Archive

April 2019

Browsing

Information technology is a highly dynamic and ever-changing field.  As the industry evolves, new types or sets of certifications continue to crop up.

Because of the sheer number of certifications, certification paths, specializations and providers out there, it is easy for someone new to IT to be confused about where to start.  Even people who are certified might be unsure of the next steps.

Let TrainSignal walk you through the basics of IT certification training, including how to carve out your own certification path and a few tips on how to ace certification exams.

In this easy-to-follow guide, you will get the answers to these often-asked questions:

    • Why should I get certified?
    • What are my certification options? What is the difference between them?
    • Which certification should I start with?
    • Which exams should I take first among the various certification paths?
    • How do I prepare for a test?

Why should I get certified?

There are myriads of reasons why you should seek out certification in a number of IT-related programs, software or skills, but three reasons are key:

    1. Credibility
    1. Marketability
    1. Personal development

Credibility

IT certifications are testaments to your skills and proficiency in a certain area.  For example, becoming a VMware Certified Professional tells hiring managers, companies and clients that you have the experience and skills needed to effectively create, design, manage and maintain a cloud environment.

This is the biggest reason why IT professionals pursue IT certifications.  It helps validate your skills and expertise in your current job.

Marketability

There are certain certifications that are appropriate for wherever you are at in your career.  For example, it may help new graduates land entry-level positions if they pursue basic certifications such as CompTIA A+, Microsoft Certified Professional, Certified Internet Webmaster Associate, Sun Certified Java Programmer and Cisco’s CCNA.

These certifications validate the skills they learned in school  and can help make up for not having the right work experience for the job.

In fact, no matter where you are in your IT career, certifications will almost always give you an edge over non-certified IT professionals.

Certifications do more than just validate your skills and experience.  It also shows potential employers that you are committed to the IT field by spending the money and time to obtain your certifications.

IT certifications also make career advancement more likely.  The plain truth is that, in general, IT certifications can help you get a pay raise or a promotion.

According to Rich Hein at CIO.com, the right certifications could mean anywhere from an 8 to 16 percent increase in your pay, so certifications are very important when it comes to compensation.

Lastly, certifications are a must in certain sectors within IT. Consultants and  people who are self-employed would be wise to obtain certifications so more clients will trust them.  Additionally, most government IT positions require certain certifications for you to be eligible for hiring.

Personal and Professional Development

IT is a very dynamic field and new technologies are introduced every single day.  Certifications are important to ensure that you are on top of these developments and that your skills are updated.

Certification training can help you cover new areas while also reinforcing the skills you already have.  Think of it as a refresher course that can help you identify and overcome your problem areas.

Certification can also help you to network with other IT professionals.  Your next job, project or endorsement could very well come from someone you met at a study group or technical conference related to a certain certification exam.  Certification can help you meet IT professionals who have similar interests and specialties as you.

Heading down a certification path will also give you access to resources that would not be available otherwise.  This includes access to online forums, training materials and other learning resources that are provided by certification providers such as Microsoft and Cisco.

There’s also something to be said about the personal satisfaction that comes with acing an exam that validates your expertise.  Go ahead, put your certificate on your wall or add those letters after your name!

What are my certification options? What are the differences among them?

There are a lot of answers to these questions, really.  It would all depend on what you need for your job, what your career goals are, and what you are interested in.

What it comes down to is that your certification path should reflect your career path.  There are two things that you should know about certifications.  The first is that hiring managers will be able to weed out applicants who have obtained certifications but don’t have the appropriate job experience.  A certification alone will not help you land a job nor will it make you ready to perform a certain function.

The second thing is that you really need hands-on, real-world experience with the technology, devices and software involved in the certification you are seeking.  It will make passing the exams easier, which is something we will discuss later.

Choosing your certification path depends on two things: Where you are now and where you want to go in your IT career, and what functions and work-related experience you have in your profession.

Knowing these will help you wade through the numerous certification providers that offer different paths. You will also have to decide whether to go for vendor-neutral certifications or vendor-specific ones.

The certifications provided by the biggest certifications providers, are:

In recent years, another group of certifications have cropped up: those related to the cloud, specifically, virtualization.

Examples include certifications from:

What certification should I start with?

If you work with technologies, devices and software from a particular vendor, you might want to start with that.  For instance, Microsoft has certifications for their products in network administration, Windows administration, programming and databases, among others.  With Microsoft, the Microsoft Technology Associate credential is the most basic and people with some experience or education in the field may start with a  Microsoft Certified Technical Specialist, or MCTS, certification.

If you are up for a little challenge, you might want to try for the Cisco Certified Network Associate (CCNA).  The CCNA is regarded as one of the most difficult entry-level certifications. Cisco also offers the Cisco Certified Entry Networking Technician (CCENT)which is the starting point for all advanced associate, professional and expert certifications from Cisco.

If you do not want to be locked into just one vendor, go for CompTIA, which is vendor neutral and focuses on general technologies and concepts rather than specific hardware from a single manufacturer.

With CompTIA, most people start with the CompTIA A+ and then take the CompTIA Network+ exam.

Which exams should I take first among the various certification paths?

Once you have determined the right certification path for you, you will need to research about the various certifications available for that particular path and select the ones that you probably would not need in the long run.

