This Week’s Technology News – 26th September 2014

Just Google it – or maybe not
Google is for most people, the ‘go to’ place for finding information on the internet and has been the dominant player for quite some time. Users of Google’s search service are not likely to complain, being happy with the service and its many improvements over the years. In Europe it accounts for 90% of all search traffic effectively holding a monopoly in the search arena. The European commission opened an anti-trust investigation into Google in November 2010 after complaints from competitors that its search service favoured its own services such as Google Maps, Play store, Google mail and more, giving Google an unfair advantage. The EU warned Google that they would need to give equal prominence to rival search engines to prevent anti-trust fines.

These disputes have yet to be resolved as the EU remains unhappy about how Google has reacted to these complaints after three attempts. Google’s last proposal was to allow competitors to bid for reserved space at the top of search results. This was rejected by the EU for a range of reasons including that this would allow Google to make money out of these changes. If the next proposed changes don’t appease the EU, the next stage will be a fine. Anti-trust laws can result in fines of up to 10% of annual sales, which for Google last year amounted to £33.8 billion, so no small change there.

Google’s current search disputes with the EU draws significant parallels to Microsoft’s browser woes which started back in 2007 where it’s inclusion of Internet Explorer with Windows secured a 90% market share effectively excluding other internet browsers. After several proposals the final outcome was for Microsoft to have to give Windows users a choice of browser with the automatic ‘browser choice’ popup, which has stayed on Windows to this day. Since then Microsoft has been fined for failing to deliver the ‘browser choice’ to specific scenarios of Windows usage. Microsoft’s browsing market share today now sits at 57.69% – a far cry from its dominant position before.

It is uncertain if Google will be affected in quite the same way Microsoft was if they need to implement similar changes, but it would be a thorn in their ‘all Google’ ecosystem. Google may be happy to take a substantial financial hit from the EU, though it is not clear if this would be a one-off or continued annual charge if they do not make the necessary changes. Either way this will not be an easy decision for Google, having seen the fall of Internet Explorer. The next proposal will certainly be an interesting one to follow and one that could change search engine prominence for years to come, possibly with the loss of the ever common response: “just Google it”.

Devastated by Shellshock
A major flaw which has been nicknamed ‘Shellshock’, has been discovered in the Unix Bash shell. This leaves Linux machines, OS X machines, routers, older IoT devices and others more vulnerable to attack. With Linux hosting appliances, web-connected devices, web servers and web-powered services, the Bash shell and Mac OS X Mavericks would also be affected.

Attackers can run code on your machine after exploiting the flaw, but the worry, exposed by PC World, is that this flaw has been in the Bash shell for years and is likely, because it is so embedded in systems, to be found in unpatched systems for a long time to come (although those using good security should hopefully avoid heavy compromise).

With memories of Heartbleed still fresh in the minds from the wide use of OpenSSL security protocol, Shellshock is being seen by some as having similar gravity because of the extent of devices affected.

Countering this, Red Hat, Fedora, CentOS, Ubuntu, and Debian and internet service providers have already put out patches to plug Shellshock.  It could however last for years as a large amount of software interacts with the shell and with so many old devices on the network this will leave vulnerability to the bug. Some commentators are cooler about the worries because most systems installed with Bash cannot be remotely exploited, thus limiting harm.

To test if your version of Bash is vulnerable to this issue, you can run this command:
$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the system responds with the following you are running a vulnerable version of Bash and should apply any available updates immediately:
this is a test

Keeping systems and security up to date will always help minimise fallout and phishing attempts from such incidents.  Given that this has only just come out, no doubt many more notorious incidents will follow in the future.  For organisations who have not reviewed their IT infrastructure to establish their levels of security and governance procedures, now might be a very good time, whether you are using Linux or not.

blog 26-9 verify

I promise I am who I say I am, Sir
The ever-increasing threat of internet fraud has prompted an identity assurance system called Verify to be created by the award winning Government Digital Service.  Still at beta testing stage, it could potentially mark a huge step forward in the process of formalising secure verification for end users, businesses, public sector organisations and governments, which all interact with each other.

