With more businesses expecting enterprise-grade mobile devices to last longer than the average consumer smartphone replacement cycle, keeping those devices secure is a growing challenge.
According to a survey by Zebra Technologies, 51% of businesses want their mobile computers to last more than five years, some of which are still powered by legacy “green screen” Telnet-based systems or Windows mobile operating systems.
Getting support for these older operating systems is next to impossible, given that those systems have reached their “end-of-life” where software and security updates are no longer provided.
Even for a modern mobile operating system (OS) such as Android, security updates usually end after three years – well short of the five or more years that enterprises need. This gap between OS and hardware lifecycles can create an exposure to ever-present security risks, said April Shen, director of enterprise visibility and mobility at Zebra Technologies Asia-Pacific.
While some enterprises may look to replace their mobile devices with newer ones to take advantage of the latest – and more secure – versions of operating systems, some may be reluctant to do so, given that many enterprise-grade mobile devices are built to be rugged and hence can last longer.
So what can enterprises do? Like companies such as Rimini Street that provide third-party support services for enterprise software, Zebra Technologies, through a product called LifeGuard, delivers regular security patches on a monthly or quarterly basis.
“All security updates that we release also come with detailed release notes that share guidance on the specific vulnerabilities being addressed as well as detailed installation instruction,” Shen said. “All of this has resulted in a unique, industry-leading level of OS security support.”
But that does not mean that all of LifeGuard’s security patches, which address various threat severity levels, need to be applied all the time. Shen said businesses should evaluate the patches in accordance with their IT policies to determine if the patches are required.
“We also understand that software updates may carry a certain level of functional risk. For example, customers may want to assess the individual vulnerabilities addressed in each release, as they may already have taken steps to mitigate some of these vulnerabilities through measures (such as application white listing and lock task mode).”
Of course, there will come a time when enterprises will need to replace their devices for good. That will set off a chain of tasks such as porting existing apps to the new devices and operating system, and testing the apps before deploying them.
Shen said because LifeGuard continues to provide legacy OS security support for one year in the form of quarterly updates, enterprises will have enough time to migrate to the newer OS smoothly and securely.
The catch is LifeGuard is only available for newer Android-based devices from Zebra. Legacy products may either have LifeGuard support or some lesser security support profile.
Singapore Airlines (SIA) has been on roll lately with a slew of announcements that it hopes will cement its position as a leading carrier amid stiff competition from premium rivals and low-cost carriers alike.
Last week, SIA said it would launch the world’s first blockchain-based airline loyalty digital wallet app that will unlock the value of miles accumulated by customers in its KrisFlyer frequent flyer programme.
When ready, the digital wallet app, which has been tested in a proof-of-concept exercise with KPMG and Microsoft, would enable KrisFlyer members to spend their miles at participating merchants. The app will ride on an SIA-owned private blockchain involving only merchants and partners.
Hailing the digital wallet as ground-breaking, SIA’s CEO Goh Choon Phong said the initiative is a “demonstration of the investment we are making to significantly enhance the digital side of our business for the benefit of our customers”.
Under SIA’s recently unveiled Digital Innovation Blueprint, the airline hopes to become the world’s leading digital airline, supported by partnerships with Singapore’s key research institutions, universities and government agencies.
But more than just spurring digital projects and driving innovation, as most of such blueprints entail, SIA’s digital transformation programme is focused on building an open innovation culture across through staff involvement and supporting employees through digital training, such as in digital innovation and design and agile methodologies.
A digital innovation lab is also being set up to enable staff to work with innovative companies including start-ups, established incubators and accelerators, to stimulate new ideas and facilitate collaboration in a creative environment.
Such efforts are laudable, as digital transformation requires a major shift in employee mindset and organisational culture, which can be difficult to achieve especially for one of the world’s top airlines that has a lot more to lose should things go south.
Whether SIA can truly become the world’s leading digital airline remains to be seen, but one thing is clear – by putting employees at the centre of its digital transformation blueprint, rather than spewing buzzwords like IoT and AI as some others have done, the airline is setting itself up for success.
Despite recent advancements in deep learning, which has its roots in neuroscience, it not a dramatic breakthrough in artificial intelligence as it is sometimes portrayed.
