As we move further into the information age, data is increasingly recognised as a precious asset requiring layers of protection and increasingly bound by legislation. Patents, copyright, intellectual property legislation and growing issues around “sensitive data” mean that the transmission of such data could become as risky as the smuggling of gold or diamonds. “How can cloud computing thrive in such an environment?” asks James Walker, President CloudEthernet Forum.
In October 2012 a House Intelligence Committee report raised allegations that telecommunications equipment from Shenzhen-based Huawei Technologies Co. might enable China to spy on the US and even disrupt power grids, financial networks or other critical infrastructure. As a result of this effective blacklisting Huawei lost important business from a key market. Since then it has been revealed that the National Security Agency (NSA) persuaded some US technology companies to build “backdoors” into security products, networks and devices to allow easier surveillance by the NSA – raising fears that US technology sales could suffer a similar loss of business from overseas markets.
China Daily retaliated by describing US companies, including Cisco, as a “terrible security threat” and some overseas governments began expressing the same doubts about U.S. technology as were expressed about Huawei. According to the Wall Street Journal, India may ban e-mail services from Google and Yahoo, Germany is calling for the use of its own national Internet and e-mail services and Brazil is questioning whether overseas companies could be violating its privacy laws. In November Cisco was already reporting delays to networking equipment orders and Forrester Research has suggested that the disclosures could reduce U.S. technology sales overseas by as much as $180 billion, or 25% of IT services, by 2016.
Cloud services in particular could take a hammering from the NSA’s tarnishing of the reputation of the very national business it claims to be defending. German confidence in the cloud has suffered according to a PricewaterhouseCoopers survey suggesting that 22% of German companies now rate the risk of using cloud services as “very high” – before the NSA leaks the figure was 6%– while 54% rate the risk as high or very high.
Thirty-eight percent said they were now looking at email encryption and 25 percent at encryption of mobile communications while 15 percent want to switch to European tech providers that won’t cooperate with American or British intelligence services.
A report by the Information Technology and Innovation Foundation suggests that US cloud service providers could lose up to $35 billion a year if overseas customers start avoiding them. Other opinions have suggested that these predictions are exaggerated, that business is less in awe of the damage that can be caused by blundering spooks and more concerned about the risk from cyber criminals and competitors.
Caveat vector – let the carrier beware
Whether these economic forecasts come true may not be the real issue, so much as the growing awareness that the data super highway is fostering a whole new and diverse population of “highwaymen”. The difference is this: when it was gold and jewels in transit, you knew you had been robbed when the precious cargo went missing; but data can be leaked with no apparent loss. This makes it doubly important to choose the safest routes, and the safest harbours, for critical or sensitive data.
Indeed, some companies have reacted to the above concerns and are already asking for written assurance that their data be stored outside the US. These include a Canadian pharmaceutical company, a government agency and a UK grocery chain according to Rook Consulting, an Indiana-based security-consulting firm responsible for managing the segmentation to keep the data out of the US.
More generally there is concern about the non-deterministic nature of Internet and Ethernet traffic and the resulting risk of using public, or even certain private, cloud services. If the data you are processing in the cloud happens to be diverted via another country with different standards of privacy legislation then nobody need be the wiser – unless it turns out that some of that data has been “leaked” to a foreign intelligence service or criminal gang and your customers, or their government, make a claim against you for not protecting the privacy of their data.
This problem is not new, what is new is the scale and scope of the problem. If a single large carrier, such as my own company, Tata Communications, is carrying all your data, then it will most likely have mechanisms across its network to define Classes of Service (CoS) for different classes of data and so be able to enforce suitable levels of protection and privacy, and that includes restricting traffic to specific routes across the network. Note that these requirements can be quite complex: for example the customer who expresses a strong preference for the way data is routed under normal operating conditions, but recognises that, when the going gets tough, it is more important to ensure certain data’s arrival than the how it gets there, while other ‘sensitive’ data would be better lost than take a dangerous route.