It is being promoted as a one-stop shop for proving your identity for a range of government services, which could include filing and paying your tax return, or renewing a passport or driving licence.  The UK is apparently leading the world with this testing, so all eyes are on to monitor its success (with banks and other commercial organisations taking great interest in the results).

The initial registration process should only take 10 minutes and thereafter creates a secure assured platform confirming you are who you say you are, from which the user can interact with any of the companies or organisations with a short circuited ID route.  In practice the user would firstly select the company needed to verify them (ie. Experian), then provide personal details including passport or driving licence number and link this to a phone number (mobile or landline). The user would then be given a one-time code prior to proceeding further.

With testing outsourced currently to Experian and US company Verizon, the longer term plan is for the application to be used by The Post Office, banks and UK mobile phone operators etc.  The process is complex and still a long way from being ready to launch.  Technical glitches need ironing out, as well as ensuring the customer experience for frustrated users unable to complete the verification process is fit for purpose.

Secure ID verification is a tremendously thorny subject given the high levels of internet fraud, so getting us to a more secure place is terribly important.  However, added to this is the issue of trust.  Will users be comfortable to have such unification and data sharing between distinct organisations and Governments?   It is the same uncomfortable route that public services are increasingly going down under the aegis of cost savings:  eg. co-location of community and council services with police stations. It sounds good on paper, but may be a vision of convenience too far from the State without proper consideration of public appetite.

collaboration visual
Connected employees driving changes in the workplace

Meetings on average, occupy one third of our working lives, yet much time is wasted with late starts, bad connections or out of date tools.  With the increase of collaboration, both physical and virtual, the modern mobile professional workforce demands tools which are agile, easy to use and secure.

A recent survey found 73% of workers take a laptop, smartphone, tablet or combination of devices into physical meetings.  Additionally, 55% of these professionals are using smart devices to share documents and visuals with meeting participants as an alternative to projectors and monitors.  Rather more worryingly for organisations, the consumerisation of technology has led to employees using their own apps and devices into meetings and choosing their own web conferencing tools. 65% of all workers surveyed had a backup conferencing or collaboration tool they chose to use in lieu of the corporate solution.

With an increasingly mobile workforce, if real-time, secure collaboration and productivity is to be demanded and delivered, then businesses need to review their systems and apps to establish the most appropriate route whether corporate devices or enterprise BYOD strategy to ensure that the people and productivity solution is fit for purpose and wraps data security and policy management together. Only then, will collaboration be seen on both sides as offering the flexibility and answers for the user and the security and peace of mind to the organisation for where and how the data is and can be shared and stored.

Lost no more – tracking technology going truly global
Location tracking technology has evolved substantially in recent years, making the leap from stand-alone device for use in a car to being incorporated into almost all portable smart devices including smartphones, tablets and now smart watches. Not only has the technology got smaller, but also smarter than ever. Google and Nokia are hard at work making indoor location tracking available in more locations. So whether you are driving or hiking- or perhaps needing directions whilst exploring a large indoor area such as a shopping centre, you are likely to be covered with the device in your pocket.

Flight tracking technology has not had the same push as mobile. Its accuracy was fully tested on 8th March with the disappearance of Malaysian Airlines flight MH370 and found to be wanting due to the alarming gaps in information. The airline technology was unable to accurately pinpoint the location of the missing aircraft and led to enormous areas being searched over land and across the seabed for two months without result. The existing radar system does not have global coverage and is reliant on the transponder, which failed in the case of flight MH370.

