Category Archives: Contributors

The Rise of Fintech and the End of Traditional Banking

The Rise of Fintech and the End of Traditional Banking

The Rise of Fintech

Developments in financial technology, or fintech, are changing the way we make payments, with new products gradually transforming how personal and commercial transactions are processed. The pace of these developments has opened up a whole range of opportunities for fintech start-ups and new players; but the arrival of cutting-edge technology has also presented challenges to traditional banks and the retail sector, which have had to adjust their strategies accordingly. For customers, however, there are two key areas where we can see the impact of fintech – namely, security and the arrival of the “mobile wallet”. In this post, I want to take an in-depth look at these areas and weigh up the challenges and opportunities for retailers.

From the customer’s point of view, fintech has the potential to deliver increased security and improved flexibility. Indeed, the consumer and retail sector has led the early adoption of new payment methods, with digital growth encouraging and facilitating the move towards a “post cash” economy. According to a report published last year, mobile payments grew from an estimated $5bn in 2013 to as much as $16bn in 2015. As customer expectations change and consumers grow used to mobile payments, it is becoming more and more important for retailers to provide an optimized, secure and convenient payment system.


(Image Source: Shutterstock)

The smartphone is of course one of the main factors behind this innovation. Consumers can now easily make in-store payments and transfer money to friends using their phone. Last month’s launch of Apple Pay in China is a reminder of the scale of the opportunities – even if the company must first overcome resistance from big banks and retailers. This is important because the system requires a digitized version of a credit or debit card to be stored in the “mobile wallet”. At present, transactions are secured using “digital secure remote payment”, with authentication with Apple TouchID authorizing a transaction up to limited amount.

But Apple is just one entrant in a market that is moving rapidly and in different directions, and shifts in consumer expectations are as much an indicator as a driver of change. Pivotal here is the role being played by cloud-based technology, new security measures and the analysis of big data. Cloud- based solutions, for example, have allowed organizations to develop scalable and cost-effective services, with APIs allowing for more intelligent and efficient data management. Providers of online payment systems such as Stripe and PayPal have been working hard to expand and develop their services, as well as competing to get their products embedded into social media channels.

GPS Developments

(Image Source: dennizn / Shutterstock)

This new technology has prompted some to voice concerns about privacy and information security. In response, traditional banks and start-ups have been investing large sums in the development of new security technology, with biometric security – fingerprints, facial recognition and even iris scanning – now widely available. This is combined with the development of increasingly sophisticated algorithms based on individuals’ spending history. One significant development is the possibility of using GPS to confirm an individual’s location: if an alert is raised by a potentially fraudulent payment, the bank can use the account holder’s smartphone to verify their location. Some customers, however, may still have doubts about the possible implications for privacy.

Big data is another area of real opportunity for banks and for start-ups looking to disrupt the market. Indeed, a bank’s capacity to leverage the possibilities opened up by big data is becoming an increasingly important factor in the competition for customers and clients. This is the reason why banks, and venture capitalists, have started to invest such huge sums in the analysis of financial data. Those banks that can effectively analyze and interpret the vast quantities of financial information will be better able to develop new, client-friendly products that today’s tech-savvy customers want and, perhaps more importantly, deliver a more reliable and cost-effective service. With person-to- person (P2P) mobile payments, for instance, customers can now make payments directly into other accounts with their smartphone.

In light of these developments in fintech, traditional retailers and online businesses need to do several things. To begin with, we need to come up with strategies and payment solutions that account for changing customer expectations by delivering fast, secure and convenient payment across multiple devices. But, perhaps more importantly, we need to find ways of leveraging new technologies and payments infrastructure to remain competitive and ultimately deliver better products and services to our customers.

By George Foot

Edutech and the Online Education Industry

Edutech and the Online Education Industry

Edutech Trends

Over the last 20 years we have seen the classroom evolve in very tactile ways. Blackboards became whiteboards to reduce dust in the classroom, pencils became pens as a means to reduce instrument breakage and the need for costly sharpeners, and notebooks became computers because, well, everything became about computers. But one evolution that has flown undercover during the past two decades does not involve what’s in a classroom, but the idea of what a classroom actually is. Online education has grown from “that one nerdy kid who is trying to pick up extra credit before college” to a massive and international industry that has opened up the borders of learning to anyone with an internet connection. But how did online education take off? Where did it begin? It all goes back to long before the age of wires.