For example, if you are just starting out your IT career, you would want to start off with an entry-level certification such as CompTIA A+, CCENT or CCNA, among others.

Once you have your niche, then you should have a clearer picture of which certifications to pursue.  For example, an IT security professional will want to get CCNA SecurityMCITPMCSE, Security+and/or Network+ before moving on to Wireshark Certified Network AnalystCertified Ethical HackerCertified Professional Penetration Tester and Offensive Security Certified Professional.

If you are aiming for a particular higher-level certification, your certification choices become a lot easier.  For example, if you want to be a CompTIA Advanced Security Practitioner, then you should get CompTIA Security+ first.  It is recommended that you should also have a CompTIA Network+ certification under your belt when aiming for Security+.  Conversely, if you are aiming for a Microsoft Certified Master level of certification, it would help to first obtain a Microsoft Certified Technology and then Professional level certification first.

More Popular Certifications

Project Management Professional is a highly sought-after certification for IT professionals.  It will validate your skills as a project manager and is admittedly one of the most difficult certification exams to pass.  The requirements are quite stringent. You would need thousands of hours of general leadership experience and months of project management experience.  You would also need 35 hours of formal project management education before you can take the exam.   The PMP Exam has 200 multiple-choice questions and most of these are based on theoretical situations that force you to apply your knowledge to real-world scenarios.

VMware Certified Professional 5 or VCP 5 is another one of the most popular certifications today.  VMware is one of the most widely used virtualization platforms, thus making this credential very important.

The VCP is the entry-level credential and part of the requirement is to have hands-on experience with VMware vSphere. The VCP5 exam itself only has 85 questions that need to be answered within 90 minutes.

Citrix also has similar certifications that are focused on virtualization:

    • Citrix Certified Enterprise Engineer
    • Citrix Certified Integration Architect

Microsoft has a lot of certifications for IT professionals using its products, including Microsoft Certified Solutions Associate, MCSA, and Microsoft Certified Solutions Expert, MCSE.  The new MCSE is no longer focused on server administration and its associated technologies, but on the different approaches to solving business and enterprise problems.  It now takes a look at business intelligence, database administration and cloud computing.  In fact, there are now three tracks that can help you get an MCSE credential:

    • MCSE for Private Cloud
    • MCSE for SQL Server 2012
    • MCSE: Business Intelligence

Cisco, on the other hand, has the Cisco Certified Network Associate Security certification.  The CCNA tests various skills that relate to designing, creating, deploying, installing and configuring, testing and maintaining Cisco appliances and security devices.  This would include testing:

    • Your understanding of the different types of attacks and threats against networks
    • Your knowledge on designing effective policies on network security as well as implementing it
    • Your knowledge of Cisco products and technologies
    • Your skills on how to provide secure access to network devices, among other

The CCNA Security credential has two possible paths. One is to pass the CCNA Composite Exam or take two separate exams: Interconnecting Cisco Network Devices 1 and 2.  As always, you would need to know the concepts as put forth by Cisco and how to apply them to real-world scenarios.  In fact, a big part of the CCNA is performing tasks with simulated switches and routers.  You would need to practice on Cisco equipment, so it would be helpful if you can rent or buy Cisco equipment if you do not work with them at your company. Either that or you can practice on simulators available online such as Cisco Academy’s Packet Tracer or Boson’s, but a good free alternative comes from GNS3, which is open source.  Trainsignal has a lot of resources to introduce you to GNS3.

How to Prepare for a Certification Test

No matter which test you want to take, you will always need to prepare.  Here are some general tips on how to prepare for your certification exam:

1. Practice makes perfect.

Practice tests will help you tremendously in passing the test.  Working on practice tests can help you know which areas you need to brush up on, as well as making you familiar with the actual test.  You will be able to simulate just what it will be like to answer the test with the time limits, instructions and other variables that are present during the actual test.

2. Make sure to keep the time.

While doing practice tests, take note of the time you need to complete it.  You will need this in order to pace yourself so that you could complete a certification exam within the allotted time.  If, for instance, you take four hours to finish an exam that has an allotted time of 1.5 hours, then you might not be ready to take at all.

3. Study groups help.

Study groups are a great way to cover examination topics and battle the boredom that comes from studying alone.  Chances are, there are colleagues in your office who are studying for the same exams.  If not, then you can probably find a study group on Craigslist or online certification forums.

4. Use different preparation methods.

Fortunately for you, there are a lot of ways to study for an exam.  You can get books, participate in an online forum, go through a formal classroom review, check out web-based training like TrainSignal offers, and talk to people who have taken the same tests.  Do not just rely on one preparation method because it might not be enough.

Whatever you do, however, please be sure to avoid braindumps.  Braindumps are online sites that help you cheat on your certification exams by  divulging the questions and answers to actual tests.  While this may sound like an easy way out, it is undoubtedly highly unethical.  Also, if you are caught, you could instantly fail the test.

But the deeper evil of braindumps is that you are getting credentials for something that you do not really know or understand. How will a CCNA certification, for example, help you if you really do not know anything about routing and switching?

5. Make sure you are ready for the test.

This probably goes without saying, but if you have prepared and you still feel that you are not ready for the test, do not go through with it.  And when you do feel that you are ready, make sure that you get enough rest and sleep on the night before the exam.

Above all, you should have a clear understanding of what skills will be covered on the specific test you’ll be taking.  Some more popular exams, CompTIA for example, work hard to measure your real-world experience and test your problem-solving skills.

