You are on page 1of 72






s t t t t t t tt

t t t t t t t t

t t t t t t t

t t t t t t t t t tt

t tt t t t t t t r t t

t r t t t t t t

q qq qq qqq qq qqq

t t t t t

t t t t t t t

t t t t t t

tt t t t rt t t rt

s t t t

r t t t t t t t

t t t t t t t st

t t t t t tt t t t

t t t t t t

t t t t t t tt t t

tr t t t t t t t t t t t t t

t t t rt t t

t t t ttt t t t

tt tt t t t

tt tt
t t
t t t
t t sq q sq s
t t qsq
t sq
t t
ttt tt
t t qs
tt sq
t t t


t t tt t tt t t
t t t t tt t t t t t t
t t t tt t t
t tt t t t t t t t t
t t t t t t
t t tt t t
t t tt t tt t
P t t t t t t t
t t t t t t t t t t
t t tt t t t t
t t t t t
t t P tt ttt t tt
t t t tt t t t t
t t t tt

t P


t s s








rtr rt rt r r t t
t t r rt tr r r r rtr
t t rt t t r
t tt r rt tr r t tr tr
r tr t rtr tr t tt
tt trt rt r t t
tr trr t t t t t t r r
t rrt
trt t
rr r tr
rr rt t r
tr tr r
rt trt t r t tr
t tr tr t t r t t
rtr r rt t
r rt r r tt tt q s
r t rt r r
tr rtr t t tt q
r t rt r r t r

rt r rt t t t r rt
t r t rt tr trr t
r rt r t t t t r tr t
tt r r t t t t t
t t t t t t t t t t rt t rt
tr tt tr r t t t trt r rtrtr tr
t rt r tr t r r t
t r r rt tr tr rt t t r t r rtr r
trt t tt rt t rt rt rr r
t r rtr t r t rtrtr trt rt
r r r r rt t r
trt rtr t tr t tr r r
t rtr ttt rt r tr tr
r r t rrt rt r tr r tt t t r rtr

Upcoming IT & Security Events

AUGUST CIO Summit Houston CIO Summit San Francisco

Houston San Francisco
ISSA Blue Ridge September 7, 2017 September 14, 2017
Blue Ridge CTC Tech Center
5550 Winchester Ave.
Martinsburg, W.Va. CIO Summit New York CISO Summit San Francisco
August 8, 2017 New York San Francisco September 12, 2017 September 14, 2017
AITP Twin City
Ozark House CISO Summit New York AFCOM NYC/NJ Metro
704 McGregor New York Location TBD
Bloomington, Ill. September 12, 2017 September 14, 2017
August 17, 2017
ISSA Blue Ridge AITP San Antonio
AITP St. Louis Blue Ridge CTC Tech Center San Antonio
UMSL Cybersecurity Room 5550 Winchester Ave. September 20, 2017
St. Louis Martinsburg, W.Va.
August 24, 2017 September 12, 2017 SecureWorld St. Louis
America's Center Convention Complex
he Fith Annual Washington, D.C. St. Louis
SEPTEMBER & Mid-Atlantic Data Center Summit September 20-21, 2017
Embassy Suites Dulles
SecureWorld Twin Cities North/Loudoun details/st-louis-mo-2017
Venue TBD Ashburn, Va.
Minneapolis September 13, 2017 AITP Akron-Canton
September 6, 2017 526 S. Main St. nual-washington-d-c-mid-atlantic-data- Akron, Ohio
details/twin-cities-mn-2017 center-summit September 21, 2017
CISO Summit Houston SecureWorld Detroit
Houston Ford Motor Conference & Event Center
September 7, 2017 Dearborn, Mich. September 13-14, 2017

10 August 2017 /

Upcoming IT & Security Events


Morristown, N.J.
AITP Twin City CIO Summit - Atlanta October 10, 2017
Ozark House Atlanta
704 McGregor October 3, 2017
Bloomington, Ill. ISSA Blue Ridge
September 21, 2017 Blue Ridge CTC Tech Center CMO Summit Atlanta 5550 Winchester Ave.
Atlanta Martinsburg, W.Va.
SaaSMAX 2017 Cybersecurity October 3, 2017 October 10, 2017
Channel Road Show
September 21, 2017 CISO Summit Atlanta he Fith Annual Texas Atlanta Data Center Summit
October 3, 2017 Andrew Ormsby at Cityplace Events
AITP Pittsburgh Dallas
Pittsburgh October 11, 2017
September 25, 2017 he Second Annual Western European Data Centre Summit annual-texas-data-center-summit
Location TBD
Internet of Insurance October 5, 2017 IoT Build Business Conference
Business Conference San Francisco
Four Seasons annual-western-european-data-centre- October 11-12, 2017
Austin, Texas summit
September 25-27, 2017 SecureWorld Bay Area CIO Summit Dallas
internet-of-insurance-usa Santa Clara Convention Center Dallas
Santa Clara, Calif. October 12, 2017
AITP St. Louis October 5, 2017
UMSL Cybersecurity Room
St. Louis details/bay-area-ca-2017 CISO Summit Dallas
September 28, 2017 Dallas CIO Summit New Jersey October 12, 2017
Morristown, N.J.
October 10, 2017

CyberTrend / August 2017 11

At Work

AI (ARTIFICIAL INTELLIGENCE) is ev- or that conversation, but rather one

KEY POINTS erywhere. You call into a customer that involves every facet of daily life,
Virtual personal assistants service support line and use natural whether that be personal or business.
use natural language pro- language to have a bot send you in In fact, some of those business ap-
cessing to offers suggestions or the right direction. You speak into plications, although seemingly simple,
even perform speciic actions. your phone and have it instantly are the ones that may make the most
transcribe your speech into a text difference in the years to come. The
Wearable devices already message. You talk to Siri, Alexa, or focus for every organization is to be
take advantage of AI in many Cortana to check on the weather, see as efficient as possible while still pro-
ways, but usage will continue to whats on the docket for the day, or viding a high quality customer ex-
grow in the near future. even order some coffee using only perience and continuing to generate
your voice. revenue. And with so many con-
AI can be used in many AI gives the impression of having sumers getting comfortable with the
administrative processes, two extremes. Its either the voice- idea of artificial intelligence, now is
including helping in the HR re- activated VPAs (virtual personal as- a fine time for companies to start in-
cruiting process. sistants) for consumers or its the jecting it into more product and ser-
incredibly advanced applications that vice offerings. Whether its a customer
AI is ubiquitous in many youll only find deep in secret data support chatbot or technology specifi-
ways, but it will eventually get centers or military research facilities. cally designed to help with recruiting
to the point where consumers But the fact of that matter is that ar- and other human resources-related
simply expect AI functions to be tificial intelligence encompasses both tasks, AI can help streamline once
built into advanced products. of those extremes as well as every- complex systems into more auto-
thing in between. Its no longer a this mated, user-friendly services.

