending well on the positive side and Lululemon appears to have a rare winning omnichannel marketing vehicle to pin onto their main product lines. 

Clothing and marketing retailers, like Lululemon, wield a fine history of supply chain, retail, and e-commerce experience, but a device with this kind of technology introduces challenging privacy and security concerns for the consumer and the company. 

Can IoT Be Slowed? Should It? 

Once upon a time, distributed alternating current electricity was the next new thing. Electricity, lighting, and motors were added to every item available at the time. Therefore, people no longer had to crank record players, grind coffee beans by hand, or shine shoes with a pile of rags. What it meant to consumers was that convenience and functionality were clear winners. With IoT, we’re seeing a parallel application of the Web to real-world things, but with additional variables of security and privacy concerns. Consumers seem to be unable to resist these features, and the ecosystem continues its stratospheric growth. 

What many consumers don’t seem to realize is that consumer products companies are in the business of selling the products they make. They are not in the business of securing our information. If history is any indication, they have failed at protecting personal information as their products connect to billions of endpoints in your kitchen, your garage, your bedroom, and every place you live your life. 

Considering factors such as the growth of the market, continual cybersecurity threats, and financial motivations driven by successful compromises, we can expect to see more information losses, even in places thought to be safe. Worse, threats once affected only digital things, but IoT drops the cyber realm directly in the middle of our physical world. Attacks against data can be attacks against critical systems, human beings, resources, and the world around us. 

Even the smallest bits of leaked data can be enough to compose purpose-built phishing attacks or be stacked into significant waves of fraud. Unfortunately, it will take an unknown event of significant scale or personal financial impact for users to collectively wise up and demand more security from the market. 

The Need for Strict Security and Privacy Standards

Proper use of privacy settings, privacy protocols, and comprehensive security tools are an absolute necessity. Companies must be held accountable when there are significant variances, misuse of data or violations of trust. Privacy regulations in Europe, California, and Texas have done their share to elevate the element of privacy to the forefront of discussion, but it may not be enough. Certain compliance measures also demand the ability for individuals to select their privacy settings of choice. 

Protection is Comprehensive 

Companies and individuals should embrace a security-first strategy that prevents unauthorized access by enabling a comprehensive security and compliance approach to technology implementations. Outlined by outside and organization-driven compliance, an organization can achieve compliant comprehensive security with the tooling of: 

  • Strong authentication 
  •  Strong privacy rules 
  •  Third-party monitoring and validation 
  • End-to-end encryption from the user device down to the database, application, and systems 
  • Roles-based access to data and systems 
  • Data classifications 

 This is a list that goes on and on, tracking highly to the mission, capabilities, and parameters of each organization that ventures into comprehensive security. 

Proactively Protect 

Don’t let these risks make you cross the latest smart devices off your wish list— work with experts to learn how to always be proactive when it comes to protecting your data. Practicing good cybersecurity hygiene isn’t just a priority for the holidays – schedule a Security Assessment any time of the year to strength your security posture (but don’t wait til it’s too late!)