Skip to content
Advertisements

Posts from the ‘Enterprise software’ Category

Digital Transformation’s Missing Link Is Zero Trust

    • Enterprises will invest $2.4T by 2020 in digital transformation technologies including cloud platforms, cognitive systems, IoT, mobile, robotics, and integration services according to the World Economic Forum.
    • Digital transformation software and services revenue in the U.S. is predicted to reach $490B in 2025, soaring from $190B in 2019, attaining a Compound Annual Growth Rate (CAGR) of 14.49% according to Grand View Research published by Statista.
    • IDC predicts worldwide spending on the technologies and services that enable the digital transformation of business practices, products, and organizations will reach $1.97T in 2022.
    • Legacy approaches to Privileged Access Management (PAM) don’t protect the new threatscapes digital transformation initiatives create, making Zero Trust Privilege essential for enterprises.

B2B customers, including manufacturers looking to replace legacy production equipment with smart, connected machines, have high expectations when it comes to product quality, ease of integration, and intuitive user experiences. Replacing factories full of legacy assets with smart, connected machinery is one of the most powerful catalysts driving digital transformation today. Innovative smart, connected machinery and the performance gains they provide are the oxygen that keeps customer relationships alive. That’s why digital transformation forecasts from the World Economic Forum, Grand View ResearchIDC, and many others predict perennial growth. The many forecasts reflect a fundamental truth: digital transformation done with intensity creates a customer-driven renaissance for any business.

Businesses digitally transforming themselves are succeeding because they’ve made themselves accountable and transparent to customers. Earning and protecting that trust is the heartbeat of any business’ growth. 51% of enterprises invest in digital transformation to capture growth opportunities in new markets, with 46% investing to stay in front of evolving customer behaviors and preferences. Brian Solis’ excellent report, The State of Digital Transformation, 2018 – 2019 Edition (31 pp., PDF, opt-in) shows how digitally transforming any business with the customer first leads to greater growth. The graphic from his study illustrates this point:

 

Closing The Digital Transformation Gap With Zero Trust

Gaps exist between the results digital transformation initiatives are delivering today, and the customer-driven value they’re capable of. According to Gartner, 75% of digital transformation projects are not aligned internally today, leading to delayed new product launches, mediocre experiences, and greater security risks than ever before. Interactive, IoT-enabled experiences and products are expanding the threatscape of enterprises to include Big Data, cloud, containers, DevOps, IoT systems, and more. With that comes a host of new exposure points, many of which allow access to sensitive data that must be protected with modern Privileged Access Management solutions that reduce risk in these modern enterprise use cases.

The new security perimeter is identity. Forrester estimates that 80% of data breaches are caused by privileged access abuse. Every smart, connected machine that replaces legacy production equipment is another identity that defines a manufacturer’s security perimeter.

As the use cases and adoption of smart, connected machines proliferate, so too does the urgency that manufacturers need to replace their legacy approaches to Privileged Access Management (PAM). Relying on outdated strategies for protecting administrative access to all machines needs to be replaced with a “never trust, always verify, enforce least privilege” approach.

IT needs to improve how they’re protecting the most privileged access credentials, the ‘keys to the kingdom,’ by granting just-enough, just-in-time privilege. Of the many cybersecurity approaches available today, Zero Trust Privilege (ZTP) enables IT to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

The more diverse any digital transformation strategy, the greater the risk of privileged credential abuse. Thwarting privileged credential abuse needs to start with a least privilege access approach, minimizing each attack surface, improving audit and compliance visibility while reducing risk, complexity, and costs. Leaders in Zero Trust include CentrifyMobileIronPalo Alto Networks, and others. Of these companies, Centrify’s approach to Zero Trust to prevent privileged access abuse shows the greatest potential for securing digital transformation initiatives and strategies.

How To Secure Digital Transformation Strategies

IDG Research found in their Security Priorities for 2018 study that 71% of security-focused IT decision-makers are aware of the Zero Trust model and 18% of enterprises are either running pilots or have implemented Zero Trust.

Zero Trust Privilege (ZTP) is the force multiplier digital transformation initiatives need to reach their true potential by securing administrative access to the complex mix of machinery and infrastructure – and the sensitive data they hold and use – that manufacturers rely on daily.

Starting with a strategic perspective, ZTP’s contribution to securing digital transformation deployments apply to every area of planning, pilots, platforms, product, and service data being designed to stop the leading cause of breaches, which is privileged credential abuse. The following graphic illustrates how ZTP needs to span every aspect of an enterprise’s digital transformation capabilities.

Source: World Economic Forum, Digital Transformation Initiative, May 2018

Conclusion

By 2020, 30% of Global 2000 companies will have allocated capital budget equal to at least 10% of revenue to fuel their digital transformation strategies according to IDC.  European spending on technologies and services that enable the digital transformation of business practices, products, and organizations is forecasted to reach $378.2B in 2022. The perennial growth these forecasts promise is predicated on enterprises delivering new experiences and innovative products, which create the oxygen that keeps their customer relationships alive.

Amidst all the potential for growth, enterprises need to realize every new infrastructure element, machine, or connected production asset is a new identity that collectively comprises the fabric of their security perimeter. Legacy cybersecurity approaches won’t scale to protect the proliferating number of smart machines being put into use today. Relying entirely on legacy approaches to PAM, where privileged access to systems and resources only inside the network are secure, is failing today. Smart, connected machinery and the products and experiences they deliver require an entirely new cybersecurity strategy, one based on a “never trust, always verify, enforce least privilege” approach. Centrify Zero Trust Privilege shows potential to meet this challenge by granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

Advertisements

Top 10 Ways Internet Of Things And Blockchain Strengthen Supply Chains

  • The majority of enterprises are prioritizing their blockchain pilots that concentrate on supply chains improvements (53%) and the Internet of Things (51%) according to Deloitte’s latest blockchain survey.
  • By 2023, blockchain will support the global movement and tracking of $2T of goods and services annually based on a recent Gartner
  • By 2020, Discrete Manufacturing, Transportation & Logistics and Utilities industries are projected to spend $40B each on IoT platforms, systems, and services.
  • The Supply Chain Management enterprise software market is growing from $12.2B in 2017 to $20.4B in 2022, achieving a 10.7% Compound Annual Growth Rate (CAGR) according to Gartner’s latest market forecast.
  • Of the many blockchain and IoT Proof of Concept (POC) pilots running today, track-and-trace shows the most significant potential of moving into production.

Combining blockchain’s distributed ledger framework with the Internet of Things’ (IoT) proven real-time monitoring and tracking capability is redefining supply chains. Blockchain shows potential for increasing the speed, scale, and visibility of supply chains, eliminating counterfeit-goods transactions while also improving batching, routing and inventory control. Blockchain’s shared, distributed ledger architecture is becoming a growth catalyst for IoT’s adoption and commercial use in organizations.

