Skip to content

5 Mistakes That Threaten Infrastructure Cybersecurity And Resilience

5 Mistakes That Threaten Infrastructure Cybersecurity And Resilience

 

Bottom line: With many IT budgets under scrutiny, cybersecurity teams are expected to do more with less, prioritizing spending that delivers the greatest ROI while avoiding the top five mistakes that threaten their infrastructures.

In a rush to reduce budgets and spending, cybersecurity teams and the CISOs that lead them need to avoid the mistakes that can thwart cybersecurity strategies and impede infrastructure performance. Cutting budgets too deep and too fast can turn into an epic fail from a cybersecurity standpoint. What I’ve found is that CIOs are making decisions based on budget requirements, while CISOs are looking out for the security of the company.

Based on their ongoing interviews with CIOs, Gartner is predicting an 8% decline in worldwide IT spending this year. Cybersecurity projects that don’t deliver a solid ROI are already out of IT budgets. Prioritizing and trimming projects to achieve tighter cost optimization is how CIOs and their teams are reshaping their budgets today. CIOs say the goal is to keep the business running as secure as possible, not attain perfect cybersecurity.

Despite the unsettling, rapid rise of cyber-attacks, including a 667% increase in spear-fishing email attacks related to Covid-19 since February alone, CIOs often trim IT budgets starting with cybersecurity first. The current economic downturn is making it clear that cybersecurity is more of a business strategy than an IT one, as spending gets prioritized by the best-to-worst business case.

Five Mistakes No CISO Wants To Make

One of the hardest parts of a CISO’s job is deciding which projects will continue to be funded and who will be responsible for leading them, so they deliver value. It gets challenging fast when budgets are shrinking and competitors actively recruit the most talented team members. Those factors taken together create the perfect conditions for the five mistakes that threaten the infrastructure cybersecurity and resilience of any business.

The five mistakes no CISO wants to make include the following:

1.   No accountability for the crown jewels for the company. Privileged access credentials continue to be the primary target for cyber-attackers. However, many companies just went through a challenging sprint to make sure all employees have secure remote access to enable Covid-19 work-from-home policies. Research by Centrify reveals that 41% of UK businesses aren’t treating outsourced IT and other third parties likely to have some form of privileged access as an equal security concern.

And while a password vault helps rotate credentials, it still relies on shared passwords and doesn’t provide any accountability to know who is doing what with them. That accountability can be introduced by moving to an identity-centric approach where privileged users log in as themselves and are authenticated using existing identity infrastructures (such as Microsoft Active Directory) to federate access with Centrify’s Privileged Access Service.

CISOs and their teams also continue to discount or underestimate the importance of privileged non-human identities that far outweigh human users as a cybersecurity risk in today’s business world. What’s needed is an enterprise-wide approach enabling machines to protect themselves across any network or infrastructure configuration.

2.   Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago. This gives hackers the green light to get past antiquated legacy security systems to access and leverage modern infrastructures, such as cloud and DevOps. IT security leaders make this even more challenging by not listening to the front-line cybersecurity teams and security analysts who can see the patterns of breach attempts in data they review every day. In dysfunctional organizations, the analyst teams are ignored and cybersecurity suffers.

3. Conflicts of interest when CISOs report to CIOs and the IT budget wins.  This happens in organizations that get hacked because the cybersecurity teams aren’t getting the tools and support they need to do their jobs. With IT budgets facing the greatest scrutiny they’ve seen in a decade, CISOs need to have their budget to defend. Otherwise, too many cybersecurity projects will be cut without thinking of the business implications of each. The bottom line is CISOs need to report to the CEO and have the autonomy to plan, direct, evaluate and course-correct their strategies with their teams.

4. The mistake of thinking cloud platforms’ Identity and Access Management (IAM) tools can secure an enterprise on their own. Cloud providers offer a baseline level of IAM support that might be able to secure workloads in their clouds adequately but is insufficient to protect a multi-cloud, hybrid enterprise. IT leaders need to consider how they can better protect the complex areas of IAM and Privileged Access Management (PAM) with these significant expansions of the enterprise IT estate.

Native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud and other vendors provide enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. However, often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments. Please see the post, The Truth About Privileged Access Security On AWS and Other Public Clouds, for additional information.

5. Exposing their organizations to a greater risk of breach and privileged access credential abuse by staying with legacy password vaults too long. Given the severity, speed and scale of breach attempts, IT leaders need to re-think their vault strategy and make them more identity-centric. Just as organizations have spent the past 5 – 10 years modernizing their infrastructure, they must also consider how to modernize how they secure access to it. More modern solutions can enforce a least privilege approach based on Zero Trust principles that grant just enough, just-in-time access to reduce risk. Forward-thinking organizations will be more difficult to breach by reorienting PAM from being vault-centric to identity-centric.

Conclusion

Decisions about what stays or goes in cybersecurity budgets this year could easily make or break careers for CISOs and CIOs alike. Consider the five mistakes mentioned here and the leading cause of breaches – privileged access abuse. Prioritizing privileged access management for human and machine identities addresses the most vulnerable threat vector for any business. Taking a more modern approach that is aligned to digital transformation priorities can often allow organizations to leverage their existing solutions to reduce risk and costs at the same time.

 

 

 

Why Cybersecurity Is Really A Business Problem

Why Cybersecurity Is Really A Business Problem

Bottom Line: Absolute’s 2020 Endpoint Resilience Report illustrates why the purpose of any cybersecurity program needs to be attaining a balance between protecting an organization and the need to keep the business running, starting with secured endpoints.

Enterprises who’ve taken a blank-check approach in the past to spending on cybersecurity are facing the stark reality that all that spending may have made them more vulnerable to attacks. While cybersecurity spending grew at a Compound Annual Growth Rate (CAGR) of 12% in 2018, Gartner’s latest projections are predicting a decline to only 7% CAGR through 2023. Nearly every CISO I’ve spoken with in the last three months say prioritizing cybersecurity programs by their ROI and contribution to the business is how funding gets done today.

Cybersecurity Has Always Been A Business Decision

Overcoming the paradox of keeping a business secure while fueling its growth is the essence of why cybersecurity is a business decision. Securing an entire enterprise is an unrealistic goal; balancing security and ongoing operations is. CISOs speak of this paradox often and the need to better measure the effectiveness of their decisions.

This is why the findings from Absolute’s 2020 State of Endpoint Resilience Report​  are so timely given the shift to more spending accountability on cybersecurity programs. The report’s methodology is based on anonymized data from enterprise-specific subsets of nearly 8.5 million Absolute-enabled devices active across 12,000+ customer organizations in North America and Europe. Please see the last page of the study for additional details regarding the methodology.

Key insights from the study include the following:

  • More than one of every three enterprise devices had an Endpoint Protection (EP), client management or VPN application out of compliance, further exposing entire organizations to potential threats. More than 5% of enterprise devices were missing one or more of these critical controls altogether. Endpoints, encryption, VPN and Client Management are more, not less fragile, despite millions of dollars being spent to protect them before the downturn. The following graphic illustrates how fragile endpoints are by noting average compliances rate alongside installation rates:
  • When cybersecurity spending isn’t being driven by a business case, endpoints become more complex, chaotic and nearly impossible to protect. Absolute’s survey reflects what happens when cybersecurity spending isn’t based on a solid business decision, often leading to multiple endpoint security agents. The survey found the typical organization has 10.2 endpoint agents on average, up from 9.8 last year. One of the most insightful series of findings in the study and well worth a read is the section on measuring Application Resilience. The study found that the resiliency of an application varies significantly based on what else it is paired with. It’s interesting to see that same-vendor pairings don’t necessarily do better or show higher average compliance rates than pairings from different vendors. The bottom line is that there’s no guarantee that any agent, whether sourced from a single vendor or even the most innovative vendors, will work seamlessly together and make an organization more secure. The following graphic explains this point:
  •  60% of breaches can be linked to a vulnerability where a patch was available, but not applied. When there’s a compelling business case to keep all machines current, patches get distributed and installed. When there isn’t, operating system patches are, on average, 95 days late. Counting up the total number of vulnerabilities addressed on Patch Tuesday in February through May 2020 alone, it shows that the average Windows 10 enterprise device has hundreds of potential vulnerabilities without a fix applied – including four zero-day vulnerabilities. Absolute’s data shows that Post-Covid-19, the average patch age has gone down slightly, driven by the business case of supporting an entirely remote workforce.
  • Organizations that had defined business cases for their cybersecurity programs are able to adapt better and secure vulnerable endpoint devices, along with the sensitive data piling up on those devices, being used at home by employees. Absolute’s study showed that the amount of sensitive data – like Personal Identifiable Information (PII), Protected Health Information (PHI) and Personal Financial Information (PFI) data – identified on endpoints soared as the Covid-19 outbreak spread and devices went home to work remotely. Without autonomous endpoints that have an unbreakable digital tether to ensure the health and security of the device, the greater the chance of this kind of data being exposed, the greater the potential for damages, compliance violations and more.