As you can see, planning for a certification path can be complex. Pluralsight offers many more resources for IT certification training, including courses on the most-popular certifications.

Aim high and good luck!

Ready to test your skills for the CompTIA A+ certification exam? See how they stack up with this assessment from Smarterer. Start this CompTIA A+ certification test now

Source: Pluralsight

Certifications give your resume more credibility and can make you more marketable to recruiters and hiring managers. And at the entry-level, they’re a great way to stand out from other candidates — and even boost your pay.

As you grow in your career, you’ll want to consider more advanced certifications to continue your professional development. By then, you’ll know what specialties to focus on and what skills you need for your desired career path. But at the entry level, it’s better to stick with more generalized certifications that will help get your foot in the door.

Here are 10 IT certifications to launch your career, whether you just graduated or you’ve decided to make a career change.

10 entry-level IT certs to jump-start your career

  • Cisco Certified Entry Networking Technician (CCENT)
  • Cisco Certified Technician (CCT)
  • Cisco Certified Network Associate (CCNA) Routing & Switching
  • CompTIA IT Fundamentals+ (ITF+)
  • Comp TIA A+
  • CompTIA Network+
  • CompTIA Security+
  • Microsoft Technology Associate (MTA)
  • Microsoft Certified Solutions Associate (MCSA)
  • PMI Certified Associate in project Management (CAPM)

Cisco Certified Entry Networking Technician (CCENT)

Earning a Cisco Certified Entry Networking Technician (CCNET) certification will demonstrate your ability to install, operate and troubleshoot a small enterprise branch network. It’s a great place to start if you want to land an entry-level network support position or if you already know you want a career in networking.

To earn the certification, you’ll need to complete the course Interconnecting Cisco Networking Devices Part 1 (ICND1). It’s a five-day course that takes place in-person or online and you’ll cover the fundamentals of network layers involved in routing and switching. The course also covers firewalls, basic network security, wireless controllers and access points. Once you complete the course, you’ll be ready to pass the CCENT certification exam.

Exam fee: $125

Cisco Certified Technician (CCT)

The Cisco Certified Technician (CCT) certification verifies your abilities to diagnose, restore, repair and replace critical Cisco networking and system devices at customer sites. There are two different CCT paths you can choose from: data center or routing and switching.

The CCT Data Center certification covers support and maintenance of Cisco Unified Computing systems and server. It’s targeted at field support engineers working with Cisco data center system devices and software. You’ll need to take the course Supporting Cisco Data Center System Devices (DCTECH) v2.0 before you can pass the exam. The course covers data center networking fundamentals, field servicing and equipment replacement and how to identify Cisco Unified Computing System (UCS) component models, accessories cabling and interfaces.

The CCT Routing and Switching certification covers on-site support and maintenance of Cisco routers, switches and operating environments. It’s designed for on-site technical support and other support staff who work with Cisco Data Center Solutions. Before you can take the exam, you’ll need to take the course Supporting Cisco Routing and Switching Network Devices (RSTECH). The online self-paced course covers networking fundamentals, Cisco outer and switch models, Cisco IOS software operating modes and the Cisco command line interface (CLI).

Exam fee: $125 per exam

Cisco Certified Network Associate (CCNA) Routing & Switching

The CCNA Routing and Switching certification is a good option for those who want to work in networking, but also a solid choice if you’re looking for an entry-level help desk position. The exam verifies your ability to identify Cisco router and switch models, accessories, cabling and interfaces. You’ll need an understanding of the Cisco IOS Software operating modes and the Cisco CLI.

Before you can take the certification exam, you’ll need to take the course Supporting Cisco Routing and Switching Nework Devices. It’s a self-paced online course that includes up to six hours of on-demand training materials that you can access for up to one year.

Exam fee: $299

CompTIA IT Fundamentals+ (ITF+)

The CompTIA IT Fundamentals+ (ITF+) certification is designed for those interested in starting a career in IT or who want to change career paths. The exam is intended to validate your foundational knowledge in IT and to give you a better idea of what it’s like to work in IT. The certification exam covers networks, infrastructure, IT concepts and terminology, applications and software, security, database fundamentals and software development. It’s also a good starting point if you want to continue down the CompTIA certification path, but it’s not a requirement for other certifications.

Exam fee: $119

Comp TIA A+

The CompTIA A+ certification is targeted at support specialists, field service technicians, desktop support analysts and help desk support. If you’re interested in landing a job in a related field, it’s a solid entry-level certification that is well-regarded in the industry.

The certification verifies your ability to troubleshoot and solve problems with networking, operating systems, mobile devices and security. The certification focuses on nine major IT skills, including hardware, networking, mobile devices, Windows operating system, hardware and network troubleshooting, operating system technologies, software troubleshooting, security and operational procedures.

Exam fee: $211

CompTIA Network+

The CompTIA Network+ is an entry-level certification that covers networking concepts, troubleshooting, operations, tools and security as well as IT infrastructure. The certification is designed for junior network administrators, network field technicians, junior system engineers, IS consultants and network field engineers.

The exam verifies your knowledge with configuring, managing and maintaining network devices, implementing and designing functional networks, network troubleshooting and network security. If you know you want to work closely with IT networks, it’s a well-recognized and worthwhile certification that will set you apart from other entry-level candidates.