Blockchain and IoT are defining the future of supply chains based on the initial success of Proof of Concept (POC) pilots focused on the logistics, storage and track-and-trace areas of supply chains across manufacturing. Supply-chain centric pilots are the most popular today, with enterprises looking at how they can get more value out of IoT using blockchain. One CIO told me recently his company deliberately spins up several POCs at once, adding “they’re our proving grounds, we’re pushing blockchain and IoT’s limits to see if they can solve our most challenging supply chain problems and we’re learning a tremendous amount.” The senior management team at the manufacturer says the pilots are worth it if they can find a way to increase inventory turns just 10% using blockchain and IoT. They’re also running Proof of Concept pilots to optimize batching, routing and delivery of goods, reduce fraud costs, and increase track-and-trace accuracy and speed. Of the many pilots in progress, track-and-trace shows the greatest potential to move into production today.

The following are the top 10 ways IoT and blockchain are defining the future of supply chains:

  • Combining IoT’s real-time monitoring support with blockchain’s shared distributed ledger strengthens track-and-trace accuracy and scale, leading to improvements across supply chains. Improving track-and-trace reduces the need for buffer stock by providing real-time visibility of inventory levels and shipments. Urgent orders can also be expedited and rerouted, minimizing disruptions to production schedules and customer shipments.  The combination of blockchain and IoT sensors is showing potential to revolutionize food supply chains, where sensors are used to track freshness, quality, and safety of perishable foods.  The multiplicative effects of combining IoT and blockchain to improve track-and-traceability are shown in the context of the following table from the Boston Consulting Group. Please click on the graphic to expand for easier reading.

  • Improving inventory management and reducing bank fees for letters of credit by combining blockchain and IoT show potential to deliver cost savings. A recent study by Boston Consulting Group, Pairing Blockchain with IoT to Cut Supply Chain Costs, completed a hypothetical analysis of how much a $1B electronics equipment company implementing blockchain-as-a-service, a decentralized track-and-trace application, and 30 nodes that share among key supply chain stakeholders could save. The study found that the electronics equipment company could save up to $6M a year or .6% of annual sales. A summary of the business case is shown here:

  • Combining blockchain and IoT is providing the pharmaceutical and healthcare industry with stronger serialization techniques, reducing counterfeit drugs and medical products. Pharmaceutical serialization is the process of assigning a unique identity (e.g., a serial number) to each sealable unit, which is then linked to critical information about the product’s origin, batch number, and expiration date. According to the World Health Organization (WHO) approximately 1 million people each year die from counterfeit drugs, 50% of pharmaceutical products sold through rogue websites are considered fake, and up to 30% of pharmaceutical products sold in emerging markets are counterfeit according to a recent study by DHL Research. DHL and Accenture are finalizing a blockchain-based track-and-trace serialization prototype comprising a global network of nodes across six geographies. The system comprehensively documents each step that a pharmaceutical product takes on its way to the store shelf and eventually the consumer. The following graphic illustrates the workflow.

  • Improving distribution and logistics, tracking asset maintenance, improving product quality, preventing counterfeit products and enabling digital marketplaces are the use cases Capgemini predicts blockchain will have the greatest impact. IoT’s potential contribution in each of these five use case areas continues to accelerate as real-time monitoring dominates manufacturing. Tracking provenace, contracts management, digital threads, and trade financing also show potential for high adoption. The following graphic illustrates blockchain use cases in the supply chain.

  • Combining blockchain and IoT is enabling manufacturers to pursue and excel at digital twin initiatives across their value chains. A digital twin is a dynamic, digital representation of a physical asset which enables companies to track its past, current and future performance throughout the asset’s lifecycle. The asset, for example, a vehicle or spare part, sends performance data and events directly to its digital twin, even as it moves from the hands of the manufacturer to the dealer and ultimately the new owner. Blockchain can be used to securely document everything related to the asset and IoT provides the real-time monitoring and updates. Microsoft and VISEO are partnering to use blockchain to connect each new vehicle’s maintenance events to the vehicle’s digital twin. The graphic below illustrates how digital twins streamline additive manufacturing.

  • 54% of suppliers and 51% of customers are expecting the organizations they do business with to take a leadership position on blockchain and IoT. The majority of suppliers and customers expect the manufacturers, suppliers, and vendors they do business with to take a leadership position on these two emerging technologies and define a vision with them in it. Deloitte’s excellent study, Breaking Blockchain Open, Deloitte’s 2018 Global Blockchain Survey, provides insights into how supplier and customer expectations are a factor in driving blockchain and IoT adoption, further helping to shape the future of supply chains.

  • Consumer products and manufacturing lead adoption of blockchain today, followed by life sciences according to the latest Deloitte estimates. IoT adoption is flourishing in manufacturing, transportation & logistics and utilities. By 2020, each of these industries is projected to spend $40B each on IoT platforms, systems, and services. The following graphic compares blockchain adoption levels by industry. Given how dependent manufacturers are on supply chains, the high adoption rates for blockchain and IoT make sense. Please click on the graphic to expand for easier reading.

  • 32% of enterprises are adopting blockchain to gain greater speed compared to existing systems, and 28% believe blockchain will open up new business models and revenue sources. The majority of manufacturers, transportation & logistics and utilities companies have real-time monitoring running on their shop floors and across their production facilities today. Many are transitioning from Wi-Fi enabled monitoring to IoT, which creates a real-time data stream that blockchain ledgers categorize and track to provide greater track-and-trace speed and accuracy. A recent Capgemini survey found that 76% of manufacturers also plan to have a product-as-a-service strategy to drive revenue in less than two years.

  • Blockchain has the potential to deliver between $80B and $110B in value across seven strategic financial sectors when supported by IoT, redefining their supply chains in the process. McKinsey completed an extensive analysis of over 60 viable use case for blockchain in financial services where IoT would provide greater visibility across transactions. The combination of technologies has the potential to deliver over $100B in value.

  • Reducing product waste and perishable foods’ product margins while increasing traceability is attainable by combining blockchain and IoT. IBM’s Food Trust uses blockchain technology to create greater accountability, traceability, and visibility in supply chains. It’s the only consortium of its kind that connects growers, processors, distributors, and retailers through a permissioned, permanent and shared record of food system data. Partners include Carrefour, Dole, Driscoll’s, Golden State Foods, McCormick and Co., McLane Co., Nestlé, ShopRite parent Wakefern Food Corp.,  grocery group purchasing organization Topco Associates  The Kroger Co., Tyson Foods, Unilever and Walmart. An example of the Food Trust’s traceability application is shown below:

Additional Research:

Abdel-Basset, M., Manogaran, G., & Mohamed, M. (2018). Internet of Things (IoT) and its impact on supply chain: A framework for building smart, secure and efficient systems. Future Generation Computer Systems86, 614–628.

Boston Consulting Group, Pairing Blockchain with IoT to Cut Supply Chain Costs, By Zia Yusuf, Akash Bhatia, Usama Gill, Maciej Kranz, Michelle Fleury, and Anoop Nannra. December 18, 2018

Capgemini Research Institute, Does blockchain hold the key to a new age of supply chain transparency and trust?, 2018 (PDF, 32 pp., no opt-in)

DHL Trend Research, Blockchain In Research,  Perspectives on the upcoming impact of blockchain technology and use cases for the logistics industry (PDF, 28 pp., no opt-in)

Deloitte, Breaking Blockchain Open, Deloitte’s 2018 Global Blockchain Survey,48 pp., PDF, no opt-in. Summary available here.

Deloitte, Continuous Interconnected Supply Chain, Using Blockchain & Internet-of-Things in supply chain traceability (PDF, 24 pp., no opt-in)

Deloitte University Press,  3D opportunity for blockchain Additive manufacturing links the digital thread, 2018 (PDF, 20 pp, no opt-in)

EBN, How IoT, AI, & Blockchain Empower Tomorrow’s Autonomous Supply Chain, June 18, 2018

Forbes, How Blockchain Can Improve Manufacturing In 2019, October 28, 2018.

Forbes, 10 Charts That Will Challenge Your Perspective Of IoT’s Growth, June 6, 2018

Gettens, D., Jauffred, F., & Steeneck, D. W. (2016). IoT Can Drive Big Savings in the Post-Sales Supply Chain. MIT Sloan Management Review, 60(2), 19–21. Accessible on the MIT Sloan Management Review site here.

Jagtap, S., & Rahimifard, S. (2019). Unlocking the potential of the internet of things to improve resource efficiency in food supply chains. Springer International Publishing© Springer Nature Switzerland AG.

McKinsey & Company, Blockchain beyond the hype: What is the strategic business value?, June, 2018

McKinsey & Company, Blockchain Technology in the Insurance Sector, Quarterly meeting of the Federal Advisory Committee on Insurance (FACI) Jan 5, 2017

McKinsey & Company, The IoT as a growth driver, By Markus Berger-De Leon, Thomas Reinbacher, and Dominik Wee. March 2018

McKinsey & Company, How digital manufacturing can escape ‘pilot purgatory’,  by Andreas Behrendt, Richard Kelly, Raphael Rettig, and Sebastian Stoffregen. July 2018

Miller, D. (2018). Blockchain and the Internet of Things in the Industrial Sector. IT Professional20(3), 15-18.

PwC, Global Blockchain Survey, 2018.

Queiroz, M. M., & Wamba, S. F. (2019). Blockchain adoption challenges in supply chain: An empirical investigation of the main drivers in India and the USA. International Journal of Information Management46, 70-82.

Reyna, A., Martín, C., Chen, J., Soler, E., & Díaz, M. (2018). On blockchain and its integration with IoT. Challenges and opportunities. Future Generation Computer Systems88, 173–190

Smith, K. J., & Dhillon, G. (2019). Supply Chain Virtualization: Facilitating Agent Trust Utilizing Blockchain Technology. In Revisiting Supply Chain Risk (pp. 299-311). Springer, Cham.

Tu, M., Lim, M. K., & Yang, M.-F. (2018). IoT-based production logistics and supply chain system – Part 1. Industrial Management & Data Systems118(1), 65–95.

Tu, M., K. Lim, M., & Yang, M.-F. (2018). IoT-based production logistics and supply chain system – Part 2. Industrial Management & Data Systems118(1), 96–125.

Wall Street Journal, 5 Supply Chain Use Cases for IoT, Blockchain, November 8, 2018

Predicting The Future Of Next-Gen Access And Zero Trust Security In 2019

Bottom Line:  The most valuable catalyst all digital businesses need to continue growing in 2019 is a Zero Trust Security (ZTS) strategy based on Next-Gen Access (NGA) that scales to protect every access point to corporate data, recognizing that identities are the new security perimeter.

The faster any digital business is growing, the more identities, devices and network endpoints proliferate. The most successful businesses of 2019 and beyond are actively creating entirely new digital business models today. They’re actively recruiting, and onboarding needed experts independent of their geographic locations and exploring new sourcing and patent ideas with R&D partners globally. Businesses are digitally transforming themselves at a faster rate than ever before. Statista projects businesses will spend $190B on digital transformation in 2019, soaring to $490B by 2025, attaining a 14.4% Compound Annual Growth Rate (CAGR) in six years.

Security Perimeters Make Or Break A Growing Business

80% of IT security breaches involve privileged credential access according to a recent Forrester study. The Verizon Mobile Security Index 2018 Report found that 89% of organizations are relying on just a single security strategy to keep their mobile networks safe. A typical data breach cost the average company $3.86M in 2018, up 6.4% from $3.62M in 2017 according to IBM Security’s latest  2018 Cost of a Data Breach Study.

The hard reality for any digital business is realizing that their greatest growth asset is how well they protect the constantly expanding perimeter of their business. Legacy approaches to securing infrastructure that relies on trusted and untrusted domains can’t scale to protect every identity and device that comprises a company’s rapidly changing new security perimeter. All these factors and more are why Zero Trust Security (ZTS) enabled by Next-Gen Access (NGA) is as essential to digital businesses’ growth as their product roadmaps, pricing strategies, and services with Idaptive being an early leader in the market. To learn more about Identity-as-a-Service please see the Forrester report, The Forrester Wave™: Identity-As-A-Service, Q4 2017 (client access required)

Predicting The Future Of Next-Gen Access And Zero Trust Security

The following are predictions of how Next-Gen Access (NGA) powered by Zero Trust Security (ZTS) will evolve in 2019:

  • Behavior-based scoring algorithms will improve markedly in 2019, improving the user experience by calculating risk scores with greater precision than before. Thwarting attacks start with a series of behavior-based algorithms that calculate a risk score based on a wide variety of variables including past access attempts, device security posture, operating system, location, time of day, and many other measurable factors. Expect to see these algorithms and the risk scores they generate using machine learning techniques improve from accuracy and contextual intelligence standpoint in 2019. Leading companies in the field including Idaptive are actively investing in machine learning technologies to accomplish this today.
  • Multifactor Authentication (MFA) adoption soars as digital businesses seek to protect new R&D projects, patents in progress, roadmaps, and product plans. State-sponsored hacking organizations and organized crime see the intellectual property in fast-growing digital businesses as among the most valuable assets they can exfiltrate and sell on the Dark Web. MFA, one of the most effective single defenses against compromised passwords, will be adopted by the most successful businesses in AI, aerospace & defense, chip design for cellular and IoT devices, e-commerce, enterprise software and more.
  • Smart, connected products without adequate security designed in will proliferate in 2019, further challenging the security perimeters of the digital businesses. The era of smart, connected products is here, with Capgemini estimating the size of the connected products market will be $519B to $685B by 2020. Manufacturers expect close to 50% of their products to be smart, connected products by 2020, according to Capgemini’s Digital Engineering: The new growth engine for discrete manufacturers. The study is downloadable here (PDF, 40 pp., no opt-in). With every smart, connected device creating a new threat surface for a company, expect to see at least one device manufacturer design Zero Trust Security (ZTS) support to the board level to increase their sales into enterprises by reducing the threat of a breach starting from their device.
  • Looking for greater track and traceability, healthcare and medical products supply chains will adopt Zero Trust Security (ZTS). What’s going to make this an urgent issue in healthcare and medical products are the combined effects of greater regulatory reporting and compliance, combined with the pressure to improve time-to-market for new products and delivery accuracy for current customers. The pillars of ZTS are a perfect fit for healthcare and medical supply chains’ need for track and traceability. These pillars are real-time user verification, device validation, and intelligently limiting access, while also learning and adapting to verified user behaviors.
  • Real-time Security Analytics Services is going to thrive in 2019 as digital businesses seek insights into how they can fine-tune their ZTS strategies across every threat surface and machine learning algorithms improve. Many enterprises are in for an epiphany in 2019 when they see just how many potential breaches they’ve stopped using a combination of security strategies including Single Sign-On (SSO) and Multi-factor Authentication (MFA). Machine learning algorithms will continue to improve using behavior-based scoring, further improving the user experience. Leaders in the field include Idaptive who is setting a rapid pace of innovation in Real-Time Security Analytics Services.   

Conclusion

Security is at an inflection point today. Long-standing methods of protecting IT systems and a businesses’ assets can’t scale to protect every new identity, device or threat surface. When every identity is a new security perimeter, a new approach is needed to securing any digital business. The pillars of ZTS including real-time user verification, device validation, and intelligently limiting access, while also learning and adapting to verified user behaviors are proving to be effective at thwarting breaches and securing company’ digital assets of all kinds. It’s time for more digital businesses to see security as the growth catalyst it is and take action now to ensure their operations continue to flourish.

Microsoft Leads The AI Patent Race Going Into 2019

  • There have been over 154,000 AI patents filed worldwide since 2010 with the majority being in health fields (29.5%), Industry-specific solutions (25.3%) and AI-based digital security (15.7%).
  • AI-based marketing patents are the fasting growing global category, reaching a Compound Annual Growth Rate (CAGR) of 29.3% between 2010 and 2018.
  • The second- and third-fastest growing global AI patent categories between 2010 and 2018 are AI-based digital security (23.4% CAGR) and AI-based mobility (23% CAGR).
  • 79,936 patents were filed in the United States between 2010 and 2018, with the majority being in the health field (32.6%) followed by Industry-specific solutions (20.5%) and AI-based digital security (18%).
  • Machine learning dominates the AI patent landscape today, leading all categories of AI patents including deep learning and neural networks.

These and many other insights are from an excellent presentation recently given by Kai Gramke, Managing Director of EconSight titled Artificial Intelligence As A Key Technology and Driver of Technological Progress. EconSight clients include the Swiss Federal Council, German Federal Chancellery, leading European think tanks, research institutes and half of the German DAX-30 companies.  The presentation and information shared in this post were generated using the PatentSight analytics platform. PatentSight is a LexisNexis company and you can learn more about them here.  The following are the key takeaways from Kai’s recent research and presentation using PatentSight:

  • EconSight finds that Microsoft leads the AI patent race going into 2019 with 697 world class patents that the firm classifies as having a significant competitive impact as of November 2018. Out of the top 30 companies and research institutions as defined by EconSight in their recent analysis, Microsoft has created 20% of all patents in the global group of patent-producing companies and institutions. The following graphic provides a comparison of the top 3o in the group. Please click on the graphic to expand it for easier reading.

  • Machine learning dominates the AI patent landscape today, leading all categories of AI patents including deep learning and neural networks.  Machine learning is based on the foundational concepts of Bayesian analysis, data mining, and predictive analytics. Machine learning algorithms and the applications they rely on are designed to find patterns in large-scale data sets, while also being able to solve complex, constraint-based problems by learning from the data.  Enterprise software companies including Microsoft, SAP, and others are actively developing AI technologies that integrate into their existing platforms, streamlining adoption across their many customers. Please click on the graphic to expand for easier reading.

  • There have been 225,833 AI-based patents filed globally since 2000, with 30.7% being Industry specific (Industry 4.0 on the graphic below) followed by health-related patents (28.1%) 13.8% of all AI-based patents are for digital security and 11.9% for energy. It’s interesting to note that the fastest growing patents between 2000 and 2018 are for applying AI to marketing (22% CAGR) and AI-based digital security (18.8% CAGR). Please click on the graphic to expand for easier reading.

High-Tech’s Greatest Challenge Will Be Securing Supply Chains In 2019

Bottom Line: High-tech manufacturers need to urgently solve the paradox of improving supply chain security while attaining greater visibility across supplier networks if they’re going make the most of smart, connected products’ many growth opportunities in 2019.

The era of smart, connected products is revolutionizing every aspect of manufacturing today, from suppliers to distribution networks. Capgemini estimates that the size of the connected products market will be $519B to $685B by 2020. Manufacturers expect close to 50 percent of their products to be smart, connected products by 2020, according to Capgemini’s Digital Engineering: The new growth engine for discrete manufacturers. The study is downloadable here (PDF, 40 pp., no opt-in).

Smart, connected products free manufacturers and their supply chains from having to rely on transactions and the price wars they create. The smarter the product, the greater the services revenue opportunities. And the more connected a smart product is using IoT and Wi-Fi sensors the more security has to be designed into every potential supplier evaluation, onboarding, quality plan, and ongoing suppliers’ audits. High-tech manufacturers are undertaking all of these strategies today, fueling them with real-time monitoring using barcoding, RFID and IoT sensors to improve visibility across their supply chains.

Gaining even greater visibility into their supply chains using cloud-based track-and-trace systems capable of reporting back the condition of components in transit to the lot and serialized pack level, high-tech suppliers are setting the gold standard for supply chain transparency and visibility. High-tech supply chains dominate many other industries’ supplier networks on accuracy, speed, and scale metrics on a consistent basis, yet the industry is behind on securing its vast supplier network. Every supplier identity and endpoint is a new security perimeter and taking a Zero Trust approach to securing them is the future of complex supply chains. With Zero Trust Privilege, high-tech manufacturers can secure privileged access to infrastructure, DevOps, cloud, containers, Big Data, production, logistics and shipping facilities, systems and teams.

High-Tech Needs to Confront Its Supply Chain Security Problem, Not Dismiss It

It’s ironic that high-tech supply chains are making rapid advances in accuracy and visibility yet still aren’t vetting suppliers thoroughly enough to stop counterfeiting, or worse. Bloomberg’s controversial recent article,The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, explains how Amazon Web Services (AWS) was considering buying Portland, Oregon-based Elemental Technologies for its video streaming technology, known today as Amazon Prime Video. As part of the due diligence, AWS hired a third-party company to scrutinize Elemental’s security all the way up to the board level. The Elemental servers that handle the video compression were assembled by Super Micro Computer Inc., a San Jose-based company in China. Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design that could create a stealth doorway into any network the machines were attached to. Apple (who is also an important Super Micro customer) and AWS deny this ever happened, yet 17 people have confirmed Supermicro had altered hardware, corroborating Bloomberg’s findings.

The hard reality is that the scenario Bloomberg writes about could happen to any high-tech manufacturer today. When it comes to security and 3rd party vendor risk management, many high-tech supply chains are stuck in the 90s while foreign governments, their militaries and the terrorist organizations they support are attempting to design in the ability to breach any network at will. How bad is it?  81% of senior executives involved in overseeing their companies’ global supply chains say 3rd party vendor management including recruiting suppliers is riskiest in China, India, Africa, Russia, and South America according to a recent survey by Baker & McKenzie.

PriceWaterhouseCoopers (PwC) and the MIT Forum for Supply Chain Innovation collaborated on a study of 209 companies’ supply chain operations and approaches to 3rd party vendor risk management. The study, PwC and the MIT Forum for Supply Chain Innovation: Making the right risk decisions to strengthen operations performance, quantifies the quick-changing nature of supply chains. 94% say there are changes in the extended supply chain network configuration happening frequently. Relying on trusted and untrusted domain controllers from server operating systems that are decades old can’t keep up with the mercurial pace of supply chains today.

Getting in Control of Security Risks in High-Tech Supply Chains

It’s time for high-tech supply chains to go with a least privilege-based approach to verifying who or what is requesting access to any confidential data across the supply chains. Further, high-tech manufacturers need to extend access request verification to include the context of the request and the risk of the access environment. Today it’s rare to find any high-tech manufacturer going to this level of least-privilege access approach, yet it’s the most viable approach to securing the most critical parts of their supply chains.

By taking a least-privilege access approach, high-tech manufacturers and their suppliers can minimize attack surfaces, improve audit and compliance visibility, and reduce risk, complexity, and operating costs across their hybrid manufacturing ecosystem.

Key actions that high-tech manufacturers can take to secure their supply chain and ensure they don’t end up in an investigative story of hacked supply chains include the following:

  • Taking a Zero Trust approach to securing every endpoint provides high-tech manufacturers with the scale they need to grow. High-tech supply chains are mercurial and fast-moving by nature, guaranteeing they will quickly scale faster than any legacy approaches enterprise security management. Vetting and then onboarding new suppliers needs to start by protecting every endpoint to the production and sourcing level, especially for next-generation smart, connected products.
  • Smart, connected products and the product-as-a-service business models they create are all based on real-time, rich, secured data streams that aren’t being eavesdropped on with components no one knows about. Taking a Zero Trust Privilege-based approach to securing access to diverse supply chains is needed if high-tech manufacturers are going to extend beyond legacy Privileged Access Management (PAM) to secure data being generated from real-time monitoring and data feeds from their smart, connected products today and in the future.
  • Quality management, compliance, and quality audits are all areas high-tech manufacturers excel in today and provide a great foundation to scale to Zero Trust Privilege. High-tech manufacturers have the most advanced quality management, inbound inspection and supplier quality audit techniques in the world. It’s time for the industry to step up on the security side too. By only granting least-privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment, high-tech manufacturers can make rapid strides to improve supply chain security.
  • Rethink the new product development cycles for smart, connected products and the sensors they rely on, so they’re protected as threat surfaces when built. Designing in security to the new product development process level and further advancing security scrutiny to the schematic and board design level is a must-do. In an era of where we have to assume bad actors are everywhere, every producer of high-tech products needs to realize their designs, product plans, and roadmaps are at risk. Ensuring the IOT and Wi-Fi sensors in smart, connected products aren’t designed to be hackable starts with a Zero Trust approach to defining security for supplier, design, and development networks.

Conclusion

The era of smart, connected products is here, and supply chains are already reverberating with the increased emphasis on components that are easily integrated and have high-speed connectivity. Manufacturing CEOs say it’s exactly what their companies need to grow beyond transaction revenue and the price wars they create. While high-tech manufacturers excel at accuracy, speed, and scale, they are falling short on security. It’s time for the industry to re-evaluate how Zero Trust can stabilize and secure every identity and threat surface across their supply chains with the same precision and intensity quality is today.

Which CRM Applications Matter Most In 2018

 

According to recent research by Gartner,

  • Marketing analytics continues to be hot for marketing leaders, who now see it as a key business requirement and a source of competitive differentiation
  • Artificial intelligence (AI) and predictive technologies are of high interest across all four CRM functional areas, and mobile remains in the top 10 in marketing, sales and customer service.
  • It’s in customer service where AI is receiving the highest investments in real use cases rather than proofs of concept (POCs) and experimentation.
  • Sales and customer service are the functional areas where machine learning and deep neural network (DNN) technology is advancing rapidly.

These and many other fascinating insights are from Gartner’s What’s Hot in CRM Applications in 2018 by Ed Thompson, Adam Sarner, Tad Travis, Guneet Bharaj, Sandy Shen and Olive Huang, published on August 14, 2018. Gartner clients can access the study here  (10 pp., PDF, client access reqd.).

Gartner continually tracks and analyzes the areas their clients have the most interest in and relies on that data to complete their yearly analysis of CRM’s hottest areas. Inquiry topics initiated by clients are an excellent leading indicator of relative interest and potential demand for specific technology solutions. Gartner organizes CRM technologies into the four category areas of Marketing, Sales, Customer Service, and Digital Commerce.

The following graphic from the report illustrates the top CRM applications priorities in Marketing, Sales, Customer Service, and Digital Commerce.

Key insights from the study include the following:

