COVID 19 – The New IT Reality

Originally Appearing in Forbes, March 31, 2020, Author: John Webster

Security is now a primary concern to the point that some projects that were active before the pandemic are now being put on hold or even abandoned while security projects are accelerated. One healthcare IT executive we spoke to has seen a near doubling of outside attacks on their internal healthcare delivery systems over the last few weeks. Personally, I find this as evil as it gets.

Data protection is now a second priority behind security. In fact, the two go hand in hand. Because at home workers are more vulnerable to attack and farther away from direct support, their data is more at risk. Backups are more frequent which puts increased demand on data protection systems trying to handle the increased load.

Network bandwidth is being increasingly challenged to handle the load of workers trying to stay connected in order to remain functional. As one IT operations staff member said: “It’s the last mile problem that’s slowing us down.”

Trained IT staff is in even greater demand in areas that are now deemed critical. As noted, these include security and data protection. Cloud infrastructure and network management are two more.

Disaster recovery and business continuity plans are at least being partially activated to deal with stay at home orders. This is particularly the case for systems that now must be managed and maintained remotely. Post 911, IT executives realized that it wasn’t just systems that needed to be covered by disaster recovery plans. The absence of hands-on operational staff needed to be considered as well.

Cloud workload migration and remote systems management projects are accelerating. However, the problem here is that cloud providers may have to respond by rationing capacity because of the spike in demand. A long-time user of one of the major cloud providers was told yesterday that his requests for new capacity can’t be fully met because the cloud provider has seen the same spike in capacity demand from their other large users.

We need to recognize the new reality as an IT community and come together over ways to deal with it. There are positive ways to approach these challenges. It seems to me that the continued functioning of healthcare systems for example should now be a national priority as they face every one of the challenges I’ve noted here.

Gartner’s Report on Top 10 Strategic Technology Trends for 2020

Originally Appearing in Gartner, 21 October 2019

Strategic technology trends have the potential both to create opportunity and to drive significant disruption. Enterprise architecture and technology innovation leaders must evaluate these top trends to determine how combinations of trends can power their innovation strategies.

Key Findings
Strategic technology trends have significant potential to create and respond to disruption and to power both transformation and optimization initiatives.
Artificial intelligence (AI) is a foundational catalyst for advanced process automation and human augmentation and engagement.
Physical environments including factories, offices and cities will become “smart spaces” within which people will interact through multiple touchpoints and sensory channels for an increasingly ambient experience.
Dealing with privacy, digital ethics and security challenges generated by AI, the Internet of Things (IoT)/edge, and other evolving technologies will become critical to maintain trust and avoid legal entanglements.

Enterprise architecture and technology innovation leaders must:
Center their innovation efforts on people and use tools such as personas, journey maps, technology radars, and roadmaps to evaluate opportunities, challenges and time frames for adoption.
Build an overarching view across functional and process silos and exploit a complementary set of tools including RPA, iBPMS, DTO, application development, and AI domains that guide how the tools are used and the systems they create are integrated.
Embrace multiexperience and implement development platforms and design principles to support conversational, immersive and increasingly ambient experiences.
Establish governance principles, policies, best practices and technology architectures to increase transparency and trust regarding data and the use of AI.

Strategic Planning Assumptions
By 2022, 70% of enterprises will be experimenting with immersive technologies for consumer and enterprise use, and 25% will have deployed them to production.
By 2022, 35% of large businesses in the training and simulation industry will evaluate and adopt immersive solutions, up from less than 1% in 2019.
By 2021, at least one-third of enterprises will have deployed a multiexperience development platform to support mobile, web, conversational and augmented reality development.
By 2024 75% of large enterprises will be using at least four low-code development tools for both IT application development and citizen development initiatives.
By 2022, at least 40% of new application development projects will have artificial intelligence co-developers on the team.
By 2021, automation of data science tasks will enable citizen data scientists to produce a higher volume of advanced analysis than specialized data scientists.
By 2025, a scarcity of data scientists will no longer hinder the adoption of data science and machine learning in organizations.
By 2022, 30% of organizations using AI for decision making will contend with shadow AI as the biggest risk to effective and ethical decisions.
Through 2023, 30% of IT organizations will extend BYOD policies with “bring your own enhancement” (BYOE) to address augmented humans in the workforce.
By 2020, we expect that companies that are digitally trustworthy will generate 20% more online profit than those that aren’t.
By 2020, we expect that 4% of network-based mobile communications service providers (CSPs) globally will launch the 5G network commercially.
By 2024, most cloud service platforms will provide at least some services that execute at the point of need.
By 2023, blockchain will be scalable technically, and will support trusted private transactions with the necessary data confidentiality.
Through 2022, over 75% of data governance initiatives will not adequately consider AI’s potential security risks and their implications, resulting in quantifiable financial loss.
Through 2022, 30% of all AI cyberattacks will leverage training-data poisoning, AI model theft or adversarial samples to attack AI-powered systems.

Six Steps for Securing Your Remote Workforce at Scale

Originally Appearing in Fortinet Blog. Author: By Peter Newton
March 12, 2020

Business continuity and disaster recovery plans are designed to address an organization’s need to quickly suspend normal on-site operations in the event of a power outage, illness, or natural disaster that may make it unsafe for employees to travel on-site. This plan needs to include the ability to quickly establish a secure, remote workforce.

Transitioning administrative staff, technical support teams, HR, marketing departments, and other workers who traditionally work from a physical office – along with access to their data and networked resources – to alternate work sites can be a daunting task. In addition to networking considerations, organizations should be aware that cybercriminals are prepared to exploit the weaknesses and security gaps that often arise during such events. Unprepared users and unsecured systems can quickly become conduits for malware and malicious activity. Since time is of the essence, security must be an integral element of any teleworker strategy.

Here are six things every organization should consider when faced with the need to securely move traditional on-site workers to remote locations.

Steps 1 and 2 – General Teleworker Requirements

To start, every teleworker requires access to email, internet, teleconferencing, limited file sharing, and function-specific capabilities (finance, HR, etc.) from their remote work site. They also require access to Software-as-a-Service (SaaS) applications in the cloud, such as Microsoft Office 365.

VPN and Endpoint Security: Make sure all users have a laptop loaded with all of the essential applications they need to do their job. In addition, that laptop needs to include a pre-configured client to provide VPN connectivity to corporate headquarters.

Multifactor Authentication: Multifactor authentication helps prevent cybercriminals from using stolen passwords to access networked resources. To enable more secure access, every user needs to also be provided with a secure authentication token. These tokens can be a physical device (such as a key fob), or software-based (like a phone app), and are used when making a VPN connection or logging into the network to provide an additional layer of identity validation.

Steps 3 and 4 – Supporting Teleworkers with Advanced Requirements

Some of your teleworkers need advanced access to network resources to do their jobs. Systems administrators, support technicians, emergency personnel, and executive management teams often need to access and process extremely sensitive and confidential information or operate in multiple, parallel IT environments.

Persistent Connectivity: Pre-configured wireless access points enable secure connectivity from a user’s remote location to the corporate network through a reliable, secure tunnel. For a more secure connection, a wireless access point can be combined with a desktop-based next-generation firewall to enable persistent connections, advanced admission control, and a full spectrum of advanced security services, including Data Loss Prevention.

Secure Telephony: These users also require a telephony solution that supports voice over IP (VoIP) to ensure secure communications. Both physical and soft client models are available that enable users to make or receive calls, access voicemail, check call history, and search the organization’s directory.

Steps 5 and 6 – Creating a Secure and Scalable Headend

The other half of the equation is ensuring that the headend can scale to meet the sudden volume of teleworkers needing remote access to network resources while ensuring that network access is appropriately secured.

User and Device Authentication: A central authentication service connected to the network’s active directory, LDAP, and Radius enables remote workers to securely connect to network services at scale. This solution should also support single sign-on services, certificate management, and guest management.

Advanced Perimeter Security: An NGFW solution needs to securely terminate VPN connections, provide advanced threat protection – including the analysis of malware and other suspicious content within a sandboxed environment before it reaches its destination, and high-performance inspection of clear-text and encrypted traffic to eliminate malware and malicious traffic. Scalability for this function is especially critical, as the inspection of encrypted data is extremely processor-intensive. Without advanced security processors designed to inspect high volumes of encrypted traffic, NGFW solutions can quickly become a bottleneck that can impact teleworker productivity.

A Secure Foundation Ensures Scalable Business Continuity

Business continuity and disaster recovery programs require a teleworker strategy that can support a remote workforce with little or no notice, without compromising network security. Such a solution needs to enable secure access to critical resources while scaling to meet the demands of your entire workforce on day one.

These business continuity solutions also need to be easily deployable and configurable, ideally with zero-touch provisioning, to enable a quick transition to a remote workforce while maintaining full security visibility and control regardless of their deployment environment. This ensures that your organization can quickly respond to critical events with minimal impact on productivity and profitability.

Clearing the Air on 5G

Originally Appearing in War on the Rocks. Author: Milo Medin and Gilman Louie, March 13th, 2020

While much of the focus on 5G in the Western press has concerned Huawei, the Chinese telecom behemoth, there is another 5G storm brewing within the United States that involves America’s largest telecom companies. Consumers might assume that this storm includes the standard competition between companies for better handsets or faster download speeds. But the fiercest battles are being fought between U.S. companies and the U.S. government over what parts of the electromagnetic spectrum to use for 5G development, and how to use them.

Unfortunately, several questionable proposals have recently bubbled to the surface that threaten U.S. national security and fail to provide an actionable strategy for U.S. 5G development. If enacted, these proposals will set the United States back in the race to 5G and further diminish America’s competitive edge against China. Many of these proposals cite the Defense Innovation Board’s 5G report published last April, which we co-authored. Unfortunately, many cite it incorrectly. It’s time to set the record straight and clear the air on America’s 5G development.

The U.S. telecommunications industry is pressing the U.S. government — and the Department of Defense specifically — to give up its critical positions on the spectrum access rights it now has and hand those positions to industry. Such an eviction would cause irreparable harm to U.S. national security and fail to create a viable U.S. 5G solution in time to compete with China. This proposal chooses to ignore a clear and viable alternative that would better support both the Defense Department and industry objectives: sharing spectrum with government instead of kicking government out.

The fight for spectrum began as a debate over spectrum location and has evolved into a debate over spectrum ownership.

The “location” debate revolves around which bands of spectrum businesses should use for building a 5G network. There are two main options: “sub-6” (1–6 Gigahertz, also known as “mid-band”) or “mmWave” (24–300 Gigahertz, also known as “high-band”) spectrum. Our report argued that, while mmWave can provide exquisite capability in targeted applications — particularly for the military — the telecommunications industry would need to focus on sub-6 to provide nationwide coverage. The mmWave vs sub-6 argument was initially heated as companies tried to justify their mmWave investments, but these claims soon lost traction as early deployments rapidly showed the impracticality of mmWave 5G for broad area area coverage. Industry only began demanding access to sub-6 spectrum within the last year after these problems came to light.

Since then, the debate has moved to spectrum “ownership.” This debate addresses the precious bands of sub-6 that will enable nationwide 5G coverage and how to allocate those bands between government and commercial stakeholders. In the United States, government organizations like the Defense Department have traditionally been assigned exclusive access to large portions of the sub-6 spectrum to make use of its broad utility (while mmWave has potential in targeted applications, the majority of Department operations rely on sub-6). There is, indeed, significant room to put Defense Department spectrum to productive commercial use. However, industry now demands that the Defense Department vacate its spectrum positions entirely so that the government can license sub-6 spectrum exclusively to telecom providers. In theory, this would allow telecom would to operate in sub-6 without having to deconflict their operations with government. But in reality, it would both jeopardize U.S. national security and be highly impractical to implement. Most importantly, it would not create a viable 5G ecosystem in time for the United States to compete with China.

The fact is that forcing the Defense Department out of its bands of spectrum would take years to implement, require billions of taxpayer dollars, and ultimately cause critical damage to the Pentagon’s global operations. Vacating spectrum is only half the battle; in order to free the desired spectrum for commercial use, the Defense Department would then have to identify new viable bands of spectrum, test systems on those bands, and then replace all relevant systems with new ones that can operate in that new location. Moreover, there is not an abundance of viable spectrum, making relocation even more challenging. Sub-6 is sometimes called the “goldilocks” of spectrum: not too high or too low but able to find a balance between the longer range achievable in lower bands of spectrum while maintaining the discrimination and capacity of higher bands of spectrum. For this reason, much of sub-6 is already crowded with a variety of radars and other systems, and would lack many viable options for relocation if defense systems had to vacate their current positions.

Moreover, evicting defense systems would not create a viable and secure 5G alternative in time to compete with Chinese offerings. Time is of the essence — China has a viable sub-6 5G solution now and is deploying quickly at home and abroad.

China has directly assigned 600 Megahertz of sub-6 spectrum to its three national carriers and is already rapidly building out networks. Since the first mover in 5G stands to gain billions of dollars in revenue and massive job creation, the United States should move quickly to reap any such benefits. The United States simply does not have the five to 10 years it would take to move defense systems out of their current positions and hand exclusive spectrum rights to commercial users.

There is a better way for the Defense Department to promote commercial wireless. Instead of impracticable option of vacating its positions, the Pentagon should share parts of its sub-6 spectrum bands with the commercial sector. Sharing spectrum could take just two to three years instead of the 5 to 10 years that vacating requires, would cost millions of dollars instead of billions, and would not put national security operations at risk. Sharing spectrum provides the strongest path forward for the United States in the race to 5G, both to gain first mover economic advantage awarded to the first mover and to provide a trusted, secure, and reliable 5G alternative to the Chinese 5G model for the global community to use overseas. Building on lessons learned with Citizens Broadband Radio Service shared spectrum, which now provides 150 MegahertzHz of mid-band shared military radar spectrum to commercial users, the Defense Department can be even more effective in sharing additional mid-band spectrum blocks.

Since the Pentagon already shares spectrum abroad, it has many incentives to pursue spectrum sharing within the United States. The Defense Department operates globally, working with allies and fighting against adversaries that are not bound by U.S. rules regarding spectrum use. The United States is only able to ensure exclusive spectrum access inside its own territory; outside the United States, sharing spectrum is the norm. For this reason, the Defense Department should embrace the prospect of sharing domestically as it already shares spectrum overseas. The good news is that the Pentagon is taking proactive steps in the right direction. For example, in the fall of 2019, it named four military bases that would host 5G testing and then assigned Hill Air Force Base as the focal point for spectrum sharing experimentation. Additionally, not only is the Defense Department participating in ongoing discussions with the National Telecommunications Information Association and Congress to share hundreds of Megahertz of its spectrum, it has subsequently taken steps to work with industry in that regard.

For all this progress, it is important to bear in mind that the Defense Department is not the arbiter of spectrum allocation. That role belongs to the National Telecommunications and Information Association and the Federal Communications Commission, which control government and commercial spectrum, respectively. The success or failure of U.S. 5G development depends on these organizations taking rapid, aggressive action in the coming months to support spectrum sharing.

The Pentagon can further support spectrum-sharing efforts by dynamically balancing the needs of different users. Rather than wait for the development of new technologies and algorithms, or implement overly prescriptive sharing rules for each defense system, the Pentagon can — in the near term — take advantage of statistical patterns of spectrum use, and coordinate prioritized operation in those bands. This dynamic allocation would reflect demands on the network over the long term and would likely be possible using modern base station equipment. By coordinating use instead of setting static rules for sharing on each discrete system, it may be possible to protect Defense Department operations while guaranteeing telecommunications vendors a baseline of connectivity and optimizing network use for both groups. The Defense Department should consider new and innovative methods of sharing spectrum now, and engage the U.S. industrial base to ensure its access to available, reliable, secure, and trusted 5G networks both at home and abroad.

Industry efforts to completely remove military access to it’s current spectrum positions are damaging to national security and will not create a viable U.S. 5G option in time to compete with China. Global telecom operators are making choices about how to deploy 5G now. U.S. 5G spectrum policy should make useful spectrum for 5G deployment available quickly and create incentives for network infrastructure to be deployed rapidly. Spectrum is only useful if services are deployed within it.

In the race to 5G, time matters — not just for making spectrum available but for the broad deployment of network infrastructure across all of the United States. A solution that takes the better part of a decade to deploy will not make the United States a leader but a slow follower. As China races ahead to to deploy their 5G technology and infrastructure across the globe, the US cannot afford to sit on the sidelines. This debate should not be about a false choice — National Security vs commercial 5G deployment. Spectrum sharing technology enables both objectives to be fulfilled within timeframe that is relevant. Choosing otherwise when better options are available would be a bad deal.

Milo Medin is the vice president of wireless services at Google and a member of the Defense Innovation Board. Gilman Louie is the founder of Alsop Louie, the founder and former CEO of In-Q-Tel, and an advisor to the Defense Innovation Board. They are co-authors of the Defense Innovation Board’s report on 5G. The authors do not represent the Department of Defense or the Defense Innovation Board; their views are theirs alone.

Image: U.S. Air Force (Graphic by David Perry)