By Linus Chang, CEO and Founder, Scram Software (https://scramsoft.com/)
Any company that collects data about EU residents now has a duty of care in safeguarding that data from leakage. But despite being custodians of such data, many companies saw it was low in value, and therefore did a poor job of securing the data from breach. But thanks to steep regulatory fines such as those enforceable by the EU’s new GDPR, it is now possible to put an actual price on personal data, i.e. the size of the potential fine if the data is stolen.
The next step is to determine the best way to protect it. While many cloud providers purport the ability to secure data, there are clear reasons why organisations can’t simply rely on the level of “security” that a cloud provider offers.
Dr Toby Murray, a leader in software security (University of Melbourne, Australia), recently commented, “In theory, the market is supposed to incentivise cloud providers to keep customer data safe. Yet history tells us that few organisations can truly be relied upon to have sufficient security, even when their business models depend on them remaining secure.”
As an example, Murray cites certificate authorities like DigiNotar, which went out of business in 2011 after a significant security breach. “Knowing that your cloud provider might go out of business if your company’s data is breached is little comfort if that breach would also cripple your own business,” said Murray.
Most people only think of encryption in relation to privacy, but encryption is also a way that a data owner can use the cloud while still retaining control of their assets. This, in fact, is one of the most valuable features of encryption as a tool – provided that the owner manages the encryption key properly. While other methods can safeguard the network, the computer, or the file system, encryption is the only way to safeguard the data itself.
Two additional layers of data security via encryption
In addition to providing data owners with privacy and control over their files, cryptography also offers two additional layers: integrity, since it ensures that the data isn’t modified from its original form, and authentication, since it verifies that the data comes from the specified source. An example of this usage is with fingerprint data, since encryption ensures two fingerprints aren’t swapped. As Dr Vanessa Teague, a cryptographer at the University of Melbourne, points out, sometimes data is evidence. “Think about police cameras, for example,” she said. “The police might not only have to keep the data private, they might also have to prove at a later date that nobody had the opportunity to tamper with it.”
Teague emphasises another reason why encryption is critical for data security today: not all data breaches occur by accident. “Some occur because the entity to whom you entrusted your data could make money by reselling it, or giving others the opportunity to exploit it,” she said. Teague added that if you look carefully at the dispute between Cambridge Analytica and Facebook, you will see that the Cambridge University researcher who acquired the sensitive data of millions of people did so with Facebook’s permission.
“A cloud provider of any data might, similarly, decide to share it,” explained Teague. “This becomes even murkier if the entity believes your data has been ‘de-identified’ before sharing. Although it may be very easily re-identifiable, you may have no way of knowing, and some countries are considering making it a crime for you to try to find out.”
This should make it clear why secondary copies of data – such as backups, archives, migrations, and transfers – should ideally always be encrypted. Since these forms of data live as files, this is easy due to recent advances in file system encryption. Many primary copies of data can also be encrypted, and with more web systems collecting private or sensitive information (such as identification data and fingerprints), it’s becoming even more important that this happens.
However, despite the obvious need, one must ask why encryption is used so rarely. Unfortunately, cryptography has had a reputation for being troublesome and expensive to implement. With data coming from so many sources and being stored in so many systems, the encryption tools have not been able to keep up with the changing environment.
In a world that’s experiencing unprecedented levels of data breaches, what is needed is a well-designed, universal file encryption system that secures different types of data to protect against many forms of cybercrime, thereby minimising the chance of a successful data poach. Further, the system must also be easy to deploy, and come with foolproof instructions so that it is always implemented correctly. Dr Ron Steinfeld, a leader in post-quantum cryptography (Monash University, Australia), has been working on one such system, called ScramFS. “Encrypting stored user information on the cloud server with a key known only to the user, as is done by ScramFS, should significantly reduce the likelihood of such data breaches,” Steinfeld commented.
Bio for Linus Chang, CEO & founder of Scram Software:
Linus Chang is CEO & founder of Scram Software, which provides world-class encryption tools enabling SMEs and government organisations to easily and affordably secure data stored locally and in the cloud. ScramFS – the flagship product Chang designed, developed and peer-reviewed alongside international security and cryptography experts – also achieves aspects of GDPR compliance by enabling organisations to implement encryption and pseudonymisation security protections (Article 32) by design and default (Article 25), while also mitigating the obligations of reporting data breaches to data subjects (Article 34).
A computer programmer and entrepreneur from Melbourne, Australia, Chang previously created BackupAssist, a SME software product which has sold over 170,000 copies to 165 countries, with customers including the Department of Homeland Security and NASA.
Sunak to use budget to expand apprenticeships in England
LONDON (Reuters) – British finance minister Rishi Sunak will announce more funding for apprenticeships in England when he unveils his budget next week, the government said on Friday.
Employers taking part in the Apprenticeship Initiative Scheme will from April 1 receive 3,000 pounds ($4,179) for each apprentice hired, regardless of age – an increase on current grants of between 1,500 and 2,000 pounds depending on age.
The scheme will extended by six months until the end of September, the finance ministry said.
Sunak will also announce an extra 126 million pounds for traineeships for up to 43,000 placements.
Sunak’s March 3 budget will likely include a new round of spending to prop up the economy during what he hopes will be the last phase of lockdown, but he will also probably signal tax rises ahead to plug the huge hole in the public finances.
Sunak is also expected to announce a “flexi-job” apprenticeship scheme, whereby apprentices can join an agency and work for multiple employers in one sector, the finance ministry said.
“We know there’s more to do and it’s vital this continues throughout the next stage of our recovery, which is why I’m boosting support for these programmes, helping jobseekers and employers alike,” Sunak said in a statement.
(Reporting by Andy Bruce, editing by David Milliken)
UK seeks G7 consensus on digital competition after Facebook blackout
LONDON (Reuters) – Britain is seeking to build a consensus among G7 nations on how to stop large technology companies exploiting their dominance, warning that there can be no repeat of Facebook’s one-week media blackout in Australia.
Facebook’s row with the Australian government over payment for local news, although now resolved, has increased international focus on the power wielded by tech corporations.
“We will hold these companies to account and bridge the gap between what they say they do and what happens in practice,” Britain’s digital minister Oliver Dowden said on Friday.
“We will prevent these firms from exploiting their dominance to the detriment of people and the businesses that rely on them.”
Dowden said recent events had strengthened his view that digital markets did not currently function properly.
He spoke after a meeting with Facebook’s Vice-President for Global Affairs, Nick Clegg, a former British deputy prime minister.
“I put these concerns to Facebook and set out our interest in levelling the playing field to enable proper commercial relationships to be formed. We must avoid such nuclear options being taken again,” Dowden said in a statement.
Facebook said in a statement that the call had been constructive, and that it had already struck commercial deals with most major publishers in Britain.
“Nick strongly agreed with the Secretary of Stateâ€™s (Dowden’s) assertion that the governmentâ€™s general preference is for companies to enter freely into proper commercial relationships with each other,” a Facebook spokesman said.
Britain will host a meeting of G7 leaders in June.
It is seeking to build consensus there for coordinated action toward “promoting competitive, innovative digital markets while protecting the free speech and journalism that underpin our democracy and precious liberties,” Dowden said.
The G7 comprises the United States, Japan, Britain, Germany, France, Italy and Canada, but Australia has also been invited.
Britain is working on a new competition regime aimed at giving consumers more control over their data, and introducing legislation that could regulate social media platforms to prevent the spread of illegal or extremist content and bullying.
(Reporting by William James; Editing by Gareth Jones and John Stonestreet)
Britain to offer fast-track visas to bolster fintechs after Brexit
By Huw Jones
LONDON (Reuters) – Britain said on Friday it would offer a fast-track visa scheme for jobs at high-growth companies after a government-backed review warned that financial technology firms will struggle with Brexit and tougher competition for global talent.
Finance minister Rishi Sunak said that now Britain has left the European Union, it wants to make sure its immigration system helps businesses attract the best hires.
“This new fast-track scale-up stream will make it easier for fintech firms to recruit innovators and job creators, who will help them grow,” Sunak said in a statement.
Over 40% of fintech staff in Britain come from overseas, and the new visa scheme, open to migrants with job offers at high-growth firms that are scaling up, will start in March 2022.
Brexit cut fintechs’ access to the EU single market and made it far harder to employ staff from the bloc, leaving Britain less attractive for the industry.
The review published on Friday and headed by Ron Kalifa, former CEO of payments fintech Worldpay, set out a “strategy and delivery model” that also includes a new 1 billion pound ($1.39 billion) start-up fund.
“It’s about underpinning financial services and our place in the world, and bringing innovation into mainstream banking,” Kalifa told Reuters.
Britain has a 10% share of the global fintech market, generating 11 billion pounds ($15.6 billion) in revenue.
The review said Brexit, heavy investment in fintech by Australia, Canada and Singapore, and the need to be nimbler as COVID-19 accelerates digitalisation of finance, all mean the sector’s future in Britain is not assured.
It also recommends more flexible listing rules for fintechs to catch up with New York.
“We recognise the need to make the UK attractive a more attractive location for IPOs,” said Britain’s financial services minister John Glen, adding that a separate review on listings rules would be published shortly.
“Those findings, along with Ron’s report today, should provide an excellent evidence base for further reform.”
Britain pioneered “sandboxes” to allow fintechs to test products on real consumers under supervision, and the review says regulators should move to the next stage and set up “scale-boxes” to help fintechs navigate red tape to grow.
“It’s a question of knowing who to call when there’s a problem,” said Kay Swinburne, vice chair of financial services at consultants KPMG and a contributor to the review.
A UK fintech wanting to serve EU clients would have to open a hub in the bloc, an expensive undertaking for a start-up.
“Leaving the EU and access to the single market going away is a big deal, so the UK has to do something significant to make fintechs stay here,” Swinburne said.
The review seeks to join the dots on fintech policy across government departments and regulators, and marshal private sector efforts under a new Centre for Finance, Innovation and Technology (CFIT).
“There is no framework but bits of individual policies, and nowhere does it come together,” said Rachel Kent, a lawyer at Hogan Lovells and contributor to the review.
($1 = 0.7064 pounds)
(Reporting by Huw Jones; editing by Jane Merriman and John Stonestreet)
Sunak to give UK Infrastructure Bank £12 billion of capital in budget
LONDON (Reuters) – British finance minister Rishi Sunak is expected to announce an initial 12 billion pounds of capital and...
Robinhood plans confidential IPO filing as soon as March – Bloomberg News
(Reuters) – Online brokerage Robinhood, at the centre of this year’s retail trading frenzy, is planning to file confidentially for...
Wall Street Week Ahead: Investors weigh new stock leadership as broader market wobbles
By Lewis Krauskopf NEW YORK (Reuters) – A shakeup in stocks accelerated by the past week’s surge in Treasury yields...
SoftBank reaches settlement with former WeWork CEO Neumann
(Reuters) – SoftBank Group Corp said on Friday it has reached a settlement with WeWork’s special committee and the company’s...
Sunak warns of bill to be paid to tackle Britain’s ‘exposed’ finances – FT
(Reuters) – British finance minister Rishi Sunak will use the budget next week to level with the public over the...