CyberTrend / August 2017 13

r t r tr

r t r r t

r t trr

tr t r r r r r

r r r r t r r r

t s r r r r r r r

r r r t t r

r t r r t

r t r r r r rr

r r r t r r t

r s r r t

r r r rr r t

r rt r

r r r rr r

r r tr s t tr

r r r t

r t t t

r trr r



rt r




t t
t r t

r t

t r
r r







q s q q
q q q q

ttt tr r t r t t
trt t tt t r r rtt
r r t t t r
t tt r t t tr t r
t tt t t t rt t tr r
tr tt t r tt t t r r
r r t tt r t t t
r t t r t rt t
rt t r t t r t
r tt r rt t tr
r r t r t rt
t t r t r rtr
tr t t trr r t r t
rt tr t t r r
rt r t t trt t r
r r rt t r
r t tr t tr r
t tt r r r t r
tt t tr r t t t
tt r r t r t t rt
rt t t rt r
t t t rt t
s s s
rt r
t tr t
s s
rt t rt t r
t t t
t rt r r

r rr t t t rt r

t t t tr rt r rt

t t t t tr rt

t r r t t t

t tr trr rtt r rt r t

tt tt t trt t

t tr t r tr t

t t r tt r r

t r rr tt r

t tt r r

t t r

r t r t tr rt

r r r t

rr t t t t r r

r t t t t t r

r t t rt r t t

t t r r r t

rr r r t t r

t r r rrt
s s
tt r t sss s s s
tt s
t t t t r r r t r
t t tt t t t r t

P q

t rs r

t t tt ss t
st r rt sts t r
ss r t t t
s rst t t s
rt t s
ts rst t sts r
st ss s st
tt st t s
r t ss t
r r t s
tr s tr
t rt s rt
tts r sts r
t t rss ts P P PPP

t t t
t t t tt
t st t ss tr
t s r r rs t r s strs r r t rt rrr
ts t t rts sts rt t t s t s r s s t s
r t ts rr r t s rt s ts rt t
t t t t s ss t rts t r t t t
r t t r r t ts st rts
rr r
ss ts t r
st t t t
q q r tt s t s t
r r ts s
r ts t
ts tt t st
tt rt ts
ts t t t r t
s sr t ts t
tt rst r s s
t t s rts
tt t t tt r
t tt tr
s t tt trst
t t tr s
t t ts tt r
t t ts
t r st srs
t r t t t t
tt ts rt t t
st s t ss t t t
st t ts
ts t tr ts tt t
r rt t st
t rt

t tt t t t t
t tt t
tt t t t
t t t t t t
t t tt tt
t r t t
tr r t
t t t t
t tt
t tt tt t t
t t t r t
t t t t tt
r rt tt
t t t t t
t rt t t t
t t t
t tt t t
t t t
tt t t





t t t t t

P t st t tt t t

t P t t t

t t t t t t t t P

t t t t tt t t t

t t t

t t t t tt t t

t t t t t t P

tt t t t t t

t t t t t t t

t tt t t

t t t t t t

t t
t t t
t t
tt t t
t tt
t tt
t tt
t t
t t t t


t t t

t t

ttt tt

t t

t tt

t t t

t t

t t t tt

t t

t tt

t t t


tt t t

tt tt t

t t

t t

t t tt

t t

t t

tt t t


t t

t t t

t t

t t

t tt

t t

t t t tt

t tt t t

t tt ttt t

t t t

t t tt t

tt tt t

t t

t t t t t

tt t tt t

t t
P t t t t t
s s t t t t t t t
s s t t t t t t t
s s s t t t
s t tt t tt t t tt t t
s t t t t t
qtt t t t t
s t t t t t t t t
t t t t t t t
s s t r t t t
s t t tt tt t t
s tt t t t t t tt
ttt t t t t t t
s t t t t t t
ss t t
s sss t t
s t r t t
tt tt t t tt
sss t t t
s t t t t t t t
ss t t t t t
t t t t t t t

the cloud. Something that plays a major [When] an organization is considering partnership with
part in that conidence is that cloud ser-
a cloud service provider it needs to do its due diligence
vice providers like Google, Amazon, and
Microsot, have large security teams that in understanding their potential service providers poli-
are in many ways able to provide better cies around compliance, backup, security, communica-
security than any single company would
tions, data transfers, etc. An agreement should be put
be able to do on their own. Gelnaw adds
that the one exception to this rule is the into place that very clearly lays out the various roles and
financial services industry, which has responsibilities taken on by each entity.
been slower to adopt cloud offerings
than other industries, but even that in- ANGELA GELNAW
Senior Research Analyst
dustry is slowly making moves.
Overall, there is evidence that compa-
nies are warming to the cloud. Gelnaw
says many organizations have cloud And then there are new regulations, Many CSPs have features that pro-
mandates where they hope to be 100% especially some of those coming out vide tracking and audit logs of data,
cloud-based by 2019, as an example. of the European Union such as the says Gelnaw. It is the businesss respon-
Gelnaw admits this type of goal is more General Data Protection Regulation sibility to be aware of what data is being
common among less-regulated indus- (GDPR), that are making the issue transferred to a CSP and what restric-
tries, such as retail, and points out that cloudier. There are still uncertainties tions might be placed on that data. With
many companies, including those pro- around the potential impact of certain many CSPs, the provider itself may not
viding financial services, are more in- regulations, which may be delaying pur- be able to actually see what the data
clined to take a hybrid cloud approach, chasing decisions as well, says Gelnaw. is, only where it is. Contracts should
which involves a combination of cloud As such, it is most likely that on-prem- specify where data should be stored
and on-premises solutions. This is ises deployments will continue to per- geographically and if/where data may
partly due to security concerns, but it sist for some timealthough growth, of be able to be transferred. Data transfer
is also partly due to the fact that these course, is diminishing in lieu of the high agreements and notifications should
organizations have invested significant growth seen among cloud deployments. also be put in place up front. herefore,
resources into building custom infra- Like most other things, the story will be any CSP should be able to provide some
structure, mostly on-premises, that will about coexistence for quite some time, type of documentation showing the lo-
take strategic decisions and many more particularly among the large enterprise cations of all of their data centers, as
additional resources to dismantle or shit segment, but less so in the SMB [small well as data logs for an organization.
to something else, Gelnaw says. to midsize business] market. Riley points out that when it comes
So, despite the clouds ubiquity, there down to proving where data is stored in
is still some hesitation among regulated Data Location a cloud environment, it will ultimately
industries. Steve Riley, research director One signiicant issue related to com- depend on how a given CSP chooses to
at Gartner, blames at least some of this pliance has to do with tracking down track and disclose such information and
on the ponderous nature of the regula- the exact location of the data that falls how its overarching environment is set
tory apparatus, which perpetually lags under a speciic regulation. When data is up. Some cloud providers offer their
the advancement of technology. Riley stored locally, that isnt an issue, because services in distinct geographic regions
says its actually possible for companies you know exactly where that data is. But and make assurances that data stored in
to store all of their data in the cloud, and when you use a CSP things get murkier any given region will remain there un-
that Gartner isnt aware of any regula- because data is oten stored across many less the customer initiates a migration
tions that explicitly prohibit the use of diferent servers, sometimes in diferent to another region, he says. Customers
cloud computing and storage. he real parts of the country or the world. The with in-region requirements should ob-
issue, he says, is that regulatory agen- best way to move data to the cloud and tain written documentation from their
cies, accustomed to grounding their rules keep your organization in compliance is providers that such requirements can be
in the context of physical location, are to speak with potential CSPs and make met. Providers that dont ofer region-
still grappling with the ephemeralness sure they store data in a manner thats specific services are likely not candi-
and abstractions that deine cloud. consistent with your needs. dates for those customers.

