Eduard Meelhuysen, VP EMEA, Netskope
The first half of 2015 saw a 38% global increase in M&A activity over the same period in 2014. With acquisitions booming, challenges around IT integration arising from M&A are more prevalent and more important than ever. Serious technology issues, for example difficulties in integrating core IT infrastructure, have even derailed major deals in the past.
Even for successful deals which make it past these early technology hurdles, there are still IT challenges ahead. In addition to the integration of core infrastructure, there can be difficulties at the employee level around data security. The increased use of sanctioned and unsanctioned cloud apps is one example of such a challenge. The latest Netskope Cloud Report found that there are now 483 cloud apps in use within the average organisation. With hundreds of cloud apps in use on either side of any deal, this number is always likely to swell significantly when two companies merge or one company acquires another.
In order to protect their data and ensure compliance, especially in highly-regulated industries such as financial services, companies need a complete picture of what data they have in the cloud. An acquisition makes this picture twice as big and potentially twice as complex, and the number of cloud apps can increase exponentially in the new legal entity created by the deal – creating a mass of data sprawling across hundreds and hundreds of cloud apps.
Cloud storage is the second most popular cloud app category (behind marketing apps), and worryingly there are no guarantees that these apps are secure. In fact, the Cloud Report found that 69% of cloud storage apps were not “enterprise ready”, scoring a “medium” or below on the Netskope Cloud Confidence Index.
So what practical steps can companies take as they merge to address the challenges posed by cloud app use, especially that of cloud storage apps? How can IT build a picture of what storage apps are in use, and discover what data exists, and where data are located? How can IT consolidate the apps in use by both firms in an acquisition, and steer users towards sanctioned apps and away from less secure alternatives? Any acquiring firm needs a practical strategy to get the new, larger entity’s cloud apps in order.
Here are five practical steps for companies looking to safely enable cloud storage apps:
- Safeguard sensitive data in corporate cloud storage
According to Netskope data, 8% of files in corporate cloud storage apps violate a data policy or something of similar value or importance. For highly-regulated industries in particular, employees breaching compliance by uploading customer information or financial data into unsanctioned cloud apps could result in hefty fines.
Corporate cloud storage solutions such as Google Drive, Egnyte, Dropbox, Box or Microsoft OneDrive can act as a master repository for company data and can help solve the problem of employees using potentially unsafe apps to store corporate data and share data with colleagues.
- Standardise on a single storage app (or at least reduce the number in use)
Once an M&A deal is concluded, companies should try to harmonise on the same cloud storage provider. This may require an amount of compromise, but even so the benefits far outweigh the costs.
The company should choose a single solution based on employees’ views and organisational requirements, then coach employees on the selected app to ensure 100% up-take and ongoing use.
Of the 37 cloud storage apps in the average enterprise,just over one third are enterprise-ready. This figure is based on Netskope’s Cloud Confidence Index, a set of objective criteria adapted from the Cloud Security Alliance checklist of security, auditability, and business continuity measures.
- Monitor cloud storage app usage
As well as working out which apps are in use by employees,organisations should also monitor activity within these apps – uploads, downloads, shares, etc – to develop a view of the risks posed. This means deploying a platform across both parties to the deal in order to monitor data in transit to and from corporate apps, as well as keeping a watchful eye on activity in and around unsanctioned apps.
It’s also important to monitor for any risky or unusual activity, which means building a picture of what “normal” looks like – because unless you know that, it’s next to impossible to spot anomalous activity.
Watch out for app access from employees who have had credentials compromised in a data breach:do you know that the person accessing the cloud storage app is really your employee? Could it be a hacker using credentials stolen in a data breach of another system?
- Secure the ecosystem
The ecosystem of apps around corporate cloud storage apps should also be controlled.Ecosystem apps are those which sit around other master apps to enable greater functionality, such as secure document signing apps which might join onto a customer relationship management (CRM) system, or project management tools or data visualisation portals.
There are tens of necessary apps in any organisation’s cloud which help the business run more smoothly, and again after a deal this number is likely to swell – doubling the surface for potential attacks or breaches.
To make matters worse, some of these apps likely lack enterprise-grade security. If apps haven’t been provisioned by IT, then managing them or enforcing policy to control their use becomes more difficult. Close collaboration between IT teams is required here because one firm’s IT team won’t automatically know which of the other party’s cloud apps are sanctioned by IT, and which have been brought into the business without IT’s permission.
5) Think of your users as clients or partners
Like it or not, most employees don’t have much interest in security. So if IT can take responsibility away from users, employees can work however they want without risk. Enabling this culture means allowing the business to operate freely, but ensuring that the IT department leads on any security decisions. It’s difficult to create a culture in a newly-created business quickly after a deal, but explaining the importance of good security practices to all users will be a key step.
In reality, taking the responsibility away from users means that once the businesses have aligned on their chosen cloud storage app, IT would then set and enforce granular policies to ensure it’s used securely. One example would be blocking the upload of files which contain certain types of data, such as customer names and addresses. This empowers employees to use their own work styles without putting data at risk. However, watch out for conflicting policies in the two parties to an acquisition as any such conflicts will need to be resolved to create a harmonised set of rules across the new entity.
With so much regulation already putting intense pressure and scrutiny on highly-regulated industries like financial services, the task of consolidating two companies’ cloud storage stances after M&A activity may seem daunting. But with the European General Data Protection Regulation set to become law in 2017, a merger can be a good opportunity for enterprises to get ahead of the game and get a firm grip on their data storage.
In all the uncertainty swirling around the maelstrom that is a newly-closed deal, one thing is certain: IT teams are going to be very busy indeed. But ensuring cloud storage app use is safely enabled now is an investment in the future, and will be a major step towards avoiding loss of reputation and penalties further down the line.
How to Build an AI Strategy that Works
By Michael Chalmers, MD EMEA at Contino
Six steps to boosting digital transformation through AI
In the age of artificial intelligence, the way we interact with brands and go about our work and daily lives has changed. No longer blithe buzzwords, AI tools and algorithms are solving real business problems, streamlining operations, boosting productivity, improving customer experience, and creating opportunities for advantage in a competitive marketplace.
However, many businesses struggle to unlock the full benefits that come with its adoption across the whole organisation. Making the most of AI requires a strategic focus, alignment with the specific operating model of the business, and a plan to implement it in a way that delivers real value.
Not all AI strategies are equal. To be successful, businesses need to set out how the technology will achieve objectives and identify the specific assets and case uses that will set them apart from competitors. The process of creating and delivering a successful AI strategy includes the following six essential elements that will help to bake in business success.
- Start with your vision and objective
One slip-up companies often make when developing an AI strategy is a failure to match the vision to the execution. Almost inevitably, this results in disjointed and complicated AI programmes that can take years to consolidate. Choosing an AI solution based on defined business objectives established at the start of a project reduces the risk of delay and failure.
As with any project or initiative, it’s crucial to align your corporate strategy with measurable goals and objectives to guide your AI deployment. Once a strategy is set and proven, its much quicker and easier to roll it out across divisions and product teams, maximising its benefits.
- Build a multi-disciplinary team
AI is not an island. Multi-disciplinary teams are best placed to assess how the AI strategy can optimally serve their individual needs. Insights and inputs from web design, R&D and engineering will together ensure your plan hits objectives for key internal stakeholders.
It’s also important to recognise that with the best will and effort, the strategy might not be the perfect one first time around. Being prepared to iterate and flex the approach is a significant success factor. By fostering a culture of experimentation, your team will locate the right AI assets to form your unique competitive edge.
- Be selective about the problems you fix first
Selecting ‘lighthouse’ projects based on their overall goals and importance, size, likely duration, and data quality allow you to demonstrate the tangible benefits in a relatively short space of time. Not all problems can be fixed by AI, of course. But by identifying and addressing issues quickly and effectively, you can create beacons of AI capability that inspire others across the organisation.
Lighthouse projects should aim to be delivered in under eight weeks, instead of eight months. They will provide an immediate and tangible benefit for the business and your customers to be replicated elsewhere. These small wins sow the seeds of transformation that swell from the ground up, empowering small teams to grow in competency, autonomy and relatedness.
- Put the customer first, and measure accordingly
Customer-centricity is one of the most popular topics among today’s business leaders. Traditionally, businesses were much more product-centric than customer-centric. Somebody built products and then customers were found. Now, the customer is, and should be, at the heart of everything businesses do.
By taking a customer-centric approach, you will find that business drivers determine many technology decisions. When creating your AI strategy, create customer centric KPIs that align with the overall corporate objectives and continually measure product execution backwards through the value chain.
- Share skills and expertise at scale through an ‘AI community of practice’
The journey to business-wide AI adoption is iterative and continuous. Upon successful completion of a product, the team should evolve into what’s known as an ‘AI community of practice’, which will foster AI innovation and upskill future AI teams.
In the world of rapid AI product iterations, best practices and automation are more relevant than ever. Data science is about repeatable experimentation and measured results. Suppose your AI processes can’t be repeated, and production is being done manually. In that case, data science has been reduced to a data hobby.
- Don’t fear failure: deploying AI is a continuous journey
The formula for successful enterprise-wide AI adoption is nurture the idea, plan, prove, improve and then scale. Mistakes will be made, and lessons learned. This is a completely normal – and valuable – part of the process.
Lighthouse projects need to be proven to work, processes need to be streamlined and teams need to upskill. Businesses need a culture of learning and continuous improvement with people at the centre, through shorter cycles, to drive real transformation.
An experimental culture and continuous improvement, through shorter cycles, can drive real transformation. A successful AI strategy acts as a continually evolving roadmap across the different business functions (people, processes and technology) to ensure your chosen solutions are working towards your business objectives. In short, let your business goals guide your AI transformation, not the other way around.
Iron Mountain releases 7-steps to ensure digitisation delivers long-term benefits
Iron Mountain has released practical guidance to help businesses future-proof their digital journeys. The guidance is part of new research that found that 57% of European enterprise plan to revert new digital processes back to manual solutions post-pandemic.
The research revealed that 93% of respondents have accelerated digitisation during COVID-19 and 86% believe this gives them a competitive edge. However, the majority (57%) fear these changes will be short-lived and their companies will revert to original means of access post-pandemic.
“With 80% still reliant on physical data to do their job, now is a critical time to implement more robust, digital methods of accessing physical storage,” said Stuart Bernard, VP of Digital Solutions at Iron Mountain. “Doing so can enhance efficiency and deliver ROI by unlocking new value in stored data through the use of technology to mine, review and extract insight.”
When COVID-19 hit, companies had to think fast and adapt. Digital solutions were often taken as off-the-shelf, quick fixes – rarely the most economical or effective. But they are delivering benefits – those surveyed reported productivity gains (27%), saving time (20%), enhancing data quality (13%) and cutting costs (12%).
So what now?
The Iron Mountain study includes guidance for how to turn quick-fixes into sustained, long-term solutions. The seven-steps are designed to help businesses future-proof their digital journeys and maximize value from physical storage:
1) Gather insights: The COVID-19 pandemic allowed organisations to test and learn. Companies should ensure these insights are fed into developing more robust solutions.
2) Use governance as intelligence: Information governance and compliance are fundamental to data handling. But frameworks aren’t just a set of rules, they hold valuable insights that can be turned into actionable intelligence. Explore your framework to extract learnings.
3) Understand your risk profile: A key early step is to analyse where you are most vulnerable. With data in motion and people working remotely, which records are at risk? What could be moved into the cloud? Are your vendors resilient?
4) Focus where you will achieve greatest impact: To prioritise successfully, you need to know where you will achieve the largest impact. This involves looking beyond initial set-up costs towards the holistic benefits of digitisation, including reducing time spent on manual scanning, and the risk of compliance violations.
5) Reach out and collaborate: We are all in this together. Your IT, security, compliance and facility management teams are all facing the same challenges. Ensure you collaborate across functions to develop robust, integrated solutions.
6) Find a provider who can relate to your digital journey: For companies that still rely heavily on analogue solutions, digitisation can be daunting and risky. It pays to find a vendor who has been on the same journey, understands your paper processes and can guide you through the digital world.
7) Prioritise and evolve communication and training programmes: To reap the full rewards from any digitisation initiative, thorough and continuous communication and training is critical. Encouragingly, our survey found that 81% of data handlers have received training to work digitally which is an excellent step in the right direction, but consider teams beyond data handling to truly succeed.
The research was commissioned by Iron Mountain in collaboration with Censuswide. It surveyed 1,000 data handlers among the EMEA region. It found that the departments that have digitised more due to COVID-19 include IT support (40%), customer relationship management (36%), and team resource planning (34%).
3D Secure: Why are fraudsters still slipping through the net?
By Tim Ayling, VP EMEA, buguroo
There is a constant tension between keeping online payments secure, and offering an easy and frictionless user experience. Digital transformation – especially accelerated by the global pandemic – leaves consumers expecting online services to be seamless. Customers are even liable to abandon a process altogether if they encounter a hurdle.
Financial regulation and security protocols exist to help ensure that a balance is maintained between offering customers this frictionless experience, and keeping them and their funds safe from fraud attacks.
What is 3D Secure?
3D Secure is one such protocol. This payer authentication system is designed to keep card-not-present (CNP) ecommerce payments secure against online fraud. The card issuer uses 3D Secure when a card is used to pay for something online, authenticating the customer’s identity based on personal identifiers, such as the three-digit CVV code on the back of a card, as well as the device they’re using to make the payment and their geolocation or IP address.
3D Secure is important because although transactions can be accepted or denied based on the level of risk, it’s not always as clear as ‘risky’ or ‘not risky’. A small number of transactions will have an undetermined or questionable level of risk attached to them. For example, if a legitimate customer appears to be using a new device to buy goods online, or appears to be attempting to make the transaction from an irregular location. In these instances, 3D Secure provides a step-up authentication, such as asking for a one-time password (OTP).
Getting the right balance
3D Secure is a helpful protocol for card issuers, as it allows banks to comply with Strong Customer Authentication as required by EU financial regulation PSD2 as well as increase security for transactions with a higher level of risk – thereby better filtering the genuine cardholders from fraudsters.
This means that the customers themselves are better protected against fraud, and the extra security helps preserve their trust in the bank to be able to keep their money safe. At the same time, the number of legitimate customers who have their transactions denied is minimised, improving the customer’s online experience.
So why are fraudsters still slipping through the net?
Fraudsters are used to adapting to security protocols designed to stop them, and 3D Secure is no exception. The step-up authentication that is required by 3D Secure in the instance of a questionable transaction often takes the form of an OTP, a password or secret answer known only by the bank and the customer. However, there are various ways that fraudsters have devised to steal this information.
The most common way to steal passwords is through phishing attacks, where fraudsters pretend to be legitimate brands, such as banks themselves, in order to dupe customers into giving away sensitive information. Fraudsters can even replace the pop-up windows that appear to legitimate customers in the case of stepped-up authentication with their own browser windows disguised as the bank’s. Unwitting customers then enter the password or OTP and effectively hand it straight over to the fraudsters.
Even when an OTP is sent directly to a customer’s phone, fraudsters have found a way to intercept this information. They do this through something called a ‘SIM swap scam’, where they impersonate their victim and manage to get the legitimate cardholder’s number switched onto a different SIM card that they own, thereby receiving the genuine OTP in the cardholder’s place.
This is especially an issue for card issuers when taking into account the liability shift that is attached to using 3D Secure. When a transaction is authenticated using 3D Secure, the liability moves to lie with the card issuer, not the vendor or retailer. If money leaves a customer’s account and the transaction was verified by 3D Secure, but the customer says they did not authorise the transaction, the card provider becomes liable for any refunds.
How AI and Behavioral Biometrics can be used to plug the gap
Banks need to find a way to accurately block fraudsters while allowing genuine customers to complete online payments. AI can be used alongside behavioural biometrics as an additional layer of security to cover the gaps in security through continuous authentication of the customer.
Behavioural biometrics can collect and analyse data from thousands of parameters around user behaviour such as their typing speed and dynamics, or the trajectory on which they move the mouse, throughout the entire online session. AI processes are used to dynamically compare this analysis against the user’s usual online profile to identify even the smallest of anomalies, as well as against profiles of known fraudsters and typical fraudster behaviour. AI then delivers a risk score based on this information to banks in real time, enabling them to root out and block the fraudulent transactions.
As this authentication occurs invisibly, the AI technology can recognise if the customer is who they say they are – and that it isn’t a fraudster trying to input a genuine OTP they have managed to steal through phishing or SIM swapping – without adding any additional friction.
Card issuers cannot decline all questionable transactions without losing customers, while approving them without additional checks poses security issues that can result in financial losses as well as losses in customer trust. Behavioural biometrics is a foundational technology that can work simultaneously to 3D Secure to keep customers’ online payments safe from fraud while maintaining a frictionless experience and minimising the risk of chargeback liability for banks.
Motivate Your Management Team
A management team, typically a group of people at the top level of management in an organization, is a team...
The Income Approach Vs Real Estate Valuation
The Income approach is only one of three main classifications of methodologies, commonly referred to as valuation approaches. It’s particularly...
How To Create A Leadership Philosophy
A leadership philosophy describes an individual’s values, beliefs and principles that they use to guide a business or organization. Your...
How to Build an AI Strategy that Works
By Michael Chalmers, MD EMEA at Contino Six steps to boosting digital transformation through AI In the age of artificial...
Leumi UK appoints Guy Brocklehurst to property finance team as Relationship Manager
Multi-specialist bank announces the appointment of Guy Brocklehurst to its property finance team Guy Brocklehurst has joined London-based Leumi UK...
Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society
More SMEs are satisfied (38%) than dissatisfied (13%) with their COVID-19 banking support Decline in SMEs using personal current accounts...
Tax administrations around the world were already going digital. The pandemic has only accelerated the trend.
By Emine Constantin, Global Head of Accoutning and Tax at TMF Group. Why do tax administrations choose to go digital?...
Time for financial institutions to Take Back Control of market data costs
By Yann Bloch, Vice President of Product Management at NeoXam Brexit may well be just around the corner, but it is...
An outlook on equities and bonds
By Rupert Thompson, Chief Investment Officer at Kingswood The equity market rally paused last week with global equities little changed...
Optimising tax reclaim through tech: What wealth managers need to know in trying times
By Christophe Lapaire, Head Advanced Tax Services, Swiss Stock Exchange This has been a year of trials: first, a global...