Hello, this is Tuna from IIJ America Inc.
I recently had the privilege of attending Ingram Micro's "Cyber Security and Data Center Summit" in Boston MA. Here are a few takeaways from my experience.
Key-note Speaker Howard Holton
Key-note speaker, Howard Holton, from Gigaom (https://gigaom.com/analysts/howard-holton/) started the day with an introduction to recent attacks, focusing on API Security, Zero Trust, and Dev-Sec-Opps. Supply chain attacks usually leverage API integration vulnerabilities. As an example, Howard mentioned a currency exchange business that has an online application that uses API to communicate with the business's database. This currency exchange business created an application that allows customers to exchange currency online, with specific rules in place to ensure standard operations. The application specifies that transactions will round up to the dollar, with a 5-dollar transaction fee, and will limit users to 1 transaction an hour. Cybercriminals can bypass and exploit these rules if they have the correct permissions. Once the cybercriminal has access, they can make multiple transactions a minute, waive the transaction fee, and round down instead of round up. You can already imagine the damage that such an attack can cause. To protect your organization from such attacks, Howard mentioned 2 key approaches that IT managers can take.
The first Key concept was Zero Trust.
In the modern IT landscape, the question isn’t “will my business be attacked?”, it is “when will it be attacked?” With this in mind, it is crucial to “make the blast radius small” by limiting the power a user has once they get in the network. Each user should only be able to access what they need to access, and this concept is known as “Least Privileged Access.” Least Privileged Access is a core concept to a Zero Trust approach and can greatly decrease the damage that can occur when a breach does happen.
The Second Key concept was Dev-Sec-Ops. The concept of Dev-Ops has been around for several years and it refers to the collaboration of software development and IT operations. Dev-Sec-Ops adds a security mindset to development and operations. As mentioned in the example, unintentional use of APIs can cause tremendous damage to an organization. And it is important for organizations to consider how to protect their resources when developing new ways of business.
Ingram Micro announces Cyber Security Center of Excellence and Xvantage platform for MSP/MSSP partners.
Ingram is accelerating their digital transformation by creating spaces where partners can access all the information they need from a single pane of glass. I am excited about the upcoming onboarding process and to check out the new platform.
The rest of the day consisted of various panels where each attendee split off to check out what they were most interested in, with an amazing dinner with the attendees at the end. Thank you again to Ingram and its sponsors for hosting this amazing event, and it was great to meet with other MSPs and discuss trends we see across the board.
Check out our short video from the Event!