Trility Consulting hires Alex T. Hart as Vice President of Risk and Compliance.
Trility Consulting, a Trility Group Holdings company, is proud to announce Alex T. Hart has joined the Trility Consulting team in a new role as Vice President of Risk and Compliance. In this role, Alex will be responsible for growing the risk, compliance and information security division of the company. Alex will build, sell and service clients in these facets of the business, as well as, work with the Trility leadership team to grow strategic customer accounts and leverage partner relationships that align with Trility Group Holdings’ core business objectives.
Alex takes on this new role at Trility Consulting after serving as an Information Security Advisor to the firm for the past two years. Alex brings a wide variety of regulatory compliance and privacy experience with him in the health care, insurance, financial services (fintech) and government industries. He also previously served as a staff member to the United States Senate Committee on Finance focused on health policy, finance and information technology.
“Alex brings a great deal of regulatory compliance, threat detection and privacy experience with him which greatly applies to the digital transformation needs of today’s companies,” said Matthew D Edwards, Chief Executive Officer for Trility Group Holdings. “I have worked with Alex in multiple past chapters. I know he thoroughly enjoys working with clients to determine what compliance standards apply to their organizations and to help put operational frameworks in place guiding their compliance behaviors thereafter. It is no small task and Alex enjoys the journey. We’re excited to have him on the team!”
Trility Consulting is a leading provider of measurable outcomes for C-Suite executives. Trility provides strategic management consulting, digital transformation expertise and advanced technical solutions for forward thinking global businesses.
For more information, contact Alex directly via email@example.com or 312-574-0939.
Cloud Security is everyone’s responsibility requires aggressive defense.
Basketball season is in full swing. I have been lucky for the last seven years to coach different levels of basketball ranging from Youth teams through the local High School team. Coaching continues to be a rewarding experience and many of the lessons I have learned working with athletes and other coaches apply directly to my work with product teams.
It doesn’t matter how much you work to perfect your craft, be it system architecture or coaching a team of fifth-grade athletes, there are always new challenges to tackle. A core tenant of sports is continuous improvement which should be applied to everything we do with technology. No one starts playing basketball ready to play in the pros, but everyone has it in them to be successful. It takes a tremendous amount of practice, a dedication to learning new things from others, and celebrating the little victories along the journey.
It is not surprising there are so many different Cloud Security analogies available on the Internet. Cloud Security is a difficult concept to describe given the wide range of tools, services, and seemingly infinite combinations organizations can utilize to solve business problems.
Playing Cloud Security Defense
If you are a fan of basketball, using different defensive schemes is a great way to describe different views on Cloud Security processes. In all cases, the goal is to prevent the offense, or in this case bad actors, from scoring while providing dynamic responses to a constantly changing product architecture and threat landscape.
Typical Cloud Security frameworks today can be compared to two classic defenses: man-to-man and zone.
Man-to-Man Cloud Security involves security controls developed around individual services of products. Each control is focused on denying the service from sending or receiving information to other services in the system and aggressively focusing on protecting a single service. Firewalls, both web application and network, focus on denying traffic to block bad actors from easily accessing services. Logging and application specific analytics can be used to build a profile of a service and alert when the service profile is not followed. The disadvantage with man-to-man Cloud Security is in its aggressive focus on the individual service and a lack of real understanding of the big picture. There is a general lack of information on what other services are doing and because of this, any weakness in the focus on a single service can lead to breakdown of the security in general and, in basketball terms, an easy lay-up.
Zone Cloud Security primarily revolves around the frameworks in place for infrastructure deployed to support a wide variety of services. We still see organizations bringing the rigid security frameworks utilized for years in brick and mortar data centers and trying to apply them to Cloud Security. Deployed like a 2-3 zone in basketball, the defensive posture is to watch a specific area of the infrastructure and report back to a central service for monitoring and support. As information travels through the zone, communication is critical to ensure nothing gets lost in the shuffle. Each position in the zone is devoted to a specific task supporting a number of different services including both perimeter and core defense. The disadvantage with any zone defense is the gaps and in the public cloud space, gaps are appearing every day.
Server-less architectures are an exciting approach to utilizing the true power of elastic capacity while providing developers easier and easier ways to deploy features to production environments. However, in reducing the amount of infrastructure under direct monitoring the threat surface area is increasing at an equal rate. As any basketball coach will tell you, the easiest way to defeat a zone defense is by moving the ball and attacking the gaps in the zone. Another easy lay-up.
Trility takes a different approach to Cloud Security: the pack line.
Pack Line Defense, created by Dick Bennett of Wisconsin-Stevens Point, is commonly used in some form by many coaches including Tom Izzo at Michigan State and Tony Bennett at Virginia. It is a variation of man-to-man defense with the biggest difference being off-ball defenders play in the gap instead of pressuring their player and denying the pass. Everyone except the player guarding the ball plays inside an imaginary line 16 feet from the rim also known as the pack line. As the ball moves around the perimeter, it is the responsibility of each defender to close out on the ball and aggressively pressure while the remaining defenders adjust their position accordingly to see both man and ball and prepare to help their teammates – five against the ball.
Cloud Security is everyone’s responsibility and while we are aggressively providing man-to-man defense on the active products, the rest of the team is continuously adjusting to find and fill gaps in the defensive strategy. We react to changing conditions and close out on threats while keeping business goals front of mind.
The ephemeral and elastic nature of the public cloud along with software-defined infrastructure and platforms provide an opportunity for service-specific architectures. Trility utilizes two patent-pending tools to help provide high quality customized security for cloud services: IronBench Compliance Navigator and IronBench Cloud Config.
IronBench Compliance Navigator empowers organizations to develop highly customized compliance guidelines for products and services. Throughout the product lifecycle, IronBench Compliance Navigator uses standards and regulatory information updated as regulatory compliance laws and standards change to provide a solid foundation for product development teams.
IronBench Cloud Config is an enterprise framework and provides the source code for the entire implementation. Product teams can utilize a customizable secure framework based on industry standards and practices on which to build secure supporting infrastructure. Compliance Navigator helps you aggressively challenge the ball handler while Cloud Config supports the team by helping them adjust to changing product needs efficiently and securely working from a library of standards-based templates.
He’ll continue to work with clients in determining what problems or goals they seek to address.
Trility Consulting is happy to announce that Eric Gerling has agreed to become the Chief Technology Officer for the organization!
Eric has been acting in the capacity of Chief Cloud Product Architect, Principal DevOps Engineer and Principal Software Engineer helping our Fortune 500 and SMB customers determine how to adopt and evolve into predictable, repeatable, secure enterprise cloud architectures, platforms, and operations.
Eric is typically one of the first people working with customers to help determine what problems or goals they seek to address, provide multiple options to meet those needs and then be part of the leadership team that implements the solution path alongside the customer.
While continuing to work in the aforementioned capacities, in his new role Eric will also spend time exploring business growth opportunities for Trility Consulting, consult with Trility Consulting’s partner company, IronBench, as well as, work to ensure that business and technology solutions provided by Trility Consulting are consistent with today’s and tomorrow’s industry best practices.
IronBench of Des Moines, Iowa, launched in January 2017, is a product company focused on cloud adoption, cloud operations, and cloud-focused information security and regulatory compliance behaviors.
IronBench Cloud Config is designed to help companies securely adopt and evolve cloud ecosystems.
IronBench Compliance Navigator helps understand organizational regulatory and compliance status in relation to pertinent industry standards.
Trility Consulting, headquartered in Des Moines, Iowa, is a professional services company focused on discovering what goals customers would like to achieve and then helping them get there through lean, continuous delivery behaviors.