Exam fee: $302

CompTIA Security+

Security is a crucial IT skill for any technology role, so it’s a good idea to earn your CompTIA Security+ certification at the entry-level. It’s suited for network, system and security administrators, security specialists, junior IT auditors, security consultants and security engineers.

The exam covers threats, attacks and vulnerabilities, risk management, architecture and design, technology and tools, cryptography and PKI and identity and access management. Earning your Security+ certification will show employers you have the skills to install and configure systems to keep applications, networks and devices secure in accordance with compliance laws.

Exam fee: $330

Microsoft Technology Associate (MTA)

The Microsoft Technology Associate (MTA) certification covers IT fundamentals like infrastructure, databases and development. It was designed by Microsoft as an entry-level certification for workers just starting out in IT or for those looking to change careers. The exam is meant to help you establish your career track in IT, with a focus on databases, hardware, software or infrastructure. It covers what you’ll need to know as a Junior IT Auditor or as a systems, network or security administrator.

Exam fee: Varies by location

Microsoft Certified Solutions Associate (MCSA)

The Microsoft Certified Solutions Associate (MCSA) certification is another entry-level option from Microsoft that covers designing and creating technology solutions across Microsoft’s services and software suites. It’s a little more advanced than the MTA certification, but you don’t need to complete your MTA to earn your MCSA. However, you will need to earn your MCSA if you want to continue down the Microsoft certification path to earn your MCSE, MCSD, MCPS or MCT certifications.

Exam fee: Varies by location

PMI Certified Associate in Project Management (CAPM)

The Certified Associate in Project Management (CAPM) certification is a widely-recognized entry-level certification for project management offered through the Project Management Institute (PMI). You don’t necessarily have to be a project manager to get your CAPM — plenty of IT jobs require project management skills to oversee technical projects.

You’ll need at least 23 hours of project management education completed before you can take the exam — but you can accomplish that through PMI’s Project Management Basics course. The course is designed by PMI to prepare you for the CAPM certification exam — it covers project management basics and skills you’ll need for an IT project management job.

Exam fee: $225 for members; $300 for non-members

Course fee: $400 for non-members; $350 for members

Source: CIO

 

Cloud computing has two meanings. The most common refers to running workloads remotely over the internet in a commercial provider’s data center, also known as the “public cloud” model. Popular public cloud offerings—such as Amazon Web Services (AWS), Salesforce’s CRM system, and Microsoft Azure—all exemplify this familiar notion of cloud computing. Today, most businesses take a multicloud approach, which simply means they use more than one public cloud service.

The second meaning of cloud computing describes how it works: a virtualized pool of resources, from raw compute power to application functionality, available on demand. When customers procure cloud services, the provider fulfills those requests using advanced automation rather than manual provisioning. The key advantage is agility: the ability to apply abstracted compute, storage, and network resources to workloads as needed and tap into an abundance of prebuilt services.

The public cloud lets customers gain new capabilities without investing in new hardware or software. Instead, they pay their cloud provider a subscription fee or pay for only the resources they use. Simply by filling in web forms, users can set up accounts and spin up virtual machines or provision new applications. More users or computing resources can be added on the fly—the latter in real time as workloads demand those resources thanks to a feature known as autoscaling.

What are clouds really made of?

Cloud computing definitions for each type

The array of available cloud computing services is vast, but most fall into one of the following categories.

SaaS (software as a service)

This type of public cloud computing delivers applications over the internet through the browser. The most popular SaaS applications for business can be found in Google’s G Suite and Microsoft’s Office 365; among enterprise applications, Salesforce leads the pack. But virtually all enterprise applications, including ERP suites from Oracle and SAP, have adopted the SaaS model. Typically, SaaS applications offer extensive configuration options as well as development environments that enable customers to code their own modifications and additions.

IaaS (infrastructure as a service) definition

At a basic level, IaaS public cloud providers offer storage and compute services on a pay-per-use basis. But the full array of services offered by all major public cloud providers is staggering: highly scalable databases, virtual private networks, big data analytics, developer tools, machine learning, application monitoring, and so on. Amazon Web Services was the first IaaS provider and remains the leader, followed byMicrosoft AzureGoogle Cloud Platform, and IBM Cloud.

PaaS (platform as a service) definition

PaaS provides sets of services and workflows that specifically target developers, who can use shared tools, processes, and APIs to accelerate the development, testing, and deployment of applications. Salesforce’s Heroku and Force.com are popular public cloud PaaS offerings; Pivotal’s Cloud Foundry and Red Hat’s OpenShift can be deployed on premises or accessed through the major public clouds. For enterprises, PaaS can ensure that developers have ready access to resources, follow certain processes, and use only a specific array of services, while operators maintain the underlying infrastructure.

FaaS (functions as a service) definition

FaaS, the cloud version of serverless computing, adds another layer of abstraction to PaaS, so that developers are completely insulated from everything in the stack below their code. Instead of futzing with virtual servers, containers, and application runtimes, they upload narrowly functional blocks of code, and set them to be triggered by a certain event (such as a form submission or uploaded file). All the major clouds offer FaaS on top of IaaS: AWS LambdaAzure FunctionsGoogle Cloud Functions, and IBM OpenWhisk. A special benefit of FaaS applications is that they consume no IaaS resources until an event occurs, reducing pay-per-use fees.

Private cloud definition

private cloud downsizes the technologies used to run IaaS public clouds into software that can be deployed and operated in a customer’s data center. As with a public cloud, internal customers can provision their own virtual resources to build, test, and run applications, with metering to charge back departments for resource consumption. For administrators, the private cloud amounts to the ultimate in data center automation, minimizing manual provisioning and management. VMware’s Software Defined Data Center stack is the most popular commercial private cloud software, while OpenStack is the open source leader.

Note, however, that the private cloud does not fully conform to the definition of cloud computing. Cloud computing is a service. A private cloud demands that an organization build and maintain its own underlying cloud infrastructure; only internal usersof a private cloud experience it as a cloud computing service.

Hybrid cloud definition

hybrid cloud is the integration of a private cloud with a public cloud. At its most developed, the hybrid cloud involves creating parallel environments in which applications can move easily between private and public clouds. In other instances, databases may stay in the customer data center and integrate with public cloud applications—or virtualized data center workloads may be replicated to the cloud during times of peak demand. The types of integrations between private and public cloud vary widely, but they must be extensive to earn a hybrid cloud designation.

Public APIs (application programming interfaces) definition

Just as SaaS delivers applications to users over the internet, public APIsoffer developers application functionality that can be accessed programmatically. For example, in building web applications, developers often tap into Google Maps’s API to provide driving directions; to integrate with social media, developers may call upon APIs maintained by Twitter, Facebook, or LinkedIn. Twilio has built a successful business dedicated to delivering telephony and messaging services via public APIs. Ultimately, any business can provision its own public APIs to enable customers to consume data or access application functionality.

iPaaS (integration platform as a service) definition

Data integration is a key issue for any sizeable company, but particularly for those that adopt SaaS at scale. iPaaS providers typically offer prebuilt connectors for sharing data among popular SaaS applications and on-premises enterprise applications, though providers may focus more or less on B-to-B and e-commerce integrations, cloud integrations, or traditional SOA-style integrations. iPaaS offerings in the cloud from such providers as Dell Boomi, Informatica, MuleSoft, and SnapLogic also let users implement data mapping, transformations, and workflows as part of the integration-building process.

IDaaS (identity as a service) definition

The most difficult security issue related to cloud computing is the management of user identity and its associated rights and permissions across private data centers and pubic cloud sites. IDaaS providers maintain cloud-based user profiles that authenticate users and enable access to resources or applications based on security policies, user groups, and individual privileges. The ability to integrate with various directory services (Active Directory, LDAP, etc.) and provide is essential. Okta is the clear leader in cloud-based IDaaS; CA, Centrify, IBM, Microsoft, Oracle, and Ping provide both on-premises and cloud solutions.

Collaboration platforms

Collaboration solutions such as Slack, Microsoft Teams, and HipChat have become vital messaging platforms that enable groups to communicate and work together effectively. Basically, these solutions are relatively simple SaaS applications that support chat-style messaging along with file sharing and audio or video communication. Most offer APIs to facilitate integrations with other systems and enable third-party developers to create and share add-ins that augment functionality.

Vertical clouds

Key providers in such industries as financial services, health care, retail, life sciences, and manufacturing provide PaaS clouds to enable customers to build vertical applications that tap into industry-specific, API-accessible services. Vertical clouds can dramatically reduce the time to market for vertical applications and accelerate domain-specific B-to-B integrations. Most vertical clouds are built with the intent of nurturing partner ecosystems.

Other cloud computing considerations

The most widely accepted definition of cloud computing means that you run your workloads on someone else’s servers, but this is not the same as outsourcing. Virtual cloud resources and even SaaS applications must be configured and maintained by the customer. Consider these factors when planning a cloud initiative.

Cloud computing security considerations

Objections to the public cloud generally begin with cloud security, although the major public clouds have proven themselves much less susceptible to attack than the average enterprise data center.

Of greater concern is the integration of security policy and identity management between customers and public cloud providers. In addition, government regulation may forbid customers from allowing sensitive data off premises. Other concerns include the risk of outages and the long-term operational costs of public cloud services.

Multicloud management considerations

The bar to qualify as a multicloud adopter is low: A customer just needs to use more than one public cloud service. However, depending on the number and variety of cloud services involved, managing multiple cloudscan become quite complex from both a cost optimization and technology perspective.

In some cases, customers subscribe to multiple cloud service simply to avoid dependence on a single provider. A more sophisticated approach is to select public clouds based on the unique services they offer and, in some cases, integrate them. For example, developers might want to use Google’s TensorFlow machine learning service on Google Cloud Platform to build machine-learning-enabled applications, but prefer Jenkins hosted on the CloudBees platform for continuous integration.

To control costs and reduce management overhead, some customers opt for cloud management platforms (CMPs) and/or cloud service brokers (CSBs), which let you manage multiple clouds as if they were one cloud. The problem is that these solutions tend to limit customers to such common-denominator services as storage and compute, ignoring the panoply of services that make each cloud unique.

Edge computing considerations

You often see edge computing described as an alternative to cloud computing. But it is not. Edge computing is about moving local computing to local devices in a highy distributed system, typically as a layer around a cloud computing core. There is typically a cloud involved to orchestrate all the devices and take in their data, then analyze it or otherwise act on it.

Benefits of cloud computing

The cloud’s main appeal is to reduce the time to market of applications that need to scale dynamically. Increasingly, however, developers are drawn to the cloud by the abundance of advanced new services that can be incorporated into applications, from machine learning to internet of things (IoT) connectivity.

Although businesses sometimes migrate legacy applications to the cloud to reduce data center resource requirements, the real benefits accrue to new applications that take advantage of cloud services and “cloud native” attributes. The latter include microservices architectureLinux containersto enhance application portability, and container management solutions such as Kubernetes that orchestrate container-based services. Cloud-native approaches and solutions can be part of either public or private clouds and help enable highly efficient devops-style workflows.

Cloud computing, public or private, has become the platform of choice for large applications, particularly customer-facing ones that need to change frequently or scale dynamically. More significantly, the major public clouds now lead the way in enterprise technology development, debuting new advances before they appear anywhere else. Workload by workload, enterprises are opting for the cloud, where an endless parade of exciting new technologies invite innovative use.

Source: Infoworld

Cybersecurity issues are becoming a day-to-day struggle for businesses. Trends show a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.

Additionally, recent research suggests that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.

We’ve compiled 60 cybersecurity statistics to give you a better idea of the current state of overall security, and paint a picture of how potentially dire leaving your company unsecure can be.

Data Breaches by the Numbers

The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well.

  1. In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (Oath.com)
  2. In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
  3. In 2017, 412 million user accounts were stolen from Friendfinder’s sites. (LeakedSource)
  4. In 2017, 147.9 million consumers were affected by the Equifax Breach. (Equifax)
  5. According to 2017 statistics, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent per year. (Accenture)
  6. Thirty-one percent of organizations have experienced cyber attacks on operational technology infrastructure. (Cisco)
  7. 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (Malware Tech Blog)
  8. Attacks involving cryptojacking increased by 8,500 percent in 2017. (Symantec)
  9. In 2017, 5.4 billion attacks by the WannaCry virus were blocked. (Symantec)
  10. There are around 24,000 malicious mobile apps blocked every day. (Symantec)
  11. In 2017, the average number of breached records by country was 24,089. The nation with the most breaches annually was India with over 33k files; the US had 28.5k. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  12. In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users. (Under Armor)
  13. Between January 1, 2005 and April 18, 2018 there have been 8,854 recorded breaches. (ID Theft Resource Center)

Cybersecurity Costs

Average expenditures on cybercrime are increasing dramatically, and costs associated with these crimes can be crippling to companies who have not made cybersecurity part of their regular budget.

  1. In 2017, cyber crime costs accelerated with organizations spending nearly 23 percent more than 2016 — on average about $11.7 million. (Accenture)
  2. The average cost of a malware attack on a company is $2.4 million. (Accenture)
  3. The average cost in time of a malware attack is 50 days. (Accenture)
  4. From 2016 to 2017 there was an 22.7 percentage increase in cybersecurity costs. (Accenture)
  5. The average global cost of cyber crime increased by over 27 percent in 2017. (Accenture)
  6. The most expensive component of a cyber attack is information loss, which represents 43 percent of costs. (Accenture)
  7. Ransomware damage costs exceed $5 billion in 2017, 15 times the cost in 2015. (CSO Online)
  8. The Equifax breach cost the company over $4 billion in total. (Time Magazine)
  9. The average cost per lost or stolen records per individual is $141 — but that cost varies per country. Breaches are most expensive in the United States ($225) and Canada ($190). (Ponemon Institute’s 2017 Cost of Data Breach Study)
  10. In companies with over 50k compromised records, the average cost of a data breach is $6.3 million. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  11. Including turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill the cost of lost business globally was highest for U.S. companies at $4.13 million per company. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  12. Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)

Cybersecurity Facts and Figures

It’s crucial to have a grasp on the general landscape of metrics surrounding cybersecurity issues, including what the most common types of attacks are and where they come from.

  1. Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2 percent of all ransomware attacks. (Symantec)
  2. Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53 percent of attacks. (Cisco)
  3. Most malicious domains, about 60 percent, are associated with spam campaigns. (Cisco)
  4. Seventy-four percent of companies have over 1,000 stale sensitive files. (Varonis)
  5. Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense. (Accenture)
  6. The financial services industry takes in the highest cost from cyber crime at an average of $18.3m per company surveyed. (Accenture)
  7. Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38 percent of the total. (Cisco)
  8. About 20 percent of malicious domains are very new and used around 1 week after they are registered. (Cisco)
  9. Over 20 percent of cyber attacks in 2017 came from China, 11 percent from the US and 6 percent from the Russian Federation. (Symantec)
  10. The app categories with most cybersecurity issues are lifestyle apps, which account for 27 percent of malicious apps. Music and audio apps account for 20 percent. (Symantec)
  11. The information that apps most often leak are phone numbers (63 percent) and device location (37 percent). (Symantec)
  12. In 2017, spear-phishing emails were the most widely used infection vector, employed by 71 percent of those groups that staged cyber attacks. (Symantec)
  13. Between 2015 and 2017, the U.S. was the country most affected by targeted cyber attacks with 303 known large-scale attacks. (Symantec)
  14. In 2017, overall malware variants were up by 88 percent. (Symantec)
  15. Among the top 10 malware detections were Heur.AdvML.C 23,335,068 27.5 2 Heur.AdvML.B 10,408,782 12.3 3 and JS.Downloader 2,645,965 3.1 (Symantec)
  16. By 2020, the estimated number of passwords used by humans and machines worldwide will grow to 300 billion. (Cybersecurity Media)

Cybersecurity Risks

With new threats emerging every day, the risks of not securing files is more dangerous than ever, especially for companies.

  1. 21 percent of all files are not protected in any way. (Varonis)
  2. 41 percent of companies have over 1,000 sensitive files including credit card numbers and health records left unprotected. (Varonis)
  3. 70 percent of organizations say that they believe their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  4. 69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  5. Nearly half of the security risk that organizations face stems from having multiple security vendors and products. (Cisco)
  6. 7 out of 10 organizations say their security risk increased significantly in 2017. (Ponemon Institute’s 2017 Cost of Data Breach Study)
  7. 65 percent of companies have over 500 users who never are never prompted to change their passwords. (Varonis)
  8. Ransomware attacks are growing more than 350 percent annually. (Cisco)
  9. IoT attacks were up 600 percent in 2017. (Symantec)
  10. The industry with the highest number of attacks by ransomware is the healthcare industry. Attacks will quadruple by 2020. (CSO Online)
  11. 61 percent of breach victims in 2017 were businesses with under 1,000 employees. (Verizon)
  12. Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity Ventures)
  13. Variants of mobile malware increased by 54 percent in 2017. (Symantec)
  14. Today, 1 in 13 web requests lead to malware (Up 3 percent from 2016). (Symantec)
  15. 2017 represented an 80 percent increase in new malware on Mac computers. (Symantec)
  16. In 2017 there was a 13 percent overall increase in reported system vulnerabilities. (Symantec)
  17. 2017 brought a 29 percent Increase in industrial control system–related vulnerabilities. (Symantec)
  18. By 2020, we expect IT analysts covering cybersecurity will be predicting five-year spending forecasts (to 2025) at well over $1 trillion. (Cybersecurity Ventures)
  19. The United States and the Middle East spend the most on post-data breach response. Costs in the U.S. were $1.56 million and $1.43 million in the Middle East. (Ponemon Institute’s 2017 Cost of Data Breach Study)

There’s no question that the situation with cybercrime is dire. Luckily, by assessing your business’s cybersecurity risk, making with company-wide changes and improving overall security behavior, it’s possible to protect your business from most data breaches.

Make sure you’ve done everything you can do to avoid your company becoming a victim to an attack. The time to change the culture toward improved cybersecurity is now.

Source: Varonis

Just as 4G networks led to the ubiquity of the smartphone and other smart devices, 5G networks will lead to the rise of billions of new devices connected to the Internet, all talking with one another at incredibly fast speeds with remarkably low latency. This will open up vast new possibilities for consumers, businesses and society as a whole – everything from self-driving cars on the road to the ability for doctors to conduct remote surgery from anyplace in the world.

Verizon 5G keynote at CES

At the 2019 CES in Las Vegas, for example, Verizon CEO Hans Vestberg laid out a compelling vision for 5G, noting that it would help to bring about “the Fourth Industrial Revolution.” There are many technologies today powering this Fourth Industrial Revolution – everything from artificial intelligence and robotics to the Internet of Things (IoT) and virtual reality – and all of them are being given a push forward by 5G. AI, for example, is making it possible to create self-driving cars, while the IoT is making it possible for smart devices to become ubiquitous, both in the home and within the enterprise.

To highlight the various ways that Verizon is already starting to make this 5G future a reality, Vestberg invited a number of key technology partners on stage with himself, including top executives from the New York Times, Walt Disney Studios, and drone company Skyward to showcase some of their best 5G projects. The New York Times, for example, is the middle of creating a new 5G journalism lab to support data-intensive technologies such as VR and AR, while Skyward is making it possible to control as many as one million drones from anywhere in the world. (And, indeed, during his CES keynote, Vestberg piloted a drone based in Los Angeles while on stage in Las Vegas)

Cybersecurity concerns in the 5G world

And, yet, this exciting new 5G world will encounter its own share of cybersecurity challenges. Hackers and cybercriminals in the world will still look for ways to access user data and profit from it. With billions of devices connected to the Internet, they will have an incredibly large attack surface in which it will be much easier to find the proverbial “weakest link” in the security chain. Geoffrey R. Morgan, Founding Partner at Fairchild Morgan Law, suggests that, “The exponential increase in speed, density and efficiency afforded by 5G technology will cause a dramatic rise in cybersecurity concerns, particularly by those industries that are among the first to utilize it.”

Moreover, the ability of hackers to cause harm and destruction will also mount exponentially. In today’s 4G world, a huge botnet formed by hacking into user devices in the home could be used to mount large-scale DDOS attacks on websites; in tomorrow’s 5G world, that same botnet could be used to take out an entire network of self-driving cars in a single city, leading to mayhem on the roads.

Obviously, then, cybersecurity is just as much a concern in the 5G world as it is in the 4G world – and perhaps more so. Vast amounts of remote sensors and smart devices hooked up to global supply chains, for example, will radically increase the complexity of securing corporate networks from intruders and cyber criminals. And the sheer amount of data being created by 5G networks will make it much more difficult to spot anomalies in user behavior resulting from hackers. According to one estimate, for example, the data output of a single autonomous vehicle in one day will equal the daily output of 3,000 people.

The 8 currencies of 5G

The good news is that 5G is still so new that there is time to make security a priority. That, says Verizon CEO Hans Vestberg, is one reason why the company has come up with the idea of 8 “currencies” for 5G. These currencies – peak data rate, mobile data volume, mobility, connected devices, energy efficiency, service deployment, reliability and latency – all represent key features of the Verizon 5G network that make it completely unlike anything we’ve seen before. For example, “peak data rate” refers to the ability to generate speeds of up to 10 Gbps, while “mobility” refers to the ability to stay connected while moving at speeds of up to 500 km/hour.

In the 3G and 4G world, the way that companies thought about their networks was in terms of two simple currencies: speed and throughput. In other words, how fast can you make uploads and downloads, and how much volume can your network handle at any point in time? But in a 5G world, companies need to expand their thinking from two currencies to eight currencies. Doctors and healthcare professionals, for example, place a tremendous value on “latency”: when they are doing remote surgeries, it is absolutely critical that end-to-end latency is as close to zero as possible. And, given the challenges posed by climate change, enterprises are much more aware of the value of the “energy efficiency” currency when it comes to 5G networks.

Using the 8 currencies of 5G to power future cybersecurity innovations

By taking this big picture view, it is possible to consider how the 8 currencies of 5G will have a positive impact on how we address cybersecurity issues in the future. Since 5G is not simply a faster version of 4G, but rather, an entirely new network architecture, it opens the door to entirely new security models for user privacy, identity management, and threat detection. For example, Hed Kovetz, CEO & Co-founder at Silverfort, notes that, “The 5G system incorporates secure identity management for identifying and authenticating users to ensure that only the genuine user can access services. Its new authentication framework enables mobile operators to choose authentication credentials, identifier formats and authentication methods for users and IoT devices.”

Moreover, the “mobility” currency, or the ability to stay connected while traveling at very fast speeds, means that it might be possible to create virtual security environments that travel with us as we move from point to point, regardless of which device we use, through the use of virtualization and cloud technologies. In fact, Robert Arandjelovic, Director of Product Marketing (Americas) at Symantec, suggests that, “A transition to 5G could lead to the complete obsolescence of the network perimeter. With the growth in cloud services and applications, the erosion of that perimeter has already begun… In a hyper-connected, non-perimeter world, the cloud and the endpoint become the new place where security technologies can be deployed to keep people safe.”

The “mobile data volume” currency means that emerging technologies that rely on vast amounts of data – such as machine learning and artificial intelligence – can now be deployed to create new AI-powered cybersecurity solutions. One idea that is gaining traction, for example, is using AI to spot anomalies in user and system behavior. This acts as a form of automated threat detection and mitigation, and helps to reduce the current dependence of 4G networks on user names and passwords as a way to keep users safe.

In many ways, AI cybersecurity solutions would benefit greatly from 5G. Aaron Bugal, Global Solutions Engineer at Sophos, notes that, “5G connectivity could help the way in which information integral to making a security decision is transported to the automated processes and people who need it. An example of this would be the ongoing benefit to artificial intelligence platforms that will only work best when they have as much information as possible to digest and learn from. Especially when they’re tasked with identifying unusual behavior across an organization, most of these platforms feed off data local to them, with devices that are remote or mobile unable to properly feed (upload) to these systems and typically exposing a short fall in awareness. 5G could unlock more data to get to an AI security platform in a shorter time and allow for best understanding of the organization and faster and accurate prediction of a security event.”

Cybersecurity and Verizon’s “Built on 5G” challenge

To help innovators come up with new 5G cybersecurity solutions, Verizon has launched a “Built on 5G Challenge” that offers a $1 million prize for a truly unique idea that builds on top of the 8 currencies of 5G. The “Built on 5G Challenge” will begin accepting submissions in April, with the winning team announced during Mobile World Congress Americas in October. For security researchers around the world, this could become a unique opportunity to make cybersecurity an enabling technology, rather than simply a “tax” on innovation. If the New York Times and Walt Disney Studios are creating their own showcase 5G labs, why can’t cybersecurity researchers also create their own 5G labs and launch innovative new products that use 5G?

Clearly, there is enormous potential for 5G to change how we address cybersecurity issues in the future. Many of the best technologies today – especially artificial intelligence – can be fully leveraged on these super-fast, low-latency 5G networks. As Verizon CEO Hans Vestberg noted at CES, “5G will change everything.” And that, of course, includes cybersecurity.

Thank you to Verizon Wireless for sponsoring this post

Sign up to see when 5G is coming to you!
Source: CPO Magazine

There’s a new compiler at the helm of our monthly list of data breaches, following the departure of IT Governance stalwart Lewis Morgan, who leaves me with some mighty big shoes to fill.

Fortunately – or, rather, unfortunately ­– the new regime has a familiar ring to it, with another mammoth list of data breaches. By our count, there were at least 2,100,480,045 records compromised in March.

That brings the 2019 running total to 4.53 billion, and raises the monthly average to 1.52 billion.

Here’s the list in full:

Cyber attacks

Ransomware

*Not included in the total number of records, as they are part of the 1.2 million records affected in the already-reported Wolverine Solutions incident.

Data breaches

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance