Compare the Cloud is one of the most active and extensive cloud blogs available. Its posts are from numerous writers from across the cloud industry. The blog itself reaches more than 12 million cloud technology consumers.
Anyone who knows me will be pretty aware by now that I’m fascinated by the development of artificial intelligence (AI), machine learning (ML) and technology which analyses and exploits our deepest thoughts and emotions. I host the Creative Intelligence podcast, in which I have conversations with senior figures and innovators in the field about their research, as I try to draw together a disparate handful of threads to weave into a single narrative strand to take me through how all of this technology has grown, how we as humans need to interact with and shape it, and how important it is that we use the results of our collective labors to make our lives more fulfilling, not simply to run more efficiently or profitably.
AI is a remarkable beast. I guess that people outside the scientific community, laypeople and casual observers, think it’s just another convenient technological advance, like Alexa or the iPhone. It really isn’t. For a start, artificial intelligence isn’t a single thing. It’s not even a process. AI is a philosophy, a whole infrastructure of design and hard science; you might even call it a new way of looking at the world. It offers us a future in which machines, computers, microchips, software are not just our tools or servants to be exploited: if we do it right, they can be our partners.
The old paradigm was that humans design machines to do something that we had previously done, but to do it better – or to do something that we couldn’t do. An example of the former would be the mechanized production line of the kind pioneered by Henry Ford. He was still making cars, like everybody else in the automotive industry. He wasn’t making a new kind of car. But he was doing it so much more quickly and efficiently than his competitors that it gave him a commercial edge. The latter is epitomised, maybe, by medical imaging equipment, CAT scans, ultrasound, X-rays. The way they look through our outward carapace and see the physiology beneath is something that the human eye simply can’t do. It doesn’t have the power or the capability. So, in that sense, that kind of scientific advance has expanded our horizons.
AI is different again. AI works with us; the technology is created and programmed by us, of course, and that remains a fundamental limitation which we always have to bear in mind – but that’s just the starting point. With ‘old’ technology, you invented something, you produced it, and there it was. Boom. Someone might come along and make a better one, steal a march on you. But it was the same process again. With AI, it starts from our human algorithms and programs, but it’s adaptive and responsive. It works with us, it complements us, and it’s starting to learn from us. We’re going to have to debate much more seriously in the future what constitutes ‘consciousness’, but I tell you this: the gap between human and machine is going to get smaller, fast. And this isn’t science fiction. This is happening right now.
So how does AI inspire us? How does it fuel our creativity? We tend to think of technology, of machines, as the very opposite of art, of creativity, or the esthetic sensibility. But AI isn’t like that. It puts a hand on ours as we hold the brush, or the pen, or the cutting shears. It allows us the think in new ways, to make connections we would never have made before, between apparently disparate things. One of my guests on Creative Intelligence, Richie Manu from Central St Martin’s in London, described this forging of new connections, of
rewiring the way we think, as our “curiosity bandwidth”. The potential outcomes are as wide as our minds can make them. For example, CuteCircuit, the London-based fashion house, produced a little black dress made of graphene, which could monitor, interpret and respond to the way the wearer breathes: more Samantha in Her than Audrey Hepburn in Breakfast at Tiffany’s. So I believe that AI allows us to expand our creativity, for sure. But more important than that, I think it allows us to reimagine what our creativity can really be. Designing a dress isn’t just a good eye and the ability to cut fabric skilfully anymore, it’s also advanced and empathetic data collection, applied science and (forgive the pun) cutting-edge nanotechnology. And you can call me a dreamer, and many do, but I think that’s awesome.
It’s a little bit easier to understand how AI can help businesses grow and strengthen their appeal to customers. Retail is, in large part, an emotional process. There are no doubt some purchasing decisions which are ruthlessly commercial and efficient: an office manager buying printer cartridges, or a road builder buying aggregate. These processes probably don’t have much room for choice, influence, esthetic quality, sentiment. But think about so many other sectors. Fashion, we’ve talked about. But what about art? Automobiles? Food? Vacations? All of these are emotionally-driven buying scenarios, and what AI can do, or what it can help us to do, is understand the decision-making, questions and formulae that go through people’s minds. Who buys a product? What’s the demographic? Or rather, what are the demographics? Which of the measurable qualities of a given group of people – age, socio-economic class, educational background, race – are important when a purchasing decision is made? What do people think?
AI can help us understand that. It can map human emotions and interpret them, allowing a retailer to produce the most comfortable and enriching consumer interfaces. If you get that right, then of course your market share will increase. The key to sales is giving the customer what they want, or even anticipating their needs, and the more information producers and vendors can collect, the quicker and more thoroughly it can be processed and understood, the more perfectly you will bring what you have to sell into alignment with what someone else wants to buy. The key to unlock commercial nirvana.
So I think this is really exciting. When we do it right, AI can be a benign force, a helping hand rather than a forceful restraint, helping us to do what we want to do, not telling us to do what we ought to do. It’s complicated, and multilayered, and interdisciplinary, and people who are really leading from the front are few and far between. But their ideas will spread. Once the revolutionary is proved efficacious, it becomes the commonplace, and the essential. I think to myself, what a wonderful world.
It may have been a whole year since the GDPR (general data protection regulation) laws came into effect, but new research by business insurer Hiscox has found that business owners still aren’t completely up to speed with what is required of them under the new regulations.
Among the eye-opening findings, the study unearthed that 9 in 10 SME owners still don’t know the main new rights that GDPR gives consumers and 39% don’t know who GDPR affects. These are concerning statistics considering the vast majority of businesses will be dealing with consumer data on a day-to-day basis to some extent.
This lack of understanding perhaps suggests that the efforts made to educate businesses on GDPR compliance were not as effective as hoped. When survey respondents were quizzed on what they found most annoying online in 2018, constant communication about GDPR topped the list, alongside PPI calls and website pop-ups. Is it possible that the abundance of information available was actually more irritating than insightful – failing to engage the intended audience?
What should businesses be doing to comply with GDPR?
The purpose of GDPR is to improve regulation of data privacy and security in the EU, including how businesses collect data, how they use it and how they store it. It aims to provide the general public with more control over their personal data and to encourage businesses to be more transparent about how they are using consumer data.
According to the GDPR directive, ‘personal data’ refers to any information related to a person, such as a name, photo, email address, bank details, social media information, location details, medical records, or even a computer IP address.
Some of the key actions that have been taken that the public will be most aware of are the introduction of updated opt-in cookie consent pop-ups on websites and the distribution of emails informing consumers of updated privacy policies and their usage of personal data.
A lot of businesses have also made the decision to hire a dedicated GDPR officer, who takes responsibility for overseeing the company’s data protection strategy. This individual ensures the business is complying with GDPR by educating all employees on requirements, conducting audits to ensure compliance, maintaining records of data processing activities and more.
Are businesses complying?
According to a report released by DLA Piper in February 2019, between May 2018 when GDPR came into action and January 2019 there were nearly 60,000 reports of data breaches, but only 91 fines had been issued. The highest and most notable fine (€50 million) was made against Google for failing to acquire users’ consent for advertising.
The consequences of a GDPR breach
The Hiscox study found that 96% of SME owners didn’t know what the maximum fine is for breaching GDPR, despite the fact that a breach could potentially land them in hot water financially.
If a business is found guilty of not complying with GDPR they could face a fine of up to €20 million or 4% of the company’s annual turnover (whichever is higher). These fines can be issued for failing to report a data breach within 72 hours of becoming aware of it or for failing to integrate data protection policies.
All fines are administered on a case-by-case basis, however, and it’s unlikely that many businesses will be fined the maximum amount unless it is a severe case of infringement. Supervisory authorities have the scope to impose smaller fines for less serious cases or to issue warnings, reprimands and compliance with data subject requests.
There is still time – and a continued necessity – for business owners to get up to speed with the new laws if they aren’t already. Business owners should consider GDPPR compliance as an ongoing challenge that requires continued attention.
Despite the tumultuous journey that the UK has been through regarding Brexit, as it stands, it looks as though the UK is set to leave the EU in the coming months. This doesn’t mean that the nation will be abandoning GDPR, however, as it has now been integrated into domestic law and will also remain incredibly important for anyone doing business with EU countries.
While it may appear that GDPR is something that effects global organisations such as the Googles of the world, it’s just as crucial for smaller businesses to ensure they’re staying on the right side of the law. If you think there’s a chance that your business isn’t complying with GDPR, now’s the time to get up to speed.
The business landscape has evolved exponentially over the past decade. Driven by the need to remain agile, competitive and productive, enterprises are adopting more technologies than ever before as the ecosystem continues its journey towards digital transformation. These disruptive technologies are revolutionising the way that modern businesses operate – from the way they communicate, collaborate and achieve optimum efficiency and profitably.
With the likes of an increasing Gen Z-powered workforce, the future of the workplace is continuing to evolve, changing the way business leaders approach their processes, values and technologies that enable them. Not only will Generation Z make up almost half of the business world by 2020, but they will also play an undeniable part in transforming the ecosystem as a whole. Bringing with them life-long experience with technology, they will settle for no less than the best of the best technologies.
With this in mind, worldwide spending on digital transformation by businesses is forecast to reach $1.97 trillion in 2022, according to the International Data Corporation. So we can more or less expect an unclear future of the digital workplace – the key is to have the right solutions in place that can handle the unexpected.
Previously, the most innovative technologies were typically reserved for large corporations with significant IT budgets, access to more technical training and the ability to roll out complex IT infrastructures with significant hardware costs. However, with the evolution of scalable cloud-based solutions, businesses of all sizes now have the ability to reap the benefits of enterprise capabilities without incurring the costs.
With a unified virtual workspace and a central orchestration platform solution for the provisioning of applications, staff wouldn’t require extra training since the desktop and applications are the same. A central and easy orchestration of on-prem, cloud and web applications gives staff the freedom to use the technologies to deliver digital transformation while leading the workplace into the future.
Engaging the unengaged
Nevertheless, the most significant challenge posed to business leaders and CTOs is encouraging employees to utilise the technologies being rolled out across the organisation.
A separate report from US firm Technalysis Research found that most US businesses still use email and telephones for their communications. So why are so many businesses allocating their IT budgets to game-changing technologies if staff aren’t bothering to use them? Businesses will have to face the potentially disastrous repercussions, should the revolutionary technology simply be left on the wayside. Leaders cannot afford to brush the unwilling engagement from staff under the carpet, with digital transformation holding the key to remain agile, competitive and productive.
But it’s no surprise that staff stick with what they know. Particularly if the tools a business provides are either slow or complicated to use. In order to effectively keep staff engaged and positive about implementing new technologies, they need to be reassured that the tools will provide immediate benefits with little disruption. After all, the technology exists- it’s down to whether it’s simple and easy enough for people to actually use it. If not, then we’re risking the future of the workplace altogether.
Businesses are also sabotaging their chances to exercise the future of the digital workplace with stressful or out-of-date technologies by losing out on Gen Z. The group is set to take the workforce world by storm over the coming years with their predicted effect to bring the industry to its next phase. Without the best, easy and revolutionary technology, they’ll go elsewhere leaving your workplace very much in the past.
Current workplaces using traditional, outdated forms of technology to achieve collaboration and communication will have to move quickly if they are to become part of the workplace of the future.
Digital transformation and other disruptive influences are one step ahead of the rest of us, and so it’s up to us to adapt to this. However, whilst rolling out new technologies is the first step to achieving a modern workplace, employee engagement is the true key to achieving the workplace of the future. Employee requirements can no longer be managed with traditional structures and processes. Businesses now must provide a solution that embraces new technology in a way that is simple to use, convenient and stress free for those who use it.
Over the past few years, blockchain technology has piqued the interest of a whole host of businesses, from a rich variety of sectors. According to a recent survey from Deloitte, 98 per cent of UK businesses have either already deployed a blockchain solution or intend to do so at some point in the future.
However, enterprises exploring the technology are primarily using private, permissioned blockchain to increase the efficiency of record keeping and data processes. Tokenisation is one of a number of functionalities going underutilised as a result of this limited scope.
So, how can businesses harness tokenisation using public blockchain to access untapped value?
Public vs. private blockchain: What’s the difference?
Many are unsure about the difference between a public blockchain like Ethereum and private blockchain such as Hyperledger. It all comes down to the scale of the network and who is allowed to participate.
Public blockchains are hosted on public servers, and anyone can join, read and write data to the chain. These systems are highly resilient and boast high levels of privacy due to the anonymity of each participant.
Private blockchains are much smaller in scale, and hosted on private servers. Only authorised participants can join, read and write.
Both public and private blockchains can also be permissioned. In the case of public blockchains, this means anyone can join and read, but only authorised and known participants can write. On private, permissioned chains, only the network operator can write data to the chain.
By deploying a private or permissioned network, enterprises can harness the power of distributed databases, but miss out on the true potential of public blockchain—its shared state and trustless design. Both types of blockchains have their uses, but many underestimate the value of public blockchain in enterprise.
What is a token?
In simple terms, a token is a digital representation of a unit of value. This unit of value can be assigned to an intangible asset such as a cryptocurrency, or a physical asset such as property or a piece of art.
Software code in the form of “smart contracts” can represent agreements between individuals, enterprises, and governments, and utilise tokens to facilitate these transactions.
Using public blockchain, the combination of these technologies unlocks a wealth of opportunities in enterprise.
How can organisations employ tokenisation?
Streamlining value transfer
At a technological level, tokens can be utilised as a common protocol for data and value transfer, which can lower transaction costs and increase speed.
In any supply chain, a set of complex contracts define agreements between supplier, manufacturers, and retailers. However, on occasions when these terms are not met, a lengthy bureaucratic process is required to determine culpability and financial penalties.
By connecting automatic value transfer with contract terms using tokens and smart contracts, overall transaction speeds and costs can be reduced.
Democratising the financial ecosystem
In the Philippines, 56 per cent live with limited access to the financial ecosystem. Rural banks are neither connected to any electronic banking service, nor to domestic and international money transfer networks.
This challenge can be surmounted using a combination of tokenised assets and a fluid, cross-border platform to create the building blocks for an open marketplace.
A cash-backed token, or “stablecoin”, that can be openly traded in a national system can be used to create an open payment network. These digital tokens can be used to instruct and settle remittances between participating rural banks by consolidating messaging, execution, settlement, and accounting of the transaction through one platform.
Tokens can be used to represent the whole or a fraction of a real-world entity. These entities include natural goods like gold or oil, real estate, financial instruments, and more.
Tokenisation allows traditionally illiquid assets to be split into smaller, more liquid components. Liquidity is all about easily getting in and out of assets, and the all-or-nothing ownership principles of our current markets make exchanging assets for value inefficient and sometimes impossible.
By allowing for the fractional division of assets, tokenisation addresses this issue, creating greater freedom in the trading assets and decreasing illiquidity premiums.
New crowd-funding models
Tokens can also be used to represent rights to a future good or service. This allows projects to raise funds in a new way and create buy-in from a potential userbase, even before a product or service has been launched.
Whereas investment into early-stage ventures has traditionally been restricted to venture capitalists, tokenisation creates additional investment models based on the principal of crowd-funding.
Whilst the uptake of private, permissioned blockchain in enterprise is a positive sign of the value and longevity of the underlying technology, businesses are missing out on the value tokenisation can provide.
Certainly, private blockchain has the potential to improve the efficiency and transparency of business processes, but its benefits are limited in scope. Public blockchain has the potential to be far more transformative, because its core characteristics allow for the creation of entirely new business models, unlocking previously untapped stores of value for businesses.
The cloud has brought a range of compelling benefits to businesses, helping them improve performance, become more agile and increase efficiency. For these reasons, and more, its adoption has accelerated since the early days of cloud computing. However, as with all new technology implementations and change management programmes, the cloud comes with its own risks. Awareness of these, and a sound governance, risk and compliance (GRC) approach to cloud implementations, is essential for businesses to minimise risk and maximise business performance through cloud.
insufficient identity, credential and access management
insecure interfaces and APIs.
Cloud adoption strategies must recognise these risks, assess the probability of business impacting issues arising from them, and have plans in place to mitigate any such occurrences. Failure to do so could mean not only the benefits sought from the cloud are not attained, but that the business fails to protect itself from damaging incidents that were potentially avoidable.
GRC on the cloud is a way of ensuring that risks are completely understood and can be more effectively managed through a robust technology platform and the effective execution of risk management strategies. It is also a way of smoothly managing change – something that impacts all industries – to address evolving requirements.
The GRC cloud platform
A risk-based approach when adopting cloud computing helps minimise risk and enables management of data and business-critical applications in the cloud to be consistent with the enterprise’s risk appetite and strategic objectives. While cloud security controls, threat monitoring, vulnerability scanners and other tools help minimise risk, a GRC cloud platform goes further than this by bringing all these risk and compliance factors together into a single source of truth, enabling enterprises to have an integrated view of their GRC profile in the cloud.
Aside from the scalability, cost-efficiency and agility of a cloud deployment, a cloud-based GRC platform also gives enterprises enhanced visibility into risk exposure and enables them to automate compliance and monitoring processes.
Flexibility is a mainstay of businesses that are able to succeed in continually changing environments. Risk and compliance also continuously evolve – the type and nature of risks change as do compliance requirements and the regulations that businesses must abide by. Change has an impact on processes, ways of working, organisational structures and teams. To keep up, GRC management within enterprises must be flexible, configurable and scalable and it must enable action resulting from change to be handled cost-effectively, if the business is to adapt and grow.
Data: confidentiality, integrity, availability
One of the main benefits of cloud is its ability to store massive amounts of data and to provide anytime, anywhere, controlled access to it. Managing data confidentiality, integrity and availability is essential and each enterprise should have clear criteria and governance structures around this. The avoidance of data co-mingling is one such requirement and here, a multi-instance cloud architecture can be effective. It can maintain a separate full-stack environment, enabling the complete separation of instances to ensure data integrity.
Of course, data volumes continue to grow, and data sets can become fragmented. It is often a challenge to handle such data sets with traditional warehousing and business intelligence tools, let alone support the ways in which organisations need to use them in order for them to be effective. Data is the lifeblood of business and, through it, insights can be gained that can confer significant business advantage but only if it is stored, managed, maintained and accessed in the right way.
Tools and processes for data security, monitoring, maintenance and cost must be included in strategic planning, and in this, next gen IT strategies and techniques such as advanced analytics, visualization tools, and parallel data processing are starting to play a part.
Risk management for cloud data storage and governance must be robust and for this reason, enterprises are looking at GRC platforms on advanced cloud data centres in order to effectively identify, assess, and mitigate cloud computing risks, while ensuring compliance with data governance regulations.
Evolving technology platforms
With a GRC framework on cloud, enterprises can ensure that security risks are completely understood, change is smoothly managed, and that informed decision-making puts the organisation in the best possible place to reduce risk, while benefiting from the advantages of cloud in enhancing business performance.
As technology continues to evolve, it is essential that enterprises evaluate, implement and adopt the cloud in a risk-aware way. A detailed, robust and well-maintained GRC cloud programme, together with a technology platform that enables flexibility and scalability, can support businesses in these endeavours.
With the introduction of GDPR, it has become more important than ever that businesses retain control of their data. When data is stored across multiple disparate spreadsheets, this becomes next to impossible.
Blockchain-enabled ERP represents one solution to this conundrum. Utilising the functionality of private, permissioned blockchain, enterprises can ensure data is stored and exchanged in an ethical and secure manner.
Private blockchain networks are open only to authorised participants, as dictated by the network operator. They are designed to allow the secure exchange of data within an organisation or between an organisation and a trusted third-party.
The granular access control afforded by private, permissioned blockchain means that data can only be viewed by and exchanged between those for whom it is role-relevant. By restricting access to specific data to a handful of relevant individuals, blockchain automatically mandates ethical data-handling practices.
By minimising the possibility that customer and partner data falls into the wrong hands, blockchain can ensure businesses remain GDPR compliant, and avoid the considerable penalties attached to a breach.
The quantity of data generated in the coming years is set to grow at an exponential rate. The key to gaining business advantage will be in managing this information in the most effective way.
Data is at the heart of all business decision making, so it’s vital businesses are able to trust that their data is both accurate and not subject to tampering. Retaining full visibility using a blockchain-enabled ERP system is one way to ensure business data is trustworthy.
Blockchain creates a transparent and indisputable log of data additions, transactions and changes, providing an end-to-end audit trail. This means that businesses can see precisely when a piece of data was introduced into the system, who has access to it, and whether any alterations have been made.
The consensus algorithms at the heart of blockchain technology ensure that the system (and the data contained within) is near impossible to tamper with or corrupt. Blockchain creates a single version of the truth, providing a strong and trustworthy foundation of data on which businesses can base critical decisions.
Driving transparency in the supply chain
Though blockchain is still in its relative infancy, it’s already having a tangible impact in the manufacturing and supply chain sector. Organisations are using the technology alongside existing ERP systems to boost transparency and coordination across sprawling supply chain networks.
The technology allows organisations to track a product through multiple stages of the supply chain in an efficient and reliable manner, as it passes through multiple stages and even locations, over several months.
This comprehensive audit trail allows businesses to move products through customs swiftly, track fresh produce to identify the source of contamination, and even trace the movements of highly valuable and sensitive items. By making supply chain processes transparent and paperless, blockchain has the potential to both cut costs and drive productivity.
Many companies are already using blockchain technology to enhance their supply chains. For example, Viant, an Ethereum-based platform for building supply chains, partnered with WWF to track tuna from the moment it’s caught, until it reaches the shop floor. With the industry rife with corruption and accusations surrounding poor animal welfare standards, the ability to track the process from start to finish is a huge step towards reducing the environmental impact of fishing.
Though still regarded as an emerging technology, blockchain is becoming an increasing presence in enterprise IT, especially in the supply chain and logistics sector. According to recent figures from Deloitte, a huge 98 per cent of UK businesses have either already adopted a blockchain solution or intend to do so at some point in the future.
The technology’s core characteristics and functionalities mean that it’s well equipped to augment existing ERP systems and data architectures, bolstering transparency and auditability, and ensuring businesses remain regulation compliant.
It seems like hardly a day goes past without news of another major data breach or cyber attack. In fact, recent research from DLA Piper revealed that 59,000 breaches have occurred since the implementation of the General Data Protection Regulation – with the likes of Toyota, Quora, and even Google coming under fire.
While it’s widely known that data breaches incur a significant financial penalty under GDPR – up to €20 million or 4 per cent of the company’s global annual turnover – what is far less understood is who’s responsible (and who pays the price) for a breach due to employee negligence or criminality, sometimes referred to as ‘vicarious liability’.
A recent example from the UK illustrates the problem – with a major supermarket chain fighting an earlier ruling that made it liable for one disgruntled employee’s leak of the personal details of 100,000 colleagues online. While this battle continues through the courts, what is clear is that companies are currently considered to be vicariously liable for the actions of their employees and the security of both employee and consumer data.
Forgetting to hand over the keys
Whichever way the issue of corporate responsibility is resolved, businesses of all sectors and sizes need to ensure that their employee and customer information is properly protected. This may seem like an overwhelming task, but the truth is data breaches are often – perhaps predominantly – caused by simple, avoidable errors during day-to-day processes.
For example, companies often fail to consider whether employees can still access this information once their employment has been terminated, as seems to have been the case in the supermarket breach. While this should be easily avoidable, it continues to be a massive problem for businesses, as our own research reveals.
In SailPoint’s most recent Market Pulse Survey, we found that almost half (47%) of employees who leave a job still have access to their former organisation’s data via corporate accounts (17%), cloud storage (16%) or mobile devices (14%). That’s an astonishing figure. After all, no landlord would forget to ask their tenant to hand over their keys once they vacate a property, yet this is pretty much exactly what many – indeed, nearly 50% of businesses are doing with their former workers.
It only takes just one employee to cause massive, perhaps irreparable damage to a business’ reputation by accessing and sharing enormous volumes of sensitive data. So, beyond ensuring that they remove access to corporate systems immediately after the termination of workers’ employment, how can they best protect their data and avoid a damaging breach?
Managing access becomes more complex
If your organisation has been lucky enough to avoid a serious data breach, that’s not necessarily cause for complacency. Until you can ensure that you control every worker’s access to sensitive data, including and especially after they’ve left your business, the stable door remains wide open. It’s only a matter of time before an employee accesses and leaks sensitive information, either maliciously or by accident.
Instead, congratulate on your good luck so far – and take steps today to improve your organisation’s identity governance.
This can seem a daunting task at first, especially if your IT teams currently spend significant amounts of time struggling with the complex question of who has access to what. This difficulty is often compounded when an organisation is going through a period of significant changes, for example during digital transformation projects, when a company may be making many new hires or employees changing roles.
Any change to the workforce – even the promotion or sideways move of a single employee – heightens the risk of a worker being able to access information or systems that they’re no longer authorised to view. Similarly, it should be obvious that when an employee leaves, their access privileges are immediately revoked, but sadly we’ve seen how this often isn’t the case.
But there’s another side to the coin. When an organisation forgets or otherwise fails to update an employee’s access, they can leave ‘orphaned’ accounts, and these represent a particularly tempting target for hackers. That’s because hackers can use these as cover, hacking into unguarded, unwatched dormant accounts to steal sensitive data through seemingly legitimate access and without raising the alarm.
Making identity governance manageable
Faced with the growing complexity of access management, how can an organisation respond without further burdening already-overstretched IT teams?
The answer, as with so many other areas of business today, is through intelligent automation of access. Choosing the right identity governance solution means that an organisation can manage access far more effectively removing, at a stroke, the risk of forgetting to update privileges whenever an employee’s role changes or when they leave the company.
An effective identity governance system can also help you to manage potential security and compliance risks, while also ensuring that every digital identity throughout the organisation is kept secure. What’s more, they provide a far-enhanced level of oversight so that IT and other parties can easily keep track of who can access what data.
The lesson is clear: don’t lock your stable door after the horse has bolted. It could be galloping away with your most precious resource: your company’s most sensitive information.
In early May 2019, the city of Baltimore fell prey to a debilitating ransomware attack. Emails and voicemails were crippled. The hackers seized data from the parking authority, water bill system, and real estate transactions. Anyone planning to purchase a home in May in Baltimore would be delayed.
Hackers demanded Bitcoin payments equal to around $100k to return the services and data. If they did not receive the money they would wipe out the data, costing the city significantly more in damage.
As of the writing of this article, more than 2 weeks after the attack, Baltimore mayor Bernard Young is standing strong against those that have perpetrated the attack. His stance is that paying these ransoms is what makes the practice possible and he posits that the money that is given to hackers is then likely used for them to build more sophisticated attacks.
However, when asked, after over 14 days of his city being hamstrung, if he planned to capitulate, he is quoted as saying, “Right now, I say no, but in order to move the city forward? I might think about it.”
In all likelihood, the reason that the city of Baltimore was put in the position of being saddled with a ransomware attack is not because it was specifically targeted. Ransomware attacks like this one are becoming more and more prevalent, and mainly have to do with opportunism. Something about their system made it particularly vulnerable and hackers were able to exploit that, costing them what will result in millions in damage whether they pay or not.
Don’t be Baltimore
Nothing against Charm City, but it is crucial in the age of rising incidences of cybercrime to be better prepared for attacks like these. Unfortunately, as criminal behavior increases the budget needed to remain vigilant must also increase.
Consider that according to CSO Online, damage from ransomware attacks grew 15 times in less than two years to more than $5 billion in 2017. And total cybercrime costs are projected to hit $6 trillion annually by 2021.
With this in mind, most companies are following the trend of increasing their cybersecurity budget. According to Varonis.com, over 75% say that they have readdressed this budget line with expenses going up over 140% in just the past 10 years. If your company isn’t keeping up at this pace, you may be inviting a devastating attack.
What might it cost you?
According to a study by IBM, individual cyberattack costs rose to an average of 3.9 million in 2018.
These costs are astronomical, but that is just the beginning. Take into account not only aspects like ransom but also lost revenue over the average 50 days it takes for a company to recover from attack as well as reputation costs and customer turnover.
What you can do to protect yourself
Protect the crown jewels: The largest losses in cyber attacks come from the compromising of crucial data, representing over 40% of costs. Back up and silo the most important data in a dedicated server which is not networked and has limited access.
Be Prepared: Put a plan in place for what to do if you are faced with an attack.
Be Vigilant: Of course you don’t want to compromise the privacy of your employees, but making background checks part of your hiring protocol is crucial, online services such as NetDetective or BeenVerified to do this work for you.
Get help: Again, spending money on this issue is likely going to be a fact of life. Get consultants to help you through where to prioritize spending.
Create a culture of cybersecurity: This one doesn’t necessarily cost much money, but is likely the most important measure you can take. Make sure your company takes security seriously and set up protocols that make this clear.
Let’s talk cybersecurity — Better passwords are a great start!
Remember, like in Baltimore, most of these crimes do not involve hackers specifically looking for your company. 70% of breaches are caused by random process failure which often includes employees not following password procedures. Remarkably, two-fifths of reported cybersecurity incidents are the result of a breached password.
Typical password fails include:
Being stuck in a password rut: Over 50% of people use less than 5 different passwords their entire life!
Ancient passwords: Over 20% say they still use passwords that are over a decade old.
Very poor password choices: Sadly, “password” “qwerty” and “12345” were among the most popular passwords of 2014.
How to create better password protocol
Length: Making passwords more characters makes them more difficult to crack. Experts say to make passwords at least 12 characters long as each character adds an exponential level of security.
Variance: Recommend not putting words or pronouns into passwords at all. Common advice is to take a phrase and to use the first letters of each word to create a memorable password. For example “My wife and I got married in 2008 and went on our honeymoon to Vegas!” would become MwaIgmi2008awoohtV!
Have a different password for every site: This sounds overwhelming, but there are online services like LastPass and Dashlane that use complex encryption to keep your various passwords organized and safe.
Two Step Verification: Usually this means a code is sent to an employee’s cell when they are logging in on a secure site. Taking advantage of this kind of two-step verification is crucial. You’ll be surprised to see how easy it is to set up two step verification on some of the most used websites.
Communication is key: Keep cyber security top of mind, often referencing it in company-wide emails and at meetings. Tell people about trends in phishing scams and convey tips on keeping secure.
Be watchful: If someone is acting suspiciously, be wary. Create a system where employees can anonymously report anything they find questionable.
Ensure your supply chain: Making sure your vendors and any IoT devices you are using are secure is essential. Many breaches are caused by weak security in a vendor company, or on a networked device that is brought in from another company. Also try talking to your bank about their safety protocols.
Unfortunately, the problem can not be ignored and this is a battle you will only win with investment and vigilance. Staying abreast of best practices is key. See below for a useful infographic from Varonis to help you prioritize your cybersecurity spending and avoid becoming another Baltimore.
Software as a Service is a driving force for disruption – a way to innovate at the speed which customers and the market demands. So how can companies with a traditional software go-to-market motion make the switch, and capitalize on all that SaaS has to offer? What’s the secret to succeeding in a SaaS world?
As the CEO of a 100% percent SaaS-driven, born-in-the-cloud company that was bought by a global technology leader who is constantly evolving and optimizing their business, I could preach the benefits of SaaS ad nauseam. Here is a quick list:
Velocity. If you decided to set up a new office today, with a new team, it may well take more time to assemble the chairs than it will to provide the IT. With an internet connection and a credit card, an entire business can be given access to cloud-based productivity, CRM, finance and storage tools before lunch.
Agility. Adding new tools becomes frictionless. There’s the opportunity to test alternatives and find the best fit for each task and integration with the overall business. If a specialist tool doesn’t work as well as imagined, then swapping it out for something different is easy: organisations are far less likely to be locked in to particular vendors, having paid a large up-front license fee.
Freedom to innovate. There’s an old technology maxim, “Fail fast, scale rapidly.” With SaaS, the business can concentrate on what it actually does. Buying, provisioning, running and maintaining heavy infrastructure can be left to specialists in their data centres. User support also becomes simplified since everyone’s running the newest version of the same systems. IT becomes a strategic asset for growing the business, as opposed to a cost-centre.
Cost. Businesses very frequently prefer to face operating expenses over capital expenses. The expense of on-premises data centres and up-front license commitments are difficult to swallow if you aren’t very certain of your organisation’s profitability over the time those arrangements are expected to serve the business. Monthly fees, in contrast, allow a business to scale their provision up or down in response to the commercial realities of the moment.
Collaboration. In order to scale at pace, cross functional interlock becomes a must. SaaS both enables collaboration and makes it critical to the success of your business. The benefit is that you get a company without siloes, in which every department is high context and high performing.
Everyone’s a winner?
The software market has embraced SaaS irrevocably. Companies reliant on large, up-front license sales are sitting on the wrong side of history – or have a niche that cannot effectively be replicated through cloud services. Applications that require zero latency, have intensive local hardware demands or have very specific compliance directives attached to them might remain on-site licensees for the time, for example. In other cases, if it’s not SaaS already, then it either has a hybrid model or soon will be.
This customer acceptance of SaaS is, of course, the largest advantage for vendors themselves embracing the model. It is easier to overcome resistance to a £30 monthly fee than it is to a £1080 three-year license, so sales are likely to be more frequent and sales cycles, unless you’re in a very crowded sector, are likely to be shorter.
These smaller sums of money also provide multiple opportunities for expansion. The lower cost of entry means customers with small budgets, who might have considered your product out of their price-range, will be tempted to dip their toes in the water. Then, if your customer is successful using your tools, then they may want extra seats soon. Perhaps there are additional, complementary services to offer, or an enhanced support package? Offered in terms of micropayments, the acceptance rate again becomes higher.
Next, possibly a counter-intuitive point – the levels of attrition for SaaS products is not nearly so high as you might imagine. Humans are hard-wired to being averse to losing things they already have. Studies show that losing something that made you happy hurts about twice as much as the increase in happiness gained from the same thing in the first place. So long as your service has some utility, people won’t want to lose it. The ability to walk away from a SaaS offering is a good reason to get started, but the actual likelihood of people doing so is much lower than they think. This inertia isn’t something to depend upon, though, which brings us to our next point.
Metrics at Your Fingertips
While we’ve stressed the commercial advantages of a SaaS business model so far, doing this well and creating a long-term business isn’t just about selling subscriptions and waiting for the money to roll in each month. It’s about using those advantages to direct investment into the service, driving up loyalty, and turning users into fans.
Creating and maintaining a SaaS product produces the opportunity for a very different relationship with customers than traditional markets. Historically, developers created a product, shipped it and moved on. If they were aware of how their customers used their products, it was often in a very piecemeal way, or through a piece of very deliberate research.
SaaS demands customer intimacy. Part of that comes from easy access to key information: on a daily basis, here are some of the KPIs I check: customer acquisition cost (CAC) ratio, direct customer MRR (monthly recurring revenue), channel partner MRR, MRR by region, annual gross churn, year over year quarterly ARR growth, cost per lead, and Days Sale Outstanding (DSO) – which I then compare to the SaaS average, 76 days. Across the industry, the annual SaaS survey by KBCM Technologies (formerly Pacific Crest) is the gold standard for benchmarking and provides a valuable yardstick by which SaaS companies can metric their own performance.
Having this data at my fingertips is invaluable. It embodies the agility which all businesses crave, and which is a primary driver for SaaS transformation and growth. Any good business puts their customer first…if you have a company culture code, I’m willing to bet “customer focus” is one of your core tenets. But SaaS transformation takes this a step further. It requires customer intimacy: knowing what your customers bought, why they bought it, and why they renewed (or didn’t) so that you can constantly provide them with even better value.
Just think about how well Netflix knows you. It sometimes knows what you want to watch before you do! Now consider how much convenience this adds to your daily life.
The ‘service’ part of SaaS can sometimes be misinterpreted as another word for ‘product’: in such a case, you’re giving customers the same thing, but charging a monthly fee instead of an up-front license. To do so would be to willingly be blinded to the greatest advantage of SaaS for vendors – the opportunity to give your customers exactly what they want.
Cloud computing has become a go-to option for the majority of companies that are aiming to digitize their assets. However, the rising number of cloud-based businesses has created new opportunities for cybercriminals who are looking for ways to access corporate networks, too. With cyber attacks becoming more frequent and far more devastating, the demand for data privacy and cloud security is higher than ever. Keep reading to learn how to secure your business using a VPN and top cloud security solutions.
Secure Your Business with Easy Cloud Security Solutions
Cloud computing allows for efficient flexibility and mobility. However, it also brings a certain amount of risk to the businesses that are using it. Every business, no matter its size, needs a cloud security solution to secure their network and data. These solutions secure the connection between cloud-based software and the user. Thus, the risk of cybersecurity incidents is reduced. Companies susceptible to cyberattacks can protect their data by investing in cloud security solutions.
These security solutions can help monitor and track network activity to prevent attacks, as well as block unsafe content online. Other features, such as network scanning and real-time firewall updates, can further enhance security and website speed performance. Besides cloud security solutions, it’s recommended to use a VPN to secure your business. A virtual private network can encrypt all traffic traveling to and from the devices (download on Google Play) in your network. That way, company data is hidden from hackers. Below, you can find a list of top 5 cloud security solutions for your business.
Qualys has been around since 1999. This proves them to be a reliable option when it comes to data protection. Their service focuses on identifying compromised assets and helping stop cybersecurity incidents from advancing. Qualys offers features such as endpoint security and web app security as well. The best part about it is that it doesn’t have any software or hardware requirements, as it is a fully cloud-based solution.
A leader in advanced cybersecurity solutions, Proofpoint is a cloud-based provider that offers services customized for businesses of all sizes. They protect from a variety of cybersecurity threats for both small and large corporations. Proofpoint can tailor their services to your needs, depending on the size and type of business you’re running. Besides securing outgoing data, Proofpoint provides efficient email security management features, as well as mobile solutions for targeted vulnerabilities. On top of that, they offer security products for social media and mobile devices.
Founded in 2010, CipherCloud offers security solutions across three different models, including PaaS, SaaS, and IaaS. CipherCloud allows users access to a single platform from which they can secure all customer data. What’s great about CipherCloud is that it doesn’t compromise the performance of the company’s website and assets. It operates in the background across multiple private and public cloud applications. Some of its best features include complete cloud encryption and data loss prevention. Adaptive control and threat prevention are CipherCloud’s two major strengths.
Created in 2008, SiteLock secures over 21 million websites across the globe. As such an efficient security solutions provider, SiteLock protects sites from security attacks, sneaky malware, and other threats. It regularly scans websites for vulnerabilities and keeps them safe from SQL, DDoS, and XSS attacks. While some security solutions can negatively affect a site’s performance, SiteLock boosts the performance through dynamic caching and load balancing. This makes it an excellent choice for large corporations. Besides website scanning and other security features, SiteLock also offers emergency website repair services. They help business reverse the damage in case of a cyberattack by repairing hacked websites.
#5 CloudPassage Halo
CloudPassage Halo has been providing cloud security solutions since 2010. They help organizations establish and maintain compliance with different security policies and regulations. Besides, they provide extra security through software vulnerability assessment procedures. These procedures help notice and prevent potential security incidents in time. Thanks to these features, CloudPassage Halo can provide visibility and better security across different cloud-based workloads. It is also important to mention that they provide great customer support service, which makes the overall user experience better.
Online security has been a major concern for years, especially nowadays, when the number of cyberattacks is rising. Without clear cloud security solutions, businesses are exposed to a wide range of online threats from small data breaches to large DDoS attacks and data theft. However, cloud solution providers can help reduce these risks by monitoring network activity and keeping all threats under control. Besides securing your business with cloud security solutions, make sure to encrypt the entire network with a VPN. Educate your employees on the importance of online security and demand that all devices connected to the company’s network use a VPN when browsing the internet.