But what would be much more problematic would be to extend this level of control across two or more service provider networks. We do not yet have common global standards for end-to-end privacy and security and certainly not in such detail. Whether the networks are linked to extend coverage, or run in parallel to provide redundancy, the providers who are probably using different technologies do not yet have common standards to ensure consistent protection.
Is SDN the answer?
SDN could play an important role in resolving these issues. SDN provides a distinct control layer and a central controller that would enable packets containing different types of data to be forwarded according to specific rules – such as not crossing international boundaries, or being restricted to preferred routes unless specific situations arise.
This looks like the complete answer, until you dig a bit deeper. Firstly it would add a massive computational burden to the control system. Once we start routing traffic according to the content of each packet in the already dynamic SDN network environment, then we are taking the technology way beyond anything currently possible. Then consider what happens when you route data between providers: Tata would not want its SDN to be subject to a Verizon controller, nor vice versa, so we would need a very complex handshake agreement between the two networks to maintain consistent service.
A global solution has to allow for any number of possibilities. One customer working with a single provider might be able to thrash out a set of standard agreements covering an agreed set of classes, such as “Company Confidential”, “Embargoed until X”, “Customer Confidential” etc, and whether these types of data can be accessible to specified national and foreign government agencies – but defining universal standards to allow for such detailed policy-based networking becomes a massive undertaking.
If the entire world becomes connected by a single WAN subject to a single global controller, then a super-powerful SDN could provide the solution. But that would probably require a single world government to make it possible – and that would mean that all these problems of diverse legislation and juridical anomalies would have already been resolved!
The role of CEF
The CloudEthernet Forum (CEF) does not have a solution, but it is rapidly gaining a clearer understanding of the problems’ magnitude, their evolution, and the need for a solution.
Datacenters used to use a range of technologies for different application-specific networks: eg Fibre Channel for storage services, InfiniBand for high-performance computing, and Ethernet for basic LAN applications. Today, however, higher speed Ethernet is taking over as the unifying technology in the datacentre and Carrier Ethernet is extending it across the WAN.
So it is appropriate to ask what new Ethernet developments and standards could best support the rapidly evolving needs of cloud computing – just as Carrier Ethernet was evolved to meet the needs of the WAN. The CEF has already identified five fundamental areas of concern – Virtualization, Automation, Security, Programmability, and Analytics – and published a White Paper outlining these areas while working groups are being formed to address specific issues.
As suggested above, individual providers can get together with their customers to thrash out working solutions to the problems we have discussed, but this will do little to solve the global problem of ensuring suitable protection for different classes of data across diverse networks and jurisdictions. As in the case of Carrier Ethernet, it requires a concerted effort from many different cloud stakeholders and not just the providers.
How does this impact your business?
In the past this problem was confined to specific areas such as healthcare, with private individuals’ medical data, or banking, with sensitive financial data. But it is becoming increasingly relevant to any large business.
For example, until recently Amazon cloud customers were required to sign up for a particular geographic area, and if you wanted support for a second region you had to sign up separately and be responsible for the connectivity between the two. They are now offering a service whereby you sign up for a single cluster and, should it fail, they will pass you over to another cluster via Amazon’s own network. But does the customer know where Amazon will be routing the traffic, and how might it impact legal agreements covering the data? The customer will now want to communicate not just with Amazon’s servers but also with Amazon’s network to make sure that all those different classes of data sensitivity are recognised during the transition.
Then there is the spread of legislation to contend with. Banks, for example, are now required by government to collect and keep certain types of data to assist them with tracking money-laundering operations. If that data gets lost, or into the wrong hands, the bank would face stiff penalties or itself come under suspicion.
What is needed is a set of common standards so that any organisation can classify its data according to value, criticality, personal or juridical sensitivity, whether it is also time sensitive and so on. Then carriers will be able to customise services appropriate to every need, as well as creating standard packages such as “Healthcare Standard A”, “Personal Data Gold” or whatever.
Achieving this requires a lot of work, but it also requires initial input from everyone whose business could be affected. In this article I have given a broad outline of issues that could touch every aspect of business – how will they impact your own operations? Do you foresee specific problems that I have not touched on? Is this so important to your company’s future that you would want to help shape future cloud services to make sure its needs are accommodated?
If so, you should join the CEF and make your voice heard. It is still early days, and those who are signing up are already helping to shape decisions and lay the foundation for future cloud services that will meet every business need as well as future legislation. To find out more about the CEF, please visit www.CloudEthernet.org
Using payments to streamline everyday transport
By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail
Once upon a time the only way to get from A to B on public transport was with cash – and likely a pre-paid ticket bought from a physical office. Nowadays, thanks to technological developments, options range from contactless and mobile payments, to in-app tickets and more. As payment methods advance, consumers and merchants are naturally moving towards Mobility as a Service (MaaS) systems, integrating various forms of transport services into a single mobility service, accessible on demand.
This move towards MaaS does not only streamline the consumer experience, it has other positive impacts too. Incentivising public transport use reduces environmental pollution, improves mental wellbeing by reducing travel-related stress, and aids productivity by freeing up time otherwise spent driving. With this in mind, let’s take a look at the current trends affecting the transport sector, as well as how payments can optimise transportation for both operators and consumers alike.
Optimising transport with payments
The payment process is integral to any service. A payment service provider (PSP) can provide a range of key benefits to operators by proving a gateway to the transportation open payment ecosystem, and ensuring they meet objectives in 3 key areas.
- Environmentally, by reducing the use of personal cars and alleviating pollution and congestion.
- Societally, making urban mobility more inclusive in terms of improving access to all areas and for all socioeconomic classes.
- Economically, by optimising investment in eco-structure and fostering financial transactions, therefore improving the wealth of the city.
Payments professionals’ expertise and technological solutions can make payments easy again for transport operators. They can provide a range of options so that the customer can choose which one is right for them, leveraging the capabilities of the mobility services’ infrastructure (contactless, mobile wallets, P2P, closed-loop, QR code, and blockchain).
Furthermore, they can help promote inclusion and sustainable urban development. For example, methods such as prepaid virtual cards, or mobility accounts linked to a prepaid account can reduce the risks of excluding the unbanked. The environmental impact per kilometre can also be reduced, along with the use of vehicles with lower emissions per person per kilometre.
Finally, PSPs can put merchants’ minds at ease, providing payment liability, allowing aggregation of all due amounts from all mobility service providers, and collecting payments in one single transaction from users while dispatching revenue between mobility service providers.
COVID-19’s disruption to the travel industry cannot be overlooked. In fact, research suggests that public transit ridership is down 70% across the globe since the onset of the virus, longer distance travel has seen reductions of up to 90%, and payment by cash has seen a 60% drop.
Being realistic, these behavioural shifts are unlikely to revert anytime soon, so it’s important for merchants to keep this in mind when thinking about payment methods. More than 70% of consumers and travellers say they are likely to avoid the use of cash over the next six months. As a result, more than 40 countries have already raised their contactless payment threshold, further helping consumers to avoid contact with frequently touched pin pads.
However, the pandemic has only accelerated the way things were heading already and highlighted the benefits. Within the context of the pandemic, transportation needs to reinvent itself and adapt its processes to suit the shift in commuter habits that we’ve already seen and will continue to see in the future.
Other trends to keep an eye on
Contactless has been steadily growing on the transport scene, as have mobile payments and in-app purchases. In fact, the recent move to mobile and online ticketing is the most promising method so far, having seen significant growth in the last few years and having been accelerated by COVID-19 as discussed above. Once consumers move to these easy, convenient, and seamless methods, it’s rare that they revert – so it’s a good idea for operators to think how they can cater to these preferences.
Speed and convenience are a must for busy travellers – but not at the expense of data security. Finding the right payments partner is therefore crucial so operators can safeguard their customers’ personal data, while also keeping on top of other security regulations/features such as P2P encryption, PCI certification, and tokenisation.
Next steps for operators
Public transport is essential for many peoples’ everyday lives – COVID-19 or no COVID-19. As such, mobility service providers can make a great difference to their service and operations by implementing the right solutions.
Grey skies ahead – Malta prepares for a gloomy 2021 if they can’t tackle financial crime
By Dhanum Nursigadoo, ComplyAdvantage
With the summer drawing to a close, many countries who rely significantly on warm weather tourism will be assessing the impact of Covid-19. Being a small island in the middle of the Mediterranean you would expect Malta to be taking a significant economical hit – just like we are seeing in other popular European holiday destinations – but this doesn’t take into account the strength of the Maltese economy.
Emerging from the eurozone crisis with one of the most dynamic economies strategically positioned between three continents, Malta has had one of the lowest unemployment rates in the EU and has recently seen its GDP growth expand year-on-year. But perhaps the most important aspect of the Maltese economy has been its attraction for foreign businesses with only a 5% tax on profits. It is no secret that Malta is a tax haven, probably one of the most effective tax havens in the world.
But you can’t pick and choose who takes shelter, and it’s no secret that money launderers have been taking advantage of the regulatory landscape in this archipelago.
The conditions of a tax haven suit criminal enterprises, who can take advantage of the opaque environment and blend their illegal activities with the same operations enjoyed by high net worth individuals and corporations who are looking to reduce their tax bill. And last year Malta’s keenness for secrecy and avoidance resulted in a damning report by Moneyval – the Council of Europe’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) body – which found that while the nation had made some efforts to curb money laundering there was still much to be desired in order to bring the tax haven up to standard. Overall, they were of the opinion that Malta viewed combating money laundering as a non-priority and this resulted in branding Malta with low to partial ratings for 30 out of the 40 Financial Action Task Force (FATF) recommendations.
The findings of the report were stated to have the potential to “create within the wider public the perception that there may exist a culture of inactivity or impunity”. This follows on from a series of international high-profile stories regarding Malta and financial crime. Most shocking was the murder of journalist Daphne Caruana Galizia – who investigated corruption and money laundering in her native country – and was killed by a car-bomb three years ago leading to international outrage and condemnation.
Now Malta is in a race against time to turn their reputation around or they will suffer genuine consequences. The FATF have threatened to place Malta on a “greylist” of high-risk jurisdictions unless they have shown a genuine commitment to combatting financial crime and implemented the recommendations of the Moneyval report. If they fail, this would make Malta the first EU country to make the list and join others such as Panama, Syria and Zimbabwe.
The pandemic has actually given Malta more time to meet these obligations, and it has been widely reported that an initial summer deadline has now been moved to October due to the widespread disruption.
As we head into the autumn, there are signs that Malta has begun to take action. The Malta Financial Services Authority (MFSA) has created and established an empowered AML now headed up by Anthony Eddington, formerly of the UK’s Financial Conduct Authority and who has previous experience of tackling anti-financial crime at Deutsche Bank. This team has already begun working closely with international experts, specifically partners in the US through the US embassy in Malta and the United States Commodities Futures Trading Commission (CFTC). In May this collaboration led to 25 new cases focused on money laundering in particular, and with plans to increase standard inspections and on-site investigations into businesses in Malta, it appears there is a change to the country’s priorities.
Importantly, the report highlighted a problem for countries that choose to become tax havens. In some cases it was not that the Maltese authorities deliberately turned a blind-eye, but simply that they did not have the necessary knowledge to effectively tackle financial crime in the first place. Law enforcement appeared unable to even recognise when crime was occurring.
But this blurring of financial compliance will not help businesses if Malta does indeed become “greylisted” this year. While not as devastating as being blacklisted (the two occupants of this list are Iran and North Korea) there are significant detrimental effects to being put on the FATF greylist. Although this signals that the country is committed to developing AML/CFT plans (unlike the blacklist) it still sends out a warning signal to the world that this is a high-risk area, with the country in question subject to increased monitoring and potential sanctions from the IMF and the World Bank. Make no mistake, being put on the greylist will be catastrophic for Malta’s economy.
It remains to be seen how the work to avoid such a calamity will affect Malta’s tax haven status. Perhaps with an increased fight against financial crime there will be less ability to defend one of Europe’s most competitive tax regimes. But if Malta does not show they are genuinely committed to tackling this problem, then the pandemic disruption to the island’s tourism may be minor in comparison to the grey clouds that now approach their shores.
How will the UK prepare a supply chain for the distribution of the Covid-19 vaccines?
By Don Marshall, Marketing role at Exporta.
The challenge of mobilising a supply chain for the introduction of a global and nationwide vaccine will be enormously complex. The process will be costly, and it’s likely the figures will stretch to the hundreds of millions for both the production of the vaccine itself and its distribution across the UK. We must prepare and plan a supply chain strategy to ensure it reaches those most in need in a timely and safe manner.
The task of immunising a whole population is something that has never been planned or likely imagined by anyone within a standard supply chain. A supply chain that goes directly from the manufacturer to the end consumer, or user/ patient in this case, is complex and goes beyond the scope of any single logistics company. It would have to be conceived and delivered via a large joint effort and collaboration between multiple organisations. Effectively distributing the vaccine will depend on the source of manufacture, its storage requirements, and protection of the vaccines from manufacture through to patient administration.
The majority of vaccines require storage within a specific temperature range and need to be handled safely and in hygienic conditions. Depending on where the vaccines are manufactured, the transport legs will vary; if they are coming from overseas, air freight will increase cost and complexity. In addition to supplying the vaccine, syringes, needles and containers also need to be taken into account when preparing the supply chain.
Securing the specific types of boxes or containers i.e. the lidded containers normally used for transporting pharmaceutical products will mean acquiring them from all available stockists and manufacturers. Delivery vehicles would then need to be considered, with temperature-control factored in. The medical supply chain can inform their approach to distribution by assessing data from previous supply chains, and how large quantities of vaccines have been sent out in the past. Collating successful vaccine delivery examples from other parts of the world would be advantageous here, the more we can do to prepare for a logistical challenge of this magnitude, the better.
The distribution of this COVID vaccine will be unique in its scale and for that reason, additional supply chains will need to be mobilised. Apart from medical supply chains, those best suited for this type of transportation are the fresh/frozen food industries and supermarkets. I would mobilise these businesses to assist with the vaccine’s distribution wherever possible and use their car parks and facilities for the temporary medical centres needed to administer the vaccine to the public.
Using the food industry and supermarket networks would leave the current pharmaceutical supply chains intact for health services, pharmacies and the NHS. It would protect those vital services and continue to serve communities across the UK. Inevitably, it would place a short term strain on food supply chains, but these are supply chains that are well-equipped and versed in coping with excess demand i.e. the spike endured from the brief spell of public panic buying at the start of the crisis. With adequate resourcing and planning, I believe the UK supply chain can and will handle this challenge.
Will COVID-19 accelerate the transition to banking alternatives
By Gael Itier – CEO & Founder at akt.io The COVID-19 crisis has led us to witness what will be...
Using payments to streamline everyday transport
By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail Once upon a time the only...
WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired
WeWALK, the smart cane designed for people who are blind or with low vision which is now in use across...
Adoption of tech in private markets lags behind industry trends
Nine out of ten financial institutions have accelerated their digitisation strategy as a result of Covid-19. Yet just 26% of...
Covid-19 disruption drives five new retail supply chain trends
The business disruption caused by COVID-19 has resulted in four out of five (82%) retailers changing their approach to stock...
Remote leadership anxieties
It’s a difficult time to be navigating the complex world of business. Whilst adapting to new ways of working remotely,...
Online jobs soar by 14% in third quarter 2020, Freelancer.com’s Fast 50 reports
Freelancer.com (ASX: FLN), the world’s largest freelancing and crowdsourcing marketplace by number of users and jobs posted, today released the...
One third of money management tools face closure by the end of the year if they do not embrace open banking
New research from Yolt Technology Services shows 35% of Personal Finance Managers aren’t using any open banking technology Imminent screen...
Pivoting growth strategy to rebuild consumer trust and confidence
By Richard Steggall, the CEO of Urban FT Trust is essential to all relationships, whether personal or professional. And in...
Everything you need to know about APIs for business
By Omar Javaid, president, Vonage API Platform, Vonage If your work brings you into close proximity with technology, chances are...