That was the key point made by Tomaso Poggio, a renowned professor at MIT’s department of brain and cognitive sciences, and artificial intelligence laboratory, at the EmTech Asia conference in Singapore this week.
Poggio argued that many of the concepts behind deep learning were developed in earlier decades, and that for artificial intelligence to achieve the next breakthrough, we would have to solve the problem of understanding how the human brain works. “That goes beyond deep learning,” he said.
Machine learning and deep learning, for example, is still based on the premise that machines learn from large datasets to solve a problem, answer a question or perform a task. Human learning, however, does not require one to even look at dozens of images to learn what an object is for the first time.
“There must be the ability to synthesise programmes on the fly based on a set of small routines,” Paggio said, adding that his team will be exploring this research area using neuroscience and cognitive tools over the next five years.
Besides the research community, private sector companies such as Google are also looking into the possibility of having machines learn from smaller datasets, or even from a single example.
“If you’ve seen something just once in the morning, you’ll definitely be able to recognise it again, but machines have a hard time doing that,” said Oriol Vinyals, research scientist at Google Deepmind.
When applied in real-world settings, Vinyals said this would allow a robot, for example, to process its environment and perform an action without codifying all the possible actions that it can take.
In this guest post, Prakash Sadagopan, director of field systems engineering at F5 Networks Asia-Pacific, discusses mobile security issues and what enterprises can do to stay secure.
The boom of mobile applications—whether it is for ride sharing or couch surfing—has superseded traditional services and revolutionised convenience, as we know it. This is especially prevalent in Asia Pacific, home to over half of the world’s mobile subscribers. Asia is also leading the charge in mobile app revenue, with the figure expected to increase to $57.5bn by 2020.
Replacing traditional with unconventional
A dynamic playground for mobile apps, the sharing economy has nestled itself into almost every corner in the region—and it makes no differentiation, be it an emerging market such as Indonesia, or an established economy such as Singapore.
In Indonesia, home care portal Seekmi connects individuals to professional services at the touch of a button. With a platform of over 250,000 listings and a fleet of 5,000 service vendors, Seekmi provides a wide array of on-demand services including photography and plumbing. Last year, it raised multi-million dollar funding and made plans to expand its services across more cities.
In Singapore, we regularly see Uber Eats riders on their oBikes and Mobikes, completing their trips and delivering an assortment of food to their customers. These riders have no stake in any of the businesses—from the restaurants, or their mode of transport—but provide an ever so popular service. Today’s sharing economy has evolved to a point where jobs can be created, and completed, all just by owning a single app.
The underlying danger of DDoS
These success stories are a testament to the prowess of the sharing economy, which is quickly gaining traction across the region due to the speed and convenience it delivers. However, our increasing reliance on apps might also lead to our downfall. Consumers willingly offer personal information to shave off precious minutes of waiting. This is great, until they realise that the sharing economy also means an entire ecosystem of authenticated devices and data that are interconnected—a treasure trove for cyber criminals.
DDoS attacks caught the world’s attention with the Mirai botnet, which crippled the internet and brought down sites such as Amazon, Github, PayPal, Reddit and Twitter. If DDoS can easily take out large websites, one can only imagine the havoc it will cause if and when apps such as Uber, Obike and Seekmi are suddenly made unavailable.
Our dilemma: safety or convenience?
Connectivity is a double-edge sword today as it enables the level of convenience in our lives, and yet provides cyber criminals the platform for exploitation. The benefits the sharing economy bring to improving one’s standards of living are endless.
However, sharing economy apps achieve this intelligence by uploading customers’ personal information such as gender, age, interests and even credit card details to the cloud for data analysis and service improvements.
So what happens when enterprises face the unexpected wrath of a DDoS attack? Enterprises lose revenue in reduced web traffic and have to bear the high costs of remediation process. More severely, customers who once trusted enterprises would view the organisations as unreliable. In our information overload age, it only takes one website crash to send customers running to another vendor.
The key to keeping safe
Convenience is the biggest motivator in an increasingly impatient world. It is worrying that users of sharing apps surrender their credit card information and passwords too readily. Now more than ever, businesses need to strengthen their stance against DDoS. It may seem to be a daunting task; however, a practical first step could be to cultivate a culture of awareness.
Cyber security is slowly but surely becoming a priority for many organisations, especially in the wake of recent events, including oBike’s as well as AXA’s data breach. Yet, IT continues to struggle to gain a foothold in boardroom discussions and drive the point that proactive cyber security strategy is a necessary investment.
Given the option between building on an existing security framework and investing in business ventures, it is almost a no brainer for executives to choose the latter. A Ponemon Report on APAC app security finds that only 17% of IT security budgets are dedicated to app security. The only real change enterprises have to make is recognising that they have to carry great losses that extend beyond monetary means during a security breach, and that at any time, a breach could happen.
With the right mindset comes the right steps to security. Enterprises should bear in mind that security monitoring and observations are imperative. From prioritising what needs protection to ensuring your IT programme timely and effectively identifies security breaches, every step counts towards a safer future for a business.
Enterprises should also carry out active measures to protect both end users and businesses, starting from digital hygiene practices. This can range from password renewals every six months to conducting regular patching exercises. Deploying web application firewalls (WAF) also protects web applications and application programme interfaces against a variety of attacks, notably injection attacks and application-layer denial of service.
Lastly, enterprises should adopt a cyber security infrastructure that creates on-going conversations across all business units and functions. This will ensure a varied and multi-faceted opinion in identifying critical vulnerabilities in security and building towards a more robust secure strategy in an enterprise. Simple yet effective, these measures could save you a trip to the emergency room and help keep sharing safe.
Software and silicon design company Synopsys has just published an interesting report that classifies chief information security officers (CISOs) into four archetypes or what it calls “tribes”.
Through in-person interviews with 25 CISOs from some of the world’s largest firms, such as Facebook, Goldman Sachs, Cisco and Starbucks, Synopsys grouped CISOs into different tribes based on whether their organisations viewed security as enablers, technology, compliance or cost centres.
Each tribe demonstrates specific characteristics or “discriminators” that fall into three domains: workforce, governance or controls – equivalent to the clichéd phrase, people, process and technology.
In Synopsys’ model, membership in one tribe is mutually exclusive with membership in other tribes. Each of the 25 CISOs fits into one of the four tribes, although he or she may share common discriminators with those in another tribe.
Tribe 1: Security as enabler
Organisations in this tribe are the most mature of the lot in their approach to security. Far from being a cost centre or a compliance checkbox, security in Tribe 1 is seen as a pathway to good business. They take a business-focused approach towards security, which isn’t seen as just a technical issue. Compliance is viewed as a planned effect. CISOs in this tribe also get in front of the problem by influencing the standards by which they will be judged.
Tribe 2: Security as technology
CISOs in this group typically begin their careers as technologists and tend to turn to technology to solve every security problem. They also try to understand the business, but have not reached the “senior executive gravitas” of Tribe 1. Their penchant for problem-solving also leads them to take on the toughest business challenges on their own rather than delegating tasks.
Tribe 3: Security as compliance
Although compliance requirements can get organisations to do something about security, they have a tendency to foster a checklist mentality, where security is viewed as yet another box to be ticked. It has been proven that compliance is not a panacea to every security problem, and it certainly can’t keep out determined hackers. Yet, organisations in this tribe continue to under invest in security in spite of compliance requirements.
Tribe 4: Security as cost centre
Organisations in this tribe may not even have CISOs. Their security leadership may exist down the pecking order or in middle management. Because security is seen as a cost centre, it “never drives budget creation and in some sense has a thick glass ceiling imposed on it”. It’s a tough job for security professionals in organisations that belong to this tribe where security is viewed in the same vein as the IT helpdesk.
In its report, Synopsys did not reveal the number of CISOs in each tribe, but it fears that “Tribe 4 may be very large, meaning there’s plenty of room for security improvement in the world”.
What type of CISO are you? Tell us more in the comments!
Hyundai, along with a handful of key investors, is pumping more money into Grab, Southeast Asia’s largest ride-hailing service in an effort to bring its mobility services to the region.
The South Korean car maker is already dabbling in car-sharing on its own in the US, Netherlands and Austria, where its Ioniq electric vehicles are available for rent in major cities such as Amsterdam and Vienna.
Hyundai did not reveal how much it is investing in Grab, which it will be working with to develop a new mobility service that will make use of its Ioniq vehicles. Other investors in this Series G funding round – Grab’s largest so far – include China’s ride-hailing giant Didi Chuxing, SoftBank and Toyota Tsusho.
Grab operates the largest ride-hailing network in Southeast Asia and is one of the most frequently used mobile platforms in the region with over 3.5 million daily rides. The Grab app has been downloaded onto over 77 million mobile devices, giving passengers access to the region’s largest land transportation fleet comprising over 2.3 million drivers.
This latest round of investment by industry bigwigs should bolster Grab’s position in Southeast Asia where it competes with key rivals such as the embattled Uber in markets like Singapore and Malaysia, as well as Go-Jek in Indonesia.
It also comes at a time when interest in ride-hailing and car-sharing is growing, particularly in Singapore where a new electric car-sharing scheme called BlueSG was launched with much fanfare in December 2017.
Besides offering ride-hailing services and possibly a car-sharing programme in future through the Hyundai partnership, Grab has also partnered with self-driving startup nuTonomy in a driverless car trial in Singapore.
Elsewhere in Asia, China’s Baidu has reportedly developed its own self-driving Apollo platform that has been undergoing testing in cars on public roads since late last year.
Some 20 teams of cyber security industry professionals and tertiary students in Singapore pitted their skills against one another in a competition aimed at plugging the cyber security skills gap in the city-state.
Conducted in December 2017, the Ixia Cyber Combat competition saw participants from industries including financial services, technology, government and education take down enemy servers, expose vulnerabilities and win flags, while defending their home ground against enemy attacks.
More importantly, the competition had exposed the participants to a range of new tools and situations that they can take back to their organisations.
The team that won the gruelling 12-hour challenge were from Wizlynx, a Switzerland-based cyber security service provider.
“It was a stressful but fun experience,” said Ang Guo Gen, a Singapore Institute of Technology undergraduate and intern at the Wizlynx. “On the defence side, we were only given a Fortinet firewall and Splunk to do some analysis of our environment. I also looked at the logs to try and understand what was happening, did some tests and made some guesses which turned out to be right.”
On the offensive side of things, Ang, whose team mate was Wizlynx senior security consultant Linh, managed to find all 20 enemy targets that he was supposed to find. “In the end, we came from behind and took the show.”
Ixia Cyber Combat follows efforts by others in the cyber security industry to groom more cyber security talent.
In July 2017, Singtel launched a portal to provide information on career paths and showcase the efforts involved in fending off cyber attacks. Visitors to the portal will also get a chance to test their skills in cyber challenges that will assess their understanding of cyber security terms, concepts and operational principles.
Those who fare well will be invited to Singtel’s Cyber Security Institute to hone their skills in cyber war games conducted on four weekends a year, and get a chance to be mentored by cyber security experts.
According to the Cyber Security Agency, which also organises an annual cyber security exercise for critical sectors such as finance, transport and government, Singapore’s demand for cyber security professionals is expected to grow to from 4,700 in 2015, to 7,200 in 2018 and 9,700 in 2021.
In February 2017, the government-led Committee on the Future Economy called for Singapore to shore up its expertise in data analytics and cyber security as part of efforts to build strong digital capabilities in its economy.
The government has since accepted the committee’s recommendations, and has started recruiting and building cyber security talent through Singapore’s military conscription programme.
A vote by the US Federal Communications Commission (FCC) to repeal the net neutrality rules spearheaded by the Obama administration was largely met with disdain by internet companies and users.
Proponents of these rules often claim that blocking or discriminating internet traffic limits consumer choices, hampers innovation and goes against the principle of a free and open internet.
Those on the opposing fence, mainly telcos and internet service providers (ISPs), have argued for their right to optimise finite network resources and charge over-the-top (OTT) service providers for traffic that passes through their networks. Video streaming services, for one, account for a large part of web traffic.
Singapore’s net neutrality stance appears to have struck a compromise on both sides of the net neutrality debate.
In a white paper published by the then Infocomm Development Authority (IDA) in 2011, ISPs and telcos in Singapore are not allowed to block legitimate content. Nor can they impose discriminatory practices that could render any legitimate content effectively inaccessible or unusable.
While telcos and ISPs in the city-state can still throttle traffic, IDA said “traffic management practices that are found to be anti-competitive or to harm consumer interests will be dealt with on a case-by-case basis”.
Service providers are also allowed to offer specialised or customised content, applications and services based on commercially negotiated arrangements. This has enabled telcos to partner with OTT service providers such as Netflix and Spotify to offer add-on services for consumers without any degradation in user experience.
Singapore’s net neutrality stance has enabled telcos and ISPs to benefit from the growing popularity of OTT services, keeping them invested in efforts to improve their networks and offer a wider variety of services for consumers.
It is thus heartening to know that the Infocomm Media Development Authority (IMDA), formed from the merger of IDA and the Media Development Authority in 2016, has said that it would not change Singapore’s position on net neutrality, which together with its licensing approach, has kept the telcos on their toes and brought new services and operators to market.
By hosting its cloud infrastructure at Equinix’s Singapore datacentre, Kingsoft Cloud has become the latest Chinese cloud service provider to set its foot in Southeast Asia. The move is expected to improve the performance of Kingsoft’s services for Southeast Asian customers.
Kingsoft Cloud, which recently raised $300m in Series D funding, is currently the main cloud service provider in China for Chinese smartphone maker Xiaomi. Lei Jun, founder and CEO of Xiaomi, is a substantial shareholder and chairman of Kingsoft.
In fact, Kingsoft Cloud provides a bulk of the cloud storage on Xiaomi’s MIUI operating system that has helped the company serve its rapidly growing customer base within and outside China.
Other Chinese cloud players such as Alibaba and Huawei have also made their foray into Southeast Asia, a growing region with a tech-savvy, young population and a rising middle class.
Kingsoft declined to be interviewed for a story, but going by its performance in its most recent quarter, the company is poised to give rivals a run for their money.
In Q3 2017, Kingsoft reported cloud revenues of RMB358.1 million – an increase of 80% year-over-year and 18% quarter-over-quarter.
The company attributed the strong year-over-year performance to a robust increase in customer usage, especially in sweet spots such as mobile gaming and video streaming, where it has secured key customers in the broadcast and television industry.
Besides media and entertainment, Kingsoft is also making inroads in healthcare, where it is offering cloud services to leading medical institutions and enterprises such as the PKUCare Rehabilitation Hospital, The University of Hong Kong-Shenzhen Hospital and Peking University People’s Hospital.
Kingsoft’s vertical strategy is a smart one, and differs from the general-purpose approach that most other cloud providers are adopting.
By focusing on specific industries, Kingsoft is in a better position to meet the unique needs of organisations in different industries, especially in Southeast Asia where some organisations may be more demanding than others in terms of security, compliance and performance requirements.
The hype over digital transformation is tapering off. Organisations in the Asia-Pacific (APAC) region are now confronting the realities of rolling out digitalisation initiatives, many of which are plagued with challenges.
According to a global survey of CIOs carried out by Logicalis, a global IT solutions and managed services provider, optimism around digital transformation progress had dampened over the past year.
Across the region, fewer CIOs (3%) now think of their organisations as digital innovators compared to last year when the figure was 6%. The proportion of CIOs who characterise their organisations as part of an early majority in digital transformation is also down to 46% from 53% in 2016.
The sombre mood over digitalisation initiatives hails from bugbears in areas such as cost, complexity, corporate culture, skills and cyber security.
Specifically, 62% of APAC CIOs cite cost as the main barrier in digital transformation, 51% point to complex legacy technology and 49% say organisational culture is an issue, while 43% point to lack of skills and 40% cite security issues.
In the face of those challenges, it is heartening that APAC CIOs aren’t giving up the fight. Nearly half or more than half of them want to simplify IT, engage their business users, provide additional training and attempt to change the culture of their organisations.
CIOs, however, cannot do it all alone. Change has to come from the top and at a strategic level for digital transformation initiatives to succeed.
The CIO of a major Singapore bank whom I met recently says he works hand in glove with the senior management team, setting goals and measuring the success of digital transformation efforts with metrics and balance scorecards that are all agreed upon by all business units.
Those metrics are reviewed regularly and tweaked if need be, making the bank one of the most successful among its peers in embracing digital technologies not only to connect with customers, but also to change traditional banking practices.
Going by the survey results, the CIO I met with seems to be more of the exception than the norm, where most CIOs are still grappling with digital transformation initiatives that are led more by pragmatism than by strategy.
However, as Mark Rogers, CEO of Logicalis Group and Logicalis Asia, says, digital transformation is possible if CIOs have a clear vision and strategy, and receive the right support from management.