Category Archives: Tech Thought Leadership

Digital Transformation, FInance, Fintech, News, Tech Thought Leadership

Adrian Taylor: Hybrid Cloud Application Delivery in Financial Services

How are Financial Services Firms Addressing the Requirements of Digital Transformation, Security, and Compliance?   Adrian Taylor, Regional VP of Sales for A10 Networks , explores this:

The financial services sector is experiencing significant commercial disruption coupled with rapid innovation as established institutions strive to become more agile and meet evolving customer demand. As a result, financial services organisations are undergoing rapid digital transformation to meet changing customer needs and preferences, and to compete with a new generation of digital-native competitors. Hybrid cloud environments play a key role in this strategy, allowing greater speed, flexibility, and visibility over application delivery than on-premises data centres while also reducing costs. 

But the move to hybrid cloud introduces new challenges as well. So, as financial services organisations plot their strategy for transformation, firms must make critical technical decisions about the clouds and form factors best suited to host their hybrid environment. They also need to consider how they will secure web applications against evolving threats such as ransomware, data theft, and DDoS attacks through measures such as DDoS protection and using a Zero Trust model. At the same time, they must also maintain regulatory compliance, governance, and auditability across complex, fast-evolving infrastructures. 

To understand more about these challenges, we recently conducted a survey with Gatepoint Research involving senior decision-makers to gain insight into the current state of financial services technology and the future direction for organisations in this sector. Here are some of the key findings: 

 

Today’s Financial Services Technology Landscape 

Although financial services businesses are making a steady move to the cloud for application delivery, on-premises data centres continue to play an important role. 

While adoption of public cloud infrastructure is strong, with almost half of those surveyed hosting applications primarily in the cloud, most respondents (58 percent) continue to rely primarily on their private on-premises data centre for application delivery. 35 percent of organisations described their environment as hybrid cloud, though with an emphasis on their own private data centre. This shows that even as transformation continues, the traditional data centre remains prominent in the technology strategy of financial services organisations. 

That said, the balance between on-premises and cloud infrastructure may well shift soon. When respondents were asked about their plans for the coming year, 57 percent of decision-makers reported that they intend to move more applications to the cloud. 

 

Ransomware and PII Lead Security Concerns 

Today, financial services organisations face a broad spectrum of security threats, including many being targeted at sensitive customer data.  The survey highlighted that organisations’ biggest security concerns or consequences were ransomware (57 percent); personally identifiable information (PII) data theft (55 percent); and phishing or fake sites (49 percent). 

While threats to customers and their data are seen as the highest risk, dangers to the company’s brand image and reputation were not far behind. 38 percent of leaders cited concerns about hacking and cyber defacement, tied with brand damage and loss of confidence. Nearly as many (37 percent) were concerned about DDoS attacks, which can undermine a firm’s perception among customers through impaired service quality and customer experience. Meanwhile, insider attacks remain an issue, named by 28 percent of respondents, if not quite at the same level as most external threats. 

To address the changing security landscape, many organisations have started initiatives around the Zero Trust model, in which traditional concepts of secured zones, perimeters, and network segments are updated with a new understanding that a threat can come from anywhere or anyone inside or outside the organisation. As of June 2020, 41 percent of respondents had already established a timeline for their Zero Trust model initiative with 15 percent having projects currently underway. Still, nearly two-thirds have no current plans or initiatives around the Zero Trust model. 

 

Moving to Improve Flexibility, Agility, Scalability and Security 

Technologies and strategies planned for the coming year reflect a key focus on the competitive requirements of fast-paced digital markets. The top-two initiatives included moving from hardware appliances to more flexible software form factors and deploying hybrid cloud automation, management, and analytics to increase operational efficiency. 

With DDoS attacks a prime concern, 29 percent of respondents planned to deploy or replace an existing web application firewall (WAF) or DDoS protection solution. Surprisingly, even several years after the introduction of modern Perfect Forward Secrecy (PFS) and Elliptical Curve Cryptography (ECC) encryption standards for enhanced security, 29 percent of organisations are only now working to upgrade their Transport Layer Security (TLS) capabilities to support these technologies. 

Even as cloud adoption continues to be strong, five percent of decision makers intend to repatriate applications from private cloud environments to their private data centre. While not a high number, this is not entirely insignificant. Given the diversity of form factors, architectures, and deployment methods to choose from, it is important to make sure that the approach fits the organisation’s needs before proceeding. 

Addressing the Requirements of Hybrid Cloud and Rising Demand 

Moving forward, decision-makers view capabilities related to risk as especially important for their financial platforms. When it comes to the most important capabilities for financial platforms running in hybrid cloud environments, regulatory compliance, comprehensive application security and redundancy/disaster recovery are top must-haves. 

In addition to the importance placed on redundancy/disaster recovery, many respondents (43 percent) named centralised management and analytics as important capabilities. Along with elastic scale for variable/seasonal demands (25 percent), this shows a recognition of the requirements to provide effective service through redundancy, scalability, and a sound infrastructure. 

Compared with risk-related and operational priorities, cost saw considerably less emphasis in the survey. While 28 percent of respondents placed importance on automation for operational efficiency and reduced costs, just 18 percent prioritised flexible licensing and pricing. 

 

Desired Benefits from New Technology Investments 

As they plan new technology investments, decision-makers are motivated foremost by risk reduction—far outpacing business factors such as revenue, customer experience, and competitive advantage. 

By a large majority, security was the most likely benefit to spur funding for new technology. Operational considerations followed, including operational improvements (65 percent) and cost savings (63 percent). Regulatory compliance, emphasised earlier in the survey as a priority for a hybrid cloud requirement, was not necessarily top-of-mind in the technology funding stage—but still of high importance (57 percent). Revenue generation was named as a highly important benefit by only 35 percent, followed by customer satisfaction at 32 percent. Even in an industry undergoing rapid digital transformation, just 32 percent of decision-makers cited business advantage from new technology as a prime factor—and only 17 percent were moved by the ability to accelerate development speed. 

The results of the survey offer a snapshot of an industry in transition, as decision-makers seek to keep control over security and compliance and maintain operational consistency, as they look to tap into the agility and scalability of the cloud. It is clear that, while security is important for digital transformation initiatives, application delivery and managing multi-cloud environments are of equal importance.  Above all financial services organisations must maintain their good reputation and ensure customer trust. Firms must demonstrate that they are protecting customer assets, providing an ultra-reliable service, working with trustworthy partners and reducing risk to the business. 

Cloud Migration, Tech Thought Leadership, Thought Leadership

Why do you need a global footprint for your cloud?

By Sarah Doherty, Product Marketing Manager at iland Cloud

With the increased awareness around cloud solutions, most organisations immediately think about reducing cost and shortening time-to-market. As more ideas around cloud are discussed, other criteria like performance, security, compliance, workload segmentation, and how to integrate the cloud become more relevant to an existing environment. The profile of a global cloud footprint; however, is an equally important consideration.

It may be time to think about why having a standardised global cloud footprint matters. Here are ten good reasons why:

  1. Data sovereignty, privacy laws and local regulations are real.Your business can be impacted if these regulations are not properly followed. Choosing a cloud provider with a strong global footprint not only gives you the ability to comply with local regulations in the countries where your organisation does business but provides the ability to manage your cloud footprint from a global level, which is more efficient and cost effective.
  2. Keep your end users closer. Any organisation wants the right to choose where apps are delivered and where the data is stored. Whether it is about performance, latency issues, data privacy or data sharing; as more of the IT footprint is migrated into the cloud, it is critical to have a provider who offers the flexibility to decide where that footprint lives. These are decisions that should be based on the business, not dictated by your service provider.
  3. Simplify with a single global contract.For many multinational businesses, completing contract negotiations in each country where a business is conducted can be a daunting task that may bring projects to a standstill. Finding the right cloud provider that delivers an overarching global contract allows your organisation to undergo this process one time which will save time and money for your organisation. In addition, having a larger global contract allows for more power and the ability to negotiate better pricing while standardising costs. This can help when rolling out customer facing products and applications in which there is the need to present simple chargeback or pricing options.
  4. Standardize with a global SLA (Service Level Agreements).Getting a standard, global SLA (Service Level Agreement) provides the ability to offer that same SLA to end users. No two cloud providers ever offer the same SLAs, so being able to easily define that across the regions where your organisation does business can help improve service and management of your business SLA’s.
  5. Consistent IT service catalogue availability.Choosing the right cloud provider allows for the ability to build out a standard IT service catalogue, group application templates together and distribute all of it globally with little to no effort.
  6. Streamline with single pane of glass management interface.Having a standardised management interface greatly simplifies IT operations and deployment methodologies. This covers items like alert notices, IT Service catalogue items, reporting and analytics, and support which then indicates how those feedback into the IT department.
  7. Standardise support with ITIL. When choosing a cloud provider, look for standardised onboarding and support levels that compliment your organisation’s environment.
  8. Facilitate the path towards a global cloud strategy. Many multinational companies are still undertaking the path to a global cloud strategy. Evaluating and ultimately selecting a global cloud provider can facilitate this process and provide a framework for your global IT organisation to streamline and standardise operations.
  9. Compliance cannot be ignored.Another key initiative is compliance which needs to be accurately addressed so as not to delay or stall key business activities. A cloud service provider should be focused on global compliance issues while enabling your organisation to standardise this initiative across all the regions where your business is conducted.
  10. Innovation can happen anywhere.As enterprises increasingly rely on innovation to drive new market demand; IT departments need to be ready to support all these activities wherever it occurs. The cloud takes away the need for sizable up-front investments in hardware while also providing the ability to spin up “start-up-like” environments whenever and wherever. Think of it as your global laboratory and that lab can be moved or replicated at any time, giving optimal flexibility to the innovative projects for your business.

At iland, we are always working with our multinational customers to better understand challenges that are faced within an IT infrastructure. Our goal is to provide the tools and simplicity that is needed in all cases. We have developed a resilient global cloud footprint that consists of 10 data centres in North America, Europe, and the Asia-Pacific regions. Each state-of-the-art facility is host to the workloads of growing businesses, both local and global, requiring additional capacity, local presence, or sophisticated disaster recovery support. And we have backup facilities at every location. The expansion into these data centres has been driven primarily by customer needs. Low-cost resources are not enough in leading a successful migration to the cloud, it takes a cloud service provider that can keep up with your business needs while helping you streamline your organisation’s processes in all the places where you do business.

To learn more about iland, visit: https://www.iland.com/

Industry News, Networks, Tech Thought Leadership

Chris Martin: How A10 Networks is positioning the channel for growth, finding ways to incentivise partners

Written by Chris Martin, Channel leader for EMEA & SAARC, A10 Networks 

The rise in a globally dispersed workforce and new work-from-home requirements are placing extraordinary pressure on organisations’ networks. At the same time, COVID-19 has accelerated digital transformation across many industries, with a shift towards hybrid and multi-cloud to service both customers and employees in this new environment.

These changes further underline the importance of operational efficiency, management, visibility and security for organisations. This is where A10 Networks and its channel partners can ensure customers’ datacentre applications and networks remain available, resilient and secure in the months ahead.

With a hundred percent of our business transacted through channel partners in EMEA, partners are central to

A10 Networks’ plans.  The channel is incredibly important to us and the pandemic has not affected our commitment nor our investment in the channel.  In fact, we have championed the channel in 2020, having made huge investments in our partner ecosystem and our Affinity Partner Programme over the last 12 months. As such we have focused on three key areas: education, engagement and deal registration and we currently have underway five key channel initiatives which include developing our distribution relationships, deal registration, partner ecosystem, organic leads and channel enablement.

Having said this, we are much more focused on certain key vertical sectors and as such we are looking to work with partners who have specialist vertical market capabilities.  In effect, we are looking to identify the right partners, addressing the right gap in the right vertical market.

 

Training and certification

Training is key to this enablement and A10 Networks is passionate about helping our partners obtain the technical certifications needed to help their customers navigate this new environment. We know it isn’t easy for a partner to focus on their own business, while ensuring their customers’ operations remain up and running. We therefore want to ensure that our partners are up to date on their certifications, to continue to be a trusted advisor to their customers.

We launched new sales and technical training certifications this year, free of charge and aligned with our new branding and latest products and solutions. For example, we now have Sales Associate Training and Technical Associate for Service Providers Training.

However, when it comes to partnering, we know one-size-doesn’t-fit-all. As mentioned earlier, we work with partners to understand their vertical expertise, their technical abilities and their strengths. We then formulate a joint business plan and establish KPIs so together we can best address customers’ needs.

 

Distribution is key to growth

Distribution is a part of this strategy – which is why we are working more closely with our distributor partners than we ever have before. We have doubled our distributor presence across our territories because we believe that partners need a choice. We have onboarded 11 new distributors in the last 18 months in EMEA and SAARC.

Whether the distributor is a dedicated, niche player or one with huge scale and resources, they all deliver their own value. We have established KPIs for distribution around recruiting partners, net new revenue, certification and lead generation. We are also working together with distribution on recruiting those quality partners I spoke about.

Another increased area of focus is deal registration. We are actively encouraging our partners to register leads in line with our business growth and the increasingly competitive business landscape.

 

Recognising partners and individuals who go above and beyond

We have also created a new channel awards programme, known as Elevate.   This is because we recognise that certain individuals and companies within our channel community go above and beyond to drive business with A10, and we wanted to reward their hard efforts. Starting from 2021, we will recognise both partners and individuals and categories for 2020 nominations include aspects such as the best financial performance, the best marketing campaign, the partners that provides the best technical support as well as individual nominations such as the best performing sales, technical and marketing person. Any member of the A10 channel community is eligible within EMEA and SAARC.

Likewise, we recognise that technical teams don’t always get rewarded for their contributions so we have created our ‘Tech Packs’ which provide a whole range of goodies that we are giving away to those techies who successfully complete certain certification levels.

 

Path to Platinum

Finally, we have created an initiative called Path to Platinum. This new programme is designed to accelerate our partners’ growth, and enable Bronze and Gold partners to achieve the highest accreditation in the A10 Networks Affinity Partner Programme

Importantly, we want to focus on certification, specialisation and commitment rather than solely judging a partner based on traditional run-rate revenue targets. If there is a partner that we are interested in developing a relationship with, we will talk about the level of discount we can offer, the support and how to build that relationship. With buy-in from both sides, we will create a bespoke plan to go out and win business together.

With the channel front and centre, we are expanding rapidly and winning new customers. These are businesses that have apps at the heart of their business, like Uber. Another is food delivery service takeaway.com, which needed to continue to service customers, despite the huge demand placed on their networks during COVID-19 enforced lockdown.

It has been a year of unprecedented momentum for our partners. Despite being faced with much uncertainty as we approach 2021, we know one thing for sure: A10 Networks will continue to expand and drive new business by putting the right incentives in place that deliver profitable and predictable business to our channel partners.

News, Tech Thought Leadership

Giles Knights: How Contractors Can Help Organisations Fill the IT Skills Gap

By Giles Knights, General Manager, ClearHub, part of Clearvision

While the IT contractor market has been impacted by COVID-19, as many organisations and professions have, there is still a strong requirement, potentially an even greater one, for organisations to build a level of flexibility and relevant skillsets into their teams. Engaging contractors is one way to achieve this. For those business that have IT projects that they need to deliver upon, but don’t necessarily have the in-house skills and resources to do so, hiring can seem an expensive exercise, particularly if those skills are only required for an interim period or a one-off project; this is where using a contractor can prove extremely beneficial.

There is even more of a pressing need around some of the hot technology/niche technology areas and more so now as not only enterprises, but technology providers start to move their solutions to the cloud. As you can imagine, the growth in cloud is predicted to skyrocket!

If you wind the clock back to a decade ago the entire market capitalisation of the public cloud industry totaled just under $40 billion. Fast forward to 2020 and it is now worth more than $1 trillion, with estimates for 2021 predicting this will grow to $2 trillion. Likewise, we have seen organisations like our partner Atlassian, for example, planning to stop selling new server licenses in 2021 because it believes that cloud will be the primary destination for the majority of its customers. Therefore, we anticipate a big shift to cloud with our customers, necessitating an increased number of contractors.

This year many cloud service providers (CSPs) witnessed a spike in demand as organisations migrated to the cloud quickly and at a large scale, to ensure business continuity amid the pandemic. But today, as cloud infrastructures proliferate and as organisations continue their cloud transformation journeys, they should question if they have the right tech talent in the business to complete such programmes of work and if this is an opportunity to engage with an IT contractor to help fill that skills gap?

Are contractors your cloud migration solution?

So, can contractors help organisations solve their cloud migration headache? As I mentioned earlier contractors give organisations the capacity to react and build on ideas and innovate. They provide firms with flexibility and agility in resources, so while an organisation might not feel confident to commit to hiring full-time employees, they can still move ahead with projects and have the flexibility to scale up or down as they see fit.

But IT is a vast area with many niches; not all IT contractors will be equipped with the right skills. It is hard, particularly for HR teams, to know the difference between the skills required. Therefore, it is so important to go to a specialist resourcing provider, especially if you are dealing with specialist tools. In my experience, niche roles require specialist skills which can only be obtained through many years of training and experience. Here at ClearHub, we specialise in providing cloud and Atlassian contractors. Therefore, when it comes to finding the right person equipped with the skills the team needs to help finish a project or provide specialist cloud support, going to a generalist recruitment agency for those skills might not be the best option. This is because they are too broad in terms of the types of professionals they deal with.

What to look for in your cloud migration contractor

To help, I’ve listed below some red flags that HR teams should watch out for when they are looking to hire an IT contractor, especially one with specialist skills:

  • Does the recruitment firm know their docker from their DevOps? After all, why work with someone that isn’t an expert in the tools that you use?
  • Are they really listening to your needs or are you receiving resumes that simply do not match the brief?
  • Do they have the means to technically test the contractor to ensure they have the specialist skills you require?
  • Do they offer support of any kind to the contractor? In my experience very few recruiters do, which is why we pride ourselves on providing that support – it’s a real USP for us.
  •  Do they provide any guarantees if the contractor does not work out?
  • Do they take into consideration company culture and whether the contractor is the right fit for your business?

While recruitment agencies are there to help find people jobs, they aren’t experts in the profession they are placing candidates in. This is why it is so important to seek out a specialist provider. For example, the use of collaborative software created by the likes of Atlassian requires training to achieve maximum value. Teams that are just starting out, or who have been using Atlassian software for some time and require a tidy up, often seek long-term assistance in the form of a contractor. Here at ClearHub, we provide this along with technical skills tests and tool vetting that measures the knowledge of the contractors against the requirements. ClearHub is also supported by our parent company, Clearvision, an Atlassian Platinum Solution Partner, which means that our contractors get the support they need as well as a host of other benefits.

So my advice is really check out the recruitment provider or resourcing specialist that you are thinking about placing your recruitment briefs with, after all why waste all that time, effort and money engaging a contractor that you subsequently find doesn’t have the skills for the job?

Cybersecurity, News, Tech Thought Leadership

Samantha Mayowa: Cybersecurity Awareness Month: 2020 in Retrospect

Written by Samantha Mayowa, Head of Global Communications at VMware Carbon Black  

For cyber defenders worldwide, 2020 has been an unprecedented year. CISOs (Chief Information Security Officer) and their security teams have battled increased attack volumes and data breaches as malicious actors seized the opportunity to exploit the disruption caused by the global pandemic. Cybercriminals are now deploying a wide range of attacks to extort, disrupt and infiltrate organisations.

October is Cybersecurity Awareness Month (CAM), a cause we are proud to champion. CAM is an opportunity for the industry to come together and reflect on the state of cybersecurity — from the top threats to the business challenges, and most importantly, what this means for the securing organisations in 2020 and beyond as attacks evolve and become increasingly complex.

Here is a look at the 2020 cybersecurity landscape and some of the biggest pandemic-fuelled trends and threats identified by VMware Carbon Black experts this year. Click here to view and download the full version of this infographic:

Download and share this infographic with your team members, partners, and customers. While October is the month that’s dedicated to raising awareness, cybersecurity should be a year-round concern for all members of an organisation.

 

 

 

News, Return to Work, Tech Thought Leadership

Mike Osborne: How to scale up your IT solutions to allow you to work from anywhere as effectively as possible

After briefly being encouraged to return to the office, workers across the country are following the Government’s advices and settling into a second wave of working from home. Mike Osborne, Managing Director of Managed Services at communications and technology company, Intercity Technology, reflects on the learnings from lockdown and provides five practical tips for businesses looking to ensure employees work productively and effectively. 

At the start of the pandemic, many companies had to adapt quickly and were forced to implement short-term continuity plans and processes to ensure a continuation of services to customers. Not knowing what we know now, these plans were often rushed with little consideration for the long term.

According to the British Council for Offices (BCO), Covid-19 is set to permanently change our working patterns. A recent survey from the BCO suggests almost two thirds of the UK workforce plan to divide the working week between their homes and company offices, once the Covid-19 crisis is over, as they see remote working as a long-term solution.

These societal changes will force companies to review their current IT set-up to ensure it can meet this hybrid ‘work from anywhere’ model. New tools will need to be adopted and existing policies and security measures must be enhanced and managed effectively. To help future proof your business, here are five practical tips from Intercity Technology to allow your employees to work productively and effectively from anywhere.

 

1. Ensure you have adequate VPN and bandwidth capacity

Effective and secure remote working involves employees connecting to corporate content and applications via a virtual private network, or VPN, which is designed to protect against the security risks of working via a residential broadband link. However, the increase in the number of employees working from home has put a strain on bandwidth capacity, VPN hardware and licenses, which has significantly impacted the ability for teams to work securely. As a result, some organisations have opted for a simpler option which is to use a third-party data centre to work around the issues, enabling their employees to connect to business-critical applications and services remotely and securely through the cloud.

 

2. Decide whether your business requires managed services

Even before Covid-19, demands on the IT infrastructure for SMEs had been growing for many years. Working from home has added to the workload for internal IT teams with large amounts of devices, users and applications needing to be managed 24/7.

Moving to a managed services provision, where a specialist oversees the maintenance, monitoring and network management of your IT systems, can provide invaluable support and help free up your IT team to focus more of their attention on more valuable business development projects.

 

3. Perform a cloud audit of your current infrastructure

Alongside assessing your physical capabilities, you should consider carrying out a cloud audit to determine whether your business is in a good position to start transitioning over to the cloud. An audit would also identify the necessary services available in the cloud based on your organisation’s specific needs, such as Infrastructure as a Service (IaaS), Backup and Disaster Recovery, and Software as a Service (SaaS). An audit is an important step for businesses transitioning to the cloud as well as those already using cloud-based services. Ultimately, it ensures you have the correct tools in place to enable teams to work productively and effectively from anywhere.

 

4. Remain secure

Cyber-attacks have become more prevalent during the pandemic as employees left the security bubble of their office environments to work from home. For millions of remote workers to receive the same level of IT security found in an office environment whilst working remotely, software security on user devices must evolve. A cloud IT platform is a good solution which offers multi-layered protection to help minimise the impact that a security breach or attack can have on its IT infrastructure.

Furthermore, to close the security and control gaps in remote working set-ups, businesses should consider:

  • Using a VPN to provide employees protection and to encrypt the data from an organisation’s network to its remote users
  • Adding a multi-factor authentication (MFA) to company systems for additional security, such as one-time passwords or security questions
  • Training employees on best practices and educating them about the dangers
  • Ensuring organisations meet compliance and data privacy requirements

 

5. Ensure you have the essential remote working tools

Communication and connectivity should be a top priority for any team of remote workers. Software tools like video conferencing, instant messaging and cloud phones empower your team to work productively, making collaboration regardless of location.

While Microsoft Teams and Zoom have become ubiquitous, here are some other essential tools you need to continue communicating with your workforce from anywhere in the long-term:

  • VoIP phone systems give you access to your phone system from anywhere with a consistent internet connection
  • Virtual desktops give you access to work computers’ data
  • Management portals allow managers to keep track of employee communications including inbound and outbound calls

After rushing to implement processes and fulfil the demands of remote working at the start of the pandemic, many businesses were forced into short-term solutions where the security of their IT systems could be compromised. Companies now need to think more carefully and plan for a long-term future which involves people working from home as well as the office while staying productive, connected and secure.

Cybersecurity, News, Tech Thought Leadership

Rick McElroy: Infosec Teams Must Act and Think Differently to Combat Adversaries

Written by Rick McElroy, Cyber Security Strategist, VMware Carbon Black 

The growth in widespread, sophisticated attacks

I have been following, with interest, the attacks on the Australian Government which have led to quite a bit of publicity and debate around who the culprits are behind the cyberattacks. Australian Prime Minister, Scott Morrison, confirmed the attacks were widespread across “all levels of government” including in essential services and businesses. In July, he announced that $1.35 billion in existing defence funding would be spent over the next decade to boost the cybersecurity capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Additionally, the Federal Government wants to create more than 500 new jobs in its highly secretive cyber intelligence agency as part of what its calling Australia’s largest-ever investment in cybersecurity. Organisations and governments are under incredible pressure during the outbreak of COVID-19, and many nation-state actors have seen this as a perfect crisis to exploit.

 

Why Intrinsic Security is so important

But even before COVID-19 hit us, there was no doubt that attacks are becoming increasingly sophisticated. Our own research, through our Global Threat Report series, informed us that the number of cyberattacks, breaches and the sophistication of attacks are higher than ever. Today, increasingly elegant attack platforms and techniques are being shared amongst the criminal community and the infosec industry is not responding fast enough. Part of the problem is that too many products and agents deployed across an organisation make security management complex. Security does not need another new product, it needs an innovative approach, one that combines visibility into apps, networks, users and devices with advanced threat detection and response to deliver a unique intrinsic security approach.

What we are also seeing as a result of COVID-19, is that users are having to defend themselves at home and actions taken to ensure business continuity and resiliency only increase the attack surface. So how do we retrofit security onto that? The simple answer is that we cannot – it needs to be built-in… and back to my earlier point – it needs to be intrinsic.

Earlier in the year we attended the RSA Conference and unveiled our vision for intrinsic security, a safer, more effective security built into the fabric of the various infrastructure control points that are vulnerable to attack (endpoint, identity, network, cloud, workload and so on.)  Here at VMware Carbon Black, we believe that by building security intrinsically into the fabric of the enterprise – across applications, clouds, and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.

But in parallel to this, security teams must also work in tandem with the business to shift the balance of power from attackers to defenders. They must collaborate with IT teams and work to remove the complexity that is weighing down the current model and way that they do things.

 

The importance of testing 

So why has the industry not addressed this problem until now?

Again, we can make further parallels with COVID-19. We did not know how big the problem was because we were not testing enough, but now we can see all the breaches in our systems that already exist. We did not have the right data to measure, meaning much was being missed. We had some anecdotal evidence but with better visibility, better testing, and an intrinsic approach this has revealed that our historic take on infosec was incorrect. And this lack of data has also given us a false sense of security. As an industry we rush to build technology platforms, and then we rush to launch them, and we do not rigorously test them, only to find these technologies are fundamentally insecure and flawed and this needs to change.

Likewise, in tandem to this change in approach to how we build technology, infosec teams need to think and act differently. They need to be more proactively hunting down threats, pre-empting the adversary’s next move. For example, let us look at what we can learn from how a Secret Service agent investigates financial crime and/or protects dignitaries and how we can apply this to cyber. As I mentioned, infosec teams must anticipate threats and they must follow the data, just like they follow the individual. Secret Service agents are trained to think differently and to think like the enemy. They must at once react to a threat because they assume there is more to a threat than that one individual.

So how do we apply that theory to incident response and infosec teams and the modernisation of incident response? Over the last few years, it has become clear that our enemies are emboldened and becoming more aggressive. We must shift thinking and tactics to begin to turn the tide. And I believe it is fundamental that cybersecurity professionals take a page from the annals of a secret service or military agent to better understand how to combat threats. Defenders need to modernise their cybersecurity strategies and their approach to security technology to stay one step ahead of adversaries.

Digital Transformation, FInance, Fintech, News, Tech Thought Leadership

Dassana Wijesekera: A Future for Financial Services – The Banking Experience Canvas

By Dassana Wijesekera, Head of Solution Architecture – Open Banking and Financial Services, WSO2

What might the future of banking look like? The consensus today is that this question must be answered starting with a laser focus on the consumer’s need, and rightly so. There is no doubt that today’s consumers are increasingly digital, making use of products and services on multiple channels and devices, sourcing instant, personal and seamless ways to meet their needs. Those less keen have now been pushed over the digital edge by COVID-19 and have most likely bought into these experiences for the long term. However, this places more pressure on traditional businesses to respond with matching experiences or risk becoming irrelevant.

In order to provide a tangible example of what is already possible with existing technology and based on my experience in working with banks to enable their journeys in the API economy, I have devised the “Banking Experience Canvas” —a product concept that illustrates what banking experiences could look like.

 

From branch to mobile to platform

As with any industry, financial services has (albeit slowly) responded to the digital revolution. First, we saw existing products and services being made available on digital channels. Now, banks have bought into “doing digital” more completely, seeing the benefits of collaboration with service providers from both the financial services domain itself and from related verticals, to help deliver more relevant consumer experiences.

We can already see this playing out at scale, as a result of increased regulation and market-driven forces such as open banking, with banks collaborating proactively with fintechs to respond more quickly and effectively to changing consumer behaviours. Consumers, both individual and corporate, are already deriving value. For example, “time to cash” on loan applications have been slashed from months to minutes, millions more have been able to prove creditworthiness based on utility and rent payments, and providers are actively exploring ways to deliver effective personal finance management services designed to give us new actionable insight  into our spending and investment patterns.

 

Where are banks falling short?

Even with progress, financial services experiences are still disjointed and in the main driven by the provider, rather than the consumer. The financial steps towards fulfilling personal needs—buying a house or saving for that dream summer vacation—are designed not by the individual, but the service provider.

Take, for example, the process of buying a house. The journey involves several unique steps including figuring out how much we can afford, putting the funding together, analysing properties, negotiating on price, contracting and committing funds.  As individuals we will naturally order these steps based on our own unique requirements. While some of us might first identify our dream house and work their way back to what they can afford, others will first figure out their funding plan. This journey is not necessarily linear, and generally involves a fair amount of back and forth between steps, reevaluating decisions made previously based on new information and unresolved concerns. However, the process we must follow is often driven by different service providers addressing different steps in the process from finance, to real estate to legal, and the disjointed independent processes of these different providers. Collaboration is attempted, for example, with redirects to banks on online property portals. But these attempts are still clunky, prescriptive, and ultimately a digital rehash of analog processes. In today’s world, especially where “digital natives” are concerned, this is not a natural or comfortable journey for most.

Can banks do more? Of course. Both to create a better and more authentic experience for the consumer, but also, importantly as a business, to derive the most value possible for the bank from the position of trust held by the bank, and the value and capabilities offered by the bank to partners and end-consumers.

 

Introducing the Banking Experience Canvas

The Banking Experience Canvas, or the Canvas as I will refer to it from here on, is a new digital model built on three principles. In order to provide a fulfilling and natural experience to consumers, in a way that brings in the most value and return for banks, banking services must be:

  • Personal
  • Complete, and
  • Omni-channel

The Canvas is designed to provide a personal and complete experience to fulfill the need of the banking customer. It also looks at bringing in value-added services outside of the traditional banking domain. This enables banks to improve brand loyalty and customer retention, delivering on the promise of platform banking for banks, partners and consumers. It may also be consumed on the bank’s own channels across mobile, web and kiosk, or on channels operated by partners, picking up from the point of the buyer journey that is the next logical step for each individual consumer.

In its essence, the Canvas is designed as a digital canvas where customers will build a workflow arranging multiple individual functions provided by the bank or sourced from partners. These functions range from standard banking functions to value-added services outside of banking. Each banking function can be customised based on individual needs.

 

Building the Canvas

So how do we make this happen? APIs, microservices, eventing architectures and open banking initiatives across the world provide the necessary technical foundation for this new interaction model.

An architectural overview of the Canvas 

An important step in the process is to secure access to a strong and complementary set of partners. The bank could look to build a partner ecosystem by providing a collaboration space in the form of an API Marketplace. An effective marketplace setup organises APIs into groups based on their attributes with categories, labels and tags and provides intuitive and self-care workflows to enable fast onboarding. A feature-rich monetisation capability will allow APIs to be monetised in multiple models and is available on any strong API Management platform.

These APIs may be used to build API products which could be added as services on the service palette of the Canvas. The Canvas is presented as an intuitive single-paged application which is paired with an eventing architecture. Each individual banking experience is built as a workflow. Support for eventing architecture, full support for different EI patterns and agility in building these integrations provide the ability for experiences to be built quickly.

The bank also needs to have a strong identity framework that will support many types of identity protocols and identity federation mechanisms. Additionally, to deliver an intuitive and helpful user experience the bank needs to augment real time-analytics capabilities. Providing these integrations, API management, identity and analytics capabilities in a cloud native manner on a single platform makes it easier to build the Canvas.

The conditions for broad collaborative products like the Canvas are now very much in place with concepts like open banking taking hold globally. It’s time for banks to grab the opportunity with the right technology and mindset.

If you would be interested to find out more about WSO2 or your organisation is considering integrating WSO2’s services into your business practices, please visit:

www.WSO2.com/?utm_source=external&utm_medium=media&utm_campaign=wso2ishealthcare_jul20

News, Tech, Tech Thought Leadership

Gerry Tombs: How low-code is powering digital transformation – enabling organisations to ‘build more with less’

Written by Gerry Tombs, CEO, Clearvision

If anyone has ever doubted the power of technology, the recent pandemic has shone a spotlight on just how reliant we are on IT. Within days, many organisations mobilised and moved their entire workforce to remote working and most concluded that this was practically seamless. As a result, IT has moved from being of operational to strategic importance – especially as COVID-19 forced many firms to rapidly digitise all aspects of their business.

The critical question is: will we go back to how it was before the government’s stay at home orders? Or will this mean a new way of working for all? Certainly, firms have seen many benefits and will be looking closely at how they continue their digital transformation journey in the months that lie ahead.

But this does raise the question of why it took a huge crisis to push some organisations down the digitisation route? What was holding them back and how will they overcome those barriers now that there is no option but to continue that journey.

Legacy systems hinder digitisation

Most organisations are still addressing a backlog of application solutions and technical debt that need to be built and maintained because of proprietary legacy systems. This is exaggerated by a lack of developers, while many applications need to be suitable for multiple form factors (such as desktop, tablet, and smartphone). Furthermore, to meet the ever-changing needs of the business, maintaining, updating, and changing these apps is a big task.

When it comes to rewriting these legacy systems, what organisations need is a more agile approach. They not only need to deliver applications quickly, but as we all know there are multiple issues to consider when delivering enterprise software that is fit for purpose.

First, the development of applications in-house is testing IT teams to destruction. Many organisations lack agile development skills and, as the world digitises, so the demand for enterprise apps will outstrip the number of developers in the enterprise. It is also hard to find the right developers with the skills needed to make these complex applications. These developers are in high demand and can often move companies but leave behind apps that still need maintaining and changing.

Second, businesses are demanding their applications are delivered quicker than ever before as competition gets more aggressive and time-to-market diminishes.

Third, the conventional development methodologies and tools used by enterprises are not cutting it in terms of productivity gains. In the digitisation era, the ability to change is vital; more important still is the ability to make continual change. Enterprises can no longer make big changes once every two years – they need to make smaller changes on a much more regular basis, sometimes fortnightly.

Enabling organisations to do more with less

Digitisation is about evolving software to meet business goals. It is also about taking a more agile approach to development. Therefore, what can enterprises do to build applications quickly that allow continuous change, integrate with their environment and other software, and are not a burden on their resources?

This is where low-code can really help.

Using a low-code environment allows organisations to reduce the time it takes to develop applications, in some cases by a factor of ten. Such a platform allows developers to streamline work processes ensuring that many repetitive manual tasks are automated, allowing IT teams to do more with less and be more productive.
Low-code also increases the size of the pool of people who can ‘code’ and build applications. It enables IT-literate people with tooling to generate code based on visual/graphical building blocks. Such developers are known as ‘Citizen Developers’.

Likewise, it enables skilled developers to operate within a low-code framework. Why is this important? Because in any role, there are aspects of a job which are monotonous and repetitive, but they just need to be done. This is true for software development. These monotonous tasks could equate to 70% of a developer’s daily tasks, so if these tasks can be completed in 10% of the time it would leave developers more time to use their creative skills in the more challenging aspects of software development. This encourages greater productivity with the existing team size or achieves the same productivity with a smaller team. It means that organisations retain their developers as well. In effect it increases the size of the team, meaning they can take on more software development.

This is important because starting any new software project requires a huge amount of groundwork before you see anything valuable. With low-code this time and energy is cut back to a fraction of what it was, which rapidly improves time to market. And because everything is much faster to produce, software engineers developing a prototype can build and validate many more variants, in the same time it would have taken to build a single prototype. Each time they build a prototype, the experimental process improves, the knowledge increases resulting in a more mature product which is more suitable to the market and prospective clients, and likewise feedback can be implemented at a faster pace.

Low-code is powering innovation

The pressure on the IT organisation, as business continues to grow and digitise more of its systems, is not only intense but also highly disruptive. Low-code platforms are fast becoming the way forward for organisations looking to meet the challenge of digitisation and overcome the barriers that have been holding them back up to now. No wonder demand for low-code is booming and industry analysts are predicting such rapid growth in this market. In fact, according to Gartner, “By 2024, low-code application development will be responsible for more than 65% of application development activity”, a far cry from the niche industry it was perceived as just a few years ago.

Finally, one amazing outcome from the pandemic is how creative and responsive many companies have become. Whether that be the local restaurant switching from tables, chairs and waiters into an online zoom cookery class or a sign manufacturer switching to making protective screens, the one thing they all have in common is ‘Get to market quickly’. Now imagine you want to take your traditional high street shop online with an app. Not only would technical aspects appear daunting but the time-critical aspect of building, testing, deploying to market, all before the business dies, would put most off. Whilst I am not trying to paint low-code as the silver bullet for software development, in the right hands such time-critical products become a very realistic ‘get to market’ solutions.

Cybersecurity, Tech Thought Leadership

UK Cybercrime on the rise amid global disruption

By Rick McElroy, Cybersecurity Strategist, VMware Carbon Black

The global health crisis has accelerated the digital transformation initiatives of many organisations. Unfortunately, the urgency associated with rolling out these plans has meant an increase in the risk of cyberattacks. With a mass shift to establish remote workforces, organisations have inadvertently relaxed security or misconfigured devices. The distributed workforce has introduced changes for security professionals as well, who are now on the frontlines of enabling and securing newly distributed workforces.

These gaps in traditional cyber defences, combined with changing working patterns and employee behaviour, have created a larger surface area for cyberattacks which make it more difficult to spot such attacks.  And amid the disruption, COVID-19 has exposed the UK to an unprecedented level of cyberattacks.

As part of the VMware Carbon Black Global Threat Report Series, we discovered that COVID-19 has opened the door for a surge in cyber incidents. Almost every UK business (99 percent) surveyed suffered at least one security breach in the last 12 months. Ninety-eight percent of the CIOs, CTOs and CISOs also confirmed that attack volumes increased in the last 12 months. More than nine out of 10 noted the increase in attacks were related to employees working from home during COVID-19 stay at home orders.

 

Fending sophisticated cyberattacks

It’s not just the frequency of attacks that is concerning – it’s the growing sophistication of attacks. For example, cybercriminals are exploiting the crisis to launch a wave of ‘fearware’ attacks. These often take the form of phishing attacks or email fraud that seek to exploit users’ concerns surrounding COVID-19. In fact, 93 percent of UK respondents reported being targeted by COVID-19-related malware.

It is also worth pointing out other major threats: For example, OS vulnerabilities are the leading cause of breaches in 2020 our research found. However, it also highlighted that island-hopping and third-party application attacks still cause a disproportionate percentage of breaches.

As both a cause and a consequence, the dark web is thriving during COVID-19, with the commoditisation of malware making more sophisticated attack techniques available to a growing number of cybercriminals. Common commodity malware like ransomware is starting to exhibit sophisticated behaviours, executing more destructive attacks, performing credential harvesting and making lateral movements once it breaches a system.

We are also seeing more secondary extortion plots, with attackers causing more damage once they gain access to an organisation or individual’s data. As seen with the increase in island-hopping and third-party application attacks, adversaries have moved from burglary, to home invasion, to digital squatting.

 

Greater collaboration

So, what can organisations do to protect their infrastructure, data and employees in this heightened threat landscape? Most are responding by directing their budgets towards security solutions with more than 99 percent of respondents planning to increase cyber defence spending in the coming year. The good news is that organisations are now starting to recognise the value of threat hunting to help identify malicious actors.

As organisations increase spending, they must also consider their security strategies. Today, many UK organisations are using a variety of different security technologies resulting in siloed, hard-to-manage environments that play into attackers’ hands.  Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking, and clarity over security deployment.

The report also found that an inability to institute multifactor authentication is one of the biggest threats that businesses face with security right now. Multifactor authentication is an integral part of a security posture to stop traditional credential harvesting methods and should be extended as far as possible.

The unexpected disruption of COVID-19 has seen the rise of global threats. In unprecedented times, organisations must focus on proactive threat hunting to detect attacks before they have a chance to cause catastrophic damage, not just here in the UK but on a global scale.