ISACA | December 22, 2021
As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape. To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication.
During the pandemic, the reliance on virtual private networks (VPNs) was heightened as many shifted to working from home—as did the need to manage its risks and implement safeguards. ISACA’s VPN Security Audit Program provides a foundation for auditors to provide assurance around the effectiveness of implemented VPN controls, including pre-audit planning, governance and oversight, implementation and configuration, operations, and maintenance and monitoring, to avoid some of the following risks:
The increase in number of end users combined with extended VPN use may put additional pressure on infrastructure and adversely affect performance.
Failure to detect unauthorized VPN activity may cause denial of service due to excessive traffic or connection attempts.
Lack of alignment of data classification requirements with VPN requirements and configuration may impair compliance initiatives that are reliant on data classification.
During the pandemic, organizations embraced methods to increase agility and efficiency, including by using Agile. Destination: Agile Auditing outlines how audit professionals can incorporate Agile principles into their audit methodologies. Auditors can learn the basics about Agile auditing, its benefits, how Agile complements established assurance standards, how developing competency in Agile can enhance the planning, fieldwork, and reporting phases of an audit. The white paper also includes examples of elements from the Agile tool set, including an Agile road map and Agile audit engagement workflows and illuminates key components like sprints, audit backlog and daily standups.
Internal and external auditors, IT auditors and managers, and financial and operational managers can also ensure they are keeping up with the latest guidance in complying with the Sarbanes-Oxley Act in a new edition of ISACA’s IT Control Objectives for Sarbanes-Oxley publication. This latest edition incorporates updated guidance and standards from the Public Company Accounting Oversight Board (PCAOB) and the American Institute of CPAs (AICPA) and its Auditing Standards Board, with updates including:
Integrating guidance for implementing internal control over financial reporting (ICFR) using COBIT® 2019, for IT and financial management within enterprises and for their internal and external auditors and consultants
Aligning with COBIT 2019 Focus Area: Information & Technology Risk
Providing the mapping of the role of COSO Internal Control – Integrated Framework, 2013 to COBIT 2019
Highlighting technological innovations and their impacts on auditing IT controls.
The audit landscape is constantly shifting as technologies and regulations evolve, making it essential that audit professionals prioritize continuous learning to ensure they are applying the most current and effective audit practices. ISACA is committed to equipping the global audit community with the tools they need to deliver the highest audit standards at their organizations.”
Robin Lyons, IT Audit Professional Practices Lead
For more than 50 years, ISACA has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.
BACKUP AND DISASTER RECOVERY
Storagepipe | May 18, 2022
Storagepipe, a leader in backup, disaster recovery and cybersecurity services, proudly announces it has been selected as the 2021 Veeam Cloud and Service Provider Partner of the Year, Canada by Veeam® Software, the leader in backup, recovery and data management solutions that deliver Modern Data Protection. These annual awards recognize North America Veeam ProPartners and Veeam Cloud & Service Provider (VCSP) partners who have not only demonstrated success in providing Veeam solutions to their customers, but who have also provided first-class support, expert knowledge, continued product education, and a true Veeam strategy incorporated into their business.
Storagepipe was recognized as Veeam Cloud and Service Provider Partner of the Year, Canada for demonstrating the best overall performance in areas of consistent revenue growth, collaboration with Veeam and proactive selling, and promoting Veeam solutions and adjacent technologies in Canada.
"We are excited to celebrate and honor Storagepipe as the Veeam Cloud and Service Provider Partner of the Year, Canada. Storagepipe is an ideal Veeam partner, leveraging the Veeam program and resources to build and deliver reliable, revenue-generating Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS) offerings. We congratulate Storagepipe on this award and look forward to even greater success in 2022."
Matt Kalmenson, vice president of Americas Cloud at Veeam.
The Storagepipe team is thrilled to receive this continued recognition from Veeam as one of North America's strongest Veeam Platinum Cloud Service Providers, and Veeam's 2021 VCSP of the year for Canada," said Steven Rodin, CEO of Storagepipe. "We continue to strengthen our market-leading position by enhancing our Veeam services and delivering exceptional and responsive solutions that center on our customers' success. We are honoured that our commitment to building deep technical expertise and expanding the breadth of our Backup, Disaster Recovery, and Cloud service offerings for small, mid-sized and enterprise customers has been recognized with this Veeam Impact Award."
