AI and Machine Learning are on track to generate between $1.4 Trillion to $2.6 Trillion in value by solving Marketing and Sales problems over the next three years, according to the McKinsey Global Institute.
Marketers’ use of AI soared between 2018 and 2020, jumping from 29% in 2018 to 84% in 2020, according to Salesforce Research’s most recent State of Marketing Study.
AI, Machine Learning, marketing & advertising technologies, voice/chat/digital assistants, and mobile tech & apps are the five technologies that will have the greatest impact on the future of marketing, according to Drift’s 2020 Marketing Leadership Benchmark Report.
Chief Marketing Officers (CMOs) and the marketing teams they lead are expected to excel at creating customer trust, a brand that exudes empathy and data-driven strategies that deliver results. Personalizing channel experiences at scale works when CMOs strike the perfect balance between their jobs’ emotional and logical, data-driven parts. That’s what makes being a CMO today so challenging. They’ve got to have the compassion of a Captain Kirk and the cold, hard logic of a Dr. Spock and know when to use each skill set. CMOs and their teams struggle to keep the emotional and logical parts of their jobs in balance.
Asked how her team keeps them in balance, the CMO of an enterprise software company told me she always leads with empathy, safety and security for customers and results follow. “Throughout the pandemic, our message to our customers is that their health and safety come first and we’ll provide additional services at no charge if they need it.” True to her word, the company offered their latest cybersecurity release update to all customers free in 2020. AI and machine learning tools help her and her team test, learn and excel iteratively to create an empathic brand that delivers results.
The following are ten ways AI and machine learning are improving marketing in 2021:
1. 70% of high-performance marketing teams claim they have a fully defined AI strategy versus 35% of their under-performing peer marketing team counterparts. CMOs who lead high-performance marketing teams place a high value on continually learning and embracing a growth mindset, as evidenced by 56% of them planning to use AI and machine learning over the next year. Choosing to put in the work needed to develop new AI and machine learning skills pays off with improved social marketing performance and greater precision with marketing analytics. Source: State of Marketing, Sixth Edition. Salesforce Research, 2020.
2. 36% of marketers predict AI will have a significant impact on marketing performance this year. 32% of marketers and agency professionals were using AI to create ads, including digital banners, social media posts and digital out-of-home ads, according to a recent study by Advertiser Perceptions. Source: Which Emerging Tech Do Marketers Think Will Most Impact Strategy This Year?, Marketing Charts, January 5, 2021.
3. High-performing marketing teams are averaging seven different uses of AI and machine learning today and just over half (52%) plan on increasing their adoption this year. High-performing marketing teams and the CMOs lead them to invest in AI and machine learning to improve customer segmentation. They’re also focused on personalizing individual channel experiences. The following graphic underscores how quickly high-performing marketing teams learn then adopt advanced AI and machine learning techniques to their competitive advantage. Source: State of Marketing, Sixth Edition. Salesforce Research, 2020.
4. Marketers use AI-based demand sensing to better predict unique buying patterns across geographic regions and alleviate stock-outs and back-orders. Combining all available data sources, including customer sentiment analysis using supervised machine learning algorithms, it’s possible to improve demand sensing and demand forecast accuracy. ML algorithms can correlate location-specific sentiment for a given product or brand and a given product’s regional availability. Having this insight alone can save the retail industry up to $50B a year in obsoleted inventory. Source: AI can help retailers understand the consumer, Phys.org. January 14, 2019.
5. Disney is applying AI modeling techniques, including machine learning algorithms, to fine-tune and optimize its media mix model. Disney’s approach to gaining new insights into its media mix model is to aggregate data from across the organization including partners, prepare the model data and then transform it for use in a model. Next, a variety of models are used to achieve budget and media mix optimization. Then compare scenarios. The result is a series of insights that are presented to senior management. The following dashboard shows the structure of how they analyze AI-based data internally. The data shown is, for example only; this does not reflect Disney’s actual operations. Source: How Disney uses Tableau to visualize its media mix model (https://www.tableau.com/best-marketing-dashboards)
6. 41% of marketers say that AI and machine learning make their greatest contributions to accelerating revenue growth and improving performance. Marketers say that getting more actionable insights from marketing data (40%) and creating personalized consumer experiences at scale (38%) round out the top three uses today. The study also found that most marketers, 77%, have less than a quarter of all marketing tasks intelligently automated and 18% say they haven’t intelligently automated any tasks at all. Marketers need to look to AI and machine learning to automated remote, routine tasks to free up more time to create new campaigns. Source: Drift and Marketing Artificial Intelligence Institute, 2021 State of Marketing AI Report.
7. Starbucks set the ambitious goal of being the world’s most personalized brand by relying on predictive analytics and machine learning to create a real-time personalization experience. The global coffee chain faced several challenges starting with how difficult it was to target individual customers with their existing IT infrastructure. They were also heavily reliant on manual operations across their thousands of stores, which made personalization at scale a formidable challenge to overcome. Starbucks created a real-time personalization engine that integrated with customers’ account information, the mobile app, customer preferences, 3rd party data and contextual data. They achieved a 150% increase in user interaction using predictive analytics and AI, a 3X improvement in per-customer net incremental revenues. The following is a diagram of how DigitalBCG (Boston Consulting Group) was able to assist them. Source: Becoming The World’s Most Personalized Brand, DigitalBCG.
8. Getting personalization-at-scale right starts with a unified Customer Data Platform (CDP) that can use machine learning algorithms to discover new customer data patterns and “learn” over time. For high-achieving marketing organizations, achieving personalization-at-scale is their highest and most urgent priority based on Salesforce Research’s most recent State of Marketing survey. And McKinsey predicts personalization-at-scale can create $1.7 trillion to $3 trillion in new value. For marketers to capture a part of this value, changes to the mar-tech stack (shown below) must be supported by clear accountability and ownership of channel and customer results. Combining a modified mar-tech stack with clear accountability delivers results. Source: McKinsey & Company, A technology blueprint for personalization at scale. May 20, 2019. By Sean Flavin and Jason Heller.
9. Campaign management, mobile app technology and testing/optimization are the leading three plans for a B2C company’s personalization technologies. Just 19% of enterprises have adopted AI and machine learning for B2C personalization today. The Forrester Study commissioned by IBM also found that 55% of enterprises believe the technology limitations inhibit their ability to execute personalization strategies. Source: A Forrester Consulting Thought Leadership Paper, Commissioned by IBM, Personalization Demystified: Enchant Your Customers By Going From Good To Great, February 2020.
10. Successful AI-driven personalization strategies deliver results beyond marketing, delivering strong results enterprise-wide, including lifting sales revenue, Net Promoter Scores and customer retention rates. When personalization-at-scale is done right, enterprises achieve a net 5.63% increase in sales revenue, 10.26% increase in order frequency, uplifts in average order value and an impressive 13.25% improvement in cross-sell/up-sell opportunities. The benefits transcend marketing alone and drive higher customer satisfaction metrics as well. Source: A Forrester Consulting Thought Leadership Paper, Commissioned by IBM, Personalization Demystified: Enchant Your Customers By Going From Good To Great, February 2020.
CMOs and their teams rely on AI and machine learning to iteratively test and improve every aspect of their marketing campaigns and strategies. Striking the perfect balance between empathy and data-driven results takes a new level of data quality which isn’t possible to achieve using Microsoft Excel or personal productivity tools today. The most popular use of AI and machine learning in organizations is delivering personalization at scale across all digital channels. There’s also increasing adoption of predictive analytics based on machine learning to fine-tune propensity models to improve up-sell and cross-sell results.
AI can help retailers understand the consumer, Phys.org. January 14, 2019
Brei, Vinicius. (2020). Machine Learning in Marketing: Overview, Learning Strategies, Applications and Future Developments. Foundations and Trends® in Marketing. 14. 173-236. 10.1561/1700000065.
Conick, H. (2017). The past, present and future of AI in marketing. Marketing News, 51(1), 26-35.
Drift and Marketing Artificial Intelligence Institute, 2021 State of Marketing AI Report.
