Category Archives: Cybersecurity

Healthcare firms go for the hybrid cloud approach with compliance and connectivity key

Commentary by James Bourne, Editor-in-Chief, TechForge Media for Cloud Tech News
18 February 2019, 14:02 p.m.

 

It continues to be a hybrid cloud-dominated landscape – and according to new research one of the traditionally toughest industries in terms of cloud adoption is now seeing it as a priority.

A report from enterprise cloud provider Nutanix has found that in two years’ time, more than a third (37%) of healthcare organisations polled said they would deploy hybrid cloud. This represents a major increase from less than a fifth (19%) today.

The study, which polled more than 2,300 IT decision makers, including 345 global healthcare organisations, found more than a quarter (28%) of respondents saw security and compliance as the number one factor in choosing where to run workloads. It’s not entirely surprising. All data can be seen as equal, but healthcare is certainly an industry where the data which comes from it is more equal than others. Factor in compliance initiatives, particularly HIPAA, and it’s clear to see how vital the security message is.

Yet another key area is around IT spending. The survey found healthcare organisations were around 40% over budget when it came to public cloud spend, compared to a 35% average for other industries. Organisations polled who currently use public cloud spend around a quarter (26%) of their annual IT budget on it – a number which is expected to rise to 35% in two years.

Healthcare firms see ERP and CRM, analytics, containers and IoT – the latter being an evident one for connected medical devices – as important use cases for public cloud. The average penetration in healthcare is just above the global score. 88% of those polled said they see hybrid cloud to positively impact their businesses – yet skills are a major issue, behind only AI and machine learning as an area where healthcare firms are struggling for talent.

It is certainly an area where the largest vendors have been targeting in recent months. Amazon Web Services (AWS) announced in September a partnership with Accenture and Merck to build a cloud-based informatics research platform aiming to help life sciences organisations explore drug development. Google took the opportunity at healthcare conference HiMSS to launch a new cloud healthcare API, focusing on data types such as HL7, FHIR and DICOM.

Naturally, Nutanix is also in the business of helping healthcare organisations with their cloud migrations. Yet increased maturity across the industry will make for interesting reading. The healthcare IT stack of the future will require different workloads in different areas, with connectivity the key. More than half of those polled said ‘inter-cloud application mobility’ was essential going forward.

“Healthcare organisations especially need the flexibility, ease of management and security that the cloud delivers, and this need will only become more prominent as attacks on systems become more advanced, compliance regulations more stringent, and data storage needs more demanding,” said Chris Kozup, Nutanix SVP of global marketing. “As our findings predict, healthcare organisations are bullish on hybrid cloud growth for their core applications and will continue to see it as the ideal solution as we usher in the next era of healthcare.

“With the cloud giving way to new technologies and tools such as machine learning and automation, we expect to see positive changes leading to better healthcare solutions in the long run,” Kozup added.

Photo by Hush Naidoo on Unsplash
————————————————-

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.png

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Infographic: The death of passwords

Enterprises need to start preparing for a future without traditional passwords, according to LoginRadius.

 

By Alison DeNisco Rayome, Senior Editor – TechRepublic | February 8, 2019, 4:00 AM PST

Enterprises trying to keep customer data safe struggle with weak links in traditional authentication methods and employee practices, according to a recent infographic from LoginRadius.

Most people fall into one of two categories: They use one password for every account, or they use a slightly different password for every account. However, neither of these approaches are very effective, the infographic noted. While 10 years ago, people only had to keep track of a password for email and banking, today, the average business user must keep track of nearly 200 passwords.

Companies including Microsoft are making moves to replace traditional passwords with biometrics and security keys. Others are beginning to realize that commonly accepted methods for creating strong passwords are not actually effective.

SEE: Password Policy (Tech Pro Research)

Here is the full infographic:

the-death-of-passwords-v01-02.jpg
Image: LoginRadius

5 Technology Trends Impacting State and Local Governments

Contributed by the Community Editorial Team at Comcast Business
View Profile

ComcastBusiness

March 01, 2018

State and local governments stand at the cusp of a technology renaissance, as new offerings and services are available to help agencies serve their constituents faster, more effectively and more efficiently. Technologies that once were thought of as “bleeding edge” now are increasingly ubiquitous, enabling government agencies to become more customer-centric in myriad ways, from answering billing queries to proactively identifying when customer data is being targeted by cybercriminals.

Read our white paper and view the infographic.

 

According to research firm Gartner, government CIOs expect to spend 28 percent of their 2018 budget on digital initiatives designed to increase the value of government to constituents.[1] Technologies such as analytics, automation, artificial intelligence and even autonomous vehicles all have the potential to enable governments to offer services and aid their citizens in ways that not only can improve the customer experience, but also save governments time, money and labor.

Imagine logging on to a government website and being “recognized” through facial recognition, then “telling” the site what you’re looking for in plain English and receiving the results instantly. Or imagine a self-driving maintenance truck that “sniffs out” and automatically fills potholes without human intervention.

On the surface, this may sound like the stuff of science fiction. But these scenarios are coming closer to being reality, as technologies such as artificial intelligence and autonomous vehicles are moving closer to the mainstream. And their effect on state and local governments would be transformational in providing services and keeping citizens safe from physical and cyber perils.

TECHNOLOGIES TO WATCH

The scope of technologies that can impact government services—and, in turn, our lives—is far-reaching, from robots that clean parks to systems that can create personalized cybersecurity by observing and learning from users’ behaviors. Some technologies are still more bleeding-edge than leading-edge, while others have the potential to be in service—and of service—today.

Five technologies in particular—artificial intelligence and robotics, autonomous vehicles, digital government, automation, and efforts to increase cybersecurity—demonstrate value to state and local government initiatives.

ARTIFICIAL INTELLIGENCE AND ROBOTICS

Of all the technologies that can reap the largest benefit for governments, artificial intelligence is perhaps the one most likely to have the biggest impact. In fact, a number of agencies already are using AI to handle tasks quickly that otherwise would take much longer for humans to do, such as sorting through massive amounts of paperwork to find relevant information.

Law enforcement agencies are looking at artificial intelligence as a weapon to help fight crime by improving video surveillance, spotting criminals in crowds through facial recognition, and even helping reduce the amount of time police officers spend writing reports.

Beyond artificial intelligence, robotics is becoming a way for agencies to spend less and do more. Consultancy firm Deloitte highlights the coming of process robotics, which it describes as “… computer-coded, rules-based software that uses ‘bots’ to automate repetitive, rules-based tasks otherwise performed by humans. Requiring minimal system integration, bots can be deployed in as little as a few weeks depending on the complexity of the process.”[2] Any high-volume, rules-based work can be performed by process robotics, which helps free employees to focus on more valuable customer-facing activities.

Bots are already being used by agencies to help improve customer service. Chatbots in particular are being used to answer questions via the web without the need for customer service agents—a technology especially useful for agencies that are understaffed and don’t have dedicated customer-facing employees.

Deloitte estimates that employing AI technology in the government space could free up as many as 1.2 billion working hours every year, saving $41.1 billion.[3]

AUTONOMOUS VEHICLES

While much of the conversation around government and autonomous vehicles has focused on legislating such technology, governments can benefit from the use of autonomous vehicles in multiple ways. Another Deloitte study notes that, as end users, agencies not only can improve their government-operated fleets, but also further the concepts of shared mobility and “other new types of travel through their procurement decisions.”[4]

The federal government operates a fleet of more than 600,000 vehicles, including U.S. Postal Service trucks and General Services Administration vehicles leased to various agencies.[5] In 2016, USPS vehicles were involved in about 30,000 accidents nationwide, resulting in about $67 million in repair and legal costs.[6] As a result, the agency is considering autonomous vehicles for its fleet, not only to help improve safety but also to increase productivity of letter carriers, who could ready the mail for deliveries during transit.

At the state and local level, highway maintenance departments could dispatch autonomous trucks to repair road damage such as potholes or broken curbs, clean debris from roads following a collision or events such as a parade, or clear snow and ice from roadways during inclement weather. Public transportation can also be a potential target for autonomous vehicles to help municipalities save on labor costs while keeping their fleets moving.

While autonomous vehicles can have the ability to negatively impact state and local budgets—the amount of revenue generated by traffic tickets is certain to decrease due to anticipated safer driving by autonomous vehicles—governments potentially have more to gain than lose from the technology, including decreased labor costs, increased productivity and lower legal costs related to vehicle accidents.

DIGITAL GOVERNMENT

The term “digital government” is an umbrella term used to describe technologies such as mobile services, common online identities and crowdsourcing—all designed to streamline services and improve the end-user experience.

Mobility in particular is an area where governments at all levels can increase the quality of their services and the efficiency of their employees. Apps can be used to access information quickly and easily, enabling citizens to, for example, see in real time where tree-trimming crews are slowing traffic or virtually check in to the local DMV office to avoid waiting in line. Mobile apps also can help government employees working offsite and in the field. Building inspectors can get instant access to building plans, permit applications and more, for example. Parks and recreation department workers can see the location and working status of every water fountain connected to an internet of things (IoT) sensor. And transportation department employees can remotely change the status of digital signage to alert motorists of changing traffic conditions.

Back-office systems that facilitate common identities for constituents also can help improve the user experience, especially when dealing with multiple agencies. Much like users can log on to various websites by connecting with social media sites such as Facebook, government agencies can use common identity systems to help simplify the process of accessing various agency sites to accomplish tasks, such as checking on the status of a request filed with the zoning commission or filing a police report for a hit-and-run traffic accident.

Crowdsourcing, once the purview of sites that harness user opinions to make recommendations on restaurants, hotels and more, is now joining the government fray, as more agencies are depending on the “wisdom of the crowd” to help collect and disseminate information. The federal government has established a site, citizenscience.gov, to help agencies encourage public participation to accelerate innovation. It features federal citizen science efforts in climatology, ecology and disaster response, among others, to help “engage the American public in addressing societal needs and accelerating science, technology, and innovation,” according to the site. At the state and local level, crowdsourcing can be used by agencies to gather real-time traffic information, monitor power outages and collect other data important to citizens, providing facts to the minute and on the fly.

