For the next two weeks we talk with Charley Spektor, principal at Saratoga B2B Group. Charley and his partner, veteran tech writer Paul Desmond, bring clients the one-two punch of SEO and content expertise for B2B lead generation. Charley was formerly lead managing consultant at Stone Temple Consulting for Home Depot, which has been one of the few great success stories of a brick-and-mortar retailer embracing e-commerce. In these two podcasts, we discuss what are the elements of success in a discipline that changes constantly, how B2B buyers use search differently than consumers and how even small companies can dominate search results if they pick their targets carefully. Read this this blog post about two recent Saratoga B2B customer success stories for further background on the case studies we discuss.
I have updated my review of top email encryption tools for CSOonline/Network World this week. Most of the vendors have broadened the scope of their products to include anti-phishing, anti-spam and DLP. I last looked at these tools a few years ago, and have seen them evolve:
- HPE/Voltage SecureMail is now part of Micro Focus, part of an acquisition of other HPE software products
- Virtru Pro has extended its product with new features and integrations
- Inky no longer focuses on an endpoint encryption client and has instead moved into anti-phishing
- Zix Gateway rebranded and widened its offerings
- Symantec Email Security.cloud has added integrations
In my post today, I talk about recent trends in encryption and more details about each of these five products.
One of the things that I like about our hyper-connected world is how easy it is to virtually attend just about any tech conference. Alongside most major conferences you can also find a number of interesting ancillary events. Some of these, much like the official conference sessions, are recorded for viewing later. Today’s post is about one such ancillary event, hosted by RSA – the company, not the conference. Before I talk about some of the challenges about running smart city infrastructures, let me discuss why I think Singapore is so important for IT security professionals.
When it comes to thinking about blockchains, most of us automatically go to cryptocurrencies like bitcoin and Ethereum and think about money. How much are these currencies worth in US dollars? How much value have they gained or lost recently? It took two financially-related but non-monetary examples that I heard about recently to convince me that I was looking at the wrong part of the elephant.
Before I tell you about how I came to this insight I want to talk about the money part of blockchain first. I recently read Dan Conway’s new memoir, Confessions of a Crypto Millionaire. The book is now out, and I would urge you to get a copy and read it. Unlike many business books that quickly run out of ideas and out of steam after the first chapter, Conway’s tale about how he became an early investor in Ether is both a cautionary and celebratory one. You can read my review of his book here, along with some insights from the email conversation we have had over its launch. From these emails, Conway told me about an experiment by the UN with an Indian local land registry in Panchkula. The issue is trying to identify the rightful owner of a plot of land, particularly in the developing world where paper records are scarce or misfiled. The UN has built a registry based on Ethereum smart contracts to create a single source of truth of ownership status and property history. The buyer will be assured that the land being bought is the correct plot, and that the seller is unequivocally its owner. Everyone can see in near real time who owns what, improving accuracy and transparency. The system doesn’t require computer access or Ether wallets and works in the background to support land transactions. Similar projects are underway in title registries the States and in other countries too.
Blockchain technology is being used in another interesting project as part of a new protocol from Kiva.org. I have been loaning money to various developing world entrepreneurs for a decade through this organization which funds millions of dollar-equivalents of such loans. I wrote about Kiva here in 2009 and since then have been active using their platform. Over the years I have funded 54 different people in more than 30 countries and loaned $1400. This was done with a very modest amount of “new money” because I very determinedly loan my funds when the original loans have been paid back. And what is interesting is almost all my loans have been paid back, with less than $30 lost from defaults, although some loans are paid in full but late. The way Kiva works, once you collect at least $25 back from your loan recipients, you can relend it to someone else.
Last year Kiva announced the creation of its own blockchain-based protocol, and last week announced its implementation in Sierra Leone. It will be available to the about 5M adults living there to use as an identity management device, based on their fingerprints to authenticate each person in financial transactions. One of the problems with many unbanked people is that there is no easy mechanism to verify someone who has no credit score, no previous financial history, no anything that you and I would consider part of our financial footprint. That is where the Kiva protocol comes into play. Whether it will work in Sierra Leone – or anywhere else – is still to be seen, but it is an interesting proof of concept. (I have yet to make a loan to anyone there, but you can be sure that I will look for someone to sponsor at the next opportunity.)
Being based on blockchain means there is no central repository of fingerprints that can be downloaded – they are stored in a distributed database that is created individually by each person. That was a hard concept for me to wrap my head around for some reason, but it makes sense when you think about it. It could be possible to decode each transaction to obtain a single fingerprint scan, but whether this could be done on a large enough scale would be difficult. Certainly, it would be a lot harder than just accessing an unprotected AWS S3 database, for example.
We are still in the brave new world of blockchain, to be sure. Expect to see other innovative ways to use identity and distributed databases in the future that have nothing to do with the bitcoin exchange rate. We certainly live in exciting times.
You probably have read your fill of business books. Author tries to make it big, leverages tons of his money and time, hires the wrong people, fires them, then goes it alone before striking it rich and motoring off into the sunset in some expensive car. Dan Conway’s Confessions of a Crypto Millionaire is not one of these books. Most business books offer just enough advice to fill a chapter, maybe two. Conway has a lot more to say about his obsession and investments in cryptocurrency, in particular Ethereum. Over a period of several years, he used his home mortgage equity loan and borrowed additional funds because he believed blockchain held the future model for decentralized corporations and the way that we will all work together. He ended up cashing out $14M ahead. It is his obsession that drives the book’s narrative, along with the crazy up-and-down valuation of Ether, where you can gain and lose millions in a matter of minutes.
What isn’t in this book is also notable: sordid tales of wretched excess of “tech-bros partying on yachts” or trashing expensive Vegas hotel suites. Conway is a father of three, and still married to their mother.
Conway’s confessions is a refreshing tale about his fighting his demons, his addictions (alcohol and pills), his insecurities, and his almost always-on self-destructive alter-ego he calls his “Flip Side.” This side rears its ugly head during client presentations where he fumbles and fails and during periods of self-doubt when he tries to reassure himself his huge bet on Ether isn’t about to land him in the poor house.
“The book forced me to make sense of how my addictive personality played a part in my undoubtedly reckless crypto investments,” he told me via an email interview. He is part visionary, buying Ether at a time and at a level few people had the courage, vision, or just dumb luck to do. “It took everything admirable and loathsome about me to make the plunge into Ether. The loathsome part includes my addictive personality. While betting everything was an extreme risk, all risk requires insight, courage and maybe a little recklessness.” He hopes his story will get others to think about how they formulate their own risk taking.
Conway starts out his story “working for the man,” doing marketing and public relations for large corporations, one of whom he calls Acme. He wasn’t a good fit as the organization man to be sure. And since his windfall with Ether, he is unlikely to return to corporate America “unless we suffer a financial catastrophe.” He still believes that the decentralized blockchain can disrupt the traditional corporate power structure and has a lot of merit as an organizing principle. One example he cites is the MakeDAO, where ordinary folks can originate loans and handle other financial transactions without any financial institutional limits. It could pay off; it could fall flat: that is the challenge of cryptocurrency.
One aspect of his book is dealing very honestly with two situations: first, with his addictions. “This undoubtedly played a part in my reckless crypto investments, and writing the book helped force me to make sense of it all.”
Second, the book also describes how his financial windfall changed his family dynamics and the relationships with his circle of friends. Even though Conway lived in Silicon Valley, he was very firmly rooted in the middle class before he made it big with Ether. He writes: “Crypto was suddenly like an overexposed celebrity, and everyone was rooting for it to fail,“ but then realizes, “one of the bittersweet feelings about making a bunch of money is that you can’t bring your (less fortunate) friends with you.” That takes some adjustment, both for him and his family. Still, don’t be too sad: Now he takes long exotic vacations, buys his kids “name-brand clothes” instead of Sears knock-offs, and does car pool duty with a vengeance. “It’s absolutely nice to have the car-ride conversations rather than pinning all parent child bonding on the “how was your day?” question when everyone is exhausted.” True dat.
Conway is committed to Ethereum because of its disruptive ability to change the way companies operate, the way companies get VC funding (the parts about the ICO shysters is worth reading alone), and the way the early pioneers — which Conway counts as himself — had to try to separate the criminals from the legit businesses. This book is well worth reading, even your own exposure to bitcoin and other cryptocoins is minimal.
This week Paul Gillin and I discuss three examples of unintended consequences for B2B marketers that showed up in recent business marketing literature. Our first piece, which appeared in B2BMarketing.net, highlights recent survey by Acoustic that found a jump in email open and click-through rates in the past year – and in some cases a pretty substantial jump – thanks to new privacy regulations in the EU and elsewhere. The rules have forced marketers to hone their messages and to produce more precise email campaigns, which has resulted in better engagement with recipients. Talk about silver linings!
Next, we found a year-old survey from the British Marketing Week that found the influence of the marketing organization drops as brand value grows. This could be caused by several factors, including not understanding how customer acquisition and retention work or the fact that many marketers are still loath to employ data-driven technologies.
Finally, Inc. looks at a Harvard study about the unintended consequences of doling out awards to your staff. The researchers found that awards can have the revenge effect of actually de-motivating employees. Reasons include the unintended social cost of being singled out or employees slacking off once they realize they’re exceeding expectations. Businesses need to consider the reason people do the things they do and dig deeper to find out rewards that have more than just recognition value.
This could be an underlying reason why Facebook is thinking about hiding the “Like” counts on its posts, according to TechCrunch. Facebook says it wants to protect users from envy and dissuade them from self-censorship.
You can listen to our 13 min. podcast here.
Lately I have become obsessed with contactless credit cards. This started about a year ago, when I was in London and tried to pay for a sandwich with my American credit card. I thought I was in the clear since it was a card with an embedded chip. This is a technology that is still so new in the States that many card terminals still can’t read these cards, despite regulations that have required merchants use them for several years. At what I would call the deli in London, my card didn’t work: the only way to pay was either pounds – the money version — or using a contactless card.
Contactless is big in the UK, as I found out – and probably in many places all over the world too. We are often the last to adopt new banking tech in America, despite our prowess in other areas. You can pay for your train ticket with contactless, and in many other vending machines, as an example. It made me feel like I was coming from a third-world country with my shiny new chip-enabled credit card.
But all wasn’t lost: I quickly figured out that I could use my phone and Apple Pay, and I could eat my sandwich. All you need to do is load your normal credit card into your Apple Wallet and you are good to go. Are the two the same? Not completely, but generally at a credit card terminal in the States you’ll see these two icons side by side, indicating that both Apple Pay and contactless cards are accepted:
Why the need for contactless? It is all about security: since your card never leaves your grubby hands, no one can surreptitiously steal its information. Yes, a hacker could monitor the radio frequencies around the card reading equipment, but that is a lot harder and more expensive problem to solve than a waiter carrying a portable card reader in their pocket to collect data from a bunch of cards.
Back in London, just in case, I made a trip to the local ATM, and got some pounds. But it bugged me that I didn’t have an actual contactless card. That got me started into looking for a bank that offered them. I quickly found myself down the rabbit hole of poorly designed banking websites and quickly got frustrated, so I dropped the project.
Then three things happened last week that renewed my interest in contactless cards. First, I began reading more about the latest card skimming exploits and particularly from criminals targeting gas stations. These skimmers are small devices that are placed literally over the card reader at the pump and collect your account information from the magnetic strip on the back of your card. The criminal then collects this data and sells it to others. Brian Krebs writes frequently about skimmers, if you want to read more.
I thought it might be useful to find local gas stations that use Apple Pay to better protect myself. Unfortunately, this became Another Project at searching poorly designed banking websites. For example, here are two that can help you locate contactless merchants: Square has this page for Apple Pay-enabled merchants and Mastercard has this page for merchants who accept contactless cards.
If you start looking around when you get gas, you will see few pumps that support contactless, with one estimate that there are less than one percent of them in the US that are currently accepting contactless payments.
I was once again motivated to go contactless especially when I heard that Apple Card was now available. This is a contactless credit card offered through Apple and Goldman Sachs. It doesn’t even have its card number printed on it. Instead, it is designed to operate with your iPhone’s Apple Wallet. Apple has done its usual great job when it comes to the experience of applying for and getting a credit line. This took me about three minutes. Maybe less, I wasn’t really timing it. What makes it so fast is that Apple already has most of the information it needs for your application, which is for another story. And while the Apple Card has its issues (you can’t do joint cards with your spouse, for example) it is an interesting concept.
While I was getting my Apple Card I saw that a new type of bank branch opened in my neighborhood from Commerce Bank. The branch is the first one that has a fancy new type of ATM that also includes a video conferencing link with a banker. I made an appointment to go visit the branch and talk to a banker about what they offered. One of the reasons I also wanted to talk to them is because Commerce offers contactless cards on all of its credit and debit cards. Needless to say, it took longer than three minutes to apply for one in person.
So now I have lots of contactless options. I am certainly ahead of the curve here at home: it is easy to find stores that don’t accept them more than those that do. But at least the next time I am in London, I will be able to pay for my sandwich.
For MSSPs, offering security operations centers as a services can be a very profitable proposition — enough to offset the high cost of staffing and software. Given that a recent ESG survey showed 53% of enterprise IT pros have “a problematic shortage” of cybersecurity skills at their organizations, demand for SOC expertise is strong.
In this webinar, I will explain how MSPs and MSSPs can approach this opportunity from a variety of directions, such as combining managed security event, threat detection and endpoint security. I’ll look at what services are required and how they can be packaged, what the existing marketplace looks like, and the best vendors to partner with. (reg. req.)
During the webinar, I also mention a Ponemon study that has some additional data about SOC usage and the problems with retaining trained staffers, one of the many reasons why companies are looking to outsource their SOCs.
You probably won’t expect a series on appropriate use of technology to appear on the English Al Jazeera channel, but that is what I am going to tell you about in today’s post. I have been watching a lot more of their news coverage, looking for a place to obtain some “other” news than the continuing political fascination that our American stations offer up these days. So check out the series, entitled All Hail The Algorithm, where you can find links to the five episodes here.
The series is the work of Ali Rae, a British producer for the channel. She travels the world in search of algorithms that have gotten out of hand. While some episodes are a bit uneven, she does a great job of interviewing primary sources including researchers, tech vendor representatives, and rights and privacy advocates to present a very interesting hour or so of TV.
The first episode is all about trusting the decisions encoded in algorithms. Rae highlights the Australian welfare system and how its algorithm disputed payments made over many years. Computers automatically sent dunning letters to thousands of citizens, called robo-debt.
The second episode, which focuses on Facebook’s abuses, is the weakest, and most of you have probably already read enough about troll farms which have harvested likes and retweets.
The third episode covers the abuse of social media bot networks and how bad actors, under the pay of various political parties, are flooding these networks with incendiary posts that literally enflame passions and have caused all sorts of trouble around the world. This one struck home for me: we have seen (to coin a phrase) the growth of intolerance of people on both sides – both liberals and conservatives – to try to block freedom of expression. Many of the resulting demonstrations and protests are generated by social media ads and misrepresentative posts.
The fourth episode is about the potential abuse of biometrics. The vast majority of British schoolchildren now have their biometric data recorded for easier access to their lunches and libraries. And the UN is using biometrics to make it easier for refugees to access food and money supplies in the camps. The issue here is that once you give up your biometric data, you have no control over how it is used, and more importantly, abused. While the UN representative interviewed in this episode says they are trying hard to prevent security breaches, it is only a matter of time. Actually, last week’s Biostar 2 breach is a good example of how this could go horribly wrong. Millions of users of their “smart locks” now have their biometric data leaked online, something they can’t easily change unlike a password or a PIN. As Rae points out, the biometrics tech is being developed faster than any regulatory efforts, and the lack of transparency by the biometric vendors is alarming.
The last episode is about UI designers, privacy policies, tracking cookies and informed consent. Again, for many of you, this has been covered extensively but Rae interviews a couple of sources that have a few new things to say.
Overall, I learned a few new things from the series and think it is worth your time to watch all of them. Take a gander at what Rae has put together and feel free to share your comments here.
Security expert Lesley Carhart tweeted last month, “If you’re a CEO, CFO, or CIO, you’re directly responsible for the caliber of cybersecurity at your company.” During the recent RSA conference in Singapore, RSA’s CTO, Dr. Zulfikar Ramzan, described several different C-level executives who could have direct responsibility for some portion of your security infrastructure: CEO, CIO, CSO (or CISO), CTO, and the Chief Data Officer (CDO). If three is a crowd, then this is a herd. Or maybe a pod, I never really learned those plural descriptors. And that is just the top management layer: for a large corporation, there could be dozens of middle managers that handle the various security components.
From the IT folks I have interviewed over the years, this seems sadly all too typical. And that is a major problem, because it is easy to pass the buck (or the token or packet) from one department to the next.
You can read my blog post for RSA here about how to try to collaborate and jointly own your security apparatus.