Storagepipe's successful collaboration with Veeam has enabled multiple cloud services including Veeam Cloud Connect, Veeam Managed Appliances for VMware and Hyper-V, Veeam Backup for Microsoft 365, and Veeam Replication for Disaster Recovery as a Service (DRaaS). Storagepipe is dedicated to continuing to build on this success through innovation and delivering world-class customer experiences into 2022 and beyond.
VIRTUAL SERVER INFRASTRUCTURE
Nervos | January 15, 2022
Nervos announced the launch of a new cross-chain bridge with Binance Smart Chain (BSC), growing its multi-chain strategy as the network rapidly expands its booming DeFi ecosystem. Starting today, BSC assets can be moved across to the Nervos ecosystem, and developers and projects building on BSC will be able to use their existing codebases to begin porting their decentralized applications (dApps) to Nervos, enabling them to grow their user reach and brand awareness. Users in the BSC ecosystem will also be able to take advantage of yield farming opportunities available through YokaiSwap, the first decentralized exchange (DEX) to launch on Nervos.
Expanding the DeFi Ecosystem
The completion of the Nervos x BSC bridge marks a significant milestone in Nervos' DeFi growth, as it unlocks new options given BSC's Total Value Locked (TVL), which is the biggest of any blockchain outside of Ethereum. Developers and teams building on BSC can port their dApps to Nervos and gain access to projects, tools, and resources available in a burgeoning network focused on DeFi development. Additionally, dApps on Nervos such as YokaiSwap, a next-generation interoperable AMM decentralized exchange (DEX) built on Nervos, will gain access to liquidity through the BSC ecosystem.
The bridge is made possible through Force Bridge, a trustless cross-chain bridge that allows for seamless transactions between the Nervos ecosystem and other public chains, and Godwoken, the first EVM-compatible Layer 2 blockchain on the network. Nervos' Layer 1 provides security and scalability, allowing support for future layers and making it easier to build EVM-compatible cross-chains bridges, such as the Nervos x BSC bridge, from the Nervos Network to other chains.
Bridges are among the most fundamental building blocks of truly impactful blockchain applications. By enabling cross-chain interoperability with BSC, we're unlocking an immense amount of value that can now be transacted in the Nervos ecosystem."
Chris Khan, Senior Product Manager at Nervos
Seamless Token Transfers
Nervos x BSC bridge will enable the seamless transfer of tokens across the networks. At launch, Binance Coin (BNB) and Binance USD (BUSD), the native token and stablecoin of the Binance ecosystem respectively, will be supported for asset transfers and cross-chain swaps, with support for more BEP-20 tokens to come in the future.
Yield Farming on YokaiSwap
As part of their expanded access to dApps in the Nervos ecosystem, BSC users will also be able to receive over 500% annual percentage rate (APR) incentives on YokaiSwap through yield farming. As an Automated Market Maker (AMM), YokaiSwap enables users to easily and efficiently swap $CKB and any whitelisted token on the Ethereum network, as well as BNB and BUSD. Starting January 15, 2022, BNB/CKB and BNB/YOK trading pairs will be listed on YokaiSwap and available for yield farming opportunities.
The Nervos Network is a collection of protocols and public blockchain ecosystem aiming to solve the biggest challenges facing blockchains like Bitcoin and Ethereum today.
The Nervos Common Knowledge Base (CKB) is the layer 1, proof of work, public, permissionless blockchain protocol of the Nervos Network. It allows any crypto-asset to be stored with the security, immutability, and the permissionless nature of Bitcoin while enabling smart contracts and layer 2 scaling. Its unique crypto-economic model is designed to better align the interests of users, developers, and miners as compared to first-generation blockchains.
About Binance Smart Chain
Binance Smart Chain (BSC) is a sovereign smart contract blockchain delivering Ethereum Virtual Machine (EVM) compatible programmability. Designed for lightning transaction speeds and low transaction fees while adding Smart Contracts functionality for dApps - BSC tops in infrastructure performance as the biggest DeFi blockchain with 100M+ users.
VMware | May 16, 2022
Members of the steering group for Envoy Gateway (EG), including Envoy creator Matt Klein and representatives from Ambassador Labs, Fidelity Investments, Tetrate, and VMware, Inc., today announced their joint commitment to the project, which launched today at KubeCon + CloudNativeCon, Europe 2022, under the auspices of the Cloud Native Computing Foundation® (CNCF®). Envoy Gateway is a new effort within the Envoy proxy open source project to simplify Envoy use in cloud-native application development.
Envoy Gateway will reduce existing, redundant efforts around Envoy and make it much easier for application developers to use Envoy as a basic API gateway “out of the box” and as a Kubernetes Ingress controller. Exposing a simplified set of APIs, and implementing the Kubernetes Gateway API, EG makes it easier to extend Envoy. Developers will now have a cost-free, unfettered way to provide external access to their work in progress. At the same time, Envoy Gateway will not replace API management features currently found in commercial products.
“Envoy has achieved a great deal of success since we first released it in 2016,” said Matt Klein, founder of the Envoy proxy project. “And community has been at the heart of Envoy from the beginning. With the community-driven Envoy Gateway project, we see the opportunity to make Envoy accessible to many more users through the addition of simplified APIs and new capabilities explicitly targeted at north-south / edge proxy use cases.”
Envoy is already widely used for traffic between separate services in a microservices application—that is, east-west traffic. With Envoy Gateway, Envoy will also be easy to use for north-south traffic—traffic between an application and the outside world, as with consumers of an application’s APIs.
Envoy Gateway—Extensible Open Source Infrastructure for the Cloud-Native Future
IT organizations worldwide want to establish and use a rich, robust, modern stack of open source software for cloud-native application development and delivery, under the management of organizations such as the Linux Foundation and CNCF. Commercial offerings and projects within each IT team can then add value on top of this core infrastructure.
Envoy is fast becoming the go-to networking substrate within this modern, cloud-native stack. However, the need for API access, traffic routing, and other ingress capabilities has recently led to fragmentation in the Envoy ecosystem. Envoy Gateway will bring this needed functionality back into the main Envoy project and make it less confusing and time-consuming for developers to access Envoy.
Implementation Via Kubernetes Gateway API
Envoy Gateway will expose a version of the Kubernetes-native Gateway API, with Envoy-specific extensions. This is an expressive, extensible, role-oriented API well-suited to use by developers. Gateway API is either implemented, or in progress, for Istio, the Contour project (which originated at VMware), Emissary-ingress (which originated at Ambassador Labs), and others.
When users create Gateway API resources, they will be translated into native Envoy API calls, so Envoy and xDS, its native API, will not need to be changed to add this new support.
Advantages for Developers, Infrastructure Administrators and Business Decision-Makers
Application developers will experience the most positive impact from Envoy Gateway. They will be able to run Envoy Gateway and begin routing traffic to their applications. They will no longer need to build their own control plane, or extend an existing control plane such as a Go or Java control plane, or bring in a vendor solution at the early stages of their projects. They can just configure routes for the application and share them.
Infrastructure administrators will be able to easily offer an Envoy-native experience to application teams, without needing to adopt a vendor solution just to get basic gateway functionality. They will be able to manage instances of Envoy Gateway without interfering with developer access to them. Envoy Gateway will allow them to deliver consistent application networking capabilities across heterogeneous environments.
Executives and decision-makers will have Envoy as a standard and, we expect, widely-used solution for API access and Kubernetes ingress. They will also benefit from faster and easier development and delivery of more secure and robust software and services.
Originally created by Matt Klein and built at Lyft, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. Built on the learnings of solutions such as NGINX, HAProxy, hardware load balancers, and cloud load balancers, Envoy runs alongside every application and abstracts the network by providing common features in a platform-agnostic manner. When all service traffic in an infrastructure flows via an Envoy mesh, it becomes easy to visualize problem areas via consistent observability, tune overall performance, and add substrate features in a single place.
About Ambassador Labs
Ambassador Labs, the cloud native developer experience leader, enables developers to code, test, ship, and run applications faster and easier than ever. Maker of top Cloud Native Computing Foundation (CNCF) open source projects, including Emissary-ingress and Telepresence, Ambassador Labs delivers a developer control plane for Kubernetes that integrates the development, deployment, and production infrastructure for developers and organizations worldwide including Microsoft, PTC, NVidia, and Ticketmaster
About Fidelity Investments
Fidelity’s mission is to inspire better futures and deliver better outcomes for the customers and businesses we serve. With assets under administration of $11.3 trillion, including discretionary assets of $4.2 trillion as of March 31, 2022, we focus on meeting the unique needs of a diverse set of customers. Privately held for over 75 years, Fidelity employs more than 57,000 associates who are focused on the long-term success of our customers.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.