All posts by Paul Stradling

News

Tech News : Vodafone Introducing Roaming Charges From January

Vodafone has become the second big operator to announce the re-introduction of roaming charges in Europe for new and upgrading customers from January 2022.

New, Upgrading, or Changing After 11 August 2021

New customers of the network, those upgrading, and those changing their call plans after 11 August will qualify for the new daily charges for roaming in Europe. There will be no roaming charges for any Vodafone customers travelling to the Republic of Ireland.

How Much?

Depending on tariff, the charges will be £1 per day, with roaming passes for Vodafone’s Europe Zone priced at £8 for 8 days, £15 for 15 days, or £2 for just a single day pass.  Those with Unlimited or Limited Data Xtra plans won’t be charged.

Why?

Despite mobile operators originally saying, prior to Brexit, that they had no plans to re-introduce roaming charges, the Brexit trade deal from December 2020 gave UK mobile operators the ability to start charging again for roaming because, although the deal encouraged transparency reasonable rates, it didn’t impose a total ban on roaming charges.

What Are Roaming Charges?

Mobile operators apply roaming charges as a way of covering the costs of a mobile phone being used outside the range of its home network and connecting to another available ‘visitor’ network. Mobile operators have legal roaming agreements with other roaming networks that cover aspects like authentication, authorisation, and billing.

Half of Vodafone Customers Don’t Roam Beyond IRE

In the case of Vodafone, it says that roaming is a service that costs the company money, and that including it in every plan while fewer than half of its customers roamed further than the Republic of Ireland in 2019, means that half the customers are paying for something they don’t use anyway and are, therefore, paying for someone else’s roaming.

EE The First

UK operators have been allowed to introduce the charges since January 2021. However, they chose not to do so until recently, when EE broke ranks and started to charge. In June, EE became the first mobile operator that announced that for those who took out a pay monthly handset or SIM plan (from 7 July onwards), there would be a daily charge for using their mobile phone in what it defined as the “European roaming zone”. However, EE said the new roaming charges wouldn’t apply until January 2022.

What Does This Mean For Your Business?

The December Brexit deal gave the go-ahead for mobile operators to re-introduce roaming charges, probably because it simply encouraged operators to be transparent and reasonable with their rates rather than actually forcing them to, thereby leaving the door open for them to make a commercial decision. The fact that it currently only affects new and upgrading customers after a certain date and that the charges don’t come into force until next year has enabled EE and now Vodafone to soften the blow and limit the potential for negative publicity. After EE announced its re-introduction of roaming charges, Vodafone, Three and O2 said they ‘no plans’ to re-introduce the charges, so now that Vodafone appears to have changed its mind it doesn’t seem unreasonable to expect that the others may follow.

News

Tech News : $610 Million Hackers Return Most Of The Crypto-Cash

On 12 August, the Poly Network DeFi platform announced that, following the theft of $610 Million in digital coins, the hacker thieves had returned $342 million. However, it’s been reported that more recently, almost all of the stolen crypto has now been returned.

The Hack

The original theft, which had taken place just two days before (10 Aug), saw hackers stealing an incredible $610 million in different cryptocurrencies from the Poly Network, a decentralised finance platform (DeFi) that facilitates peer-to-peer transactions.

Returned

After calls to return the stolen currencies, amazingly, the thieves decided to return just over half the next day (11 Aug).  The returned currencies were $3.3M of Ethereum, $256M of BSC, and $1M of Ploygon. Poly Network Tweeted that this has left $269M on Ethereum, and $84M of Polygon still outstanding.

How?

According to blockchain forensics company Chainalysis, the hackers were able to exploit a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains.

For Fun & To Expose Security Issues

It has been reported that the (unknown) hackers have sent messages to say that the hack and theft were carried out for “fun” and to “expose the vulnerability”, and that it was always the plan to return the stolen currencies. There is also speculation that the hackers have (so far) returned most of what they stole because of the complications of trying to launder stolen cryptocurrencies on that scale because of the transparency of the blockchain, and the broad use of blockchain analytics by financial institutions.

DeFi Platforms

DeFi platforms, including the Poly Network, handled more than $80 billion worth of digital coins last year and are valued by people and businesses because they offer free access to financial services without having to go through the usual gatekeepers such as banks or exchanges and, therefore, help to cut costs as well as boosting economic activity.