Aireon (a subsidiary of Iridium Satellite) is promising global coverage for aircraft tracking so no matter where on the planet an aircraft goes missing, they claim it should be possible to locate it. The system is currently in development and due to launch in 2017, but Aireon plan to make it available free of charge to the aviation community, emergency services and search rescue teams. Aireon uses a variation of the Automatic Dependent Surveillance Broadcast (ADS-B), with 66 “Next” Low Earth Orbit (LOE) satellites to essentially cover the globe. With global reach achieved, the intelligence of location data will be the next drive in this area. Google has already made great strides in adding context to location data with Street View. Interactive points of interest information and indoor mapping has already begun, but is still in the early stages. Even with all this data collected there is still the need for intelligent systems to interpret this on new devices such as wearables as well as bringing the new data back into the car. Location based services have added value and greater investment in both location and information accuracy will enhance and create an elevated user experiences and increase the security and safety of people worldwide.

With these technological advances, finding aircraft should be quicker in future, potentially saving lives as well as offering a degree of closure to anguished relatives. But a warning bell must also sound out around the question of data security with a global data network like this in operation, where it could be accessed potentially by third parties. As long as this aspect is also thoroughly reviewed then it should be win-win scenario.

Amicus ITS shortlisted for major UK IT awards

Amicus ITS shortlisted for major UK IT awards

Two members of staff have been shortlisted in the prestigious UK IT industry awards.

JP Norman, Head of Technology & Governance has been shortlisted in the ‘Security Professional of the Year’ category, with Service Desk Analyst Mercedes Coombes, a Service Desk Level 2 Analyst, selected for ‘IT Service & Support Professional of the Year’.

The two Amicus ITS candidates will be facing tough competition and are up against entrants from Virgin Media, LV Insurance, National Grid, Lloyds Banking Group and KPMG.

The UK IT Awards, part of The Chartered Institute for IT, recognise excellence and outstanding performance throughout the UK computer industry. The awards focus on the contribution and achievements of individuals, projects, organisations and technologies that have excelled in their use and the successful development and deployment of IT in the past 12 months.

Amicus ITS Managing Director, Steve Jackson said: “We are thrilled to have been shortlisted for what is one of the most important awards for our industry. It is an incredible achievement and deserved recognition for these individuals who bring innovation and insight into their roles to help our company provide an outstanding service to our clients.

“We are up against stiff competition from some of the biggest household names in the UK. Nonetheless, earlier this year we were crowned No.1 IT Managed Services Provider in the UK and Europe and placed 13th in the world earlier this year, against over 2,000 IT companies worldwide, so I firmly believe we have every potential to go the full distance and wish both JP and Mercedes every success as finalists.”

Winners will be announced at a glitzy awards ceremony taking place in London on the 12th November 2014.

This week’s technology news – 19th September 2014

Heavyweight US auditors report glaring holes in US healthcare website security
It will come as no surprise that a government website is a leviathan and complex structure, often leaving much to be desired from a user friendly point of view.  However, one will always hope and demand that such a public body website is at least safe to use.

This was not the case, as the Government Accountability Office found with, run by “CMS” (Centers for Medicare & Medicaid Services) in the US.  “Technical controls protecting the confidentiality, integrity and availability” of data, were found to be lacking.  In particular, they identified the operator’s failure to enforce strong passwords, implement software patches and properly configure the administrative network for the “Federally Facilitated Marketplace” (FFM) – this being the area where US citizens buy their health insurance.   Whether or not the end user dislikes eight or more character passwords, it remains a base necessity, until tighter personal verification procedures are deployed like biometrics eye, fingerprint or vein scanners as we have documented recently.

With more than $500m spent to date on the site’s construction however, public sympathy will be hard to find.  At its core, secure network connectivity, authentication procedures and threat and vulnerability management must form the base strategy of any good governance plan going forwards.  Public sector bodies, like many large and long established organisations, whichever side of the Pond, are often burdened by complex legacy systems (in this case backend integration connects the federal site to federal agencies, state governments and insurance companies). So, a central part of any security review should seek to work towards simplification of the IT infrastructure to make it more manageable in future, rather than just adding more sticking plasters and spending on quick fixes vs a long term solution of commercially construed investment and the chance to regain trust with its public.

KPMG id’s the most disruptive IT trends
In KPMG’s Global Technology Innovation survey of 768 technology business leaders, respondents reviewed disruptive trends across technology and identified the Internet of Things (IoT), 3D printing and biotech (healthcare IT), as the top three most likely to impact on the way people work and live over the next three years.  This is more than double the number of responses to these topics in KPMG’s 2013 survey.

Other technologies identified as most likely to transform enterprise included: mobile, cloud computing, big data analytics, digital currencies, artificial intelligence and autotech.

ABI Research in New York estimate that there will be 40 billion active wireless-connected devices by 2020, more than double the present number.  ABI Research also predict that this explosion will be driven by IoT (Gartner estimated that IoT would drive increased installation to a lower figure of 26 billion units).

It is the risk factor associated with disruptive technologies that is challenging swifter adoption by businesses.  However, analysts anticipate that those companies prepared to gamble will be the ultimate winners.  Business leaders in the survey believed that so-called ‘intelligent shopping’ has the greatest potential to generate revenue because of IoT (20%) – as devices communicate with each other. Respondents also suggest home automation (14%), and surveillance/security and social interaction (12% respectively), will also act as revenue drivers in the next three years.

Digital currency Bitcoin, was also identified as one of the emerging technologies most likely to impact on business between now and 2017. However, geography played a massive part in differentiating countries anticipation of wider exploitation of this method of payment:

 Europe (32%)    America (15%)    China (70%)

Counterpoints to advances will always exist and those cited most commonly as likely to limit or constrain innovation were :
• Restrictive regulatory policies – 34%
• “Consumer fatigue” – 29%
• ROI – 27%
• Security – 27%
• Technology complexity – 22%
• Customer adoption – 21%

Rome was not built in a day, but the end user has come a long way and fast in technology.  With such a crowded marketplace, official standards will be required with the IoT (see 4th July 2014 blog) and growth and opportunity for MSPs and providers will come through intelligent mapping and strategy, with the winners including good governance in their plans.

UK No. 3 in world connectivity rankings but can we stay at the top?

Fast and reliable internet connectivity has long since moved from being a luxury to an absolute necessity. Being able to connect instantly to customers, providers and partners is vital in today’s economy.

A newly released study from major Asia telecoms manufacturer Huawei, has ranked countries by score on internet connectivity. This is not just wired broadband connections, but access to high speed mobile internet on smartphones. From these scores, the UK has been ranked third  worldwide, just behind the USA with Germany taking the top spot.

Specific industry sectors are driving the growth of connectivity more than others including; finance, education, oil and gas and manufacturing.   The impact of better internet connectivity was also attributed as being directly linked to the GDP growth of each country, varying from 1.4% to 1.9% per capita and Chile and Kenya scoring very highly because of their relative scales of investment in telecoms infrastructure.

Whilst being ranked third worldwide in connectivity is definitely something for the UK to be proud of, we are still faced with the legacy of BT having an unreasonable monopoly still on infrastructure provision. This is different to the slightly more competitive market in Germany and a far more competitive landscape in the US. The effect may be to restrict the wider enablement of businesses long term in being able to compete if we are to count it on a truly nationwide basis vs the continual plugging of high speed connections to our main City hubs.  With faster and more accessible access to high speed internet comes greater opportunity for our country in the future.  We cannot rest on our laurels though; the majority of the UK score comes thanks to its current connectivity, with a smaller portion dedicated to Growth Momentum.  There is still an urgent need for deep investment and a level playing field in both wired and wireless to keep on top of the game – and for that the Government and regulators are the only ones able to change the landscape.

The rise and fall of Smart Phone sales
Many things in the world of technology change at a rapid pace, with fierce competition in development of new, innovating hardware and software enabling new devices to come out of a left field, taking many by surprise. Some trends however stay fixed. Apple announced the iPhone 6 and iPhone 6 Plus last week on schedule, taking no one by surprise. This week Apple announced another pre-order record for both smartphones topping over 4 million pre-orders so far. This yearly event is naturally a big deal for phone networks and retailers, with all taking pre-orders, including independent mobile phone retailer Phones 4u.

This week Phones 4u, despite financial stability and plenty of pre-orders for the iPhone 6 went into administration. This comes from the unexpected news, for Phones 4u at least, that both Vodafone and EE (parent company of both Orange and T-mobile) would not be renewing contracts, preventing Phones 4u to sell subsidised phones on their networks. Earlier this year O2 pulled support, which would have left them only able to sell Virgin mobile contracts.

So why would all the major UK network carriers pull out of what appeared to be a successful partnership? The allure of higher profit margins is likely to be the top reason. Selling phones exclusively direct forgoes splitting profits with an independent. Back when Phones 4u opened shop in 1996, splitting profits made a lot more sense to expand reach and brand awareness.  But the mobile industry is a very different beast today, with the only players left being giants. In addition new strategic partnerships, such as rival Carphone Warehouse and Dixons increasing their already dominant high street presence, made Phones 4u the weaker of the two to attack.

Carphone Warehouse despite its stronger position is likely to be doing its best to secure future contracts on a longer term basis and evaluating alternative strategies just in case. A stronger emphasis on non-network subsidised plans and its own phones services is a better tactic. The closing of Phones 4u will mean less competition and potentially higher prices when buying contracted phones from your network carrier of choice. When you contract is up for renewal, consider buying your phone separate to your phone plan as now more than ever, this will likely be the more sensible route going forwards as the US model is showing.



This week’s technology news – 12th September 2014

Financial services organisations not very motivated in defending against cyber threats
A leading software security firm has published its “Global IT Security Risks 2014 – Online Financial Fraud and Protection” survey.   Panelling opinions from 3,900 B2B IT professionals, 82% of respondents said they would consider leaving a financial services firm that suffered a data breach.

The survey also found that the vast majority of 93% of financial services organisations had been exposed to cyber threats between April 2013 and May 2014. With 74% stating that they based their choice of financial services organization on its security reputation, there is clearly a lot of work to be done by the industry worldwide to make themselves more robust against threat.   34% said that the protection of sensitive information was a top priority for their IT department.  However, 27% said they are currently willing to suffer losses due to cyber crime because they believed the cost of protection would outweigh the cost of the losses.

Given the rising sophistication and increasing damage caused by cyber attacks, this may be a stance that has to change in the course of the next 12 months.  It is imperative for any company to maintain maximum operational, reputational and commercial output, but it seems extraordinary that financial organisations seem to be flying against logic in such numbers by not having adequate security and policy safeguards in place considering the value of their customer data and financial information. Added to this is the immense potential fallout on their reputation if an attack led to a data breach.  The very first step for any organisation without proper security safeguards and policies, should be to have an independent review to establish where risk lies across their IT infrastructure and get consensus at Board level to invest in this vital area if they are to protect their business.

The real test for wearables
Apple is rarely the company who creates bleeding edge technology or even new product categories but often is the company who manages to later refine and introduce this technology to the masses. The best example is the iPad. There were many attempts in making the tablet a successful category which was arguably mostly pushed by Microsoft. Microsoft had been deeply involved in the development of Tablet PC’s working with OEMs to create Windows powered tablets capable of running full PC applications with touch and voice recognition, coining the term ‘Windows Tablet PC’ in 2001 with Windows XP tablet PC edition.

The iPad was later released in 2010, taking a much different approach with a stripped down operation system which could not run Mac software, but only new mobile focused apps. This of course was a staggering success, and Apple has since sold over 200 million iPads. Although they did not create the tablet market they managed to change it from a niche to the juggernaut industry it is today.

With the Announcement of Apple’s first wearable, titled simple watch the key question is can it have a similar effect to the wearables category? There’s already a lot of players involved including Sony, LG, Fitbit and Pebble each having launched with various degrees of success but no one player is shouting sells figures, at least not yet.

A big success for watch will be a big success for all parties involved. Looking back historically, the real test for wearables then is watch. If Apple is unable to find financial success here using its tried and true method of repackaging existing technology in a very user friendly way and using its unique and vast marketing approach to convince new consumers and of course there large existing Apple fan base to give this new product category a try, then it’s unlikely anyone else will for now. If it is unsuccessful we will have to wait some time, possibly like the gap between Tablet PCs and the iPad for the next generation of technology and innovators to step in and show us how wrong everyone’s previous attempts were, giving wearables the kick-start from individual successes in a niche to a product category spanning consumer and corporate and accepted by the mainstream majority.

Chess games ahead as opportunity and risk face the data centre market
Leading technology researchers, Gartner have identified four key factors that will radically shake up the data centre market by 2016.

The four are: nationalism, highly disruptive competition, big cloud provider dominance and economic warfare.  Whilst certain elements are already in play now, each will have varying intensity and timeframes, but a major change in one sector would significantly accelerate market disruption of the others and overall impact.  This review alters the current assumptions of the growth of data centres, based on a traditional enterprise IT end user models and a vendor market that seeks to support the status quo.  The introduction of risk as part of the scene will change this landscape.

Gartner see vendor behaviours falling into three categories:

  • Protectors – aggressively defending market share and profits.
  • Evolutionary disruptors – those prepared to start to make changes whilst defending their own commercial base.
  • Revolutionary disruptors – those who seek to challenge the status quo with agile and flexible business models which can respond more dynamically, and thus speed up launches onto the  market with simpler strategies, faster timescales and alternative selling methods.

Gartner has outlined the likely impacts of each disruptive factor:

With the loss of trust towards large multinational providers (helped in no small part by former CIA employee Edward Snowden’s revelations in June 2013), Gartner anticipates a switch to more nationalistic production by smaller suppliers with an increased use of open-source hardware ecosystems to counter the economies of scale displayed by the major players and their hitherto unopposed market share.  Workload processors would shift to ARM and other architectures whilst storage component would shift increasingly to flash.  In extreme cases, motherboard manufacturing they believe, would become regional, rather than concentrated in China.

With the financial potency of 50%+ gross profit margins, many of the storage and networking hardware big players are reluctant to be the game changer and throw the first punch to  disturb what has been a lucrative market thus far for them.  However, change is taking place and with the chance of new workloads going to external IT providers, these buyers will not share the same interest of high-price/high-margin “commercial off-the-shelf” (COTS) products as they shift toward open-source software (OSS) and embedded manageability.

An aggressive jump by a big league player into a neighbouring software market would defend and shore up their position, gaining them the upper hand. This would cause shockwaves and likely result in a price war with many casualties.  Software-defined networking (SDN), software-defined storage, network function virtualisation, extreme low-energy processors and webscale-integrated infrastructures are changing the face of the datacentre infrastructure market.  However, for an Evolutionary Disruptor, at the top of their game, this is their poker hand and they would likely view that whilst the stakes were high, because their move was timed at their peak, they remain strong and choose a now or nothing strike to survive.

Gartner see the dominance of the big Cloud providers as marking the decline of traditional data centre. With new application development and deployment moving from in-house to cloud-first, this will change the expections around new internal applications that require more flexible, distributed and hybrid IT. Webscale architecture is not perfect for running high growth workloads, but through the SaaS model, enables use of excess capacity and highest utilisation to save money in the longer term.  The large cloud providers will gradually soak up the Iaas and PaaS marketing and influence the price of datacentre infrastructure.

The world is changing and technology is at the forefront of an East vs West fight for market control and influence.  In a major step towards reshaping the western dominated international financial system, Brazil, Russia, India, China and South Africa (BRICS) announced a $100 billion development bank and an emergency reserve fund.  Meanwhile, China has separately been investing in a national high-tech R&D program (aka the “863 Program”) since 1986 and heavily subsidised high tech Chinese enterprises to give them a direct edge internationally. With its deep pockets, increased brand respect strong design original design manufacture history, Gartner see China as taking a 2% increased market share by the end of 2017 off western companies.

Google adds spoons to its kitchen drawer of wearable technology
Technology is always evolving, often making things faster, storage bigger and miniaturizing devices to enable them to be worn on the wrist.  The continued drive in this direction of technology comes thanks to their high profitability. So it’s refreshing to see endeavours that focus on wellbeing and enablement.

Google, headed by co-founder Sergey Brin, has announced its purchase of Lift Labs to join their research division Google X.  Lift Labs, comprising a group of scientists and engineers, has used advanced mobile sensing technology to create a spoon that cancels out tremors by up to 70%.  One of a range of attachments in development, it is designed for people who have Parkinson’s disease and essential tremor.  The lack of hand control can make even the most basic task of eating a meal frustrating, so a device with such a major tremor reduction is an intelligent and sympathetic evolution to add dignity to sufferers.

Anti tremor technology helped transform the mechanics, look and feel of film camera technology, Steadicam, back in the 1970s.  It was used in the famous running sequence in 1976 film “Marathon Man” with Dustin Hoffman and the disconcerting ground level footage seen in Stanley Kubrick’s “The Shining” with Jack Nicholson in 1980.
It is interesting to see a pattern emerging where the motivation of some of these IT behemoths in improving healthcare is being driven or inspired by a personal connection with a CEO or leading board member.  In this case, both the Lift Labs team and Sergey Brin have experienced the effects of Parkinson’s disease and essential tremor through friends and family.  This motivated Lift Labs to create this new compact and adaptable technology to improve quality of life.

With the purchase of Lift Labs, Google is showing their continued focus in healthcare and marks an exciting partnership that could become a life enhancing tool for sufferers and their families.  With an estimated four to six million Parksinson’s sufferers worldwide, it is also a canny investment for Google as the spoon retails for $295.

Video source:


This week’s technology news – 5th September 2014

No need to be a Hollywood A-lister before you get concerned about security 
The emergence of intimate images of Hollywood celebs published on a website last week following hacking of their iPhones, was not, Apple confirmed, through weaknesses in Apple’s security.  A group of hackers led a very targeted attack on a select group of celebs to ascertain user names, passwords and easily guessed security questions, in order to change passwords, or use phishing techniques to fool those involved into giving up their Apple IDs and passwords.

This has led Apple CEO Tim Cook to announce this week that they will commence using two-factor authentication as a security measure for accessing iCloud accounts from its mobile devices, coupled with email alerts and push notifications to the user, should someone try to change a password or log in from a new device.  The two factor authentication could involve the user having to type in a short code sent via text message to their phone number as an extra security step before they are given access to their uploads.

Where human weakness is often the way that gives hackers the simplest route to compromising accounts, organisations must ensure they do their utmost to protect data and privacy at all times in the Cloud. Good governance and security policies will create the controls to thwart attempts at penetration. Equally though, educating staff about security measures and increasing understanding about why they are so critical, will increase uptake, confidence and trust, as our reliance on, and expectations around technology, increase as it becomes our closest aide in life and at work.

Amicus ITS has been delivering safe and effective Cloud solutions and Security & Governance consultancy for many years to its customers.  Our latest offering for enterprise is Amicus CSF

Click here to see our security video on Amicus CSF


Move over fingerprints – finger vein sign-in is here
Biometric sign-in technology has been around for a while – in theory at least. Despite the technology being available, there has been a distinct lack of biometric sign-in options beyond certain laptops and smart phones. Barclays is taking the lead however in bringing finger vein scanners to business users, letting them verify accounts by a finger scanner, attached to a PC via a USB.

Finger vein technology differs from fingerprint technology in a few key areas: it requires a live finger and cannot be fooled by high quality 2D or 3D print. The device itself is about the size of a tennis ball so although it is fine for plugging in to a laptop, we will not see this incorporated into tablets without a major re-design.

With information and ID more valuable than ever, finding the best way to secure it is a must and making the authentication process user friendly vs current multiple code inputs in banking is likely to win friends.  Further adaptations of biometric sensors for two step authentication in future are anticipated as this rolls out.

As biometric logins become more adopted, universal standards for storing biometric data and sharing between authentication sources will need to be properly governed and utilised. Until then, expect a different device and application to sign in to different services.

High priority for cyber security in UK business survey
The latest Information Security Breaches Survey conducted by PwC for the Department for Business Innovation & Skills for 2014 has been published.  The survey spanned 1,125 respondents across all industry sectors in the UK, where one third were IT professionals and the balance being business managers and executives.

The results revealed that whilst cyber threats had affected 81% of businesses, this was a reduction from 2013. Interestingly, the number of individual breaches had risen and the ensuing cost to business had risen.  Indeed 10% of those who had suffered a breach in the last year were so badly damaged by the attack that they had had to change the nature of their business.

Financially, the average cost to a large organisation (250+ employees) from its worst security breach of the year was reported to be £600k -£1.15m and the average cost to a small business (less than 50+ employees) for the same such breach was £65k -£115k.

Malicious software is increasingly the means for such attacks and the focus has shifted back towards large organisations.  With 73% of large organisations having suffered from infection by viruses or malicious software in the past year (up from 59% in 2013), there is a need for intelligent investment in effective solutions and preventative measures.   With large organisations now spending around 11% of their IT budget on security and small businesses spending about 15% of their IT budget, IT Managers and CISO’s need to question what is the best use of spend to maximize protection and to receive guidance.  Only though fresh objective analysis of an organisation’s existing IT infrastructure and defences, can correct assessments, recommendations and the appropriate solutions be put forward for Board approval.

The top four drivers for security expenditure remain the same as in 2013:
•        Protecting customer information
•        Compliance with laws and regulations
•        Protecting reputation
•        Preventing downtime

It should be added that whilst not in the top four across the board, protecting intellectual property is especially important in the technology, consultancy and professional services sectors.

Companies in 2014 are increasingly using remotely hosted services (ie. Cloud computing) as an affordable and easily accessible alternative to internal IT services, with 83% now using Cloud computing services.  Externally hosted websites and email are the most popular services for small businesses at 82% and 70% respectively.  Whilst only 13% of large organisations were using an externally hosted email service, they are more likely to use externally hosted payment, payroll processing, and data storage solutions. The use of Cloud services for data storage has been the biggest growth area for large organisations with a 7% increase from 2013 and an adoption rate for Cloud of around 15%.  Of interest to Managed Service Providers, 52% of organisations with externally hosted services believe these are critical to their business.

As more companies start providing the funds needed for better protection, effective information security and risk management depends on the whole organization buying in to this at every level and through every department, with the support of the Board and/or Executive Team.  However, it is not just about chucking money at IT that will return dividends, for without guidance on where to spend new funds, organisations may find themselves overspending on ineffective solutions, or underspending and making themselves vulnerable for the next year.


Working with multiple devices
Having a PC, Tablet and smartphone for work is now the norm for many.  Each device has its strengths and weaknesses, but using the right device for the right time and place, can not only make you more efficient, but work smarter. With their different use-cases you may find you have an App or messaging service on one device but not across all. When you at your desk and you need to fire a message back from an alert on your Tablet, picking it up to tap away your message may seem counter-intuitive with a full-size PC keyboard on your desk.

However, a new device announced this week by Logitech could make the workload for those juggling devices that little bit easier.  Logitech’s new wireless keyboard can connect to all three types of device at the same time, with a simple turndial determining which device you’re typing appears on. Of course you could pick this up and take it into a meeting also.

If the juggling of devices is getting too much, maybe it is worth considering combining two of them. Microsoft’s Surface Pro range combine both PC and tablet into the one device means that not only do you have one less device to charge, but also it is easier in device setup and app maintenance.

How many devices you need and their sizes will vary greatly depending on the type of work you need to get done, when and where. Before your next purchase, businesses should consider how it will help the workforce get the job done and hopefully increase productivity.