Huang, M. H., & Rust, R. T. (2021). A strategic framework for artificial intelligence in marketing. Journal of the Academy of Marketing Science, 49(1), 30-50.
Jarek, K., & Mazurek, G. (2019). MARKETING AND ARTIFICIAL INTELLIGENCE. Central European Business Review, 8(2).
Libai, B., Bart, Y., Gensler, S., Hofacker, C. F., Kaplan, A., Kötterheinrich, K., & Kroll, E. B. (2020). Brave new world? On AI and the management of customer relationships. Journal of Interactive Marketing, 51, 44-56.
Ma, L., & Sun, B. (2020). Machine learning and AI in marketing–Connecting computing power to human insights. International Journal of Research in Marketing, 37(3), 481-504.
McKinsey & Company, A technology blueprint for personalization at scale. May 20, 2019
Pedersen, C. L. Empathy‐based marketing. Psychology & Marketing.
Sinha, M., Healey, J., & Sengupta, T. (2020, July). Designing with AI for Digital Marketing. In Adjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization (pp. 65-70).
State of Marketing, Sixth Edition. Salesforce Research, 2020.
Bottom Line: Bad actors quickly capitalize on the wide gaps in machine identity security, creating one of the most breachable threat surfaces today.
Why Machines Are the Most Challenging Threat Surface To Protect
Forrester’s recent webinar on the topic, How To Secure And Govern Non-Human Identities, estimates that machine identities (including bots, robots and IoT) are growing twice as fast as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military) and IoT devices.
The webinar points out that one of the fastest-growing automation types is software bots, with 36% used in finance and accounting, 15% used in business line and 15% in IT. The webinar also points out that in 2019, there were 2.25 million robots in the global workforce, twice as many as in 2010 and 32% of global infrastructure decision-makers expect their firms to use robotic process automation (RPA) over the next 12 months.
According to the Forrester Consulting white paper, Securing The Enterprise With Machine Identity Protection, over 50% of organizations find it challenging to protect their machine identities today. Unprotected machine identities are making it easy for bad actors to take control of entire networks of devices. Bad actors rely on organizations’ bots to provide the cover they need to attack networks and devices, often undetected for months or years.
Forrester found that machine identities are left exposed to bad actors because organizations aren’t adopting the tools they need to create and manage a centralized Identity Access Management (IAM) strategy across all machines. This includes defining and enforcing policies, auditing each machine and endpoint and better integrating support across machines and monitoring systems.
Furthermore, by adopting a more modern Privileged Identity Management (PIM) approach, organizations could solve many of these challenges. Leading PIM solutions providers include Centrify, which has succeeded in adapting to the ephemeral nature of securing machine identities by delivering machine identity and credential authentication based on a centralized trust model.
The Forrester report’s bottom line is that machines are isolated, exposed and more vulnerable than any other endpoint on a network. The following graphic compares protection strategies and finds a majority of organizations struggling to deliver them:
Machine Identities Are Networks’ Weakest Security Link
According to a Venafi study, machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. Malware capable of compromising machine identities continues to gain momentum, doubling between 2018 and 2019 and growing 300% over the five years leading up to 2019. According to Kount’s 2020 Bot Landscape and Impact Report, 81% of enterprises are regularly dealing with malicious bots today and one in four say a single bot attack has cost them $500,000 or more. Furthermore, many organizations may not realize how many bots and machine identities they have – and bad actors capable of creating hundreds using automated scripting tools.
Forrester provided the following data points underscoring how vulnerable machines are to botnet and identity-based attacks today:
The 2017 Mirai botnet attack is a cautionary tale of the dangers of using default security credentials on machines and IoT devices. Using botnets to automate scans of vast blocks of IP addresses for potential telnet ports to log into, the Mirai botnets were programmed to rapidly try a series of basic usernames and passwords to gain access to IoT devices and machines. The Mirai botnets were successful, gaining control of thousands of machines and orchestrating them to deliver one of the largest DDOS attacks in history.
It’s common for enterprises to lose track of how many bots they’ve created, giving malicious actors the perfect cover to mask their movements. Instead of creating their bots, malicious actors look to disguise their movements across a network with a company’s bots. Forrester’s webinar mentioned how a large North American insurance provider deployed 400 software bots for customer-facing digital chatbots and processing claims, among other tasks.
There’s often no oversight of who has the rights to create and launch bots internally, leading to potentially thousands of bots without secured identities. One of the most troubling findings presented during the webinar is how loose the process is to create a bot – with no checks and balances in place or means of achieving consistent identity management.
How To Strengthen Machine Security
The more challenging any machine threat surface is to protect, the more opportunity it provides bad actors to breach them. A good place to start is by clarifying who owns keeping Transport Layer Security (TLS) and previous-generation Secured-Sockets Layer (SSL) client and server certificates, code signing certificates, Secure Shell (SSH) host and cryptographic keys so they are kept up to date. Letting those fall through the cracks will leave thousands of machines exposed and exploitable on networks.
Prioritizing machine identities and securing machine credentials is a must-have in 2021, as botnet attacks are quickly increasing due to bad actors’ being able to spin up thousands of them in days. The following are key steps to get started:
Taking a Zero Trust approach to managing every machine identity authentication on a network now could save thousands of hours and dollars in the future. Taking a least privilege access approach to managing machines now will pay off in the future, as the workloads of machines and non-human entities continue to grow more complex. The Forrester webinar expands on this point by explaining how new, more complex inter-machine relationships are evolving quicker than legacy approaches to endpoint governance and security can keep up.
Privileged access controls need to be more adaptive, secure and scalable than many organizations’ static-based approaches to securing machines are today. Forrester recommends replacing long-standing hardcoded credentials with session-based ones assigned via API calls from a vault. Machines are being used 24/7 and have access patterns completely different from humans using the network, making dynamically-assigned, ephemeral credentials even more important to protect a network. Privileged Identity Management (PIM) proves effective at providing privileged access controls for machine identities, with Forrester mentioning Centrify, HashiCorp and others as leaders in this area. Centrify’s approach is noteworthy in enrolling machines with its platform via a client to establish a trust relationship, so applications running on that machine can also be authenticated using a short-lived, scoped token.
Monitoring more machines on a network often leads to a transition from legacy to integrated log monitoring systems that can capture, analyze and report anomalous activity across a network. Log Monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real-time. AIOps is proving effective in identifying anomalies and performance event correlations in real-time, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform have proven successful in troubleshooting infrastructure problems and ensuring business continuity.
Perform periodic audits to track all bots and machines in use across an organization, using Microsoft Active Directory to inventory and manage all of them. One of the most valuable take-aways from the Forrester webinar is the need to manage machine identities and their credentials centrally. Forrester mentions Microsoft Active Directory as one option. The companies providing services in this area include Centrify, which pioneered Active Directory bridging to authenticate human and machine identities based on a centralized model from a single identity repository.
Machines, or as Forrester calls them in their webinar, non-human identities require more precise, adaptive and ephemeral identity structures and access controls. CISOs and CIOs need to take greater ownership of machine identity authentication and provide Identity Access Management (IAM) and Privileged Access Management (PAM) down to the bot and non-human identity level. With the exponential growth of malicious bots tracking machine identities, now is the time to place machine identities among the highest priority of any cybersecurity strategy in 2021.
The following ten charts will change your perspective of Microsoft Azure’s growth:
Intelligent Cloud delivered the highest operating income of all segments in the 2nd quarter at $6.4 billion or 36% of total consolidated operating income. This quarter, Microsoft’s success with indirect channel sales combined with more enterprise customers accelerating their cloud-first initiatives contributed to Intelligent Cloud leading all segments in operating income. The following is from the Q2, FY21 Earnings Call.
Synergy Research Group’s latest cloud market analysis finds that Amazon and Microsoft are over 50% of the global cloud provider market, with Microsoft reaching 20% worldwide market share for the first time. Q4, 2020 enterprise spending on cloud infrastructure services was just over $37 billion, $4 billion higher than the previous quarter and up 35% from the fourth quarter of 2019. Synergy Research notes that it has taken just nine quarters for the market to double in size.
63% of enterprises are currently running apps on Microsoft Azure, second only to AWS. Azure is narrowing the gap with AWS in both the percentage of enterprises using it and the number of virtual machines (VMs) enterprises are running on it. 6% of enterprises are spending at least $1.2 million annually on Microsoft Azure. Source: Statista and Flexera 2020 State of the Cloud Report, page 50.
2020 total cloud infrastructure services spending grew 33% to $142 billion from $107 billion in 2019, according to Canalys, with Microsoft’s indirect channel business fueling their 20% market share growth. Microsoft’s dominance of indirect selling channels is evident in the level of sales enablement, sales and technical support they provide resellers. Canalys’ Chief Analyst Alastair Edwards says that “organizations are turning to trusted business partners to advise, implement, support and manage their cloud journeys and articulate the real business value of cloud migration.”
19% of enterprises expect to invest significantly more on Microsoft Azure in 2021, leading all other cloud vendors this year. Microsoft Azure leads all vendors when compared to the percentage change in spending this year. It’s noteworthy that 61% of all enterprises interviewed expect to increase their investments in Microsoft Azure this year, second only to Microsoft SaaS software. Source: 2021 Flexera State of Tech Report, January 2021.
Microsoft Azure Stack is the second most-used private cloud platform by enterprises, with 35% of them currently running apps today. Azure Stack also leads all others in experimentation, with one in five enterprises, or 21%, currently in that phase of deployment. 67% of all enterprises interviewed in the 2020 Flexera State of the Cloud Report are either running Azure apps or are considering it.
Microsoft’s centerpiece for their intelligence investment is the Microsoft Intelligent Security Graph, which processes over 630 billion authentications across our cloud services each month. Microsoft relies on the Security Graph to gain insights into normal behavior, including sign-ins and authentications and abnormal behavior, including attempted bypasses to two-factor authentication. Microsoft blocks more than 5 billion distinct malware threats per month, providing a great deal of useful data to analyze endpoints across customers’ networks. Source: Microsoft CISO Workshop 1 – Cybersecurity Briefing.
44.5% of enterprises say Microsoft Azure is their preferred provider for Cloud Business Intelligence (BI). Azure is considered 27% more critical to an enterprises’ Cloud BI requirements and preferences than Amazon Web Services. It’s noteworthy that 96.5% of all enterprises have a preference for Microsoft Azure BI versus its main competitors, including Google Cloud, IBM BlueMix, or Alibaba.
Microsoft Azure is the leading IoT platform worldwide by end-to-end capabilities with a total score of 276 according to Counterpoint Research. According to the methodology Counterpoint used for ranking IoT platforms, Microsoft Azure is considered a global leader in edge data processing, an increasingly important feature of IoT platforms worldwide. The ability to deliver IoT capabilities from the cloud to the edge helped Microsoft’s platform rank high in this category. Source; Statista and CounterPointResearch.com.
Microsoft Azure is the foundation for a Digital Supply Chain Platform that integrates supply chain partner, corporate, data & advanced analytics platforms and supply chain core transaction systems. The ongoing pandemic is putting continued pressure on supply chains. Most manufacturing executives say that employee safety, data security, remote worker access, supply chain visibility and insights visibility are high priorities. In response to these market needs, Microsoft Supply Chain (MSC) was created on the Azure platform. The diagram below explains how Azure is integral to the Digital Supply Chain platform.
43% of enterprises say their AI and Machine Learning (ML) initiatives matter “more than we thought,” with one in four saying AI and ML should have been their top priority sooner.
50% of enterprises plan to spend more on AI and ML this year, with 20% saying they will be significantly increasing their budgets.
56% of all enterprises rank governance, security and auditability issues as their highest-priority concerns today.
In just over a third of enterprises surveyed (38%), data scientists spend more than 50% of their time on model deployment.
Enterprises accelerated their adoption of AI and machine learning in 2020, concentrating on those initiatives that deliver revenue growth and cost reduction. Consistent with many other surveys of enterprises’ AI and machine learning accelerating projects last year, Algorithmia’s third annual survey, 2021 Enterprise Trends in Machine Learning finds enterprises expanding into a wider range of applications starting with process automation and customer experience. Based on interviews with 403 business leaders and practitioners who have insights into their company’s machine learning efforts, the study represents a random sampling of industries across a spectrum of machine learning maturity levels. Algorithmia chose to limit the survey to only those from enterprises with $100M or more in revenue. Please see page 34 of the study for additional details regarding the methodology.
Key insights from the research include the following:
76% of enterprises prioritize AI and machine learning (ML) over other IT initiatives in 2021. Six in ten (64%) say AI and ML initiatives’ priorities have increased relative to other IT priorities in the last twelve months. Algorithmia’s survey from last summer found that enterprises began doubling down on AI & ML spending last year. The pandemic created a new sense of urgency regarding getting AI and ML projects completed, a key point made by CIOs across the financial services and tech sectors last year during interviews for comparable research studies.
83% of enterprises have increased their budgets for AI and machine learning year-over-year from 2019 to 2020. 20% of enterprises increased their budget by over 50% between 2019 and 2020. According to MMC Ventures’ The State of AI Divergence Study, one in ten enterprises now uses ten or more AI applications with chatbots, process optimization and fraud analysis leading all categories. A recent Salesforce Research report, Enterprise Technology Trends, found that 83% of IT leaders say AI & ML is transforming customer engagement and 69% say it is transforming their business. The following compares year-over-year AI and ML budget changes between FY 2018 – 2019 and FY 2019 – 20.
Improving customer experiences to drive greater revenue growth and automating processes to reduce costs are the two most popular use cases or application areas for AI and ML in enterprises today. It’s noteworthy that seven of the top 20 use cases are customer-centric, nearly half of all use cases tracked in Algorithmia’s survey. 46% of enterprises are using AI & ML to combat fraud, which will most likely grow given the growth and severity of breaches, including the SolarWinds cyberattack. Capgemini’s recent study of AI adoption in cybersecurity found network, data and endpoint security are the three leading use cases of AI in cybersecurity today, with each predicted to get more funding in 2021, according to CISOs interviewed for the report.
AI and ML business cases that provide greater customer revenue growth, reduced costs and greater financial visibility have the highest priority of being funded inside any enterprise today. The combination of improving customer experiences, automating processes (to reduce costs) and generating financial insights (for greater financial visibility) is the ideal combination for getting a proof of concept started for an AI or ML project. The proliferation of AI and ML use cases shown in the graphic below is attributable to how each contributes to enterprises achieving a tangible, positive ROI by combining them to solve specific business problems.
According to Burning Glass Technologies, the two tech job skills paying the highest salary premiums today and in 2021 are IT Automation ($24,969) and AI & Machine Learning ($14,175).
The average salary premiums for the most in-demand tech skills range from $4,204 to nearly $25,000.
Startups valued at $1 billion or more are 33% more likely to prioritize one or several top ten tech job skills in their new hire plans versus their legacy Fortune 100-based competitors or colleagues.
These and many other fascinating insights are from Skills of Mass Disruption: Pinpointing the 10 Most Disruptive Skills in Tech, Burning Glass Technologies’ latest research study published earlier this month. Their latest study provides pragmatic, useful insights for tech professionals interested in furthering their careers and earning potential. Burning Glass Technologies is a leading job market analytics provider that delivers job market analytics that empowers employers, workers and educators to make data-driven decisions.
Using AI To Find The Most Valuable Job Skills
Using artificial intelligence-based technologies they’ve developed, Burning Glass Technologies analyzed over 17,000 unique skills demanded across their database of over one billion historical job listings. The study aggregates then define disruptive skill clusters as those skill groups projected to grow the fastest, are most undersupplied and provide the highest value. For additional details regarding their methodology, please see page 8 of the report.
The research study is noteworthy because it explains how essential acquiring skills is to translating new technologies’ benefits into business value. They’ve also taken their analysis a step further, providing technical professionals with additional insights they need to plan their personal development and careers.
