Initiatives such as the UK Crown Commercial Service (CCS) and Google Cloud agreement will also help in the recovery phase. This allows qualified public sector agencies to avail of a discounted price for their Google Cloud deployments. Earlier in the year CCS entered into a price arrangement with Microsoft as well. If Cloud has to be the vehicle for economic recovery, such arrangements will benefit cash-strapped public sector organisations.
The recovery will also require the entire technology ecosystem to engage not only with large enterprises but also small and medium enterprises (SMEs). Alibaba Cloud announced an investment of US$ 283 million to revamp its global partner program. They plan to introduce new partner-customer communication processes to enhance response time and bring more opportunities to independent software vendors (ISVs) managed service providers (MSPs) and system integrators (SIs) as partners.
Europe Emerging as a Cloud Hub
As a fallout of the current political scenario, Europe is pushing for more cloud independence and to become an innovation hub as a vendor-neutral network for cloud computing providers and their customers.
GAIA-X Foundation is a federated data infrastructure project initiated to build a unified system of cloud and data services to be protected by EU Laws – including GDPR, the free flow of non-personal data regulation and the Cybersecurity Act. France and Germany kicked off the GAIA-X cloud project last year and the system is open for participation to national and European initiatives for exchange of data across industries and services such as AI, IoT and data analytics. GAIA-X took another step towards becoming a real option for European organisations with the establishment as a legal entity in June. Various organisations – including Dassault, Orange, Siemens, SAP, Atos, Scaleway and Deutsche Telekom are a part of this non-profit platform, working together on Cloud applications, high-performance computing as well as edge systems. The project is expecting to release a working model by early 2021 and will be further enhanced in phases.
Global Cloud leaders are also focusing on expanding their presence in Europe. In February, Microsoft announced a new data centre in Spain leveraging Telefónica infrastructure. In a similar move, Google Cloud announced its plans to expand in the region in partnership with Telefónica. Telefonica and Google are expected to jointly work on Spain’s digitalisation through edge infrastructure and 5G for consumers and telecom infrastructure.
Cloud Providers Bolstering their Cybersecurity Capabilities
2020 has witnessed a host of cybersecurity threats and data breaches. While Cloud providers have always evolved their cybersecurity capabilities, it has become important for them to become vocal about these measures to build trust in the industry.
To complement the Microsoft Azure IoT security, Microsoft acquired IoT security specialist CyberX, last month. The acquisition will enable greater security for the IoT devices connected to the Microsoft network and will help their customers to gain visibility through a map of devices thus allowing them to gather information on security risks associated with thousands of sensors and connected devices. This will enhance smart grid, smart manufacturing and digital assets and profiles and reduce vulnerabilities across production and supply chain.
In another move which will benefit the ISV and SI ecosystem, NetFoundry’s zero trust networking API is now available on RapidAPI. RapidAPI’s marketplace enables developers to easily find, connect to, and manage the APIs they need to build a range of applications. Now the ISV and developer community can access NetFoundry’s software-only, zero trust models on RapidAPI.
More Partnerships between Software/Industry Solutions Providers and Cloud Providers
The COVID-19 crisis has had a far-reaching impact on several industries. The technologies that are expected to see the most uptake are IoT and Future of Work technologies.
Ecosystm Principal Advisor, Kaushik Ghatak says, “COVID-19 has brought to the fore the need for managing risks better. And the key to managing risks is to have better visibility and drive data-driven decisions; the sweet spot for IoT technologies.”
Last week, Microsoft and Hitachi announced a strategic alliance to accelerate the digital transformation of the Manufacturing and Logistics industries across Southeast Asia, Japan and North America. The first solutions are expected to be made available in Thailand as early as this month. Hitachi brings to the table their industry solutions, such as Lumada, and their IoT-ready industrial controllers HX Series. These solutions will be fully integrated with the Microsoft cloud platform, leveraging Azure, Dynamics 365 and Microsoft 365.
Another sector that has seen significant disruption is Real Estate. Ecosystm Principal Advisor, Andrew Milroy in his blog Proptech: Driving Digital Transformation in the Wake of COVID-19 sees a real opportunity for the sector to transform. “Many activities within the property ecosystem have remained unchanged for decades. There are several opportunities for digital engagement and automation in this sector, ranging from the use of robots in construction to the ‘uberisation’ of the residential property customer journey.”
June saw Honeywell and SAP partner to create a joint cloud-based solution based on Honeywell Forge and SAP cloud. The cloud solution is aimed at real estate operators and customers providing aggregated financial and operational insights in real-time. The solution leverages the Honeywell Forge autonomous buildings solution and the SAP Cloud for Real Estate solution, enabling facility managers and building owners to reposition their real estate portfolios through parameters such as cost savings and energy efficiency and help improve the tenant experience.
As organisations struggle to maintain operations during the ongoing crisis, there has been an exponential increase in employees working from home and relying on the Future of Work technologies. Ecosystm principal Advisor, Audrey William says, “During the COVID-19 pandemic, people have become reliant on voice, video and collaboration tools and even when things go back to normal in the coming months, the blended way of work will be the norm. There has been a surge of video and collaboration technologies. The need to have good communication and collaboration tools whether at home or in the office has become a basic expectation especially when working from home. It has become non-negotiable.”
AWS and Slack announced a multi-year partnership to collaborate on solutions to enable the Workplace of the Future. This will give Slack users the ability to manage their AWS resources within Slack, as well as replace Slack’s voice and video call features with AWS’s Amazon Chime. And AWS will be using Slack for their internal communication and collaboration.
Delivering excellent customer experience in the midst of the crisis has proved to be difficult for organisations. Customer care centres have been especially impacted by high volumes of customer interactions – through voice and non-voice channels. This will see a major rise in adoption of cloud contact centre solutions. Contact centre providers are ramping up their capabilities in anticipation. Genesys selected AWS as their preferred cloud partner to deliver new features to customers and build a global and secure infrastructure.
The industry can expect more news from Cloud providers in the next few months as they ramp up their capabilities and channel their go-to-market messaging.
Gain access to more insights from the Ecosystm Cloud Study
Root cause analysis. Once priority events have been correlated, AIOps identifies a root cause to enable the operations team to focus its efforts on a resolution. This is a task that proves challenging to perform at speed for a human operator considering the complexity of today’s systems.
Proactive response. A range of responses is available with AIOps, from directing issues to the appropriate people, to recommending actions that can be taken by operators directly in a collaboration tool, to rules-based workflows performed automatically, such as spinning up additional AWS EC2 instances.
Learning. By evaluating past failures and successes, AIOps can learn over time which events are likely to become critical and how to respond to them. This brings us closer to the dream of NoOps, where operations are completely automated.
The Impact of COVID-19 on IT Operations
The Ecosystm Digital Priorities in the New Normal study launched this month, asks technology users about how their digital priorities have shifted during the pandemic. Despite pressure to shift to digital delivery, almost 40% of participants reported that their organisations cut headcount in the IT department (Figure 1). Furthermore, over one third had been forced to cut their employees’ salaries. As we have seen in previous crises, IT operations teams are being asked to do more with less and will need automation to bridge the gaps.
As we begin to move into the next phase of the COVID-19 reality and businesses continue to open, we will see many launch digital services that were conceived of during the crisis. One of the greatest challenges that IT departments face will be scalability as digital businesses grow. AIOps will be a go-to tool for IT operations to ensure uptime and improve user experience. It is likely that the next 12-18 months will be a watershed moment for AIOps.
NLP and the Democratisation of Data
Natural Language Processing (NLP) will be the next string in the bow of AIOps. While the ultimate goal of IT operations is to identify and remediate situations before they have an impact on the user, oftentimes it is the service desk that generates the initial barrage of alerts. AIOps equipped with NLP can extract relevant data from user tickets, correlate them with other system events and potentially even suggest a resolution to the user. Here, ChatOps can help to reduce the workload on the service desk and bring relevant events to the attention of the operations team faster. NLP will also help democratise IT operations data within the organisation. As they digitalise, lines of business (LoBs) besides IT will need access to system health and user experience data but business managers may not have the necessary technical skills to extract them. Chatbots that can return these metrics to non-technical users will begin to proliferate.
Most IT departments would have discovered the limitations of their current systems during the upheaval caused by recent lockdowns. Only about 7% of organisations in our study reported that they were well-prepared across all areas of IT, to handle the COVID-19 crisis. For those organisations that have yet to invest in AIOps, we recommend starting now but starting small. Develop a topology map to understand where you have reliable data sources that could be analysed by AIOps. Then select a domain by assessing the present level of observability and automation, IT skills gap, frequency of outages, and business criticality. As you add additional domains and the system learns, the value you realise from AIOps will grow.
The power of collaborative AIOps tools would have been undeniable as the COVID-19 crisis began and IT departments were forced to work in a distributed manner. When evaluating a system, carefully consider how it will integrate into your organisation’s preferred collaboration suite, whether it be the AIOps vendor’s proprietary situation tool or a third-party provider like Slack or Microsoft Teams. The ability for operations teams to collaborate effectively reduces time to resolution.
In Australia, we’re seeing attackers targeting internet-facing infrastructure relating to vulnerabilities in Citrix, Windows IIS web server, Microsoft Sharepoint, and Telerik UI.
Where these attacks fail, they are moving to spear-phishing attacks. Spear phishing is most commonly an email or SMS scam targeted towards a specific individual or organisation but can be delivered to a target via any number of electronic communication mediums. In the spear-phishing emails, the attacker attaches files or includes links to a variety of destinations that include:
Credential harvesting sites. These genuine-looking but fake web sites prompt targets to enter username and password. Once the gullible target provides the credentials, these are then stored in the attackers’ database and are used to launch credential-based attacks against the organisation’s IT infrastructure and applications.
Malicious files. These file attachments to emails look legitimate but once downloaded, they execute a malicious malware on the target device. Common file types are .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .gif, .mpg, .mp4, .wav
OAuth Token Theft. OAuth is commonly used on the internet to authenticate a user to a wide variety of other platforms. This attack technique uses OAuth tokens generated by a platform and shares with other platforms. An example of this is a website that asks users to authenticate using their Facebook or Google accounts in order to use its own services. Faulty implementation of OAuth renders such integration to cyber-attacks.
Link Shimming. The technique includes using email tracking services to launch an attack. The attackers send fake emails with valid looking links and images inside, using email tracking services. Once the user receives the email, it tracks the actions related to opening the email and clicking on the links. Such tracking services can reveal when the email was opened, location data, device used, links clicked, and IP addresses used. The links once clicked-on, can in- turn, lead to malicious software being stealthily downloaded on the target system and/or luring the user for credential harvesting.
How do you safeguard against Cyber-Attacks?
The most common vectors for such cyber-attacks are lack of user awareness AND/OR exploitable internet-facing systems and applications. Unpatched or out-of-support internet-facing systems, application or system misconfiguration, inadequate or poorly maintained device security controls and weak threat detection and response programs, compound the threat to your organisation.
Governments across the world are coming up with advisories and guidelines to spread cybersecurity awareness and prevent threats and attacks. ACSC’s Australian Signals Directorates ‘Essential 8’ are effective mitigations for a large majority of present-day attacks. There were also guidelines published earlier this year, specifically with the COVID-19 crisis in mind. The Cyber Security Agency in Singapore (CSA) promotes the ‘Go Safe Online’ campaign that provides regular guidance and best practices on cybersecurity measures.
Ecosystm’s ongoing “Digital Priorities in the New Normal” study evaluates the impact of the COVID-19 pandemic on organisations, and how digital priorities are being initiated or aligned to adapt to the New Normal that has emerged. 41% of organisations in Asia Pacific re-evaluated cybersecurity risks and measures, in the wake of the pandemic. Identity & Access Management (IDAM), Data Security and Threat Analytics & Intelligence saw increased investments in many organisations in the region (Figure 1).
However, technology implementation has to be backed by a rigorous process that constantly evaluates the organisation’s risk positions. The following preventive measures will help you address the risks to your organisation:
Conduct regular user awareness training on common cyber threats
Conduct regular phishing tests to check user awareness level
Patch the internet-facing products as recommended by their vendors
Establish baseline security standards for applications and systems
Apply multi-factor authentication to access critical applications and systems – especially internet-facing and SaaS products widely used in the organisation like O365
Follow regular vulnerability scanning and remediation regimes
Conduct regular penetration testing on internet-facing applications and systems
Apply security settings on endpoints and internet gateways that disallow download and execution of files from unfamiliar sources
Maintain an active threat detection and response program that provides for intrusion detection, integrity checks, user and system behaviour monitoring and tools to maintain visibility of potential attacks and incidents – e.g Security Information & Event Monitoring (SIEM) tools
Consider managed services such as Managed Threat Detection and Response delivered via security operations (SOC)
Maintain a robust incident management program that is reviewed and tested at least annually
Maintain a comprehensive backup regime – especially for critical data – including offsite/offline backups, and regular testing of backups for data integrity
Restrict and monitor the usage of administrative credentials
Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.
The pandemic has fast demonstrated the power of being aligned to the digital economy. Ecosystm CEO Amit Gupta says, “Organisations that were digital-ready were able to manage their business continuity almost immediately in enabling a remote workforce. The transfer was almost seamless for such businesses as the teams had already imbibed the principles of remote collaboration and were already familiar with tools that enable collaboration and communication. For many of these organisations, it was almost a matter of employees packing up their work-issued laptop and heading home.”
“In addition, those that were fully digitalised were better prepared to continue not only interacting with their clients remotely but also in many cases were able to deliver their offerings to their customers through their website or mobile apps.”
Gupta also notes that Ecosystm research shows that before the COVID-19 outbreak only about 35% of SMEs considered themselves ready for the digital economy, compared to half of the large enterprises. “This needs to change – and change fast!”
Singapore’s Digital Government Blueprint
In Singapore’s Digital Government Blueprint that supports its Smart Nation vision, digitalisation is positioned as a key pillar for public service transformation. The focus for business stakeholders in this journey includes co-creating and facilitating the adoption of technologies (Figure 1).
Small and medium enterprises (SMEs) often struggle with going digital because of lack of resources – both financial and skills – and vision. In a country such as Singapore, where SMEs are estimated to account for 99% of all enterprises and 77% of employment, it is imperative that the Digital Economy vision includes a special focus on them.
Gupta says, “Despite significant incentives, there has been resistance from SMEs to go digital as it still involves time and monetary investment from them. The need to retrain and upskill their teams is also a perceived roadblock to the uptake.”
Singapore Empowering SMEs to go Digital
As the Government looks to open the economy up in a phased manner, it sees this as the right opportunity to make SMEs digital-ready. It is “seizing the moment” and has established the SG Digital Office (SDO) in an effort to enable every individual, worker and business to go digital. Initiatives include the recruitment and deployment of 1,000 Digital Ambassadors by end June to provide personalised as well as small group support to seniors and owners of local eateries, who require additional assistance to adopt digital solutions and technology.
In 2018, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) had launched SGQR to unify the fragmented e-payment landscape in the country, making it compatible with 27 payment schemes. The SDO aims to drive SMEs (especially in the F&B sector) to adopt SGQR codes for e-payments. The goal is to engage 18,000 stallholders of local eateries (hawker centres, wet markets, coffee shops and industrial canteens) to have the unified e-payment solution by June 2021. Further, multiple government agencies – IMDA, National Environment Agency (NEA), Jurong Town Corporation, Housing Development Board (HDB) and Enterprise Singapore – come together to offer a bonus of SGD 300 per month over five months to encourage more F&B SMEs to adopt e-payments.
“Financial Inclusion is one of the mainstays of a progressive economy. Given the significant investment that has gone into the e-payments infrastructure by government agencies led by MAS, we are placed well compared to other nations,” says Gupta. “However, there is work to be done in certain demographics and sectors. The drive to support F&B outlets and local eateries to get on the bandwagon will be an exceptional step and will be well received by consumers.”
“There are only a handful of governments that can compare with what the Singapore Government has put in place when it comes to initiatives to drive the uptake of technology by SMEs. This current crisis may well become the catalyst for SMEs to recognise the urgency of getting digital-ready and they should use this as an opportunity to leverage the government support around technology adoption and emerge as digital-savvy organisations.”
In his blog, The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.
We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.
Market Consolidation through M&As Continues
The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.
As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.
Another interesting deal was Venafi acquiring Jetstack. Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities. The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.
Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.
Governments actively working on their Cyber Standards
Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data. This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.
Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.
While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.
Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.
Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.
The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.
Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.
More data on organisations’ Cybersecurity priorities and investments is available here ?
IoT is also being used for predictive maintenance and in enhancing employee safety. Smart sensors can monitor parameters such as vibrations, temperature and moisture, and detect abnormal behaviours in equipment – helping field workers to make maintenance decisions in real-time, enhancing their safety.
GIS is being used to get spatial data and map project distribution plans for water, sewage, and electricity. For instance, India’s Restructured Accelerated Power Development & Reforms Program (R-APDRP) government project involves mapping of project areas through GIS for identification of energy distribution assets including transformers and feeders with actual locations of high tension and low tension wires to provide data and maintain energy distribution over a geographical region. R-APDRP is also focused on reducing power loss.
Transparency and Efficiency using Blockchain
Blockchain-based systems are helping the Utilities industry in centralising consumer data, enabling information sharing across key departments and offering more transparent services to consumers.