Vulnerabilities and Previous Hacks

As highlighted by hackers in this recent $610 million hack, DeFi platforms tend to have technical flaws and weaknesses in their computer code that can make them vulnerable to attack.

For example, $530 million in digital coins was stolen from Tokyo-based exchange Coincheck in 2018. Also, the Tokyo-based Mt. Gox exchange, collapsed in 2014 after losing half a billion dollars in bitcoin.

What Does This Mean For Your Business?

There have been more positive signals about cryptocurrencies in recent years since the last bitcoin crash (e.g. Tesla allowing customers to pay in Bitcoin – before changing their minds over its environmental impact), and PayPal (previously owned by Elon Musk) saying last October that it was ready to allow its users to buy, sell, and hold Bitcoin BTC and other cryptocurrencies.  This recent hack, however, highlights an area that has held back cryptocurrencies and their trading; i.e. technical vulnerabilities / security risks. The volatility and lack of stability of cryptocurrencies, and the negative environmental impact such as the vast amounts of (mainly fossil fuel) power needed for crypto-mining have also acted as deterrents to many potential users and investors. One key technology behind them, blockchain, has, however, proven to be very useful in many different other applications across many industries. Despite the problems that crypto-currencies are having now, their development and wider and continued use going forward seems likely, and more businesses will use them as the big security, instability, and environmental issues are ironed out over time.

News

Tech Insight : What Is Web Accessibility?

In this article, we take a brief look at what Web accessibility is, and how it can benefit Web users and the businesses and organisations that make it a priority.

What Is It?

Web accessibility mean that websites, tools, and technologies are designed and made so that all people, regardless of their barriers, including those with disabilities can use them i.e., perceive, understand, navigate, and interact with the Web, and contribute to the Web.

Barriers and Challenges To Web Accessibility

The main barriers and challenges to Web accessibility include physical challenges: auditory, cognitive, neurological, speech, visual, and physical barriers (motor disabilities).

Why?

Reasons for making websites, Web tools, and technologies as accessible as possible include:

– Reaching more potential customers and selling more.

– To support social inclusion; e.g. for those with disabilities, older people, and people in rural areas.

– Improving usability and offering better user experiences.

– Helping businesses in other ways by overlapping with other best practices; e.g. mobile web design, device independence, usability, design for older users, search engine optimisation (SEO), and more. Accessible websites tend to have better search engine results, reduced maintenance costs, and increased audience reach.

Examples

Examples (real-life and general) of ways in which Web accessibility can be improved include:

General:

Adding alt text to images to help people who use a screen reader, adding technologies such as speech input for those who can’t use a mouse, and providing transcripts to accompany audio.

Real-Life (Recent):

Twitter recently introducing its first proprietary, new fonts called ‘Chirp’ which are designed to make reading easier when scrolling through tweets. Twitter has also just changed its colour scheme to get more contrast and reduce the amount of blue elements across the interface, thereby making photos and videos easier to spot.

In Law

Web accessibility is covered by some legislation.  For example:

– In the UK: The Equality Act 2010 which says that it is unlawful for service providers to treat disabled people less favourably because they are disabled and that, under this law, service providers must make “reasonable adjustments” not to treat disabled people unfavourably because of factors relating to their disability.

– Also, in the UK, the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations came into force in September 2018. As the name suggests, public sector web sites (for central and government local government organisations, some charities, and some non-government organisations) must meet certain accessibility standards and publish a statement saying they have been met.

– In the rest of Europe: The European Union (EU) Directive on the Accessibility of Websites and Mobile Applications requires those in EU member states to ensure that their websites and mobile apps meet common accessibility standards.

– In the US: Section 508 Amendment to the Rehabilitation Act of 1973, which stipulates that all Federal agencies’ electronic and information technology should be accessible to those with disabilities.

Guidelines

The recognised common standards for Web accessibility are the Web Content Accessibility Guidelines (WCAG), developed through the W3C® process in cooperation with individuals and organisations worldwide. The goal is to provide a single shared standard for web content accessibility that meets the needs of individuals, organisations, and governments internationally. The WCAG 2.0 guidelines were published on 11 December 2008, WCAG 2.1 on 5 June 2018, and the latest WCAG 2.2 guidelines are scheduled to be published this summer.

Tools and Resources

Some tools and resources that can help your business or organisation to get up to speed with Web accessibility include:

The W3C® Web Accessibility Evaluation Tools List: https://www.w3.org/WAI/ER/tools/

The W3C® Web Content Accessibility Guidelines (WCAG) Overview: https://www.w3.org/WAI/standards-guidelines/wcag/

TechRadar’s Best Accessibility Software of 2021: https://www.techradar.com/uk/best/web-accessibility-software

A UK Government Introduction to Making Your Service Accessible: https://www.gov.uk/service-manual/helping-people-to-use-your-service/making-your-service-accessible-an-introduction

What Does This Mean For Your Business?

There are many sound reasons for making your website(s), tools, and technologies accessible to everyone, which includes helping to give those people with disabilities equal rights and abilities in their online life, compliance (with laws and guidelines), improving search engine rankings and usability, and maximising the potential number of online enquiries and customers. It is totally reasonable to expect that physical challenges, for example, should not be a reason why some people are excluded from accessing the same services and quality of experience online as others and businesses should make reasonable efforts to ensure that this doesn’t happen. Meeting accessibility guidelines can bring many different kinds of benefits to businesses as well as benefitting the users of their website(s), tools, and technologies.

News

Tech Tip – All The Emojis You’ll Ever Need

Emojis can be a great tool for creating more engaging social media posts and more, so here’s a site where you can find and copy all the emojis you’ll need:

– To find the emoji you’re looking for:

– Go to https://emojipedia.org/.

– Type a name/description of the emoji required into the search field or select the category of emoji you’re looking for (left-hand column) or try the ‘Most Popular’ (middle column).

– Click on the category link and scroll down to find your emoji of choice.

– Click on the link to that emoji and click on the ‘Copy’ button. The emoji is now on your clipboard, ready for pasting.

News

Tech News: Apple To Scan Phones For Inappropriate Content

Apple has announced that all iPhone photos will be scanned for any evidence of Child Sexual Abuse Material (CSAM) to protect children and to help stop the spread of CSAM online.

How?

Apple’s new versions of iOS and iPadOS, due to be released later this year, will include a new system designed to detect any CSAM using a cryptographic technology called private set intersection. The system can perform on-device matching using a database of known CSAM image hashes provided by the National Centre for Missing and Exploited Children (NCMEC) and other child safety organisations. The system uses its own unreadable and securely (on-device) stored hashes and safety vouchers to encode any matches that it finds. Apple says that the system’s threshold is set to provide “an extremely high level of accuracy” which should ensure that there is less than a one in one trillion chance per year of incorrectly flagging a given account.

The system means that an automatic on-device matching process against known CSAM hashes is performed on any photo before it enters iCloud photos storage.

Manually Reviewed

Apple says that only when a certain threshold in the safety vouchers is exceeded (i.e. the automated system is sure of a match) can a photo be manually reviewed by Apple.

If There’s A Match

If Apple’s system confirms that there is a match (i.e. the photo contains evidence of CSAM), Apple says that it will disable the user’s account, and send a report to NCMEC.

What If There’s A Mistake?

Apple says that if a user feels that their account has been mistakenly flagged, they can file an appeal to have their account reinstated.

Criticism

The announcement of the new system has been criticised from the point of view that allowing a system to scan users’ private photos for any prohibited material has general privacy implications and could even be paving the way for government or other surveillance.

Apple Says…

Apple says that the system has “significant privacy benefits over existing techniques since Apple only learns about users’ photos if they have a collection of known CSAM in their iCloud Photos account. Even in these cases, Apple only learns about images that match known CSAM.”

What Does This Mean For Your Business?

There is no doubt that any innovations that can genuinely help in the fight against child sexual abuse have to be a good thing and it’s a bold move from Apple to announce the introduction of this system. Apple has gone to great lengths to publicise the fact that the system is very accurate and appears to go as far as it can to protect privacy. Despite Apple’s good intentions however, there are fears that this kind of system could be misused in future to allow agencies, authorities, and governments a ‘back-door’ into surveillance of the wider population in the same way that governments have long wanted back doors into end-to-end encrypted apps like WhatsApp. Unfortunately for WhatsApp, for example, it has just introduced a ‘View Once’ disappearing pictures feature that has drawn criticism that it could be misused in a way that enables CSAM to be shared more easily on the app. Another benefit for Apple using its new system is that it can ensure that its file storage areas don’t contain illegal material and, therefore, it can help ensure that Apple can keep its own house in order legally, professionally, ethically, and morally.

News

Tech News : WhatsApp’s Vanishing Photos & Videos

Facebook’s WhatsApp is rolling out its new ‘View Once’ feature whereby photos and videos disappear from the chat after they’ve been opened.

Privacy and Space-Saving

WhatsApp says that the feature gives users more control over their privacy because “not everything we share needs to become a permanent digital record” and suggests that ‘View Once’ is ideal for something like a photo of something sensitive like a Wi-Fi password or similar.

WhatsApp also points out that with many phones, taking a photo means it takes up space and this may not be necessary for something like “photo of some new clothes you’re trying on at a store, a quick reaction to a moment in time.”

How It Works

Users can choose to select photos or videos as ‘View Once’ and once sent, the recipient will see that they are marked with a new “one-time” icon. Once viewed, the message appears as “opened” and the media is not saved to the recipient’s Photos or Gallery. After the ‘View Once’ photo or video message has been opened once by the recipient it is erased from the chat or, if the photo or video isn’t opened within 14 days of it being sent, the media will expire from the chat anyway. The sender can’t view a photo or video again that they’ve sent as View-Once.

Also, photos or videos that were sent or received with View-Once can’t be forwarded, saved, starred, or shared, although it is possible to take a screenshot or screen recording of the media before it disappears or to take a photo or video of the media with a camera or other device.

Disappearing Messages

Back in November 2020, WhatsApp announced the launch of its ‘disappearing messages’ feature where users have the option to automatically delete chats between the sender and recipient after 7 days. At the time, WhatsApp said “most of what we send doesn’t need to be everlasting,” and that “Our goal is to make conversations on WhatsApp feel as close to in-person as possible, which means they shouldn’t have to stick around forever”.  WhatsApp also emphasised the feature would help users maintain privacy and give them “peace of mind,” as well as keeping the app light.

Criticism

The new View-Once feature has been criticised by child protection advocates such as the National Society for the Prevention of Cruelty to Children (NSPCC) because, coupled with the end-to-end encryption of the app, the view once feature could give those involved in child sexual abuse greater protection from detection.

What Does This Mean For Your Business?

The addition of the ‘disappearing messages’ feature last year and now the ‘View Once’ feature means that Facebook has ensured that WhatsApp is able to have very similar features to its rival Snapchat which, for example, has a “Stories” feature allowing users to post videos and photos to their profile which then disappear after 24 hours. The disappearing messages feature (which also works in Instagram) and View Once feature are also part of Facebook’s ongoing plan to integrate and make Messenger, WhatsApp, and Instagram interoperable in the near future. Also, for WhatsApp users, these new features may feel as though value is being added to the app and this could help to retain the loyalty of existing users and improve some practical aspects of the app (saving space on users’ phones), so that users feel more in control as well as bringing a feel-good factor about privacy. These factors are likely to be valued by business users and are ways to help keep this very successful free app up-to-date and relevant to current user needs.

News

Featured Article : Have Computers Reached Their Limit?

Many tech commentators have noted how the stagnation in computing has led to ‘Moore’s Law’ being challenged, but has the shrinking of transistors within computer chips really hit a wall and what could be next for Moore’s Law?

What Is Moore’s Law?

Moore’s Law, named after Intel co-founder Gordon Moore, is based on his observation from 1965 that transistors were shrinking so quickly that twice as many would be able to fit into a micro-chip every year, which he later amended to a doubling every two years. In essence, this Law should mean that processing power for computers doubles every two years.

The Big Problem

The big problem is that technical challenges to Moore’s Law have led to a slow-down period that now appears to be challenging the validity of the Law itself. For example, the growth of the Internet and the IoT, plus mass digitisation and a reliance upon technology in the developed world all mean that economic growth within industry, science, medicine and more now rely upon computers/devices and connections to be faster, cheaper, and more widely available. Limitations in chip manufacture and just how much improvement can now be made in terms of performance and power consumption and fitted into ever-smaller spaces in chips could, therefore, be a huge threat to progress and innovation in many aspects of life.

The Challenges

The challenges to Moore’s Law that many tech commentators have noted are that:

– Technology companies may be reaching their limit in terms of fitting ever-smaller silicon transistors into ever-smaller spaces, thereby leading to a general slowing of the growth of processing power.

– Big computer chip manufacturers like Intel have delayed the next generation of smaller transistor technology and increased the time between introducing the future generations of their chips. Back in 2016 for example, Intel found that it could shrink chips to as little as 14 nanometres, but 10 nanometres is going to be a challenge that would take longer to achieve. Intel, for example, is taking five years, rather than two, to make its latest ‘process node transition’.

– With chip complexity doubling every other year, the scalability of new chips design innovations is a challenge in itself.

– Chip manufacture has been disrupted and there is now a global chip shortage which is having huge knock-on-effects across many industries e.g., car plant shutdowns due to chip shortages.

The Effects

The knock-on effects of these challenges to Moore’s Law are that:

– There now appears to be a slowing of computer innovation that some say could have a detrimental effect on new, growing industry sectors such as self-driving cars.

– Big tech companies are finding it more difficult to keep improving their data centres.

– The rate of improvement of supercomputers has been slowing in recent years and this may have had a negative impact on the research programs that use them.

– Computers are being challenged in how they can work for (and keep up with) the demands of business.

– Mobile devices, which use chips other than Intel’s, may also have the brakes put on them slightly as they now also rely, to a large extent, on the data-centres to run the apps that their users value.

The Target

The target for chip manufacturers is finding new ways to reach staggeringly small, 2nm chips that can still deliver performance and are energy efficient, in large enough numbers to meet world demand by 2026.

Ways Forward

Some of the possible ways forward and technical solutions being worked upon and introduced  to prolong the life of Moore’s Law include:

– Changing transistor designs e.g., to Gate All Around (GAA), also known as nanoribbon or nanosheets (horizontally stacked nanosheets). This extension of the FinFET concept produces transistors that look like cylinders with a gate coat all around, thereby getting around challenges like variability and mobility loss.

– New storage technologies such as Spin Transfer Torque (STT-RAM), and new logic technologies such as transistor lasers, Domain Wall Logic, or Spin Wave, could help to prolong the life of Moore’s Law, but may not be ready in time.

– Using numeric analysis, graph analysis, and spectral graph theory techniques. For example, researchers at Stevens Institute of Technology have used numerical matrices (known as eigenvalues and eigenvectors) to develop algorithms that make it easier to understand the relationships between billions of different chip components. This, in turn, has enabled the development of software tools such as Graph Spectral Sparsifier (GRASS) which chip designers can use to simplify the chip design process so that an integrated circuit with billions of elements to be analysed in just a few hours.

– Using atomic or molecular-level etching and deposition to more precisely target and treat areas of chips, thereby improving yield and throughput in chip manufacture.

– Using liquid cooling in data centres. For example, Microsoft has recognised that it has now come up against the slowdown of Moore’s Law as transistor widths have shrunk to atomic scales and are reaching a physical limit, whilst the demand for faster computer processors for high performance applications such as AI has accelerated. This has meant that more electric power is now being put through the small processors used in Microsoft’s data centres, thereby increasing the heat they produce. According to Microsoft, this means that air cooling is no longer enough to prevent the chips from malfunctioning. The demands of a huge increase in the numbers of Teams users during lockdown and the need to maintain sustainable and energy efficient data centres have also contributed to Microsoft’s decision to try liquid cooling. Microsoft has, therefore, adopted a new system of two-phase immersion cooling which involves immersing servers in tanks filled with an engineered fluid (from 3M) which has dielectric properties (i.e., it is an effective insulator), thereby allowing the servers to operate normally while fully immersed in the fluid. The liquid boils at 122 degrees Fahrenheit (90 degrees lower than the boiling point of water) and this boiling effect, generated by the work the servers are doing, takes the heat away from the computer processors whilst the low-temperature boil enables the servers to operate continuously at full power without risk of failure due to overheating. The second phase of this two-phase process refers to the vapour rising from the tanks making contact with a cooled condenser in the tank lid, thereby changing it back to liquid that rains back onto the immersed servers, creating a closed-loop cooling system. The result is the ability to continue the Moore’s Law trend at datacentre level as well as reducing power consumption.

– AI designing chips. For example, a recent Google research paper has described how a deep reinforcement learning approach to chip ‘floorplanning’ has led to AI generating chip floorplans that are superior or comparable to those produced by humans. The researchers used a deep reinforcement learning approach, coupled with an edge-based graph convolutional neural network architecture to design the next generation of Google’s artificial intelligence (AI) accelerators, and this method enabled the AI to learn from past experience in chip floorplanning and to become better and faster at solving new instances of the problem. The researchers found that in just under six hours, instead of the months it would have taken for human engineers, the AI design method automatically generated chip floorplans that are superior or comparable to those produced by humans in all key metrics, such as power consumption, performance, and chip area. Also, the researchers believe that in addition to AI’s success in designing chips for AI, more powerful AI-designed hardware is likely to fuel advances in AI itself, thereby creating a kind of symbiotic relationship between the two fields.

What Does This Mean For Your Business?

Many smaller businesses that are less directly reliant upon the most-up-to-date computers may not be particularly concerned at the present time about the challenge to Moore’s Law, but all businesses are likely to be indirectly affected as their tech giant suppliers struggle to keep improving the capacity of their data-centres, and chip manufacturers struggle with the challenges of chip shortages coupled with the technical difficulties of designing and creating smaller chips with the right levels of performance fast enough.

Many see AI and machine learning as the gateway to finding innovative solutions to improving chip design and computing power, but these also rely on data centres and other areas of computing that have been challenged by the pressure on Moore’s Law.

A more likely way forward might be that chip designs will need to be improved and highly specialised versions will need to be produced, and Microsoft and Intel have already made a start on this by working on reconfigurable chips. Also, the big tech companies may need to collaborate on their R &D in order to find the way forward in increasing the rate of improvement of computing power that can ensure that businesses can drive their products, services, and innovation forward.

News

Tech Insight : What Is Zero Trust?

With mobile computing, software-as-a-service (SaaS), and now remote working moving the focus of IT security away from the traditional perimeter, this article takes a brief look at what a ‘Zero Trust’ approach is and how it can help.

More Complex Security Demands

The belief among many IT security experts is that a traditional perimeter-based security approach may no longer be enough to cope with the more complex IT security requirements that a widening scope of computing and threats have brought.  Additional authentication strategies are now needed.

First

The term ‘Zero Trust’ in relation to IT security was first used back in 2010 in a report by analyst firm Forrester when it was noted that there had been a big increase in the number of enterprises using the public cloud and that the security ‘perimeter’ was changing.

Zero Trust

The Zero Trust approach to IT Security (as highlighted by James Walsh of Fieldfisher) has the following characteristics:

– It is a data-centric model i.e., protecting data from both internal and external threats rather than just relying on the old ‘castle and moat’ style perimeter security (address and location layer).

– It works on the understanding that although as many precautions are being taken as possible, the modern reality is that is not a case of “if” an attacker gets through, but “when”.

– Rather than the old “trust, but verify” approach, the Zero Trust approach is “never trust, always verify” i.e., trust is never granted implicitly but must be continually evaluated / all network traffic and nodes are considered untrustworthy until proven otherwise.  This means that any device must pass authentication and security policy checks to access any corporate resources.  It also means controlling this access only to the extent required.

– Zero Trust is not simply an approach. For it to work effectively, it requires compatible and connected policies, practices, software, and hardware that can create a whole, secure Zero Trust ecosystem.

Managing

In managing the device, user, and trust level, the Zero Trust approach uses:

– Managing the monitoring and compliance of all endpoint devices (understanding the threats), including BYOD (Bring Your Own Devices), through unified endpoint management.

– Having one single sign-on point (SSO) where a single version of a user ID meets a single-entry point where the user credentials must be fully validated before accessing the business systems, as well as logging access in and out of the system.

– Multifactor authentication (MFA) being used to establish a user’s credentials and using a single factor is no longer an option. MFA could include a security key, biometrics, a trusted device, and more.

Benefits

Some of the main benefits of Zero Trust include:

– Administrators can get an accurate inventory of infrastructure (i.e. which users, data, apps, and services are present) in the corporate infrastructure. This contributes to performance planning as well as security.

– The monitoring and alerting gives a better ability to quickly detect and respond to cybersecurity threats. Examples of tools used for monitoring in a Zero Trust framework include security information and event management systems (SIEM) for centralised logging capabilities and IT infrastructure threat detection and response tools.

– Improved user experience thanks to (for example) single sign-on (SSO) limiting the number of passwords needed and requiring a user to authenticate only once to gain access to everything they need.

– Reducing the potential for gaps in the security infrastructure thanks to a universal security policy that is created once and then implemented from end to end throughout the organisation.

– Making it easier and more flexible to move apps, data and services because with Zero Trust, app and data security policies are centrally managed and automation tools migrate the policies where they are required.

Components of a Zero Trust System

An example of the components of what is required for a Zero Trust network, in this case, NIST (US Government), include:

– A policy engine (PE) and policy administrator (PA) at the centre (in tandem or as part of the same software) to decide whether machines or web traffic are safe and granting or revoking access. The PE uses external data sources to help make its decisions.

The policy engine uses external data sources data that can include:

– Continuous diagnostic and mitigation (CDM) systems – providing information about (for example) the current security state, updating of a device’s OS and security software and more.

– Industry (and organisational) compliance checks.

– Threat intelligence feeds (e.g. about blacklists and malware).

– Activity logs that could flag up a potential risk.

– Data access policies for each individual and asset.

– Public key infrastructure (PKI) to validate certificates.

– Security information and event management (SIEM) systems. These provide security-related data that can also be used to improve the whole Zero Trust system.

– Other Zero Trust frameworks can use adaptations to existing technologies, e.g. device sandboxing, a device/agent gateway model, micro-segmentation, and more.

Challenges to Implementing Zero Trust

As with any big change in a company/organisation, moving over to Zero Trust has its challenges which include:

– Any legacy apps, tools and resources that are currently part of network and enterprise operations but aren’t easy to integrate with a Zero Trust system.

– Regulations are currently running behind the implementation of many Zero Trust systems and these will need to change.

– Achieving visibility and control in a network is a big challenge and many organisations don’t have a comprehensive view and are, therefore, still vulnerable through unpatched devices or users with too many privileges.  In the shorter term, a hybrid approach to Zero Trust is likely to lead the way to full implementation.

Examples

Examples of Zero Trust (ZT) security models in action include:

– The US federal government now operates a Zero Trust model.

– Cloud service provider Akamai Technologies (US) – to let employees securely access internal applications but keep end-user devices off the corporate network entirely.

Big Increase In Zero Trust Budgets – Especially Since The Pandemic

The results of a recent poll of more than 600 global security leaders, revealed in a report by Okta show that 90 percent of companies are now working on a Zero Trust initiative, up from 41 percent a year ago and that 82 percent of businesses in Europe have increased their budgets for Zero Trust.  The report also notes that the pandemic has made companies “more security conscious”, thereby motivating them to adopt zero trust.

Big Business For The Future

The large number of companies now adopting Zero Trust is reflected in the results of a new study conducted by Grand View Research Inc, which shows that the Zero Trust security market will be worth $59.43 billion by 2028, which represents a compound annual growth rate of 15 percent!

Resources and Links

Here are some links to a few useful resources and guides for Zero Trust IT security:

Microsoft’s guide to Zero Trust and Zero Trust principles: https://www.microsoft.com/en-gb/security/business/zero-trust

The National Cyber Security Centre’s guide to Zero Trust architecture design principles: https://www.ncsc.gov.uk/collection/zero-trust-architecture

A Zero Trust security cheat sheet: https://www.techrepublic.com/article/zero-trust-security-a-cheat-sheet/.

McAfee’s guide to Zero Trust architecture: https://www.mcafee.com/enterprise/en-gb/security-awareness/cloud/what-is-zero-trust.html

How to implement Zero Trust with real-life examples: https://searchsecurity.techtarget.com/feature/How-to-implement-zero-trust-security-from-people-who-did-it.

What Does This Mean For Your Business?

It is clear that mobile computing, the pace of technological change, the digital transformation, and massive increase in remote-working (fuelled by the pandemic), not to mention soaring cyber-crime figures have highlighted the need for a data-centred approach and a move away from the ‘moat and castle’ view of IT security.  Another good reason to opt for the Zero Trust approach is as a way of having a much better chance of avoiding the cost of a breach.  Not surprisingly, Zero Trust entered the European security market in 2019 and IT and Security Risk professionals as well as many businesses and organisations are now seeing it as the natural and practical way forward, hence the huge increase in businesses working on a Zero Trust initiative in the last year.

News

Featured Article : Featured Article: Why is Data Science … Big?

In this article, we look at what data science is, and what is driving its growth and value to businesses and organisations worldwide.

Data Science

Data science uses multiple disciplines, scientific methods, and processes (e.g. domain expertise, programming skills, data engineering, data preparation, data mining, predictive analytics, machine learning, data visualisation, and knowledge of mathematics and statistics, and more) as well as algorithms and systems to extract knowledge and insights from structured and unstructured data. Data science also apples knowledge and actionable insights from data so that the insights gained can add value and create actionable plans for companies and other organisations.

Vast Amounts of Data Generated and Collected

We now live in a data-driven society with more data being generated than ever before, with most of the data generated in only the last few years. It has been estimated that more than 2.5 quintillion bytes of data are generated every day.  The IDC predicts that by 2025, the total (and constantly growing) amount of digital data created worldwide be 163 zettabytes. Data science and the skills of data scientists have enabled companies to use this data to find new opportunities, make better “data-driven decisions”, and turn the insights from the data into added value and competitive advantage.

Drivers of Data Generation and Collection

The key drivers of data generation and collection include:

– The growth of the world’s internet population.  For example, just before the pandemic in 2020 (the pandemic has boosted Internet growth further) the internet had reached 59 percent of the world’s population (i.e 4.57 billion people with web access), a 3 percent increase from the previous year (DOMO), with 4.2 billion active on mobile and 3.81 billion using social media (social media companies are the biggest collectors of personal data).

– The growth of artificial intelligence (AI) and AI becoming more accessible to (and affordable for) businesses.  AI enables vast amounts of data to be analysed and insights to be found much more quickly and efficiently than ever before. Data scientists and their use of technologies and tools, such as AI, have enabled businesses to tackle and get value from their ‘big data’ (i.e. vast amounts of data they’ve collected) that’s proven too much of a challenge to tackle before.

– The growth of technical innovations like 5G wireless technology, making data collection and application easier and enabling further growth of the  Internet of Things (IoT) e.g. wearables, sensors, monitors, and scanners to collect information on a single network, thereby providing more data for data scientists to work with. In 2020 it was estimated that the number of IoT devices was thought to be anywhere between 30 and 50 billion worldwide which could generate more than 4 zettabytes of data in one year.

– The continuing rise of mobile technology has meant the growth of apps, most of which collect data.

– An accessible international marketplace due to the rise of the Internet and communications technology growth.

The Value of Data Scientists

Given that we are in a data-driven society, data science is now at the forefront of what some have called the fourth industrial revolution.  This is the reason why, as far back as 2012, the Harvard Business Review suggested that being a data scientist is the “sexiest job of the 21st century”.

The value of Data Scientists to companies and organisations is based on the fact that they can use their understanding of multiple scientific and technical disciplines to:

– Analyse data sets to produce actionable plans which, because they are based upon real-world data (i.e. data-driven) can be more successful.

– Use programming, machine learning, risk analysis, and research skills, to help make data comprehensible for everyone else on a team / present key data in a way that others can understand. This enables the value of other team members to be unlocked as they can make more informed and directed decisions and suggestions that help create value-adding and cost-reducing solutions and opportunities.

– Improve business processes to make operations and marketing more efficient and effective.

– Improve marketing by using data insights to increase data-driven personalisation and help businesses to take advantage of (and navigate) important patterns in business trends.

– Ask the right questions and identify data sources and their value, both of which are vital platforms on which to build business decisions.

– Help to set global data security standards.

Data Science and AI

Although artificial intelligence is a tool that can help to power data science operations, data science is not totally dependent on AI.  A data scientist uses their skills to make decisions about extract value from data, but they also need machine learning algorithms to help with and to speed up that process.

Examples

Examples of how data scientists have can positively impact industries include:

– Saving lives and improving processes and outcomes in the healthcare industry (30 percent of the world’s warehoused data is from the medical arena) e.g. developing AI-powered diagnosis models for cardiologists.

– Using data to innovate and improve safety and performance in the transport industry e.g., feeding into the development of autonomous vehicles (cars and aircraft).

– Using data analytics software to help with supply chain management e.g., FoodService Co. using a data-driven dashboard to save labour-hours and inventory reconciliation.

What Does This Mean For Your Business?

In our data-driven society, the data collected by businesses can hold insights that can be a source of value creation, reduced costs, innovation, and competitive advantage. Data scientists have the skills to unlock that value by using multiple disciplines and tools to spot patterns and trends that feed into the improvement of products and services, operations, and marketing. These insights can be transformative, and this explains why data science is a growing field that has become so valuable in all industries over such a short space of time.