As we start the New Year, we at ARORA Solutions would like to share some of the big highlights from our auditing, consulting and research into coaching, cyber, risk management, governance, and privacy related areas.
In a nutshell what 2022 taught us: Security in DevOps is essentially the Wild West. DevOps environments require major attention. Leaders are overworked and require knowledge on far too many domains. Access management and controls are plagued with technical and administrative controls within major organizations we have looked at. Security frameworks are updating, but still may not be transparent, cost-effective and available to meet all organizations’ needs.
2023 will show us: Automation and GRC Platforms, such as Drata, Secureframe, Vanta, Sprinto, RSA Archer, Scrut Automation, Hyperproof, and Ostendio, will pave the way to making security manageable for almost any size company, non-profit, and institution. ChatGPT and Open AI tools, such as GitHub Copilot will revolutionize DevSecOps environments, as well as pose huge challenges to the way we operate as humans.
DevOps vs. Security teams face cultural, technical and capacity issues, resulting in a Wild West environment. We’ve seen this literally deep diving into companies’ environments and experts we’ve tapped. Our recommendations helped to drive organizational shifts at various orgs we helped. We point out the issues here in two blog posts: Part 1 - Is DevOps the Wild West? - The Culture of Security in Development (arora-solutions.com) and Part 2 - Is DevOps the Wild West? - DevOps Dilemmas (arora-solutions.com)
ChatGPT / OpenAI has already made a massive impact on our world. We expect to see our first AI Hacker in the next year exploiting critical infrastructure (Skynet anyone?). On a positive note, ChatGPT is going to be the beginning of a revolution the likes we haven’t seen since the beginning of the internet as we know it: AI is here: ChatGPT and its Potential Impact (arora-solutions.com). Let’s hope we can have some agreed International Standards on AI soon.
The value of Personal Life Coaches for tech leaders: We did an interview and published a blog with @Jaymin Patel. With all of the craziness in our lives, leaders could benefit from accountability, support, and wellness through compassionate 1-on-1 coaching. This will help organizations and families. See our blog article here: Why CISOs Need a Personal Life Coach: Podcast Interview with Growth Coach, Jaymin Patel (arora-solutions.com)
Information Security Management Systems have finally received an upgrade with the release of ISO/IEC 27001:2022 and ISO/IEC 27002:2022. We discussed how to properly understand the Scope of an ISMS and how to not get lost, here: ISMS Scope Confusion in ISO 27001: Don’t Get Lost - Information Security Management Systems Scope (arora-solutions.com). Our long await for the new standards took place here: ISO 27001 New Release Progress (arora-solutions.com)
Experts at @Astra @Ujwal shared with us insights into their super flexible penetration testing SaaS platform. We learned about how it works, the value it brings to organizations doing development, and how it can be a relatively cost-effective endeavor: Penetration Tests and What They Mean for your Organization (arora-solutions.com). Companies developing apps should do pentests 2x per year on those apps to avoid major exploits.
ARORA received a HITRUST Readiness License. Although difficult for most organizations to achieve Certification, HITRUST is diversifying with the introduction of i1 Assessments. ARORA offers readiness services to get organizations in compliance to HITRUST. ARORA Achieves HITRUST Readiness License (arora-solutions.com) Get HITRUST Certified Without Blowing Up your Information Security Budget (arora-solutions.com)
Security is no longer a part of IT, it is a major function that needs top management support, funding and accountability. Security is an essential evil, and our wallet depends on it. Defend Against the Largest Criminal Enterprise in the World (arora-solutions.com)
To maintain an auditable, accountable and resilient IT and Security function, orgs should consider investing in versatile ticketing systems. We did a rundown of some major ones: Ticketing Systems are a Must – Organization Type and Budgetary Considerations (arora-solutions.com)