CyberTrend / August 2017 25

Its important to realize that location Auditors will be looking for controls for building security into applications,
is one part of a much larger picture with around identity and access management, for establishing data security controls,
regard to compliance. Gelnaw says thats says Gelnaw. CSPs should be able to pro- and for designing and enforcing appro-
why its important to have the ability to vide assistance in this respect, as well, priate identity and access management.
prove compliance in lieu of an audit, whether it simply be guidance or actual But as a consequence of ceding some
and to achieve that, you need to ind a documentation of data access and use. control, customers should expect to per-
CSP that has the right monitoring form more monitoring of cloud activity,
tools and is as transparent as possible. Areas Of Responsibility to demonstrate that governance proce-
As with any technology partnership dures are in place and are being followed.
or agreement, it must be clear who is in We see an intense interest from clients in
COMMON REGULATIONS control of what. his is particularly im- emerging tools and vendors that specii-
Payment Card Industry Data portant with the cloud, and its ultimately cally address this requirement.
Security Standard (PCI DSS) ap- up to the organization to compare CSPs
plies to any company that accepts thoroughly, including taking note of each Encryption In The Cloud
credit cards as payment. These ones certifications. Business leaders Another way to get away with some of
guidelines are intended to prevent need to be aware of the standards and the security concerns around data in the
fraudulent credit card use and to regulations to which they need to comply cloud is to put some form of encryption
protect consumers. and then do their research to confirm in place. Encryption completely alters
Sarbanes-Oxley Act of 2002 which possible partners are a match the state of the data, transforming data
(SOX) arose from the ashes of for them in this regard, says Gelnaw. into cipher text, says Gelnaw. Only with
corporate accounting scandals in Cloud-using organizations in regulated the use of an algorithm and a key can
the early 2000s and is designed industries must work with their internal that data be transformed back to its orig-
to keep the boards of directors legal departments on an ongoing basis to inal state. As such, key management is a
of major corporations in check. ensure the development of contingency very important aspect of PII encryption.
It charges the Securities and plans that address non-compliance of Encrypted data that is transmitted over
Exchange Commission with en- any third party entity engaged by any the internet, while in another format, is
forcing the law. business unit for any purpose. still the original data itself, and thus the
Health Insurance Portability For Riley, the irst place to start when scope of compliance to standards like
and Accountability Act of 1996 it comes to security- and compliance- PCI DSS extend to any system on which
(HIPAA) The irst part of HIPAA related issues is to understand that its a that encrypted data may reside.
is designed to help the families shared responsibility. What that means Again, Gelnaw stresses the important
of workers not lose health care in is, depending on the type of cloud in of talking with your CSP about its en-
the event of job change or loss, question, there will be diferent levels of cryption policies. Some CSPs will even
but the second part applies to the security at play. For example, in a SaaS provide speciic encryption options for
protection of electronic health care (software as a service) situation, the use in their cloud environment, but
information. Its a set of standards cloud provider will be control of the ap- companies can also opt to set up their
for how to handle sensitive data plication, network, and physical security, own encryption in some cases without
related to health care providers, while the business will be in charge of the CSP knowing or necessarily caring.
health insurance plans, patients, IAM (identity and access management) More oten than not, the CSP will only
and other relevant data. as well as data security. But in an IaaS have access to the encrypted data, and
Federal Information Security (infrastructure as a service) arrangement, not the original data, she says. he CSP
Management Act (FISMA) is a the business takes more responsibility. may never know what the original data
regulation that applies directly to he CSP is in charge of physical security actually is or what value it provides to the
government information. Its a set and its side of the network connection, enterprise. This is another reason why
of standards that security experts but the business is in charge of its side of it is so important that enterprise leaders
can use to protect information the network, application and data secu- take the lead on their data security and
stored in the many agencies that rity, and IAM. data governance initiatives to set thresh-
make up the United States federal Numerous capabilities exist to assist olds, strategies and policies.
government. here, in three crucial categories, Riley Riley agrees and says its a common
says. Cloud providers ofer mechanisms assumption that encryption is the simple

26 August 2017 /

solution to the complex issues sur- Its always a good idea to hire a HIPAA-knowledgeable
rounding how best to address residency
third-party auditor to assess workloads processing per-
and similar requirements, and adds that
some regulatory bodies suggest that no- sonal health information, whether on-premises or in the
tion. However, he also points out that cloud, with the understanding that these arent official
we havent seen deinitive guidance that
certifications and dont absolve customers from their
states anything like, if you encrypt X in
cloud Y and store the keys in some other obligations related to HIPAA regulations.
place Z, then youve satisfied all appli-
cable regulatory requirements. For that Research Director
reason, the role encryption plays in the Gartner
regulatory compliance arena with regard
to data stored in the cloud is still unclear,
at least for the time being. that hold those stores of PII is drasti- residency requirements in some ge-
cally reduced, says Gelnaw. If a system ographies, but not others, notably the
Tokenization was breached and data leaked out, the EU, says Riley. A few authoritiesfor
In addition to using encryption to random strings of numbers would be of example, PCI DSShave explicitly de-
secure data in the cloud, another ap- no value to a bad actor. In inancial ser- manded encryption. A greater number
proach for companies to consider is vices, tokenization is oten used in pay- have implicitly recommended it, without
tokenization. Tokenization is the act ment processing. It should also be noted taking a stand on whether its actually
of replacing sensitive data with unique that the token vault or database is most required or whether it represents an ad-
tokens or random numbers or symbols, likely to be secured via encryption, thus equate level of protection. Whatever the
with the mapping of those values stored making it apparent that the best security actual contribution of encryption to-
in a secure database, sometimes called strategies are dynamic and leverage a ward the reduction in the number of
a token vault, says Gelnaw. he idea variety of technologies to provide op- cloud security failures, in general, audi-
is that by substituting sensitive data timal security. tors, regulators, and other stakeholders
strings, like a Social Security number or consider it to be of value. If a security
an account number, with random num- Cloud Compliance Concerns failure does occur, questions about the
bers or symbols, the format of the actual Arent Going Anywhere use of encryption are virtually inevitable.
data string can be kept intact without An important thing to note, says It most certainly helps avoid negative
compromising the security of the con- Riley, is that regulatory burdens for attention in the case of data breaches.
sumer to which the data belongs. cloud-using organizations are growing, Leaked encrypted data is not a mean-
his approach is oten used in the pay- and the peak of regulatory concern ingful exposure, while leaked clear-text
ment processing industry, with credit lies at some point in the future. One sensitive or conidential data can result
card numbers or account numbers being of the primary reasons for this is that in severe loss.
replaced with tokens so payments can current regulations are by no means Gelnaw agrees and says that se-
still be processed via point-of-sale ter- set in stone. hey key, Riley says, is to curity and compliance are not static,
minal or online or mobile transaction, work closely with your legal depart- and likewise an enterprise strategy to
without compromising the actual per- ment to understand how regulations manage them should not be either.
sonally identiiable information, Gelnaw relate to your companys information She stresses the importance of security
says. The impact that tokenization has and work closely with compliance ex- and compliance teams within organiza-
on compliance is (ready for it?) a bit un- perts to weigh the potential risks of tions constantly monitoring the state
clear, but in theory, it should mean that moving certain data and workloads to of their company as well as the state
tokenized data stored in a cloud environ- the cloud. But in the end, the most im- of their industry, and keeping track of
ment is less risky than just storing that portant thing is that companies protect any changes that could impact compli-
data natively in the cloud. themselves and take most, if not all, of ance issues both on-premises and in the
Because the actual data is stored in the compliance-related responsibility. cloud. hat also means having remedi-
a secure database and is not actually For the time being, encryption, to- ation and communication plans in place
shared with any third parties, the scope kenization, and masking appear to for when the inevitable negative event
of compliance for the organizations be adequate substitutes for satisfying occurs, Gelnaw says.

CyberTrend / August 2017 27

r rqr r s s rs P
rs rs P r r
rs r r r
ss r rs r rss s
r r s r rss rs r
rs r r rs t r P r r r
Prs rr ts rs r rs ss s
r rs Pr s r sss s
s P ss s ss s
s r s r
r rs rsr r r ss rs r r
r s r r r sr s s P
r r s r r r sss
q ss r tr r rs
s r r rr r r r r
r r r s r r r
r r s r s r r r r
rs s P P s ss ss
P r r s rs P r rr
rs r r r r r r r r
r ss rr rr rs ss r s r ss r
rr qs r rs r r r ss s
s ss rrs r r P r rs rssr

and data processor. When moving to the [GDPR] has two primary goals: firstly, to bring the exist-
cloud, for example, a controller deals with
ing law up-to-date with modern practices of gathering
a processor, which is oftentimes located
outside the union. hese roles are a matter and sharing personal data, and secondly, to unify the data
of definition rather than choice. A data protection regime across EU member states. The defini-
controller is the entity who decides and
tion of personal data is deliberately broad and relates to
controls what personal data is processed,
for what reason, and by what means. any data that pertains to an identifiedor identifiable
Essentially, the GDPR covers the data living human. Thus, an IP address can be considered
of all persons living under the EUs pro- personal data, as can combinations of data that, individu-
tection. The reason for this broad geo-
graphic scope, usually referred to as ally, would not identify a person, but collectively could.
extra-territoriality, is to avoid cases where
organizations seek to undermine the Vice President
regulations by exporting data to jurisdic- IDC
tions beyond the EU, says Brown. GDPR
applies to organizations of all types and his is where the laws of any given country Compliance Issues
sizes, with few exceptions. Any organiza- are weighed and factored into the deci- Companies concerned about GDPR
tion based outside the EU but processing sion, which Brown refers to as adequacy. should irst determine how much of their
personal data of people in the EU must Because the U.S. doesnt have a true federal data falls under its scope. Companies in
comply with the law. This, he adds, in- data protection law, companies may have the U.S. that have relatively small amounts
cludes companies doing business within to dig deeper to see what theyll have to do of non-sensitive data could take a business
the EU and those providing services for to comply with the GDPR. risk-based decision not to comply with
anyone within the EU from any distance. In the absence of adequacy, other GDPR, says Brown. However, the risk is
Brown says hospitality, transportation, mechanisms are available, says Brown. high, due to stif ines, breach notiication
financial services, and cloud and social One such is a bilateral agreement between rules, class-action lawsuits, and suspension
media services will probably see the big- the EU and the third country: EU-U.S. of data processing amongst the sanctions
gest impact. Privacy Shield is an example. his operates available. Most companies with sizeable
Exporting data is another important at a country level. Individual companies business relating to EU data are likely to
issue. Brown stresses it is not illegal to can also operate legally by using standard conclude that compliance is the best, and
move data from the EU to so-called third model clauses inserted into contracts, or least risky course of action.
countries and says it is perfectly accept- binding corporate rules which involves Willemsen offers numerous tips for
able to do so, as long as there is a legal altering the articles of incorporation, and GDPR compliance. Data controllers and
mechanism that covers data transfers. is therefore not a trivial task. data processors alike, have a lot to do, he
says. Appoint an EU based representa-
tive, if necessary. Appoint a data protec-
[Consider] where privacy is most at risk; a data breach tion officer, if necessary. Conduct privacy
has impact on individuals. Hence, data minimization (in impact assessments. Deine and document
processing purposes, motivate the data
the context of the above- mentioned processing purposes)
necessary to achieve those purposes, add
and retention minimization (in the context of retention retention periods and operationalize just
periods mentioned above) are key. Time is the only critical that. Enable purposeful use only, prevent
unauthorized exposure or usage simulta-
success factor for a data breach; therefore retention peri-
neously, be transparent about it and con-
ods should only be as long as is necessary to the purpose trol the personal data throughout the life
served, and as short as possible. cycle, purge excess data at the end of the
life cycle. Prepare for adequate handling
BART B. WILLEMSEN and reporting of data breaches and prepare
Research Director
for subjects, individuals whom the data is
about, exercising their rights.

30 August 2017 /

r sr ss r
s r r rs ss
P s rr r s rr rs
t P r r s s r r
PP P t t P r ss r r s ss
s s s s rs ss
Pt P s r s rs s ss r s
Pt t sss s s r s s
P P P t ss srs r rs r s
Pt t PPt ss r s s r r
P P PPt t r r s r sss s
r s s s s r
P ttP t sr r s r s
P t t P t s r srs r sr
P PPq t t tP r r s rrs s r
tt t P ss s s
tPt srs r
r rss s
P t tPt s s s s
P tq t ss r r r s r r
t rr sr s rs r
r rs r rss

s ss s
r r rrss

t s rs s
rtt r t
s rtss sts r
s tr t

r r
s t rr
sr t rr t
t r rtrt
t ts r rs
trt t t

ts s s s sr t
t r tr
t sst r st r stss st ts rs s rtrt t
t rrs ts sr t t tr srt t tr s t t r
r tt tts s r rtt tt t t tr s
t rss rtt t ts ts t tr ts
rt ss t rs rtt srr t sr t r
tst rs srs s s s r s s r r ts s r st
r s t t tr sss t
r r s rs st s s sr rtts st t ss
s r r ts t r s r tt tts r r
t t s tr rrts r srt rs t
t tt s s r sr r tst rt rsr tr
tts s sr t s ts sr t r r s t rs r tr s
r s tr r r ts ts sst r st ts r
t t

r rtss t
s rr t
t t r
s r r r s
t st s
trs ts
r ts r
t r
ts rt
s s
ts s t t tr
trsrr st
rt s
q q q
s r t
q ssr t s r
q ts t sr
stsss ss
ts r

s s
ts t s
t t r
r t
r t
s ss r
t r
s t t s r
rs t t r
ts t tr
sts s
t tr
s t

t r t
t s t t t
r t
t t

ts s

s t t

t r st s s
t r t
t r s ss
t t r r t r t s t sr st t s
t s r ssss t t t t t s s t t s sr r
rtt t s rr st s r t r sr sr
s s t r r t sts r r t t t t
r sr t t s t r r t s t t ts sr t s
s t t rt t r t r s t s sr t s
rsst r rt t t ts r t rt rt r
s r strtr s ts rt trs t t s s st
ts t tr t rt t t t s r t r t t
s t ts s t ss t t t s r rt sts t
r r s tr r s t tr r t t
t t r sts s tt r st rs tr r
rtts r sr s s ss r t ts t t r
ts t t t t t r r tr t r
s r t t r t
t t rt r r tt t t r t t t s r t
t r s t t ts tr r tt
t t st t t s s t t t r s t s t t
ts r s s r trt rtt rts
r r ss s t r t sr s r t r r rr t sr t
st rs r st r s s s t r t r
r t t s t s ts t t t r r s
t rs r s rs t t r rt t t r ttr s rt

r r r r s t s

rqr rr r

r r r r r r r r

r s r r r r

r r r r r r

r r rt rt r

r r r r r

r r rr s r t r

r r r r rt

r r r r r r t

r t r t r r r r

r r r r t t

r r r r r t r

rt r t r

r r

t r r r t

r r r r

rt r

s r t t rr r r

rr r r r q r r

t t
t t



t t
q q q
q q q

t s s
r rr r r rr
t r r r r
Pr r r r r
r r rr r
t t r r
r r r
t rrr r r
P r
r r
r rr



