Amicus ITS conducts data security straw poll

Amicus ITS released its latest straw poll of staff views from their Totton Headquarters, regarding data security.  This follows the spate of cyber security breaches reported in recent months in the news.  Overseeing the latest poll, Head of Technology & Governance, JP Norman commissioned his Security & Compliance department to check with staff on the following two issues:

Q1          Staff were asked firstly, what they would do if a retail organisation (ie. Bank insurance, retailer) lost their personal identifiable data information (including financial data).

96% of Amicus ITS staff said it would cause a complete loss of trust and influence them to stop using that organisation again, whilst 4% said they were undecided.

Q2          The second data security question put to staff, asked whether they would consider removing or withhold an organisation’s right to their data, if personal identifiable information was lost by a Public Sector organisation, institute or employer including healthcare records, employment or financial data.

In this response, 89% of staff said they would consider withholding their data.

The higher return in Q1 suggests a greater confidence and sense of control felt by people in moving an account, or simply voting with their feet commercially by not transacting again with that breached organisation.

The second result is pretty much as anticipated, with a perhaps more wary approach to withholding information (say from a GP or hospital), even though people have the entitlement to do so through the Data Protection Act 1988.

As reported in our blog of 28th May, the growing awareness of the potential frailty of large organisations without good data control, tight security policies and fast response teams, may see a change demanded by the public, unless the organisation takes a proactive stance.

With the value of healthcare records considerably higher due to the volume of personal information they contain including Social Security numbers and insurance details, the worrying realisation is that there is a very real possibility of fraud against an individual or false record creation 10-15 years down the line.

There are a number of checks that people can request to verify how their PII data is handled which we will cover in future weeks.

LastPass keeper of passwords confirms system breach

LastPassLogoShadow

Password management isn’t as simple as it should be. Everyone recommends using unique passwords for every account you use, in addition the same people will heavily recommend each of these should be complex. With the ever increasing amount of accounts we use every day remembering all of your passwords simply isn’t as easy as it used to be.

This problem has seen the rise of password manager tools, where you would only need to remember the one password and the tool will securely contain all your other passwords within. Some password management systems also have the ability to access your passwords from any device, meaning if enabled your passwords get uploaded into the cloud. This of course is a big convenience, but putting all your passwords together on a single companies cloud is equally a big risk.

LastPass a leader in password management issued a statement this week that their system containing everyone’s passwords had been breached. Despite the system breach LastPass is remaining optimistic claiming their numerous encryption methods will keep users passwords secure.

The numerous encryption methods include passwords being salted, hashed and stretched. Salting is where random characters are inserted into each word so the same password would not produce the same encrypted text. Hashing is where the text is rearranged cryptographically so a slight change in the original password doesn’t produce a similar encrypted version. Finally stretching is the method of running the hashing part many more times over. All of these measures, especially when applied together make cracking the outputted encryption code almost impossible to break.

Even with these measures in place LastPass is issuing emails to users to reset their master password and advising enable 2-factor authentication.

An important lesson to lean is be careful where you keep your own passwords and no matter how secure you believe your IT system and network security is, so must be your data and not all encryption is equal.

The Integration of Everything for enterprise

internet-of-everything

With much of the discussion these days around homes or cars being the target for technology connectivity and integration through the future Internet of Things (IoT), Citrix are looking at an alternative definition, the ‘IoE’ – or Integration of Everything (IoE), as they seek to resolve problems for organisations and open up opportunities for businesses.

With most enterprises having complex combinations of legacy systems, SaaS services, innumerable devices, multiple sites and an ever changing set of requirements from the Board to expand revenues or cut costs, the ability to integrate and connect all these systems, services, people and things into automated workflows can make a lot of sense.

For IT managers, leveraging IoE represents an opportunity to improve a multitude of operations including:

  • Notifications of critical system status before business interruptions
  • Network security monitoring looking for anomalies
  • Automated diagnostics for error logging and support resolution
  • Datacentre operations for server operation and facilities
  • Big data analytics to understand and optimise operations

On the user side, IoE can make workspaces more productive and secure:

  • Application request, approval and deployment workflows
  • Conference room automation to eliminate wasted time at meetings
  • Workplace automation for enabling flexible open workstations
  • Enable multiple devices to share content and multi factor authentication
  • Beacon enabled app access and proximity security

Marketing Automation is an increasing business requirement for IT that IoE can help with:

  • CRM integration with legacy systems
  • Realtime twitter sentiment notifications analysis and workflows
  • Big data sales collection and analytics for revenue optimization
  • Automated support incident logging and response

There is clearly a lot for enterprise to take advantage of if they choose to review options around the IoE, but anything on such a scale of technical architecture and investment would require careful planning, not only in terms of execution, but embracing security alongside standardised communication interfaces to give it the best chance of success and any commercial outcomes.

 

 

Apple’s iOS 9 update hints at a bigger iPads for the office

Split_View

This Monday Apple held their annual Worldwide Developer Conference announcing upcoming features and services across their devices.

Arguably the most interesting development was for the iPad, finally allowing true split-screen multitasking to the tablet.

Like many Apple updates the amount of functionality you will get will be depending on which model you own, with only the iPad Air 2 being deemed sufficient to run the full experience called Split View.

The new feature comes as part of iOS 9 and will allow iPad users to launch two Apps at the same time divided by a vertical split in a very similar vein to Windows tablets. iOS 9 also allows apps such as video to be displayed in a floating windows above your current app.

These new multitasking features will help further validate the use of iPads in businesses, being able to both check emails and edit a document at the same time.

Splitting your view does allow you to get more done but it does also make your workspaces smaller.

The announcement of Split View also gives credence to the much rumoured 12” iPad, this will allow the iPad to go toe-to-toe with Windows tablets and potentially squash their momentum with their own market share.

It is likely we will see a 12” iPad Pro launched within the next 12 months and similarities to this and the Surface Pro line will definitely be drawn. With both potentially having similar design and form factor the true battle will be between iOS 9 and Windows 10.

Whilst Microsoft has proven Surface can replace your laptop can Apple do the same for the iPad?

Skype for Web launches in UK and U.S

skype-logo-open-graph

Microsoft’s popular communication tool Skype is already widely available with Apps for PC’s, tablets and smart phones, but what if your on a device which you either can’t install its app or want a quicker solution? Skype has now provided the answer with a browser based service which has now launched in both the UK and U.S called Skype for Web.

Using Skype for Web you can text chat, voice call and even video call others. Signing in will show you your existing contacts availability as well as your messaging history, giving a seamless experience between App and Web.

The new services seems to be aimed at breaking down any barriers for potential users getting into Skype as well as giving existing users more options to where they can sign in; such as a friends or works PCs as well as public computers such as internet cafes.

Skype for Web is aimed at consumers apposed to their Skype for business offering, however the two are not as divided as they initially seems. Organisations using Skype for Business can talk to ‘non business’ Skype users. This allows organisation to arrange calls with clients and third-parties which may not have the Skype app already installed.

This new web push for Skype could see increased momentum for businesses using Skype as a communication tool to people outside their organisation instead of looking at alternative web solutions. The service is currently in Beta and is available for users in the UK and US if you would like to try yourself head over to https://web.skype.com/

 

Cost of Snowden’s leaks to US business put at $35bn+ …. so far

Recognition amongst the tech community of the ramifications arising from Edward Snowden’s surveillance leaks in 2013 were voiced at this week’s Techonomy Policy conference in Washington, USA.

The increasing data localisation laws brought in or being planned by international governments was seen as potentially restricting future trade for US and international tech vendors, as they struggle with the issues and complexity of international compliance and the rising demand for data generated in a particular country to be stored within its borders.

Yael Weinman, VP of global privacy policy at the Information Technology Industry Council said:  “We’ve all heard the metaphor—data is the new oil… well barriers to cross-border data-flows make doing business today … much more difficult.”

Russia is due to introduce its data localisation law in September, whilst France and Germany are creating their own dedicated national networks, and other countries, including China, Australia and India, have passed data localization laws.

The cost impact of Snowden’s actions has been measured by tech think tank The Information Technology and Innovation Foundation.  Originally having estimated the cost of US surveillance programs to the country’s businesses between US $21.5 billion – $35 billion, they have disclosed in their new report that the true figure is well in excess of the $35 billion mark.

One of the clearest challenges to Government as well as business is the rapidity of change within the technology and data environment.   But Andrea Glorioso, Counselor for the digital economy for the European Union’s delegation to the US stated that the EU was right to seek to protect and defended privacy consumer-protection regulation.  “Some tech companies argue against regulation, saying they want “frictionless innovation. When you’re in a car, friction is a very good thing, because it’s what allows you to brake. A world without friction is a world in which you just go ahead, and you cannot stop, even when you want to.”

The key for Managed Service Providers is to work with partners who can enable the use of global, trusted and recognised brand software platforms while ensuring UK data sovereignty is maintained.

Techonomy

Alibaba secures US foothold as part of its global strategy

Following the building of its first datacentre in the US, as first announced in our blog of 10th November 2014, Chinese e-commerce company, Alibaba, has launched an Infrastructure as a Service (IaaS) cloud offering called Aliyun in the US. The company offers a range of IaaS cloud services including elastic compute, storage databases, content delivery, security and analytics products.

This is all part of a long term globalisation strategy to create data centres in Europe, Asia and the Middle East.  In the fourth quarter of 2014 Aliyun reported revenues of $147 million. So far Alibaba has been targeting Chinese enterprises in the US, but confirmed it is setting its sights on America’s largest ecommerce company, Amazon and its cloud computing division Amazon Web Services in the longer term to attract US business.  Alibaba’s cloud computing President, Simon Hu said, “We strongly believe our products and services can not only tap into demand from Chinese companies, but also serve overseas clients who run international businesses”.  By building up relationships with US hosting partners in Silicon Valley in recent weeks, Alibaba has taken a real step closer to achieving its early goals by gaining this foothold in the States.

Both companies are dominant in their respective markets for ecommerce and IaaS and the race is on now as each targets the others core customer base. However, both companies face a significant challenge in overcoming the natural suspicions of each nation towards the other on the topic of security.  Despite China being the world’s richest economy (having shipped US$1.623 trillion worth of goods around the globe in 2014, up by 48.5% since 2010), data control is a very different beast to sell in contrast to electronics, manufacturing and clothes.

Amazon along with Microsoft has sought to enter the Chinese cloud market, but legal regulations are making it difficult for both of them.  Alibaba for its part, had to develop datacentres outside China, if it was to argue against accusations of interference and controls from the Chinese government. However, given the speed of its economy’s growth in the last decade there is clearly significant opportunity in the world market for Chinese businesses to use Alibaba.

China-based Forrester cloud analyst Frank Liu believes this niche position of Alibaba’s having a China-centric customer base (going global), could prove compelling as China’s economy continues to expand.   This heritage may yet prove a difficult pill for US customers to swallow though. With only one week since the mass ‘cyber intrusion’ of 4 million US public sector workers (which security experts believe could only have originated from China or Russia), the thorny issue of trust within the data community will remain at the top of the agenda.

aliyun-logo