Key takeaways from their analysis include the following:
IT Automation expertise can earn technical professionals a $24,969 salary premium, the most lucrative of all tech job skills to have in 2021. Burning Glass Technologies defines IT Automation as the skills related to automating and orchestrating digital processes and workflows. Six of the ten job skills are marketable enough to drive technical professionals’ salaries above $10,000 a year. At an average salary uplift of $8,851, proactive security (cybersecurity) job skills’ market value seems low. Future surveys in 2021 will most likely reflect the impact of the SolarWinds breach on demand for this skill set. The following graphic compares the average salary premium by tech job skill area.
Software Dev. Methodologies (DevOps) expertise is the most marketable going into 2021, with 634,600 open positions available in North America based on Burning Glass Technologies’ analysis. Employers initiated 1,714,483 job postings requesting at least one disruptive skill area between December 2019 and November 2020. With each skill predicted to grow at least 17%, technical professionals have several lucrative options for their personal and professional development plans. The following graphic compares job openings by skill areas for the time frame of the study:
Quantum Computing, Connected Technologies, Fintech and AI & Machine Learning expertise are predicted to be the fastest-growing tech job skills in 2021 and beyond. Demand for technical professionals skilled in building and optimizing quantum computers and their applications will be in high demand for the next five years based on the study’s findings. Connected Technologies refers to skills related to the Internet of Things and connected physical tools and the telecommunications infrastructure needed to enable them. Fintech skills are related to technologies, including blockchain and others, that make financial transactions more efficient and secure. The following graphic compares the top ten tech job skills predicted to grow the fastest in 2021.
AI & Machine Learning, Cloud Technologies, Parallel Computing and Proactive Security (Cybersecurity) are the most distributed across industries, translating into more diverse job opportunities for technical professionals with these skills. Professional Services leads all industries in demand for nine of the ten tech job skills, except Parallel Computing, the most in-demand skill in Manufacturing. Factors contributing to Professional Services leading all industries in demand for technical job skills include the following factors. First, their business models need to continue pivoting fast to stabilize during the pandemic. Second, better risk and compliance controls of remote operations are urgently needed. Third, better visibility into services costs across all systems to ensure financial reporting accuracy is a must-have, according to the CFOs I spoke with regarding the survey results. The following graphic compares demand for tech skills by industry sector.
Demand for AI and Machine Learning skills is growing at a 71% compound annual growth rate through 2025, with 197,810 open positions today. Technical professionals with job skills in this area see salary premiums of $14,175. Top positions include Data Scientist, Software Developer, Network Engineer, Network Architect, Data Engineer and Senior Data Scientist.
Positions requiring IT Automation job skills are predicted to grow 59% over the next five years and have 282,380 positions open today. Besides being the most lucrative job skillset to have, IT Automation job skills lead to positions including Software Developer, DevOps Engineer, Senior Software Developer, Systems Engineer and Java Developer or Engineer.
According to BDS Analytics, the Covid-19 pandemic drove retail sales up 35% above industry forecasts, accelerated by cannabis businesses being declared “essential” for medical purposes in virtually every U.S. legal market.
Fueled by strong consumer demand, annual legal (medical and adult-use) sales are projected to grow at a compound annual growth rate (CAGR) of 21%, to reach more than $41 billion by 2025 (from $13.2 billion in 2019), according to New Frontier Data.
BDS Analytics predicts that the U.S. Cannabis Industry will generate $20.8 billion in direct spending in 2021 and $39.6 billion in total economic contribution after factoring its indirect economic effects.
Bottom Line: With an average yield per acre of $1.1 million, legal cannabis agriculture dwarfs all other crops in revenue potential while also providing the resources needed to fund AI-based monitoring to improve yields and security.
Cannabis’ value per acre dwarfs all other crops being produced in North America today, prompting every commercial grower to consider how they can improve yields further while securing their crops on a 24/7, virtual basis. Recent studies by the USDA, The Rand Corporation, and the Marijuana Cultivators of Oregon find that at an average price of $1,948 per pound at Colorado prices, an acre of marijuana can yield more than $1.1 million per acre. The studies compared the most widely grown crops in the U.S., including corn, soybeans, oats, and wheat, which all yield less than $1,000 per harvested acre. The following graphic from New Frontier Data illustrates how profitable an acre of marijuana is to cultivate than other crops.
Using AI to Protect & Grow a Cash Crop
AI and machine learning-based techniques based on real-time monitoring data are an integral part of today’s innovation in cannabis farm management. Supervised machine learning algorithms capable of identifying patterns and sequences in imagery from thermal, infrared, and night vision cameras in real-time can help identify diseases affecting plants early. Identifying and alerting farm staff of a breach or break-in by an animal or person is possible using AI-based smart monitoring systems.
The more advanced a smart monitoring system is in its use of machine learning and real-time monitoring integration, the more effective it is in spotting anomalous activity. Over time, the best AI-based remote monitoring and surveillance systems “learn” or begin to identify recurring patterns in data. Cannabis farms rely on AI and machine learning to identify which techniques for improving yield rates by specific fertilizer treatment produce the most flowers and overall yield per acre.
The following are ten ways AI is being used for improving cannabis yields and security:
Monitoring real-time video feeds of remote cannabis fields using machine learning-based surveillance systems can identify a breach by an animal or human then send an alert immediately. Given how valuable a single acre of cannabis is to a farm, knowing in real-time if there’s been an attempted breach or break-in can save thousands of dollars in potential crop damage and theft. Federated cannabis farms with multiple remote locations are starting to use AI and machine learning-based remote monitoring to secure their operations. Machine-learning based video surveillance systems can be programmed or trained over time to identify employees versus unknown people and easily spot animals attempting to break into a field. The following image from Twenty20 Solutions illustrates how machine learning is used for identifying activity at a remote location:
Reducing the dependence on onsite security guards alone and gaining a 24/7, 365-day monitoring view of each grow and farm site. Instead of relying only on onsite security teams to monitor video feeds in real-time, cannabis growers turn to AI and machine learning-based surveillance to isolate the most anomalous or unexpected events given the pattern of previous activity on a site. Reducing the cost and insurance liability of having security teams on site is one of the most significant benefits of relying on a cloud-based remote monitoring system that can interpret and provide alerts based on real-time data.
AI-based surveillance monitoring systems can prepare activity reports in minutes for state and federal auditors, saving farmers and administrative staff thousands of hours a year getting the data together for audit teams. Using machine learning and advanced video analytics, growers and their staff can prepare for state and federal audit reports in minutes instead of the many hours needed in the past.
Helping to keep licensed cannabis growers in compliance by providing a 24/7, 90 day or longer video history of all activities at their farms keeps them in compliance with state regulatory requirements. Included in several states’ requirements are the specific requirements for video footage access, video archiving, access requirements, how cameras are placed, and how quickly video footage can be accessed. State regulatory agencies are initiating audits of licensed cannabis growing facilities in 2021. All states require video footage to be archived, yet 72% of cannabis operators fail to comply with security and surveillance requirements, according to a recent study by the Brightfield Group:
California regulations require that all video recordings from surveillance be saved 90 days or longer.
Washington requires all video recordings to be archived for a minimum of 45 days.
Oregon requires licensed cannabis growers to retain 24/7 video for 90 days with a minimum of 1.3mp per camera at 10fps. The exterior is 5fps.
Cannabis farms often experiment with new fertilizers and plant treatments on a pilot acre to see if they achieve the expected results, and machine learning-based analysis of video stream data helps track results. Agricultural improvements in cannabis farming continue to accelerate as medical and leisure demand continues to grow exponentially. For example, a cannabis grower will often begin planting in the May/June timeframe to achieve a density of up to 4,000 plants per acre. Taking the real-time data stream infrared and thermal cameras of the acre will quickly tell growers how effective their new fertilizer and plan treatments are. Using the data from their monitoring system, the growers will expand the treatment to their entire farm, often over 40 to 50 acres in size.
Monitoring every access point to a facility with video surveillance 24/7 combined with sound recording can prove invaluable in stopping a break-in before it happens. Every entrance to a cannabis farm needs to be considered a primary threat vector if the farm will stay safe. Advanced remote monitoring and surveillance systems can provide video analytics that correlates sound, video, and status of infrared and thermal cameras, which together can help identify potential break-ins. And with real-time alerts, farm staff can take action immediately even if they aren’t onsite.
A few of the largest cannabis growing companies are experimenting with advanced video analytics combining infrared and thermal camera technologies to monitor insects and rodents’ impact on yield rates. Real-time video feeds are being digitally analyzed using advanced video analytics techniques by the largest cannabis farms today to find out how effective pesticides, insect, and rodent deterrents are at protecting their cannabis crops.
When a surveillance system is cloud-based, it is possible to access any farm or cannabis sites’ real-time video feeds, history of alerts, and advanced video analytics from any browser-based device at any time. Remote monitoring systems that are cloud-based often provide much greater flexibility in viewing, analyzing, and sharing monitoring data than their on-premise system counterparts. Any device with a browser can access the platform’s reporting features and know what is going on at a remote farm or cannabis production facility.
AI-based remote monitoring systems can also identify potential safety hazards to workers and reduce workplace injuries and potential liability litigation. Using advanced pattern matching supported by supervised machine learning algorithms, cannabis growers can identify when workers in high-risk roles are at risk of getting hurt while on the job. All cannabis facilities in the U.S. continue to have the requirement of everyone wearing a face shield and masks for the site to stay in compliance with CDC guidelines. Remote monitoring systems can tell immediately which work teams need coaching to remain in compliance.
Define access privileges across a farm facility by the level of access every employee needs to do their job, which is especially useful for new hires. New hires often start in the field and don’t need access to the front offices or the accounting department, for example. One of the most challenging aspects of running a cannabis business is cash management. Using an AI-based surveillance and monitoring system integrated into the local security system and intelligent locks, employees are provided the level of access they need on the first day to be productive.
Bottom Line: Cyberattacks enter a new era of lethal impact when threat actors are sophisticated enough to compromise SolarWind’s software supply chain with infected binary code while mimicking legitimate protocol traffic to avoid detection.
To gain greater insights into the SolarWinds breach, its implications on cybersecurity strategy in the future and what steps enterprises need to take today, I contacted Andy Smith, Cybersecurity Evangelist and an industry expert with Centrify. He explained the attack’s specifics, referencing the Cybersecurity and Infrastructure Security Agency’s (CISA) Alert AA20-352A, which details how sophisticated the attack is, citing the sobering fact that it is unknown if all attack vectors are identified. Active since at least March 2020, the advanced persistent threat (APT) has been identified by FireEye, SolarWinds, Microsoft and several other cybersecurity firms.
SolarWinds’ Security Advisory lists 18 known products that have been affected by the attack, including their Application Centric Monitor (ACM), Server Configuration Monitor (SCM) and Network Performance Monitor (NPM). Earlier this month, SolarWinds says the malicious code may have been delivered to nearly 18,000 customers.
Insights Into The SolarWinds Hack
Interested in dissecting the hack from a cybersecurity standpoint, I spent some time investigating the SolarWinds hack with Andy, a leading authority on Identity and Access Management (IAM), particularly around securing and managing privileged access credentials. The following is my interview with Andy:
Louis: There have been large-scale breaches before; why is this particular cybersecurity attack getting so much attention? Why is it so enormous?
Andy: What’s interesting about this particular attack is a couple of things. It follows a very traditional cyber-attack kill chain as many attacks, but the start of this one is impressive. Usually, there’s a vulnerability that allows threat actors to get into the network. What’s unique about this is the initial vulnerability is in vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code.
The exposure to federal agencies and the attackers’ focus going after emails is especially troubling. It appears like it’s a nation/state-related incident that always heightens the exposure and is another reason it’s so large in scale. Some tools that FireEye uses for Red Team evaluation of people’s networks got exposed, so now those tools are in the hands of threat actors to do nefarious activities with them.
That’s one aspect of this hack that makes it remarkable, as sophisticated tools from FireEye are in nefarious actors’ hands. That’s one reason it’s enormous: you just gave something that was being used for good to threat actors intent on gathering as much intelligence across a supply chain of customers as they can.
Louis: How are the cyber-attack methods used in the SolarWinds hack particularly unique?
Andy: It follows a very common cyber-attack kill chain we’ve seen at Centrify for years. We ran the Anatomy of a Hack webinar earlier this year and it always starts with that initial vulnerability and getting in. What’s unique was this case is that the initial vulnerability wasn’t just, “Hey, I phished somebody’s password and logged in.” It was a vulnerability in the software build process for SolarWinds. So that’s a bit unique about how that initial vulnerability was there.
Still, once the attackers are in, the breach starts to look very traditional in the sense that they settle in, sit there for a while, scan the network, move laterally in that environment and hunt for privileged access.
All those things happened precisely by the people who investigated and then you find the data you’re going after. In some cases, it’s been software, as is the case with FireEye, or email servers, as is the case with government agencies. Attackers are patient and they wait to extract the data and then cover their tracks.
Louis: You and many others are an advocate of a layered approach to security. What is that and how would it have helped in the SolarWinds case?
Andy: For me, the biggest takeaway of this hack is that a layered approach to security is the way to go in the future in light of this hack’s sophistication. There’s no silver bullet to stop a hack this sophisticated, though. No one strategy or approach could have prevented it.
When you investigate this attack, it is pretty sophisticated and has multiple vectors to it and one has to assume there will be certain threat vectors compromised. That initial vulnerability will be there and you need those layers of security to prevent it, so you need to look at preventive controls, predictive controls and detective controls. All those need to be combined into a single, unified strategy.
For every organization looking at this hack and considering how future attacks of this sophistication will impact them, it’s a good idea to use this event as a way to get your board and executives thinking about a more resilient, hardened multilayer approach and not relying on a single solution to protect you. I see organizations using this opportunity to evaluate how a layered approach will work for their projects when it might not have been feasible to fund in the past.
It’s an extreme attack that shows how vulnerable the exposures are out there. It’s a good time to shore up your defenses. The Federal Information Processing Standard 200, or FIPS 200, the standard offers excellent guidance, including discussing the different types of layers and controls available today. Minimum Security Requirements for Federal Information and Information Systems defines the minimum security controls for federal information systems and the processes by which risk-based selection of security controls occurs.
If you dig into the National Institute of Standards and Technology (NIST) Special Publication 800-53, that gets a little deeper into the particular cyber controls you have in place. There is guidance available. You’re not out there on your own about what the layers should be and you can evaluate yourself against these standards.
Louis: What are some layers specific to privileged access management? Are there any particular PAM best practices that enterprises should be thinking about right now?
Andy: Absolutely and I’ll start with Privileged Access Management (PAM), which is one of the core layers. Investigations into this hack found specific evidence where they got in and created new accounts with elevated privileges to access data. It’s all over this.
We typically state the Forrester stat that 80% of hacks involve compromised privileged access. This SolarWinds example is no exception: that’s what happened.
Additional points to keep in mind include the following:
Before our interview, we talked about how vulnerable passwords are and how using the company’s name, followed by 123, is not a good idea – that ties into going pro with preventive controls rather than just relying on a password. That’s a perfect example of what not to do. Organizations can design preventive privileged access controls and detective controls and both are typically provided in Privileged Access Management solutions. Best practices call for multiple preventive controls – strong passwords, multi-factor authentication, password rotation, maybe use a federated credential and have privileged users log in as themselves for better auditing and accountability.
Rethink enterprise cybersecurity from a preventive control perspective that includes least privileged access. Simplistic preventive controls aren’t enough, as the sophistication of this hack shows. Preventive controls need to be strengthened with least privilege. The account creation process needs to provide as little privilege as possible to the server level. Workflows to request additional access need to be used to provide resources for a predefined period. If these types of controls had been in place, malicious code disguised in executable files and dynamic linked libraries would not have traveled as far down the supply chain.
Lastly, even if threat actors get through or you don’t have enough of those layers in place, you want detective controls. PAM solutions should have audit capabilities that watch what privileged users do. In the financial markets, there are things like the “four-eye principle,” where people are watching what other people are doing and so you can watch a privileged session in real-time and verify what users are doing. Of course, all that’s audited in the recording. You can send that information off to a SIEM to be correlated with other data to look for compromise indicators. Recent articles I’ve read pointed out the attackers were in the FireEye network for months before being detected. FireEye detected that they had been attacked thanks to detective controls.
Louis: The SolarWinds attack seems to have rejuvenated the case for Zero Trust. How can companies adopt a Zero Trust mindset and take stock of their security layers today?
Andy: Definitely and I see organizations accelerate their Zero Trust initiatives today. Organizations can get started on their Zero Trust frameworks by reviewing the FIPS and NIST publications. Review the layers of your security stack with a Zero Trust mindset. Don’t configure your network to trust someone just because they gained access. That’s how these attackers got in, laying in the network for plenty of time. Zero Trust says, “Don’t trust that authenticated network access. That could still be a compromised credential or a threat actor,” and this is a perfect example of that. This is why Zero Trust is critical: just because they’re on your network doesn’t mean they’re trustworthy.
The concept of least privilege, of authenticating at each step, introduces segmentation. When I give access, it’s just to that machine or that service that I need access to and not broad access across the network a network segment. That’s how you prevent that lateral movement. A Zero Trust mindset that Zero Trust philosophy of security is critical in this case.
Louis: What do you think will happen from the perspective of micro-segmentation and how does this hack change the balance of security relative to ongoing operations of a business?
Andy: I think it’s another evidence of our current breach culture and brings forth more awareness. More and more, events like this will make cybersecurity a higher priority in an organization – one essential to excel at to keep a business operating. So from that perspective, it is a business enabler.
If you do it right, you can start to do things like moving to the cloud and start to do things that make you more agile. The more we can think of security as a business enabler instead of a business blocker, the better we are. Taking the lessons learned from this hack and using them to create a more resilient, hardened organization is a start.
80% of hacks involve the use of compromised privileged credentials and this one is no exception. An important layer of control is Privileged Access Management (PAM) solutions such as Centrify, which typically involve predictive, preventive and detective controls.
In the end, it is security layers and vigilance that make the difference in minimizing the impact of a breach. NIST’s guidance can be constructive in cybersecurity planning, which can also be informed by Zero Trust’s principles. Remember, it’s not a question of if you will be hacked. It’s a matter of when and what you can do to limit the impact through layers.
Glassdoor shows 3,937 companies in the middle of a hiring surge during Covid-19, 960 of which are in information technology.
Leading software companies going through a hiring surge right now include Aha! Software, Appen, Clevertech, CrowdStrike, Datadog, Dataiku, Fastly, Hashicorp, Leidos, Liveops, Netskope, Proofpoint, Rackspace, Zapier and Zendesk.
Modern Tribe, Dataiku, Zapier, PartnerCentric, Slack, Fuse, ScienceLogic and SAP are the highest rated companies by their employees on Glassdoor who offer remote jobs today.
Between Glassdoor, Indeed, LinkedIn and Monster, there are over 16,500 open remote-based software technical professional jobs available today. Companies with open, remote-based solutions include Aha!, Box, Cloudera, DemandBase, Jobot, Red Hat, NTT Data, Salesforce and many others.
GitLab alone has 79 remote full-time positions open today and is widely considered a leader in creating a productive, positive remote working culture, with 88% of employees saying they would recommend the company to a friend.
These and many other useful insights are based on comparing the leading tech companies who offer remote, work-from-home job positions by their Glassdoor scores. Leading tech companies are ranked on the percentage of employees who would recommend their company to a friend and the percent of employees who approve of the CEO. The total number of open job positions by company is in the third column of the table. Hiring companies of note include the following:
PowerToFly has had an impressive growth year and is the go-to remote job search engine for women professionals. The company was launched in 2014 by Milena Berry and Katharine Zaleski to connect Fortune 500 companies, startups and growing companies with women looking to work for businesses that value gender diversity and inclusion. PowerToFly’s number of available remote jobs has soared from 994 earlier this year to over 2,500 open remote positions today. 94% of employees would recommend working at PowerToFly to a friend and 93% approve of their CEOs.
Angelist has 2,700 enterprise software-related remote positions on their website today with companies including Auth0, Arctic Wolf Networks, Confluent, Couchbase, HackerOne, Slack, MindTickle, MongoDB, Sendoso, Tanium and many others.
FlexJobs has 5,566 remote-based software jobs that include full-time, part-time and freelance positions. Open positions include Senior Software Engineers, DevOps Engineers, Product Managers, Project Managers, Full Stack Developers and more.
Working Nomads site currently has 11,216 remote, work-from-home development jobs advertised. There are also 2,021 marketing, 1,922 management, 1,873 system administration, 1,592 design and 1,164 sales remote, work-from-home job postings.
Bottom Line: Cybersecurity CEOs’ lessons learned from navigating the pandemic provide a valuable framework for leading and growing a business through anxious, uncertain times.
How each cybersecurity CEO responds to the challenges of keeping employees safe, customers secure and product release cycles on schedule while still achieving customer success – all virtually – provide valuable insights into leading a company during difficult times. Simon Biddiscombe, former CEO of MobileIron (acquired by Ivanti), exemplifies the empathy all CEOs interviewed have for their employees’ welfare. “My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an “always-on business” for our customers,” Simon mentioned during a recent interview.
What made leading during the pandemic even more difficult was the exponentially increasing number of breaches and cyberattacks their customers are experiencing. McAfee Labs Covid-19 Threats Report found a 630% increase in cloud services cyberattacks between January and April of this year alone. The FBI estimates cyberattacks are up 400% due to the pandemic. As DevOps teams fast-track new features and releases, CEOs keep their virtual organizations cohesive and focused on the same goals.
The following cybersecurity CEOs provide their most valuable lessons learned leading through the pandemic:
Christy Wyatt, CEO of Absolute Software
Absolute is a leader in Endpoint Resilience solutions and the industry’s only undeletable defense platform embedded in over a half-billion devices. Enabling a permanent digital tether between the endpoint and the enterprise who distributed it, Absolute provides IT and Security organizations with always-connected visibility and Self-Healing Endpoint security.
“What are the most valuable lessons learned leading through a pandemic?”
There was a clear moment for us where we said, “What is our objective? What is the best response to this?” And the phrase that came out was, “How can we help?” We knew our primary focus needed to be helping our customers solve a massive problem, instead of monetizing this opportunity. Making this decision to come together as a mission-driven organization… that was so incredibly powerful.
Even as life was changing drastically between breakfast and dinner every single day and employees were navigating their own work-from-home journeys and trying to care for their families, what we heard was that this ability to contribute was the thing that they were hanging onto. They were able to say, “Listen, I’m getting up every morning and I’m helping organizations with something that’s really scary and unfamiliar.” And, they did remarkable things… these teams put themselves through so much to help our customers stand up remote work and learning environments essentially overnight.
I always say you don’t win the race when you’re in the race. It’s the training and the practice, and the talking,and the drills and the teamwork… which we had been working on long before the pandemic hit. So I think my biggest takeaway is that if you put in the training upfront and you focus on doing the right things, the right things will happen. And you really can achieve more than you thought you could.
Flint Brenton – President and CEO of Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale. Centrify Identity-Centric PAM establishes trust and then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility and reduces risk, complexity and costs for the modern, hybrid enterprise.
“What are the most valuable lessons learned leading through a pandemic?”
“Our customers and the people they serve are all going through rapid change. When you look at the concept of digital transformation, a lot of companies were struggling with that before the pandemic. Now we know that we can’t live without it. The role of the developer is more important than ever and they are driving innovation in a very different environment than they’ve ever experienced.
One of the most valuable lessons I’ve learned during the pandemic is that no matter what the obstacles are, people need connection. For a company like Centrify, that means we need to be connected to our customers intellectually, strategically, virtually and – eventually – physically.
An example of this was very clear recently, as we engaged in discussions with one of the world’s largest financial institutions to replace their existing password vaulting solution. They have a vision for where they want to be, how they are going to get there and how they are going to secure that transformation. But they need the right partner who not only has the technology capabilities and architecture for a cloud-focused, DevOps-drive, digitally-enabled enterprise, but also to understand their vision and be invested in their success.
So the CIO asked me to personally track the rollout of our product against their product enablement success and he was very interested in how our vision of Privileged Access Management will converge with cloud security, DevOps and other modern technologies and empower their vision and plan. Ultimately, he wanted connectedness. He wants a personal relationship built on understanding, honesty and accountability, even if that relationship can’t be forged and nurtured over a dinner or meeting in a conference room.
That’s the biggest lesson I’ve learned leading this year: that customers, employees, partners and peers want to be connected any way possible, even if they can’t do so in close physical proximity yet.”
Steve Havas, CEO of Evernym
Evernym is a pioneer in the field of verifiable credential technology, which gives individuals control over their digital identity and organizations the ability to trust and verify their data. Evernym builds and deploys self-sovereign identity solutions, with the technology and go-to-market resources powering the largest implementations of digital credentials in production.
“What are the most valuable lessons learned leading through a pandemic?”
The pandemic has been, to say the least, impactful on society and our business. The market changes have required ruthless listening to customer needs and absolute focus on delivering what’s needed today.
We’ve all anticipated a gradual convergence of the digital and physical worlds, but that timeline has been accelerated by the sudden rise in remote work/education and contactless identity verification. We’re fortunate that this is the future we’ve been building toward, although we would have never imagined many of the COVID-19 credential use cases that are now mission-critical for our customers. It’s certainly been a lesson in adaptability and prioritization.
Benji Markoff, CEO of Founder Shield
About Founder Shield
Founder Shield is a tech-enabled insurance brokerage, focusing on rapidly growing businesses that operate in emerging industries. As a broker, we have a unique perspective of protecting our clients against cyber threats and guiding them to recovery should their fall victim. We work with forward-thinking insurers using proprietary cyber risk management tools, while also offering the most innovative insurance coverage possible.
“What are the most valuable lessons learned leading through a pandemic?”
People say that fortunes are won and lost in times like these and it certainly appears that hackers & social engineering fraudsters have gotten that memo. Over the past 6 months, we’ve seen an increase in both hacking and social engineering attacks on clients of all shape and size $5M Revenue to $500M revenue. The reports suggest that working from home has only increased vulnerabilities of company networks (or lack thereof as employees use home networks) and the ability to induce fraudulent payments from employees who might not be able to lean over to a coworker to fact check a fishy invoice. The valuable lesson? Do a cyber audit and make sure you’re training your team on spotting social engineering and phishing scams.
Anand S – CEO at Gramener: Insights as Data Stories
About Gramener: Insights as Data Stories
Gramener is a data science company that helps solve complex business problems with compelling data stories using insights and a low-code analytics platform. We help enterprises large and small with data insights and storytelling by leveraging Machine Learning, Artificial Intelligence, Automated Analysis and Visual Intelligence using modern charts and narratives (NLG). Our Gramex platform is a low-code framework to rapidly build engaging data solutions across multiple business verticals and use cases. Our products have empowered CXOs, Chief Data Officers, Scientists, Business Analysts and others save millions of dollars by making an impact on revenue and decision making. Gramener was founded in 2010 and has over 325+ clients worldwide, 200+ employees and 5 offices globally including the United States and Singapore.
“What are the most valuable lessons learned leading through a pandemic?”
As an SMB we leaned more towards cost optimization over premium cybersecurity tools and services, resulting in ring-fencing our office infrastructure more. Due to COVID-19, when we moved 100% remote, our cybersecurity controls fell short to defend us against external threats. We had to extend the security protocols like moving all work to Virtual Desktop Infrastructure (VDI), strengthen VPN tunnel security, implement 2FA for all logins, opt for more security services from our Cloud service provider.
We accelerated digitization across operations and increased spending in Cloud security and production application security. We are revisiting our current approach and playbooks for cybersecurity.
– We are evaluating the current 3rd party service providers offering and reevaluating if they still have same level security controls in place at their end
We are conducting an accelerated implementation of Data Security protocols across the organization and not just on client specific projects. This includes updates to Information Security Policy around Data classification, Data tracking and protection.
With 100% remote operations, we are moving to VDI for all production and critical services. This means access to all data is through dedicated VPN Tunnels only. This is to mitigate any exposure to data from folks working at home.
– Our Virtual Desktop Infrastructure allows our IT teams to protect client sensitive data to a restricted cloud environment. All the tools and 3rd party cloud services required by our team members to perform their tasks are provided in the VDI. No data can be extracted or moved from VDI instances.
– All internal company data around operations, team members, Intellectual Property are a prime target for cyberattacks and ransomware. We have moved to a secure VPN tunnel architecture for all our team members to access company internal systems. Earlier this was restricted to a small group of functions. By mandating access via secure VPN tunnel our IT team has centralized visibility of all traffic across the network and can intervene quickly against any potential threats.
We are mandating 2FA. Earlier employee convenience led to not mandating 2FA for all our services. Now 2FA has been made mandatory across all services.
In order to optimize costs, we are consolidating tools used in the organization to identify overlapping functionalities and getting rid of those which are no longer required.
Apu Pavithran, founder and CEO of Hexnode
Hexnode MDM is the award-winning Unified Endpoint Management platform from Mitsogo Inc. The company has been helping organizations in over 100 countries to stay agile and competitive in an increasingly mobile world. Mitsogo Inc. is a leading provider of Endpoint Management and security solutions. From SMBs to Fortune 500s, enterprises of all sizes have leveraged Mitsogo’s prowess in device management to drive business productivity and compliance. Mitsogo’s solutions adapt to the most complex of business environments.
“What are the most valuable lessons learned leading through a pandemic?”
Navigate the path, trust your crew
Being a CEO, as lucrative as it may seem has its own little big challenges, for example, they don’t tell you that there are no off days. There are always thousands of choices to be made and tons of pathways to be chosen, but the absolute worst thing comes when we face an uncertainty that was never on the radar.
And when the pandemic hit, the team needed support more than ever, I had to switch through the roles of commander in chief, therapist, cheerleader and even at times a babysitter. After all, you have to be the rock for your employees, or else it shows. But fortunately, I was so lucky to be surrounded by like-minded people who are as passionate as the founder about our business and customers.
We had to establish a fully remote work landscape and it was not what we would have expected, it was at a time when everyone was very insecure about COVID-19. People were worried about their safety, the safety of their families and work started to slip into second gear, some of us were even having mental breakdowns. It was time to be the person that the team could look up to.
“Customer is king”, is a tired old saying but that is what Hexnode live by, we had a commitment towards our clients, so we had to provide uninterrupted service for them rain or shine. So, we made a decision that would be deemed “mad “from a financial standpoint.
We rented out hotel rooms and made guesthouses for each of our employees around the globe and ran security and screening protocols equivalent to that of hospitals. Soon the stress levels were back to normal and the team started to enjoy the atmosphere. Productivity became better than pre-COVID levels.
As a leader, your team should be able to trust that you’re going to do everything in your power to navigate them through this tough time. The greatest asset for every business is said to be “finding the right staff”, but I would say it is “how you create the right staff”. The most valuable lesson l learned during this pandemic is “When the crew is great you just have to navigate, they will pull through all the tides and storms coming your way. They always do”.
Brad Wiskirchen, CEO, Kount
Kount’s Identity Trust Global Network delivers real-time fraud prevention and account protection and enables personalized customer experiences for more than 9,000 leading brands and payment providers. Linked by Kount’s award-winning AI, the Identity Trust Global Network analyzes signals from 32 billion annual interactions to personalize user experiences across the spectrum of trust—from frictionless experiences to blocking fraud. Quick and accurate identity trust decisions deliver safe payment, account creation and login events while reducing digital fraud, chargebacks, false positives and manual reviews.
“What are the most valuable lessons learned leading through a pandemic?”
Open, honest, fearless communication. The Kount team has lived by this motto for more than a decade and never before has it been more tested and more relevant than in navigating the events of 2020. From moving our entire team to remote work to quickly pivoting to help our eCommerce businesses handle dramatic changes in transaction volume, it’s essential that our team communicate at the highest levels. As the impacts of the pandemic are often deeply personal, open, honest, fearless communication has empowered us to balance individual needs, customer needs and company needs while uniting us in our mission to do whatever it takes to stop digital fraud for our customers.
Simon Biddiscombe, former CEO of MobileIron (acquired by Ivanti)
MobileIron is redefining enterprise security with the industry’s first mobile-centric security platform for the Everywhere Enterprise. MobileIron’s platform combines award-winning and industry-leading unified endpoint management (UEM) capabilities with passwordless MFA (Zero Sign-On) and mobile threat defense (MTD) to validate the device, establish user context, verify the network and detect and remediate threats to ensure that only authorized users, devices, apps and services can access business resources in a “work from everywhere” world.
“What are the most valuable lessons learned leading through a pandemic?”
As a leader during a pandemic, you must go above and beyond to provide your employees and customers with world-class service and support. My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an “always on business” for our customers. At MobileIron, we quickly enabled our employees around the world to work remotely. We also made it as easy as possible for our customers to issue more corporate-owned devices or enable a BYOD program to keep their employees secure and connected – whether they were working on the frontlines or at home. And we continued to innovate to meet the changing security needs of our customers and communities.
Overall, the pandemic has crammed years’ worth of change into a few short months and it will have long-lasting effects on how, when and where we work in the future. Work in the future will be very different to work in the past, which will present leaders with some challenges. However, it will also offer some significant opportunities to overhaul working practices and support employees who work from home with better collaboration and more intuitive access. The “Everywhere Enterprise” is not a passing phase, it’s the current reality and will continue to grow and expand as workers find new ways to be productive from anywhere.
Ward Osborne, CEO of Osborne Global Security
About Osborne Global Security
Osborne Global Security is a new player in the security space. They are challenging the stereotypes that come to mind when you originally think of security and replacing them with the ideas of trust, care and a shift in general security culture. This is a fascinating company to watch in the future.
“What are the most valuable lessons learned leading through a pandemic?”
As CISO’s for multiple companies through this pandemic, we have seen so much shift and change. There’s been borderline chaos in many companies – and chaos ALWAYS brings opportunity. For our clients, the ones we’ve worked with and developed mature, risk and capabilities based models for just this situation, they are thriving.
It’s interesting to see the world adapt to a virtual delivery model which we’ve been creating, living, evangelizing for 25 years. Our clients who may not have had the time or prioritization to develop those models and capabilities have taken a hit, but we continue to do what we do, which is develop and provide resilience and growth to our customers.
In a virtual and distributed world, Trust becomes a major factor in every conversation. If a customer can’t Trust that we are there to solve problems when things get tough, then they aren’t able to operate effectively knowing that someone has their back.
Our world has become physically disconnected, but the people and companies that deal with that challenge in a proactive and positive way will always thrive. We are here. Growing our tribe. Doing the next right thing and leading customers to success in the midst of all of this chaos and challenge.
Rodrigo Tumaián, CEO and Co-Founder of Prometeo
Prometeo provides a single point of access to banking information, transactions and payments across multiple financial institutions in Latam. Inspired by PSD2 and with high security standards, Prometeo brings easy plug & play access to open banking, the future of financial services. Currently, Prometeo is connected with more than 30 financial institutions across 9 countries of Latam (including México & Brazil) and provides access to more than 45 APIs.
“What are the most valuable lessons learned leading through a pandemic?”
Prometeo was born with a very strong focus on cyber-security, so the pandemic had no effect on our operation. Our company grew up with the foundation of mobility and work flexibility, this forced us from the beginning to think about the best way to transmit data and protect mobile assets. So when the pandemic arrived, we were already providing remote access (VPN) to all our employees, limiting access by profile. We were already using two-factor authentication to access our services. We already had user nomination and record of the operations generated by our employees on our assets. I think if I had to mention what was the most valuable thing we learned from the pandemic, it’s that the direction we took from the beginning was worth it. We didn’t have to deal with operational issues to handle the high demand for digital products from customers, we just did it. So the pandemic for us strengthened another of our fundamental values, not to make security to be compliance, but to make integral security, both within our company and for our customers.
Jean Le Bouthillier, CEO of Qohash
Qohash delivers advanced data classification and monitoring capabilities to protect your personal, health, corporate and financial data using transformational technologies such as machine learning and analytics.
“What are the most valuable lessons learned leading through a pandemic?”
2020 has accelerated digital transformation efforts and highlighted the need for advanced, lightweight data security capabilities. With enterprise employees working increasingly remote, data is flowing faster and in previously unimagined ways. Businesses realize that to keep up with the demands of clients and a digital workforce, data risk models need an update or risk jeopardizing the enterprise.
Qohash clients recognize that the employee Risk Score, a quantifiable measure of trust, mitigates the impact both of bad actors as well as busy, distracted employees.
Remote, digital work will be a part of enterprise operations for the foreseeable future. Organizations need to enable governance risk and compliance teams to better support this transition to Work From Anywhere [WFA] models where talent and business thrive.
Jean-Paul Smets, Founder and CEO RapidSpace
Rapid.Space is a cloud provider whose “approach is based exclusively on the use of free, fully auditable and reversible software, hardware and management procedures under open licenses. Thanks to a network of 228 points of presence, Rapid.Space has global presence including in mainland China. It covers similar features as the most sophisticated public cloud provider and introduces exclusive innovations such as industrial edge computing and private 4G/5G vRAN.
“What are the most valuable lessons learned leading through a pandemic?”
“Rapid.Space learned during the pandemic how to formalize its management procedures and remotely setup points of presence. Thanks to Augmented Reality and smart glasses, Rapid.Space team in Europe and Americas could setup remotely its points of presence in mainland China and Taiwan without having to travel by air plane”.
Software companies continue to deliver the highest growth rates for the 25th straight year, representing 71% of the entire list, the highest-ever percentage in the history of the rankings.
353 of the 500 fastest-growing companies in North America are in the software industry according to Deloitte’s 2020 Tech Fast 500, the most ever in the history of their rankings and a 3% increase over last year.
Two of the ten fastest-growing companies over the last three years specialize in cybersecurity, OneTrust and Transmit Security.
Notable software companies ranked in Deloitte’s 2020 Tech Fast 500 include Bolt, Illumio, LogicMonitor and Seeq.
Biotechnology/pharmaceutical companies are the second most prevalent sector, comprising 14% of all companies, followed by digital content/media/entertainment (5%) and medical devices (4%).
It’s fascinating to look at the emerging trends in Deloitte’s 2020 North America Technology Fast 500 Rankings as leading predictors of innovation. This year’s report is a quick read and provides a glimpse into the fastest-growing companies between 2016 and 2019. Deloitte chooses Technology Fast 500 awardees based on percentage fiscal year revenue growth from 2016 to 2019. Overall, the 2020 Technology Fast 500 companies achieved revenue growth ranging from 175% to 106,508% over the three-year time frame, with a median growth rate of 450%.
Key insights from the rankings include the following:
Five of the top ten winners are software companies, includingBranch Metrics, OneTrust, Transmit Security, Drift and CharterUP. It’s noteworthy that cybersecurity is well-represented in the top ten fastest-growing companies between 2016 and 2019. OneTrust and Transmit Security is in the top five fastest-growing companies between 2016 and 2019, accentuating how critical cybersecurity is becoming in all businesses. The following graphic lists the top ten Deloitte 2020 North America Technology Fast 500 winners.
Digital platform and enterprise infrastructure & productivity dominate software companies are dominating software sub-sectors with 56% of all companies. Deloitte’s ranking reflects the increasing urgency all organizations have to launch, scale and excel at new digital selling channels. The pandemic accelerated the urgency faster than the most compelling business case ever could. Having over 50% of all software companies in these categories quantifies the cloud as the platform of choice across enterprises.
Electronic devices/hardware, energy tech and software & SaaS are the three sectors generating the fastest growing businesses over the last three years. Edge computing and the quick pace of innovation in intelligent sensor development and adoption for the Internet of Things (IoT) and Industrial Internet of Things (IIoT) use cases are catalysts driving the 683% growth rate. Sustainability’s bottom-line benefits, including its positive impact on lean manufacturing, help drive to 525% growth rate in energy tech. Software and SaaS median growth rate of 465% shows enterprise software’s evolution is nascent and just getting started.