By David Fletcher
Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.
By David Fletcher
Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.
According to a recent report, global investment in fintech companies including both venture-backed and non-venture-backed businesses reached $9.4 billion in the second quarter of 2016; investment in venture capital-backed fintech startups, however, fell by 49%. Nevertheless, the Pulse of Fintech, published jointly by KPMG International and CB Insights, suggests venture capital investment in fintech is still on track to exceed the results seen in 2015. Commenting on a 71% funding decline in which Asian venture capital-backed fintech companies raised $0.8 billion from April 2016 to June 2016, CB Insights CEO Anand Sanwal says, “The decline in fintech financing and deals is in line with what we’re seeing in the broader venture environment for startups, as VCs as well as crossover investors are pushing back harder on profitability and business model concerns. Despite the funding drop, previously under-invested areas of fintech such as an insurance area are gaining strong momentum among venture investors across geographies.”
No matter the changing and developing fintech ecologies, financial technology is clearly a growth industry becoming integral in both personal and business lives. The disruption means businesses must implement strategies not merely to manage fintech innovations but take advantage of the many advantages becoming available. Experts suggest the success, or lack thereof, of fintech uptake will leave us with some unexpected victors and dismayed losers, and expect the main battle to play out between the heavy-duty traditional players trying to keep pace with innovations and agile startups rapidly advancing fintech possibilities.
We’re already seeing the early conflicts between the traditional retail banks that have stood as robust business foundations for decades and online banks that are chopping up the old models and recombining them into sleek, cost-efficient forms. Furthermore, our advisors are changing from human to human aided by technology to artificial intelligence imbued machines as the adoption of robo-advisors progresses. Some of the innovations we’re seeing result in cost savings for consumers, but others still simply broaden the market and provide businesses with more products to sell.
Aside from streamlined financial service models, cost reductions, and startling fintech modernisms, the evolution of financial technology is making the financial sector safer and more user-friendly. Fintech makes it easier for organizations to better educate their consumers and help them make smart decisions. With advice more readily, and often freely, available, as well as assistance with ever-increasing financial regulations, it’s easier for both individuals and businesses to comply with and expertly function within financial arenas.
Fintech also provides a great benefit to the retail sector, both improving online shopping capabilities and broadening the range of payment options available. With the average internet shopper keenly aware of the risks associated with online fraud, data theft, and privacy breach, it’s imperative that online shopping sites are able to provide their customers with the necessary protection and peace of mind. And it’s as important that such sites also offer every convenience possible, including a good range of payment routes; never mind PayPal, some savvy startups are already making it possible to pay with Bitcoin. Serving not only the consumer, the latest fintech payment solutions also aid businesses through speedy fee collections and low fees for improved cashflow.
The lending and investing sectors are also benefiting from fintech; financial backing is no longer limited to traditional investors or bank loans, but instead we’re seeing the likes of angels and group investments, along with inventive loan providers breaking down the old norms and changing how we can borrow. The other side of the coin, investment, is receiving a similar shakeup as fintech firms provide vehicles for small investments with low fees and practical advice. Some startups are even making it possible to invest spare change, encouraging the layman to better his prospects no matter his current financial status.
Many of the changes we’re seeing are dramatic but just as many are happening beneath the surface and most of us won’t ever know they’re happening; nonetheless, fintech advances bode well for us and promise a better-educated consumer and a more flexible and accessible financial environment.
By Jennifer Klostermann
Cloud adoption is accelerating for most enterprises, and cloud computing is becoming an integral part of enterprise IT and security infrastructure. Based on current adoption trends, it’s clear that the vast majority of new applications purchased by organizations will be SaaS applications. The allure is evident, from cost savings to speed of deployment to flexibility and simplicity.
Industry experts predicted the cloud migration would stop short of mission-critical applications, though, because of the prevalent belief that on-premises systems are more secure than those in the cloud. Instead, cloud adoption has accelerated because of users yearning for simplicity, convenience and lower cost of ownership.
Now, it’s clear that cloud apps are the future for enterprises. However, the benefits of the cloud can be negated if it leaves a business exposed to security breaches and compliance issues.
An organization’s security profile changes with the cloud for a variety of reasons. First, enterprises must grapple with the explosion of cloud apps that can be procured outside of IT’s purview, as well as manage and enable a globally distributed workforce that blurs the lines between employees, contractors and partners. Complicating this new security dynamic is the fact that even as enterprises aggressively move to a cloud-first IT strategy, they will realistically need to manage legacy applications that reside on-premises for the foreseeable future.
This is further compounded by the evaporation of the network perimeter. Attacks are no longer made against an enterprise’s network defenses as much as phishing and social engineering attempts are made against its users. Network and endpoint security simply aren’t enough. More than ever before, organizations need to understand protecting identity is critical, and in many cases, it’s the only linkage IT and security have between the user and the applications and the data they can access.
Successfully managing the adoption of SaaS applications – and securely migrating to a cloud enterprise – requires identity governance.
Securing the cloud enterprise can be done; the question is how? By taking a user-centric approach to cloud security to make sure you’re managing what applications and data your customers, partners and contractors – your identities – can access, as well as what can be done with that access.
• Connect to everything. Your identity governance solution must be able to connect to all an enterprise’s systems, from the legacy applications that have been in use for years to the SaaS applications that are being adopted today.
• See everything. You need visibility to all the information about an identity, across all the applications an enterprise uses, all the data they have, and across all users – no matter where they are located or what devices they may use.
• Govern everything. You need to know who does have access, who should have access, and what users are doing with their access on all your applications for all your users and for all your data.
• Empower everyone. Let your users work how they like to work, wherever they are and on whatever device they want to use.
The dynamic and complex nature of securing access while enabling cloud applications requires a new approach. Managing shadow IT accounts and securing these within established IT governance parameters is a particular challenge that IT teams must be on top of. Not securing these accounts to a high enough standard could have damaging effects in terms of asset loss, causing further internal disruption.
One approach is for IT to become a “cloud service provider” – an internal market and a central resource that provides identity and access services to departments, making it easy for users to gain access to cloud applications while simultaneously ensuring that security and compliance requirements are met.
Rather than have employees scouring the web for cloud applications, IT can instead deploy apps that have been tested and pre-approved. This, in turn, provides IT departments with a holistic view of employee activity across the cloud.
Another problem resulting from cloud update is the management and regulation of intellectual property and determining where the data actually resides. With company files, documents and potentially sensitive material making the move to a network of remote servers, organizations must better manage and curtail access to these important assets. Some applications may reside on-premise or in the cloud – known as a hybrid cloud solution. If an organization is struggling to gain control over cloud applications, using an Identity and Access Management technology that actually resides in the cloud will solve those problems.
Full cloud adoption may take several years, and for many organizations, a 100% cloud infrastructure may not be a reality anytime soon. But, the market is definitely heading toward more cloud computing than less, and regardless of where a company falls on the migration path, it’s important that organizations don’t sacrifice security along the way. Identity governance plays a critical role in securing the cloud enterprise and enabling that migration.
By Kevin Cunningham, Co-Founder and President of SailPoint
Kevin oversees product development, marketing, sales, operations and services.
Kevin previously served as founder and vice president of marketing for Waveset, where he turned ground-breaking innovation into tangible market results. Following the acquisition of Waveset by Sun Microsystems, Kevin led strategic product initiatives for Sun’s software portfolio. Kevin has also brought innovative technologies to market for companies including IBM/Tivoli Systems and UniSQL.
The entire world is being transformed right before our eyes. Emerging technologies are developing at break-neck speeds, and the global community needs to be prepared for what lies in the horizon. As with anything new or evolving there is benefit versus risk to consider. Most of the up-and-coming technologies that will soon affect the lives of millions have been developing over many years and are now reaching their apex to create a significant impact.
Internet of Things devices are already impacting our daily lives. Low-cost microsensors, microprocessors, wireless antennas and miniscule power sources has brought things we interact with in our everyday into the digital cosmos. Experts predict that energy harvesting device market will reach $26 billion by 2024 as seen in this infographic discovered via Jabil. Nanotechnology is taking us into the Internet of Nano Things (IoNT), and will advance medicine and numerous sectors like nothing we imagined.
Keeping pace with supply and demand is one of the biggest barriers for renewable energy. The newest developments show that using sodium, zinc, and aluminum constructed batteries make the mini-grid a solid possibility. It could potentially provide 24-7, reliable and clean energy to entire small rural towns.
New materials such as Graphene are emerging and are going to change the world forever. Think about the Bronze Age…the Iron Age—these newest materials each contain a single layer of atoms and are two-dimensional. The potential positive impacts of evolving materials are limitless and bound only to the reach of scientists and how far they choose to push.
Self-driving cars are already in the here-and-now, but just how soon will autonomous cars be ubiquitous? Sooner than you think. And the positive implications seem to be outweighing the negative. Helping to improve the lives of handicapped and elderly will change the quality of life for millions. This is but one example of the potential impact fully autonomous cars will have on society as a whole.
The technology behind Bitcoin digital currency is called Blockchain. It is a sophisticated mathematical process based on cryptography and considered to be fool-proof. It is effectively changing the face of how people conduct transactions and trade international currencies. The blockchain has implications far reaching money exchanges. Like the internet, it is finding ways around barriers of traditional dealings and is all but eliminating transaction fees.
By growing tiny versions of human organs on microchips, scientists can study exactly how the organs operate. This is going to catapult medical research into the science fiction age—allowing researchers to witness the workings of human anatomy as never before seen.
This material will improve the efficiency of generating solar power. It has the advantage of affordability and capability to be used most anywhere. Scientists are calling perovskites the “wonder materials” of the future. Manufacturing it is fairly cheap and the liquid batches can be formed into almost any shape without the need for furnaces. The biggest asset is that it is light weight, opposed to its heavy-weight counterpart.
From your own personal robot assistant that can anticipate your every need and perform tasks at your whim, to entire AI environments—this could be affordable to everyone with the emerging availability of Open AI ecosystems. This will interconnect everything around you and collaborate with your personal data to be accessed by your spoken work…artificial intelligence to make your everyday more productive.
Neuroscientists will use recent developments of visible light to treat brain disorders like Parkinson’s. This emerging technology brings new hope where there once was none. Individual neurons can be controlled by turning the on or off as necessary to treat specific disorders. Revolutionary and amazing in its possibilities and prolonging meaningful quality of life.
By CJ Callen
Researchers and cybersecurity experts working hard to keep hackers out of the driver’s seat.
Modern transportation has come a million miles, and most all of today’s vehicles are controlled entirely by digital technology. Millions of drivers are not aware that of the many devices in their digital arsenal, the most complex of them all is the car they drive every day. Vehicles are globally connected, smart, intuitive, adaptive, and loaded with assistive technology and because of this—vulnerable to attack.
Over the last year researcher have been conducting numerous proof-of-concept demonstrations to test the vulnerability of connected cars. Results are staggering, and range from potential hackers gaining unwarranted entry to completely appropriating control over the car. This includes controlling the media console and radio to actually hi-jacking pilot controls—steering, accelerating and braking.
It is a scary concept for consumers to think that their car can be taken over by hackers, fully controlled and stolen without the thief ever physically touching it. New research suggests that the only way to avoid security breaches is by integrating cybersecurity, cyber forensics and social media with advanced mobile cloud processing.
With completely autonomous cars on the horizon for the average consumer, and connected smart cars already in the mainstream, upping the ante in advancing security for our cars is at the forefront of cybersecurity research and IT specialist’s testing. Because once a hacker is in—he can pretty much do whatever he wants with your vehicle.
If protecting the safety of your own car isn’t enough to worry about—people who use Uber are about to have something else to worry about thrown at them. The company is launching a small brigade of about 100 driverless taxis in Pittsburgh. The fully autonomous vehicles are specially designed Volvos that will be picking up unsuspecting Uber customers.
(Image Credit: The Newswheel)
Initially there will be a person who sits in the front seat to monitor safety and to satisfy the regulation that currently prohibits cars from driving around without a human in the driver’s seat. If all goes well in Pittsburgh, it is likely that Uber will roll out their cars all over metro cities. For the testing period, customers receive their ride for free.
It is a grand idea, but in the scale of things, some worry that driverless taxis only invite hackers into another realm of illegal possibilities. The question remains whether people will take their ride from a car with no driver, which is where it is heading once legislation allows cars to drive around without a human behind the wheel.
Researchers have their hand full and are making leaps and bounds in cybersecurity. But law enforcement is looking into counter-hacking technology also, and advancements are evolving which allow officers to stop a thief-less car-jacking with some cyber-tricks of their own—but that is something for an entirely different article.
By CJ Callen
The very same year Marc Andreessen famously said that software was eating the world, the Chief Information Officer of the United States was announcing a major Cloud First goal. That was 2011. Five years later, as both the private and public sectors continue to adopt cloud-based software services, we’re interested in this question: how in the world do you eat cloud software?
Cybersecurity today seems to have an unfortunate Catch-22. You want to test (and re-test) your live cloud services to see if they are really secure, but testing too aggressively or frequently will disrupt, degrade, or even leave those services more vulnerable. Keeping your live services up and running is difficult: your aggressive scanning and testing is essentially eating those services — to see if they are good or bad — at the same time you are trying to keep them all in one piece.
As the title of this blog hints, running a live system and fully testing that same live system is exactly like trying to have your cybersecurity cake and eat it too — pick one, not both, or more realistically pick half of each. We’ve even heard penetration testing on a live network described as “running fast while shooting at your own feet to see if your boots are really tough enough for the journey.” (Please do not try this at home!)
It’s no secret that classical vulnerability and penetration testing is filled with wise caution, legal landmines and detailed guidance to mitigate the impact on real operations and businesses. At least one way to try to maneuver around this Catch-22 requires a separate non-production environment of equivalent hardware and software. It’s not easy to keep that non-production environment up-to-date and it demands a lot of constant investment of time and money. The unfortunate reality is that such environments quickly diverge from real operational systems, making them less meaningful. It’s often double the cost for just a fraction of real cyber security benefit.
As businesses rapidly accelerate their dependence on cloud services and the federal government puts sensitive data into the cloud, achieving more secure cloud-based services is critically important. We’re all interdependent and have a shared stake in the outcome.
With a lot on the line there is no shortage of expectations – from financial sector penetration testing requirements to a new military effort calling for more proactive testing of critical operational systems. And we can’t help but mention the groundbreaking Cyber Grand Challenge using artificial intelligence based techniques.
Likewise, as security concerns cause the federal government to step more firmly into the cloud — there’s even a cloud.gov these days after all — the government’s own penetration testing penetration has also anticipated this seeming Catch-22 in cybersecurity. The government expressly allows “testing in a non-production environment” to “limit the impact on business operations.” Then, in the same breath, they wisely require that the non-production environment be “identical to the production environment.” And to reinforce the point they even use italics, noting that the “environments must be exactly same” and not just “almost” the same. We couldn’t agree more!
Our answer, then, to the original question — how in the world do you eat cloud software? Leverage the inherent ability of any cloud environment to generate and operate exact (cloned) image of the live systems. Then test those exact images. It’s a bit like interacting with a hologram, except in the cyber world the hologram behaves and reacts exactly like the real thing — because it is as real as the original due to the inherent design of the cloud’s serviced-based architecture. Once you’ve set up the parameters for the cloud service, it makes little sense to ask Amazon, for example, which particular servers in which racks you are running on, because it doesn’t make one bit of difference operationally.
As the cloned versions are setup, the live cloud services keep going while the cloned version is taking the heat. Even if during testing the cloned version goes down in flames, so to speak, that’s ok for two reasons. First, the live operational system is still running fine — keeping your customers and users happy — and, second, you have proactively uncovered an issue before it could have grown into an even larger, real one.
Meanwhile, you can just restart another cloned image and get right back to testing — no need to clean up or try to rewind time. And this approach works across multiple cloud platforms, whether hosted or on premises or a mix, so you can choose your cloud provider — or more likely choose a few of them. Furthermore, your existing investment in scanning, testing, and security tools can also be applied to the exact images.
We agree there’s really no silver bullet in cybersecurity, as it clearly takes a diverse range of tools and techniques to keep a system secure, but a service-based cloud infrastructure really does have one particular silver lining: by scanning and testing fully cloned images, you can have your cybersecurity and really eat it too.
By Ernesto DiGiambattista, Co-Founder and CEO, Cybric
Prior to founding Cybric, Ernesto DiGiambattista was the Chief Technology & Security Officer for Sentinel Benefits & Financial Group, where he was responsible for transforming a legacy technology team into a technology innovation service group.
In addition, Ernesto was a senior member of Bank of America’s Information Security & Resiliency Group and Corporate Audit organizations. Further, Ernesto has been a trusted advisor on private and public cybersecurity policy to members of the U.S. Senate and the U.S. House of Representatives.
In June 2015, Ernesto was recognized by the Boston Business Journal as a 2015 Finalist for Boston CIO of the Year.
Security and privacy have been an integral concern of the IT industry since its very inception, but as it expands through web-based, mobile, and cloud-based applications, access to data is magnified as are the threats of illicit penetration. As enterprises manage vast quantities of data, they find themselves exposed to regularly revised malicious attacks through complex malware which today has many more access portals than our previously unconnected infrastructures provided. Moreover, thanks to innovations in the Internet of Things (IoT), more data is being collected than ever before, much of it highly personal and particularly sensitive. Of course, the value we gain through big data analytics means we’ll be seeing greater collection and storage of such personal data in the years to come—so a focus on data security is imperative.
The security of the infrastructure, tools, and processes of a platform play a significant role in the overall security of data, and with an upsurge in the availability of low-cost and free platforms, one has to consider the vulnerability to hacking. This isn’t to suggest that because a solution is cheap or free it isn’t a quality build – though this can, of course, be the case – but the very fact that it is developed to be so readily available to many means there are far more vulnerabilities that need to be adequately secured. When considering data security, we often study the storage facilities and access requirements for these vaults; it’s easy to forget about the security of the platforms that collect, access, and analyse this information.
Although the adoption of IoT devices continues to grow, many of the more personal devices remain highly insecure. Users often falsely believe that the information they’re collecting can have no value to anyone else and so they fail to activate safeguards. Unfortunately, in the hands of the wrong person, just about any data can be dangerous, and of further concern is the fact that some IoT devices make access to other smart devices and their data possible, creating a security loophole.
The development and adoption of the cloud is probably one of the most important and beneficial IT trends of recent years, but with the many tools and enhanced accessibility cloud platforms provide comes a heightened risk to data security and privacy. For organizations using big data and cloud platforms, cloud security should be a top priority.
Regrettably, many making use of cloud platforms assume that relevant controls and defenses are in place without properly analyzing the underlying structures. And making the situation more challenging is the constant development and improvement of cloud platforms and tools; having the requisite knowledge to understand what security measures should be in place is a full-time job for an expert and leaves little time for anything else.
Fortunately, cyber security can help organizations by providing an essential layer of cyber analytics to enhance existing security defences. Big data analytics has a place in just about all environments, not least of all security. Enhancing cloud data security, device security, platform security, and much more, cyber analytics used to the advantage of cyber security delivers insights into security gaps existing in systems, exposes breaches which have already occurred, and identifies areas which may be more prone to attack. SAS Cybersecurity is one solution that puts an organization’s information to use countering cyber attacks, putting the advanced and predictive analytics in the hands of the experts. By implementing a trusted and dexterous cyber security solution, network visibility can be magnified, threats quickly identified and acted upon, and data appropriately whittled down for more accurate analysis and recognition of risks.
Data privacy and security should always be a top priority, but when the necessary steps are taken it needn’t cause sleepless nights. Although it’s always advantageous to have as much information as possible, the IT security landscape is too broad for all of us to be specialists. Implementing the right solutions negates risks and vulnerabilities and leaves companies free to focus on their core activities.
By Jennifer Klostermann
One of the biggest fads in the technology sector right now is wearable tech. From Smartwatches that let you check your emails, chat with friends and search the web, to fitness accessories that monitor your heart rate and your sleep patterns, this is truly the Golden Age of wearable technology.
But some of these innovations are older than you think. Virtual Reality sets like Oculus and VR Lite can trace their origins back to 1963. This is when the idea of bringing the TV screen to you in order to create more depth and more immersion was first proposed. In the 1970s, the first calculator watch was created, and while this is someway from the Apple Watch, the beginnings are there and this was a huge innovation at the time.
(Infographic discovered via Siliconrepublic)
We may be living in an age that is dominated by technology, but a lot of the ideas that you think are new were actually formed many years or generations ago. The Tablet is a perfect example of this. We all think of the Apple iPad as the first tablet, but the name “Tablet PC” was actually coined by Microsoft, who released a similar device back in 1999. And even this device was predated by the Palm Pilot, the Newton and several other mobile PCs.
Of course, for every game-changing invention, there are a few obscure, baffling inventions that really shouldn’t have made it off the drawing board. And as this infographic proves, there have been no shortage of those throughout the last few hundred years.
By David Jester
DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…
Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…
DDoS Attack Takeaways If you tried to access some of the world’s most popular websites, such as Twitter, Spotify, CNN, Netflix and The New York Times last Friday, you may have run into some trouble. Millions in the U.S. and Europe lost access to much of the internet in the wake of a cyberattack. Hackers…
DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…
IoT Device Failures I have, over the past three years, posted a number of Internet of Things (and the broader NIST-defined Cyber Physical Systems) conversations and topics. I have talked about drones, wearables and many other aspects of the Internet of Things. One of the integration problems has been the number of protocols the various…
Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…
How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…
Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…
The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…
The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing the risks. However, the risks are real and account for billions of dollars in losses across the globe per year. If you’ve been hacked, you’re not alone. Here are some other companies in the past…
Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…
Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…
The IoT Machine Learning Shift While early artificial intelligence (AI) programs were a one-trick pony, typically only able to excel at one task, today it’s about becoming a jack of all trades. Or at least, that’s the intention. The goal is to write one program that can solve multi-variant problems without the need to be…