Skip to content

The Zero Trust AI Governance Framework

The rapid pace of AI development has generated excitement about its transformative potential. However, concerns have also emerged around the responsible deployment of these powerful technologies. As debate continues on AI governance, stakeholders aim to strike the right balance between enabling innovation and ensuring accountability.

Calls for Increased Oversight

Accountable Tech, the Electronic Privacy Information Center (EPIC), and AI Now state that reliance on voluntary self-regulation from AI developers has proven insufficient thus far. They point to flawed systems being rushed to market, while industry leader warnings of existential risk ring hollow given quiet lobbying against meaningful accountability measures.

These organizations have drafted a Zero Trust AI Governance Framework aiming to address these concerns through increased oversight and corporate accountability of AI systems and development.

What Does the Framework Call For?

The framework puts forward three core principles:

  1. Enforcing existing laws vigorously, including consumer protection, anti-trust, liability, and anti-discrimination laws.
  2. Establishing clear, enforceable rules that prohibit certain uses of AI like emotion recognition and predictive policing. Calls for limiting data collection and sharing are also included.
  3. Requiring companies to prove their AI systems are not harmful through documented risks assessments, testing protocols, monitoring, and independent audits to detect flaws, bias, and misuse.

How AI Poses New Security Challenges

AI poses various risks in the realm of enterprise security. Some of the top AI-cyber attacks and threats include:

  • AI-Powered Malware: Malware that harnesses AI to self-modify and dodge detection in changing environments.
  • Advanced Persistent Threats (APTs): These prolonged assaults use AI to bypass detection while zeroing in on distinct targets.
  • Deepfake Attacks: AI-generated synthetic media is used to impersonate individuals for fraud or disinformation.
  • DDoS Attacks: Threat actors can employ DDoS attacks that leverage AI to pinpoint and exploit weak links in networks, amplifying the extent and severity of breaches.
  • Phishing: Through machine learning and natural language processing, attackers design persuasive phishing emails to ensnare unsuspecting users.

Applying Zero Trust to AI Governance

Organizations can help limit AI risks by leveraging key zero trust principles including:

  • Least-Privilege Access: Applying least-privilege access controls could help restrict data access and prevent unauthorized aggregation of training data sets that raise privacy concerns.
  • Continuous Verification: Implementing continuous verification of users and devices could mitigate risks of deception attempts or social engineering by AI systems.
  • Segmenting Access: Monitoring all activity and segmenting environments into separate trust zones could aid oversight and make auditing easier to catch flaws, biases or misuse.
  • Strong Authentication: Mandating multi-factor authentication at a minimum helps ensure users engaging with AI systems are properly authenticated first. Passwordless methods offer even great security for user authentication.

Closing Thoughts:

As AI systems continue to advance and proliferate, organizations must take steps to ensure these powerful technologies are deployed securely and responsibly. Additionally, by adopting zero trust principles, enterprises can mitigate many of the risks outlined in the Zero Trust AI Governance framework while bolstering their security posture.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Don´t skip out on this Back to School supply

Yes, you heard it. Back to School is officially here. Most parents are relieved, and most children are horrified. And yet, there is at least one stressful component of the Back to School run for parents as well, and that is school supply shopping. Pens and papers, notebooks and pencils, bags, and pencil cases. All are things your children need to be successful this next school year. But there may be one area you are omitting. 

ESET Mobile Security Premium and ESET Parental Control is now 50% off! Read more to find out why it may be the best solution for you.

Both your children’s, and your own cybersecurity, is nothing to take lightly. A lot of people opt to buy their children a smartphone before returning for a new school year. Understandably so. You want to be able to reach your kids, know when they´re getting home, where they are. A great way to do that is by using parental control.

But that is not the only protection your child´s and device needs. In the ever-so-changing threat landscape, mobile device protection should be one of the top priorities for both kids and adults. After getting a new phone, installing a security solution should be the first thing to do. And when getting your child a phone, teaching them how to stay safe and secure is a must.

A few digital security tips to follow and teach your kids:

  • Use a strong passphrase
  • Do not click on unknown attachments and links
  • Keep your device up-to-date
  • Do not share personal information online
  • Back up your data regularly
  • Do not leave your mobile phone unattended and unlocked
Try ESET Mobile Security Premium 50% off right now
 

The most necessary Back to School supply?

A simple answer; digital security solutions. One that is easy to use, deploy and which covers most of your security needs. Our phones are powerful tools, one that can easily turn into a an issue if not secured properly. Keeping it safe is key to ensuring a smooth and safe Back to School period.

A great way to start is with ESET Mobile Security on your Android mobile devices. It’s a solution that ensures protection against a multitude of mobile threats while also securing users’ data.

ESET Mobile Security aims to provide a safe environment by leveraging its various security features, including: 

  • Anti-Phishing- integrates with the most common web browsers (Chrome and many others) and protects you from most common phishing attempts
  • Anti-Smishing – protects you from SMS and App notifications containing malicious links
  • Antivirus – protection against malware: intercepts threats and cleans them from your device
  • Payment protection – lets you shop and bank safely online
  • App lock – requires extra authentication to access sensitive apps; protects content when you’re sharing a device
  • Anti-Theft – a powerful feature to help protect your phone and find it if it goes missing
  • Network inspector – scans your network and all connected devices to identify security gaps
  • Call filter – blocks calls from specified numbers, contacts and unknown numbers
  • Adware detector – identifies and removes apps that display ads unexpectedly
  • Real-time scanning – scans all files and apps for malware
  • Scheduled scans – checks your device every time you charge it, or whenever you want
  • Security audit – checks an app’s permissions
  • Security report – provides an overview of how secure your device is
  • USB on-the-go scanner – checks any connected USB device for threats
  • Up to 5 devices – pay once, protect 5 devices associated with the same Google account

ESET Mobile Security makes your Android phones and devices easy to find and harder to steal, and it helps to protect your valuable data.