Energy and Utilities companies are also using the technology to redistribute power from a central location and form smart contracts on Blockchain for decisions and data storage. This is opening opportunities for the industry to trade on energy, and create contracts based on their demand and supply. US-based Brooklyn Microgrid, for example, is a local energy marketplace in New York City based on Blockchain for solar panel owners to trade excess energy generated to commercial and domestic consumers. In an initiative launched by Singapore’s leading Power company, SP Group, companies can purchase Renewable Energy Certificates (RECs) through a Blockchain-powered trading platform, from renewable producers in a transparent, centralised and inexpensive way.
Blockchain is also being used to give consumers the transparency they demand. Spanish renewable energy firm Acciona Energía allows its consumers to track the origin of electricity from its wind and solar farms in real-time providing full transparency to certify renewable energy origin.
Intelligence in Products and Services using AI
Utilities companies are using AI & Automation to both transform customer experience and automate backend processes. Smart Meters, in itself, generate a lot of data which can be used for intelligence based on demographics, usage patterns, demand and supply. This is used for load forecasting and balancing supply and demand for yield optimisation. It is also being leveraged for targeted marketing including personalised messages on Smart Energy usage.
Researchers in Germany have developed a machine learning program called EWeLiNE which is helping grid operators with a program that can calculate renewable energy generation over 48 hours from the data taken from solar panels and wind turbines, through an early warning system.
Niche providers of Smart Energy products have been working with providing energy intelligence to consumers. UK start-up Verv, as an example, uses an AI-based assistant to guide consumers on energy management by tracing the energy usage data from appliances through meters and assisting in reducing costs. Increasingly, Utilities companies will partner with such niche providers to offer similar services to their customers.
Utilities companies have started using chatbots and conversational AI to improve customer experience. For instance, Exelon in the US is using a chatbot to answer common customer queries on power outages and billing.
While the predominant technology focus of Utilities companies is still on cost optimisation, infrastructure management and disaster management, the industry is fast realising the power of having an interconnected system that can transform the entire value chain.
For more insights from our AI Research, click below
Today’s crisis creates opportunities for platforms such as ProperyGuru to engage customers throughout their journey. It can potentially transform the residential property business, by becoming an Uber-style platform for agents, movers, shippers, storage companies, interior designers, renovation firms and all other stakeholders within the residential property ecosystem. Subject to regulation, it could also act as a mortgage broker and an agency for the exchange of contracts. In other words, it could ‘own’ the customer journey and act as a platform for all services associated with residential property. From the customer perspective, such a platform would be a welcome way of enhancing the experience associated with buying, renting, maintaining, improving, managing, and selling residential property.
IoT and the Commercial Property Sector
From a commercial property perspective, the COVID-19 crisis can also be expected to accelerate the digitalisation of many activities associated with the construction, maintenance, and management of buildings.
According to the findings of the Ecosystm IoT Study, the Construction industry is evaluating several technology solutions that are expected to benefit the industry (Figure 1).
While the industry views these solutions as beneficial, the adoption has so far been low. This will change. Drones have been used to inspect the outside of tall buildings for several years, but this is not yet standard practice. Structural inspections and maintenance of buildings will be automated at a much faster rate post COVID-19. IoT technology will be used for building management. Using IoT technology for the predictive maintenance and management of lighting, climate control, elevators, security, windows and doors will become standard as firms seek to reduce human interactions. Technology that measures footfall, manages safe distancing, takes peoples’ temperatures and identifies those who enter and leave buildings will be introduced, as organisations guard against disease clusters developing within or around their premises.
In essence, the COVID-19 crisis will act as a catalyst for the digital transformation of the property sector. There is a huge opportunity to create new business models not least by offering customers a digital platform on which all of their property-related needs can be addressed. For the commercial property sector, a similar platform can be offered. Additionally, many core activities ranging from construction to building management will be automated, fully leveraging robot, AI and IoT technologies.
Milroy was recently part of a conversation with Hari V Krishnan, Group CEO of ProperyGuru Group and Ecosystm CEO, Amit Gupta. Watch the video here ?
Switching to an alternative video conferencing platform will not necessarily offer greater levels of security as privacy is typically not a strength of any collaboration platform. Collaboration platforms tend to tread a fine line between a great experience and security. Too much security can cause performance and usability to be impacted negatively. Too little security, as we have seen, allows hackers to find vulnerabilities. If data privacy is critical for a meeting, then perhaps collaboration platforms should not be used, or organisations should not share critical information on them.
Protect all Cloud Workloads
In today’s remote working paradigm, cloud computing is being used more than ever. This frequently exposes organisations to risks that are not adequately mitigated.
Organisations typically need to manage a mix of on-premises technology together with multiple clouds, which are often poorly integrated. These complexities are compounded by the increasing risk from cyberattacks associated with cloud migration and hybrid cloud implementations. In cloud environments, the leading cybersecurity risks include insecure interfaces and APIs, data breaches and data loss, unauthorised access, DDoS attacks, and a lack of a unified view of assets.
Protection requirements for securing hybrid multicloud environments are evolving rapidly. In addition to tightening up endpoint security, organisations must also place greater emphasis on cloud workload protection. Cloud security solutions need to offer a unified and consistent view across all physical machines, virtual machines, serverless workloads and containers, used by an organisation.
Amend Incident Response Plans
It is the containment of breaches that often determines the success of security policies and procedures. Basic cyber hygiene as well as changes to IT architecture, such as micro segmentation, play an essential role in breach containment. But incident response plans also need to be made relevant to the current pandemic scenario.
Employees and IT teams are now working in a completely different environment than envisaged by most incident response plans. Existing plans may now be obsolete. At the very least, they will need to be modified. Usually, incident response plans are designed to respond to threats when most employees are operating in a corporate environment. This clearly needs to change. Employees need to be trained in the updated plan and know how to reach support if they believe that a security breach has occurred in their remote location.
Critically, new alert and warning systems need to be established, which can be used by employees to warn of threats as well as to receive information on threats and best practices.
Organisations are struggling to keep the lights on. In this battle to remain operational, cybersecurity has been taking a back seat. This cannot last for long as the deluge of new vulnerabilities is creating easy pickings for attackers. Cyber hygiene, endpoint security, cloud security, security policies and incident response plans must be continually reviewed.
This blog is based on Andrew Milroy’s recent report titled “Cybersecurity in the COVID-19 Era”.
Click here to download the full report ?
The one area where they were impacted most is security. In his report, Cybersecurity Considerations in the COVID-19 Era, Ecosystm Principal Advisor Andrew Milroy says, “The extraordinary growth of Zoom has made it a target for attackers. It has had to work remarkably hard to plug the security gaps, identified by numerous breaches. Many security vulnerabilities have been discovered with Zoom such as, a vulnerability to UNC path injection in the client chat feature, which allows hackers to steal Windows credentials, keeping decryption keys in the cloud which can potentially be accessed by hackers and the ability for trolls to ‘Zoombomb’ open and unprotected meetings.”
“Zoom largely responded to these disclosures quickly and transparently, and it has already patched many of the weaknesses highlighted by the security community. But it continues to receive rigorous stress testing by hackers, exposing more vulnerabilities.”
However, Milroy does not think that this issue is unique to Zoom. “Collaboration platforms tend to tread a fine line between performance and security. Too much security can cause performance and usability to be impacted negatively. Too little security, as we have seen, allows hackers to find vulnerabilities. If data privacy is critical for a meeting, then perhaps collaboration platforms should not be used, or organisations should not share critical information on them.”
Zoom to increase Capacity and Scalability
Zoom is aware that it has to increase its service capacity and scalability of its offerings, if it has to successfully leverage its current market presence, beyond the COVID-19 crisis. Last week Zoom announced that that it had selected Oracle as its cloud Infrastructure provider. One of the reasons cited for the choice is Oracle’s “industry-leading security”. It has been reported that Zoom is transferring more than 7 PB of data through Oracle Cloud Infrastructure servers daily.
In addition to growing their data centres, Zoom has been using AWS and Microsoft Azure as its hosting providers. Milroy says, “It makes sense for Zoom to use another supplier rather than putting ‘all its eggs in one or two baskets’. Zoom has not shared the commercial details, but it is likely that Oracle has offered more predictable pricing. Also, the security offered by the Oracle Cloud Infrastructure deal is likely to have impacted the choice and it is likely that Oracle has also priced its security features very competitively.”
“It must also be borne in mind that Google, Microsoft and Amazon are all competing directly with Zoom. They all offer video collaboration platforms and like Zoom, are seeing huge growth in demand. Zoom may not wish to contribute to the growth of its competitors any more than it needs to.”
Milroy sees another benefit to using Oracle. “Oracle is known to have a presence in the government sector – especially in the US. Working with Oracle might make it easier for Zoom to win large government contracts, to consolidate its market presence.”