Category Archives: Technology

Technology

Zoho expands applications suite, Zoho One, to improve value for Business Clients

Business platform Zoho has announced it is expanding it’s all-in-one suite of applications, Zoho One, to offer more value to customers with new process automation, telephony, single sign-on and blockchain capabilities.

Zoho now introduces the next generation of Zoho One, the operating system for businesses that is designed to run an entire organization—from sales and marketing, finance and HR, operations and business intelligence, and more—all on a unified technology platform.

Zoho One now boasts a new business workflow management application, Orchestly, that lets customers effortlessly create, manage, and optimize their business processes through an intuitive drag-and-drop interface. In the two years since its launch, Zoho One has seen considerable growth and now serves more than 20,000 customers who make Zoho One the operating system for their business.

Around a quarter of Zoho One customers use more than 25 applications on the platform and more than 50 percent utilize beyond 16 applications showing that businesses are embracing an easy-to-use, all-in-one solution to run their businesses.

In the past two years since launch, Zoho One has evolved into a powerful operating system for businesses with over 45 applications, along with several built-in services including AI, Business Intelligence, Messaging, Search, and more. Zoho One is today a customizable, extendable, and integratable platform all at the same cost to customers.

“Technology is supposed to help businesses. Instead, it has evolved into a complex beast customers have to tame—from juggling apps from multiple vendors to trying to solve the multi-app integration puzzle to dealing with vendors forcing customers into expensive, lengthy contracts. The technology industry has gone too far down this path and this has to change,” said Raju Vegesna, Zoho’s Chief Evangelist. “With Zoho One, we want to change all of that. It’s a technology platform to run your entire business with a vendor that is easy to do business with and you can trust. With Zoho One, you are not just licensing technology. You are licensing peace of mind.”

Zoho is introducing bold new operating-system services:

Communications:

– PhoneBridge, Zoho’s telephony platform, which integrates over 50 telephony vendors on one side and several Zoho applications on the other side, is now available within Zoho One. PhoneBridge integration enables telephony in Zoho apps like CRM and Recruit. It allows customers to make calls from Zoho apps, and provides contextual information on incoming calls. Enabling PhoneBridge will give users context for all incoming calls from Zoho CRM, Zoho Recruit, Zoho Mail, and 20+ other apps.

– Single Sign-on: This allows customers to integrate any third-party applications onto their Zoho account and currently supports around 50 third-party applications. Single Sign-On works with third-party systems like active directory, which makes it scalable for mid-to-large sized businesses.

– Zoho One admins can now enforce YubiKey authentication as an added factor for increased security, on top of existing multi-factor authentications already supported.

App Management and Provisioning:

– Zoho One currently enables provisioning for all 45+ Zoho apps. This is now being extended to custom apps created through Zoho Creator as well as external apps available through Zoho Marketplace. Zoho, third-party, custom, and SSO apps can be provisioned either individually to users or as groups conditionally provisioned with custom criteria. Zoho One’s new Admin Panel with dashboards and reports allows admins to monitor user activity and app usage, enabling them to find and manage underutilized resources. Admins also get extensive reports on user management, sign-in activity, app usage, and account security.

Business Workflow Management:

– Orchestly has a drag-and-drop interface to enable managers with no coding skills to define processes with little effort. Managers and administrators can automate and run their regular workflows, including cross-departmental workflows such as purchase approvals, content publishing, asset management, and onboarding. In the case of onboarding a new employee, the recruitment, interview, offer submission, and onboarding is handled across the recruiting department, HR department, legal department, and whatever team the applicant is joining. Because so many departments and applications are involved in this process, Orchestly is able to cut across these various teams and applications to create comprehensive workflows and automate complex processes.

Products and Services Innovations:

– The enhanced Zoho Sign now provides an additional level of verification for customers by adopting blockchain-based timestamping through Ethereum, the globally accepted, open-source platform.

All Levels of Support:

– Zoho One offers free Concierge service, where potential customers can consult with the Zoho team to better understand how Zoho One can help their business.
– Zoho is introducing Jumpstart for Zoho One, helping customers through their initial implementation. All Zoho One customers are provided support, out-of-the-box, but now enterprise customers can request premium support.

Pricing for Zoho One, including all the new enhancements is £30 per employee or £70 per user.

In a world where vendors are frittering away customer budgets, every new feature, service, and product mentioned here is included in Zoho One for free.

Industry News, Technology

Identifying the risks amidst the new EU copyright directive

David Ingham, Digital Partner – Media & Entertainment, Cognizant, discusses how the new EU copyright directive could pose problems for online business

Change is afoot across the internet’s copyright landscape. The European Parliament recently passed the controversial Articles 15 and 17 (previously articles 11 and 13), as part of the wider Directive on Copyright, raising concerns across content platforms and tech giants. The directive strives to ensure that the established requirements of universal copyright laws equally apply to the frequently unregulated internet. Whilst these changes now have two years to take effect in EU member states; here we will look at the impact of the most contentious articles in the directive.

What is Article 17?

Article 17 will leave online platforms open to sanctions if they fail to prevent upload to their sites that breach copyright laws. Previously, if a copyright owner found unapproved content online, the platform had to take it down with no damage liability. Article 17 means that they are now liable.

The introduction of this directive initially raised concerns that the internet’s beloved memes were at risk – with a question mark over whether these content types should be preserved as parodies, or whether they would fall victim to the new regulations. Recently, the European Parliament announced that GIFs and memes could continue to be distributed across online platforms; however, there are on-going concerns that these new laws could quash the internet’s free-flow of information not to mention potential issues around freedom of speech and expression. If copyright owners (a.k.a. creators) want their content to be shared and monetised on online media platforms, they will have to make sure that the copyright information is well known and easy to verify by mainstream platforms.

How does Article 15 differ?

Article 15 has the potential to change the entire news landscape. Previously article 11, and often referred to as the ‘link tax’, it will require news aggregators such as Google, or platforms like LinkedIn or Facebook, to pay publishers a fee for distributing news links. Such change prompts the concern that fewer articles would be distributed on these platforms and again, that the free flow of information shared across the internet will be harmed as a result.

For news organisations, the danger is that they would not be able to use these well-known aggregators for distribution, meaning they would need to rely exclusively on their apps and websites, as well as SEO, for ensuring that their content is discovered.

But are content platforms and companies born out of the internet age equipped to adapt to these changes? For many, the answer is surely no. There is no way that manual, human review processes can handle the copious amount of scrutiny required; automated filters will become a necessity for media platforms to identify copyrighted material and avoid infractions. Moreover, some platforms may be forced to alter their approach to uploading content entirely, perhaps replacing the current practice of real-time uploads with delayed processing for verification.

The evolving nature of ‘adapt or die’

Over the next two years, organisations must determine and implement their strategy to address these changes. While many may feel that this is plenty of time to plan their approach, it will come around sooner than you think. The firms impacted should start taking steps to make changes now, as inaction is not an option. However, very few understand all the implications in a way that allows them to assess risks and viable options, make decisions on next steps and then implement those changes.

These firms could, however, break their approach down into three key areas. The first is technology – what internal and client-facing platforms and products will be impacted by these changes? The second is operations – what impact will the new directive have on day-to-day business operations? And finally, legal – what is the potential liability/risk that will be introduced to the organisation once the directive comes into force?

What is clear is that the technology industry – whether household name giants or smaller players – will soon have to put adequate measures in place to adhere to the evolving copyright landscape.

Technology

NGDATA launches partner programme to bring data-driven insight to a range of new industries

NGDATA has this week announced a new partner programme, which now enables businesses across a range of industries to provide their customers with relevant real-time offers, through participating organisations.

NGDATA delivers transformational benefits to a range of global businesses. The new partnership programme will enable systems integrators and other channel partners to develop industry specific ‘out-of-the-box’ solutions on top of the company’s Intelligent Engagement Platform (IEP). This will empower NGDATA’s partnered domain experts to design vertical-specific use case packages, accelerating the time to market of businesses’ marketing campaigns. The first partners in the programme include business transformation company delaware and, brand relationship technology provider, Seaters.

“Across industries, we’ve identified that there is a common struggle to reach the same business goals: increase market share, increase wallet share and increase retention. Achieving these goals requires a deep understanding of the industry in order to develop ready-to-use solutions within our platform.” said Jens Ponnet, Global Head of Partnerships.

“With the release of the latest version – the 4.0, released in June – our partners can now build capabilities on the platform, tailored to any industry. Ultimately, through these pre-packaged use cases, businesses will benefit from more engaging interactions with their end users.”

NGDATA’s Intelligent Engagement Platform already transforms businesses’ understanding of their customers’ journeys, to improve servicing, reduce churn, strengthen relationships, and maximise customer lifetime value. One example is the Belgian bank Belfius, which uses NGDATA’s IEP to put customer analytics and AI in the hands of its marketers. Belfius achieved incredibly effective and hyper-personalised customer engagement in real-time which doubled pensions savings deposits during the campaign.

The new partner programme forms the foundation of NGDATA’s go-to-market strategy. It will feature three tiers, the highest of which is Lighthouse Partnership. Participants in this tier will play a leading role in building and marketing industry specific solutions for the next generation of customer insight and engagement tools. Premium partners, meanwhile, can customise NGDATA’s technology for specific industries, while Alliance partners will be able to resell NGDATA’s IEP and integrate the technology into applications such as chatbots and customer service tools. All partner tiers can take advantage of ongoing support and consultancy from NGDATA.

NGDATA has already secured participation from delaware and Seaters as the first Lighthouse partners, both of which have already begun building industry-specific solutions for the utilities and marcomms sector respectively.

“The collaboration between Seaters and NGDATA fuels our respective partners with data-rich insights to leverage customers’ personal interest and passion points,” said Patrick Mathot, CEO of Seaters. “Brands can now successfully onboard or retain customers by linking a brand or product experience to their passion, whether it be sports, music or other”.

Sven Arnaut, Solution Lead for Strategy & Accelerate at delaware said,

“More demanding customer expectations are impacting our clients’ strategy, processes and systems. This is why delaware is a proud Lighthouse Partner of NGDATA. With our industry-specific insight practices, we can support our clients in stepping up their game and really interacting with their customers on a behavioural level, with a more in-depth understanding of how to rapidly drive customer value successfully and continuously.”

For more information about NGDATA and to request admission to the new partnership programme, please visit ngdata.com/partners

Technology

Komprise Adds Virtual Data Lake Capability

Komprise has announced general availability of its 2.11 release which includes a new Deep Analytics feature that addresses the biggest concern with big data analytics – searching across multiple storage platforms to identify the right data sets to analyse. On average, 80% of the time IT teams spend on big data projects is related to identifying relevant data for analysis. The new functionality – Komprise Deep Analytics – uses Komprise’s powerful data search and indexing technology to automate the process of finding unstructured data that fits specific criteria across disparate storage platforms and then creates virtual data lakes for analytics projects.

“It’s like finding a needle in a haystack in minutes,” said David-Kenneth R. Turner, Manager, Information Technology of Northwestern University.

“Unstructured data is often made up of billions of files across millions of directories and finding the right data can be virtually impossible. With Komprise Deep Analytics, we can now find the data we need in minutes. For example, if we required all data created by ex-employees, or all files related to a specific project, we are able to operate on it as if it is a distinct entity, even if the data is residing in different storage solutions from multiple vendors and clouds.”

The core Komprise Intelligent Data Management software analyses data usage across storage and then automates the movement of data between platforms to put the right data in the right place at the right time. For example, Komprise enables organisations to transparently move cold or rarely used data to lower-cost storage, such as the cloud, without changing the experience of internal users. In this way customers are able to reduce storage and backup costs by up to 70% on implementation and then continue to optimise storage decisions for new data streams based on actual not perceived usage.

Komprise Deep Analytics works on top of this distributed index of files. With support for both standard and extended metadata or custom tags, customers can find data that fits criteria they set regardless of where the data actually lives, and export this virtual data lake to any analytics application or destination of their choice, such as Hadoop or Amazon Lambda. The resulting data set can be operated on as a discrete entity – all the permissions, access control, security and metadata is kept intact as this data lake moves.

“The launch of Komprise Deep Analytics extends our commitment to help customers to manage the exponential growth of data in a way that minimises costs and adds greatest value to the business,” comments Kumar Goswami, CEO at Komprise.

“Many of the end-users we talk to are experiencing an increase in requests from the business for historical data for analytics projects and becoming frustrated by the length of time it is taking to identify and extract the relevant data. In early customer trials, KompriseDeep Analytics is reducing the time to value for Big Data projects by 60%.”

Komprise Deep Analytics is an add-on component that can be deployed in the cloud or on-premises. The cloud version is a fully managed solution that can be turned on with the click of a button. Additionally, it can be scaled on-demand, with no additional infrastructure or management needed. The cloud functionality is available immediately, and the on-premises version will be available later this year.

Technology

RIP The Data Breach

Guest post by Mark McClain, CEO, SailPoint

No, the data breach isn’t actually dead. Yes, they’re still happening, they’re
still bad and they’re still a problem.
 But man, am I tired of hearing about it. Instead of all the doom and gloom, can we instead focus on the positive?

Here’s what I mean. Every organisation has the same problem: there’s someone somewhere that wants what they have. Whether it’s personal information, intellectual property, etc., if it has some sort of value, it’s probably already been or going to be under attack. So why are we all focusing only on what we can do to put barriers up and locks on our stuff?

The Problem with “Bandaging”

It’s easy to take a problem and “put a bandage on it.” We’ve all done it. Something arises that needs fixing, but you have to do it quickly and cheaply. Bandaging – AKA hiding what’s wrong and hoping it heals without further interference – can address enough of the problem to not take up immediate cycles. But more often than not, it either reappears eventually or manifests into something much more problematic.

The issue with bandages is that they don’t solve the underlying issues. Let’s say you have users with too much access to, say, Salesforce. The bandage would be to simply revoke excess access as it gets reported or found out. But think of all the risk your company now has – most without your knowledge. What if you never find that excess access and
it leaves an open door to your data for years on end? It’s pretty easy to imagine a situation where an important sales deal could fall through or important plans for the future fall into the wrong hands.

Instead of leaving the security of your company
to chance, look at solving the underlying problem. Make sets of access that correspond to someone’s role in the company. Then, as users move around and change roles, their permissions can be set
to change automatically based on their new responsibilities.

With this new, fancy automation:

• Your IT isn’t changing access on a manual basis,
• Your organisation saves time with your users 
being much more efficient, and
• You also combated the data breach threat by 
having better policies and correct access for everyone involved. 
Since you solved the problem by looking at the root of the issue instead of being focused only on outside influences, your entire organisation is much better off.

It’s Time for a Re-Focus

As a collective, let’s say enough with the doom and gloom. We know the data breach threat is out there. Something can – and often does – go wrong just in the normal course of doing business. Of course, organisations are working on reducing their risk to them as much as possible. But by being distracted by what’s wrong outside, companies are forgetting what could go right within.
 The empowered business is much more of a combatant against potential threats than a fearful one. Let’s put the data breach to rest as a driving force and instead focus on what we can control.

Industry News, Technology

Exabeam Expands International Availability of Cloud-based SIEM to Help Organisations Modernise Security Operations

Exabeam has announced the expanded availability of Exabeam SaaS Cloud, a hosted version of the market-leading Exabeam Security Management Platform (SMP) to help even more organisations modernise their security operations. Exabeam SaaS Cloud will now be available for in-region hosting in 15 additional locations in 13 countries, including Canada and others within Europe, Asia-Pacific and South America. This means its growing global customer base can take advantage of Exabeam SaaS Cloud while meeting compliance and policy requirements for in-region hosting.

SaaS Cloud helps identify anomalous behaviour in organisations’ cloud applications to stop adversaries in their tracks. As a hosted cloud offering, it provides the full functionality of the SMP, including a data lake, behavioural analytics, case management, security orchestration and incident response automation. This allows organisations to directly ingest data from dozens of popular cloud-based services, enabling faster deployment, while eliminating the challenges of on-premises SIEM installations—including cost and maintenance issues and the need to route cloud data to on-premises data centres.

Organisations with existing SIEM deployments on-premises or in the cloud can augment their current solutions with Exabeam Advanced Analytics and Exabeam Threat Hunter to transform their security operations through improved efficiency and enhanced detection capabilities.

By extending SaaS Cloud’s in-region hosting options, Exabeam is also empowering organisations to adhere to additional national data localisation and residency laws. For example, companies can more easily comply with Australia’s strict health record localisation laws and Canada’s provincial requirements for public service providers to store customer data locally.

Data in SaaS Cloud is protected using data encryption in transit and at rest, regular third-party penetration testing and SOC 2 Type II compliance, considered to be the security gold standard for SaaS companies handling sensitive customer data.

“SaaS solutions are increasingly becoming the deployment model of choice for organisations worldwide, and the response to Exabeam’s SaaS Cloud launch earlier in 2019 has been exceptional,” said Anu Yamunan, VP, Products, Exabeam.

“SaaS Cloud is ideal for organisations with a cloud-first approach, and we have expanded its availability in response to a huge demand from our international customers, which need access to in-region hosting to meet compliance and policy requirements.”

“In a modern interconnected world full of constantly evolving cyberthreats, running an on-premises SIEM is no longer just ‘old school’; for many companies, especially smaller ones without fully staffed security teams, it can be positively dangerous. Shifting security operations to a SaaS-based SIEM solution not only instantly relieves you from the daily operational burden but can significantly increase the scope and amount of analysed security artifacts, run event correlation at the cloud scale and ultimately give your analysts more time and context for making the right decision every time,” added Alexei Balaganski, lead analyst, KuppingerCole.

The international expansion of Exabeam SaaS Cloud builds on the company’s rapidly accelerating cloud strategy, including the recent launch of Exabeam SaaS Cloud Essential, which gives small and medium enterprises access to enterprise-grade SIEM tools and a wealth of Smarter SIEMTM capabilities. It also follows the company’s recent acquisition of SkyFormation, a leading Israel-based cloud application security business and the first company to collect cloud logs from more than 30 cloud services into any SIEM tool.

In addition to the U.S., Exabeam SaaS Cloud is now hosted locally in Canada, Europe (Belgium, Finland, Germany, Netherlands, Switzerland, United Kingdom), Asia-Pacific (Australia, Hong Kong, India, Japan, Singapore) and South America (Brazil).

Industry News, Technology

SailPoint Names Matt Mills as Chief Revenue Officer

SailPoint Technologies Holdings, Inc., the leader in enterprise identity governance, today announced the appointment of Matt Mills to Chief Revenue Officer (CRO). In this role, Matt will lead SailPoint’s global sales organisation, driving the company’s overall go-to-market strategy and execution.

“Matt joins SailPoint at a pivotal time for us as a company as we embark on our next level of growth. His extensive expertise in leading a sales team built for growth and scale, coupled with a strong background in selling complex enterprise and SaaS software solutions makes him an excellent addition to the executive leadership team,” said Mark McClain, CEO and Co-founder, SailPoint. “We are very pleased to have someone of his calibre on our leadership team and look forward to his contributions to our business.”

Matt brings over 30 years of experience to his role as SailPoint’s Chief Revenue Officer. Matt spent over 20 years at Oracle as Senior Vice President North America Sales where he oversaw over 8,000 employees and was responsible for $4.5B in annual revenues. He also sat on the company’s executive committee where he played an instrumental role in its strategic go-to-market shift to the cloud. More recently, Matt was the CEO of MapR Technologies until 2018 and is currently a board advisor and member to early-stage SaaS companies.

“As enterprises continue their move to the cloud, understanding ‘who has access to what’ rises to the top of executive concerns. SailPoint, as the leader in identity governance, has become a critical partner to mid- and large enterprises by helping them answer that question, effectively securing the digital identities of their users across their hybrid infrastructure,” said Matt. “I look forward to working with the leadership team to help make SailPoint the go-to cybersecurity and identity governance partner for organisations of all sizes around the world.”

Technology

EMEA identified as global hotspot for brute force access attacks

EMEA is a global hotspot for brute force access attacks, according to research from F5 Labs.

The analysis forms part of the Application Protection Report 2019, which explores the fact that most applications are attacked at the access tier, circumventing legitimate processes of authentication and authorisation. Brute force attacks are typically defined as either ten or more successive failed attempts to log in in less than a minute, or 100 or more failed attempts in a 24-hour period.

EMEA hit hardest

In 2018, the F5 Security Incident Response Team (SIRT) reported that brute force attacks against F5 customers1 constituted 18% of all attacks and 19% of addressed incidents.

Of all SIRT-logged attacks taking place in EMEA last year, 43,5% were brute force. Canada was a close second (41,7% of recorded attacks), followed by the USA (33,3%) and APAC (9,5%). The public services sector was most affected, with 50% of all incidents taking the form of brute force attacks, followed by financial services (47,8%) and the healthcare industry (41,7%). Education (27,3%) and service providers (25%) were also in the firing line.

“Depending on how robust your monitoring capabilities are, brute force attacks can appear innocuous, like a legitimate login with correct username and password,” said Ray Pompon, Principal Threat Research Evangelist, F5 Networks. “Attacks of this nature can be hard to spot because, as far as the system is concerned, the attacker appears to be the rightful user.”

Any application that requires authentication is a potential venue for a brute force attack, but F5 Labs mostly recorded attacks focusing on:

  • HTTP form-based authentication brute force (29% of logged attacks globally). Attacks against web authentication forms in the browser. Most of the traditional logins on the web take this form.
  • Outlook web access (17,5%), Office 365 (12%) ADFS (17,5%) brute force. Attacks against authentication protocols for Exchange servers, Microsoft Active Directory and Federated Services. Since these services are not accessed through a browser, users authenticate to them through separate prompts. Due to the single sign-on capabilities of AD and federation, successful access attacks of these protocols encompass mail, as well as entire intranets and significant amounts of sensitive information.
  • SSH/SFTP brute force (18%). SSH and SFTP access attacks are among the most prevalent, partly because successful SSH authentication is often a quick path to administrator privileges. Brute forcing SSH is hugely attractive to cyber criminals as many systems still rely on default credentials ease of use.
  • S-FTP brute force (6%). S-FTP brute force is dangerous as it is a method to drop malware, which presents a wide range of disruptive options, including escalation of privilege, keylogging or other forms of surveillance and network traversal.

Overall, email is the most targeted service when it comes to brute force attacks. For organisations that do not rely heavily on ecommerce, the most valuable assets are often stored far from the perimeter, behind multiple layers of controls. In this case, email is often a powerful staging ground to steal data and gain access to the tools needed to wreak widespread havoc.

Breach data also pegged email as a primary target; it was involved in the top two subcategories of access breaches, representing 39% of access breaches and 34.6% of all breach causes. Email is directly attributed as a factor in over a third of all breach reports.

Staying safe

According to the Application Protection Report 2019, safeguarding against access tier attacks is still a major challenge for many organisations. Multi-factor authentication can be hard to implement and not always feasible in the required timeframe. Worryingly, while passwords are typically inadequate forms of protection, F5’s Application Protection Report 2018 found that 75% of organisations still use simple username/password credentials for critical web applications.

“While access attack tactics will certainly change as defensive technologies become more advanced, the core principles to stay safe will remain significant for the foreseeable future,” said Pompon.

“To start, make sure your system can at least detect brute force attacks. One of the main challenges is that confidentiality and integrity can sometimes find themselves at odds with availability. It is important to establish reset mechanisms that work for both the organisation and its users. It is not enough to set up some firewall alarms on brute force attempts and take a nap. You have to test monitoring and response controls, run incident response scenario tests, and develop incident response playbooks so that you can react quickly and reliably.”

Technology

Smarterly recognised as one of the UK’s leading Fintech companies

Smarterly, the savings and investment platform, has been chosen to be part of this year’s Tech Nation Fintech Programme. Tech Nation, a government sponsored organisation, supports early stage fintech companies with the greatest potential for growth. Aimed at company founders, the programme will provide insight sessions delivered by some of the most established fintech entrepreneurs, investors and partners to help the chosen companies scale quickly in the UK and overseas.

“Being selected for the Tech Nation Fintech Programme is a huge honour. Smarterly has achieved so much in its short history and we believe being part of Tech Nation’s Fintech Programme will help us to achieve our expansion plans even faster,” says Ben Pollard, Smarterly Founder.

The company, one of just 25 fintechs to be chosen for the prestigious programme, aims to turn the UK into a nation of investors by promoting the benefits of healthy savings habits via the workplace.

Employers use Smarterly to enhance the financial wellbeing of their workforce by providing them with an accessible way to save and invest from as little as £10 per month, direct from pay. Employers can contribute to support the varied financial needs of employees as a complement to pensions.

“Having recently secured significant investment to support the business through its next stage of growth, being chosen for the Fintech Programme has come at an opportune time as we continue on our mission to be the go-to place for workplace savings. We welcome the support from Tech Nation to help us execute our strategy for growth,” says Phil Hollingdale, Co-founder and Executive Chairman, Smarterly.

Smarterly joins some of the UK’s most acclaimed Fintech companies. The Tech Nation Fintech Programme boasts a well known alumni including Monzo, Perkbox, Funding Circle, Skyscanner, Zoopla and Revolut.

Technology

The USB is back – as an essential defence against data breaches

Could the humble USB be making a comeback? Jon Fielding, MD EMEA of Apricorn, discusses why secure usb drives are seeing a resurgence in popularity

Once an indispensable piece of business hardware, found in pretty much every briefcase and office drawer, the USB drive’s popularity waned as technology advanced. Today, large volumes of data can be transferred online and stored in the cloud, while mobile devices give us access to corporate information wherever we are. But as concerns rise over how to protect data when it’s on the move, removable storage devices once again have a key role to play: as a crucial part of a business’s cybersecurity defences.

New working practices and technologies have brought additional risk to businesses. In a survey carried out by Apricorn this year, almost half of organisations admitted their mobile workers have knowingly put data at risk, while nearly a quarter said they can’t be certain their data is adequately secured when used in a remote working environment.

Ongoing digital transformation and the adoption of cloud, AI and IoT are introducing an extra layer of complexity to businesses that potentially makes them more vulnerable to cyber-attacks. Meanwhile, personal devices and consumer apps are being brought into the corporate environment without the knowledge of the IT department.

At the same time, GDPR has begun to bare its teeth, with the Information Commissioner’s Office (ICO) recently hitting British Airways and the Marriott hotel group with significant fines.

Organisations recognise the pressing need to invest in strengthening their security posture. There are plenty of sophisticated high-tech security tools and solutions on the market – but as with all new technologies, integrating these can add to an already complex IT environment, compounding risk and lack of control.

Technology is always evolving, for good and bad. However, most cyber-attacks don’t involve the use of new and sophisticated techniques. Instead, hackers rely on simple approaches that exploit well-known weaknesses – for instance a lack of software patching, or employees who haven’t been properly educated in good security hygiene. Reverting back to basics has its merits as a defence strategy, as well as one for attack.

Here’s where highly secure removable storage devices have a role to play. Mandated for use as a key part of an organisation’s cybersecurity strategy, they provide a practical way for employees to safely and reliably store, move and transfer large amounts of sensitive data offline.

More crucially, however, is the availability of USB drives that have hardware encryption capabilities built in. These automatically encrypt all data written to them, locking it down so that if the device is lost or stolen the information on it will be completely inaccessible.

End-to-end encryption of all data as standard – both at rest and in transit – has come to be recognised as a vital element of any cybersecurity plan, and is specifically recommended in Article 32 of GDPR as a means to protect personal data. Two thirds of organisations now hardware-encrypt all information as standard – up from just half last year. There’s a high level of awareness of the risk of not doing so: lack of encryption is behind 27 per cent of all data breaches, according to IT decision makers.

Encryption should be invisible, and automatic. If it’s built into a device the decision and responsibility to encrypt is taken out of the user’s hands. Strict policies detailing how removable storage devices should be used can be enforced through whitelisting on the IT infrastructure, blocking access to USB ports from all non-approved media. Employees should also be trained in how to use devices safely, as well as the importance of data protection and how to be a responsible information owner.

Until recently, I think many companies didn’t quite believe that GDPR would be applied in anger. The ICO’s clear shot across the bows has shaken the myth that any period of amnesty or leniency will continue. This is likely to trigger an upturn in spending on cybersecurity, as organisations seek to avoid penalties.

There’s a plethora of ‘shiny new things’ out there to invest in – but businesses should also consider the fundamentals of good security practice, and implement the tools and techniques that will most effectively provide a robust defence. The ‘humble’ USB drive is one of these – and that’s why I believe it’s set to enjoy a renaissance.