Web page isolation ensures secure access to the Internet, and in its most advanced form it is transparent to the users in terms of appearance, performance and responsiveness
Jason Steer, EMEA CTO Menlo Security explains
How to avoid phishing attacks? The first advice was to avoid responding to e-mails that looked dodgy and were full of spelling and grammatical errors. Then the e-mails became more sophisticated: they looked and read like genuine corporate announcements. So the next defense was to look at the browser’s address bar to check that the loading web page was served over a valid HTTPS site. Now we have Punycode phishing attacks that create fraudulent addresses that appear almost identical to trustworthy ones.
The problem is that computers can process non-Latin alphabets using a huge library of Unicode characters, and some of the different characters look almost identical. For example the Unicode characters U+0430 and U+0061 both look like a small “a” in a Chrome, Firefox of Opera browser address bar. So even an innocent looking address like “apple.com” might take you to a fraudulent page.
Can we protect critical business?
With serious and wide-ranging vulnerabilities such as Punycode and ApacheStruts being announced within the past two months, fears are being raised about the extent to which businesses of all kinds now rely on the use of Internet.
Could the financial sector continue to operate without regular Internet access? Whether it is a quick Google search, keeping up to date with news or financial data, downloading a research paper or checking messages – the web browser is among the most vital applications in any business today. And yet browsers are highly vulnerable. The simple act of loading a malicious web page can compromise a computer or endpoint device so that malware can steal private data, or force an entry point into an organisation’s entire network. In 2015 alone (NIST) over seven hundred new browser vulnerabilities were reported, and Google’s recent report claims that website hacks rose a further
30% between 2015 and 2016 – boosted by the rise of cyber-crime and an ever-increasing range of browser features that attackers can exploit.
So what can you do if your business is utterly depended on Internet content, and the work is so sensitive that you dare not risk any form of attack, data leak, or compromise? A simple solution would be to make sure that all the data, websites or documents needed are printed out and distributed purely in hard copy format. That way critical staff get full and utterly safe access to the Internet content, without any of the dangerous “active content” that lurks beneath those harmless-looking pages. What is lost, is immediate responsiveness, and business agility so necessary today.
A “greener” and more nimble solution could be to save paper by not physically printing but scanning the image of the required pages and securely transmitting a facsimile of those the pages to the desktop. If that facsimile could also mimic active links to allow the reader to navigate the pages but without any of the risky stuff going on underneath, this would offer a real, workable solution.
This approach is called “browser isolation”, because it logically & securely separates the real browser getting the content from the end user’s browser permitting only a “clean” version to reach their browser. But can it be made to work well enough to deliver a good response to the user while maintaining high security and preserving the user experience?
The nature of the risk
These vulnerabilities are well known, and today’s browsers & operating systems do include built-in defenses against such straightforward browser exploits. But this does not stop more determined attackers from bypassing these defenses with sophisticated, multi-stage attacks. For every layer of built-in defense, there will be someone looking for ways to work around these barriers, and the damage will be done before a new patch can be developed and installed.
Browser isolation takes the radical step of assuming that any page – however innocent it seems or however reputable its source – may become infected. So we should never trust the native web page, but only work with its sterile reproduction. This is an emerging technology that is making rapid strides and is fast catching on with banking and financial organisations, as well as government, military, healthcare and other critical operations.
Its success depends on being able to offer the user as good an experience as an ordinary Internet browser. If it fell short by being slow, lower definition or relatively unresponsive, then productivity would suffer and users would simply risk using the original version. Any change in the appearance or behavior that forced users to change the way they work would be counter-productive: they expect everyday operations such as copy-paste and printing to work just as normal.
Equally customers want no extra software, hardware or endpoints to manage
– preferring their existing desktop browser to surf the web. A clientless cloud solution means that it can be easily and quickly rolled out across the organisation, including personal devices, kept constantly up-to-date and centrally managed without adding to the IT burden.
A progressive approach
How can the above conditions be achieved? We began with the obvious suggestion of either printing the pages or scanning and reproducing them as an image. This inspired an initial approach, called “pixel mirroring”, that treats the page as an array of pixels to be reproduced at the endpoint. The result is a one-size-fits-all approach that makes no allowance for the actual content – whether text, image or video – whereas the hidden active content is specifically designed to improve the user experience by adapting the rendering to suit the content. So pixel mirroring tends to slow down page loading, reduce responsiveness and elaborate common operations such as printing and copy-paste.
Some pixel mirroring solutions try to get round these problems by using specialized browsers, plugins and additional software at the end point. This can work for certain business environments, but it means losing the management advantages of a clientless solution.
A better approach must take into account the actual content type and the dynamic manner it is represented in the browser – ie the “Document Object Model” (DOM). “DOM Mirroring” means that the isolated browser actively monitors the currently loaded page tab for changes, translates those changes into DOM commands (without the underlying active content) and sends those commands to the end user’s device, so the safe page automatically updates in sync with the original. So, for example, instead of sending a Flash video to the end point, the same movie will be sent as crisp, suitable quality HTML5, while non-active safe elements are simply transmitted as they are. All the natively available fonts and images can be safely transmitted to the end-user‘s browser whilst being sanitized to prevent font & image exploits to be used. The whole page looks, feels and behaves just as it should but its now safe.
But is it secure?
The simplicity of handing out printed pages lay in the fact that hard copy has no underlying technology or hidden software that some very clever hacker might find a way to manipulate. How can we be sure that the DOM Mirrored web page cannot itself become infected? In a sophisticated DOM Mirroring solution there are several layers of defense against this.
Firstly the link between the isolated browser and the endpoint safe page must be secure, and this is protected with high-grade encryption and served by a secure web proxy. Secondly “active content blocking and transcoding” makes sure that all DOM elements are checked against a white list in both the isolated browser and the safe page so that, for example, no on-click attributes or script elements are allowed. At the same time the strictest Content Security
Policy reinforces the ban on active content in the safe page. Thirdly “protocol checking and enforcement” places strict limits on the format of all DOM updates so that no channel is left open for probing for vulnerabilities or leaking data.
Finally there is the risk that the isolated browser might become deliberately infected in some manner that would allow it to generate or pass on a malware attack to the safe page. Because this is theoretically possible, the best DOM mirroring solution will constantly rebuild its isolated browsers and destroy old ones. As one user put it: “like being given a brand new laptop every time you go to a new website”.
A vision or a reality?
The idea behind browser isolation is as clear to most people as the idea of only working from printed paper. What they find hard to believe is that it could be possible to mirror the browsing experience securely in real time without affecting the user experience – surely there must be a performance penalty?
The only sure answer is to try it and see for oneself, and the response has been uniformly positive – notably in the highly critical and time conscious financial sector. The latest DOM mirroring isolation platform was itself developed in collaboration with JPMorgan Chase & o, so that its features and capabilities were from the start developed with financial services in mind. According to their Chief Information Security Officer, Rohan Amin, the platform was deployed “with zero impact to users, providing a seamless user experience for our employees”
In just two years the same DOM mirroring isolation technology has been successfully adopted by organisations in other critical sectors, including government, technology, healthcare, oil and gas, and it is already supported by teams in the United States, UK, Germany, Japan, Singapore and Australia to meet the growing demand.
The common factor among all the early adopters has been the need for constant Internet access, combined with serious concern about the attendant risks. They find that a cloud-based isolation service is easily and quickly deployed, without any disruption of normal working patterns. The user response has been overwhelmingly positive, and the reduction in risk is boosting both morale and productivity.
Punycode phishing could even fool a trained typographer – but DOM mirroring would automatically remove its sting.
Jason Steer Solutions Architect – EMEA
Jason is an engineer at heart and has built and broken computer and networks since 1996. Jason has worked at a number of successful technology companies over the past 15 years, including IronPort, Veracode & FireEye. Jason has worked as a cyber-expert with CNN, Al Jazeera & BBC and has worked with the EU and UK Government on Cyber Security Strategy. Jason has spoken at numerous industry events such as ENISE. You can follow Jason @verylongbloke on Twitter.
Voice Quality Matters: Quarter of Employees Working From Home Still Experiencing Regular Connectivity Issues
-Survey of 1007 SMEs in the UK by Spitfire Network Services Ltd reveals pain points for employees working from home-
-27% experience frequent or occasional connectivity disruptions despite working remotely since March-
-Only 4% of employees working from home have a dedicated Internet connection for work-related purposes-
Spitfire Network Services Ltd, a provider of telecoms and IP engineering solutions to UK businesses, today revealed data that showed more than a quarter of employees experience regular issues with connectivity whilst working from home. The ‘Voice Quality Matters’ survey found that 27% of employees faced connectivity challenges such as drop-outs or lags during the course of their working day, causing frequent disruption and impacting on productivity. With the majority of voice (video) communications hosted via the Internet, the importance of ensuring your voice can be heard has never mattered more.
The survey revealed that only 4% of employees working from home had their own dedicated internet connection for work purposes. Instead, employees are relying on their home broadband for connectivity. When asked, 57% of employees revealed that they had between 3-10 devices connected to their home broadband at any one time.
Employees were also asked about the time of the day that most of the issues occurred, 4pm-6pm was revealed to be the problem hours. With kids returning from school and using personal devices, the strain on the network resulted in connectivity problems arising.
Dominic Norton, Sales Director, Spitfire Network Services Ltd, commented on the findings: “We were unsurprised to discover that more than one in four employees are facing connectivity challenges whilst they work from home. When you consider that remote working can no longer be classed as the supposed ‘new normal’ with this shift happening over 9-months ago, it shows that businesses have been slow to act. Connectivity is critical for employees to mirror the experience of the office from home – critical for delivering a service to customers and ensuring their workforce is as productive as possible. My message to businesses would be to act now and really consider the damage that may be being caused to both productivity and reputation.”
In total, 1007 respondents were surveyed throughout November 2020 as part of the Voice Quality Matters survey conducted by Spitfire Network Services Ltd.
For more information about Spitfire Network Services Ltd, visit www.spitfire.co.uk.
To find out how we can support your customers to ensure they stay connected, please contact [email protected].
How can we benefit from mandated e-invoicing?
By Mark Stephens, the CEO of Blackstar Capital
Electronic invoicing is at a tipping point. On the one hand, only a small minority of invoices that are sent globally are e-invoices. It is estimated that 75% of the world invoices are still transacted on paper, and those that rely on email instead experience similar inefficiencies. On the other, a recent trend of B2G mandates from governments around the world could potentially serve as a catalyst for a new wave of public and private sector e-invoicing adoption.
In India, for example, the Central Board of Indirect Taxes and Customs has regulated that e-invoicing will be mandatorily adopted by all companies with a turnover exceeding INR 500 crore. The decision follows many countries in Latin America, most notably Brazil and Mexico, where electronic invoices have been mandated as the only acceptable standard for all significant public and private commercial transactions.
In Latin America, these systems are largely being used as a tool to improve the government’s fiscal control and recapture lost tax revenue from economies with high rates of cash transactions. Brazil, Chile and Mexico have all adopted a ‘clearance model,’ where before invoices are sent, they are cleared by a government portal. Documents are therefore tax-compliant in real-time, reducing delays and fines, while significantly reducing tax leakage. India’s model is broadly similar to this, and the EU is also looking towards adopting something similar to the clearance model.
In 2019, all VAT-registered businesses in Italy started issuing invoices electronically using the country’s online exchange system. The decision in Italy, like many others, was again driven by tax efficiency. While these mandated government decisions can help achieve this, experts say the benefits of e-invoicing actually go well beyond this and it is time the arguments for mandating e-invoicing include the benefits for small, medium and global businesses too. The EU has been clear: mandated e-invoicing has the potential to not only save government processing costs, but also provide the stimulus for private sector adoption that can drive the environmental, cost, and efficiency benefits.
For businesses, the potential benefits are huge. Companies on average able to save between 50-70% of processing costs and 65% of invoice processing time. E-invoicing reduces errors, fraud and human intervention. A Wax Digital study found about 25% of time handling paper invoices is spent on resolving problems related to data entry and processing. As there are roughly 16 billion B2B invoices processed each year in Europe alone, Deutsche Bank projected that full adoption could lead to an annual saving of at least €260 billion. Organisations already using e-invoicing have been motivated to do so because of this huge cost efficiency aspect.
In the most recent Spring Statement, the Chancellor of the Exchequer described late payments as a ‘scourge’ and according to Siemens Financial Services, SMEs in the UK are missing out on over £250bn of working capital cash flow due to late payments. Xero found that businesses which use online tools get paid 33% faster than those which use paper invoices. Faster approval cycles result in better cash flow, which can be passed down the supply chain in cost and time savings. Finally, a mandated move from paper to paperless could have a huge impact on the global carbon footprint.
In addition to the impact that the reduction of late payments can have on the working capital of businesses globally, e-invoicing can provide a more efficient avenue for the funding of invoices. Invoice financing is not new, but the level of transparency and depth of data accessible via modern e-invoicing platforms enable direct access for financiers to provide faster, efficient, de-risked, and innovative funding solutions in relation to the financing of such invoices. There is a growing belief that this will have a fundamental, evolutionary impact on the invoice financing space.
Public sector mandated e-invoicing therefore can be expected to drive private sector e-invoicing adoption and provide the gateway for the digitisation of many business processes. The blueprint for adoption was Denmark’s pioneering 2005 legislation that allowed vendors to submit invoices online, free of charge, using a SaaS service. The Danish were focused on the economic benefits of e-invoicing and decided the best way to influence behaviour would be to keep the barriers to entry as low as possible. By offering a free and open service, Denmark was able to voluntarily achieve the long-term commercial adoption of B2B e-invoicing in the private sector after mandating public sector B2G e-invoicing.
Now with the challenges of Covid-19, global governments will be more focused than ever on cost efficiencies and the need to guarantee tax revenues. Mandating e-invoicing, however, can also have huge knock-on benefits for the wider B2B business market. With a higher adoption rate across the private sector, mandating e-invoicing will provide huge cost and efficiency savings for businesses at a time when public and private finances are under significant pressure.
How fintech companies can facilitate continued growth
By Jackson Lee, VP Corporate Development from Colt Data Centre Services
The fintech industry is rapidly growing and, in the first half of 2020, fintechs have secured more than $25 billion in investment globally, despite the huge uncertainty caused by COVID-19. As fintechs and their customer base expand, it is important to recognise that the success of these companies is predicated on the ability to use data effectively in providing a personalised experience to their customers.
To ensure these companies do not become victim of their own success, they must ensure they have the ability to scale up their operations and data storage as quickly and cost-efficiently as possible, especially in these challenging times.
So what must fintech companies do if they are to facilitate this growth without bursting at the seams?
Big fish in a small pond
Fintech companies are growing exponentially, and for many, even the current uncertainty around the pandemic has not decelerated the pace of their growth. However, having started small – with only having access to limited tools at the beginning of their journey, many fintech companies can’t keep up with their own rapid growth. When it comes to data infrastructures, they are facing a real risk of becoming a big fish in a small pond.
In order to achieve widespread innovation, and to keep their advantage over traditional financial institutions, fintech companies need the necessary playground space to experiment in.
When the pandemic and its consequent disruptions started to take hold, most businesses weren’t prepared for the types of challenges that they would have to face. Although the suggestion of investing in data infrastructure might seem counter intuitive at the moment, a lifeline for fintech companies going forward will be flexibility and the ability to scale.
As the uncertainty around the pandemic continues, fintech companies, like other industries are finding it difficult to commit to long-term business plans. Despite their continued growth, fintech companies continue to be cautious to invest in expanding their operations during an unpredictable economic climate, especially when they are doing well enough as it is.
Even before the pandemic, fintech companies exhibited slower rates of the adoption of digitalisation and advanced IT infrastructures than other industries. It’s clear the future is digital and for fintechs to effectively compete in today’s volatile market, they need to be proactive and invest in the value of data and digital transformation.
One area that fintech companies must be proactive in is their IT infrastructure, especially their data storage and connectivity, in order to allow them to act faster than big, established competitors.
Due to the continuous growth of fintech companies, with no sign for it to slow down, these companies will have to continually scale their operations up to manage increased demand. Ordinarily, this would have very high costs as they would have to continually alter their IT infrastructure and solutions.
When it comes to flexibility, data is a crucial aspect for fintechs. In today’s world, companies store masses of data, and its amount is growing fast. This makes the storing of the data a juggling act, and the costs keep growing with it. In periods of economic uncertainty, such as the one we are experiencing now, this constant increase in data can quickly turn into a challenge. Therefore, fintechs must ensure that scalability is at the heart of everything they do. When it comes to scalability, however, the key factor is not just growth or the ability to scale up. A vital, but often overlooked opportunity in scalability lies in scaling down, when needed. For fintechs aiming at this level of scalability, hyperscale is the only way forward.
The answer is hyperscale
Hyperscale data centres provide businesses with a one-stop shop for all their data and capacity requirements. These centres, which are built in a campus-style design, allow companies to build out further data centres quickly within the same location, or if needed, downsize. In an environment of ever-fluctuating demand, hyperscale enables scalability of data and storage swiftly. This presents many benefits. The sheer size of these facilities allows for large-scale cloud adoption, which is more streamlined, flexible and cost-effective than ever before. This will help fintechs to get a better handle on their data and reduce costs as much as possible.
With this level of scalability, companies can operate like an elastic band, expanding or retracting when necessary and at a moment’s notice. For example, imagine this year’s Christmas. With the uncertainty of the pandemic and constantly changing restrictions, people’s online activity will be even higher than in previous years. Fintechs will have to scale up their operations to cope with the high demand of online services. Meanwhile, when demand goes down in January, it might be beneficial to scale down and reduce costs until demand increases again.
Hyperscale will also help fintech companies to future-proof their operations, which has become a key consideration as the economy looks to recover from the pandemic. By having the level of flexibility that hyperscale provides, businesses will always have the ability to lean or expand. Being able to adjust quickly within the hyperscale environment, with no added costs, makes fintechs more resilient and flexible to disruptions.
While cutting costs will continue to be a priority in today’s business environment, it is important that fintech companies look beyond this and focus on innovation and technology. The issues that the pandemic unearthed already existed and needed to be addressed by businesses. Therefore, they need to take the current situation as an opportunity to reconsider and improve their business models. Flexibility, scalability and cost efficiency must be top priorities in this new era. Hyperscale can provide this trinity of success.
Holding Cloud To Account, How Cloud Adds Up In Financial Services
By Dom Poloniecki, General Manager, Western Europe and Sub-Saharan Africa at Nutanix Cloud computing and the deployment of increasingly cloud-native...
What’s in store for Financial Services in 2021?
By Miroslava Betinova, Head of Strategic Sales at PPS If there is anything that 2020 taught us, it is the...
Iron Mountain 2021 Outlook
By Stuart Bernard, VP of Digital Solutions at Iron Mountain The Covid-19 pandemic is continuing to rewrite the rules governing...
Capital Markets: The Last Frontier for Digital Transformation in Financial Services
By Dr. Avtar Singh Sehra, CEO, Nivaura The last decade has seen financial services undergo vast digital transformation. New technologies...
Worldline launches Data as a Service platform for online payments
The new service enables users to do more with their data and is paving the way for a more insightful...
Jack Henry shares six areas of focus for financial institutions in 2021
Reflecting back on 2020, the community banking and credit union industries should be proud of how this unprecedented pandemic and...
Voice Quality Matters: Quarter of Employees Working From Home Still Experiencing Regular Connectivity Issues
-Survey of 1007 SMEs in the UK by Spitfire Network Services Ltd reveals pain points for employees working from home-...
Employee Ownership Trusts increasing in popularity amid a backdrop of continuing uncertainty
With 2020 behind us, the impacts of the COVID-19 Pandemic and Brexit are still being felt throughout the economy, and...
Open Banking: the perfect pandemic tool – Equifax comments
With COVID-19 related financial fallout set to dominate the credit landscape in 2021, Dan Weaver, Open Banking Expert at Equifax...
How can we benefit from mandated e-invoicing?
By Mark Stephens, the CEO of Blackstar Capital Electronic invoicing is at a tipping point. On the one hand, only...