This week’s technology news – 20th February 2015


Microsoft enjoys gold in Europe

Microsoft’s VP of Legal & Corporate Affairs, Brad Smith announced on 16th February 2015 that it had become the first major cloud provider to adopt an international standard for cloud privacy – which is also the world’s first.

This follows the EU data protection authority’s endorsement of Microsoft’s gold standard for cloud privacy back in 2014 (see our blog 17th April 2014).  The new ISO creates a uniform, international approach to protecting privacy for personal data stored in the cloud.

Smith is clearly pleased:  “The British Standards Institute (BSI) has independently verified that in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standard’s code of practice for the protection of Personally Identifiable Information (PII) in the public cloud”.

Where standards will affect business assurance and safeguards to industry, this new ISO is important commercially as ISO 27018 assures enterprise customers their privacy is safe – and the new standards promise the data will not be used for advertising.

According to Smith, Microsoft can only process identifiable data the customers provide and is obliged to notify the customers where their data is, and who else is using it (in case there are third parties in need of their data). Additionally, the company offering cloud services must notify the client in case the government requests disclosure of ‘PII’ data.

azure

Google’s CIE says “Don’t get lost in the digital Dark Age”

Chief Internet Evangelist for Google, Vint Cerf, a “father of the internet” and holder of the highest civilian honour, the U.S. National Medal of Technology, addressed the American Association for the Advancement of Science (AAAS) annual conference in San Jose last week.  His talk aired concerns that all the images and documents we have been saving on computers will eventually be lost – and that future generations will have little or no record of the 21st Century as we enter what he describes as a “digital Dark Age”.

This would occur as hardware and software become obsolete (and as backward compatibility is not always guaranteed) and old formats of documents, presentations or images, may not be readable by the latest version of the software or retrievable from external hard drives.

“The key here is when you move those bits from one place to another, that you still know how to unpack them to correctly interpret the different parts. That is all achievable – if we standardise the descriptions…. We have various formats for digital photographs and movies, and those formats need software to correctly render those objects.  Sometimes the standards we use to produce them fade away and are replaced by other alternatives and then software that is supposed to render images can’t render older formats so the images are no longer visible”.

“Over time, we accumulate vast archives of digital content, but may not actually know what it is.”  As it is unclear what would be the most important data of our generation it was important to preserve as much as possible.

“The solution is to take an X-ray snapshot of the content and the application and the operating system together, with a description of the machine that it runs on, and preserve that for long periods of time. And that digital snapshot will recreate the past in the future.” Cerf calls this digital form, ‘Digital Vellum’ to be held in servers in the cloud – and accessible as required because descriptions have been standardised.

Whilst there is no guarantee of Google being around in 3000, the notion is that the x-ray snapshot captured is transportable from one place to another. So, it could move from say Google cloud to another cloud, or back onto a personal machine.

Google-Vincent-Cerf-631_jpg__800x600_q85_crop

See video:  http://emp.bbc.co.uk/emp/embed/smpEmbed.html?playlist=http%3A%2F%2Fplaylists.bbc.co.uk%2Fnews%2Fscience-environment-31458902A%2Fplaylist.sxml&title=Net%20pioneer%20warns%20of%20digital%20’Dark%20Age’&product=news“>http://emp.bbc.co.uk/emp/embed/smpEmbed.html?playlist=http%3A%2F%2Fplaylists.bbc.co.uk%2Fnews%2Fscience-environment-31458902A%2Fplaylist.sxml&title=Net%20pioneer%20warns%20of%20digital%20’Dark%20Age’&product=news

When just one drop IS enough

An American company, Nanobiosym has shown off its latest mobile diagnostic device, ‘Gene Radar’, which can perform real time testing on a drop of blood, saliva or other bodily fluid to detect disease.

Using a nanochip in a mobile device, they claim it provides a gold standard at DNA/RNA level, revolutionising the previous mountainous PCR processing which went before it in medical profiling, to create more efficient scientific solutions to viral scanning.  A mobile scanner that can detect whether a person has Ebola, HIV or the flu virus in less than one hour has great significance. The technology can be deployed in wearables, smart phones and notebooks and apps for self diagnosis are also being developed apace.

Nanobiosym is one of several US companies chasing healthcare business in this sphere, including Corgenix (a Microsoft Gold Service Partner) and Nanomix.  CEO of Nanobiosym Dr Anita Goel is passionate about the opportunity for this new technology to truly democratise healthcare, especially in third world countries, which do not have the industrialised history and infrastructure investment in healthcare and take it to the people.

The personalisation and mobility of this healthcare offering is very exciting. It brings together physics, biomedicine and nanotechnology to diagnose conditions and is viewed by Goel has having the potential to cut the costs of some conditions by up to 99%, surely of interest to healthcare boards around the globe, where the pressure on budgets is forever being squeezed.

The development is eye catching when in the West, traditional HIV screening would cost $200 with results taking two weeks – and six months in Africa.  The outbreak and spread of Ebola hooked world headlines in 2014 and its impact is still being felt.  The new technology being developed by these companies can detect the disease at very low levels, before a patient is even showing symptoms.  In practical terms, scanning for this and other diseases at airports say, could help contain, advise and start pro-active steps for treatment, even affecting future generations.

The company is waiting for approval from the US Food and Drug Administration (FDA) before offering the device for sale.  With diseases like Ebola, it would be a straightforward tick for border agencies, keen to control migration of those affected. However the ramification for detection through apps of other genetic diseases like Parkinsons or Alzheimer’s carries with it the health warning that the patient’s very knowledge of the disease could alter and affect their life, decisions and outlook if pre symptoms were detected whilst there was still no cure.

28337-technology-generadar

See video:  http://goo.gl/FcBXoD

This week’s technology news – 13th February 2015

HP’s doomsday cyber forecast

HP’s CTO Andrzej Kawalec, speaking at the European Information Security Summit in London on 10th February, has predicted a ‘catastrophic cyber attack’ in the next five years.   Before people settle back comfortably and think it is ‘just another cyber attack on a brand’, think again.  Kawalec foresees this as far more serious: “We expect an attack that will cause significant and lasting damage to a major world economy through physical and economic impacts”.

Kawalec acknowledges the enormous challenges around creating a resilient single digital online identity.  Much of the blame he identifies as being a lack of common standards amongst social media platforms, the cloud and devices connecting to the Internet of Things (IoT).

Kawalec identifies a tricky balance to be struck between managing regulatory and privacy concerns and the potential impact on cross-border trade, or exposing industry to financial risk – which must be avoided.

HP have therefore identified three areas of cyber security in 2015 that they will urgently focus on:
• Spending more time and effort understanding our adversaries and how to disrupt them at every step.
• Understand and identify risk to ourselves to ascertain how best to protect, as well as enable information assets.
• The need for businesses to collaborate more – and share information with each other to get a unified view of the threats and extend cyber security capabilities beyond one organisation (as our adversaries have stolen the march on this – and THEY collaborate faster and more efficiently, without being weighed down by any legislation.

On a technical note, Kawalec noted the need to improve management of open-source software within organisations.   He also flagged the need to address security vulnerabilities within supply chains (referring to the 2nd largest US attack on retailer Target in December 2013 which hit 40m payment card users and was the result of a compromise via their air-conditioning supplier).  This highlights the need to change the way organisations deal with their suppliers – and finally, Kawalec impressed on the audience the need to improve securing the end user and the data.

Ultimately, alternatives to password-based authentication will evolve he sees – with greater focus on protecting data.  This, he said, was all part of “understanding our information environments better, see how they work and find better ways of making them secure”.

Amicus ITS has joined the UK Cyber Security Forum, echoing these sentiments that shared knowledge of enterprise security specialists will help create greater strength and unity in 2015.  To find out more click on http://ukcybersecurityforum.com/

130813_1034_290X230
IoT revenue opportunity vs business cost
The latest report by technology research marketing company Beecham Research has identified that IoT security could present a revenue opportunity, with security and data management for the internet of things (IoT) a big value-add revenue opportunity for service providers, instead of it being seen as a business cost.

With the growth and complexity of the myriad applications of IoT and emerging smart lifestyles, Beecham Forrester see this will be accompanied by an urgent need to manage connecting devices which use short-range wireless and fixed-line technologies.

Principal analyst and report author, Saverio Romeo anticipates, “Companies will increasingly rely on outsourcing and we expect that revenues from device authentication, device management, data management, billing and security will exceed $3bn by 2020. Out of these, we see security and data management services generating some $1.8bn alone”.

Data management for IoT remains currently a small market, however Beecham Research believes it has the most potential for high gross margins, with IoT security as the most strategic, across the network, device and services domains.  Romeo commented:  “…we see IoT security providers offering high-value, end-to-end security to service and application providers”.

This follows their last report 5 months ago urging industry to take decisive action to secure IoT devices which should be managed over their entire lifecycle (with resets an option, to enable remote remediation to rebuild and extend security capabilities over time).

As with the cyber security story above, this report has highlighted the need for industry players to unite and enable the securing of IoT devices end to end (from silicon semiconductor manufacturers to network operators and systems integrators), with particular attention to the identification, authentication and authorisation of devices and people in IoT systems.

A strong pattern is thus emerging for 2015 in the technology industry with security themes dominating. Where the core value of security is shared by organisations, there is surely a compelling argument for the different businesses to come together, share knowledge and give the end user assurance that they are safe using such devices. This can surely only result in one result:  greater take up in the long term and profitability for all involved.

31726046_s

Value of IT outsourcing review

Figures out by Business Process Outsourcing analysts (BPO), Nelson Hall, regarding UK spend in 2014 on outsourcing and IT totalled £6.65bn, with IT outsourcing accounting for £3.44bn.

New business deals accounted for 55.5% of those signed, up from 33% in 2013. 66% of those deals were fully onshore by UK suppliers, with the remainder having an offshore element and 8% delivered exclusively from offshore locations.

The drive by organisations to digitise through Cloud and software development (DevOps) saw a substantial rise in private and hybrid cloud transformation.  However, the desire for many businesses to transform their business IT infrastructure environment and the costs involved, meant that many could not fully migrate and so a transactional and usage-based pricing model in contracts emerged.

• Private enterprise accounted for 63% of the spending.
• Local government saw 15% increase in average contract values rise to £30.3m.

• The financial services industry spend was £1.1bn in 2014.
• With energy and utilities companies accounting for 187% growth in IT spending (the fastest growing, which reached £1.07bn).

MSPs which can offer a comprehensive array of IT services and on top of this can apply a flexible approach to their customers with fully secured Cloud solutions and 24×7 support will be the beneficiaries of this increasing trend as 2015 gets underway.

17775729_s

Keeping your keys out of the Box

Cloud storage provider Box has announced a new service that could be a first in the file storage arena. The new service is currently in Beta and allows organisations to hold their own encryption keys for their data. This differs from the traditional approach where the service provider tightly guards everyone’s encryption keys.

This new service called Enterprise Key Management (EKM) will appeal to highly regulated industries such as healthcare, finance, government and the legal sector. EKM will also appeal to those worried about hackers, government requests for data and Cloud providers’ own employees having access to their data.

EKM essentially gives you control over the one master key for your data.  But, it also gives you FULL responsibility. You may no longer need to worry about the threat of hackers getting to your data through your service provider but this should only alleviate concerns if you believe your own security is sturdier.

If you do consider EKM, the most important consideration will be the storage of the encryption key itself.  Of course it will need to be resilient enough to survive hardware or site failure, but the strategy to make sure it is backed up, specifically regarding access to it and backups, will need to careful consideration. Whilst EKM does solve many of the issues some have with Cloud storage solutions today it also comes with its own set of new unique challenges and should only be chosen after great consideration.

 

box-logo
Ever Greener Apple

Apple is no stranger to being green. Not only does the company promote their own products with an environmental check-list on launch, the iPhone producer also uses renewable energies like solar to power their services.

Apple has detailed plans to spend $850 million on a new solar farm in California. This deal marks the largest ever supply of ‘clean power’ to a commercial user. The farm itself will cover 2,900 acres and will have the equivalent to power 60,000 Californian homes. The power from the new farm will be split with 130-megawatts going to Apple to power buildings such as its future campus, while the remaining 150 megawatts is being sold to the Pacific Gas & Energy’s grid.

This huge spend continues Apple’s commitment to use 100% clean energy – and if successful could be used as the blueprint for many other clean energy driven enterprises going forwards.

9806-1744-140708-Solar-l

New biometric ID technology innovations for 2015

FIDO members biometrics offering new dawn for data security
As security around data and Personal Identifiable Information (PII) increases year on year, the use of passwords, encryption and two factor authentication may be destined to become old hat in a new age of security management.  So what technologies are out there to choose from which have the greatest potential to be adopted by organisations which can choose almost any part of the body to create a security technology system from.   We run through some of the top offerings from members of authentication group, the FIDO Alliance:

1. Heartbeat
Using the heart’s natural ECG wave which creates a unique signature, the Nymi Band worn on the wrist, seeks to seamlessly integrate security without distraction throughout work and life using Bluetooth to authenticate you and other devices through a partner app on your computer or mobile device.  With the Bank of Canada and Mastercard taking an interest, watch this space.
https://www.nymi.com/the-nymi-band

Bionym_Nymi_colors_stacked

2. Iris
Want a false positive rate of 1 in 1.5 million?  Then The Eyelock Myris could be your cup of tea. With the device plugged into your USB port, sites and applications connect to the Myris app, the user looks into the device to log in as you would a hand mirror.  Collecting 240 points of data on your iris, this technology is deployed across sectors such as security, border control, government and the financial services with over 3million transactions recorded over the last two years.
http://www.eyelock.com
EyeLock-Myris

3. Sclera
Be unabashed now about taking a selfie, it will get you into work!  EyeVerify uses the ‘sclera’ or white part of the eyeball to analyse blood vessels in your eye to confirm your identity.  With financial institutions one of their main targets, several banks in Australia have started testing it with their employees and EyeVerify forms part of the MDM platform from Good Technology and Airwatch.
http://eyeverify.com
eyeverify-scanner-oculaire-smartphone

4. Fingerprint
No longer restricted to Scotland Yard, fingerprint readers are now embedded in smartphones, laptops and other devices, plus dedicated hardware in key fobs, dongles, and other peripherals, such as the IDKey from Sonavation and the Yukey from Egistec.   Software like The Onyx, from Diamond Fortress Technologies just uses the camera on your smartphone.

Onyx diamond

5. Voice
Voice biometrics give a chat on the phone new meaning.  Agnitio’s Kivox platform is used in police and surveillance arenas, through BYOD applications, in call centres and creating secure environments in the financial sector. The software sits on the phone, rather than requiring an internet connection and offers a patented anti-spoofing technology that caught 97% of fraud attempts, which other competitors they say failed to catch.
http://www.agnitio-corp.com

img_kivox_ampliada_2

6. Face
Android app ‘AppLock’ by Sensory, found in the Google Play store uses your phone’s camera to see your face and has a “liveness” mode offering extra security to stop criminals copying your face with a picture, as well as a further checkpoint of voice recognition.  Not just to stop someone playing your games, it can ‘hide’ pictures and videos using control access, stop kids changing settings and protect your data.
App-Lock-Pattern-Lock_thumb

7. Ear
Putting your phone device up to your ear in the most familiar manner – and having it unlock the device from ‘ear recognition’ is a reality through Google play from Descartes Biometrics. The app reads the shape of your ear where it touches the screen, but currently has a relatively low rating, so maybe not one just yet.

http://www.descartesbiometrics.com
ear-helix-man-595x259

8. Finger vein
The Hitachi technology uses infrared light to painlessly and rapidly scan the veins inside your finger. Amicus ITS covered Barclays Bank’s embarkation into finger vein technology on 5th September and it is in use in ATMs in Japan and Poland.  The producers claim it is so hard to read as it reads the inside of the finger so has a lower rejection rate – and dead fingers have no blood flow, so no benefit to gangster theories of brutality to extract funds.
http://www.hitachi.eu/veinid
finger_vein_scanner

9. Brain waves
There are two leading consumer devices to read brainwaves, but they cannot be used yet as authentication devices. The ‘Emotiv Insight’ (scheduled to hit the market this March funded through a $1.6 million Kickstarter campaign), collectS EEG measurements of brain performance from which meaningful data can be gathered and ‘read your mind’.  Like its (now unavailable) rival ‘Mindwave’ headsets from NeuroSky, it uses dry contact sensors and is safe for all ages.
http://www.emotiv.com

b49c973dc2d6baf3075138dfa45e7025
Biometric technologies will become more commonplace and compliment or even replace passwords in the future.   Whilst some of these applications might sound too far off now for your organisation, companies should keep a close eye on authentication technology and which ones might make more attractive adopters for your workforce, rather than just another technical barrier to getting on with the day’s work and accessing spaces.

This week’s technology news – 6th February 2015

US ‘human firewall’ initiative to ward off cyber threats
American safety science company UL, has developed a behaviour focused education programme for their staff to help thwart the high proportion of cyber penetration emanating from phishing attacks through employee mistakes.

At its core, the programme trains employees to recognise and report phishing emails to their IT security department.  The heightened awareness and resulting engagement through this behaviour modelling programme, creates a healthy attitude towards understanding the importance of IT security within a company.  The dynamic ‘human firewall’ was found to be able to spot threats often within minutes, enabling IT security teams to take necessary action and communicate back promptly to the organisation.

The first step at UL was to educate employees on what a phishing attack looked like and a quarterly ‘planted’ phishing message was sent to every employee from CEO down that they were challenged to detect.  Employees were notified that there was to be a test, so as not to be a “gotcha” moment. If an employee fell for the scam, they were routed to a one-page lessons-learned offering two or three pointers on what to look for next time.

The second step was to get employees to report suspect emails. With personal responses to each individual reported attack, the initiative took off quickly and staff were recognised for saving colleagues and customers from attack.  It created a different conversation and improved relationship between departments.  Robert Jamieson, IL’s IT Security Officer believes the personal connect made all the difference. “Because there was no process or reason for people to think to report incidents or queries to us it used to take days or weeks to sort, whereas now the direct response is within 24 hours”.

With this programme, incident reports in UL increased from 10 per month to over 1,000 and the company has reported a 19% decrease in virus-related attacks.  This human firewall initiative is a final cog in the toolbox to many of the technology tools to defend companies from cyber attack – and the principles of what UL have achieved should give serious food for thought to all CISOs whether in a corporate or healthcare environment.
nationwide phishing

How much bigger can BT grow?
Late in 2014, BT confirmed they were in talks for a giant acquisition to take them back into the mobile operator game, with the purchase of their former company O2, or EE. The decision is made and BT has just paid £12.5 billion to acquire UK’s largest mobile provider, EE.

With BT now having both the largest mobile telecoms and fixed-line marketshare in the UK in addition to Openreach, BT’s infrastructure division, any rival telecom operators must go through Openreach to do business, making BT’s control and reach in the UK colossal.

The decision to move back into the mobile provider market isn’t surprising. Increasingly home users admit to only have a landline because they have to in order to get internet access it. Even at home the majority of calls are now made on mobiles instead of the landline. The deal more than trebles BT’s retail customers adding the 10 million BT already had to EE’s 24.5 million direct mobile subscribers.

The inclusion of mobile will also let BT provide “quad play” selling mobile, fixed-line, broadband and TV as a group of services.

UK competition authorities will be paying very close attention to this move but may need to take a different look than usual. Normally mobile and fixed-line markets are analysed separately. If done here, EE is not larger after this acquisition than before, however if competition authorities look at this alongside BT’s numerous non-mobile communications services, the strength BT could potentially apply on overlapping markets would give them significant advantage.

The EE buyout is expected to be finalised by March 2016, subject to shareholder approval and competition authority agreement.  Meanwhile, rumours are that mobile operator Three is in talks to buy O2.  That gossip along with Vodafone rumoured to buy Virgin Mobile, ensures that the telecoms world will be a very busy and potentially contentious commercial space in 2015.

BT-EE