Why Expanding Threat Surfaces Need Holistic Security | Hitachi Vantara
en_us
Hero Image

Why Expanding Threat Surfaces Need Holistic Security

Hu Yoshida

Hu Yoshida

CTO Emeritus at Hitachi Vantara.

Hubert Yoshida, is an Emeritus CTO, who retired from Hitachi Vantara in 2020 after 24 years helping to define the technical direction for Hitachi Vantara in helping customers address their Digital Transformation requirements. He was instrumental in evangelizing Hitachi’s unique approach to storage virtualization and is well known within the storage industry. His blog was consistently ranked among the “Top 10 Vendor blogs” by various organizations like Network World. Prior to joining Hitachi Data Systems in 1997, Yoshida spent 25 years with IBM’s storage division, where he held management positions in hardware performance, software development and product management. Yoshida is a graduate of the University of California at Berkeley with a degree in Mathematics. He was a Marine Corps Platoon Commander during the Vietnam War and was discharged with the rank of Captain. Yoshida has authored several papers on Storage Area Networks, Fibre Channel, multi-protocol SANs and storage virtualization technologies. He has also served on the advisory boards of several technology companies and was the chair on the Scientific Advisory Board for the Data Storage Institute of the Government of Singapore. As an Emeritus CTO, Mr. Yoshida stays current with Hitachi Vantara’s progress and contributes blogs to provide thought leadership and communicate Hitachi Vantara’s value to the community.

Read Bio +

September 08, 2022

Since the onset of the pandemic organizations have been accelerating their digital transformations, moving quickly to the cloud, artificial intelligence (AI), IoT and other areas that offer the promise of greater efficiencies and innovation. In fact, according to new research from IDC, investment in digital transformation technologies is expected to remain aggressive through 2022.

However, as digital transformations expand, so too, are the threat surfaces for cyberattacks, like ransomware. In other words, the same digital technologies that enable efficiency and innovation can also lead to new vulnerabilities if not considered as part of the transformation.

While standard security tools for things like Identity Access Management (IAM), Perimeter Access Management (PAM), Security Event and Incident Management, backup and immutability tools, exist today and go a long way toward protecting data and thwarting intruders, more vigilance is needed.

The development of digital supply chains, for example, can introduce malware buried deep in third-party code like Log4J. And IoT can introduce operational technology (OT) devices to networks which may have no experience with the type of security that the OT devices require. And when it comes to AI and machine learning (ML), which can greatly enhance business processes, the accuracy of the results and outcomes of each depend greatly on the data that is used to train the models, demanding that greater care is taken in the selection, conditioning and parsing of the data.

These nuances can add up quickly, but especially during a massive digital transformation. It’s the reason that experienced services are needed at the ground level to design and audit the implementation and management of cybersecurity within the transformation projects. This work includes providing the ability to facilitate and automate quick and safe recovery in the event a transformation project becomes compromised.

But Where to Begin?

One of the first services to consider is a Compromise Assessment, which explores an enterprise’s systems in search of clues to breaches and anomalous behavior and activity. The goal is to officially determine if any compromise, via malware or some other form of attack, has occurred, for which they are not aware. This type of assessment can identify things like malignant/dormant payloads, activity that would not be detected via traditional means such as antivirus software programs.

This is a facet of cybersecurity that’s near to our work at Hitachi Vantara, and across the Hitachi family. In fact, we routinely partner and collaborate on solutions with Hitachi ID and Hitachi Systems Security to attack problems with a technology-agnostic approach to help organizations prepare, harden and, if needed, remedy their landscapes quickly and effectively.  

Not long ago one of our customers was notified by a federal agency of a potential internal bad actor. Our Hitachi Vantara specialists, who had been working with the company on backup and ransomware protection, were asked to conduct an audit for the organization.

The specialist brought in Hitachi System Security, which ran a two-week Compromise Assessment – one week spent on-site, and one week virtual. Although the audit found no compromises, it did provide several key recommendations for better physical security, including optimal camera placements, locks on racks, posting notices, and more. Interestingly and seemingly out-of-scope, the audit also noted that the customer’s data center was located in a flood zone, which was something the organization had not considered.

It's a simple reality to an increasingly complex situation: as digital transformations continue to flourish, so too will the risk of new vulnerabilities. But the consideration of holistic security plans that leverage the necessary expertise to support all facets can help secure the enterprise for the long haul.

Related Articles

{ "FirstName": "First Name", "LastName": "Last Name", "Email": "Business Email", "Title": "Job Title", "Company": "Company Name", "Address": "Address", "City": "City", "State":"State", "Country":"Country", "Phone": "Business Telephone", "LeadCommentsExtended": "Additional Information(optional)", "LblCustomField1": "What solution area are you wanting to discuss?", "ApplicationModern": "Application Modernization", "InfrastructureModern": "Infrastructure Modernization", "Other": "Other", "DataModern": "Data Modernization", "GlobalOption": "If you select 'Yes' below, you consent to receive commercial communications by email in relation to Hitachi Vantara's products and services.", "GlobalOptionYes": "Yes", "GlobalOptionNo": "No", "Submit": "Submit", "EmailError": "Must be valid email.", "RequiredFieldError": "This field is required." }
en