Pr r r



r s t

r r r
s r r r r r t r

t r r r r
r r
tr r rr t r
tr r r
Ptr r r r r r

r r t tr r r r

r r rt r tr
t r
t r t r r r

r r r r


r r tr rr r r rt rr
P P r P r r r r t r
r P r r

t t r rr r

r r
r r

t r

r tr r r
r r
r tr r
r P
r r t t
r rt q

r r

t r r r r r

P P P r r t

P P t rt rt r r

sPP PP r rt r

P P P sPP r r r r t
r r r

s rr r r r

P P r t r rt t r

PPP P r r

sP sPP r t rr t rt

PP r r
t r r rt rt

s P r r r t

P P sP r

sP P s r r

s P P r t

P P P r t rt r r
r r r r r
P P P rt rrr r
PP P s r r q rqr rr
P t rt r r r rt r
r r

will enable the devices to use spec- 5G will bring system-level changes that modify how the
trum that is much higher in frequency
network is organized. Some of these changes heavily
than what we see in todays networks,
Rehbehn explains. What this means rely on concepts of virtualization and software-defined
for a business owner is the possibility networking. In addition, compute and storage capabilities
of having very high data rates, but the
from the cloud will become part of the network architec-
higher the frequency thats being used,
the shorter the distance that the signal ture and migrate very close to the edge of the network, if
can go. And so the business owner may not at the edge of the network, so that applications which
expect to have to deploy small cells that are extraordinarily time-sensitive can enjoy the lowest
are closer to the devices that are re-
ceiving the 5G signal. latency possible.
One particularly intriguing aspect of
5G is that it enables network slicing, Principal Analyst
or dividing a network into multiple vir- 451 Research
tual networks. his enables smarter net-
works that could, for instance, provide
greater bandwidth for devices and ap- environmental sensors to monitor con- as the company tries to get one step closer
plications that require them and less ditions in multiple areas at once, and to a wide-scale rollout.
for always-on smart devices with lower using the data those sensors collect to
bandwidth requirements. determine ways to reduce pollution or AT&T
All of the major carriers, including even noise levels. Although were merely AT&T is currently working to make
Verizon, AT&T, Sprint, and T-Mobile on the cusp of these technologies taking 5G a reality for its customers sooner
in the U.S., have said that 5G will play a shape, Verizon stresses the important rather than later. Around this time last
major role in both the communications role 5G networks will play in making year, the company started talking about
and IoT markets, boosting performance these types of connections possible. its 5G road map and goals for the tech-
for consumers, businesses, and smart Verizon is also investing in the idea nology. he three main focus areas were
grids. But while all of these carriers have of putting 5G in the home or office video, virtual reality, and the internet
5G plans, each has its own approach. rather than going directly to the broader of things. All three of these technolo-
mobile use case. The goal, according gies require the fastest possible speeds
Verizon to the company, is a future where in- and the most reliable connections for
Verizon has been one of the major stead of digging trenches in yards to ultimate success. In order to achieve
drivers of 5G technology since an- deliver faster internet speeds, Verizon a seamless experience, there must be
nouncing its development a couple of can simply improve the performance minimal service disruption, which is
years ago. In fact, Verizon was the irst and speed of its network to the point a chief benefit of 5G once its hits the
U.S. carrier to complete 5G radio speci- where 5G can be used in place of tradi- mainstream.
fications, which means that it started tional broadband internet. hen, once AT&Ts road map includes not only
pre-commercial trials before other car- that application of the technology is future target goals for 5G, but also im-
riers in an efort to better understand well-established, 5G coverage can be mediate steps for continuing to improve
how 5G can work in various settings. expanded to support widespread use of its existing network. In fact, the reason
Of major interest to Verizon is the smartphones, IoT devices, and almost why the company feels so confident
idea of leveraging 5G capabilities to im- any other wireless device imaginable. about the 5G horizon is because it has
prove the performance of smart cities As a kick start for these eforts, Verizon been able to highly virtualize its net-
and connected devices. The goal is for recently announced plans to launch a work and take advantage of software-
people to be able to go anywhere within pilot program by the middle of 2017 that deined networking principles to greatly
a given city and always have reliable net- will give 5G access to 11 market across improve overall performance and effi-
work access, plus the ability to connect the United States. Verizon customers in ciency across myriad connected devices.
multiple devices together for unique ex- Washington, D.C., Atlanta, Miami, Dallas, hese changes have reduced the cost of
periences. One example of this in a smart Denver, and other locations in between data delivery and led AT&T to reintro-
city context might involve deploying will serve as test beds for 5G technology duce unlimited data plans. AT&T says

CyberTrend / August 2017 39

this forward-looking approach also the market. hese include technologies years away from true wireless 5G and
provides a sizable cost advantage in the you might not think of right of the bat, that the other carriers are making ri-
deployment of 5G technology over a such as health care devices that con- diculous promises about 2017. On the
traditional network approach. tinuously send information wirelessly other hand, T-Mobile seems bullish on
Much like Verizon, AT&T also plans to a control center. It isnt just about the the potential of 5G and says the com-
to launch pilot programs around the demands of smartphones, but rather pany itself has tested it at speeds up to
country as a way to test 5G and provide the millions upon millions of smaller 12Gbps with super-low latency and four
customers with a taste of what they can connections that will add up to a much 4K video streams running at once.
expect once 5G becomes the wireless greater whole. In essence, T-Mobiles focus, which
norm. AT&T is quick to call the move For that reason, Sprints 5G focus it claims makes the company diferent
to 5G an evolution and notes that it isnt involves the bandwidth aspect of the from the traditional carriers, is that its
going to be an overnight transition. he equation. The company stresses that focusing on what to do with the tech-
goal in 2017 is to start by testing out this new style of network will not only nology rather than on the tools used to
1Gbps speeds in certain locations, launch offer greater data transfer speed, but develop the technology. What is clear is
a 5G video trial via DIRECTV NOW also enough capacity to handle the that T-Mobile is dedicated to the 5G fu-
in Austin, Texas, and launch its irst 5G greatly increased traffic. Sprint partici- ture and sees immense potential in the
business trial program, among other pates in many of the groups respon- technology for all of the same applica-
trials to come later in the year. For those sible for developing 5G standards, tions as its competitors.
later trials, AT&T will be working along- including CTIA and the Alliance for
side Qualcomm and Ericsson to Hurry Up & Wait
test and fine-tune standards for he most important thing to
both ixed and mobile wireless use 5G will build on existing keep in mind when thinking
AT&T als o recently an-
4G LTE capabilities, adding about 5G is that there arent
even standards developed for
nounced it would be launching far greater data transfer it yet, which means that not all
a 5G wireless pilot program in rates and lower latency. manufacturers and carriers are
both Austin and Indianapolis. designing to the same speciica-
The goal, however, is not to tions. When 4G launched, there
hit 1Gbps across the board, although Telecommunications Industry Solutions were a few devices that supported the
AT&T says some users may experience (ATIS), which means they are on the technology and more followed soon
those speeds, but rather try to hit a ground floor along with their fellow ater, but it took many months for LTE
more consistent peak of 400Mbps. his carriers in helping to bring 5G to the coverage to expand nationwide. So its
test will not only help AT&T move a few masses in a way that makes sense for important to take carriers pilot pro-
steps along in its 5G road map, but will everyone. But even with its more con- grams and tests with a grain of salt,
also serve as a way to make the network centrated approach, Sprint is also antici- as it will take longer for devices and
itself more agile even before 5G offi- pating the 5G potential for smart cities, network upgrades to reach the masses.
cially launches. smart homes, fast 4K (and even 8K) Rehbehn says 5G is likely to enter
streaming video, and a wide range of the market in a highly scaled way . . .
Sprint other capabilities. around 2020 to 2022, and adds that
While other carriers have been loud the best 5G experience will initially be
and proud about their 5G road maps T-Mobile focused in denser regions of the net-
and progress, Sprint has been more re- As the self-proclaimed un-carrier, work, so think city centers with many
served, but no less dedicated to making it would make sense that T-Mobiles ap- people and a lot of activity. But keep
that potential future a reality. In mid- proach to 5G would difer from those in mind that 5G is closely tied with the
2016, Sprint CTO John Saw, Ph.D., of Verizon, AT&T, and Sprint. In fact, continued evolution of LTE. So even
wrote on the companys blog about the the companys messaging on the matter when 5G is mainly available in popu-
massive amount of data being used by is somewhat vague and at times con- lous areas, Rehbehn says, the end user
mobile devices on a yearly basis and tradictory, which makes it difficult to in general should not notice signiicant
how usage will continue to increase as fully grasp T-Mobiles vision for 5G. On change as they go from the 5G to the
more types of connected devices lood one hand, the company says we are still LTE environment.

40 August 2017 /


r r r
rrr r r
r r r r rr r
r r r r r r r rr r r
r r rr
rr r rr r
r r r rr r r
r r r rr r
r r r r
r r r r r r r
r r r r r
r r r rr
r r r r rr
rr r r r r
rr r r
r rr r r r r
r r
r r r rr P
rr r r r r rr
r r r
rr r r
r r r rr r r

hosted the five-day, interactive work- Today, vehicle manufacturers across the globe are
shop, which teams students with auto
looking at ways to introduce more connectivity and
industry and government agency en-
gineers, as well as ethical hackers. functionality into their products. And as the bulk of that
hrough the CyberAuto Challenge, stu- work is performed in Michigan, it will also be up to us to
dents build relationships with profes-
also ensure there is an available pool of talent to defend
sionals and auto engineers to connect
with those who work in cybersecurity. against those who threaten its progress.
It also gives young talent access to the
technologies they wouldnt otherwise Senior Technical Advisor, Cybersecurity for Automotive & Defense
have an opportunity to touch. Michigan Economic Development Corporation & the State of Michigan
Michigan is also where the first
U.S. Army Tank Automotive Research
Development and Engineering Center GRIMM; National Motor Freight Traffic able took participate in the CyberTruck
(TARDEC) Commercial CyberTruck Association (NMFTA); federal agencies Challenge, giving students real-world
Challenge was held. Attracting national for transportation, defense, and energy; experiences as well as an introduction
attention, the event brought college stu- as well as the Michigan State Police. to potential employers.
dents, U.S. Military Academy cadets, Growing these cyber challenges has If we are to prevent the danger posed
academics, and professionals to south- great potential in Michigan, which by hackers and cybercriminals, then
east Michigan for two days of classroom is home to the 500-acre American educational programs and hands-on
instruction and two days of hands-on Center for Mobility. With construc- challenges will be needed to meet this
activities. he vehicles involved in this tion underway, this federally designated threat with experienced talent. Today,
challenge were two semi trucks and a proving ground for connected and auto- vehicle manufacturers across the globe
military vehicle used to detect impro- mated vehicle technologies will include are looking at ways to introduce more
vised explosive devices. a cybersecurity lab and valuable testing connectivity and functionality into their
The students involved in this event structures, such as double overpasses, a products. And as the bulk of that work
included doctoral and Masters degree railhead and highway loop. is performed in Michigan, it will also
candidates who have been performing With the ability to perform vehicle- be up to us to also ensure there is an
research on connected commercial to-vehicle (V2V) and vehicle-to-infra- available pool of talent to defend against
truck technologies for years. hese stu- structure tests (V2I), as well as creating those who threaten its progress.
dents have looked at data files, devel- secure network systems for the automo-
oped theories, written papers and given tive industry and intermodal hubs, the
global presentations but havent had the Center has a big advantage compared to ABOUT THE AUTHOR
opportunity to physically touch a ve- other facilities. And by becoming more Karl Heimer is Senior Technical Advisor,
hicle. hrough this challenge, they were than just an auto industry resource, it Cybersecurity for Automotive & Defense
to Michigan Economic Development
able to test theories and make changes serves as an important asset to the long Corporation (
based on real-world information. list of higher education institutions in and the State of Michigan through his pri-
Michigan that are expanding programs vate consulting firm Heimer & Associates.
Multi-Organization Efforts in cybersecurity. Heimer co-founded AutoImmune, a
The CyberTruck Challenges spon- One such institution is Walsh company that provides automotive and
transportation sector-specific cyberse-
sors included the Michigan Defense College, a nonprofit business school
curity training. Heimer is a SEMA Vehicle
Centers Protect and Grow program, based in Southeast Michigan that Electronics Task Force cybsercurity
which is an operation of the Michigan has launched one of the only cyber- member, and sits on the U.S. Government
Economic Development Corporation security programs in the nation to Fleet Managers Steering Committee.
(MEDC) that was established to bring focus on automotive and transporta- Heimer is also co-founding the U.S.
attention to and promote opportunities tion. Its curriculum adheres to U.S. Army TARDEC & Commercial CyberTruck
"Challenge" sponsored by the Michigan
of growth within Michigans defense in- Department of Defense and National Defense Center's Protect and Grow
dustry and includes a strong cybersecu- Security Administration standards and Initiative, based on the CyberAuto
rity component. Other entities involved course requirements. Some of the stu- Challenge model.
in the challenge included PeopleNet; dents enrolled in this program were

CyberTrend / August 2017 43

r rr t
rt r t r tts r
r r r r rr
trr r rr rt s
r t r t t
r ts s r r s
r t r r r t
rr r s r rq
r rr r r
r r r t r
r r rs t r r
r r r r
r rs rr r
P r s t rr r
r r rr t
s rr r r
rr s r rr
t t
tr r tr t rt r
P rt t r r rts r
r r s
t r r t r t t
r r rr

t t tt

t t t t t
t t t t
t t t s
t t t t

t t
t tt t t
t t t

t t t t
t tt
tt tt
t t
t t t t
t t t t t t tt tt t t
t t t t t t t t
tt t t t t t t
t t t t t t t t tt
t t t t t t
t t t t t t tt tt
t tt t
t t t t t t t tt t
t t t t t t
t tt t t t t t tt t t
t t t t t t t t t
t t t t tt t t t
t t t t
t tt t tt tt t t
t t t t t t t t t
tt t t t t t t tt t t t
t t t t t t
t t t t t t t t
tt tt
t tt t t t t t tt t
t t t t t t t t t t tt
t t tt t t t t tt t t t
tt t t tt t t t t t t
t t t t t t t t
t t tt tt
ttt t t
t tt t t tt t tt
t t t t t t tt t t t
t t t tt t t t t
t t t tt t
t t t tt t t tt t t
t t t t tt
t tt t t t t t t

and can therefore spot a fake, but if the and Westervelt agree that the best prac- potentially harmful to the ransom-
hacker creates a convincing fake en- tice is to never pay the fee, regardless of ware market as a whole. As fake
crypted ile or landing page, this may whether the ransomware threat is real. ransomware grows, it significantly
fool the victim. Still, the best line of Menting warns that simply paying up erodes the chances of victims paying
defense, at least when it comes to the encourages this type of attack and that up, says Menting. There is only
identiication process, is for companies more cybercriminals will take part if a small window of success for fake
to have knowledgeable security experts the payout is high. he problem, how- ransomware, until the reputation precedes
on staff, or at least have access to ex- ever, is that many organizations dont it and victims become ever less likely to
perts, who can help see through basic have strong enough data backup systems pay over a ransom. I suppose it is a sort
deceptions, leverage their own skills, in place and lack the resiliency and re- of cannibalization of its own market, until
and apply their intelligence about the solve required to stand up to these types it annihilates itself. But for most com-
ransomware market to the problem, of attacks. In those situations, without panies, it isnt enough to just hope the
Menting says. a proper response plan in place, they market caves in on itself, and so they have
prefer to pay up in the hope of getting to make a critical business decision in the
How To Deal With Ransomware their assets back, Menting says. event of a ransomware attack.
When it comes to how to handle Menting once again goes back to Best practices dictate to never
ransomware situations, both Menting the idea of how fake ransomware is pay the ransom, but we have seen

Total Ransomware
Source: McAfee Labs, 2016

CyberTrend / August 2017 47

t tr r
t rt

t r r t
rs t t r
tt r trt t
trr t t t

t s r r r
r s t t rt
ts t t t t
rt r r t
t r s

r t t
ttt t r
trt r
t rt t r q
t t t t ttr
tr t t trtr
t t t t tt tt t rrtt t
trt t t tt t rrt r r trr tt t r
t r t r r r r tr t r t r t r
t tr t t t rtrt r t t rs r t trt
tts tr r r t r r t r t
r tt rt t t r r r rr t trr t
t rt s t t r t t r rt tt t tr t r
t rt t t rt r r t t rt t r
t rt t t t t ts r tt r t t rt r tt
t t tr tt t r s tr tr rtt r t
t rt t t r rt rt t r r tr
t r r t t tt t t t t r sr r t r
r t rt r rt r tr t r r r r t t t t
t tt t r r ttsr r r t tt t t t s r r rt
tr r r t t r t r r t t t t
t s t rt t t t rt r r t
t rtr t tr t trr t r
r t t r r t rt t tt rs r t r t trt
t t rt t rs t t t t tr tr rt t t
tts rtt t rt rt
t rt r rt t t tr t t
tt rr t t tt rt tr t t
rt t t r tt rtt tr ts t s r
t s r r r trt r t t rt r t r
t rt r r r r r t t r t t
tt t rtrt tr rt r rt t t t t r
t r tts t rt rt rtr t s rr
tt t t tts trt tr t r t t r
t tr r r r r rt rr t tr tt t t rtt
rt t t trt tt t trt trt
t t t t rr t t rs rt r t
tr tt t t t t rt rt trt t t t r tt r
t t trt r r rt s t r t r

r r tt t t t t
t tr t t r t t t t r
P t t t t tt
P P t t r
P P r tt t t t tr t t r
P r t trt rr rt
t t r tr t t
t tt t t tr rr t
P q r t r rr t
P P s t t rt tt t r
P q P r t rr tr tr
r t rt r tt t r rt
P sPP t tr t tr r r t rr
q t r t
PP r t t rr tt t t rt r
q r r t rr
q t t r t t
tt rr r trtrr
P r r rr t rt t r
P rt t t r r trt t
r t r rt trt rr
r t rr t t r r t
t t t rt t t r

ttrr tr tt
t rrr t t t
tt t t tr t t tt
r r
t t tt
t t t

t r r r
tr t t t
t r
r t rr t t r
t t t r
tt r
t t t t
t rr r r
r t
r r
r r t r
rs t t t
r t
tr r
r r rt r
r tt
t r
t rt t
t t r rt r r t t t t
r r rr tr r t
tt rr r r r r rt t r
r r
t r r r t t r
t tt t t t r t tt r t t rt
r tr t t r t rr r t rr rt
r r t t t t r tt t r t
t t t tr tr t tr r t r
r t rt trt t t tr t tt
t r r tts t rr t rr rt t
r t t tt t trt t tr r r
r r tt r t tt t t r t r
t t t t t r r tt trt t r
r t tr tr tt r t r t t
t t t t t rt r r t t
r r r tt r t t tr
t t t t rt t t r
t t t t t t r rt rtr t r r
r r t tt r t t r t rt tt tr
tr t t t t t tr rt r r
tr t r tr t t r r t
t t tr r r t

r r t r rt r t tt t t t r rr
r tr t t tt r t r t tr trt
r tt r t t r r rr t t
r tr rt r t t r t r r
t t tr rtt rt t t tr r r
t r t t t r r t r t r t t
r tt t r r t r r trt t
r r tr r tr t t r r t r r r t
r r tr tr r r r r t
rt tt t r t r tr r t rr
r r t r tr r t t t
r tr r r r r t r r
r rt r r
t rr r
r t tr t t r
rt t t t r r
r r t r
t tt r
t tr r r t
t t r r
t t t tt rt r t
t t rr
tr r t
r r
r r t trr
t r
t tt t t t
r t trt rr
t t t tr
t r r r
tt r t r r r t rt ttr r
tr t t t t t r r r rtt
t t r r rt r t tt t r t
t t tr t tt tt r r t r rt
r r r t r rr rt tr
t rt r t r r trr tt tt
t t t r tt r rr r t rtr tr r t
tt r t t rtt r r t t rr r r r
t t r t t t t r t
t r r tr tt t t tt tt
t t t r r r r r t tt r t r
t t t r t rrt t r
r t t r t trr rt r
t t r r t rt tt r t rr t rtr t
r t t t t t t tr t tr t r
trt tt r r t t s t t t t rr
rt t r t t r t r t t r r t rtt r t t

tt tr
rt tt
t rr r

rtt r r rt
r rrt
t t t t trr
t t t t t
r r t
t t tt t

rt tr
t t
t r t
t r trt rr
t ttr t t t
r r t tr
t tt r t trt
r rt rtr t
t t t t
r r
rr tt tr
r t r t
rt t t rr trt t t r r
r t r r r tr r t r r t t r r t
r tr r t t tr t r
t r trt ttrrt rt tr t r
tt tr t r tt t r t rt
tr t tt r t
ttt t t r
tr rr r t rtt t
t t r t r
t t
rt tt tt t t tr
rr ttr t t
t t t tt r
r t t
r t r r r
t t t
tr tr t
trt r t
rt rt r tt
t sr r
t rt t
r t r r
t r t t t
r t t rt t

r r t t rt t r r t t r r
t t rt t t t r r rr tt r t t
rr t t t r r t t r r tr r r
r t t r r t tt
r r t r r t r r rt r r
rt t tt r t tr t t r
r t t t r r r r t r r t r r
r r t t t t tt t t r r r t
rt r r t ttr tr r rt r t
t t r t t r r tt r r t r
tt tt r t r t r r r t r t
r t t rt r r t r t r
t t r t t r rt r
rt t t r t r r t r r t r r r t
t tt t rt r t r r t r r
t t r tt t tr tt t t t r r t
tt t r t t t tt t t rt t t
r r t r rt t t t rt t t
tt r r t
r tt r t r t r r
r t t r t t t rt
r t t r t t r t r t
r r r t t t t t t t tr t r r
rt t t tr t t t rt
r r t r r t r t rt r
sr rr rt r st t r r

t t

sP s

sP s t
P s
s s

P P s


r r r r r
r rr r r r
r r r r
r r r
r r r r rr
r r r r r
r r r r

r r r r sr r rr sr s r
r r r sr r s r r
s r r r r sr s rr
r r sr rr r r
r r r r s r sr r rr
s r r
r r r r sr r r s r
r sr s r r r
r r s r r sr r
s s sr s
rs t r r s r
r s r r s r r r sr sr
r s r r s