Conclusion

Absolute’s latest study on the state of endpoints amplifies what many CISOs and their teams are doing today. They’re prioritizing cybersecurity endpoint projects on ROI, looking to quantify agent effectiveness and moving beyond the myth that greater compliance is going to get them better security. The bottom line is that increasing cybersecurity spending is not going to make any business more secure, knowing the effectiveness of cybersecurity spending will, however. Being able to capable of tracking how resilient and persistent every autonomous endpoint is in an organization makes defining the ROI of endpoint investments possible, which is what every CISO I’ve spoken with is focusing on this year.

How To Improve Channel Sales With AI-Based Knowledge Sharing Networks

How To Improve Channel Sales With AI-Based Knowledge Sharing Networks

Bottom Line: Knowledge-sharing networks have been improving supply chain collaboration for decades; it’s time to enhance them with AI and extend them to resellers to revolutionize channel selling with more insights.

The greater the accuracy and speed of supply chain-based data integration and knowledge, the greater the accuracy of custom product orders. Add to that the complexity of selling CPQ and product configurations through channels, and the value of using AI to improve knowledge sharing networks becomes a compelling business case.

Why Channels Need AI-Based Knowledge Sharing Networks Now

Automotive, consumer electronics, high tech, and industrial products manufacturers are combining IoT sensors, microcontrollers, and modular designs to sell channel-configurable smart vehicles and products. AI-based knowledge-sharing networks are crucial to the success of their next-generation products. Likewise, to sell to any of these manufacturers, suppliers need to be pursuing the same strategy. AI-based services, including Amazon Alexa, Microsoft Cortana, and Google Voice and others, rely on knowledge-sharing networks to collaborate with automotive supply chains and strengthen OEM partnerships. The following graphic reflects how successful Amazon’s Alexa Automotive OEM sales team is at using knowledge-sharing networks to gain design wins across their industry.

The following are a few of the many reasons why creating and continually fine-tuning an AI-based knowledge-sharing network is an evolving strategy worth paying attention to:

  • Supply chains are the primary source of knowledge that must permeate an organization’s structure and channels for the company to stay synchronized to broader market demands. For CPQ channel selling strategies to thrive, they need real-time pricing, availability, available-to-promise, and capable-to-promise data to create accurate, competitive quotes that win deals. The better the supplier collaboration across supply chains and with channel partners, the higher the probability of selling more. A landmark study of the Toyota Production System by Professors Jeffrey H Dyer & Kentaro Nobeoka found that Toyota suppliers value shared data more than cash, making knowledge sharing systems invaluable to them (Dyer, Nobeoka, 2000).
  • Smart manufacturing metrics also need to be contributing real-time data to knowledge sharing systems channel partners use, relying on AI to create quotes for products that can be built the fastest and are the most attractive to each customer. Combining manufacturing’s real-time monitoring data stream of ongoing order progress and production availability with supply chain pricing, availability, and quality data all integrated to a cloud-based CPQ platform gives channel partners what they need to close deals now. AI-based knowledge-sharing networks will link supply chains, manufacturing plants, and channel partners to create smart factories that drive more sales. According to a recent Capgemini study, manufacturers are planning to launch 40% more smart factories in the next five years, increasing their annual investments by 1.7 times compared to the previous three years, according to their recent Smart factories @ scale Capgemini survey. The following graphic illustrates the percentage growth of smart factories across key geographic regions, a key prerequisite for enabling AI-based knowledge-sharing networks with real-time production data:
  • By closing the data gaps between suppliers, manufacturing, and channels, AI-based knowledge-sharing networks give resellers the information they need to sell with greater insight. Amazon’s Alexa OEM marketing teams succeeded in getting the majority of design-in wins with automotive manufacturers designing their next-generation of vehicles with advanced electronics and AI features. The following graphic from Dr. Dyer’s and Nobeoka’s study defines the foundations of a knowledge-sharing network. Applying AI to a mature knowledge-sharing network creates a strong network effect where every new member of the network adds greater value.
  • Setting the foundation for an effective knowledge sharing network needs to start with platforms that have AI and machine learning designed in with structure that can flex for unique channel needs. There are several platforms capable of supporting AI-based knowledge-sharing networks available, each with its strengths and approach to adapting to supply chain, manufacturing, and channel needs. One of the more interesting frameworks not only uses AI and machine learning across its technology pillars but also takes into consideration that a company’s operating model needs to adjust to leverage a connected economy to adapt to changing customer needs. BMC’s Autonomous Digital Enterprise (ADE) is differentiated from many others in how it is designed to capitalize on AI and Machine Learning’s core strengths to create innovation ecosystems in a knowledge-sharing network. Knowledge-sharing networks thrive on continuous learning. It’s good to see major providers using adaptive and machine learning to strengthen their platforms, with BMC’s Automated Mainframe Intelligence (AMI) emerging as a leader. Their approach to using adaptive learning to maintain data quality during system state changes and link exceptions with machine learning to deliver root cause analysis is prescient of where continuous learning needs to go.  The following graphic explains the ADE’s structure.

Conclusion

Knowledge-sharing networks have proven very effective in improving supply chain collaboration, supplier quality, and removing barriers to better inventory management. The next step that’s needed is to extend knowledge-sharing networks to resellers and enable knowledge sharing applications that use AI to tailor product and service recommendations for every customer being quoted and sold to. Imagine resellers being able to create quotes based on the most buildable products that could be delivered in days to buying customers. That’s possible using a knowledge-sharing network. Amazon’s success with Alexa design wins shows how their use of knowledge-sharing systems helped to provide insights needed across automotive OEMs wanted to add voice-activated AI technology to their next-generation vehicles.

References

BMC, Maximizing the Value of Hybrid IT with Holistic Monitoring and AIOps (10 pp., PDF).

BMC Blogs, 2019 Gartner Market Guide for AIOps Platforms, December 2, 2019

Cai, S., Goh, M., De Souza, R., & Li, G. (2013). Knowledge sharing in collaborative supply chains: twin effects of trust and power. International journal of production Research51(7), 2060-2076.

Capgemini Research Institute, Smart factories @ scale: Seizing the trillion-dollar prize through efficiency by design and closed-loop operations, 2019.

Columbus, L, The 10 Most Valuable Metrics in Smart Manufacturing, Forbes, November 20, 2020

Jeffrey H Dyer, & Kentaro Nobeoka. (2000). Creating and managing a high-performance knowledge-sharing network: The Toyota case. Strategic Management Journal: Special Issue: Strategic Networks, 21(3), 345-367.

Myers, M. B., & Cheung, M. S. (2008). Sharing global supply chain knowledge. MIT Sloan Management Review49(4), 67.

Wang, C., & Hu, Q. (2020). Knowledge sharing in supply chain networks: Effects of collaborative innovation activities and capability on innovation performance. Technovation94, 102010.

 

Why Securing Endpoints Is The Future Of Cybersecurity

Why Securing Endpoints Is The Future Of Cybersecurity

  • 86% of all breaches are financially motivated, where threat actors are after company financial data, intellectual property, health records, and customer identities that can be sold fast on the Dark Web.
  • 70% of breaches are perpetrated by external actors, making endpoint security a high priority in any cybersecurity strategy.
  •  55% of breaches originate from organized crime groups.
  • Attacks on Web apps accessed from endpoints were part of 43% of breaches, more than double the results from last year.

These and many other insights are from Verizon’s 2020 Data Breach Investigations Report (DBIR), downloadable here (PDF, 119 pp. free, opt-in). One of the most-read and referenced data breach reports in cybersecurity, Verizon’s DBIR, is considered the definitive source of annual cybercrime statistics. Verizon expanded the scope of the report to include 16 industries this year, also providing break-outs for Asia-Pacific (APAC); Europe, Middle East and Africa (EMEA); Latin America and the Caribbean (LAC); and North America, Canada, and Bermuda, which Verizon says is experiencing more breaches (NA).

The study’s methodology is based on an analysis of a record total of 157,525 incidents. Of those, 32,002 met Verizon’s quality standards, and 3,950 were confirmed data breaches. The report is based on an analysis of those findings. Please see Appendix A for the methodology.

Key insights include the following:

  • Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today. After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.
  • The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device. There are several dashboards available, and one of the most insightful is from Absolute, called the Remote Work and Distance Learning Insights Center. An example of the dashboard shown below:
  • 85% of victims and subjects were in the same country, 56% were in the same state, and 35% were even in the same city based on FBI Internet Crime Complaint Center (IC3) data. Cybercriminals are very opportunistic when it comes to attacking high-profile targets in their regions of the world. Concerted efforts of cybercriminals funded by organized crime look for the weakest threat surfaces to launch an attack on, and unprotected endpoints are their favorite target. What’s needed is more of a true endpoint resilience approach that is based on a real-time, unbreakable digital tether that ensures the security of every device and the apps and data it contains.
  • Cloud assets were involved in about 24% of breaches this year, while on-premises assets are still 70%. Ask any CISO what the most valuable lesson they learned from the pandemic has been so far, and chances are they’ll say they didn’t move to the cloud quickly enough. Cloud platforms enable CIOs and CISOs to provide a greater scale of applications for their workforces who are entirely remote and a higher security level. Digging deeper into this, cloud-based Security Information and Event Management (SIEM) provides invaluable real-time analysis, alerts, and deterrence of potential breaches. Today it’s the exceptional rather than the rule that CISOs prefer on-premise over cloud-based SIEM and endpoint security applications. Cloud-based endpoint platforms and the apps they support are the future of cybersecurity as all organizations now are either considering or adopting cloud-based cybersecurity strategies.
  • Over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. One of the most valuable insights from the Verizon DBIR is how high of a priority cybercriminals are placing on stealing personal and privileged access credentials. Shutting down potential breach attempts from stolen passwords involves keeping every endpoint completely up to date on software updates, monitoring aberrant activity, and knowing if anyone is attempting to change the configuration of a system as an administrator. By having an unbreakable digital tether to every device, greater control and real-time response to breach attempts are possible.

Conclusion

Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of cybersecurity, a point that can be inferred from Verizon’s DBIR this year. While CIOs are more budget-focused than ever, CISOs are focused on how to anticipate and protect their enterprises from new, emerging threats. Closing the asset management gaps while securing every endpoint is a must-have to secure any business today. There are several cybersecurity companies offering endpoint security today. Based on customer interviews I’ve done, one of the clear leaders in endpoint resilience is Absolute Software, whose persistent-firmware technology allows them to self-heal their own agent, as well as any endpoint security control and productivity tool on any protected device such as their Resilience suite of applications.

How Barclays Is Preventing Fraud With AI

How Barclays Is Preventing Fraud With AI

Bottom Line: Barclays’ and Kount’s co-developed new product, Barclays Transact reflects the future of how companies will innovate together to apply AI-based fraud prevention to the many payment challenges merchants face today.

Merchant payment providers have seen the severity, scope, and speed of fraud attacks increase exponentially this year. Account takeovers, card-not-present fraud, SMS spoofing, and phishing are just a few of the many techniques cybercriminals are using to defraud merchants out of millions of dollars. One in three merchants, 32%, prioritize payment providers’ fraud and security strengths over customer support and trust according to a recent YouGov survey.  But it doesn’t have to be a choice between security and a frictionless transaction.

Frustrated by the limitations of existing fraud prevention systems, many payment providers are working as fast as they can to pilot AI- and machine-learning-based applications and platforms. Barclays Payment Solutions’ decision to work with AI-based solution Kount is what the future of AI-based fraud prevention for payment providers looks like.

How AI Helps Thwart Fraud And Increase Sales at Barclays   

Barclays Payment Services handles 40% of all merchant payments in the UK. They’ve been protecting merchants and their customers’ data for over 50 years, and their fraud and security teams have won industry awards. For Barclays, excelling at merchant and payment security is the only option.

In order to offer an AI-based suite of tools to help merchants make their online transactions both simpler and safer, Barclays chose to partner with Kount. Their model of innovating together enables Barclays to strengthen their merchant payment business with AI-based fraud prevention and gain access to Kount’s Identity Trust Global Network, the largest network of trust and fraud-related signals. Kount gains knowledge into how they can fine-tune their AI and machine learning technologies to excel at payment services. Best of all, Barclays’ merchant customers will be able to sell more by streamlining the payment experience for their customers. The following is an overview of the Barclays Transact suite for merchants.

Barclays and Kount defined objectives for Barclay Transact: protect against increasingly sophisticated eCommerce fraud attempts, improve their merchants’ customer experiences during purchases, prepare for UK-mandated Strong Customer Authentication (SCA) by allowing businesses to take advantage of Transaction Risk Analysis (TRA) exemptions, optimize payment acceptance workflows and capitalize on Kount’s Identity Trust Global Network.

Adding urgency to the co-creation of Barclays Transact are UK regulatory requirements. To help provide clarity and support to merchants and the market from the impact of Covid-19 the Financial Conduct Authority (FCA) have agreed to delay the enforcement of a Strong Customer Authentication (SCA) until 14 September 2021 in the UK. The European Economic Area (EEA) deadline remains 31 December, 2020. Kount’s AI- and machine learning algorithms designed into Barclay Transact, tested at beta sites and fine-tuned for the first release, are effective in meeting UK government mandates.

How AI Is Turning Trust Into A Sales Accelerator At Barclays

The Barclays Payment Solutions and Kount teams believe that the more ambitious the goals for Barclays Transact to deliver value to merchants, the stronger the suite will be. Here are examples of goals businesses can achieve with this partnership:

  1. Achieve as few false positives as possible by making real-time updates to machine learning algorithms and fine-tuning merchant responses.
  2. Reduce the number of manual reviews for fraud analysts consistently by applying AI and machine learning to provide early warning of anomalies.
  3. Minimize the number of chargebacks to merchant partners.
  4. Reduce the friction and challenges merchants experience with legacy fraud prevention systems by streamlining the purchasing experience.
  5. Enable compliance to UK-mandated regulatory requirements while streamlining merchants and their customers’ buying experiences.

Barclays Transact analyzes every transaction in real-time using Kount’s AI-based fraud analysis technology, scoring each on a spectrum of low to high risk. Each Barclays merchant’s gateway then uses this score to identify the transactions which qualify for TRA exemptions. This results in a more frictionless payment and checkout experience for customers, resulting in lower levels of shopping cart abandonment and increased sales. Higher-risk transactions requiring further inspection will still go through two-factor authentication, or be immediately declined, per the regulation and customer risk appetite. The following is an example of the workflow Barclays and Kount were able to accomplish by innovating together:

Conclusion 

Improving buying experiences and keeping them more secure on a trusted platform is an ambitious design goal for any suite of online tools. Barclays and Kount’s successful development and launch of a co-developed product is prescient and points the way forward for payment providers who need AI expertise to battle fraud now. A bonus is how the partnership is going to enrich the Kount Identity Trust Global Network, the largest network of trust and risk signals, which is comprised of 32 billion annual interactions from more than 6,500 customers across 75+ industries. “We are excited to be partnering with Kount, because they share our goal of collaborative innovation, and a drive to deliver best-in-class shopper experiences. Thanks to Kount’s award-winning fraud detection software, the new module will not only help customers to fight fraud and prevent unwanted chargebacks, but it will also help them to maximize sales, improve customer experience, and better prepare for the introduction of SCA,” David Jeffrey, Director of Product, Barclaycard Payments said.

Debunking The Myth That Greater Compliance Makes IT More Secure

Debunking The Myth That Greater Compliance Makes IT More Secure

Bottom Line:  Excelling at compliance doesn’t protect any business from being hacked, yet pursuing a continuous risk management strategy helps.

With a few exceptions (such as spearphishing), cyberattacks are, by nature, brutally opportunistic and random. They are driven to disrupt operations at best and steal funds, records, and privileged access credentials at worst. Conversely, the most important compliance event of all, audits, are planned for, often months in advance. Governance, Risk, and Compliance (GRC) teams go to Herculean efforts to meet and exceed audit prep timelines working evenings and weekends.

Wanting to learn more about the relationship between GRC and cybersecurity strategy, I searched for webinars on the topic. I found Improve Your Compliance Posture with Identity-Centric PAM, a recent webinar-on-demand offered by Centrify. The webinar brought up several interesting insights, including shared pains companies experience with compliance and cybersecurity, yet require drastically different approaches to solving them.

Rationalizing Compliance Spending with Cybersecurity

The truth is organizations are attempting to rationalize the high costs of compliance by looking for how GRC spend can also improve cybersecurity. This is a dangerous assumption, as Marriott’s third breach indicates. Marriott is an excellently managed business and sets standards in compliance. Unfortunately, that hasn’t thwarted three breaches they’ve experienced.

Why are organizations assuming GRC spending will improve cybersecurity? It’s because both areas share a common series of pains that require different solutions, according to the webinar. These pains include:

  • Updates to regulations are exponentially increasing today, averaging 200 or more per day from approximately 900 oversight agencies worldwide, leading to a quickly changing, heterogeneous landscape. Dr. Torsten George, Cybersecurity Evangelist at Centrify, said that when he worked in the GRC space, the midsize clients he worked with had to deal with 17 different regulations. Larger organizations that operate on a global basis are dealing with, on average, 70 or more regulations they need to stay in compliance with. Dr. George provided an overview of the compliance landscape, differentiating between the levels compliance requirements every organization needs to abide by, which is shown below:
  • Compliance is, by nature, reactive to a known event (audit), while cybersecurity is also entirely reactive to random events (cyberattacks). GRC teams need to ramp up their staff and equip them with the apps and tools they need at least six months before an audit. For cybersecurity, the threat is random and will most likely be more severe in terms of financial loss. Preparing for each takes entirely different strategies.
  • The lack of continuous risk monitoring by GRC teams and identity management by IT cybersecurity leads to systemic failures in achieving compliance and securing an organization. The webinar makes an excellent point that for compliance to succeed, it needs to be based on continuous risk management, not just checking off the boxes or categories of a given GRC approach. The same holds for cybersecurity. Identity-Centric Privileged Access Management (PAM) provides GRC and IT professionals mutual benefits when it comes to achieving the mission of being and staying compliant, and shows how securing enterprises drive better compliance, not vice versa.
  • Manually updating compliance mapping tables showing the interrelationships of requirements by industry is not scaling – and leaving gaps in GRC coverage. The more regulated a business is, for example manufacturing medical products, the more important it is to automate every aspect of compliance. A great place to start is automating the process of creating mapping tables. Taking a manual approach to creating mapping tables comparing standards often leads to errors and gaps. And in highly regulated industries like medical products manufacturing, the accuracy, speed, and scale of staying compliant can be turned into a competitive advantage, leading to more sales.

How To Resolve The Conflict Between GRC and Cybersecurity Spending

According to the webinar, 80% of today’s data breaches are caused by default, weak, stolen, or otherwise compromised credentials. GRC and cybersecurity strategies’ best efforts need to be put on securing privileged access first. The webinar makes a strong argument for prioritizing privileged access security as the initiative that can unify GRC and cybersecurity strategies.

Key insights from the webinar include the following:

  • Industry standards and government regulations are calling for identity and access management as a requirement, with several specifically naming privilege access controls.
  • Identity-Centric Privileged Access Management (PAM) approaches help meet compliance mandates, while at the same time hardening cybersecurity to the threat surface level.
  • Attaining greater compliance by taking an Identity-Centric PAM approach ensures machines have secured identities as well, and the use of anonymous access accounts is limited to break-glass scenarios only, while organizations should otherwise be leveraging enterprise directory identities for the authentication and authorization process.
  • Improving accountability and segmentation by establishing granular security controls and auditing everything helps bridge the gap between GRC and cybersecurity initiatives.
Debunking The Myth That Greater Compliance Makes IT More Secure

Conclusion

Continuous risk management is key to excelling at compliance, just as securing privileged access credentials is foundational to an effective cybersecurity strategy. Dr. Torsten George ended the webinar saying, “In the long term, I believe that the current situation that we’re dealing with and its associated spike of cyber-attacks will lead to even stricter compliance mandates; especially when it comes to secure remote access by key IT stakeholders and outsourced IT.” The bottom line is that compliance and cybersecurity must share the common goal of protecting their organizations’ privileged access credentials using adaptive approaches and technologies if both are going to succeed.

 

 

10 Ways Enterprises Are Getting Results From AI Strategies

10 Ways Enterprises Are Getting Results From AI Strategies

  • One in 10 enterprises now use 10 or more AI applications; chatbots, process optimization, and fraud analysis lead a recent survey’s top use cases according to MMC Ventures.
  • 83% of IT leaders say AI & ML is transforming customer engagement, and 69% say it is transforming their business according to Salesforce Research.
  • IDC predicts spending on AI systems will reach $97.9B in 2023.

AI pilots are progressing into production based on their combined contributions to improving customer experience, stabilizing and increasing revenues, and reducing costs. The most successful AI use cases contribute to all three areas and deliver measurable results. Of the many use cases where AI is delivering proven value in enterprises today, the ten areas discussed below are notable for the measurable results they are providing.

What each of these ten use cases has in common is the accuracy and efficiency they can analyze and recommend actions based on real-time monitoring of customer interactions, production, and service processes. Enterprises who get AI right the first time build the underlying data structures and frameworks to support the advanced analytics, machine learning, and AI techniques that show the best potential to deliver value. There are various frameworks available, with BMC’s Autonomous Digital Enterprise (ADE) encapsulating what enterprises need to scale out their AI pilots into production. What’s unique about BMC’s approach is its focus on delivering transcendent customer experiences by creating an ecosystem that uses technology to cater to every touchpoint on a customer’s journey, across any channel a customer chooses to interact with an enterprise on.

10 Areas Where AI Is Delivering Proven Value Today

Having progressed from pilot to production across many of the world’s leading enterprises, they’re great examples of where AI is delivering value today. The following are 10 areas where AI is delivering proven value in enterprises today

  • Customer feedback systems lead all implementations of AI-based self-service platforms. That’s consistent with the discussions I’ve had with manufacturing CEOs who are committed to Voice of the Customer (VoC) programs that also fuel their new product development plans. The best-run manufacturers are using AI to gain customer feedback better also to improve their configure-to-order product customization strategies as well. Mining contact center data while improving customer response times are working on AI platforms today. Source: Forrester study, AI-Infused Contact Centers Optimize Customer Experience Develop A Road Map Now For A Cognitive Contact Center.
  • McKinsey finds that AI is improving demand forecasting by reducing forecasting errors by 50% and reduce lost sales by 65% with better product availability. Supply chains are the lifeblood of any manufacturing business. McKinsey’s initial use case analysis is finding that AI can reduce costs related to transport and warehousing and supply chain administration by 5% to 10% and 25% to 40%, respectively. With AI, overall inventory reductions of 20% to 50% are possible. Source: Smartening up with Artificial Intelligence (AI) – What’s in it for Germany and its Industrial Sector? McKinsey & Company.

10 Ways Enterprises Are Getting Results From AI Strategies

  • The majority of CEOs and Chief Human Resource Officers (CHROs) globally plan to use more AI within three years, with the U.S. leading all other nations at 73%. Over 63% of all CEOs and CHROs interviewed say that new technologies have a positive impact overall on their operations. CEOs and CHROs introducing AI into their enterprises are doing an effective job at change management, as the majority of employees, 54%, are less concerned about AI now that they see its benefits. C-level executives who are upskilling their employees by enabling them to have stronger digital dexterity skills stand a better chance of winning the war for talent. Source: Harris Interactive, in collaboration with Eightfold Talent Intelligence And Management Report 2019-2020 Report.

10 Ways Enterprises Are Getting Results From AI Strategies

  • AI is the foundation of the next generation of logistics technologies, with the most significant gains being made with advanced resource scheduling systems. AI-based techniques are the foundation of a broad spectrum of next-generation logistics and supply chain technologies now under development. The most significant gains are being made where AI can contribute to solving complex constraints, cost, and delivery problems manufacturers are facing today. For example, AI is providing insights into where automation can deliver the most significant scale advantages. Source: McKinsey & Company, Automation in logistics: Big opportunity, bigger uncertainty, April 2019. By Ashutosh Dekhne, Greg Hastings, John Murnane, and Florian Neuhaus.

10 Ways Enterprises Are Getting Results From AI Strategies

  • AI sees the most significant adoption by marketers working in $500M to $1B companies, with conversational AI for customer service as the most dominant. Businesses with between $500M to $1B lead all other revenue categories in the number and depth of AI adoption use cases. Just over 52% of small businesses with sales of $25M or less are using AI for predictive analytics for customer insights. It’s interesting to note that small companies are the leaders in AI spending, at 38.1%, to improve marketing ROI by optimizing marketing content and timing. Source: The CMO Survey: Highlights and Insights Report, February 2019. Duke University, Deloitte, and American Marketing Association. (71 pp., PDF, free, no opt-in).
  • A semiconductor manufacturer is combining smart, connected machines with AI to improve yield rates by 30% or more, while also optimizing fab operations and streamlining the entire production process. They’ve also been able to reduce supply chain forecasting errors by 50% and lost sales by 65% by having more accurate product availability, both attributable to insights gained from AI. They’re also automating quality testing using machine learning, increasing defect detection rates up to 90%. These are the kind of measurable results manufacturers look for when deciding if a new technology is going to deliver results or not. These and many other findings from the semiconductor’s interviews with McKinsey are in the study, Smartening up with Artificial Intelligence (AI) – What’s in it for Germany and its Industrial Sector? . The following graphic from the study illustrates the many ways AI and machine learning are improving semiconductor manufacturing.

10 Ways Enterprises Are Getting Results From AI Strategies

  • AI is making it possible to create propensity models by persona, and they are invaluable for predicting which customers will act on a bundling or pricing offer. By definition, propensity models rely on predictive analytics including machine learning to predict the probability a given customer will act on a bundling or pricing offer, e-mail campaign or other call-to-action leading to a purchase, upsell or cross-sell. Propensity models have proven to be very effective at increasing customer retention and reducing churn. Every business excelling at omnichannel today rely on propensity models to better predict how customers’ preferences and past behavior will lead to future purchases. The following is a dashboard that shows how propensity models work. Source: customer propensities dashboard is from TIBCO.
  • AI is reducing logistics costs by finding patterns in track-and-trace data captured using IoT-enabled sensors, contributing to $6M in annual savings. BCG recently looked at how a decentralized supply chain using track-and-trace applications could improve performance and reduce costs. They found that in a 30-node configuration, when blockchain is used to share data in real-time across a supplier network, combined with better analytics insight, cost savings of $6M a year is achievable. Source: Boston Consulting Group, Pairing Blockchain with IoT to Cut Supply Chain Costs, December 18, 2018, by Zia Yusuf, Akash Bhatia, Usama Gill, Maciej Kranz, Michelle Fleury, and Anoop Nannra.
  • Detecting and acting on inconsistent supplier quality levels and deliveries using AI-based applications is reducing the cost of bad quality across electronic, high-tech, and discrete manufacturing. Based on conversations with North American-based mid-tier manufacturers, the second most significant growth barrier they’re facing today is suppliers’ lack of consistent quality and delivery performance. Using AI, manufacturers can discover quickly who their best and worst suppliers are, and which production centers are most accurate in catching errors. Manufacturers are using dashboards much like the one below for applying machine learning to supplier quality, delivery, and consistency challenges. Source: Microsoft, Supplier Quality Analysis sample for Power BI: Take a tour.

10 Ways Enterprises Are Getting Results From AI Strategies

  • Optimizing Shop Floor Operations with Real-Time Monitoring and AI is in production at Hitachi today. Combining real-time monitoring and AI to optimize shop floor operations, providing insights into machine-level loads and production schedule performance, is now in production at Hitachi. Knowing in real-time how each machine’s load level impacts overall production schedule performance leads to better decisions managing each production run. Optimizing the best possible set of machines for a given production run is now possible using AI.  Source: Factories of the Future: How Symbiotic Production Systems, Real-Time Production Monitoring, Edge Analytics, and AI Are Making Factories Intelligent and Agile, Youichi Nonaka, Senior Chief Researcher, Hitachi R&D Group and Sudhanshu Gaur Director, Global Center for Social Innovation Hitachi America R&D.

10 Ways Enterprises Are Getting Results From AI Strategies

Additional reading:

15 examples of artificial intelligence in marketing, eConsultancy, February 28, 2019

4 Positive Effects of AI Use in Email Marketing, Statista, March 1, 2019

4 Ways Artificial Intelligence Can Improve Your Marketing (Plus 10 Provider Suggestions), Forbes, Kate Harrison, January 20, 2019

Artificial Intelligence: The Next Frontier? McKinsey Global Institute (PDF, 80 pp., no opt-in)

Artificial Intelligence: The Ultimate Technological Disruption Ascends, Woodside Capital Partners. (PDF,

DHL Trend Research, Logistics Trend Radar, Version 2018/2019 (PDF, 55 pp., no opt-in)

2018 (43 pp., PDF, free, no opt-in).

Digital/McKinsey, Smartening up with Artificial Intelligence (AI) – What’s in it for Germany and its Industrial Sector? (PDF, 52 pp., no opt-in)

How To Win Tomorrow’s Car Buyers – Artificial Intelligence in Marketing & Sales, McKinsey Center for Future Mobility, McKinsey & Company. February 2019. (44 pp., PDF, free, no opt-in)

How Top Marketers Use Artificial Intelligence On-Demand Webinar with Vala Afshar, Chief Digital Evangelist, Salesforce and Meghann York, Director, Product Marketing, Salesforce

In-depth: Artificial Intelligence 2019, Statista Digital Market Outlook, February 2019 (client access reqd).

bes Insights and Quantcast Study (17 pp., PDF, free, opt-in),

Marketing & Sales Big Data, Analytics, and the Future of Marketing & Sales, (PDF, 60 pp., no opt-in), McKinsey & Company.

McKinsey & Company, Automation in logistics: Big opportunity, bigger uncertainty, April 2019. By Ashutosh Dekhne, Greg Hastings, John Murnane, and Florian Neuhaus

McKinsey & Company, Notes from the AI frontier: Modeling the impact of AI on the world economy, September 2018 By Jacques Bughin, Jeongmin Seong, James Manyika, Michael Chui, and Raoul Joshi

Papadopoulos, T., Gunasekaran, A., Dubey, R., & Fosso Wamba, S. (2017). Big data and analytics in operations and supply chain management: managerial aspects and practical challenges. Production Planning & Control28(11/12), 873-876.

Powerful pricing: The next frontier in apparel and fashion advanced analytics, McKinsey & Company, December 2018

Winning tomorrow’s car buyers using artificial intelligence in marketing and sales, McKinsey & Company, February 2019

World Economic Forum, Impact of the Fourth Industrial Revolution on Supply Chains (PDF, 22 pgs., no opt-in)

World Economic Forum, Supply Chain 4.0 Global Practices, and Lessons Learned for Latin America and the Caribbean (PDF, 44 pp., no opt-in)

Worldwide Spending on Artificial Intelligence Systems Will Grow to Nearly $35.8 Billion in 2019, According to New IDC Spending Guide, IDC; March 11, 2019

 

How To Build A Business Case For Endpoint Security

How To Build a Business Case for Endpoint Security

Bottom Line:  Endpoint security business cases do much more than just quantify costs and benefits; they uncover gaps in endpoint and cyber protection that need urgent attention to avert a breach.

Bad actors and hackers prefer to attack threat surfaces that are isolated, vulnerable with out-of-date security patches, yet integrated into a corporate network to provide access. For these reasons and more, endpoints are now the popular choice for hacking attempts. Ponemon Institute’s Third Annual Study on the State of Endpoint Security Risk published in January of this year found that 68% of organizations were victims of successful endpoint attacks in 2019 that compromised data assets and IT infrastructure. Since 2017, successful endpoint attacks have spiked by 26 percent. The Ponemon study also found that it takes the typical organization 97 days to test and deploy patches to each endpoint. When the average endpoint is three months behind on updates, it’s understandable why breaches are increasing. In 2019 the average endpoint breach inflicted $8.94M in losses. The following graphic compares the escalating number of breaches and economic losses for the last three years:

How To Build A Business Case For Endpoint Security

Exploring Endpoint Security’s Many Benefits

Think of building a business case for endpoint security as the checkup every company needs to examine and identify and every threat surface that can be improved. Just as all efforts to preserve every person’s health is priceless today, organizations can’t let their guard down when it comes to keeping endpoint security strong.

The economic fallout of COVID-19 is hitting IT budgets hard. That’s why now is the time to build a business case for endpoint security. CIOs and CISOs have to make budget cuts due to revenue shortfalls. One area no one wants to compromise on, however, is allowing endpoint agents to degrade over time. Absolute Software’s  Endpoint Security Trends Report found that the more complex and layered the endpoint protection, the greater the risk of a breach. Overloading every endpoint with multiple agents is counterproductive and leaves endpoints less secure than if fewer agents were installed.  Additionally, Absolute just launched a Remote Work and Distance Learning Insights Center, providing insights into the impact of COVID-19 on IT and security controls. An example of the dashboard shown below:

How To Build A Business Case For Endpoint Security

 

Business Case Benefits Need To Apply To  IT and Operations

Absolute and Ponemon’s studies suggest that autonomous endpoints are the future of endpoint security. Activating security at the endpoint and having an undeletable tether to every device solves many of the challenges every business’s IT and Operations teams face. And with the urgency to make IT and Operations as virtual as possible with budgets impacted by COVID-19’s economic fallout, team leaders in each area are focusing on the following shared challenges. COVID-19’s quarantine requirements make hybrid workforces instantly appear and make the budgets needed to support them vanish at the same time.  The following are the shared benefits for IT and Operations that need to anchor any endpoint security business case:

  • The most urgent need is for greater IT Help Desk efficiency. While this is primarily an IT metric, the lack of real-time availability of resources is slowing down remote Operations teams from getting their work done.
  • Both IT and Operations share asset utilization, loss reduction, and lifecycle optimization ownership in many organizations today. Having a persistent, undeletable tether to every device at the hardware level is proving to be an effective approach IT, and Operations teams are relying on to track and improve these metrics. The Absolute and Ponemon studies suggest that the more resilient the endpoint, the better the asset efficiency and lifecycle optimization. Autonomous endpoints can self-heal and regenerate themselves, further improving shared metric performance for IT and Operations.
  • The more autonomous endpoints an organization has, the quicker Operations and IT can work together to pivot into new business models that require virtual operations. Education, Healthcare, Financial Services, Government, and Professional Services are all moving to hybrid remote workplaces and virtual operations as fast as they can. Using the business case for endpoint security as a roadmap to see where threat surfaces need to be improved for new growth is key.

Endpoint Security Benefits 

The following are the benefits that need to be included in creating a business case for endpoint security:

  • Reduce and eventually eliminate IT Help Desk backlogs by keeping endpoints up-to-date. Reducing the call volume on IT Help Desks can potentially save over $45K a year, assuming a typical call takes 10 minutes and the cumulative time savings in 1,260 hours saved by the IT help desk annually.
  • Reduce Security Operations staff interruptions and emergency security projects that require IT’s time to run analytics reports and analyses. Solving complex endpoint security problems burns thousands of dollars and hours over a year between Security, IT, and Operations. Having a persistent, unbreakable connection to every endpoint provides the device visibility teams need to troubleshoot problems. Assuming the 2,520 hours IT Security teams alone spend on emergency endpoint security problems could be reduced, organizations could save approximately $130K a year. 
  • Autonomous endpoints with an undeletable tether improve compliance, control, and visibility and is a must-have in the new hybrid remote workplace. For endpoint security to scale across every threat surface, having an undeletable tether to every device is a must-have for scalable remote work and hybrid remote work programs in the enterprise. They also contribute to lowering compliance costs and improve every aspect of asset management from keeping applications current to ensuring autonomous endpoints can continue to self-heal.
  • Reducing IT asset loss, knowing asset utilization, and system-level software installed by every device can save a typical organization over $300K a year. Autonomous endpoints that can heal themselves and provide a constant hardware connection deliver the data in real-time to have accurate IT asset management and security data teams need to keep software configurations up to date. It’s invaluable for IT teams to have this level of data, as it averts having endpoint patches conflict with one another and leave an endpoint vulnerable to breach.
  • Accurate asset lifecycle planning based on solid data from every device becomes possible. Having autonomous endpoints based on a hardware connection delivers the data needed to increase the accuracy of asset life cycle planning and resource allocation, giving IT and Operations the visibility they need to the device level. IT and Operations teams look to see how they can extend the lifecycle of every device in the field. Cost savings vary by the number of devices in the field and their specific software configurations. The time savings alone is approximately $140K per year in a mid-size financial services firm.
  • The more autonomous and connected an endpoint is, the more automated audit and compliance reporting can become. A key part of staying in compliance is automating the audit process to save valuable time. The Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) all require ongoing audits. The time and cost savings of automating audits by organizations vary significantly. It’s a reasonable assumption to budget at least a $67K savings per year in audit preparation costs alone.

Evaluating Endpoint Security Costs

The following are the endpoint security costs that need to be included in the business case:

  • Annual, often multi-year endpoint security licensing costs. Endpoint security providers vary significantly in their pricing models, costs, and fees. Autonomous endpoint security platforms can range in licensing costs from $750K to over $1,2M, depending on the size of the organization and the number of devices.
  • Change management, implementation, and integration costs increase with the complexity of IT security, Operations, and IT Service Management (ITSM) integration. Expect to see an average price of between $40K to over $100K to integrate endpoint security platforms with existing ITSM and security information and event management (SIEM) systems.

Creating A Compelling Business Case For Endpoint Security

The best endpoint security business cases provide a 360-degree view of costs, benefits, and why taking action now is needed.

Knowing the initial software and services costs to acquire and integrate endpoint security across your organization, training and change management costs, and ongoing support costs are essential. Many include the following equation in their business cases to provide an ROI estimate. The Return on Investment (ROI) for endpoint security initiative is calculated as follows:

ROI on Endpoint Security (ES) = (ES Initiative Benefits – ES Initiative Costs)/ES Initiative Costs x 100.

A financial services company recently calculated their annual benefits of ES initiative will be $475,000, and the costs, $65,000, will yield a net return of $6.30 for every $1 invested.

Additional factors to keep in mind when building a business case for endpoint security:

  • The penalties for non-compliance to industry-specific laws can be quite steep, with repeated offenses leading to $1M or more in fines and long-term loss of customer trust and revenue. Building a business case for endpoint security needs to factor in the potential non-compliance fees, and penalties companies face for not having autonomous endpoint security. The Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), California Consumer Privacy Act (CCPA), and other laws require audit reporting based on accurate endpoint security data.
  • Endpoint Security ROI estimates fluctuate, and it’s best to get started with a pilot to capture live data with budgets available at the end of a quarter. Typically organizations will allocate the remaining amounts of IT security budgets at the end of a quarter to endpoint security initiatives.
  • Succinctly define the benefits and costs and gain C-level support to streamline the funding process. It’s often the CISOs who are the most driven to achieve greater endpoint security the quickest they can. Today with every business having their entire workforces virtual, there’s added urgency to get endpoint security accomplished.
  • Define and measure endpoint security initiatives’ progress using a digitally-enabled dashboard that can be shared across any device, anytime. Enabling everyone supporting and involved in endpoint security initiatives needs to know what success looks like. Having a digitally-enabled dashboard that clearly shows each goal or objective and the company’s progress toward them is critical to success.

Conclusion

The hard economic reset COVID-19 created has put many IT budgets into freefall at a time when CIOs and CISOs need more funding to protect proliferating hybrid remote workforces. Endpoint security business cases need to factor in how they can create an undeletable resilient defense for every device across their global fleets. And just as every nation on the planet isn’t letting its guard down against the COVID-19 virus, every IT and cybersecurity team can’t let theirs down either when it comes to protecting every endpoint.

Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of endpoint security management. The race to be an entirely virtual enterprise is on, and the most autonomous endpoints can be, the more cost-effective and valuable they are. The best business cases bridge the gap between IT and Operations needs. CIOs need endpoint security solutions to be low-cost, low maintenance, reliable yet agile. Operations want an endpoint solution that has a low cost of support, minimal if any impact of IT Service Help Desks, and always-on monitoring. Building a business case for endpoint security gives IT and Operations the insights they need to protect the constantly changing parameters of their businesses.

 

Protecting Privileged Identities In A Post-COVID-19 World

Protecting Privileged Identities In A Post-COVID-19 World

Bottom Line: Every organization needs to digitally reinvent their business, starting at the system level to safely sell and serve customers with minimal physical interaction.

The hard reset every business is going through creates a strong sense of urgency to increase the agility, speed, and scale of selling, as well as customer service options that protect the health of employees, customers, and partners. Customer experience needs to be the cornerstone of digital transformation, with the customers’ health and welfare being the highest priority. Businesses need to realize that digitally reinventing themselves is no longer optional. Every customer-facing system is going to need the best infrastructure, security, and stability for any business to survive and grow.

Securing Infrastructure Needs To Come First

COVID-19 was a wake-up call that companies need to operate as multi-channel players, allowing for physical but, more importantly, virtual presence. For instance, in retail, only those that will step up their efforts in building on-line ordering and associated nation-wide logistics networks will survive in the longer-term. If the cloud was considered an option in the past, it now is mandatory. In turn, the need for security has increased.

Starting with infrastructure, hybrid- and multi-cloud environments need to be augmented with additional system support, new apps, and greater security to support the always-on nature of competing in a virtual world. Providing self-service sales and support across any device at any time and keeping all systems synchronized is going to take more real-time integration, better security, more precise pricing, and so much more.

Consumer electronics manufacturers’ biggest challenge is reinventing their infrastructure while selling and serving customers at the same time. Part of their biggest challenge is protecting privileged access credentials that have become fragmented across hybrid- and multi-cloud environments. Everyone I’ve spoken with is balancing the urgent need for new revenue through new channels on the one hand with intensity to secure infrastructure and the most valuable security assets of all, privileged access credentials.

According to a 2019 study by Centrify among 1,000 IT decision-makers, 74% of respondents whose organizations have been breached acknowledged that it involved access to a privileged account. These are typically used by a small set of technical personnel to access the most critical systems in the IT estate, including modern technologies such as cloud, DevOps, microservices, and more. The CIO of a local financial services and insurance company, who is a former student and friend, told me that “it’s often said that privileged access credentials are the keys to the kingdom, and in these turbulent times they’re the keys to keeping any business running.”

CIOs, CISOs, and their teams are focusing on four key areas today while digitally reinventing themselves to provide more flexible options for customers:

  • Secure every new self-service selling and service channel from breaches.
  • Fast-track cloud projects to become 100% virtual and available.
  • Simplify infrastructure management by integrating IT and Operations Management across hybrid and multi-cloud environments.
  • Improve compliance reporting as well as reduce audit costs and associated fines.

Legacy Privileged Access Management (PAM) Can’t Scale For Today’s Threats

Sophisticated social engineering and breach attempts are succeeding in misdirecting human responses to cyber threats, gaining access to valuable privileged access credentials in the process. Legacy PAM systems based on vaulting away shared and root passwords aren’t designed to protect hybrid cloud and multi-cloud environments. These DevOps systems include containers and microservices, APIs, machines, or services. Furthermore, multi-cloud environments create additional challenges because access management tools used for one vendor cannot be used with another.

Switching from in-person to self-service selling and service creates new challenges and an entirely new series of requirements for identity and access management. These requirements include securing a continually-increasing number of workloads that cause the amount of data in the cloud to grow exponentially. There’s also the need to centralize identities for consistent access controls across hybrid and multi-cloud environments – all happening while a business is busy digitally reinventing itself. Compounding all of these challenges is the need to excel at delivering an excellent user experience without sacrificing security in an increasingly self-service, always-on, 24/7 world.

Securing Privileged Access In A Post-COVID-19 World

If you’re looking for a sure sign any business will be around and growing in twelve months, look at how fast they are digitally reinventing themselves at the infrastructure level and protecting privileged access credentials first. Digital-first businesses are taking a more adaptive approach to consistently controlling access to hybrid infrastructure for both on-premises and remote users now.

Centrify and others are making rapid progress in this area, with Centrify’s Identity-Centric PAM taking a “never trust, always verify, enforce least privilege” approach to securing privileged identities. Centrify’s approach to Identity-Centric PAM establishes per-machine trust so it can defend itself from illegitimate users – whether human or machine  – or those without the right entitlements. It then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment as is illustrated in the graphic below:

Protecting Privileged Identities In A Post-COVID-19 World

Conclusion

Improving customer experiences needs to be at the center of any digital transformation effort. As every business digitally transforms itself to survive and grow in a post-COVID-19 world out of necessity, they must also improve how they secure access to their cloud and on-premises infrastructure. Legacy PAM was designed for a time when all privileged access was constrained to resources inside the network, accessed by humans, using shared/root accounts.

Legacy PAM was not designed for cloud environments, DevOps, containers, or microservices. Furthermore, privileged access requesters are no longer limited to just humans, but also include machines, services, and APIs.

Privileged access requesters need greater agility, adaptability, and speed to support DevOps’ growing roadmap of self-service and increasingly safer apps and platforms. While privileged identities must be protected, DevOps teams need as much agility and speed as possible to innovate at the rapidly changing pace of how customers choose to buy in a post-COVID-19 world.

Six Areas Where AI Is Improving Customer Experiences

Six Areas Where AI Is Improving Customer Experiences

Bottom Line: This year’s hard reset is amplifying how vital customer relationships are and how much potential AI has to find new ways to improve them.

  • 30% of customers will leave a brand and never come back because of a bad experience.
  • 27% of companies say improving their customer intelligence and data efforts are their highest priority when it comes to customer experience (CX).
  • By 2023, 30% of customer service organizations will deliver proactive customer services by using AI-enabled process orchestration and continuous intelligence, according to Gartner.
  • $13.9B was invested in CX-focused AI and $42.7B in CX-focused Big Data and analytics in 2019, with both expected to grow to $90B in 2022, according to IDC.

The hard reset every company is going through today is making senior management teams re-evaluate every line item and expense, especially in marketing. Spending on Customer Experience is getting re-evaluated as are supporting AI, analytics, business intelligence (BI), and machine learning projects and spending. Marketers able to quantify their contributions to revenue gains are succeeding the most at defending their budgets.

Fundamentals of CX Economics

Knowing if and by how much CX initiatives and strategies are paying off has been elusive. Fortunately, there are a variety of benchmarks and supporting methodologies being developed that contextualize the contribution of CX. KPMG’s recent study, How Much Is Customer Experience Worth? provides guidance in the areas of CX and its supporting economics. The following table provides an overview of key financial measures’ interrelationships with CX. The table below summarizes their findings:

The KPMG study also found that failing to meet customer expectations is two times more destructive than exceeding them. That’s a powerful argument for having AI and machine learning ingrained into CX company-wide. The following graphic quantifies the economic value of improving CX:

Six Areas Where AI Is Improving Customer Experiences

 

Where AI Is Improving CX

For AI projects to make it through the budgeting crucible that the COVID-19 pandemic has created, they’re going to have to show a contribution to revenue, cost reduction, and improved customer experiences in a contactless world. Add in the need for any CX strategy to be on a resilient, proven platform and the future of marketing comes into focus. Examples of platforms and customer-centric digital transformation networks that can help re-center an organization on data- and AI-driven customer insights include BMC’s Autonomous Digital Enterprise (ADE) and others. The framework is differentiated from many others in how it is designed to capitalize on AI and Machine Learning’s core strengths to improve every aspect of the customer (CX) and  employee experience (EX). BMC believes that providing employees with the digital resources they need to excel at their jobs also delivers excellent customer experiences.

Having worked my way through college in customer service roles, I can attest to how valuable having the right digital resources are for serving customers What I like about their framework is how they’re trying to go beyond just satisfying customers, they’re wanting to delight them. BMC calls this delivering a transcendent customer experience. From my collegiate career doing customer service, I recall the e-mails delighted customers sent to my bosses that would be posted along a wall in our offices. In customer service and customer experience, you get what you give. Having customer service reps like my younger self on the front line able to get resources and support they need to deliver more authentic and responsive support is key. I see BMC’s ADE doing the same by ensuring a scalable CX strategy that retains its authenticity even as response times shrink and customer volume increases.

The following are six ways AI can improve customer experiences:

  • Improving contactless personalized customer care is considered one of the most valuable areas where AI is improving customer experiences. These “need to do” marketing areas have the highest complexity and highest benefit. Marketers haven’t been putting as much emphasis on the “must do” areas of high benefit and low complexity, according to Capgemini’s analysis. These application areas include Chatbots and virtual assistants, reducing revenue churn, facial recognition and product and services recommendations. Source:  Turning AI into concrete value: the successful implementers’ toolkit, Capgemini Consulting. (PDF, 28 pp).

Six Areas Where AI Is Improving Customer Experiences

  • Anticipating and predicting how each customers’ preferences of where, when, and what they will buy will change and removing roadblocks well ahead of time for them. Reducing the friction customers face when they’re attempting to buy within a channel they’ve never purchased through before can’t be left to chance. Using augmented, predictive analytics to generate insights in real-time to customize the marketing mix for every individual Customer improves sales funnels, preserves margins, and can increase sales velocity.
  • Knowing which customer touchpoints are the most and least effective in improving CX and driving repurchase rates. Successfully using AI to improve CX needs to be based on data from all trackable channels that prospects and customers interact with. Digital touchpoints, including mobile app usage, social media, and website visits, all need to be aggregated into data sets ML algorithms to use to learn more about every Customer continually and anticipate which touchpoint is the most valuable to them and why. Knowing how touchpoints stack up from a customer’s point of view immediately says which channels are doing well and which need improvement.
  • Recruiting new customer segments by using CX improvements to gain them as prospects and then convert them to customers. AI and ML have been used for customer segmentation for years. Online retailers are using AI to identify which CX enhancements on their mobile apps, websites, and customer care systems are the most likely to attract new customers.
  • Retailers are combining personalization, AI-based pattern matching, and product-based recommendation engines in their mobile apps enabling shoppers to try on garments they’re interested in buying virtually. Machine learning excels at pattern recognition, and AI is well-suited for fine-tuning recommendation engines, which are together leading to a new generation of shopping apps where customers can virtually try on any garment. The app learns what shoppers most prefer and also evaluates image quality in real-time, and then recommends either purchase online or in a store. Source: Capgemini, Building The Retail Superstar: How unleashing AI across functions offers a multi-billion dollar opportunity.

Six Areas Where AI Is Improving Customer Experiences

  • Relying on AI to best understand customers and redefine IT and Operations Management infrastructure to support them is a true test of how customer-centric a business is. Digital transformation networks need to support every touchpoint of the customer experience. They must have AI and ML designed to anticipate customer needs and deliver the goods and services required at the right time, via the Customer’s preferred channel. BMC’s Autonomous Digital Enterprise Framework is a case in point. Source: Cognizant, The 2020 Customer Experience.

Six Areas Where AI Is Improving Customer Experiences

Additional Resources

4 Ways to Use Machine Learning in Marketing Automation, Medium, March 30, 2017

84 percent of B2C marketing organizations are implementing or expanding AI in 2018. Infographic. Amplero.

AI, Machine Learning, and their Application for Growth, Adelyn Zhou. SlideShare/LinkedIn. Feb. 8, 2018.

AI: The Next Generation of Marketing Driving Competitive Advantage throughout the Customer Life Cycle (PDF, 10 pp., no opt-in), Forrester, February 2017.

Artificial Intelligence for Marketers 2018: Finding Value beyond the Hype, eMarketer. (PDF, 20 pp., no opt-in). October 2017

Artificial Intelligence: The Next Frontier? McKinsey Global Institute (PDF, 80 pp., no opt-in)

Artificial Intelligence: The Ultimate Technological Disruption Ascends, Woodside Capital Partners. (PDF, 111 pp., no opt-in). January 2017.

AWS Announces Amazon Machine Learning Solutions Lab, Marketing Technology Insights

B2B Predictive Marketing Analytics Platforms: A Marketer’s Guide, (PDF, 36 pp., no opt-in) Marketing Land Research Report.

Campbell, C., Sands, S., Ferraro, C., Tsao, H. Y. J., & Mavrommatis, A. (2020). From data to action: How marketers can leverage AI. Business Horizons, 63(2), 227-243.

David Simchi-Levi

Earley, S. (2017). The Problem of Personalization: AI-Driven Analytics at Scale. IT Professional, 19(6), 74-80.

Four Use Cases of Machine Learning in Marketing, June 28, 2018, Martech Advisor,

Gacanin, H., & Wagner, M. (2019). Artificial intelligence paradigm for customer experience management in next-generation networks: Challenges and perspectives. IEEE Network, 33(2), 188-194.

Hildebrand, C., & Bergner, A. (2019). AI-Driven Sales Automation: Using Chatbots to Boost Sales. NIM Marketing Intelligence Review11(2), 36-41.

How Machine Learning Helps Sales Success (PDF, 12 pp., no opt-in) Cognizant

Inside Salesforce Einstein Artificial Intelligence A Look at Salesforce Einstein Capabilities, Use Cases and Challenges, Doug Henschen, Constellation Research, February 15, 2017

Kaczmarek, J., & Ryżko, D. (2009). Quantifying and optimising user experience: Adapting AI methodologies for Customer Experience Management.

KPMG, Customer first. Customer obsessed. Global Customer Experience Excellence report, 2019 (92 pp., PDF)

Machine Learning for Marketers (PDF, 91 pp., no opt-in) iPullRank

Machine Learning Marketing – Expert Consensus of 51 Executives and Startups, TechEmergence.

Marketing & Sales Big Data, Analytics, and the Future of Marketing & Sales, (PDF, 60 pp., no opt-in), McKinsey & Company.

OpenText, AI in customer experience improves loyalty and retention (11 pp., PDF)

Sizing the prize – What’s the real value of AI for your business and how can you capitalize? (PDF, 32 pp., no opt-in) Pw

The New Frontier of Price Optimization, MIT Technology Review. September 07, 2017.

The Power Of Customer Context, Forrester (PDF, 20 pp., no opt-in) Carlton A. Doty, April 14, 2014. Provided courtesy of Pegasystems.

Turning AI into concrete value: the successful implementers’ toolkit, Capgemini Consulting

Using machine learning for insurance pricing optimization, Google Cloud Big Data and Machine Learning Blog,

What Marketers Can Expect from AI in 2018, Jacob Shama. Mintigo. January 16, 2018.

%d bloggers like this: