Skip to content

Posts from the ‘Cloud Computing’ Category

Why Manufacturing Supply Chains Need Zero Trust

  • According to the 2019 Verizon Data Breach Investigation Report, manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, whereby most breaches involve Phishing and the use of stolen credentials.
  • 50% of manufacturers report experiencing a breach over the last 12 months, 11% of which were severe according to Sikich’s 5th Manufacturing and Distribution Survey, 2019.
  • Manufacturing’s most commonly data compromised includes credentials (49%), internal operations data (41%), and company secrets (36%) according to the 2019 Verizon Data Breach Investigation Report.
  • Manufacturers’ supply chains and logistics partners targeted by ransomware which have either had to cease operations temporarily to restore operations from backup or have chosen to pay the ransom include Aebi SchmidtASCO Industries, and COSCO Shipping Lines.

Small Suppliers Are A Favorite Target, Ask A.P. Møller-Maersk

Supply chains are renowned for how unsecured and porous they are multiple layers deep. That’s because manufacturers often only password-protect administrator access privileges for trusted versus untrusted domains at the operating system level of Windows NT Server, haven’t implemented multi-factor authentication (MFA), and apply a trust but verify mindset only for their top suppliers. Many manufacturers don’t define, and much less enforce, supplier security past the first tier of their supply chains, leaving the most vulnerable attack vectors unprotected.

It’s the smaller suppliers that hackers exploit to bring down many of the world’s largest manufacturing companies. An example of this is how an accounting software package from a small supplier, Linkos Group, was infected with a powerful ransomware agent, NotPetya, bringing one of the world’s leading shipping providers,  A.P. Møller-Maersk, to a standstill. Linkos’ Group accounting software was first installed in the A.P. Møller-Maersk offices in Ukraine. The NotPetya ransomware was able to take control of the local office servers then propagate itself across the entire A.P. Møller-Maersk network. A.P. Møller-Maersk had to reinstall their 4,000 servers, 45,000 PCs, and 2500 applications, and the damages were between $250M to $300M. Security experts consider the ransomware attack on A.P. Møller-Maersk to be one of the most devastating cybersecurity attacks in history. The Ukraine-based group of hackers succeeded in using an accounting software update from one of A.P. Møller-Maersk’s smallest suppliers to bring down one of the world’s largest shipping networks. My recent post, How To Deal With Ransomware In A Zero Trust World explains how taking a Zero Trust Privilege approach minimizes the risk of falling victim to ransomware attacks. Ultimately, treating identity as the new security perimeter needs to be how supply chains are secured. The following geographical analysis of the attack was provided by CargoSmart, showing how quickly NotPetya ransomware can spread through a global network:

CargoSmart provided a Vessel Monitoring Dashboard to monitor vessels during this time of recovery from the cyber attack.

Supply Chains Need To Treat Every Supplier In Their Network As A New Security Perimeter

The more integrated a supply chain, the more the potential for breaches and ransomware attacks. And in supply chains that rely on privileged access credentials, it’s a certainty that hackers outside the organization and even those inside will use compromised credentials for financial gain or disrupt operations. Treating every supplier and their integration points in the network as a new security perimeter is critical if manufacturers want to be able to maintain operations in an era of accelerating cybersecurity threats.

Taking a Zero Trust Privilege approach to securing privileged access credentials will help alleviate the leading cause of breaches in manufacturing today, which is privileged access abuse. By taking a “never trust, always verify, and enforce least privilege” approach, manufacturers can protect the “keys to the kingdom,” which are the credentials hackers exploit to take control over an entire supply chain network.

Instead of relying on trust but verify or trusted versus untrusted domains at the operating system level, manufacturers need to have a consistent security strategy that scales from their largest to smallest suppliers. Zero Trust Privilege could have saved A.P. Møller-Maersk from being crippled by a ransomware attack by making it a prerequisite that every supplier must have ZTP-based security guardrails in place to do business with them.

Conclusion

Among the most porous and easily compromised areas of manufacturing, supply chains are the lifeblood of any production business, yet also the most vulnerable. As hackers become more brazen in their ransomware attempts with manufacturers and privileged access credentials are increasingly sold on the Dark Web, manufacturers need a sense of urgency to combat these threats. Taking a Zero Trust approach to securing their supply chains and operations, helps manufacturers to implement least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, manufacturers can minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity, and costs for the modern, hybrid manufacturing enterprise.

Top 10 Most Popular Cybersecurity Certifications In 2019

Top 10 Most Popular Cybersecurity Certifications In 2019

  • IT decision-makers (ITDMs) report that cybersecurity is the hardest area to find qualified talent, followed by cloud computing skills.
  • 56% of ITDMs report that certified personnel closes organizational skills gaps.
  • 48% of ITDMs report that certifications boost productivity.
  • 44% of ITDM report that certifications help meet client requirements.

Knowing which cybersecurity certifications are in the greatest demand is invaluable in planning a career in the field. I asked Global Knowledge, the world’s largest dedicated IT training company, which hosts over 3,000 unique IT courses delivered by over 1,100 subject matter experts for their help in finding out which cybersecurity certifications are the most sought after in North America this year. Their 2019 IT Skills and Salary Report is considered the gold standard of IT skills, certification, and salary data, with many IT professionals relying on it to plan their careers. Human Resource professionals also use the report and consider it an invaluable reference to guide their recruiting efforts. Thank you Global Knowledge for providing custom research of the current state of demand for cybersecurity certifications.

Ranking The Most Sought-After Cybersecurity Certifications

Of the 63% of North American IT professionals planning to or are pursuing a certification in 2019, 23% are pursuing a cybersecurity certification according to the latest Global Knowledge IT Skills and Salary Report. The certifications reflect how quickly unique, specialized areas of knowledge are gaining in popularity. “Traditionally, cybersecurity senior leadership-level certifications have been dominated in popularity by the administrative and Governance, Risk Management, and Compliance accreditations. This continues to be reflected in the latest data with the most popular (ISC)2 and ISACA certification bodies represented well in the list,” said Brad Puckett, Global Knowledge’s global product director for cybersecurity. Brad used the Global Knowledgebase of survey data to produce the ten most sought-after cybersecurity certifications in North America in 2019 shown below:

1.    (ISC)2: CISSP – Certified Information Systems Security Professional

2.   ISACA: CISM – Certified Information Security Manager

3.   EC-Council: CEH – Certified Ethical Hacker

4.   ISACA: CRISC – Certified in Risk and Information Systems Control

5.   (ISC)2: CCSP – Certified Cloud Security Professional

6.   ISACA: CISA – Certified Information Systems Auditor

7.   (ISC)2: CISSP-ISSMP – Information Systems Security Management Professional also please see the ISC’s specifics on this certification here.

8.   (ISC)2: CISSP-ISSAP – Information Systems Security Architecture Professional also please see the ISC’s specifics on this certification here.

9.   ISACA: CGEIT – Certified in the Governance of Enterprise IT

10. EC-Council: CHFI – Computer Hacking Forensic Investigator

 

 

The Best IoT Companies To Work For In 2019 Based On Glassdoor

Employees would most recommend the following companies to their friends looking for an IoT job:  IGELSAPARMFortinetGoogleMicrosoftBoschSamsaraSchneider ElectricSiemensDell TechnologiesRed HatCisco Systems and Trend Micro. These 14 companies are the highest rated by employees working for them based on a comparison of Computer Reseller News’ Internet of Things 50, 2019  with their respective Glassdoor scores as of today, Sunday, August 18, 2019.

Forbes readers’ most frequent requests center on which companies are the best to work for in emerging technology fields, including IoT. The Computer Reseller News’ Internet of Things 50, 2019 list of companies is used to complete the analysis as it is an impartial, independent list created by CRN. Using the CRN list as a foundation, the following analysis captures the best companies in their respective areas today.

Comparing the Glassdoor scores of the (%) of employees who would recommend this company to a friend and (%) of employees who approve of the CEO, the following analysis was completed. 14 IoT companies on the list have very few (less than 20) or no Glassdoor reviews, so they are excluded from the rankings. In 2017 I did a factor analysis and found that companies who flood Glassdoor with fake reviews hit a wall around ten posts. With those findings in mind, an IoT company would need a minimum of 20 current employee interviews to be included in the final recommended list. Please find the full data set available for download here. The best IoT companies to work for are shown below and please click on the graphic to expand for easier reading:

The highest-rated IoT CEOs on Glassdoor as of August 18, 2019, include the following:

CEO Company Name  % of employees who approve of the CEO as of August 18, 2019, on Glassdoor 2019 CRN Internet of Things Categories
Jed Ayres, CEO, North America IGEL 100% IoT Software and Services
Bill McDermott, CEO (Glassdoor Top CEOs of 2019) SAP 96% IoT Software and Services
Satya Nadella, CEO (Glassdoor Top CEOs of 2019) Microsoft 96% IoT Software and Services
Sanjit Biswas, Founder, CEO Samsara 96% IoT Hardware
James Whitehurst, President, CEO Red Hat 96% IoT Software and Services
Volkmar Denner, CEO Bosch 94% IoT Hardware
Simon Segars, CEO ARM 93% IoT Hardware
Jean-Pascal Tricoire, CEO (Glassdoor Top CEOs of 2019) Schneider Electric 93% Industrial Internet of Things (IoT) Providers
Ken Xie, Founder, Chairman, CEO Fortinet 92% IoT Security
Thomas Kurian, CEO Google Cloud 92% IoT Software and Services
Michael Dell, Chairman, CEO Dell Technologies 92% IoT Hardware
Eva Chen, CEO Trend Micro 92% IoT Security
Joe Kaeser, CEO Siemens 91% Industrial Internet of Things (IoT) Providers
Chuck Robbins, CEO (Glassdoor Top CEOs of 2019) Cisco Systems 91% IoT Hardware

Absolute’s CEO Christy Wyatt On Leading A Cybersecurity Company And The Power Of Resilience

Christy Wyatt’s career exemplifies what you would expect from a high-performing tech leader who thrives on turning challenges into growth. Showing persistence, resiliency, and tenacity – she has a long history of scaling high-growth technology companies and infusing them with greater creative energy, ingenuity, and intensity for results. As CEO of Absolute, she’s leading the company through an evolution that is shifting its focus from simply being known as a ‘track and trace’ company to becoming the world’s most trusted security company delivering endpoint resiliency to businesses of all sizes.

Previously she served as CEO of Dtex Systems, a user behavior intelligence company that grew revenue by 321% last year. Before Dtex, she was Chairman, CEO, and President of Good Technology, the global leader in mobile security where she defined and delivered an aggressive growth strategy before its successful acquisition by BlackBerry. Wyatt began her career as a software engineer and rose through the executive leadership ranks at Citigroup, Motorola, Apple, Palm and Sun Microsystems. She was named one of Inc. Magazine’s Top 50 Women Entrepreneurs in America, CEO of the Year by the Information Security Global Excellence Awards, and one of Fierce Wireless’s Most Influential Women in Wireless.

Insights From Absolute’s Latest Earnings Call

On August 13th, Christy Wyatt and Errol Olsen, CFO of Absolute, hosted the company’s latest earnings call with financial analysts. A transcript of the call is available here. Key insights from the company’s latest quarter and fiscal year-end were shared and included the following:

  • Total revenue in FY19 was $98.9M, representing an increase of 6% over the prior fiscal year with the ACV Base reaching $98M as of June 30, 2019, up $6.5M or 7%, over the prior year.
  • Enterprise sector portion of the ACV Base increased 11% year-over-year. Enterprise customers represented 55% of the ACV Base of June 30, 2019. And the Government sector portion of the ACV Base increased 15% year-over-year, now representing 12% of the ACV Base as of June 30, 2019.
  • Incremental ACV from new customers was $5.2M in FY19, compared to $3.4M in FY18.
  • Adjusted EBITDA in FY19 was $19.3M, or 20% of revenue, up from $9.2M or 10% of revenue, in the prior fiscal year.
  • FY19 Net Income increased 144% over the prior fiscal year based on continued Enterprise market growth.
  • In Q4, Absolute signed a new financial services customer with an ACV just under $1M with their service being delivered by a Managed Service Provider (MSP) that maintains the customers computing infrastructure.
  • Absolute has provided product-level enhancements to make it easier for MSP partners to use their products to support multiple customers, with the strategy paying off with more deals globally.

Christy Wyatt On Competing In Today’s Cybersecurity Industry 

I recently had the opportunity to interview Christy and learn more about how she sees the cybersecurity industry today and where it’s heading, in addition to gaining insights into her and her teams’ goals at Absolute, one of the top 10 cybersecurity companies to watch in 2019. Absolute serves as the industry benchmark for endpoint resilience, visibility, and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications whether endpoints are on or off the corporate network, and the ultimate level of control and confidence required for the modern enterprise.

The following is my interview with Christy:

Louis:             Coming into a new company environment and establishing yourself with credibility in the role is key. What are the things that you’ve gone after immediately to address how the company is doing and where it’s going? In essence, what’s been your 90-day plan, and how’s that going overall?

Christy:          Most incoming CEOs join a company with a thesis about why this is an interesting opportunity and how they can invest significant intellectual capital into it. And then that first 90 days is really about vetting out that model and seeing if the opportunity is real. With Absolute, my thesis was here is a company that very few people understood, with an amazing install base and partner community built around unique self-healing capabilities. If you juxtapose that against the security industry today, you’ll see the glaringly huge problem. There are start-ups after start-ups all claiming they can protect businesses from breaches – so organizations keep buying more and more technology – all while breaches are accelerating. And those businesses keep asking themselves, “Are we more secure? How do I know if my business is more secure?” And the answer is they don’t know.

When I talk to customers, they say, “I have more than ten agents on every laptop in my device fleet. User experience is suffering, and the complexity is mind boggling.” As a CEO, I want to be able to fix that, right? How do we effectively deploy security controls in a way that is healthy and productive for both the laptop and for the user? That’s a massive opportunity, and that’s what gets me excited about Absolute.

Louis:             In your last few earnings calls, you referenced wins in financial services, healthcare, and professional services. What do you attribute the success of Absolute moving more towards the enterprise?

Christy:          The initial transition and increased focus on the enterprise market predates me. Over the past year, however, we’ve expanded our discussions into all the sectors you mention, and more, to better understand what they’re doing around enterprise resilience.

In April, we published original research that examined the state of decay and exposure points around endpoint security. Once we quantified that, we then spent our time with customers talking about what’s happening within their unique environments. What we found was that they had a false sense of security. They have encryption, malware security, and VPN all checked. But based on our research and new analytics, we were able to show them there are gaps in their protection when those agents became un-installed, missed a patch, or conflicted with other controls. That is the rate of decay we are talking about. How to make their existing controls more resilient to decay. We highlighted how their existing deployments degrade, weaken and fail over time. We also showed them some simple strategies to heal and even boost the immune system of their environment. That’s very powerful, and as a result, customers are leaning into our resilience story – it helps them capture the value of the investments they have already made.

Louis:             Regarding your product roadmap and the direction you’re going in, what are some of the plans that you’re looking to be able to capitalize on that presence that you have on billions of devices?

Christy:          Critical to our success has always been our partners. If you look at our Resilience product, which is our enterprise product, we can heal other third-party applications. So if the average enterprise has ten plus security agents deployed, there are probably at least three to five that they care about. They say, “Look, I feel exposed from a compliance perspective or a risk perspective if I don’t have, for example, encryption turned on… and it’s not okay with me that my users can delete something or turn it off.” Our data tells us where and how we can serve, and better secure, those enterprise IT architectures.

There’s a growing list of things within our platform today that we already heal. Broadening our resilience capabilities is something you’re going to see us invest significantly in. And then there’s work we have to do for our customers’ security and IT organizations, pointing them to the specific, critical things that need their focus right now. So if there’s a gap or something has gone offline in their security fabric, I want to bring their attention to it; I want to heal it and fix it. Absolute excels at solving those challenges for our customers.

Louis:             You mention endpoints often, and it makes me think about ‘Zero Trust’ security and the proliferation of IoT and industrial internet of things devices and how that’s flourishing across manufacturing and other distributed based industries like supply chains. What are your long term plans in these areas?

Christy:          We’re doing a lot of work in that space. With 5G quickly evolving, this is going to have a significant impact on the enterprise, and the ability to have similar controls on anything that’s connected to your network will be critical. I think there is a lot of credence in Zero Trust model as one of the many security architectures, but any one of these has to be rooted in something. So even if you’re trying to manage security from the cloud, your efficiency and your effectiveness are only as good as the data that you’re getting. If you don’t have visibility on what’s connected or what’s happening on the endpoint, your ability to diagnose it or fix it is relatively is impacted. My view is whatever you think your security strategy is today, the controls you think you need are going to be completely different 18 months from now. And so the five things you care about persisting and healing today are not going to be the same five things you care about in that timeframe. Our job is leverage our BIOS enabled foundation that allows enterprises to get reliable data, see the things that are protecting their environment, and heal them if something goes wrong – regardless of what their stack looks like.

Louis:             So Absolute becomes a system of record because it is the definitive record of all activity coming off of that laptop or that device that’s enabled at the BIOS level with your technology.

Christy:          I think we’re a big part of that. We’ve talked to a lot of customers, and there are other visibility solutions on the market. A lot of times somebody says, “Well, I have a fill-in-the-blank-security-product, and so I think I see everything.” My answer is the thing they are relying on is likely one of those ten things that are sitting in the stack that has a rate of decay – because it is not rooted in the BIOS so, therefore, it has some inherent vulnerability. So we should be instrumenting that and ensuring that we protect that critical control, ensure it is always running, and heal it if it goes offline. Our customers rely on us because they know that we are giving them the complete picture.

I don’t see the vast ecosystem of security products as competitive to what we are doing. I see those as complementary. Whatever is in your security technology stack, let’s make sure it’s always there, let’s make sure it’s always turned on, and let’s heal it if it goes offline.

Louis:             Regarding the designed-in win you’ve achieved with being embedded at the BIOS level, do you spend time OEMs? How is that all orchestrated at the platform level, or at the OEM level, to ensure that you continue to have that as a competitive advantage?

Christy:          We’ve had very close relationships with our OEM partners for well over a decade. We spend a lot of time looking at both the technical architectures and customer challenges. Every one of our OEM partners has a unique strategy for how they are delivering unique security services to their customers, and we view ourselves as an enabler of those strategies.

Louis:             When you visit customers, what are they most excited about? What’s their burning need right now? What are they focused on?

Christy:          Right now, we’re spending a lot of time with our customers focused on simplifying their experience and making these new capabilities easier to use, and easier to integrate into their environments. A lot of our customers have been with us for a long time and get very excited about how we make their jobs easier with more automation using things like our constantly expanding library of Reach scripts, enabling their IT teams to automate a lot of their endpoint tasks.

Where we also see a significant change in behavior is when we show them the power of some of our Resilience capabilities, paired with some of our analytics pieces. When we show them the state of the endpoint as it applies to their unique environment, where the gaps are, and demonstrate how we can help heal those gaps, I often hear, “Oh, I didn’t know Absolute could do that…” It’s a big departure from where we were ten years ago. So I think we’re going through a period of reintroducing ourselves to our customers and showing them that, even with the technology they already have, they could be doing so much more.

Louis:             How do you build the business case for Absolute?

Christy:          I think it depends on the customer. I think that if they’re a customer that’s talking to us about our visibility and control products, which are really about trust in our BIOS level visibility and control, management and tracking and locating and taking fine grain view at their assets, then I think the conversation is really about return on investment around the asset itself. Using their data to give them valuable insights about the state of their assets, as well as their posture. It’s a conversation about protecting the investment you’re making in your computing infrastructure.

When we’re talking to a customer about resiliency, it’s really about how much they are spending on security and how do we help them get back the return on investment of the dollars they’ve already spent. I believe the frenzy around security spending has put a lot of IT managers into a position where they have deep stacks and are not getting the full return on investment from those controls. We want to help them close the gap.

Louis:             How do you enable innovation of culture and be able to turn out the next generation products?

Christy:          So, I’ve done it a bunch of different ways, and I believe that what is most empowering to people who love to build great products….is when individuals get to see their stuff, their unique idea, their new concept go to market and be used by customers. We are fundamentally builders using our tools to solve customer problems.

What I like is a little bit more of the startup energy. Where people can bring forward ideas, and if we agree this is a cool idea – we invest.  We give them a team and a timeline. We can give those ideas an opportunity for commercialization. And by the way, that’s what engineers and innovators and entrepreneurs love the most. That’s what they want. They get passionate about pointing to a product and saying, “I did that. That’s super cool. It was my idea; they gave me a team. I learned a lot, and I got to have an impact.” And I think that impact is really what fires or fuels the innovation culture.

Mobile Identity Is The New Security Perimeter

  • 86% of enterprise executives say that mobile threats are growing faster than any other according to Verizon’s Mobile Security Index 2019 and 67% of enterprise execs are less confident about the security of their mobile devices compared to other IT assets.
  • Mobile devices are hackers’ favorite platform to target, with over 905,000 malware packages installed in Q1 of this year alone and over 5.3 million in 2018, according to Statistica.
  • 38% of mobile devices introduce unnecessary risk into the organization based on an analysis of privacy and security settings according to MobileIron’s Global Threat Report.

Mobile devices reflect you and your customers’ identity in the many apps, data, and ongoing activities you and they choose to engage in. Every enterprise looking to reinvent itself by scaling digital business strategies is putting mobile devices at the center of growth plans because they are everyone’s identity.

89% of security leaders believe that mobile devices will serve as your digital ID to access enterprise services and data in the near future according to a recent survey by IDG completed in conjunction with MobileIron, titled Say Goodbye to Passwords. You can download a copy of the study here. Mobile devices are increasingly becoming the IDs enterprises rely on to create and scale a mobile-centric zero trust security network throughout their organizations.

Enterprises are relying on mobile devices more than ever before, personalizing them for each associate or employee to launch and scale new business initiatives. These factors combined are leading to a rapid expansion of, and reliance on mobile devices as the single digital ID enterprises rely on to enable perimeter-less borders. The following IDG survey results reflect enterprise security leaders’ prediction of when mobile devices will authenticate Identity Access Management (IAM):

Passwords Aren’t Strong Enough For A Zero Trust World   

The bottom line is that passwords are the weakest defense in a zero-trust world. Ineffective in stopping privileged credential-based breaches, with the most privileged system access credentials shared and at times resold by insiders, passwords give hackers a key to the front door of enterprises’ systems. They no longer have to hack their way in; stolen or purchased passwords and privileged access credentials available on the Dark Web-enable hackers to use the front door of enterprise IT.

Both the IDG study published in conjunction with MobileIronSay Goodbye to Passwords and Passwordless Authentication: Bridging the Gap Between High-Security and Low-Friction Identity Management by Enterprise Management Associates (EMA) validate how weak passwords are in a zero-trust world and the many reasons they need to go.  Here are a few of the many factors that favor move beyond passwords to mobile-centric zero-trust security framework:

  • While 95% of enterprise executives say they have multi-factor authentication (MFA) implemented, a little more than half of their users are using it. Senior security executives say they doubt the security benefits (36%), expense (33%), and the decision that users don’t access sensitive information (45%), making MFA pointless.
  • 86% of senior security executives would dump password use as an authentication method if they could. In fact, nearly half of those surveyed cited eliminating passwords as a way to cut almost half of all breach attempts. Perceived security shortcomings are a key reason why almost three-quarters of these security leaders say they’re actively looking for replacements for passwords for authentication.
  • 62% of the senior security execs reported extreme user irritation with password lockouts. The percentage of respondents who reported extreme user frustration at password lockouts rose to 67% at companies with more than 5,000 employees. Users having to call in and change their password with IT’s help is a major drain on productivity and worker’s time. Senior security executives want to abandon passwords given how high maintenance they are to support and how they drain time and productivity from any organization.   

Creating A Mobile Zero Trust Network

The new reality for any enterprise is that mobile device identities are the new security perimeter. Mobility devices ranging from smartphones to tablets are exponentially expanding the threat surfaces that enterprises need to secure and passwords aren’t scaling to do the job. Instead of just relying on a password, secure access needs to be determined by a “never trust, always verify” approach that requires verification of the device, user, apps, networks, and evaluation of the presence of threats before granting access.
The formidable challenges of securing a perimeter-less enterprise where the mobile device identities are the new security perimeter need a mobile-centric zero-trust network to succeed. Zero trust validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats—all before granting secure access to any device or user.  Zero trust platforms are built on unified endpoint management (UEM) systems and their enabling technologies including zero sign-on (ZSO) user and device authentication, multi-factor authentication (MFA), and mobile threat detection (MTD). The following illustration reflects best practices in provisioning, granting access, protecting, enforcing, and provisioning access privileges for a mobile Zero Trust network.

Conclusion

Your smartphone or mobile device of choice is increasingly going to become your ID and secure access to resources across the enterprises you work for. Passwords have proven to be ineffective in thwarting the most common source of breaches, which is privileged credential abuse.  Enterprise executives interviewed for two completely different studies reached the same conclusion: IT infrastructure will be much safer once passwords are gone.

The Truth About Privileged Access Security On AWS And Other Public Clouds

 

Bottom Line: Amazon’s Identity and Access Management (IAM) centralizes identity roles, policies and Config Rules yet doesn’t go far enough to provide a Zero Trust-based approach to Privileged Access Management (PAM) that enterprises need today.

AWS provides a baseline level of support for Identity and Access Management at no charge as part of their AWS instances, as do other public cloud providers. Designed to provide customers with the essentials to support IAM, the free version often doesn’t go far enough to support PAM at the enterprise level. To AWS’s credit, they continue to invest in IAM features while fine-tuning how Config Rules in their IAM can create alerts using AWS Lambda. AWS’s native IAM can also integrate at the API level to HR systems and corporate directories, and suspend users who violate access privileges.

In short, native IAM capabilities offered by AWS, Microsoft Azure, Google Cloud, and more provides enough functionality to help an organization get up and running to control access in their respective homogeneous cloud environments. Often they lack the scale to fully address the more challenging, complex areas of IAM and PAM in hybrid or multi-cloud environments.

The Truth about Privileged Access Security on Cloud Providers Like AWS

The essence of the Shared Responsibility Model is assigning responsibility for the security of the cloud itself including the infrastructure, hardware, software, and facilities to AWS and assign the securing of operating systems, platforms, and data to customers. The AWS version of the Shared Responsibility Model, shown below, illustrates how Amazon has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations as the customers’ responsibility:

AWS provides basic IAM support that protects its customers against privileged credential abuse in a homogenous AWS-only environment. Forrester estimates that 80% of data breaches involve compromised privileged credentials, and a recent survey by Centrify found that 74% of all breaches involved privileged access abuse.

The following are the four truths about privileged access security on AWS (and, generally, other public cloud providers):

  1. Customers of AWS and other public cloud providers should not fall for the myth that cloud service providers can completely protect their customized and highly individualized cloud instances. As the Shared Responsibility Model above illustrates, AWS secures the core areas of their cloud platform, including infrastructure and hosting services. AWS customers are responsible for securing operating systems, platforms, and data and most importantly, privileged access credentials. Organizations need to consider the Shared Responsibility Model the starting point on creating an enterprise-wide security strategy with a Zero Trust Security framework being the long-term goal. AWS’s IAM is an interim solution to the long-term challenge of achieving Zero Trust Privilege across an enterprise ecosystem that is going to become more hybrid or multi-cloud as time goes on.
  2. Despite what many AWS integrators say, adopting a new cloud platform doesn’t require a new Privileged Access Security model. Many organizations who have adopted AWS and other cloud platforms are using the same Privileged Access Security Model they have in place for their existing on-premises systems. The truth is the same Privileged Access Security Model can be used for on-premises and IaaS implementations. Even AWS itself has stated that conventional security and compliance concepts still apply in the cloud. For an overview of the most valuable best practices for securing AWS instances, please see my previous post, 6 Best Practices For Increasing Security In AWS In A Zero Trust World.
  3. Hybrid cloud architectures that include AWS instances don’t need an entirely new identity infrastructure and can rely on advanced technologies, including Multi-Directory Brokering. Creating duplicate identities increases cost, risk, and overhead and the burden of requiring additional licenses. Existing directories (such as Active Directory) can be extended through various deployment options, each with their strengths and weaknesses. Centrify, for example, offers Multi-Directory Brokering to use whatever preferred directory already exists in an organization to authenticate users in hybrid and multi-cloud environments. And while AWS provides key pairs for access to Amazon Elastic Compute Cloud (Amazon EC2) instances, their security best practices recommend a holistic approach should be used across on-premises and multi-cloud environments, including Active Directory or LDAP in the security architecture.
  4. It’s possible to scale existing Privileged Access Management systems in use for on-premises systems today to hybrid cloud platforms that include AWS, Google Cloud, Microsoft Azure, and other platforms. There’s a tendency on the part of system integrators specializing in cloud security to oversell cloud service providers’ native IAM and PAM capabilities, saying that a hybrid cloud strategy requires separate systems. Look for system integrators and experienced security solutions providers who can use a common security model already in place to move workloads to new AWS instances.

Conclusion

The truth is that Identity and Access Management solutions built into public cloud offerings such as AWS, Microsoft Azure, and Google Cloud are stop-gap solutions to a long-term security challenge many organizations are facing today. Instead of relying only on a public cloud provider’s IAM and security solutions, every organization’s cloud security goals need to include a holistic approach to identity and access management and not create silos for each cloud environment they are using. While AWS continues to invest in their IAM solution, organizations need to prioritize protecting their privileged access credentials – the “keys to the kingdom” – that if ever compromised would allow hackers to walk in the front door of the most valuable systems an organization has. The four truths defined in this article are essential for building a Zero Trust roadmap for any organization that will scale with them as they grow. By taking a “never trust, always verify, enforce least privilege” strategy when it comes to their hybrid- and multi-cloud strategies, organizations can alleviate costly breaches that harm the long-term operations of any business.

What Needs To Be On Your CPQ Channel Roadmap In 2019

Bottom Line:  Adding new features to your CPQ channel selling platform directly benefits your resellers and channel partners, driving greater revenue, channel loyalty, and expansion into new markets.

Personalization Is Key To CPQ Succeeding In Channels

Sustaining and strengthening relationships across all indirect selling channels succeeds when dealers, multi-tier distributors, resellers, intermediaries, and service providers each can personalize the CPQ applications and platforms they use. Larger dealers, distributors, and resellers are adept at personalizing CPQ selling portals by the various roles in their organization. Personalization combined with a highly intuitive, configurable interface improves CPQ applications’ ease of use, enabling channel partners to get more done. The more intuitive and easy a CPQ application is to use, the more channel partners rely on it to place orders. When distributors are representing, on average, 12 different manufacturers,  the one with the most intuitive, easily used CPQ system often gets the majority of sales.

Another aspect of personalization is defining levels of resellers. When many organizations first launch their CPQ channel selling strategies, one of the first requests they have is to organize all channel partners into performance categories. Differentiating channel partners on sales performance, customer satisfaction, and aftermarket revenue then gamifying how every one of them can move up a level is proving to be very effective at increasing channel sales. Competing with one another to be the top reseller for the manufacturing and service companies lifts an entire channel network to higher performance.

Every dealer, multi-tier distributor, reseller, intermediary, and service provider also has a unique way of selling that works best for their business. Another must-have feature on any CPQ channel roadmap is greater workflow flexibility to support increasingly complex, IoT- and AI-enabled configurable products. Smart, connected products are the future of manufacturing and channel sales. Capgemini estimates that the size of the connected products market will be $519B to $685B by 2020. Workflows like the one shown below of an internal sales rep using a multichannel CPQ system to order a customized product are due for a refresh to support even greater flexibility for more channels and greater product options.


Most Valuable Features For A CPQ Channel Roadmap In 2019

There’s a direct link between how effective a CPQ platform is across multi-tier distribution networks and the productivity of sales teams using them. 83% of sales teams are using CPQ apps today based on Accenture Interactive’s recent study, Empowering Your Sales Force: It’s Not Just Automation, It’s Personal (8 pp., PDF, no opt-in). There’s ample evidence that the more effective a CPQ platform is at equipping dealers, multi-tier distributors, resellers, intermediaries, and service providers, the greater the sales they achieve. The 2019 B2B Buyers Survey Report, by DemandGen in collaboration with DemandBase, found that B2B buyers are more likely to purchase from sales representatives who demonstrate a stronger knowledge of the solution area and the business landscape (65%) compared to competitors. B2B buyers also give high praise for sales teams who can provide quotes quickly and respond to their inquiries promptly (63%), in addition to providing higher-quality content (61%). Each of these benefits is derived from a CPQ platform that can scale across every phase of the selling lifecycle.

The following are the key features needed on CPQ channel roadmaps in 2019 to stay competitive and scale sales and revenue on pace with market growth:

  • Greater personalization for each type of partner portal supported by real-time integration to CRM and ERP systems, designed to scale for sales team turnover across multi-tier distribution networks. Channel partners’ sales teams tend to churn quickly, and it’s best to design in intuitive, easily configured portals by sales role to help new hires get up to speed fast. Channel sales associates are typically the fastest-churning area of any selling business. With greater personalization comes the need for greater integration to provide the data needed to enable partner portals to have a greater depth of functionality. The following graphic from Deloitte’s recent study, Configure, Price, and Quote (CPQ) Capabilities illustrates this point:

  • Support for multi-tier pricing, price management, price optimization, price enforcement, and special workflows, including Special Pricing Requests (SPR). Baseline CPQ platforms support price management and have successfully transitioned multi-tier distribution networks off of Microsoft Excel spreadsheets to a single pricing model that scales across all products and channels. Consider adopting advanced pricing logic to support SPRs so sales operations teams don’t have to do this process manually. In manufacturers who have transitioned from manual to automated SPR approvals, average deal sizes have increased over 60%, and productivity jumped over 76% according to a recent Gartner survey.
  • Augment advanced product configuration tools by making them more intuitive and easier to use to sell the more advanced products in your catalog. It’s time to push the boundaries of CPQ channel selling systems to sell more complex products and drive greater revenue and margins. Forward-thinking manufacturers are taking a virtual design and 3D-based design approach to accomplish this. Enabling channel partners to take larger orders for more complex products is paying off.
  • Upgrade guided selling strategies to be more than catalog-based selection systems, mining customer data using machine learning to see which products they have the greatest propensity to buy when. It’s time to migrate off of the guided selling systems that are selecting products from catalogs that may deliver the best gross margins or have a traditionally high attach rate with the product the customer is buying. Machine learning is making it possible to provide greater accuracy and precision to recommendations than ever before.
  • Improve the usability of sales promotions, rebates, and most importantly, Market Development Funds (MDF). It’s amazing how much time manufacturers are spending manually handling MDF claims today. It’s time to automate this area of the CPQ channel roadmap and save thousands of hours and dollars a year while enabling resellers to get reimbursed faster or get the funds they need to grow their businesses.
  • Contract management is a must-have for CPQ channel roadmaps today. Integrating a cloud-based contract management system into a CPQ platform is vital for taking one more step towards an end-to-end quote-to-cash workflow being in place. Real-time integration to contract management can save days of waiting for contract approvals, all leading to more closed deals and faster, more lucrative sales cycles.
  • Manufacturers can realize greater revenue potential through their channels by combining machine learning insights to find those aftermarket customers most ready to buy while accelerating sales closing cycles with CPQ. Manufacturers want to make sure they are getting their fair share of the aftermarket. Using a machine learning-based application, they can help their resellers increase average deal sizes by knowing which products and services to offer when. They’ll also know when to present upsell and cross-sell offers into an account at a specific point in time when they will be most likely to lead to additional sales, all based on machine learning-based insights. Combining machine learning-based insights to guide resellers to the most valuable and highest probability customer accounts ready to buy with an intuitive CPQ system increases sales efficiency leading to higher revenues.

Conclusion

Now that the solutions exist for resellers to simplify CPQ selling strategies, it’s up to each manufacturer to decide how competitive they want their channel partner roadmap to be. Any given manufacturer’s quoting and configuration tools today are competing with 11 others on average for a reseller’s time, it is clear that roadmaps need a refresh to stay competitive. Suggested options include offering greater personalization, multi-tier pricing and a more thorough approach to price management, advanced product configuration support, revamped guided selling strategies and improved usability of sales promotions, rebates, and Market Development Funds (MDF). Manufacturers need to prioritize each of these features relative to their product- and revenue-specific goals by channel. A fascinating company who has deep expertise in designing, implementing, and scaling analytics, service, sales, IoT, and CPQ solutions for manufacturers is eLogic. The company’s mission is to enable manufacturers to achieve the highest value customer engagement and product & service lifecycle performance. eLogic is regarded as the leading system integration partner in CPQ and product configuration and is considered a global leader in delivering business solutions for manufacturers across SAP configuration technologies and Microsoft Dynamics 365, Power Platform & Azure.

Your Mobile Phone Is Your Identity. How Do You Protect It?

 The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M. U.S.-based breaches average $8.19M in losses, leading all nations. Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach. Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average). These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 - 75 of the report. Key insights from the report include the following: Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained. U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively. Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below. Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes: Conclusion Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third. The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization. Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

  • The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M.
  • U.S.-based breaches average $8.19M in losses, leading all nations.
  • Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach.
  • Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average).

These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 – 75 of the report.

Key insights from the report include the following:

  • Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained.

  • U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively.

  • Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below.

  • Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and the human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes:

Conclusion

Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third.  The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization.

Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

AI Is Predicting The Future Of Online Fraud Detection

Bottom Line: Combining supervised and unsupervised machine learning as part of a broader Artificial Intelligence (AI) fraud detection strategy enables digital businesses to quickly and accurately detect automated and increasingly complex fraud attempts.

Recent research from the Association of Certified Fraud Examiners (ACFE)KPMGPwC, and others reflects how organized crime and state-sponsored fraudsters are increasing the sophistication, scale, and speed of their fraud attacks. One of the most common types of emerging attacks is based on using machine learning and other automation techniques to commit fraud that legacy approaches to fraud prevention can’t catch. The most common legacy approaches to fighting online fraud include relying on rules and predictive models that are no longer effective at confronting more advanced, nuanced levels of current fraud attempts. Online fraud detection needs AI to stay at parity with the quickly escalating complexity and sophistication of today’s fraud attempts.

Why AI is Ideal for Online Fraud Detection

It’s been my experience that digitally-based businesses that have the best track record of thwarting online fraud rely on AI and machine learning to do the following:

  • Actively use supervised machine learning to train models so they can spot fraud attempts quicker than manually-based approaches. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Adopting supervised machine learning first is easier for many businesses as they have analytics teams on staff who are familiar with the foundational concepts and techniques. Digital businesses with high-risk exposure given their business models are adopting AI-based online fraud detection platforms to equip their fraud analysts with the insights they need to identify and stop threats early.
  • Combine supervised and unsupervised machine learning into a single fraud prevention payment score to excel at finding anomalies in emerging data. Integrating the results of fraud analysis based on supervised and unsupervised machine learning into one risk score is one way AI enables online fraud prevention to scale today. Leaders in this area of online fraud prevention can deliver payment scores in 250 milliseconds, using AI to interpret the data and provide a response. A more integrated approach to online fraud prevention that combines supervised and unsupervised machine learning can deliver scores that are twice as predictive as previous approaches.
  • Capitalizes on large-scale, universal data networks of transactions to fine-tune and scale supervised machine learning algorithms, improving fraud prevention scores in the process. The most advanced digital businesses are looking for ways to fine-tune their machine learning models using large-scale universal data sets. Many businesses have years of transaction data they rely on initially for this purpose. Online fraud prevention platforms also have large-scale universal data networks that often include billions of transactions captured over decades, from thousands of customers globally.

The integration of these three factors forms the foundation of online fraud detection and defines its future growth trajectory. One of the most rapid areas of innovation in these three areas is the fine-tuning of fraud prevention scores. Kount’s unique approach to creating and scaling its Omniscore indicates how AI is immediately redefining the future of online fraud detection.

Kount is distinct from other online fraud detection platforms due to the company’s ability to factor in all available historical data in their universal data network that includes billions of transactions accumulated over 12 years, 6,500 customers, across over 180 countries and territories, and multiple payment networks.

Insights into Why AI is the Future of Online Fraud Detection

Recent research studies provide insights into why AI is the future of online fraud detection. According to the Association of Certified Fraud Examiners (ACFE) inaugural Anti-Fraud Technology Benchmarking Report, the amount organizations are expected to spend on AI and machine learning to thwart online fraud is expected to triple by 2021. The ACFE study also found that only 13% of organizations currently use AI and machine learning to detect and deter fraud today. The report predicts another 25% plan to adopt these technologies in the next year or two – an increase of nearly 200%. The ACFE study found that AI and machine learning technology will most likely be adopted in the next two years to fight fraud, followed by predictive analytics and modeling.

PwC’s 2018 Global Economic Crime and Fraud Survey is based on interviews with 7,200 C-level and senior management respondents across 123 different nations and territories and was conducted to determine the true state of digital fraud prevention across the world. The study found that 42% of companies said they had increased funds used to combat fraud or economic crime. In addition, 34% of the C-level and senior management executives also said that existing approaches to combatting online fraud was generating too many false positives. The solution is to rely more on machine learning and AI in combination with predictive analytics as the graphic below illustrates. Kount’s unique approach to combining these technologies to define their Omniscore reflects the future of online fraud detection.

AI is a necessary foundation of online fraud detection, and for platforms built on these technologies to succeed, they must do three things extremely well. First, supervised machine learning algorithms need to be fine-tuned with decades worth of transaction data to minimize false positives and provide extremely fast responses to inquiries. Second, unsupervised machine learning is needed to find emerging anomalies that may signal entirely new, more sophisticated forms of online fraud. Finally, for an online fraud platform to scale, it needs to have a large-scale, universal data network of transactions to fine-tune and scale supervised machine learning algorithms that improve the accuracy of fraud prevention scores in the process.

AWS Certifications Increase Tech Pay Up To $12K A Year

AWS Certifications Increase Tech Pay Up To $12K A Year

  • AWS and Google certifications are among the most lucrative in North America, paying average salaries of $129,868 and $147,357 respectively.
  • Cross-certifying on AWS is providing a $12K salary bump to IT professionals who already have Citrix and Red Hat/Linux certifications today
  • Globally, four of the five top-paying certifications are in cloud computing.

These and many other insights of which certifications provide the highest salaries by region of the world are from the recently published Global Knowledge 2019 IT Skills and Salary ReportThe report is downloadable here (27 pp., PDF, free, opt-in). The methodology is based on 12,271 interviews across non-management IT staffs (29% of interviews), mid-level professionals including managers and team leads (43%), and senior-level and executive roles (28%) across four global regions. For additional details regarding the study’s methodology, please see page 24 of the report.

Key insights from the report include the following:

  • Cross-certifying on AWS is providing a $12K salary bump to IT professionals who already have Citrix and Red Hat/Linux certifications. Citrix certifications pay an average salary of $109,546 and those earning an AWS certification see a $12,339 salary bump on average. Red Hat/Linux certification-based jobs pay an average of $113,165 and are seeing an average salary bump of $12,553.  Cisco-certified IT professionals who gain AWS certification increase their salaries on average from $101,533 to $111,869, gaining a 10.2% increase. The following chart compares the salary bump AWS certifications are providing to IT professionals with seven of the more popular certifications (please click on the graphic to expand for easier reading).

  • AWS and Google certifications are among the most lucrative in North America, paying average salaries of $129,868 and $147,357 while the most popular are cybersecurity, governance, compliance, and policy. 27% of all respondents to Global Knowledge’s survey have at least one certification in this category. Nearly 18% are ITIL certified. In North American, the most popular certification categories beyond cybersecurity are CompTIA, Microsoft, and Cisco. The following table from the report provides an overview of salary by certification category (please click on the graphic to expand for easier reading).

  • AWS Certified Solutions Architect – Associate is the most popular AWS certification today, with 72% of respondents having achieved its requirements. Certified Solutions Architect – Associate leads the top five most commonly held AWS certifications today according to the survey. AWS Certified Developer – Associate (33%), AWS Certified SysOps Administrator – Associate (24%), AWS Certified Solutions Architect – Professional (16%) and AWS Certified Cloud Practitioner round out the top five most common AWS certifications across the 12,271 global respondents to the Global Knowledge survey.
%d bloggers like this: