Tech Spotlight for May – Cybersecurity

5/5 (2)

5/5 (2)

In his blog, The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.

We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.

Market Consolidation through M&As Continues

The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.

As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.

Another interesting deal was Venafi acquiring Jetstack.  Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities.   The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.

Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.

Governments actively working on their Cyber Standards

Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data.  This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.

Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.

Australia is also ramping up measures to protect the public sector and the country’s data against threats and breaches by issuing guidelines to Australia’s critical infrastructure providers from cyber-attacks. The Australian Cyber Security Centre (ACSC) especially aims key employees working in services such as power and water distribution networks, and transport and communications grids. In the US agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have issued guidelines on safeguarding the country’s critical infrastructure. Similarly, UK’s National Cyber Security Centre (NCSC) issued cybersecurity best practices for Industrial Control Systems (ICS).

Cyber Awareness emerges as the need of the hour

While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.

Comtech received a US$8.4 million in additional orders from the US Federal Government for a Joint Cyber Analysis Course. The company has been providing cyber-training to government agencies in the communications sector. Another public-private partnership to raise awareness on Cybersecurity announced in May was the MoU between Europol’s European Cybercrime Centre (EC3) and Capgemini Netherlands. With this MoU, Capgemini and Europol are collaborating on activities such as the development of cyber simulation exercises, capacity building, and prevention and awareness campaigns. They are also partnered on a No More Ransomware project by National High Tech Crime Unit of the Netherlands’ Police, Kaspersky and McAfee to help victims fight against ransomware threats.

The Industry continues to gear up for the Future

Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.

Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.

The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.

Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.

 


Click below for more data on organisations’ Cybersecurity priorities and investments
Get Started


1
Ecosystm Snapshot: Oracle Continues to Expand Global Cloud Footprint

4.5/5 (2)

4.5/5 (2)

In the Top 5 Cloud Trends for 2020, Principal Analyst Claus Mortensen observed that 2020 is a do-or-die year for Oracle if they wanted to remain as a key contender in the Cloud market. Mortensen said, “Oracle has not been able to break into Cloud in the same way as their competitors and has so far not made the same “leap of faith” into this area as similar companies have. Unless the company makes a clear decision about their Cloud strategy and succeeds in communicating it to the market in 2020, Oracle may quickly find itself more of a niche Cloud player going forward.”

Oracle’s intentions to remain one of the leading global Cloud providers becomes clear as they actively expand their global coverage. Last week Oracle announced that, as part of their ongoing regional expansion plan, they have added local regions in Jeddah (Saudi Arabia), Melbourne (Australia), Osaka (Japan), Montreal (Canada) and Amsterdam (The Netherlands). This expands the reach of Oracle’s Generation 2 Cloud to 21 independent locations, and Oracle intends to further add 15 locations by the end of 2020. At OpenWorld last year, Oracle had announced their plans to have Cloud sites dedicated to the enterprise market as well as government customers.

Dr Alea Fairchild, Principal Advisor Ecosystm, thinks that Oracle appreciates the needs of their enterprise customers. “Oracle understands the sensitivity of the enterprise to the location and availability of their data, which remains an issue with Cloud implementations involving large data sets. They have broken some ground as the first public Cloud vendor with data centres in Saudi Arabia, and are putting efforts in to offer a minimum of two regions in almost every country in which they operate,” says Dr Fairchild. “From a corporate user’s perspective, regional data management and appropriate licensing models are still sensitive spots when it comes to database management.”

Getting Ready for the Hybrid Cloud Market

Oracle also appears to be ramping up for the growing hybrid Cloud market. Ecosystm research shows that more than a third of global organisations have adopted the hybrid Cloud and this will only increase. Given the increased uptake of hybrid and multi-cloud environments, Oracle offers preconfigured links between Oracle and Microsoft Azure cloud regions in the eastern states of the US, London, and Toronto, as part of the Cloud interoperability partnership announced in June 2019. Last year, saw another mutually beneficial partnership between VMWare and Oracle, that supports their customers’ hybrid cloud strategies, allowing the VMware Cloud Foundation to run on Oracle Cloud Infrastructure. Organisations can also avail technical support for Oracle software running in VMware environments both in on-premise data centres and Oracle-certified cloud environments.

“Oracle’s Generation 2 Cloud is now available in 21 locations and is on track to have a total of 36 Cloud regions up and running by the end of the year,” adds Dr Fairchild.  “But when compared to AWS, Microsoft and IBM, Oracle still holds a fraction of the market share.  They can be seen as a niche infrastructure provider, but indeed the partnerships with Microsoft and VMware are set to help Oracle’s Cloud business make traction with companies that are adopting multi-cloud strategies.”

2
MWC 19 – 5G’s Report Card Shows Key Industry-wide Changes

4.3/5 (6)

4.3/5 (6)

When I wrapped up my visit to this year’s Mobile World Congress (MWC) in Barcelona, I had wondered if my pre-trip question of what would the 5G story be after several years of being told that each preceding year was ‘the’ year. However, this year had a very distinct vibe to it, and I was rewarded for my pilgrimage to the Grand Fira.

Let’s not forget that technology takes longer to roll out that all of us want to think and 5G is no different. We have had no excuses since we only have to look at how long it took 3G and LTE to become mainstream and how long the transition from the prior technology took to move to the next generation.

However, the mobile and telecom industry is not the same as it was when earlier telecommunication tech was being upgraded. In the past hardware, benchmarks feeds and speeds dominated the marketing messages, but now it is about software, cloud and ecosystem collaboration. Gone are the days when the telecom equipment vendors ruled the conversation about their technology – that has clearly been replaced by IT companies leading the charge with topics such as virtualization, IoT, analytics and new services. Once there was a US automobile commercial that touted the latest edition of its cars was ‘This is not your father’s Oldsmobile’. Well, 5G is not your father’s telecom infrastructure!

This time around, operator and equipment vendors may have to take the collaborative partner role in any new digital solution. Instead of 5G projects being dominated by Ericsson or Huawei for example, there is a role for the likes of VMware, Microsoft, and Salesforce to be the lead company. In some cases, it could be Bosch, PTC, or Siemens while in others it could be Audi, BMW or Mercedes. The overall trend here is that all of these companies are being digitally driven to deliver new services to a customer that is firmly at the center of an ecosystem. The one industry sector who might lose out could be the telco operators who could be squeezed by the surge from IT vendor relevance, despite them investing heavily on 5G licenses. However, this time the operators are in a much stronger position to be the perfect channel for the massive amount of intelligence-laden data being created by smart connected devices that are not typical mobile devices.

So what was the outcome at MWC? I visited both the Huawei and Ericsson booths following pre-MWC briefing sessions to see if the customer buzz was there – and indeed it was.

 

Huawei Stand at Mobile World Congress 2019

 

Ericsson may have won the prize for the most crowded booth, while Huawei’s sprawling booth wins the most lavish and largest booth. The two company’s 5G messages could not have been more different.

The Big Two

For me, Huawei had invested heavily in making its hardware products very compelling for operators to install. Clearly, there had been a lot of research had gone into replacing existing infrastructure with massive performance upgrades and deployment friendly attributes e.g. size and weight of base stations that could be mounted by individuals rather than by cranes. The result of this strategy is that Huawei’s customers can quickly deploy 5G platforms with lower CapEx and OpEx thus creating significant incentives for operators to migrate to 5G networks.

Ericsson’s leading story was about migrating to 5G by highlighting its key enablers (i.e. carrier aggregation, LTE-NR spectrum sharing, and dual mode 5G cloud core). It appeared that Ericsson had moved its message off hardware (which, by the way, is still table stakes in any selection process and Ericsson had plenty of new 5G related offerings) and onto a strategy of smooth evolution and deployment at scale – a much more business leader discussion than a network, driven by software. Finally, both companies had strong messages around their AI capabilities to help their service providers make sense of the growing complexity of services that will be generated by the connected smart IoT devices.

The Importance of IT Software On 5G

IT and industrial companies played an increasingly important role at this year’s MWC as service providers and they became involved in deeper partnerships. 2019 was the year when the gaps for 5G between the network and IT services were being filled in. For example, I saw AR (augmented reality) solutions by PTC supported by Microsoft and being fed by data off a 5G network. This showed how industry, cloud and network service providers will accelerate new technologies.

In another example, Salesforce showed how Edge Computing events triggered Salesforce SaaS-based enterprise management services while being supported by AT&T’s 5G network and the modules being designed and tested at AT&T’s Foundry. Here, AT&T 5G network was being used as a high-value channel for Salesforce’s customers to run their business functions at the edge of the network.

Digital twins have shown up as a digital representation of a physical device or asset. However, this year, I saw a Wipro example of how 5G could drive digital twin concepts beyond physical assets and into the workflow, supply chain management, logistics and worker safety. Every ‘asset’ that was to be used in a factory floor was digitized into a digital twin and then a 5G network was used to monitor and manage every aspect of the factory. It seemed that Industry 4.0 had arrived in its full glory.

Finally, VMware continues to be the IT company that service providers will either love or dislike – I still don’t know which one it will be. VMware’s virtualization and cloud management capabilities have been extended right into 5G networks. For example, NFV (Network Function Virtualization) is critical to operators as they slice the 5G bandwidth into the appropriate services. VMware has its strategy correct when it says that it could virtualize the network just as it has with the cloud, but in doing so is making itself either a partner or a competitor of the operators for their 5G services revenues. 2018 was the year when VMware made a big splash at MWC, 2019 was the year when they showed that they have something to offer – will 2020 be the year when they take over the network software virtualization profit pools just as they did with the enterprise server virtualization market?

Crawl, Walk, Run

In conclusion, MWC 2019 was the year that the 5G gaps to make end-to-end infrastructure solutions where clearly being filled in. Service providers had stepped up their willingness to be part of the customer-centric ecosystem that is almost certainly being led by IT software companies. Telecom equipment vendors were offering technology solutions to speed up 5G deployments while making forward compatible solutions much easier. Finally, 5G-supported applications remain the last piece of the puzzle that MWC hasn’t addressed fully. As a result of the massively varied 5G use cases, there is still a look of curiosity on which industry will be the lead for 5G – will it be the auto industry with autonomous cars, will it be Industry 4.0 and the smart factory, or will it be smart cities with video surveillance. In addition, it is certain that IoT is still very much a necessary part of any 5G strategy just as AI outcomes continue to fuel IoT-based sensors in technologies such as the self-driving cars, AR, and digital twins. 2019 may have been the year that decided that it won’t matter whether the connected IoT device used licensed (NB-IoT) or unlicensed (LoRa) spectrum protocols as both will be seamlessly connected to a 5G network. IoT was not dead, it had simply grown up and was now integrated with more valuable solutions.

2