There has been a gradual but wide-scale shift in the business world, compounded by the movement restrictions and other impacts of the COVID-19 pandemic, to a remote work model. These changes have led to the need for effective next-gen network security for businesses.
As the nature of work changes, there must be a corresponding reevaluation and subsequent transformation of how organizations approach network security.
Ultimate Guide to Effective Next-Gen Network Security for Organizations
Moving work to the cloud via work-from-home policies eliminates the physical boundaries of cybersecurity. Moreover, this extension of the traditional bounds of network security establishes a strong basis for the greater adoption of edge security practices. Apparently, end-to-end security now seems more like edge-to-cloud security.
This transformation is not just about technologies and tools, although those are critical in adapting networks and cloud environments to the new model. Rather, this transformation is, foremost, a change of outlook.
Data and Network Security
With the increase in the number of technological tools at work, including and especially IoT devices, more data is being collected. And the more data is collected, the more effort must be exerted in protecting the information from intruders.
This supports the earlier submission that the new normal in network security is not just around transformation but more an extension. An extension of security capabilities to accommodate the revolution of attack approaches.
Basically, when it comes to network security, like all other organizational processes, business leaders must think in scale. After all, cyber attackers are not backing down; instead, they devise newer and newer means of network intrusion and system destabilization.
Change and Adaptation
It is understandable why some leaders may first prefer to dip their toes into the water; the world has not witnessed this scale of a comprehensive upset in a long time.
Yet, the greater mistake, and one that supports that form of approach, unfortunately, is that many people believe that the time and the current scale of challenges we now face would eventually pass.
However, as the World Economic Forum points out in a paper, “for many companies, the biggest obstacle will not be the technology; it will be the ability to recognize that these short-term disruptions are here for the long-term, if not actually permanent.”
Apparently, business leaders need to think, not in terms of things going back to normal (since they probably never will) but more in terms of adapting to what has been referred to as the new normal or the next normal.
All these reasons establish a strong case for organizations rethinking their strategy to cybersecurity to fit the features of the new world of business, particularly the burgeoning adoption of the distributed work model.
Typically, the traditional approach to network security has always been a model where security flows outwards, from the core to the edge.
However, if recent developments in cybersecurity have taught us anything, the edge is just as crucial as the core. Cyber Attackers can stealthily insert malicious code into a system through a ‘small’ breach (an employee’s computer, a connected air conditioning system, or a contractor’s email).
Worse, this malicious implant can remain in the system for several days, wreaking havoc. According to the popular research by IBM, the average time it takes companies to identify a data breach is 207 days, with a further 73 days to contain it.
Apparently, organizations need to shift to a model that secures the edge just as much as the core. If companies had a choice before, now they no longer do, certainly not with the challenges that the pandemic has thrust upon us, requiring immediate and drastic action.
Going forward, organizations must adopt security-driven networking strategies that enable the development of an integrated security approach for the comprehensive IT infrastructure.
Basically, the network security and the network architecture are fused into one solution, going against the traditionally siloed network security tactics.
Already, there are security solutions that establish this new model of network security. What defines this new generation of cybersecurity solutions is not just the scale of technology, although that is important and present.
Rather, it is the fact that they recognize the changing nature of security and, at their core, are built upon models that adapt to the new demands of cybersecurity. Some of these transformative solutions are explained below.
- Software-Defined Perimeter (SDP): A software-defined perimeter solution ensures better security by restricting network access based on a zero-trust approach. Zero-trust security incorporates the least-privilege, need-to-know, and micro-segmentation models to ensure that the integrity of a network system is maintained. Basically, an SDP controls access based on an established protocol of trust, effectively shutting out any potential intrusion.
- Secure Web Gateway: Gartner defines a secure web gateway as a “solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance.” Basically, a secure web gateway utilizes URL filtering, data loss prevention, and other technologies to restrict access to malicious and high-risk internet locations from the endpoint. It is a critical tool for adapting to the extension of security bounds as identified above.
- Risk-Based Authentication: Risk-based authentication, or adaptive authentication, uses behavioral biometrics to determine whether to grant or restrict access to a network, as well as what level of access to be granted based on the information collected. Passwords have been known for a while to be problematic. RBA is a solution that creates a frictionless and more secure authentication process than passwords and even 2FA systems.
These solutions emerge as better alternatives to legacy technologies such as VPNs and firewalls, whose vulnerabilities are far more exposed now than ever.
Cybersecurity spending has been rising for some time. Yet, cyberattacks have only gotten worse. Back in 2016, a Cisco executive said, “security threats used to be a nuisance; a virus that made your computer crash, for example. But now we’re talking about threats to life and limb, mission-critical systems that cannot fail. So security has to be driven deep into the fabric of this next generation of the internet.”
This begs the question of whether cybersecurity is really a problem of money and technology rather than a problem of strategy and approach.
Fintech Kennek raises $12.5M seed round to digitize lending
London-based fintech startup Kennek has raised $12.5 million in seed funding to expand its lending operating system.
According to an Oct. 10 tech.eu report, the round was led by HV Capital and included participation from Dutch Founders Fund, AlbionVC, FFVC, Plug & Play Ventures, and Syndicate One. Kennek offers software-as-a-service tools to help non-bank lenders streamline their operations using open banking, open finance, and payments.
The platform aims to automate time-consuming manual tasks and consolidate fragmented data to simplify lending. Xavier De Pauw, founder of Kennek said:
“Until kennek, lenders had to devote countless hours to menial operational tasks and deal with jumbled and hard-coded data – which makes every other part of lending a headache. As former lenders ourselves, we lived and breathed these frustrations, and built kennek to make them a thing of the past.”
The company said the latest funding round was oversubscribed and closed quickly despite the challenging fundraising environment. The new capital will be used to expand Kennek’s engineering team and strengthen its market position in the UK while exploring expansion into other European markets. Barbod Namini, Partner at lead investor HV Capital, commented on the investment:
“Kennek has developed an ambitious and genuinely unique proposition which we think can be the foundation of the entire alternative lending space. […] It is a complicated market and a solution that brings together all information and stakeholders onto a single platform is highly compelling for both lenders & the ecosystem as a whole.”
The fintech lending space has grown rapidly in recent years, but many lenders still rely on legacy systems and manual processes that limit efficiency and scalability. Kennek aims to leverage open banking and data integration to provide lenders with a more streamlined, automated lending experience.
The seed funding will allow the London-based startup to continue developing its platform and expanding its team to meet demand from non-bank lenders looking to digitize operations. Kennek’s focus on the UK and Europe also comes amid rising adoption of open banking and open finance in the regions.
Featured Image Credit: Photo from Kennek.io; Thank you!
Fortune 500’s race for generative AI breakthroughs
As excitement around generative AI grows, Fortune 500 companies, including Goldman Sachs, are carefully examining the possible applications of this technology. A recent survey of U.S. executives indicated that 60% believe generative AI will substantially impact their businesses in the long term. However, they anticipate a one to two-year timeframe before implementing their initial solutions. This optimism stems from the potential of generative AI to revolutionize various aspects of businesses, from enhancing customer experiences to optimizing internal processes. In the short term, companies will likely focus on pilot projects and experimentation, gradually integrating generative AI into their operations as they witness its positive influence on efficiency and profitability.
Goldman Sachs’ Cautious Approach to Implementing Generative AI
In a recent interview, Goldman Sachs CIO Marco Argenti revealed that the firm has not yet implemented any generative AI use cases. Instead, the company focuses on experimentation and setting high standards before adopting the technology. Argenti recognized the desire for outcomes in areas like developer and operational efficiency but emphasized ensuring precision before putting experimental AI use cases into production.
According to Argenti, striking the right balance between driving innovation and maintaining accuracy is crucial for successfully integrating generative AI within the firm. Goldman Sachs intends to continue exploring this emerging technology’s potential benefits and applications while diligently assessing risks to ensure it meets the company’s stringent quality standards.
One possible application for Goldman Sachs is in software development, where the company has observed a 20-40% productivity increase during its trials. The goal is for 1,000 developers to utilize generative AI tools by year’s end. However, Argenti emphasized that a well-defined expectation of return on investment is necessary before fully integrating generative AI into production.
To achieve this, the company plans to implement a systematic and strategic approach to adopting generative AI, ensuring that it complements and enhances the skills of its developers. Additionally, Goldman Sachs intends to evaluate the long-term impact of generative AI on their software development processes and the overall quality of the applications being developed.
Goldman Sachs’ approach to AI implementation goes beyond merely executing models. The firm has created a platform encompassing technical, legal, and compliance assessments to filter out improper content and keep track of all interactions. This comprehensive system ensures seamless integration of artificial intelligence in operations while adhering to regulatory standards and maintaining client confidentiality. Moreover, the platform continuously improves and adapts its algorithms, allowing Goldman Sachs to stay at the forefront of technology and offer its clients the most efficient and secure services.
Featured Image Credit: Photo by Google DeepMind; Pexels; Thank you!
UK seizes web3 opportunity simplifying crypto regulations
As Web3 companies increasingly consider leaving the United States due to regulatory ambiguity, the United Kingdom must simplify its cryptocurrency regulations to attract these businesses. The conservative think tank Policy Exchange recently released a report detailing ten suggestions for improving Web3 regulation in the country. Among the recommendations are reducing liability for token holders in decentralized autonomous organizations (DAOs) and encouraging the Financial Conduct Authority (FCA) to adopt alternative Know Your Customer (KYC) methodologies, such as digital identities and blockchain analytics tools. These suggestions aim to position the UK as a hub for Web3 innovation and attract blockchain-based businesses looking for a more conducive regulatory environment.
Streamlining Cryptocurrency Regulations for Innovation
To make it easier for emerging Web3 companies to navigate existing legal frameworks and contribute to the UK’s digital economy growth, the government must streamline cryptocurrency regulations and adopt forward-looking approaches. By making the regulatory landscape clear and straightforward, the UK can create an environment that fosters innovation, growth, and competitiveness in the global fintech industry.
The Policy Exchange report also recommends not weakening self-hosted wallets or treating proof-of-stake (PoS) services as financial services. This approach aims to protect the fundamental principles of decentralization and user autonomy while strongly emphasizing security and regulatory compliance. By doing so, the UK can nurture an environment that encourages innovation and the continued growth of blockchain technology.
Despite recent strict measures by UK authorities, such as His Majesty’s Treasury and the FCA, toward the digital assets sector, the proposed changes in the Policy Exchange report strive to make the UK a more attractive location for Web3 enterprises. By adopting these suggestions, the UK can demonstrate its commitment to fostering innovation in the rapidly evolving blockchain and cryptocurrency industries while ensuring a robust and transparent regulatory environment.
The ongoing uncertainty surrounding cryptocurrency regulations in various countries has prompted Web3 companies to explore alternative jurisdictions with more precise legal frameworks. As the United States grapples with regulatory ambiguity, the United Kingdom can position itself as a hub for Web3 innovation by simplifying and streamlining its cryptocurrency regulations.
Featured Image Credit: Photo by Jonathan Borba; Pexels; Thank you!