If you want to protect your phone with ESET Mobile Security, you’re in luck! From August 21 to September 3, the premium version of ESET Mobile Security will be 50% off. No need for a promotional code; the discount will automatically be added to your checkout! It couldn’t be easier.

One-stop security supply shop
Deepening you digital security and developing knowledge about it is just as important these days as helping children navigate dealing with strangers. Educate yourself on the common security threats on WeLiveSecurity, an award-winning cybersecurity blog. Talk to your kids and guide them through wonders and pitfalls of the online world. Make sure they feel safe and welcome when coming to you with any and all issues.

Happy Back to School!

To better educate yourself and your children, visit saferkidsonline.eset.com.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET  
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

What is Credential Stuffing? And How to Defend Against It

While credential-stuffing attacks are nothing new, they have been on the rise in recent years. For example, security researchers detected 193 billion credential-stuffing attacks worldwide in 2020, and 3.4 billion of these were in the financial sector. That’s a surge of more than 45% from the year before. And more recently, the first quarter of 2022 saw so many credential-stuffing attacks that the traffic from these attacks surpassed legitimate login attempts in some countries.

With the spike in these attacks, organizations are under pressure to develop solutions to tighten their network access control and keep cybercriminals at bay. Luckily, several security solutions can eliminate these attacks, namely passwordless authentication methods like certificate-based authentication. With this in mind, let’s explore everything you need to know about credential-stuffing attacks and how to prevent them.

What is Credential Stuffing?

Credential stuffing is a type of cyberattack wherein attackers utilize large sets of stolen username-password pairs to gain unauthorized access to user accounts. Central to this strategy is “password recycling,” where users reuse the same passwords across multiple online platforms.

In a typical scenario, cybercriminals might procure credentials leaked from one breach and then attempt to use these credentials on other sites, banking on the tendency of users to repeat passwords. For example, if a hacker obtains login details from a compromised e-commerce site, they might try those same details on popular email or social media platforms. If the user has recycled their password, the attacker can gain entry, potentially compromising more sensitive information.

Credential stuffing works because password recycling is rampant. For example, one study found that 72% of people reuse passwords in their personal life, while nearly 50% of employees simply add a character or digit to their password when a forced reset rolls around. And another worrying study found that 25% of employees use the same password across all logins.

Why Are Credential Stuffing Attacks Increasing?

The alarming increase in credential stuffing attacks is directly linked to the escalating number of high-profile and low-profile data breaches. While significant breaches capture media attention, countless smaller businesses suffer quietly, potentially compromising hundreds of records in each incident.

So, what’s fueling the growth of credential-stuffing attacks? The answer lies in the sheer abundance of stolen passwords. The underlying principle of a credential-stuffing attack is straightforward: the more stolen passwords hackers have in their arsenal, the more they can try to access other systems using those same credentials. These stolen passwords, typically a byproduct of data breaches, are frequently sold on the dark web.

This explosion in available username-password pairs offers a treasure trove for hackers, making it easier than ever to infiltrate various services and apps. The result? A vicious circle: data breaches lead to more stolen credentials, which spur more credential stuffing attacks, resulting in even more data breaches.

And the absence of modern security measures further exacerbates the situation. Multi-Factor Authentication (MFA) — an authentication method that requires users to provide two or more verification factors — is often neglected, making systems more vulnerable. Similarly, passwordless authentication methods, like certificate-based authentication, which uses digital certificates instead of traditional passwords, aren’t as widely adopted as they should be. These advanced security practices can add an extra layer of protection, making it much more challenging for hackers to gain unauthorized access.

Credential Stuffing Prevention – The Best Methods

In today’s evolving cyber landscape, the key to robust defense lies in multi-layered security.

Multi-Factor Authentication

Defined by its use of multiple verification methods — something you know (like a password), something you have (a security token or a phone), and something you are (biometric data like fingerprints or facial recognition) — MFA is a powerful adversary to credential stuffing. This is because even if a hacker obtains a user’s username and password, MFA still requires an additional verification step that the hacker will most likely be unable to bypass. It’s akin to a thief having the key to your house but still unable to get in without the alarm code.

It’s worth noting that while MFA can help prevent the majority of credential-stuffing attacks, it does have some limitations:

  • Phishing Attacks: Sophisticated phishing schemes can trick users into revealing their MFA credentials, like one-time codes.
  • Man-in-the-Middle Attacks: Cybercriminals can intercept MFA tokens in real time, allowing unauthorized access.
  • Account Recovery Loopholes: If MFA recovery processes are weak, hackers can bypass MFA by exploiting the password recovery mechanism.
  • SIM Swapping: By convincing telecom providers to switch a user’s phone number to a new SIM, attackers can hijack MFA tokens sent via SMS.
  • Social Engineering: Cybercriminals can use social engineering tactics manipulate customer service representatives or other personnel to bypass or reset MFA settings.
Secondary Passwords, PINs, and Security Questions

Besides the primary password, users can be prompted to provide an assortment of security information. This might be a PIN, select characters from an auxiliary password, or answers to personal security questions. Again, this provides an extra layer of protection that should stop a cybercriminal in their tracks.

Although layered, it’s essential to understand that secondary passwords, PINs, and security questions don’t count as MFA and still have limitations. For example, they suffer from the “same factor vulnerability,” where both primary and secondary passwords belong to the “something you know” category. Essentially, it lacks diverse authentication factors. Similarly, many users choose easily guessable information for their PINs or answers to security questions, like birthdates or a pet’s name.

CAPTCHA

CAPTCHA is a popular deterrent for automated login attempts, a backbone of credential stuffing. By making users solve a CAPTCHA, you can slow the onslaught of bots, putting a dent in their attack momentum.

However, CAPTCHAs aren’t perfect. Advanced tools can decipher them. And they’re also poor from a usability perspective – users become frustrated at solving CAPTCHAs and see it as an annoying waste of time.

Device Fingerprinting

Device fingerprinting is a technique that captures specific attributes of a user’s device, such as the browser type, version, screen resolution, and even more granular details like the set of installed fonts. By building a unique profile for each device, organizations can employ network access control mechanisms to determine whether a login attempt is coming from a recognized or unfamiliar device.

Device fingerprinting adds an extra layer of security against credential-stuffing attacks. If an attacker attempts to gain unauthorized access from an unrecognized device, the network access control can trigger additional authentication requirements or block the access attempt outright. This proactive approach makes credential stuffing significantly more challenging for cybercriminals.

Certificate-Based Authentication

Certificate-based authentication is paving the way for a more secure online realm, especially as data breaches soar. It’s a type of passwordless authentication, which, as the name implies, is a method of verifying users without requiring them to enter a password.

Certificate-Based authentication uses digital certificates to verify a user’s or device’s identity. This is much like showing an ID card in a digital context. Here’s how it works:

  1. The user or device holds a private key and a corresponding digital certificate.
  2. When trying to authenticate, the user or device shows the digital certificate to the server.
  3. The server then sends a challenge to the client, asking it to prove it has the private key.
  4. The client signs the challenge using its private key.
  5. Using the public key from the certificate, the server checks the client’s signature, confirming the client has the matching private key and authenticating it.

As data breaches rise, more companies are pivoting to certificate-based methods. Why? Traditional tools like CAPTCHAs and even Multi-Factor Authentication (MFA) can still be susceptible to attacks. However, stealing a digital certificate is notably harder than guessing a password or tricking a CAPTCHA system.

As we touched on above, while other methods can significantly enhance security, they’re not infallible. Attackers have found ways around SMS codes or can exploit weak secondary questions. On the other hand, certificate-based authentication ties the authentication to a unique digital certificate – not something easily replicated or stolen.

Benefits of Certificate-Based Authentication:
  • Enhanced Security: Digital certificates are more challenging to compromise than traditional passwords. They employ cryptographic techniques, ensuring a higher level of security and complexity compared to easily guessable or hackable traditional passwords.
  • Reduced Friction: Users don’t need to remember or change passwords periodically. Periodic password changes tend to lead to insecure human behavior, like altering previous passwords by one digit.
  • Scalability: Easily deployed across large enterprises without the hassle of managing numerous passwords.
  • Resistance to Phishing: No passwords to steal means phishing attempts are less likely to succeed.
  • Cost-Effective: Reduces the overhead of password reset requests and support related to password issues.

Final Thoughts

Credential stuffing attacks, while not a new threat, have seen a sharp rise in recent years, and this upward trend shows no signs of abating. In fact, with more and more stolen credentials making their way onto the dark web, we can expect credential-stuffing attacks to become even more prevalent in the coming years.

As a result, the need for robust security measures and stringent network access control is greater than ever. Among the available defenses, certificate-based authentication stands out as the best solution, offering unparalleled security against the ever-evolving menace of credential stuffing.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

How to sync data from MySQL to Google BigQuery using Debezium and Kafka Connect

Syncing data from a MySQL database to Google BigQuery can be a great way to keep your data up to date and easily accessible for analysis. In this article, we will explore the process of setting up Debezium and Kafka Connect to sync data from MySQL to BigQuery, providing you with all the information you need to get started. 

Why use Debezium and Kafka Connect? 

Debezium and Kafka Connect are open-source platforms that provide a powerful solution for streaming data changes in real-time between systems. That real-time interaction allows you to keep your data in sync and easily accessible for various use cases such as real-time analytics, data warehousing, and data pipeline integrations.

High level solution diagram

solution architecture

solution architecture

Technology used

Before we go into the details of setting up Debezium and Kafka Connect to sync data from MySQL to BigQuery, it is important to understand the technologies that you will be using and how they are connected.

Change data capture

Change Data Capture (CDC) is a technique for capturing and recording all the changes made to a database over time. This allows for real-time data replication, making it easy to keep multiple systems in sync.

CDC does this by detecting row-level changes in database source tables, which are characterized as “Insert,” “Update,” and “Delete” events. CDC then notifies other systems or services that rely on the same data.​

Apache Kafka

Apache Kafka is a distributed streaming platform that is used for building real-time data pipelines and streaming applications. It allows for the storage and processing of streams of records in a fault-tolerant way.