People expanding the classroom is not a modern phenomenon. In fact, the first known occurrence of distance education dates back to 1728, when Caleb Phillips, a short-hand writing teacher, advertised his course and its weekly mail-in lessons in the Boston Gazette. The first traditional distance education program was established over 100 years later by Sir Isaac Pitman. Like Phillips, he to was looking to teach people short-hand writing but did so in a way that he was able to provide feedback for his students, a crucial flaw in Phillips’ program original program. Pitman’s method became so popular it led to the establishment of the Phonographic Correspondence Society, hence giving life to the term “correspondence courses”, a popular way to refer to mail-in distance education courses before the beginning of the internet age. The University Of London, referred to as “The People’s University” by famous author Charles Dickens, soon popularized these courses with the blessing of Queen Victoria. By 1906 there were over 900,000 students enrolled in distance education courses in England.

Online Education Beginings 

But enough history, when did distance learning become online education? With the advent of widespread online access thanks to the World Wide Web, online learning programs and platforms sprung from the woodwork of the education sector across the World. The first online high school became a reality in 1994 with the launching of CompuHigh. CompuHigh eventually became an accredited course provider by the NCAA. Since then online education has become a fixture in schools across the World, with many students now enrolled in hybrid programs that incorporate both traditional courses and supplemental online courses.

krishna-kumarToday, the online education sector is led by individual universities across the World and independent learning institutions like Edutech and Simplilearn. When asked why online learning has exploded over the course of the last decade, founder and CEO of Simplilearn Krishna Kumar believes it’s simple, online learning has brought people into the classroom that wouldn’t have necessarily have the chance, saying “Online learning dismantled various constraints such as the physical presence of a teacher or learner in a classroom or their availability at a particular time of the day. Be it self-learning or with the help of an instructor virtually, online learning has minimized barriers, benefiting the learner and the trainer,” adding “Availability of broadband and a surge in smartphone use have helped online learning grow at a fast pace. One of the main benefits of online learning is the ability to learn at one’s own convenience and comfort, regardless of time zones and geographies.” Another major reason is that online courses also allow students access to programs and courses that may not be available in their schools, opening up a world of opportunity for students across the World.

The online learning industry was expected to be worth $107 billion at the conclusion of 2015, with five year compound annual growth rate of 9.2%. This grew revenues from $32.1 billion in 2010, to $49.9 billion in 2015.

By Keith Holland

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions

Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that 64 percent of medium and large businesses believe cloud infrastructure is more secure than legacy systems.

What factors contribute to positive and negative impressions of cloud security? What should businesses do to protect their data better?

Fear of the Cloud Arises From Media and Lack of Knowledge


You cannot blame people for being worried about cloud security. Everyone remembers the Target and Home Depot breaches, which compromised tens of millions of customer credit card information, as well as the Apple iCloud hack that leaked private celebrity photos to the public. These incidents caused many major news outlets to question cloud security. However, the media forgot to mention that these three high-profile attacks did not have much to do with cloud computing.

Target allowed a third-party to access its network, and then hackers got ahold of that third party’s log in credentials. Home Depot was attacked in much the same way, with hackers stealing a vendor’s login, accessing the network, and then using custom malware to get around the company’s antivirus software.

Even large businesses have mixed feelings about security in the cloud, naming it both the number one benefit and most frequently encountered challenge.

Many recent data breaches have been reported incorrectly. … In most cases, it is human error, and the Cloud cannot protect you from that.” – Jason Reichl, CEO, Go Nimbly

Impressions of Cloud Security Remain Resilient

Despite these events, this year, 90 percent of enterprises plan to increase or maintain their annual spending on cloud computing. If cloud infrastructure were such a risk, businesses would not be investing in the platform at such high rates.

david-linthicumDavid Linthicum, Senior Vice President of Cloud Technology Partners, says to think about cloud security systems like this: is your money safer stuffed in a mattress at home where you have control of it or with your local bank? A bank, obviously, is better positioned to protect your money because they have a vault and security cameras and are insured. Likewise, a cloud service provider (CSP) is better positioned to protect your data because they invest in 24-7 monitoring, the best cyber security tools, and physical barriers, such as video surveillance and biometric scanning.

Unfortunately, cloud infrastructure security on its own, out-of-the-box, is not enough to safeguard your business’ crucial data.

Steps to Ensure Data Security in the Cloud

What steps should businesses take to ensure data security, when using cloud infrastructure?

Migrating to the cloud starts with selecting a CSP that fits your business’ needs. It is important to recognize that not all CSPs are equal.

In 2013, former Editor in Chief of Yahoo Tech Dan Tynan detailed his experience with Box. In particular, he talked about how all his Box files once disappeared for six months. Specifically, his login didn’t work and the company could not locate the account associated with his email. This means Tynan’s data was missing for half a year, which raises concerns about stolen information. Who had access to his data?

National Security Agency (NSA) whistleblower Edward Snowden also warned against relying on the security features of another popular cloud service, Dropbox.


Dropbox? Get rid of Dropbox. It doesn’t support encryption. It doesn’t protect your private files. Use competitors, like SpiderOak, that do the same exact service, but they protect the content of what you’re sharing,” Snowden said in a 2014 interview with the New Yorker.

Indeed, it is true: some CSPs are more secure than others. For example, the difference between Dropbox and SpiderOak is that Dropbox, as well as many other major CSPs, encrypts data on its own servers but does not encrypt data locally, leaving it vulnerable to attacks. Conversely, SpiderOak encrypts data on both your local servers and their personal servers, reducing the opportunity for a security breach.

Regardless of the CSP your business uses, additional local security measures, such as data encryption, improved identity access policies, and regular audits, will minimize the possibility of a costly cyber attack.

By Sarah Patrick

The Evolution Of The Connected Cloud

The Evolution Of The Connected Cloud

The Connected Cloud

Cloud computing is interesting first, but not only, because of the prevalence of cloud projects. There are many of them launched every day. Some have lofty expectations for business benefits (cost saving of 20 percent or more) and others carry even more intriguing goals.

In 2005 “the cloud” was new. Shared computing services were a novel idea. People weren’t sure they would catch on. There were many concerns about the initial reality of cloud, but the big one was security. Many business owners felt that cloud computing wouldn’t be as secure as their on-site system was.  Yet, from a purely tactical perspective, that wasn’t always the case. In fact, knowing where something is makes it more vulnerable than something with an unknown location.

The Community Cloud

The cloud ended up catching on, and eventually became an accepted reality. What may be coming, however, changes the cloud forever. There are US Government Agencies that have put two to four—or even more—petabytes of information into dedicated cloud solutions. “Dedicated cloud,” in this case means the community cloud as defined by NIST. In this case, there are multiple organizations using the resources, but they are all from the same group or agency. This makes having their data shared in a cloud less risky. There are also agencies that have data that gets leveraged around the world—for instance, the National Oceanic and Atmosphere Administration (NOAA) and the United States Geological Survey Agency (USGS). Data these organizations generate is concrete: we know when there is an earthquake (you feel the earth move under your feet) and we all know what the weather is outside. Of course, these agencies do produce and generate more data than that, all of which is shared with various groups around the world.


Soon, however, there is a change coming to cloud computing. The concept of cloud service providers is going to change, with the advent and inclusion of data from Cyber Physical Systems (CPS), sometimes called the Internet of Things (IoT). Today, IoT devices produce more data that virtually every other producing system. Most of the data they produce isn’t used or even noticed. For example a remote thermite monitoring a specific location (say a volcano) publishes the temperature 4 times a minute or more than 5760 times in a day. We can discard the majority of those data points because they are not significant. If it is 82 degrees 10 miles from the volcano and 81 degrees on the volcano, that data is not useful or unique. Estimates place the volume of CPS/IoT generated data at around 110 zB today. Experts project that in less than 5 years there will be roughly 5 times as many CPS/IoT devices deployed.

As we get smarter, though, the sensors we deploy will produce more intelligent data. For example, that volcano thermometer may stop sending 5700 pieces of information and only send information when there is a significant change. The group that placed that sensor will be able to determine what “significant” means. For instance, with a volcano, you don’t care if it is suddenly 20 degrees colder at night. You do care if the temperature rises above the air temperature, even if that rise isn’t sudden. The concept of CPS/IoT device intelligence will reduce a lot of the overall data produced. That 5700 messages a day/35000 messages in a week may drop to 1.

The Cloud Future


(Infographic Image Source: Intel)

The future of cloud is in the transportation, manufacturing, analysis and consumption of CPS/IoT produced information.

Yes, cloud will continue to provide computing services and storage, as more and more of its overall capacity will be consumed by CPS/IoT data. The rise of intelligent sensors will keep the amount of data flow at a lower level than the increase in the number of CPS/IoT devices would suggest. But even intelligent sensors will have to check-in from time to time, sometimes simply to validate that the connection is still viable and working. The more critical the sensor the more frequently it will need to check-in. This won’t result in 35000 data points a week, but it will still produce some.

The Next Big Thing


(Image Source: Shutterstock)

The next big thing in cloud computing will be the hosting of billions of little things—or, actually, the data from billions of little things. Analyzing and compiling all that information will also change how the cloud is consumed by companies, governments, and individuals. There will need to be a throttle that pays attention to the data you are requesting, and a pipeline for getting you that data. Intelligent sensors will produce smart controlled data. Intelligent cloud solutions will allow the device connecting to receive the amount of data it can process effectively, so as not to drown the messenger in data.

The new cloud will be just like the old cloud, just doing new things a little differently.

By Scott Andersen

Medical Professionals Face Unique Challenges Using The Cloud

Medical Professionals Face Unique Challenges Using The Cloud

Medical Professionals Using The Cloud

The presence and value of Cloud tools have seeped into virtually every industry, and the medical profession is certainly no exception. However, because of the special rules regarding patient privacy, specifically those found in HIPAA, people handling patient information must follow specific guidelines that in many cases, are violated by standard cloud services. Of course many services claim HIPAA compliance in order to attract healthcare clients, however, an approved “HIPAA certification” doesn’t exist for cloud services. Therefore, it is important for people working in the medical industry to be aware of the rules and options when utilizing the Cloud for their business.

All medical professionals (and most people who’ve been to the doctor) are familiar with HIPAA, but to lay a foundation for this article, here is a little background. Congress passed the Health Insurance Portability and Accountability Act back in 1996. You have HIPAA to thank for the enforcement of privacy standards (Infographic below by Cardigm)   that protect your personal health records (as well as health insurance portability, though the focus of this article will be the former). HIPAA makes provisions against industry fraud, imposes nationwide standards for the electronic management of records, and consequently ensures that confidential information will be handled in the appropriate manner.


However, technology has come a long way since the act’s initial passage 20 years ago. As a result, it’s now far easier to commit a HIPAA violation than you might think. Businesses working in or with the medical industry must take particular care when it comes to the cloud to avoid the hefty fines that come with such violations. When planning processes and acquiring tools to adhere to HIPAA rules, additional steps often need to be taken to ensure that security is not sacrificed for the sake of the cloud’s convenience.

The Third-Party Service Problem

The primary difficulty of integrating private information with the cloud is that most major cloud services (e.g. Dropbox) are not managed by medical professionals and they reserve the right to access files on hosted on their servers. Therefore, any instance in which these third parties have access to confidential client information would constitute a violation of HIPAA.


There are a few potential solutions to this issue, the first being a Business Associate Agreement (BAA). In this case, the third-party service enters an agreement allowing them to act as the business associate of a medical professional, thus protecting client info and meeting HIPAA standards. Unfortunately, this can potentially increase the provider’s liability and mean penalties for them should a breach occur, which means they’re less likely to submit to such an agreement. (Apple, for example, refuses to sign the BAA that would make iCloud HIPAA-compliant.)

Here are some cloud services that will sign Business Associate Agreements:

  • Document Sharing Services:
    • Dropbox for Business
    • Box Enterprise & Elite
  • Cloud Based Business VoIP
    • RingCentral Office
    • Jive
  • Online Fax Services
    • SRFax
    • SFax
    • FaxAge
  • Online Backup Services
    • Carbonite
    • iDrive Business and Enterprise

If a BAA isn’t available, another option is utilization of a third-party encryption app. These services encrypt files before they are uploaded to the cloud, rendering them unreadable by the cloud service provider. A little research can quickly turn up alternative encryption solutions to products you may already be using, such as CloudLock for Google Apps for Work. Another option is to invest in an entirely separate service, such as Tresorit, which provides encryption as well as additional features, such as the option to “unsend” or revoke access to mistakenly sent data. Encryption also protects against instances of hacking and lost devices (i.e. laptop, phone), which can be potential threats to client security.

Another option is to use a service that offers a HIPAA setting, which essentially encrypts the files in the way a third party application might and will typically remove other features that violate HIPAA like sending files through email. However, without a signed BAA from the vendor, any mishandling of the information would still be a HIPAA violation.

A Note on Email and Fax

Transmitting consumer information via email is a violation of HIPPA, which is why faxing is still very common in the medical industry. While online fax services (e.g. eFax) utilize cloud portals where faxes can be retrieved, they typically also email a copy to the recipient. This constitutes a violation of HIPAA. However, medical professionals can use online fax services that offer special features (often referred to as a HIPAA conduit) like file encryption and fax notification via email only. As mentioned above, a HIPAA conduit setting alone is not as strong of a liability protection as a signed BAA.

In Conclusion

In the conversation surrounding HIPAA compliance, it’s crucial to retain as much information as you can about the status and location of confidential information. As putting any data into the cloud means losing a degree of control, those interested in avoiding violations should know the identity of every person that has access to the information, where the service provider is located, and the exact nature and content of the data itself. The responsibility to ensure patient privacy is ultimately borne by the medical professional. If this includes using the cloud—and in this day and age, it probably does—be sure to plan accordingly.

By Leo Welder

Is Fear Holding Back a Next Generation of Cyber Security Approaches?

Is Fear Holding Back a Next Generation of Cyber Security Approaches?

Next Generation of Cyber Security

As I walked through RSA last week, I was struck by the usual fear laden messages “You’re not safe and never will be but I (vendor) have a silver bullet that will protect you.” And, I wondered if this fear-based approach is deterring a badly needed next generation of cyber security approaches.

For as long as I have been in the security industry, the focus has been on selling fear and today that fear is firmly anchored around cyber attacks and what could happen when attackers compromise your network and get a hold of your data. As much as the specter of cyber attacks is real the paranoia and hysteria that accompanies it often gets in the way of finding real solutions. While there were some new and innovative technologies on show at RSA this year, many vendors are still touting yesteryear technologies and approaches.

Expanding Data Networks


In the workplace, digitization has changed how we work – it goes beyond the devices we use and where and when we work, and more to the tools and data and our interactions with a expanding networks of people and data. Yet, despite the fear around security breaches, there are few security approaches that truly focus on securing at the data layer with a contextual focus on people and the expanding number of applications in use today.

Digitization increasingly shapes our everyday lives. It’s changed how we manage our personal finances and how we form networks and connect with people socially. Yet despite much media hype around increasing cybercrime, approaches to staying safe online are seem lax compared to the precautions that people might take with their physical safety. For example, parents who would not leave their children unsupervised while outdoors will let young children play on Internet-connected tablet devices, without adequate safety precautions, potentially putting their children at risk at being exposed and in the longer term being exploited online.

So how do we usher in a next generation of cyber security approaches

  • Children need online safety programs as part of their curriculum. And, to do this successfully, requires that resources also be injected into teacher training and awareness of where to focus and how to make cyber security enticing.
  • Parents and families need to get involved. A key finding from a recent study Addressing Gender Gaps in Teens Cyber Security and Self Efficacy was that teen girls were likely to develop confidence and interest in cybersecurity through informal approaches. It’s a great opportunity for cybersecurity practitioners to become role models and mentors to a younger generation.
  • I noted earlier that many cyber security approaches lag as much as 10 years behind the business landscape. Overhauling industry approaches is difficult when approaches and toolsets have been in use for decades. That’s where reverse mentoring can play a role. Partnering with young people is not just about them learning from us; it’s about what we can learn from them.
  • It’s time to finally drop the fear-based messaging. That would help us focus on what really needs to be fixed versus exploiting fear.

By Evelyn de Souza

Jargon Free: The Three Real Main Benefits of Cloud IAM Solutions

Jargon Free: The Three Real Main Benefits of Cloud IAM Solutions

Main Benefits of Cloud IAM Solutions

There are significant discussions concerning cloud applications and software solutions, such as identity and access management (IAM) solutions, which are used in conjunction with them. These articles often discuss complex technical reasons and benefits, which may be difficult for a non-technical person to understand.

Cloud applications and cloud IAM solutions go hand in hand. This is because many of the benefits of cloud applications cannot be realized without a management solution in place. Without all of the technical concepts, what are these benefits, though? Perhaps the following points can help. These are three straight forward, easy-to-understand reasons why cloud identity management solutions are beneficial when implemented with cloud applications.

Popular SaaS Applications

Elimination of Manual Account Management Tasks

Manual account management for any type of application is time consuming. Admins must manually enter and create accounts in each application for a new user, which can also lead to errors. For cloud applications, providers often try to mitigate this issue by offering a web-browser where managers can control access to the cloud application directly. However, they rarely automatically provision processes and this necessitates a sequence of manual operations.

One of the most important benefits of cloud IAM solutions is that they work seamlessly with both in-house and cloud applications, so that admins can manage both from one dashboard. This allows an HR employee or manager who is creating accounts for a new employee to easily check off which accounts need to be created in any applications, and the accounts will automatically be provisioned in near real time. This allows for accounts to be created quickly and easily, so that end users don’t need to wait around for the access that they need.

Increased Security

When an organization begins to use several different cloud applications it becomes difficult to ensure that the correct people have the proper access to them. Users may have access to systems and applications that they shouldn’t, leaving the company’s data unsecure. Often over time, employees are granted access for a project, when another employee is on vacation, etc., and that access is never revoked. Additionally, it needs to be guaranteed that cloud application access is disabled once an employee leaves the organization. This step is often overlooked since a manager needs to manually disable the employee account in each application that they must access.

Holiday Photos

IAM solutions allow for many different resolutions. A manager can first easily generate a report that shows exactly who has access to what, as well as any changes that they are making in that system. Many solutions also support workflow management. With workflow management and self-service, employees and managers themselves can request, check and approve facilities without any IT intervention. For example, an employee may request access to an application, a project or to view reports. The approval process is part of a structured workflow. The manager can authorize the request and it can be implemented immediately in the network, or they deny the request and the employee will not receive access. This not only dramatically improves efficiency, but this access also assists with managing an organization’s security. When an employee requests additional access or a new account, these established access rights ensure that only the correct people are providing the permission.

This process also allows a manager to easily disable the accounts of an employee who has left the organization, which ensures security of the network and data. They simply disable the user account in the solution and all connected accounts are automatically disabled.

Ease of use for remote employees

Another main issue is that cloud applications have great benefits for remote employees. These employees may access their work from anywhere at any time that they need to get their work completed. Without the correct cloud solutions in place, though, these main benefit may have some issues. For example, think of an employee who is working late at night, or is on the go and forgets one of their many, complex passwords. They aren’t able to contact the helpdesk to reset their password, which hinders them from getting quick access.


Password solutions such as single sign-on and self-service password reset, seamlessly work with in-house and cloud applications so that the organization can provide these solutions to all employees. Cloud SSO allows users to have a single set of credentials for all of their applications, so that they don’t need to enter numerous sets of credentials. This is extremely convenient for an employee who works on the go and needs to quickly log into their portal and access all of their applications. Self-service password reset solutions allow the employee the opportunity to reset their own password after correctly answering several security questions, without needing to contact the helpdesk. Remote employees, or employees who work after hours, benefit greatly from this since they are able to address any issues themselves even after the helpdesk’s regular business hours.

These are the three greatest benefits of cloud IAM solutions, without any technical jargon. Anyone, whether technical or not, can easily see that these solutions compliment cloud applications and allow their benefits to be seen without any major issues.

By Dean Wiech

Encryption – The First Line Of Defense For Big Data

Encryption – The First Line Of Defense For Big Data

Encryption and Big Data

According to estimates by Hewlett Packard, the average U.S. firm can expect to lose $15 million each year as a result of cybercrime. This number is twice the global average, but it is a preventable expense. As data continues to migrate to the cloud, the cost of bad security will only continue to rise. Threats to digital commerce are no longer as simple as email attachments or phony messages from Nigerian princes. DDOS attacks can bring your entire business to a crawl. Social engineers can gain access to admin level accounts with a five minute phone call. Packet sniffer programs can let hackers pear into private data to gain access to information needed to steal an identity. By using strong security protocols and in depth encryption, companies can avoid the massive impact that cybercrime can cause.


The Transport Security Layer and Secure Socket Layer are both part of the standard suite of internet protocols. The term SSL is used to refer to both, and encrypting the SSL is one of the main ways that businesses try to guard against unlawful access. The simplest kind of protection is a key exchange. In this method, both parties hold a public and private key. The public key works similarly to a padlock where the private key is the matching key.


When data is sent, the sender encrypts the data with the public key of the receiver, and the receiver will use their private key to unlock the data. This is a difficult encryption to break, but it is not foolproof.

The SSL will also use Cipher suite encryption to further protect data. This process begins by both the sender and recipient “handshaking“; establishing the desired method of encryption and other protocols to be used in their communication. This handshake includes a key exchange but it also has three other key features: the bulk encryption of all data sent (including the keys), the message authentication code (so hackers can’t insert their own false messages into the conversation), and the pseudorandom function (which defines a random starting point for the values of all keys used in the encrypted session).

With the full Cipher suite in deployment, most data can be deemed mostly safe. No security system is perfect, and data being mostly safe is often as good as it needs to be. However, for some of the most important transactions, mostly safe is simply not enough.

It is impossible to be 100% secure against a hacker, but it is possible to be not worth the effort. Once your data becomes so secure that hackers have no profit margins from breaking in, they will stop expending the effort. To that end, a further level of security is needed. While the basic SSL suites are effective, they are also common targets of attacks. What is needed is a third party proprietary suite that encrypts data in more advanced ways.

Monitoring Encrypted Traffic

According to Blue Coat, the first key beyond standard suites is the monitoring of encrypted traffic. Many attacks on the cloud are encrypted to make detection without opening the data difficult. Advanced security suites are able to scan for these encrypted suites without allowing the dirty data onto your network. In the event an attack does make it into the network, modern suites are equipped with highly advanced analytic tools that help to quickly identify the breach and work to prevent this attacker from gaining unrestricted access.

security watch

(Image Source:Shutterstock)

After the attack, third party protection companies provide the analysis of what happened that is needed to identify and close loopholes in security. They look at how the attacker got in, what they could access, when the threat was detected, and help to detail the actions needed to ensure this sort of attack can cause no further harm.

In an age of cloud based companies and global workspaces, bad cyber security is even more costly than leaving the front door unlocked all night. With due diligence, SSL encryption methods, and the help of a third party software suite, companies can mitigate large portions of the cost of cybercrime.

cameron-johnsonBy Cameron Johnson

Cameron a business consultant specializing in cybersecurity and big data. Cameron has also had the opportunity to speak at international conferences and was recently recognized as one of the world’s top 100 experts to follow on social media.

CloudTweaks Comics
Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and opportunities of digital technologies. The concept is not new; we’ve been talking about it in one way or another for decades: paperless office, BYOD, user experience, consumerization of IT – all of these were stepping…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…


Sponsored Partners