On November 7, China’s top legislature adopted a cybersecurity law to safeguard the sovereignty on cyberspace, national security, and the rights of citizens. The law has seven chapters that define specific regulations in various areas, such as network operational security (including key IT infrastructure), network information security, monitoring, alerting, and emergency situation handling as well as related legal responsibilities.
Some critics, especially those in Europe and the United States, continue to read too much into the negative impact of this legislation. I believe that it’s the reasonable move for the Chinese government to make in order to balance national security, citizen privacy, and economic openness. Foreign players in the Chinese market must revisit their local strategy and accelerate their digital transformation if they don’t want to miss the increasing needs and new opportunities regarding security and privacy:
The cybersecurity law has substantial advantages that benefit cybercitizens. For example, for the first time, the Chinese government requires that vendors providing cyberproducts and cyberservices must make clarifications to users and attain their approvals before they collect personal information. The new law also regulates that if companies leak or illegally sell personal information to third parties, they must bear legal responsibilities accordingly. These regulations mark a critical milestone in China’s journey toward personal privacy protection, and they are also important for consumers in the world’s largest market to protect themselves against internet fraud and spam messages.
Digital disruption has hit retail financial services in Asia Pacific (AP). In 2014, fintech investments in AP totaled US$880 million and skyrocketed to a staggering US$4.5 billion last year. Just as payments innovation has been a darling of venture capital investors in the US, the picture is not so different in AP as payments took the largest share of fintech investment deals at 40%. This is followed by lending at 25%. However, the next frontier of disruption doesn't lie in payments and lending. FF16, AP's first fintech competition, featured an array of fintech finalists offering a wide array of capabilities that signal what is to come in digital disruption in financial services.
We observe that the next frontier of digital disruption for the financial services sector will take place in investment, security and authentication as:
Data access, predictive analytics, and machine learning drive investment innovation. Exploding volumes of data are driving new, disruptive products and services in retail financial services. While predictive analytics isn't new, it has now entered the mass market, becoming more ubiquitous to retial investors. Smaller, nimbler players such as 8 Securities are now using algorithms to help customers derive insights from data, making predictive analytics more affordable and accessible. There are also B2B fintech companies such as BondIT and ShereIT that help financial advisors and brokers maximize their clients' portfolios.
Whether it’s the growth of service providers transitioning to offer services, the emergence of Containers within Hyperconverged solutions, or the potential emergence of Google succeeding, the public cloud is set for a year of “hyper-growth”! That said we have to sort through the FUD (Fear, Uncertainty and Doubt), especially in security, to determine the appropriateness of public cloud for your organization.
Is the low hanging cloud fruit eaten?
The rush to cloud to date has clearly been within “systems of innovation,” applications geared mostly to customer engagement (so-called “systems of engagement”). Enterprises leveraging public cloud are looking to get new innovative applications and services rapidly to market. These applications have been primarily driving customer acquisition and then fostering customer loyalty. These initiatives represent just the tip of the iceberg, the real opportunity is in moving “systems of record”, or everyday work to the public cloud.
Internet of Things (IoT) security is a hot topic among security and risk professionals. It seems as if every "thing" on the market is becoming smarter and more interactive. As the level of IoT device maturity increases so does the level of risk of data and device compromise. The scary thing is that we really have no idea what IoT devices are in our environment let alone the correct way to secure them.
Both IoT product makers and IoT product operators need to understand the security implications of IoT devices. Security in IoT involves product makers rethinking how they create technologies, secure code and hardware, develop new offerings, and ensure the privacy of the data they collect. These areas of security are not typically areas that automobile, manufacturing, and retail technology makers have had to consider in the past. The scale of IoT devices in each vertical is enough to employ a small army of developers who are yet not up to speed on the latest secure code and hardware concepts.
On the other side of the coin, enterprises have the unenviable position of implementing these poorly coded and built technologies. Overwhelming pressure will come from competing enterprises causing an increase in IoT adoption to improve business efficiencies. IoT will become pervasive, and mandatory, throughout every vertical from gas and electric to automotive. The threat landscape in these areas will be immense.
We attended the recently held CA World 2014 in Las Vegas which we estimate had about 5000 customers. Over and over we kept asking: What’s the intention of CA Technologies for this year’s event?