rt trtt t t trtr rt t r r t rt tr
r tr t trr tt t r
r t trtr r r t t t t tr r t tr r t rt
r t t t r trtt t r t t tt rr t t t
r r r t r rt t r t r
tt t rr rt trtt t r t t t t r
tt r t r r t t tr t t r r t
t r t trt r t r t t t t r t rt tr r
t t t t t t rt tr t t s t tr
tt r rr r r t r t r t t r
t r t t
rt t r t
r rr


rt t trt r t t t s

t t ttr r rt rtt t t r r t

tt t t r sr r t s t rt s t r trt t

t t tt rt r t rt s rt tt r t

tt t trt t t r t t trt tt tr r

t s t rt rt r ss t r tt r t

t t rt tt t t r t t r t t r tt

tt r t tr srt t t t t t tr t t s

t rt tt r t t tr tr

tr t r r tr r rr t tt t tr t r t t

s t r t rt r s t t t

t r t r rsr r t t r t tr t t

t tr r tt t r r sr

t t tt t Ptt t tt
t t t t t t t t
t t t t tt t tt
t t t t t t t t t
t t t t t t t t t t
t t t t t t t tt t t t tt
t t t t tt t t tt
t t t tt tt t t t t
t t t t tt tt
t t t t t tt
t t tt t t t
t t t tt t tt t
t t tt

t t tt t r t r
t t rt
t t tr r rtt r r
t r r
t t rr rt r r
rt tt tr t t t
tr rt t r r
t tr t r r rt
rt t r t t t tr
rt r t r tr r
t t t tr rt rr
t rt tt tr t
tr t r t tr r t

r rtr tt trr rt t r r t t
t tr r r t rt rt t ttr t tt t
t tt rt r tr tr rt t rts r r tts rt
t r r r t r r r t tr t t
t rt t t t t t t tr t
rttr t rt rt t t t rt t rts t
trs r r r tr r rrs t t t r tt t t rt
tt tr t r t rt r r r t r r r
rt rr rt r t t t t t rt
tr t t t rt t t t r s t t r t t s
t t rts
t t t r P
t tr t t t rt r rt t
t tr t r r trt t t
t t t t t t t t t t s
tr r t s t tr t t t r rt
t s t r t t r r tr r t
t tr rt tt t t tr tr t r
r t r r rt r t rt t r rt r
t rts tt t tr tt rts
s t t r t t r t r r t
t rt tr tr t tr t r rt t
r r tr rt t t t t t rs r

t r trr r r
r rr r t
q r t r r r r r rr
t r r r r t r
r t rtr r rr r t r rr r
tr r r t r t r rr
r r r r r r
r r r
r t r r r r r r r
r r rt r r t rt
rt r t r
r r t r
r t r r r r r
r t r r r t r r
r r r
q r
r r r
t r
r r rt t t t

r t t t
rt r r
t t r rt
r rr r
r r rt
t t
r r r
t r rt r r
r r rrt r
r r rt r r r rt r
r r t r r t r r r
t r rt r r
r r r r r t r r r r r
t r rtt r r rr
r r r r r r r r r
r tt r r r r t
r r r r r rr t
r r t tr r r r r r r
r rrt rs rt t rt
r r r r r rr r r
r r r rt s r r
tr t r tt tr t t r r r
rt r r r r rt q
r r t r t
rr rt r t r
r r
r ttt tt t r r
r r t t r


s s



s s
s s

s s
s s
s s
s s s s s s
t s s s
s s s
s P s s
s s s s
s t
s s s
s s st P
t s s s
s ss s
s s st
ss s P s s P s
s s s
s P ss
s s s s s
s s
s s
s s P
s s t s st
s s ss s
P s


How Air Quality Can

Impact Energy Efficiency Today there are high efficiency filter technologies
One area you might available with pressure drops that are far lower
not immediately think of than high-efficiency passive filters. This technology
when talking about energy
efficiency is air quality. can sometimes allow HVAC system designers to
You hear a lot about how use smaller fans. The filter technology offers dust
important it is to main- loading capacities and the ability to remove ultra-
tain hot-aisle/cold-aisle
arrangements and similar fine particles (those smaller than 0.3 microns) and
approaches, but the actual black carbon from automobile exhaust. They oper-
quality of the air is also ate at low static pressures for longer intervals.
crucial to making sure
- Robert F. Goodfellow, CAFS, Vice President of Marketing, Dynamic Air Quality Solutions
your systems are operat-
ing correctly. Robert F.
Goodfellow, CAFS, vice president of ilter technology offers dust loading mind, the energy cost savings and
marketing with Dynamic Air Quality capacities and the ability to remove operational cost savings can depend
Solutions, says that historically, il- ultraine particles (those smaller than on the type of equipment, geography
ter eficiency has been at odds with 0.3 microns) and black carbon from and climate.
energy eficiency, but adds that this automobile exhaust. They operate at For example, if you live in an area
is no longer the case. In the past, low static pressures for longer inter- with a cooler climate, you might
with mechanical ilters, static pres- vals. In the case of the Dynamic V8 be able to use outdoor air for cool-
sure resistance increased as ilter efi- Air Cleaning System, filter service ing your data center. However,
ciency increased, which resulted in a life is measured in years instead of Goodfellow explains, while this
loss of eficiency, he says. In other months which translates to additional allows facilities to conserve cool-
words, the more eficient the air ilter, operational savings to boost PUE. ing energy, the use of more outdoor
the higher the drop in pressure and the air can increase the potential expo-
higher the brake horsepower required Potential Cooling Equipment sure to hazardous airborne contami-
to operate the fans that deliver ade- Upgrades To Consider nants. This can occur gradually, such
quate airflow to the data center. When it comes to improving ener- as through a buildup of ultraine air
Today, air ilter manufacturers are gy efficiency, cooling equipment is particles from car exhaust and other
working to create high efficiency often the first place you look, and pollution, or as a result of one sin-
ilter technologies with much lower often before you would consider air gle large scale event, such as a forest
pressure drops than the filters that quality or power equipment. And per- ire, Goodfellow says.
came before them, which means that haps thats why there are so many This is where air filtration would
you can properly ilter the air with- approaches you can take to improv- come into play. There are air clean-
out negatively impacting eficiency, ing eficiency while still cooling your ing systems available today that can
or at least minimizing the impact. equipment to the proper temperature. effectively clean incoming ventilation
This technology can sometimes Goodfellow points out that while air and recirculated indoor air and
allow HVAC system designers to use there are many ways to upgrade your can do so without the large energy
smaller fans, says Goodfellow. The cooling equipment with eficiency in penalty, Goodfellow says. And thats
perhaps the most impor-
tant thing to remember
The PDU construction should be evaluated to about energy efficiency.
There isnt necessarily
ensure that the connections are reliable and are going to be one silver bul-
not generating excess heat, which is a power let that solves all of your
loss. Often, the PDU is used as a point-of-use problems. Rather, you
may have to take multiple
monitoring device that can point out inefficien- approaches complete with
cies within the IT equipment in utilization of the dozens of granular adjust-
circuits or the servers. ments in order to receive
the efficiency gains you
- Brad Wilson, President, Geist
desire. P

68 August 2017 /

If quality time with the latest, fastest home computing technologies is your
idea of well-spent leisure time, CPU is the magazine for you. Each month CPU
serves up how-to articles, interviews with tech industry leaders, news about
cutting-edge research, and reviews of the newest hardware and software.

Check out the latest edition right

now at
or on your iPad via the iTunes Store.

r r r