AUTOMATION

Consultancy firm KPMG pegs automation as “the next step in government’s digital transformation,”[7] and with good reason: Automation is perhaps the most useful technology in terms of impacting government services from both the agency and the constituent perspectives. In particular, process automation can free employees from mundane tasks such as filing paperwork to concentrate on more meaningful projects or tasks that require their full attention, such as addressing constituent issues.

Automation is one step below artificial intelligence on the technology ladder; however, interest in “intelligent automation” is growing as a way to further enhance productivity while improving accuracy. Chatbots are a simple example of intelligent automation, while IBM’s Watson with its cognitive analytics, which has the ability to learn and solve problems, offers a prime example of more complex intelligent automation.

Automation is not a new concept in government or other industries, for that matter. However, as advances in artificial intelligence and robotics continue, automation will take on a much more important role in helping governments run efficiently and providing more valuable citizen services.

EFFORTS TO INCREASE CYBER SECURITY

As more processes and constituent interactions occur digitally, governments must do more to protect sensitive and valuable data from cyber threats. No longer should agencies worry about whether their systems will be breached; rather, they should worry about when their systems will be breached.

Researchers estimate damages from cyber crime will amount to $6 trillion worldwide annually by 2021.[8] Included in that amount are damage and destruction of data, embezzlement, stolen money, restoration and deletion of hacked data and systems, lost productivity, theft of intellectual property, forensic investigation, theft of personal and financial data, fraud, post-attack disruption to the normal course of business, and reputational damage.

As cyber threats continue to surge, so does the demand for qualified cyber security talent. However, a recent study by the Center for Cyber Safety and Education predicts there will be a worldwide shortage of 1.8 million skilled security workers by 2022.[9] Agencies must look for new and innovative ways, then, to secure their data and keep their systems safe from breaches and malicious activity.

The cloud is emerging as one tool in the fight against cyber crime, as technologies such as cloud workload protection platforms show promise in keeping data protected no matter where data resides—on-premises, in virtual machines or in cloud environments. Deception technologies, which are designed to throw off a would-be attacker, also can help, as well as endpoint detection and response solutions and network traffic analysis capabilities.

Artificial intelligence shows the biggest promise in improving cyber security, and is the technology upon which many of the new security solutions are based. It is evident that artificial intelligence will serve as the backbone for many, if not most, of the technologies powering the next generation of government services.

HOW THE NETWORK MATTERS WITH NEW-GENERATION TECHNOLOGIES

State and local governments are quickly reaching the point where adoption of new technologies is inevitable. Indeed, the efficiency and effectiveness of any government agency is dependent on the technologies it uses to provide services and protect the health and welfare of its citizens.

In preparing for their impending technology renaissance, agencies first must prepare their networks to certify they are able to handle the increase in demand. Artificial intelligence, cognitive computing, mobility and other technologies can stress the bandwidth of traditional networks and impact performance.

Agencies need to ascertain if they have the right foundation for both customer-facing and back-office operations, as well as new opportunities yet to be imagined. Today’s efficient networks comprise multiple technologies and platforms all chosen to ensure the solutions they support operate at peak performance without issue.

In building a network for the next generation of government services, agencies should consider an environment that includes both on-premises, cloud, and networking technologies such as SD-WAN and high-speed broadband to make certain traffic is handled efficiently over any type of network. And networking components such as WiFi and unified communications can ensure users of the network—employees and constituents—interact with each other using their preferred method of communication.

To help ease stress on an agency’s current network—not to mention the daily burden on IT managers—managed services can be utilized to offer certain constituent services, such as bill payments, without further impacting the network. Managed services can be used to help tie disparate systems together and “fill in the gaps” as agencies update their current infrastructure, and can prove useful even after networks have been upgraded.

Working with a network service provider can help ease the burden associated with building and maintaining a network capable of handling the bandwidth-intensive needs of the next generation of government services. By working with a third-party network services provider, agencies can leverage virtual and physical private Ethernet connectivity to assure critical applications perform as expected. They also can receive all or some of their most critical connectivity functions as a managed service, including managed connectivity, WiFi, security, voice and business continuity, among others.

CONCLUSION

New technologies loom on the horizon to help government agencies better serve their constituents, from answering billing queries to protecting sensitive data from cyber threats. The network on which these technologies run must be robust and flexible enough to handle the traffic and bandwidth demands of today and beyond.

View the PDF.

View the infographic: Trends in Government

 


[1] “Gartner Survey Finds Government CIOs Spend 21 Percent of Their IT Budget on Digital Initiatives,” press release, Gartner, April 25, 2017 https://www.gartner.com/newsroom/id/3693017

[2] “Process robotics in the federal government,” Public Sector Solutions web page, Deloitte, https://www2.deloitte.com/us/en/pages/public-sector/solutions/federal-government-process-robotics.html

[3] William D. Eggers, David Schatsky, Dr. Peter Viechnicki, “How artificial intelligence could transform government,” executive summary, Deloitte, April 26, 2017, https://dupress.deloitte.com/dup-us-en/focus/cognitive-technologies/artificial-intelligence-government-summary.html?_ga=2.17808368.871295872.1509472479-881865455.1507121216

[4] RJ Krawiec, Vinn White, “Governing the future of mobility,” Deloitte, Aug. 3, 2017, https://dupress.deloitte.com/dup-us-en/focus/future-of-mobility/federal-government-and-transportation-of-the-future.html

[5] Ibid

[6] “Autonomous Vehicles for the U.S. Postal Service,” report, USPS Office of the Inspector General, Oct. 2, 2017, https://www.uspsoig.gov/sites/default/files/document-library-files/2017/RARC-WP-18-001.pdf

[8] “Official 2017 Annual Cybercrime Report,” Cybersecurity Ventures, October 2017, https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

[9] “Global Cybersecurity Workforce Shortage to Reach 1.8 Million as Threats Loom Larger and Stakes Rise Higher,” news release, Center for Cyber Safety and Education, June 7, 2017 https://www.isc2.org/News-and-Events/Press-Room/Posts/2017/06/07/2017-06-07-Workforce-Shortage

 

Handling Candidate Data Will Be Under the Spotlight in 2019

Employment screening will benefit from AI, but the technology is not ready yet

By Roy Maurer, Online Manager/Editor, Talent Acquisition – SHRM Online – January 31, 2019

This is the second article in a two-part series. The first installment detailed the growing trends of social media screening and real-time employee monitoring, as well as the emerging acceptance of job candidates with criminal backgrounds.

 

Employers that conduct employment background checks will continue to feel the pressure to safeguard applicant and employee data in 2019. HR professionals will also be interested in how artificial intelligence (AI) technology will improve the screening experience, according to experts.

Data-Breach Concerns Lead to Increased Focus on Security

Data-breach protection, information security and compliance with privacy laws will be top of mind for those managing employment screening in 2019.

“The massive data breach suffered by nationwide credit reporting agency Equifax in September 2017 that impacted more than 145 million Americans—almost half of the country—was a wake-up call for all industries to improve their information security,” said Les Rosen, founder and CEO of Employment Screening Resources, a background-screening firm in Novato, Calif. “The need for background-screening firms that handle the personal data of job applicants to ensure information security has become mission critical.”

[Visit SHRM’s resource page on background checks.]

Montserrat Miller, an attorney in the Atlanta office of Arnall Golden Gregory and co-chair of the firm’s privacy and consumer regulatory practice, advised HR professionals to ask their screening partners how they are safeguarding personal data and what their notification protocols are in case of a breach.

“In addition to following the Federal Trade Commission guidance on the proper data-security practices, businesses that utilize a consumer reporting agency for their background-screening services should be sure to partner with one that has achieved accreditation with the National Association of Professional Background Screeners,” said Christine Cunneen, CEO of Providence, R.I.-based background-check company Hire Image.

Rosen said that employers should also consider using background-check firms that undergo an annual Service Organization Control, or SOC 2, audit from the American Institute of Certified Public Accountants to ensure high standards for the protection of privacy, security and confidentiality of consumer information used for background checks.

Miller added that “if HR prints the background-check reports for whatever reason, [the printouts] should be maintained in a confidential manner and not shared with anyone outside of the appropriate decision-makers.” She added that in accordance with the company’s data-retention policy, background-check reports must be disposed of properly, by destroying or erasing electronic files or shredding, burning or pulverizing paper documents.

Organizations conducting background screens of citizens of the European Union (EU) will also have to be mindful of the EU’s General Data Protection Regulation (GDPR), which took effect in May 2018. The law requires that employers receive consent to process a subject’s data, ensure that collected data is made anonymous to protect privacy, make data-breach notifications, safely handle the transfer of data across borders, and in some cases, appoint a data protection officer to oversee compliance.

“If an employer in the U.S. has international operations, and if there is going to be any exchange of personal data from employees in the EU to the U.S., then it needs to be aware of GDPR and needs to make sure it is in compliance with it and that its vendors are in compliance with it,” Miller said.

The maximum penalty for noncompliance is up to 4 percent of an organization’s annual global revenue or 20 million euros—whichever is greater.

AI Improves Background Checks But …

The use of technologies such as AI, machine learning and automation will enhance background checks in 2019, but humans still need to be involved due to discrimination concerns.

“Background screeners haven’t fully adopted AI in the screening process yet, but we are seeing signs of it where screeners continue to automate their operations,” said Jason Morris, an employment-screening consultant and industry expert with Morris Group Consulting, based in Cleveland. “In the past, we would simply throw people at processes and increase our labor for searches,” he said. “Now AI allows us to automate and put machines in places of seats, allowing for a faster and in some cases a more accurate background check. It’s exciting to see screeners innovate, and I’m confident you will see AI continue to grow in the industry.”

Conal Thompson, chief technology officer at background-screening company HireRight, said that AI will play a major role in the employee screening and recruitment processes by reducing the time to hire, improving quality of hire and improving the candidate experience.

“In today’s competitive labor market, in which a positive candidate experience in the screening process plays a major role in candidates’ decisions to accept job offers, utilizing AI to interact with job applicants faster and more effectively can make a real difference,” he said.

“Without a doubt, cutting-edge technology like AI plays a vital role in what we do to enable companies to outsource social media screening in a smarter, cost-effective and efficient way,” said Bianca Lager, the president of Santa Barbara, Calif.-based Social Intelligence Corp., a leading provider of social media screening reports. “Things like finding where people are creating content online and zooming in on places and types of content that could be risky for an employer are what AI is effectively delivering right now, which is a huge time and resource saver.”

Rosen added, “While there is no doubt AI technology and automation increase productivity, streamline processes and reduce turnaround time in the screening process, background checks still need a guiding human touch until sufficiently nonbiased AI algorithms can be created to ensure that discriminatory hiring decisions aren’t made.”

Since the AI buzz began, experts have been saying that “biased AI” can be created by algorithms shaped by human prejudices or insufficient data.

“Human augmentation is still incredibly important,” Thompson agreed. “Employers should keep in mind that most AI learns as it goes, which could present risks and have unintended consequences on the screening process. For example, if an AI application, after reviewing thousands of candidates for thousands of jobs, realizes that a significant number of candidates it has recommended has certain demographic attributes, it may bias its own algorithm with a preference for candidates who first meet those criteria.”

In addition, Lager cautioned HR buyers to be aware that just because a company markets itself as providing AI and machine learning doesn’t mean that it’s true. “Companies are taking giant liberties with those words as descriptions,” she said. “The key is to understand the limitations of that technology and how it affects the deliverable of the service or product you are buying. It is imperative to ask questions about consumer compliance with the Fair Credit Reporting Act and how data is acquired.”

5 things you can do in 5 minutes to boost your internet privacy

It’s time to break out of some bad habits before they come back to bite you.

With social networks working overtime to fight off fake news and fake users, data-harvesting apps sneaking onto the Play Store and some websites trying to turn your computer into a cryptocurrency generator, you may be getting a little anxious about the privacy of your personal data.

Thankfully, the process of getting your house in order isn’t complicated or even time-consuming. You’ve probably been thinking about trying some of these things already, and you just haven’t found the right time. The signs indicate that the right time can’t wait much longer, at the rate things are going in the cybersecurity world. So here are five major things that you can do in a matter of minutes to boost your privacy online.

SEE: Google Pay: How and why you should use an app like this to buy things at the store

Get a password manager so you can stop using bad passwords everywhere

Unless you are a savant, your brain can only handle so much complexity when it comes to creating and then remembering a robust password. If you’re like most people, your password is based on personal details that are trivial to figure out, like birthdays, street addresses and anniversary dates.

And we say “password” because you’re also likely to be using the same one for multiple logins. Maybe you change a letter or number here or there, but let me tell you: When push comes to shove, this will not be enough.

Thankfully, you can defeat this bad habit in just a few clicks, thanks to password managers. These are apps and browser extensions where you only need to remember one “master password.” The manager generates the rest of them, and you just paste these into a login screen when you need to.

The good managers even recognize what website you’re on, and they’ll present the correct entry, instead of requiring you to look it up. You won’t even need to know the password that the manager generates — just log into the manager, click the relevant entry and paste your password in the browser or app.

If you’re logging into something on a mobile device, you’ll also usually find an “Autofill” option if you long-press the location where you enter your password. Choosing this option should automatically open your password manager app and swap you over to it. Then you can copy and paste your password with a few taps.

Bitwarden (download for iOS or Android), LastPass (download for iOS or Android) and 1Password (download for iOS or Android) are all solid choices, based on our testing.

Set up app-based two-factor authentication to protect your online accounts

For websites and services where you need to ensure the security of your account, like your bank, passwords alone simply are not enough anymore. In this scenario, you need two-factor authentication (2FA) — specifically, the kind where a mobile app generates login codes for you. Not the kind where you are sent an SMS text message, because those can be intercepted or just fail to arrive.

With app-based 2FA, you log into an app or website like normal, then you open an app that generates a special six-digit code every 30 seconds. This authentication app is synced with the other app or service so that your code matches the one that the main app or service expects to get. You enter the code from the authenticator app into the app or website that’s asking for it, and then your login is complete.

Google makes its own free authenticator app for iOS and Android. Unfortunately, there isn’t a standardized method for setting up your account with 2FA. Amazon, PayPal, eBay and your bank will all use slightly different systems and terminology.

Arguably, the fastest way to getting them all up and running is to just do a Google search naming the website or app where you want to set up 2FA and adding the phrase two-factor authentication to your search request.

Set up a VPN or Tor to protect your internet connection from prying eyes

The last few years have seen an explosion of virtual private networks that are designed specifically for personal use. For those of you not familiar with a VPN, it creates an encrypted tunnel within your internet connection that’s difficult for someone to intercept.

This is particularly important because Congress ended a privacy rule in March 2017 that prevented internet service providers (ISPs) — like Comcast, AT&T and Charter — from selling your browsing habits to advertisers. If you want them to keep their noses out of your internet connection, a VPN (or Tor) is probably your best bet.

In fact, with a VPN, the websites that you visit don’t even get to see your personal IP address, nor can your ISP see where you’re ultimately going. Comcast, for example, can only see that you’re connecting to a VPN service, and the website you’re visiting can only see the IP address of your VPN server. That kills a lot of location data harvesting practices in one fell swoop.

Tor is similar to a VPN. Instead of a paid service, its servers are donated to the network in the interest of collective privacy and security. The tradeoff is that Tor is not fast. It’s built for anonymity rather than speed, so you won’t be streaming 4K video from Netflix.

In fact, Netflix and other media streaming services generally take a dim view of VPNs and Tor, because these networks are frequently used and sometimes abused to get around regional content restrictions.

You can access Tor on Windows or MacOS through a web browser that’s based on Mozilla Firefox (download for iOS or Android). Unfortunately, iOS still lacks an official Tor browser, due in part to Apple requiring all web browsers on iOS to use its own Safari app under the hood. However, there is an official Tor browser for Android.

Based on our testing over the years, you can probably trust IVPN (download for iOS or Android), NordVPN (download for iOS or Android) and ProtonVPN (download for iOS or Android). ProtonVPN is relatively new, but it’s also a product of the same people who make ProtonMail (download for iOS or Android), which is one of the most respected high-security email services around.

FOLLOW Download.com on Twitter for all the latest app news.

Set up a phone screen lock and keep your apps and operating system up-to-date

Your account security is only as good as the security that you use to lock down the devices that can connect to them. For mobile phones, this means having a legit lock for your lock screen. In the same way that passwords alone do not cut it any more, neither does swiping to unlock your phone.

Of course, at least on Android, the method to set this up varies from one phone to the next. But if your phone’s settings section has a search function, try the phrase lock screen. This should pull up a shortcut to the section of your phone’s settings that lets you set up a PIN code, fingerprint or facial recognition.

With a screen lock, someone who steals your phone doesn’t have access to everything that it can do — and it will lock out the generally nosy people around you. If you create an emergency contact on your phone, that will be accessible via the lock screen; so if someone finds your lost phone, or if you’re in need of medical assistance and can’t use your phone yourself, you’re not out of luck.

Keeping your apps and operating system up-to-date helps to close security holes, sometimes before they’re even publicly known. If the brand of phone you usually buy isn’t updating your operating system several times a year, we’d recommend switching to a brand that takes your security more seriously.

For operating system updates, Apple is by far the best all-around choice in this department — but not everyone likes iOS, iPhones lack headphone jacks, the devices can get eye-wateringly expensive, and services like Apple Messages can be difficult to disentangle yourself from if you want to switch to a non-Apple ecosystem.

On the Android side, Google’s own Pixel phones get monthly security updates, though they’re also lacking headphone jacks these days. If that’s not a blocker for you, then a Pixel is a pretty good choice for phones that get updates. If you take a lot of photos, in fact, the Pixel 3 is generally regarded as having the best mobile phone camera on the market.

Read more
 

How technology is tackling human trafficking

18/07/2018
By Alexon Bell, Global Head of AML and Compliance at Quantexa
Contributor to Global Banking & Finance Review

 

Technology is both a blessing and a curse for officials fighting against human trafficking.

With the rise of social media and a world growing smaller through communication platforms, alongside the accessibility of online advertisements and encrypted messaging apps, traffickers have a host of technologies at their fingertips to help entrap victims, advertise their services and cover up the trafficker’s own illegal activity.

However, new technologies are becoming increasingly sophisticated and are playing a key role in eliminating human trafficking. Some are used to discover and rescue victims, others to identify networks of perpetrators. Many of these advancements are beginning to empower governments to source the root of trafficking rings and stop the activity at its core. In turn, this puts a new and heavier responsibility onto banks and corporates to innovate and improve their systems to themselves spot any nefarious activity and feed this back into the global effort against trafficking.

Spotting victims

At the heart of each case of human trafficking is a victim, but knowing the identity of this victim is difficult. Hundreds of images of abused children are shared online every day – even if all of these are flagged, many will be duplicates of cases that have already been actioned. Understanding whether an image is a duplicate or a new photo – which would require a new response from law enforcement – is difficult as such images are hard to track.

Previously, traffickers wanting to proliferate an image could make small tweaks to it, such as adding marks or a resizing the photo. This creates a distinct image, making it impossible to trace back altered duplicates using traditional methods.

Now, technologies are being used to outsmart traffickers and distinguish new and existing images faster. For example, Microsoft PhotoDNA imposes a fine grid over an image and assigns a numerical value to each square, representing the “hash” – like a DNA signature for the image. Rather than scanning for whole images, the program matches a numerical hash against a database of known illegal images to match duplicate images instantly.

To help law enforcement turn this innovation into positive action, Thorn – a tech start-up founded by Ashton Kutcher and Demi Moore to fight child sexual abuse and trafficking – has partnered with Microsoft to allow organisations to add to and access a centralised hash sharing database. New images that have not been hashed are reported as belonging to a new victim – meaning law enforcement is alerted to a new victim sooner. This accelerates victim discovery and therefore, hopefully, rescue.

Preventing victim entrapment

Many perpetrators of modern day slavery use contract substitution to entrap their victims. Recruiters offer a lucrative contract to lure individuals abroad, but this is then reworded – often in a language the victim does not understand. Innovators are hoping that blockchain technology may soon help prevent this deception, if governments were to only issue visas when signed contracts are confirmed by the blockchain as matching those originally provided to the individual.

Finding traffickers

Traffickers can use technology to obscure their activity, but technology is also revolutionising the way officials are finding criminal networks. The key is joining the dots of information from NGOs, news sources, databases of known traffickers and details available to institutions such as banks.

Traditional human intelligence is gathered on the ground in a particular country by charities, looking at news sources, hearsay and other resources at their disposal. With many charities operating within one country alone, and much trafficking happening between countries, this information often then needs to be shared with governmental and intra-governmental organisations to compile a profile of a trafficker or activity more broadly. This traditional intelligence, however, is usually not enough to rapidly identify a network of traffickers.

Now, institutions like banks are helping combine this human intelligence with innovative technologies which joins the dots of information from these organisations with the bank’s own internal data and other third party sources. Using big data, artificial intelligence software is able to find links between individuals and their transactions, addresses, associates and company ties, alongside a mass of other relevant information which may suggest nefarious activity when seen in its proper context. By resolving these separate entities, AI tech can build a detailed picture of a criminal’s network, putting an individual transaction or relationship in its wider context. Using a combination of human intelligence and digitally compiled insight, organisations can identify traffickers and their connections.

While some technologies are accelerating trafficking, others are vital in tackling against this devastating crime. The combination of human intelligence, artificial intelligence and the sharing of information is starting to pay dividends.

Whether helping to identify victims, preventing them being ensnared or detecting traffickers themselves, innovative technology is helping at every stage of the fight against trafficking, enhancing processes to make every effort more efficient, effective and accurate – and, ultimately, life-saving.

————————————–

Side note to this article/report by Alexon Bell: I will be following up on the human trafficking issue in the near future with a Commentary. It will include key links to Fact Sheets, Quantexa’s specific involvement, including other organizations on the front lines. You may consider becoming involved (directly, donations to key organizations, etc.), and those sources will be added as well.

Bill Owen – TechNewsBlog.net

 

Disrupting the Outsourcing Model

Steve Maylish and Shannon White, Fusion Biotec – 01.31.19
Contributors to MPO Columns

The rise and relative success of companies dealing in cloud-based systems has revolutionized how we handle data. This is prompting a shift away from traditional software, hardware, and legacy systems, and enabling companies in new and unexpected ways. As cloud-based data systems rise to meet the needs of the modern world, will legacy systems eventually become obsolete? How will this change outsourcing?

In last June’s MPO 15-year anniversary issue, we looked at medical device outsourcing changes over the last 15 years. The industry changes cited were mostly based on OEM attitudes, improved quality and standards, increased competencies, and a growing willingness to outsource. Now we are in the midst of a new paradigm shift. Examples of this are everywhere: Netflix versus Blockbuster, Amazon versus retail, AirBnB versus hotels, and Uber versus taxis—just to name a few. Since the advent of cloud computing, disruption has accelerated. As traditional business models change, will medical device outsourcing experience disruption?

There are great advantages and disadvantages associated with cloud computing and software as a service (SaaS)—some of them more real than others. SaaS delivered via the cloud often doesn’t require users to load, maintain, update, migrate, partition, archive, audit, backup, or license software. It often costs less, reduces the need for IT services and hardware, and is easier to use. But what about the downside? Security, always-on availability, performance at scale, enterprise compliance, and data integrity are important for cloud services. These features are essential for the cloud business model.

First let me share a success story: Salesforce, which launched in 1999. It initially offered a simple, low-cost, cloud-based system to service small and medium-sized companies, but now have disrupted the customer relationship management (CRM) industry. Eventually, Saleforce’s CRM software outsold IBM, Oracle, SAP, and Microsoft. By building a cloud-based system and offering SaaS, users can collect, categorize, analyze, and distribute information on product sales, customer purchases, and sales staff performance. The information can be shared across sales departments, supply chain, management, and executive teams. It can be used on smartphones, tablets, laptops, and desktops. Cloud computing provides shared infrastructure and instant scalability. Salesforce provides continuous improvement for their services.

According to “disruptive innovation” theorist Clayton Christensen, “Disruption describes a process whereby a smaller company with fewer resources is able to successfully challenge established incumbent businesses.” This is certainly true of companies like Netflix or Uber. In fact, a number of industries have been disrupted by SaaS and cloud computing: HR services, payroll services, booking systems, project management, IT, accounting, CRM, software, and eventually medical product outsourcing.

For a healthcare provider like Kaiser Permanente, big data can be complicated and an impediment to change. Sam Gambarin, director of the Cloud Services group at Kaiser Permanente, said, “We wanted to provide our [software] developers with a standardized central platform and shorter time to market. Also, we wanted to optimize our existing systems of records.” To achieve this, Kaiser uses a hybrid cloud solution: an internal data center and external cloud provider with IBM Cloud, plus multiple SaaS providers.

Providence St. Joseph’s Health system uses the cloud-based electronic health record from Epic because its interoperability enables them to practice better medicine, receive appropriate reimbursements, and improve patient experience. For decades, there were failed startups in the healthcare interoperability space. Migrating electronic medical record management to the cloud now provides a viable solution.

While cloud migration is happening at large healthcare providers, disruption is more likely to come from startup companies like Bright Health, Devoted Health, Clover Health, and Oscar Health—Alphabet’s $1B+ investment. These “payvidors” offer patient-centric care designed to support and monitor patients by using data science to cut costs and promote preventative care. Some work with prescription services. Others use genomic data, machine learning, and artificial intelligence to promote health. Some offer in-home primary care programs and house calls.

On the medical product outsourcing side, consider contract engineering. Before the cloud, engineers and hobbyists with small budgets couldn’t afford most professional engineering design software like SolidWorks or Cadence. Now, a number of SaaS companies like Onshape or CircuitMaker offer inexpensive or free software that allows designers to share their work and build on others’ work, decreasing time and reducing risk. The continuously growing database eliminates the need for footprint design for common parts. This open-source approach has helped the maker community flourish in recent years, building on the efforts of companies like Raspberry Pi and Arduino to make powerful hardware building blocks widely available.

For mechanical design, Onshape is a SaaS model created by former designers of Solidworks, a legacy software package. Unlike Solidworks though, Onshape updates itself silently every two weeks and is billed per engineer at a low monthly fee. It holds major advantages over its predecessor with its ability to be used in real time by an entire design team located anywhere with a network connection. Import and export capability allows Onshape to ease the transition from legacy systems.

Disruption will happen in the industry as free, open-source development software is introduced to hobbyists and later works its way through commercial businesses. With cloud and SaaS, multiple people can view a file at once, reducing the amount of time spent on editing. Users can share the document with a large number of people through their browsers, inviting them to view and edit the document in real-time. Furthermore, any edits to the documents are saved automatically as the author types, which prevents accidental loss of data.

Concerns about data integrity during the switch to cloud-based systems are natural and bound to arise. Questions regarding security, accessibility, and cost are among the most asked. Data safety is one of the most prevalent concerns and why most cloud service providers make security their top priority. Cloud infrastructure is constantly monitored, while controlled access to data and frequent auditing reduce the risk of human error and flaws in security protocols.

One company facilitating migration to the cloud is Corent, whose SurPaaS platform analyzes and migrates software applications to the cloud and can even rapidly transform the software application to a SaaS model. Scott Chate, vice president partner and market development at Corent Technology, predicts, “The ongoing global transition to the cloud-based SaaS model is going to affect every industry.”

In a few respects, however, cloud fails to meet the precedent set by its legacy predecessors. Cloud software is often not as refined as older legacy software. Due to this, experienced legacy users often balk at using the new software. Furthermore, cloud systems are often heavily dependent on network reliability and bandwidth. Any outage can leave companies stranded without access to data. Most drawbacks to cloud programs, however, are mitigated by their higher processing power (provided from running on a server) and ability to efficiently update.

It was easier for our company to start in the cloud and incorporate SaaS into the business model. The cloud offers us many advantages. We can securely work from anywhere, using any computer or mobile device. We can leverage previous design work. Reliability is extremely high because cloud providers can invest in infrastructure. Data is stored in a centralized facility with stronger security measures than we could provide on our own, and files can be downloaded when needed. It’s simple to add, remove, or change software and users. Total cost is lower because we require less physical infrastructure and support staff. Our customers’ experiences have changed the way we connect and collaborate, how we do business and, by default, how we innovate. Ultimately, we are more efficient.

Engineering service providers launching new companies today can begin in the cloud, requiring less physical infrastructure and support staff. However, the industry is just beginning to shift from legacy software to SaaS, which won’t be easy for established medical device companies. Eventually, it will transform contract engineering and contract manufacturing services as they migrate to smart manufacturing. Cloud computing is so disruptive because it pressures entrenched firms to modify their business model, often involving changes to business strategy, revenue models, sales channels, and technology.

Jeff Hawkins, president and CEO of Truvian Sciences, reveals, “When Truvian decided to leverage engineering partnerships, we didn’t want to outsource in a classic sense but rather find partners that could operate as an extension of our team. In order for that to be successful, you need a partner with the right company culture and the right tools to facilitate real time collaboration, regardless of where the teams are physically located. New technologies are allowing us to collaborate digitally with our partners on everything from engineering designs using Onshape, to project planning using Smartsheets and general project file sharing using tools like DropBox or Box. These tools make it possible for anyone without training to participate in the process from any location with the [use] of software viewers.”

Technology is evolving faster than ever and business models are changing. The cloud is more secure, cost-effective, and accessible than alternatives, and it’s getting more powerful every year. There are now millions of students using the cloud exclusively. This upcoming generation lives without many past computer constraints.

Like the education system and numerous other industries, the cloud is beginning to disrupt medical device outsourcing. Entrenched companies with legacy systems currently have the high ground, but the cloud is changing everything. With today’s services, remote teams can connect instantly. Cloud services allow for SaaS usability without downloads or installs. Cloud providers make instant scalability possible. Cloud computing and SaaS provide hosting, backup, and security running on various operating systems and mobile apps. If you’ve ever been frustrated with IT requests, firewalls, or internet controls, there’s good news—a solution is on its way!


Steve Maylish has been part of the medical device community for more than 30 years. He is currently chief commercial officer for Fusion Biotec, an Orange, Calif.-based contract engineering firm that brings together art, science, and engineering to create medical devices. Early in his career, Maylish held positions at Fortune 100 corporations such as Johnson & Johnson, Shiley, Sorin Group, Baxter Healthcare, and Edwards Lifesciences.

Shannon White is an engineering student, SaaS user, and intern at Fusion Biotec.

« Older Entries