It’s not just that the event had Magic Johnson speaking about his past career and how he transformed from a world class athlete to a successful business man or the Tuesday night music event by Fray, a rock band from Denver, Colorado. It was the entire atmosphere of the showcase, keynotes and presentation styles which gave us the feeling this is really a new CA – a CA that wants to shed the image of suits and complex solutions and replace it with T-shirts, jeans and cool, digital solutions.
Envision a large solution floor scattered with CA Technology solutions and some of their partners; coffee, food and snack stations, surrounded by presentation theaters which featured topics like Business Intelligence, DevOps, Mobility, Security and Business Intelligence. Very different, very vogue and very modern! Most important we saw a CA which stressed that “every company is a software company and innovation is key to create a powerful advantage” (quote from Amit Chatterjee, CA Technologies during keynote on Tuesday). Sentences like “we are living in the application economy” and “mobile, the new interface for your mainframe” puzzled and excited both legacy installed base, prospects and other clients.
As analysts we have to say “Well done CA Technologies”. For attendees , next steps are how to transform into the digital business. Keynote presenters from Twitter, Facebook, Nike and Samsung made it sound like a walk in the park – reality is proving us differently, but CA is driving innovation in today’s application economy.
Yesterday, Proofpoint announced it will acquire social risk and compliance (SRC) vendor Nexgate for approximately $35 million.
The Acquisition Signals The SRC Market Is Maturing
This acquisition points to a budding and rapidly evolving SRC market. With the proliferation of social media, organizations face a slew of emerging regulatory challenges, brand threats, and security vulnerabilities – just look at recent incidents with Cole Haan, Zarbee’s, US Airways, British Gas, among countless others, even including our own US military. While once a niche market helping financial services firms meet FINRA obligations, SRC solutions now offer more than just compliance support, helping organizations better manage today’s wide gamut of social risks with social threat detection, account protection, and risk monitoring.
Proofpoint Has To Prove The Sum Is Greater Than Its Parts
By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).
Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.
■Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.
If you have implemented or used either application wrapping or containerization technologies, please COMPLETE THIS SURVEY.
Application wrapping versus containerization: Which technology provides better security to an enterprise mobile deployment? What are the use cases for each technology, and which technology has a longer shelf life when it comes to being the de facto standard for enterprise mobile security? Are there times when containerization provides a better user experience than application wrapping? And more simply speaking . . . what the heck is the difference between these two technologies, and which one should you purchase?
In the sport of boxing, "the tale of the tape" is a term used to describe a comparison between two fighters. Typically, this comparison includes physical measurements of each fighter as taken by a tape measure before the bout, thus the term "the tale of the tape." I'm currently conducting research for a "tale of the tape" report between mobile containerization technologies and mobile application wrapping. There has been a significant amount of discussion lately regarding which of these technologies is better suited for enterprise deployment. In order to settle this dispute, I'm going to get out the virtual tape measure and analyze the fighters!
On May 5, 2014, Target announced the resignation of its CEO, Gregg Steinhafel, in large part because of the massive and embarrassing customer data breach that occurred just before the 2013 U.S. holiday season kicked into high gear. After a security breach or incident, the CISO (or whoever is in charge of security) or the CIO, or both, are usually axed. Someone’s head has to roll. But the resignation of the CEO is unusual, and I believe this marks an important turning point in the visibility, prioritization, importance, and funding of information security. It’s an indication of just how much:
Security directly affects the top and bottom line. Early estimates of the cost of Target's 2013 holiday security breach indicate a potential customer churn of 1% to 5%, representing anywhere from $30 million to $150 million in lost net income. Target's stock fell 11% after it disclosed the breach in mid-December, but investors pushed shares up nearly 7% on the news of recovering sales. In February 2014, the company reported a 46% decline in profits due to the security breach.
Poor security will tank your reputation. The last thing Target needed was to be a permanent fixture of the 24-hour news cycle during the holiday season. Sure, like other breached companies, Target’s reputation will likely bounce back but it will take a lot of communication, investment, and other efforts to regain customer trust. The company announced last week that it will spend $100 million to adopt chip-and-PIN technology.
On January 22, 2014, a new mobile security player was born. This is the date that VMware announced its intention to purchase the mobile device management (MDM) firm AirWatch. With a price tag of $1.5 billion, this acquisition confirms that the mobile security market is scorchingly hot. This news comes on the heels of the November acquisition of Fiberlink by IBM. I expect additional mobile security market consolidation to occur throughout the remainder of 2014. This acquisition is a shot across the bow of any other major vendor looking to play in the mobile security market. If you don't step up and spend now, you might just be left holding the bag.