Kafka Connect

Kafka Connect is a framework for connecting Kafka with external systems such as databases, key-value stores, search indexes, and file systems, using so-called connectors.​

Kafka connectors are ready-to-use components that can help you to import data from external systems into Kafka topics and export data from Kafka topics into external systems. You can use existing connector implementations for common data sources and syncs or implement our own connectors.​

Debezium

Debezium is an open-source platform that allows you to easily stream changes from your MySQL database to other systems using CDC. It works by reading MySQL binlog to capture data changes in a transactional manner, so you can be sure that you’re always working with the most up-to-date data.

By using Debezium, you can capture the changes made to the MySQL database and stream them to Kafka. Data on the changes can then be consumed by Kafka Connect to load the data into BigQuery.

BigQuery setup

1. Creating a BigQuery project and dataset:

a. In the Google Cloud Console, navigate to the BigQuery page and create a new project (Creating and managing projects | Resource Manager Documentation | Google Cloud). We will name it “mysql-bigquery” for this tutorial.

b. Within the project, create a new dataset (Creating datasets | BigQuery | Google Cloud). We will name it “debezium” for this tutorial.

c. Note that Debezium will automatically create tables in the dataset that match the structure of the MySQL tables being monitored.

2. Creating a GCP service account with BigQuery editor role:

a. In the Google Cloud Console, navigate to the IAM & Admin page and create a new service account (Creating and managing service accounts | IAM Documentation | Google Cloud).

b. Give the service account a name and description, then select the “BigQuery Data Editor” role

3. Generating and downloading a key for the service account:

a. In the Google Cloud Console, navigate to the IAM & Admin page, find the service account, and click on the three dots on the right, then select “create key” (Create and manage service account keys | IAM Documentation | Google Cloud).

b. Select JSON as the key type and download the key file.

c. Store the key file securely and use it to authenticate the connector in Kafka Connect when accessing the BigQuery dataset.

Tutorial

To start syncing data from MySQL to BigQuery we will need following components:

Start required services

1. Let’s start with creating a new directory. Open Terminal and run:

1

$ mkdir mysql-to-bigquery

2

$ cd mysql-to-bigquery

2. Create a plugins directory

1

$ mkdir plugins

3. Download Debezium mysql plugin:

4. Download BigQuery plugin and put the contents into your plugins directory (in this tutorial we are using version v2.4.3). Now your plugins directory should look like this:

1

$ ls plugins

2

debezium-connector-mysql wepay-kafka-connect-bigquery-2.4.3

5. Create a new file (“docker-compose.yml”) with these configurations:

1

version: ‘2’

2

services:

3

zookeeper:

4

container_name: zookeeper

5

image: quay.io/debezium/zookeeper:2.1

6

ports:

7

2181:2181

8

2888:2888

9

3888:3888

10

kafka:

11

container_name: kafka

12

image: quay.io/debezium/kafka:2.1

13

ports:

14

9092:9092

15

links:

16

zookeeper

17

environment:

18

ZOOKEEPER_CONNECT=zookeeper:2181

19

mysql:

20

container_name: mysql

21

image: quay.io/debezium/examplemysql:2.1

22

ports:

23

3306:3306

24

environment:

25

MYSQL_ROOT_PASSWORD=debezium

26

MYSQL_USER=mysqluser

27

MYSQL_PASSWORD=mysqlpw

28

connect:

29

container_name: connect

30

image: quay.io/debezium/connectbase:2.1

31

volumes:

32

./plugins:/kafka/connect

33

ports:

34

8083:8083

35

links:

36

kafka

37

mysql

38

environment:

39

BOOTSTRAP_SERVERS=kafka:9092

40

GROUP_ID=1

41

CONFIG_STORAGE_TOPIC=my_connect_configs

42

OFFSET_STORAGE_TOPIC=my_connect_offsets

43

STATUS_STORAGE_TOPIC=my_connect_statuses

6. Let’s start the services:

1

$ docker-compose up

You should see an output similar to the following:

1

...

2

2023-01-16 15:48:33,939 INFO || Kafka version: 3.0.0 [org.apache.kafka.common.utils.AppInfoParser]

3

...

4

2023-01-16 15:48:34,485 INFO || [Worker clientId=connect-1, groupId=1] Starting connectors and tasks using config offset -1 [org.apache.kafka.connect.runtime.distributed.DistributedHerder]

5

2023-01-16 15:48:34,485 INFO || [Worker clientId=connect-1, groupId=1] Finished starting connectors and tasks [org.apache.kafka.connect.runtime.distributed.DistributedHerder]

7. Check if Debezium is running with Kafka Connect API.

1

$ curl -i -X GET -H “Accept:application/json” localhost:8083/connectors

An empty array in response shows that there are no connectors currently registered with Kafka Connect.

8. We also have MySQL running with an example database inventory. You can check what tables are there by running:

1

$ docker exec -it mysql mysql -uroot -pdebezium -D inventory -e “SHOW TABLES;”

2

+———————+

3

| Tables_in_inventory |

4

+———————+

5

| addresses |

6

| customers |

7

| geom |

8

| orders |

9

| products |

10

| products_on_hand |

11

+———————+

1

$ docker exec -it mysql mysql -uroot -pdebezium -D inventory -e “SELECT * FROM customers;”

2

+——+————+———–+———————–+

3

| id | first_name | last_name | email |

4

+——+————+———–+———————–+

5

| 1001 | Sally | Thomas | sally.thomas@acme.com |

6

| 1002 | George | Bailey | gbailey@foobar.com |

7

| 1003 | Edward | Walker | ed@walker.com |

8

| 1004 | Anne | Kretchmar | annek@noanswer.org |

9

+——+————+———–+———————–+

Configure Debezium to start syncing MySQL to Kafka

Now let’s configure Debezium to start syncing the inventory database with Kafka.

1. Create a new file (“register-mysql.json”) with these configurations:

1

{

2

“name”: “inventory-connector-mysql”,

3

“config”: {

4

“connector.class”: “io.debezium.connector.mysql.MySqlConnector”,

5

“tasks.max”: “1”,

6

“database.hostname”: “mysql”,

7

“database.port”: “3306”,

8

“database.user”: “root”,

9

“database.password”: “debezium”,

10

“database.server.id”: “184054”,

11

“topic.prefix”: “debezium”,

12

“database.include.list”: “inventory”,

13

“schema.history.internal.kafka.bootstrap.servers”: “kafka:9092”,

14

“schema.history.internal.kafka.topic”: “schemahistory.inventory”

15

}

16

}

You can find information about these configuration properties in the Debezium documentation.

2. Register a MySQL connector:

1

Bash$ curl i X POST H “Accept:application/json” H “Content-Type:application/json” http://localhost:8083/connectors/ d @registermysql.json

3. Verify that “inventory-connector” is included in the list of connectors:

1

$ curl -H “Accept:application/json” localhost:8083/connectors/

2

 

3

[“inventory-connector-mysql”]

4. You can now see database contents in Kafka. To see topics, run:

1

$ docker exec -it kafka bash bin/kafka-topics.sh –list

2

 

3

–bootstrap-server kafka:9092

4

...

5

debezium.inventory.addresses

6

debezium.inventory.customers

7

...

8

 

Let’s check debezium.inventory.addresses:

1

Bash$ docker exec it kafka bash bin/kafkaconsoleconsumer.sh bootstrapserver kafka:9092 topic debezium.inventory.addresses frombeginning

2

 

3

{“schema”:{“type”:“struct”,“fields”:[{“type”:“struct”,“fields”:[{“type”:“int32”,“optional”:false,“field”:“id”},{“type”:“int32”,“optional”:false,“field”:“customer_id”},{“type”:“string”,“optional”:false,“field”:“street”},{“type”:“string”,“optional”:false,“field”:“city”},{“type”:“string”,“optional”:false,“field”:“state”},{“type”:“string”,“optional”:false,“field”:“zip”},{“type”:“string”,“optional”:false,“name”:“io.debezium.data.Enum”,“version”:1,“parameters”:{“allowed”:“SHIPPING,BILLING,LIVING”},“field”:“type”}],“optional”:true,“name”:“debezium.inventory.addresses.Value”,“field”:“before”},{“type”:“struct”,“fields”:[{“type”:“int32”,“optional”:false,“field”:“id”},{“type”:“int32”,“optional”:false,“field”:“customer_id”},{“type”:“string”,“optional”:false,“field”:“street”},{“type”:“string”,“optional”:false,“field”:“city”},{“type”:“string”,“optional”:false,“field”:“state”},{“type”:“string”,“optional”:false,“field”:“zip”},{“type”:“string”,“optional”:false,“name”:“io.debezium.data.Enum”,“version”:1,“parameters”:{“allowed”:“SHIPPING,BILLING,LIVING”},“field”:“type”}],“optional”:true,“name”:“debezium.inventory.addresses.Value”,“field”:“after”},{“type”:“struct”,“fields”:[{“type”:“string”,“optional”:false,“field”:“version”},{“type”:“string”,“optional”:false,“field”:“connector”},{“type”:“string”,“optional”:false,“field”:“name”},{“type”:“int64”,“optional”:false,“field”:“ts_ms”},{“type”:“string”,“optional”:true,“name”:“io.debezium.data.Enum”,“version”:1,“parameters”:{“allowed”:“true,last,false,incremental”},“default”:“false”,“field”:“snapshot”},{“type”:“string”,“optional”:false,“field”:“db”},{“type”:“string”,“optional”:true,“field”:“sequence”},{“type”:“string”,“optional”:true,“field”:“table”},{“type”:“int64”,“optional”:false,“field”:“server_id”},{“type”:“string”,“optional”:true,“field”:“gtid”},{“type”:“string”,“optional”:false,“field”:“file”},{“type”:“int64”,“optional”:false,“field”:“pos”},{“type”:“int32”,“optional”:false,“field”:“row”},{“type”:“int64”,“optional”:true,“field”:“thread”},{“type”:“string”,“optional”:true,“field”:“query”}],“optional”:false,“name”:“io.debezium.connector.mysql.Source”,“field”:“source”},{“type”:“string”,“optional”:false,“field”:“op”},{“type”:“int64”,“optional”:true,“field”:“ts_ms”},{“type”:“struct”,“fields”:[{“type”:“string”,“optional”:false,“field”:“id”},{“type”:“int64”,“optional”:false,“field”:“total_order”},{“type”:“int64”,“optional”:false,“field”:“data_collection_order”}],“optional”:true,“name”:“event.block”,“version”:1,“field”:“transaction”}],“optional”:false,“name”:“debezium.inventory.addresses.Envelope”,“version”:1},“payload”:{“before”:null,“after”:{“id”:10,“customer_id”:1001,“street”:“3183 Moore Avenue”,“city”:“Euless”,“state”:“Texas”,“zip”:“76036”,“type”:“SHIPPING”},“source”:{“version”:“2.1.1.Final”,“connector”:“mysql”,“name”:“debezium”,“ts_ms”:1673446748000,“snapshot”:“first”,“db”:“inventory”,“sequence”:null,“table”:“addresses”,“server_id”:0,“gtid”:null,“file”:“mysql-bin.000003”,“pos”:157,“row”:0,“thread”:null,“query”:null},“op”:“r”,“ts_ms”:1673446748425,“transaction”:null}}

4

5

 

For more information on Debezium events, see this Debezium documentation.

Configure Debezium to start syncing data to Google BigQuery

Before you start configuring the BigQuery connector, move the Google BigQuery service account key file (details in previous section) to your working directory and name it “bigquery-keyfile.json”.

1. Once you have the key file, copy it to the Connect container:

1

$ docker cp bigquery-keyfile.json connect:/bigquery-keyfile.json

2. Now create a file register-bigquery.json with these configurations:

1

{

2

“name”: “inventory-connector-bigquery”,

3

“config”: {

4

“connector.class”: “com.wepay.kafka.connect.bigquery.BigQuerySinkConnector”,

5

“tasks.max”: “1”,

6

“consumer.auto.offset.reset”: “earliest”,

7

“topics.regex”: “debezium.inventory.*”,

8

“sanitizeTopics”: “true”,

9

“autoCreateTables”: “true”,

10

“keyfile”: “/bigquery-keyfile.json”,

11

“schemaRetriever”: “com.wepay.kafka.connect.bigquery.retrieve.IdentitySchemaRetriever”,

12

“project”: “mysql-bigquery”,

13

“defaultDataset”: “debezium”,

14

“allBQFieldsNullable”: true,

15

“allowNewBigQueryFields”: true,

16

“transforms”: “regexTopicRename,extractAfterData”,

17

“transforms.regexTopicRename.type”: “org.apache.kafka.connect.transforms.RegexRouter”,

18

“transforms.regexTopicRename.regex”: “debezium.inventory.(.*)”,

19

“transforms.regexTopicRename.replacement”: $1,

20

“transforms.extractAfterData.type”: “io.debezium.transforms.ExtractNewRecordState”

21

}

22

}

You can find information about these configuration properties in the official documentation.

3. To register the BigQuery connector, run:

1

$ curl -i -X POST -H “Accept:application/json” -H “Content-Type:application/json” http://localhost:8083/connectors/ -d @register-bigquery.json

In your BigQuery dataset, you will now be able to see tables matching those in MySQL.

BigQuery table data 1

Now, select data from your customers table. Emails used are for example purposes only and do not correspond to real individuals.

BigQuery table data 2BigQuery table data 2

You can create a new entry in MySQL customers table:

1

$ docker exec -it mysql mysql -uroot -pdebezium -D inventory -e “INSERT INTO customers VALUES(1005, \”Tom\”, \”Addams\”, \”tom.addams@mailer.net\”);”

You will see that a new entry has automatically synced to BigQuery.

Bigquery dataset tables

Conclusion

You should now have a clear understanding of the benefits of syncing data from MySQL to BigQuery using Debezium and Kafka Connect. With the detailed tutorial found in this article, you will be able to set up and configure Debezium and Kafka Connect yourself.

As a reminder, it’s important to test and monitor the pipeline to ensure that data is being synced as expected and to troubleshoot any issues that may arise.

For more information on Debezium and Kafka Connect, you can refer to the following resources:

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Best security tools for remote work in 2023

The traditional office is becoming harder to find these days. Across the world, millions of people have shifted to hybrid or fully remote work lifestyles. In the USA, 53% of workers have adopted hybrid patterns, and 24% work from home full-time. Those numbers are likely to rise with employee expectations drifting towards flexible working. 

But how should companies respond? Enabling remote working can be risky, but it comes with many benefits. In this article, we’ll introduce the best security tools for remote work, making it easier to relocate employees without creating extra cybersecurity risks.

Key takeaways

  • Remote working is more popular than ever. Choosing the right software and hardware tools allows off-site workforces to operate safely and productively.

  • Efficient video conferencing solutions connect team colleagues, managers, and third parties seamlessly. And they secure communications against eavesdroppers.

  • Messaging apps ensure consistent information flows between remote employees. They should allow regular updates, quality assurance checks, and assist with team building.

  • Project management systems make it easier to control dispersed teams. Managers can monitor remote workforces and set schedules for project delivery.

  • Secure storage solutions keep critical data safe. Access controls and encryption make data available for team members while preventing illegitimate access.

The evolution of remote work

Remote work is not a new phenomenon. And in the past 20 years, remote work has become routine for occupations like IT support.

However, the number of remote employees was relatively small until the Covid pandemic. When it hit, millions of workers were suddenly barred from workplaces. But companies needed to continue operations, which sparked a search for remote solutions.

Apps like Zoom became household names overnight. And organizations suddenly had to adapt their working practices to accommodate working remotely.

Fortunately, Covid-19 coincided with technological developments that made remote working easier. Internet bandwidth is increasing at a rate of around 29% per year. This allowed employees to collaborate via video conferencing without lag issues. And remote security solutions like Virtual Private Networks (VPNs) and multi-factor authentication enabled companies to create secure remote work connections.

The pandemic and technological change have paved the way for an age of flexible remote working. And this change is mainly driven by employees.

As the Covid pandemic receded, many people didn’t return to their workplaces. Workers became accustomed to spending more time at home. Now, as many as 65% of workers seek full-time remote work, and the employers need to adapt fast.

country statistics for remote work 1400x800However, not all sectors have embraced remote work. Healthcare and care professions still generally rely on face-to-face contact. Manual trades like mining or construction may always require employees to be present on site. Despite that, many industries support remote work strategies.

The IT sector has the highest proportion of home workers right now. But jobs as diverse as accounting, non-profit administration, tutoring, and graphic design are also compatible with home working.

Recent years have also seen the emergence of remote workforce technologies that enable productive and secure remote work. Project management tools, VPNs, collaboration and video conferencing apps, and cloud storage platforms make remote work easier than ever. Thus, the future of remote working seems bright.

Evaluating remote work effectiveness

Remote work is already mainstream. But it isn’t necessarily the best solution for all companies and employees.

On the positive side, statistics suggest that working from home boosts productivity and streamlines corporate operations. Additionally, major companies say that remote work is 35-40% more productive than office-based alternatives.

This increase could be due to the absence of distractions. Remote employees put time spent on commutes to better use. Or they might just be happier and energized by controlling their working lives.

On the other hand, remote work isn’t suitable for many occupations. As this list from the New York Times shows, this trend has barely touched plenty of jobs. Education, medicine, and construction are just a few good examples.

The pandemic forced teachers to run classes remotely. Such a method led to frustration and stress for educators and damaged educational outcomes for learners. Therefore, organizations should think long and hard before relocating any jobs involving face-to-face contact.

Companies must be aware of potential problems with remote or hybrid work models. Researchers report that remote work can come with a “promotion penalty.” Employees away from managers and offices may lose out during internal recruitment.

On-site staff also benefit from the assistance of more experienced colleagues. Younger remote workers may be disconnected from sources of knowledge. Isolation hurts productivity and dents the career prospects of remote employees.

Poorly-organized remote working systems can also lead to problems with managing them. As a result, managers may gradually extend surveillance reach to track projects and productivity. Because of that, surveillance can negate the feeling of freedom that makes working remotely so appealing.

To sum up, there are good reasons to embrace remote work. But companies should be careful when designing home working setups as this comes with new risks. Let’s explore some tools to simplify this critical task.

The best remote workforce technologies in 2023

Organizations should employ a suite of technologies for working remotely. These cover critical areas like cloud storage, project management, communication, data security, and secure remote access. Let’s see what are the top options in each category.

Cloud storage tools

Remote work teams should use secure cloud storage to host workloads and communication apps. Secure platforms apply encryption to protect data at rest. Furthermore, firewalls block illegitimate external access, and physical controls protect data centers.

Cloud platforms couple security with ease of use, meaning remote users can share files and databases instantly. Moreover, teams can update work documents, client databases, or code bases in real time. And cloud data protection tools keep the workloads safe from external intruders.

It usually makes sense to build remote work setups around cloud environments. But which cloud services provider should you choose?

Microsoft Azure

This is a popular option for cloud storage. Azure Bastion provides secure shell access for remote connections. It also features the ability to create virtual desktop infrastructure with ease. That way, remote employees can access central resources without storing data locally.

Microsoft’s cloud platform has other remote security benefits. Learn more by reading our Azure best practices guide.

Amazon Web Services (AWS)

AWS is another good cloud storage option and virtual workspace. For instance, it’s ideal for creatives working remotely who need virtual workstations for graphic design or video production.

Users can encrypt data easily and manage data retention policies. And they can track data movements between home and cloud locations.

Finally, cybersecurity is very tight if you follow AWS security best practices.

Google Cloud

Google Cloud offers excellent document storage and editing features. Flexible bucket storage is a core feature of Google’s platform. When cloud services fail in one region, remote workers can access workloads hosted elsewhere.

Google’s storage systems scale smoothly. They are fitted with critical remote security tools like encryption, cloud-native access controls, signed URLs, and data retention locks. By following Google Cloud security best practices, you can design a remote work solution that secures data and serves employee needs.

Project management

Managing projects is a crucial aspect of any remote workplace. Managers need to set targets and monitor employee progress. They need awareness of project achievements. Finally, they require the ability to change plans as projects develop.

Project management tools make these tasks much more manageable. What’s more, they give an overall awareness to their users. Also, some solutions enable detailed worker surveillance via time-tracking tools.

Jira

Atlassian’s Jira platform is a good solution for creating a flexible remote team. Targeted at code developers, Jira enables complete awareness of production status. Managers can track progress with productivity reports and timeline tools. In the meantime, task management hubs allow them to set flexible workflows for each team member.

Jira is a solid option for DevOps teams that depend on distributed remote workers. That’s because it blends flexibility and security. For instance, users can encrypt data at rest and in transit, and they can set permissions for each object. NordLayer’s guide to Jira security best practices offers a comprehensive overview of the product’s remote security features.

Microsoft Teams

Teams is the most popular platform for remote work operations. However, it doesn’t include native project management features.

Instead, users can create integrations with third-party management tools like Monday or Brightworks. These tools link together the video conferencing and messaging functions that make Teams useful. And they let managers schedule events and track progress easily.

Microsoft Teams is part of Office 365. This suite allows easy assimilation of Excel or Word into remote workflows. But this solution might come with security vulnerabilities. Learn more by reading our blog about Office 365 best practices.

Figma

Product designers rely on Figma to collaborate and develop ideas. The platform’s Juncture tool enables in-depth project management for every team and product. Co-creation spaces bring workers together to share prototypes or test apps. And tools like FigJam provide online whiteboards for real-time collaboration.

Figma is an excellent development platform for remote teams. But as with Microsoft Teams, it’s not entirely secure. Therefore, be sure to implement Figma security best practices before teams go online.

Communication and collaboration tools

Communication and collaboration are critical to the success of every remote team. And for that, there are many different tools to choose from.

communication tools for teams

The most secure options are end-to-end encrypted messaging apps. Troop Messenger and Element are designed to suit business communications. They encrypt messages between remote team members without compromising performance.

Other communication tools bring team members together to discuss ongoing projects. For example, Slack features customizable one-to-one, enterprise-wide, or departmental group chats, including live voice communications. It includes encryption, key management, audit logs, and data loss prevention.

Video collaboration is another must-have for most remote work operations. Zoom is optimized for distributed teams, with collaborative whiteboards, up to 100 meeting attendees, and instant team meetings for spur-of-the-moment contact. Zoom Events is another neat feature that helps build togetherness within a distributed workforce.

Video communication tools improve collaboration, but they can bring remote security risks. During the Covid pandemic, there were many cases of attackers recording Zoom calls. That’s because threat actors can steal credentials or hijack calls over insecure connections.

Companies should couple collaboration tools with a reliable B2B VPN and access management systems. They ensure that calls are private and only legitimate invitees will be present.

Access control and data security tools

Remote work setups should always include filters to exclude unauthorized users from corporate resources. Therefore, authentication and access control solutions are critically important. After all, managers will probably want to give the IT admins more freedom than a trainee.

Authentication

Authentication compares user access credentials to secure credentials databases. The gold standard for remote access is multi-factor authentication (MFA). This demands more than one unique identifier when users access work resources.

MFA can involve passwords and one-time codes sent via SMS or email. But more secure versions deliver encrypted codes to mobile apps. This avoids security issues related to email and SMS. Organizations can also switch from passwords to hardware tokens provided to remote workers.

Access management

Access control portals complement authentication tools. Identity and Access Management (IAM) systems verify users’ identities and connect them to the correct privileges.

Remote workers can access resources needed by their team or project. However, under the Zero Trust model, IAM tools limit access to all other network assets. This strengthens the network perimeter and boosts cybersecurity.

Encryption

Encryption is another critical aspect of secure remote working. Companies should leverage encryption features on apps and cloud platforms to safeguard sensitive information. And they should use encrypted channels to connect remote devices and central resources.

Data Loss Prevention (DLP)

DLP tools can also help businesses a lot with their remote workforce. They track sensitive data and prevent misuse by remote users. This way, managers can protect the most important databases and documents. As a result. extracting valuable data will be much more difficult.

In summary, strong encryption is essential when designing remote work setups. Insecure user devices can become entry points for malware and data thieves. Moreover, weak authentication and authorization systems make access easy for anyone with a functioning user ID and password.

Secure remote access solutions

Remote access workforces expand the threat surface and create new cybersecurity risks. This makes it critical to secure every remote connection. Encrypting cloud platforms and implementing MFA is not enough. Companies must lock down connections between remote devices and network assets.

Virtual Desktop Infrastructure (VDI) is one way to do so. It creates centralized servers on the cloud. These servers host workloads and data, meaning nothing is stored locally on employee devices. However, users can run apps hosted on the VDI in their home office.

VDI tools create encrypted connections between local devices and the virtualized environment. This is relatively secure. Unfortunately, attackers can still gain network access if they have legitimate credentials.

Companies can also use Virtual Private Networks (VPNs) to create encrypted tunnels for remote connections. VPN providers operate servers across the world, which can even improve connection speeds.

They apply cutting-edge encryption that is virtually impossible to crack. Moreover, your IP address will stay hidden, increasing anonymity. This makes it harder for hackers to mount interception and other types of attacks.

VPNs are a flexible security and privacy option for on-site and remote workforces. What’s more, these tools can secure access points in public locations. In the meantime, access company networks or attend client meetings while traveling.

NordLayer’s VPN solutions make creating safe remote work setups easier. Our Remote Access VPN encrypts connections via a simple client interface. Users can protect their devices instantly, whether they are accessing cloud platforms or central offices.

Make remote work secure with NordLayer

Remote work should always be protected. However, companies may struggle to secure data as employees shift away from centralized offices. This blog post has introduced key technologies and tools for keeping remote workers safe and boosting productivity.

Businesses should always choose the most secure project management and communication tools. While Azure or Zoom have their own security features, they alone are not enough. Organizations must be able to create gateways, use MFA authentication, protect remote access, and manage team member privileges.

It’s time to make your remote and on-site work safe. Get in touch with NordLayer, and we’ll help you create a solution that fits your business needs.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×