Yonas Tibebu

Cloud ERP is a type of enterprise resource planning software that is hosted on a third-party cloud computing platform, rather than on premises within an enterprise's own data center. ERP is an industry term for the back-end activities that help an enterprise manage different parts of its business. ERP software helps managers meet purchasing, inventory management and customer relationship management (CRM) requirements and often includes modules for finance and human capital management. Unlike an on-premises ERP system, cloud ERP is delivered through a software-as-a-service (SaaS) business model and enterprises pay only for the resources they use instead of a fixed price upfront. Cloud ERP provides many benefits, but it can also create some management challenges. Administrators lose a certain amount of control over customization and integration because the provider takes on most of the responsibilities, including security. Admins must pay special attention to data residenc...

A customer journey map is a visual representation of the steps a customer takes when interacting with a company. For example, one journey map might illustrate all the paths a customer could follow if their initial contact was with the company's website. Another journey map might illustrate all the paths a customer could take if the initial contact was through a phone call to customer service. Companies often need to create several customer journey maps to arrive at a 360-degree view of how customers engage with the company. Customer journey maps help stakeholders in the business understand how customers move through the sales funnel and interact with the company post-purchase. The information revealed from journey map analysis can be a valuable tool for determining how to get new customers, retain them and turn them into repeat buyers. The process of creating customer journey maps is also useful for revealing impediments that prevent different departments within the com...

Air gapping is a security measure that involves physically isolating a computer or network to prevent it from connecting directly or wirelessly to other systems that can connect to the Internet. Air gapping is used to protect many types of critical systems, including those that support the stock market, the military, the government and industrial power industries. To prevent unauthorized data extrusion through electromagnetic or electronic exploits, there must be a specified amount of space between the air-gapped system and outside walls and between its wires and the wires for other technical equipment. In the United States, the U.S. National Security Agency TEMPEST project provides best practices for using air gaps as a security measure. For a system with extremely sensitive data, a Faraday cage can be used to prevent electromagnetic radiation (EMR) escaping from the air-gapped equipment. Although such measures may seem extreme, van Eck phreaking can be used to intercep...

A culture of failure is a set of shared values, goals and practices that encourages learning through experimentation. The goal of building a culture of failure is to create workflows that allow employees to learn from unsuccessful endeavors. Culture of failure has its roots in lean management and is often associated with acheiving a culture of innovation. Instead of fearing or punishing failures, a company that believes in failure-as-an-option (FaaO) recognizes that failure is part of the learning process and that each unsuccessful experiment provides valuable feedback that ultimately can be used to achieve success. By embracing and even seeking out small failures through constant experimentation, each lack of success provides the company with more data to draw upon on when deciding how to move forward. To sustain a functional culture of failure, a company should: Have a systems-based approach to recovering and learning from failures. Be able to monit...

Artificial intelligence for IT operations (AIOps) is the use of deep learning and big data analytics to automate routine administrative tasks, including deployment, root cause analysis and problem resolution, for an information technology (IT) system. Ideally, an AIOps platform brings three important capabilities to the enterprise: The ability to recognize abnormal system behavior faster and with greater accuracy than humanly possible. The ability to use IFTTT business rules to automate routine tasks. The ability to streamline communication among stakeholders. How AIOps works AIOps tools gather information from the IT tools and devices already in place and apply detailed analytics and machine learning to that information in order to identify potential issues and correct them. Typically, AIOps data comes from network log files, cloud monitoring tools and helpdesk ticketing systems. Big data technologies aggregate and organize all of the systems' outpu...

Graph analytics is a category of tools used to apply algorithms that will help a data analyst understand the relationship between graph database entries. The structure of a graph is made up of nodes (also known as vertices) and edges. Nodes denote points in the graph data. For example, accounts, customers, devices, groups of people, organizations, products or locations may all be represented as a node. Edges symbolize the relationships, or lines of communication, between nodes. Every edge can have a direction, either one-way or bidirectional, and a weight, to depict the strength of the relationship. Once the graph database is constructed, analytics can be applied. The algorithms can be used to identify values or uncover insights within the data such as the average path length between nodes, nodes that might be outliers and nodes with dominant activity. It can also be used to arrange the data in new ways such as partitioning information into sections for individual analys...

The Consensus Assessments Initiative Questionnaire (CAIQ) is a series of yes/no questions provided by the Cloud Security Alliance (CSA) to help organizations evaluate how well a cloud provider follows best practices. The CAIQ questionnaire can be customized to suit the security requirements of each cloud customer and help potential customers build assessment processes for engaging with cloud providers. The questionnaire was designed to address one of the leading concerns that companies have when moving to the cloud: the lack of transparency into what technologies and tactics cloud providers implement regarding data protection and risk management, and how they implement them. Organizations use the CAIQ as a first-level filter, after which potential cloud customers should ask individual vendors to provide more specific demonstrations on controls that matter most to the customer. CAIQ questions are meant to be used in conjunction with the CSA Cloud Controls Matrix...

Software-defined perimeter (SDP) is a policy-based security framework that uses identity to control access to resources. Essentially, an SDP functions as a broker between internal applications and end users. The framework was developed by the Cloud Security Alliance (CSA) and is based on the U.S. Department of Defense's "need to know" access model. CSA's SDP framework allows network engineers to segment network resources with security policies in a way that mirrors a physically-defined network perimeter. When the authentication process is complete, trusted devices are given a unique and temporary connection to the network infrastructure. Unauthorized users and devices that do not comply with policy will not be able to connect. With SDP network security software, network administrators are able to dynamically deploy micro-perimeters for hybrid and multi-cloud environments to isolate services. SDP software is purpose-built to give medium and large organizatio...

A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company, as those that hold higher positions within the company typically have complete access to sensitive data. In many whaling phishing attacks, the attacker's goal is to manipulate the victim into authorizing high-value wire transfers to the attacker. The term whaling stems from the size of the attacks, and the whales are thought to be picked based on their authority within the company. Due to their highly targeted nature, whaling attacks are often more difficult to detect than standard phishing attacks. In the enterprise, security administrators can help reduce the effectiveness of whaling attacks by encouraging the corporate management staff to undergo information security awareness training. How whaling attacks work The goal of a whali...

A mission-critical application is a software program or suite of related programs that must function continuously in order for a business or segment of a business to be successful. If a mission-critical application experiences even brief downtime, the negative consequences are likely to be financial. In addition to lost productivity, a mission-critical app's failure to function may also damage the business' reputation. Examples of mission-critical applications vary from industry to industry. For example, an automatic vehicle locator (AVL) app might be mission-critical for an ambulance company but if a plumbing business uses the same software, it may be characterized as important, but not essential. When deploying mission-critical software, information technology (IT) administrators must determine exactly what support is necessary to ensure an application's ability to function under sub-optimal circumstances. For example, if a server handles transactional data, it...