  • Marketing analytics continues to be hot for marketing leaders, who now see it as a key business requirement and a source of competitive differentiation. In my opinion and based on discussions with CMOs, interest in marketing analytics is soaring as they are all looking to quantify their team’s contribution to lead generation, pipeline growth, and revenue. I see analytics- and data-driven clarity as the new normal. I believe that knowing how to quantify marketing contributions and performance requires CMOs and their teams to stay on top of the latest marketing, mobile marketing, and predictive customer analytics apps and technologies constantly. The metrics marketers choose today define who they will be tomorrow and in the future.
  • Artificial intelligence (AI) and predictive technologies are of high interest across all four CRM functional areas, and mobile remains in the top 10 in marketing, sales and customer service. It’s been my experience that AI and machine learning are revolutionizing selling by guiding sales cycles, optimizing pricing and enabling CPQ to define and deliver smart, connected products. I’m also seeing CMOs and their teams gain value from Salesforce Einstein and comparable intelligent agents that exemplify the future of AI-enabled selling. CMOs are saying that Einstein can scale across every phase of customer relationships. Based on my previous consulting in CPQ and pricing, it’s good to see decades-old core technologies underlying Price Optimization and Management are getting a much-needed refresh with state-of-the-art AI and machine learning algorithms, which is one of the factors driving their popularity today. Using Salesforce Einstein and comparable AI-powered apps I see sales teams get real-time guidance on the most profitable products to sell, the optimal price to charge, and which deal terms have the highest probability of closing deals. And across manufacturers on a global scale sales teams are now taking a strategic view of Configure, Price, Quote (CPQ) as encompassing integration to ERP, CRM, PLM, CAD and price optimization systems. I’ve seen global manufacturers take a strategic view of integration and grow far faster than competitors. In my opinion, CPQ is one of the core technologies forward-thinking manufacturers are relying on to launch their next generation of smart, connected products.
  • It’s in customer service where AI is receiving the highest investments in real use cases rather than proofs of concept (POCs) and experimentation. It’s fascinating to visit with CMOs and see the pilots and full production implementations of AI being used to streamline customer service. One CMO remarked how effective AI is at providing greater contextual intelligence and suggested recommendations to customers based on their previous buying and services histories. It’s interesting to watch how CMOs are attempting to integrate AI and its associated technologies including ChatBots to their contribution to Net Promoter Scores (NPS). Every senior management team running a marketing organization today has strong opinions on NPS. They all agree that greater insights gained from predictive analytics and AI will help to clarify the true value of NPS as it relates to Customer Lifetime Value (CLV) and other key metrics of customer profitability.
  • Sales and customer service are the functional areas where machine learning and deep neural network (DNN) technology is advancing rapidly.  It’s my observation that machine learning’s potential to revolutionize sales is still nascent with many high-growth use cases completely unexplored. In speaking with the Vice President of Sales for a medical products manufacturer recently, she said her biggest challenge is hiring sales representatives who will have longer than a 19-month tenure with the company, which is their average today.  Imagine, she said, knowing the ideal attributes and strengths of their top performers and using machine learning and AI to find the best possible new sales hires. She and I discussed the spectrum of companies taking on this challenge, with Eightfold being one of the leaders in applying AI and machine learning to talent management challenges.

Source: Gartner by Ed Thompson, Adam Sarner, Tad Travis, Guneet Bharaj,  Sandy Shen and Olive Huang, published on August 14, 2018.

How To Protect Healthcare IoT Devices In A Zero Trust World

  • Over 100M healthcare IoT devices are installed worldwide today, growing to 161M by 2020, attaining a Compound Annual Growth Rate (CAGR) of 17.2% in just three years according to Statista.
  • Healthcare executives say privacy concerns (59%), legacy system integration (55%) and security concerns (54%) are the top three barriers holding back Internet of Things (IoT) adoption in healthcare organizations today according to the Accenture 2017 Internet of Health Things Survey.
  • The global IoT market is projected to soar from $249B in 2018 to $457B in 2020, attaining a Compound Annual Growth Rate (CAGR) of 22.4% in just three years according to Statista.

Healthcare and medical device manufacturers are in a race to see who can create the smartest and most-connected IoT devices first. Capitalizing on the rich real-time data monitoring streams these devices can provide, many see the opportunity to break free of product sales and move into more lucrative digital service business models. According to Capgemini’s “Digital Engineering, The new growth engine for discrete manufacturers,” the global market for smart, connected products is projected to be worth $519B to $685B by 2020. The study can be downloaded here (PDF, 40 pp., no opt-in). 47% of a typical manufacturer’s product portfolio by 2020 will be comprised of smart, connected products. In the gold rush to new digital services, data security needs to be a primary design goal that protects the patients these machines are designed to serve. The following graphic from the study shows how organizations producing smart, connected products are making use of the data generated today.

Healthcare IoT Device Data Doesn’t Belong For Sale On The Dark Web

Every healthcare IoT device from insulin pumps and diagnostic equipment to Remote Patient Monitoring is a potential attack surface for cyber adversaries to exploit. And the healthcare industry is renowned for having the majority of system breaches initiated by insiders. 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today according to Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR).

Many employees working for medical providers are paid modest salaries and often have to regularly work hours of overtime to make ends meet. Stealing and selling medical records is one of the ways those facing financial challenges look to make side money quickly and discreetly. And with a market on the Dark Web willing to pay up to $1,000 or more for the most detailed healthcare data, according to Experian, medical employees have an always-on, 24/7 marketplace to sell stolen data. 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey. Healthcare IoT devices are a potential treasure trove to inside and outside actors who are after financial gains by hacking the IoT connections to smart, connected devices and the networks they are installed on to exfiltrate valuable medical data.

Healthcare and medical device manufacturers need to start taking action now to secure these devices during the research and development, design and engineering phases of their next generation of IoT products. Specifying and validating that every IoT access point is compatible and can scale to support Zero Trust Security (ZTS) is essential if the network of devices being designed and sold will be secure. ZTS is proving to be very effective at thwarting potential breach attempts across every threat surface an organization has. Its four core pillars include verifying the identity of every user, validating every device, limiting access and privilege, and utilizing machine learning to analyze user behavior and gain greater insights from analytics.

The First Step Is Protect Development Environments With Zero Trust Privilege

Product research & development, design, and engineering systems are all attack surfaces that cyber adversaries are looking to exploit as part of the modern threatscape. Their goals include gaining access to valuable Intellectual Property (IP), patents and designs that can be sold to competitors and on the Dark Web, or damaging and destroying development data to slow down the development of new products. Another tactic lies in planting malware in the firmware of IoT devices to exfiltrate data at scale.

Attack surfaces and the identities that comprise the new security perimeter of their companies aren’t just people; they are workloads, services, machines, and development systems and platforms. Protecting every attack surface with cloud-ready Zero Trust Privilege (ZTP) which secures access to infrastructure, DevOps, cloud, containers, Big Data, and the entire development and production environment is needed.

Zero Trust Privilege can harden healthcare and medical device manufacturers’ internal security, only granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, healthcare and medical device manufacturers would be able to minimize attack surfaces, improve audit and compliance visibility, and reduces risk, complexity, and costs across their development and production operations.

The Best Security Test Of All: An FDA Audit

Regulatory agencies across Asia, Europe, and North America are placing a higher priority than ever before on cybersecurity to the device level. The U.S. Food & Drug Administration’s Cybersecurity Initiative is one of the most comprehensive, providing prescriptive guidance to manufacturers on how to attain higher levels of cybersecurity in their products.

During a recent healthcare device and medical device manufacturer’s conference, a former FDA auditor (and now Vice President of Compliance) gave a fascinating keynote on the FDA’s intent to audit medical device security at the production level. Security had been an afterthought or at best a “trust but verify” approach that relied on trusted versus untrusted machine domains. That will no longer be the case, as the FDA will now complete audits that are comparable to Zero Trust across manufacturing operations and devices.

As Zero Trust Privilege enables greater auditability than has been possible in the past, combined with a “never trust, always verify” approach to system access, healthcare device, and medical products manufacturers should start engineering in Zero Trust into their development cycles now.

2018 Roundup Of Cloud Computing Forecasts And Market Estimates

Cloud computing platforms and applications are proliferating across enterprises today, serving as the IT infrastructure driving new digital businesses. The following roundup of cloud computing forecasts and market estimates reflect a maturing global market for cloud services, with proven scale, speed and security to support new business models.

CIOs who are creating compelling business cases that rely on cloud platforms as a growth catalyst is the architects enabling these new business initiatives to succeed. The era of CIO strategist has arrived. Key takeaways include the following:

  • Amazon Web Services (AWS) accounted for 55% of the company’s operating profit in Q2, 2018, despite contributing only 12% to the company’s net sales. In Q1, 2018 services accounted for 40% of Amazon’s revenue, up from 26% three years earlier. Source: Cloud Business Drives Amazon’s Profits, Statista, July 27, 2018.

  • 80% of enterprises are both running apps on or experimenting with Amazon Web Services (AWS) as their preferred cloud platform. 67% of enterprises are running apps on (45%) and experimenting on (22%) the Microsoft Azure platform. 18% of enterprises are using Google’s Cloud Platform for applications today, with 23% evaluating the platform for future use. RightScale’s 2018 survey was included in the original data set Statista used to create the comparison. Source: Statista, Current and planned usage of public cloud platform services running applications worldwide in 2018. Please click on the graphic to expand for easier viewing.

  • Enterprise adoption of Microsoft Azure increased significantly from 43% to 58% attaining a 35% CAGR while AWS adoption increased from 59% to 68%. Enterprise respondents with future projects (the combination of experimenting and planning to use) show the most interest in Google (41%). Source: RightScale 2018 State of the Cloud Report. Please click on the graphic to expand for easier viewing.

  • Wikibon projects the True Private Cloud (TPC) worldwide market will experience a compound annual growth rate of 29.2%, reaching $262.4B by 2027. The firm predicts TPC growth will far outpace the infrastructure-as-a-service (IaaS) growth of 15.2% over the same period. A true private cloud is distinguished from a private cloud by the completeness of the integration of all aspects of the offering, including performance characteristics such as price, agility, and service breadth. Please see the source link for additional details on TPC. Source: Wikibon’s 2018 True Private Cloud Forecast and Market Shares. Please click on the graphic to expand for easier viewing.

  • Quality Control, Computer-Aided Engineering, and Manufacturing Execution Systems (MES) are the three most widely adopted systems in the cloud by discrete and process The survey also found that 60% of discrete and process manufacturers say their end users prefer the cloud over on-premise. Source: Amazon Web Services & IDC: Industrial Customers Are Ready For The Cloud – Now (PDF, 13 pp., no opt-in, sponsored by AWS). Please click on the graphic to expand for easier viewing.

  • The Worldwide Public Cloud Services Market is projected to grow by 17.3 3% in 2019 to total $206.2B, up from $175.8B in 2018 according to Gartner. In 2018 the market will grow a healthy 21% up from $145.3B in 2017 according to the research and advisory firm. Infrastructure-as-a-Service (IaaS) will be the fastest-growing segment of the market, forecasted to grow by 27.6% in 2019 to reach $39.5B, up from $31B in 2018. By 2022, Gartner expects that 90% of enterprises purchasing public cloud IaaS will do so from an integrated IaaS and Platform-as-a-Service (PaaS), and will use both the IaaS and PaaS capabilities from that provider. Source: Gartner Forecasts Worldwide Public Cloud Revenue to Grow 17.3 Percent in 2019.

  • More than $1.3T in IT spending will be directly or indirectly affected by the shift to cloud by 2022. 28% of spending within key enterprise IT markets will shift to the cloud by 2022, up from 19% in 2018. The largest cloud shift before 2018 occurred in application software, particularly driven by customer relationship management (CRM) software, with Salesforce dominating as the market leader. CRM has already reached a tipping point where a higher proportion of spending occurs in the cloud than in traditional software. Source: Gartner Says 28 Percent of Spending in Key IT Segments Will Shift to the Cloud by 2022.

  • IDC predicts worldwide Public Cloud Services Spending will reach $180B in 2018, an increase of 23.7% over 2017. According to IDC, the market is expected to achieve a five-year compound annual growth rate (CAGR) of 21.9% with public cloud services spending totaling $277B in 2021. The industries that are forecast to spend the most on public cloud services in 2018 are discrete manufacturing ($19.7B), professional services ($18.1B), and banking ($16.7B). The process manufacturing and retail industries are also expected to spend more than $10B each on public cloud services in 2018. These five industries will remain at the top in 2021 due to their continued investment in public cloud solutions. The industries that will see the fastest spending growth over the five-year forecast period are professional services (24.4% CAGR), telecom (23.3% CAGR), and banking (23.0% CAGR). Source: Worldwide Public Cloud Services Spending Forecast to Reach $160 Billion This Year, According to IDC.
  • Discrete Manufacturing is predicted to lead all industries on public cloud spending of $19.7B in 2018 according to IDC. Additional industries forecast to spend the most on public cloud services this year include Professional Services at $18.1B and Banking at $16.7B. The process manufacturing and retail industries are also expected to spend more than $10B each on public cloud services in 2018. According to IDC, these five industries will remain at the top in 2021 due to their continued investment in public cloud solutions. The industries that will see the fastest spending growth over the five-year forecast period are Professional Services with a 24.4% CAGR, Telecommunications with a 23.3% CAGR, and banking with a 23% CAGR. Source: Worldwide Public Cloud Services Spending Forecast to Reach $160 Billion This Year, According to IDC.

Additional Resources:

58% Of All Healthcare Breaches Are Initiated By Insiders

  • 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
  • Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
  • Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). A copy of the study is available for download here (PDF, 20 pp., no opt-in).  The study is based on 1,368 incidents across 27 countries. Healthcare medical records were the focus of breaches, and the data victims were patients and their medical histories, treatment plans, and identities. The data comprising the report is a subset of Verizon’s Annual Data Breach Investigations Report (DBIR) and spans 2016 and 2017.

Why Healthcare Needs Zero Trust Security To Grow

One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What’s holding its growth back, however, is how porous healthcare digital security is. 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information, and 58% of breach attempts involve internal actors.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

Identities Need to Be Every Healthcare Providers’ New Security Perimeter

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system, and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).

The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

NGA is proving to be an effective strategy for thwarting stolen and sold healthcare provider’s privileged access credentials from gaining access to networks and systems, combining Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify is one of the leaders in this field, with expertise in the healthcare industry.

NGA can also assure healthcare providers’ privileged access credentials don’t make the best seller list on the Dark Web. Another recent study from Accenture titled, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. 24% of employees know of someone who has sold privileged credentials to outsiders, according to the survey. By verifying every login attempt from any location, NGA can thwart the many privilege access credentials for sale on the Dark Web.

The following are the key takeaways from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR):

  • 58% of healthcare security breach attempts involve inside actors, which makes it the leading industry for insider threats today. External actors are attempting 42% of healthcare breaches. Inside actors rely on their privileged access credentials or steal them from fellow employees to launch breaches the majority of the time. By utilizing NGA, healthcare providers can get this epidemic of internal security breaches under control by forcing verification for every access request, anywhere, on a 24/7 basis.

  • Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud. Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach.

  • Abusing privileged access credentials (66%) and abusing credentials and physical access points (17%) to gain unauthorized access comprise 82.9% of all misuse-based breach attempts and incidents. Verizon’s study accentuates that misuse of credentials and the breaching of physical access points with little or no security is intentional, deliberate and driven by financial gain the majority of the time. Internal, external and partner actors acting alone or in collaboration with each other know the easiest attack surface to exploit are accessed credentials, with database access being the goal half of the time. When there’s little to no protection on web application and payment card access points to a network, breaches happen. Shutting down privilege abuse starts with a solid ZTS strategy based on NGA where every login attempt is verified before access is granted and anomalies trigger MFA and further user validation. Please click on the graphic to expand it for easier reading.

  • 70.2% of all hacking attempts are based on stolen privileged access credentials (49.3%) combined with brute force to obtain credentials from POS terminals and controllers (20.9%). Hackers devise ingenious ways of stealing privileged access credentials, even resorting to hacking a POS terminal or controllers to get them. Healthcare insiders also steal credentials to gain access to mainframes, servers, databases and internal systems. Verizon’s findings below are supported by Accenture’s research showing that 18% of healthcare employees are willing to sell privileged access credentials and confidential data to unauthorized parties for as little as $500 to $1,000. Please click on the graphic to expand it for easier reading.

  • Hospitals are most often targeted for breaches using privileged access credentials followed by ambulatory health care services, the latter of which is seen as the most penetrable business via hacking and brute force credential acquisition. Verizon compared breach incidents by North American Industry Classification System (NAICS) and found privileged credential misuse is flourishing in hospitals where inside and outside actors seek to access databases and web applications. Internal, external and partner actors are concentrating on hospitals due to the massive scale of sensitive data they can attain with stolen privileged access credentials and quickly sell them or profit from them through fraudulent means. Verizon also says a favorite hacking strategy is to use USB drives to exfiltrate proprietary information and sell it to health professionals intent on launching competing clinics and practices. Please click on the graphic to expand it for easier reading.

Conclusion

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.

Global State Of Enterprise Analytics, 2018

  • 71% of enterprises globally predict their investments in data and analytics will accelerate in the next three years and beyond.
  • 57% of enterprises globally have a Chief Data Officer, a leadership role that is pivotal in helping to democratize data and analytics across any organization.
  • 52% of enterprises are leveraging advanced and predictive analytics today to provide greater insights and contextual intelligence into operations.
  • 41% of all enterprises are considering a move to cloud-based analytics in the next year.
  • Cloud Computing (24%), Big Data (20%), and AI/Machine Learning (18%) are the three technologies predicted to have the greatest impact on analytics over the next five years.
  • Just 16% of enterprises have enabled at least 75% of their employees to have access to company data and analytics.

These and many other fascinating insights are from MicroStrategy’s latest research study, 2018 Global State of Enterprise Analytics Report.  You can download a copy here (PDF, 44 pp., opt-in). The study is based on surveys completed in April 2018 with 500 globally-based enterprise analytics and business intelligence professionals on the state of their organizations’ analytics initiatives across 20 industries. Participants represented organizations with 250 to 20,000 employees worldwide from five nations including Brazil, Germany, Japan, the United Kingdom and the United States. For additional details on the methodology, please see the study here. The study’s results underscore how enterprises need to have a unified data strategy that reflects their growth strategies and new business models’ information needs.

Key takeaways from the study include the following:

  • Driving greater process and cost efficiencies (60%), strategy and change (57%) and monitoring and improving financial performance (52%) are the top three ways enterprises globally are using data and analytics today. The study found that enterprises are also relying on data and analytics to gain greater insights into how current products and services are used (51%), managing risk (50%) and attain customer growth and retention (49%). Across the five nations surveyed, Japan leads the world in the use of data and analytics to drive process and cost efficiencies (65%). UK-based enterprises lead all nations in their use of data and analytics to analyze how current products and services are being used.  The report provides graphical comparisons of the five nations’ results.

  • Cloud Computing, Big Data, and AI/Machine Learning are the three technologies predicted to have the greatest global impact on analytics over the next five years. Japanese enterprises predict cloud computing will have the greatest impact on the future of analytics (28%) across the five nations’ enterprises interviewed. AI/Machine Learning is predicted to have the greatest impact on analytics in the U.K. (26%) globally as is Big Data in Germany (29%). Please see the study for country-specific prioritization of technologies.

  • 52% of enterprises are leveraging advanced and predictive analytics today to provide greater insights and contextual intelligence into operations. Additional leverage areas include distribution of analytics via e-mail and collaboration tools (49%), analytics embedded in other apps including Salesforce (44%) and mobile productivity apps (39%). Japanese enterprises lead the world in their adoption of advanced and predictive analytics (60%). German enterprises lead the world in the adoption of analytics for collaboration via e-mail and more real-time data and knowledge-sharing methods (50%).

  • 59% of enterprises are using Big Data Analytics, leading all categories of intelligence applications. Enterprise reporting (47%), data discovery (47%), mobile productivity apps (44%) and embedded apps (42%) are the top five intelligence applications in use globally by enterprises today. Big Data’s dominance in the survey results can be attributed to the top five industries in the sampling frame is among the most prolific in data generation and use. Manufacturing (15%) is the most data-prolific industry on the planet. Additional industries that generate massive amounts of data dominate the survey’s demographics including software technology-based businesses (14%), banking (13%), retail (11%), and financial services/business services (6%).

  • 27% of global enterprises prioritize security over any other factor when evaluating a new analytics vendor. The three core attributes of a scalable, comprehensive platform, ease of use, and a vendor’s products having an excellent reputation are all essential. Enterprises based in four of the five nations also prioritize security as the most critical success factor they evaluate potential analytics vendors to do business with. Enterprise scalability is most important in the U.S., with 26% of enterprises interviewed saying this is the most important priority in evaluating a new analytics vendor.

  • Data privacy and security concerns (49%) is the most formidable barrier enterprises face in gaining more effective use of their data and analytics. Enterprises from four of the five nations say data privacy and security are the most significant barrier they face in getting more value from analytics. In Japan, the greatest barrier is access limited to data across the organization (40%).

  • Globally 41% of all enterprises are considering a move to the cloud in the next year. 64% of U.S.-based enterprises are considering moving to a cloud-based analytics platform or solution in the next year. The U.S. leads enterprises from all five nations in planned cloud-based analytics cloud adoption as the graphic below illustrates.

%d bloggers like this: