11.04.2016 Views

Business Solutions Vol 5 Issue 1

Do you know the secret to free website traffic?

Use this trick to increase the number of new potential customers.

Vol 5 Issue 1

ISO27001 Event Guide

Ward Solutions predicts €1.2m

from ISO27001

Data Solutions survey find Irish businesses

held at ransom

Innovative designs for data centres storage


Driven By The Need For

Information Security In Ireland

Data is one of the most valuable

assets any business has today. Our

dependence on information systems

and services means organisations

are more vulnerable to security

threats than ever before. Keeping

your data secure – whether its

customer, staff or supplier data – is

critical in most businesses, but most

especially those dealing with

sensitive data. Data security is a hot

topic in the media so ISO 27001 not

only protects your business against

hackers but also safeguards your

reputation.

For further information please contact

BoxMedia

616 Edenderry Business Campus,

Edenderry,

Co Offaly

Tel: +353 (0) 46 977 3434

Website : www.iso27001ireland.com

ronan@boxmedia.ie

susan@boxmedia.ie

KEY BENEFITS TO YOUR BUSINESS

• Improves and maintains competitive edge.

• Win more business particularly where procurement

specifications require higher IT security

credentials.

• Compliance with legal, statutory, regulatory and

contractual requirements.

• Provide assurance to stakeholders, such as clients

and shareholders.

Business continuity is assured through

management of risk, security issues and concerns.


C ONTENTS

-5-

Ward Solutions

Predicts €1.2M from ISO27001.

-28-

Electronic Payments

Say goodbye to the cheque book

x

-7-

Atlantic Bridge

€140M fund for tech companies.

-8-9-10-

Deciphering

The puzzling future of data security.

PAGE 5

Ward Solutions.

-29-

Data Solutions

New jobs and €5M investment

PAGE 28

Cheque books a thing of

the past.

PAGE 30

CyberBunker.

-12-

Zinopy

Launches “inSlght”.

PAGE 7

Atlantic Bridge.

-31-

Data Protection

3 issues defining data protection

in Ireland

PAGE 31

Data Protection.

-13-19-

ISO 27001

Event Guide & Workshop.

Managing Editor: Ronan McGlade

Sub Editor: Mark Collins

Business Development: Susan Doyle

Production: Helen King

Production/Operations: Paula Dempsey

Sales & Marketing: Alan Carolan

Sales & Marketing: Ciaran Hurley

IT Department: Thomas McCarthy

-23-

AdaptiveMobile

80% do not have adequate security

measures in place.

-25-

VPN

Do you need one.

PAGE 8

Deciphering.

PAGE 12

Zinopy.

Business Solutions is published by BoxMedia and its Directors.

616 Edenderry Business Campus, Edenderry, Co Offaly

Tel: + 353 46 9773434

Email: ronan@boxmedia.ie

Website: www.businesssolutionshub.com

BoxMedia and its Directors can accept no responsibility for the accuracy of contributors’ articles or statements

appearing in this magazine. Any views or opinions expressed are not necessarily those of BoxMedia and its

Directors. No responsibility for loss or distress occasioned to any person acting or refraining from acting as a

result of the material in this publication can be accepted by the authors, contributors, editor and publisher. A

reader should access separate advice when acting on specific editorial in this publication!

BoxMedia is a Premier Business Media Ltd Company

Design, Origination and Separations by Fullpoint Design (057) 8680873

Printed by GPS Colour Graphics.

VOL 5 ISSUE 1

1


Half of Irish (47 per cent) find endless

junk mail more annoying than their

commute to work

New research reveals one in three consumers in Ireland and the UK will even

move their custom elsewhere if this trend of irrelevant overcommunication persists

New research reveals the

standard of communication -

inundation of irrelevant

whether paper-based or digital,

communications and

to ensure consumer loyalty.”

junk mail is pushing

A majority of consumers in

consumer loyalty in the UK and

Ireland to breaking point, with the

majority (84 per cent) ready to take

action against brands.

The research, commissioned by

global IT services company Ricoh and

carried out by Coleman Parkes,

examined the relationship between

Ireland and the UK (65 per cent)

believe more could be done to

tailor communications to their

individual circumstances. Three

quarters (76 per cent) would

even be willing to share personal

data to make this happen,

including occupation, salary,

brand communications and

Internet browsing habits and

customer loyalty.

Irrelevant communications, both

online and paper-based, are a huge

bug-bear for more than two-thirds of

consumers in Ireland and the UK,

health records.

Consumers also increasingly

view digital communications as

their preferred method to receive

information from brands and

who consider a quarter of what they

service providers: for new offers

Chas Moloney, director, Ricoh Ireland & UK

receive to be junk. Nearly half (47

and upgrades (71 per cent),

per cent) of consumers even see junk

mail as more frustrating than their commute to work.

Beyond the mere frustration factor, consumers are suffering

from being unable to sift through the flood of irrelevant

information and poor quality comms. Nearly one in five (17 per

cent) have missed a payment deadline, and 22 per cent have

been unsure how much they owe for a service or even missed

offers they were entitled to (33 per cent).

Brands need to beware that irrelevant communications are

having a significantly detrimental impact on customer loyalty,

trust and spend, and consumers are unafraid to bite back. Twothirds

(69 per cent) of consumers in Ireland and the UK report

feeling less loyal to a brand spamming with irrelevant

information, whilst a similar number would also spend less (68

per cent) and even go so far as to stop being a customer

completely (57 per cent). Nearly a third (32 per cent) of

consumers have moved their custom elsewhere, another fifth (22

per cent) have complained to a service provider, and over one in

ten (14 per cent) have taken their complaint to an authoritative

body.

Chas Moloney, director, Ricoh Ireland & UK, said: “Irish

consumers are clearly saying ‘enough is enough’ when it comes

to the irrelevance and high volume of communication sent out

by brands and service providers. In the digital age, it has never

been more convenient to instantly communicate with customers,

but it is equally just as easy to spam.

“Brands need to find that crucial middle ground -

communicating regularly and effectively without alienating

customers. In today’s competitive landscape, businesses must do

more to listen to their customers and provide a tailored, quality

statements and bills (66 per

cent) and updates to terms and conditions (64 per cent).

Moloney continued: “Consumers want to feel like a brand

knows them and is creating the most tailored and bespoke

communication to cater for their needs and interests. This should

not be taken as an excuse to ‘spam’ though. Using consumer

data correctly is imperative here. No matter whether they have a

preference for digital communications – such as online bank

statements – or a mix of electronic and paper-based, there is

simply no excuse not to harness this insights to ensure

communications are truly targeted, which in turn makes them

effective and powerful.”

The industries viewed as currently sending the most relevant

communications to consumers are the public sector (39 per

cent), financial services (37 per cent), utilities (45 per cent) and

healthcare (32 per cent). With the exception of utilities, these

industries were similarly seen to be the most trustworthy handlers

of customer data. However, no single sector is viewed positively

by more than half of consumers, which goes to show significant

work still needs to be done by brands across all industries to

bring confidence in their customer communications up to

scratch.

Businesses across Ireland have to streamline how they

manage, distribute and collect data to ensure consistency across

all channels. Information provided by customers should be used

to create promotional offers and updates that are not only

personal to the consumer, but also highly relevant to them. This

results in the customer feeling truly valued, which ultimately

drives loyalty and tangible benefits to the business,” concluded

Moloney.

2

VOL 5 ISSUE 1


Data breach four-times worse than

CEO quitting – BT study

New research undertaken by Amárach for BT Ireland has shown that a company’s

data protection is priority No 1, with a data breach considered four-times worse

than a CEO quitting.

The likelihood of a

company suffering a data

breach has increased tenfold

in today’s age of heightened

cyberattacks and an abundance

of devices connected

to the internet of things (IoT).

In the last few days alone, three hospitals in the US have been

the victims of ransomware attacks, with attackers demanding

cash to allow the hospital’s IT staff to gain access once again to

their servers.

A recent poll conducted for BT Ireland has highlighted that

data protection concerns are shared by both those at the coal

face of a company’s security operation, and by those at the

highest level of the company as well.

Data protection more important than financial health

The poll, of 115 senior Irish IT decision makers in companies with

an average employee size of 300 staff, showed that fear of a data

breach is now the biggest

worry for a company, fourtimes

bigger than the sudden

departure of an influential

CEO.

Likewise, of those polled,

67pc said they believe that a company’s statements to investors

should specifically address data management capabilities in the

future and, additionally, 62pc said they believe that future

investors will use data management capabilities to assess a

company’s financial health, just as they do with profits and assets

currently.

Shay Walsh, managing director of BT Ireland, said of the

study’s findings: “Our research reveals that Ireland’s savvy IT

leaders recognise and understand the need for their employers to

invest in the right infrastructure now that will enable them to

better manage and extract value from data and, ultimately,

protect themselves from serious data management risk in the

future.”

Has your mouse been hacked?

Wireless mice and keyboards are prime for hacking, with

a “massive vulnerability” leaving “billions” of devices

at risk, according to a new report.

US cybersecurity company Bastille claims to have found

the issue, calling it MouseJack, which sounds pretty cool,

with the company saying the vulnerability is massive.

Manufacturers like Logitech, Dell and Lenovo are

namechecked as those affected by the issue, but most non-

Bluetooth wireless dongles are vulnerable.

Basically, hackers can take over a computer through a flaw

in the dongles. Once paired, the MouseJack operator can

insert keystrokes or malicious code with the full privileges of

the PC owner and infiltrate networks to access sensitive data.

The attack is at the keyboard level, therefore, PCs, Macs,

and Linux machines using wireless dongles can all be

victims.

“MouseJack poses a huge threat, to individuals and

enterprises, as virtually any employee using one of these

devices can be compromised by a hacker and used as a

portal to gain access into an organisation’s network,” said

Chris Rouland, founder and CTO of Bastille.

MouseJack, an IoT nightmare

Take a step back from the millions of laptops around the

world, and think of where we’re all going. An IoT world means

tonnes more interconnected devices, tonnes more wireless

interconnected devices. So, if what Bastille found is as bad as it

says, we could be in a bit of bother.

“The MouseJack discovery validates our thesis that wireless

IoT technology is already being rolled out in enterprises that

don’t realise they are using these protocols,” said Rouland.

“As protocols are being developed so quickly, they have not

been through sufficient security vetting.”

Bastille says the top 10 wearables on the market have

already been hacked, an ominous sign for those operating

below that threshold.

What’s worrying is the large amount of wireless mice and

keyboards that can’t be updated, thus rendering any hope of a

patch useless.

“Consumers will need to check with their vendor to

determine if a fix is available or consider replacing their

existing mouse with a secure one,” said the company, with

www.mousejack.com set up to help with this.

VOL 5 ISSUE 1

3


Data Solutions Survey finds 20% of

Irish businesses have been held to

ransom

• Despite this 93% say they would never pay a ransom

• 80% of businesses upgraded IT security in past year due to

rise in cyberattacks

• 55% expect to spend more on cyber security in 2016 than

last year

• More than 40% consider brand and reputation damage the

biggest concern of an attack

• Less than 10% are ‘absolutely confident’ their information

security measures are effective

• Full survey results to be announced at Data Solutions

Secure Computing Forum on 12th May.

Data Solutions, the leading Irish distributor for IT

solutions, has revealed the results of its 2016

Information Security Survey. The survey found that

20% of Irish businesses have fallen victim to

ransomware attacks, a serious form of cybercrime that sees

hackers hold a business’ sensitive and critical data for ransom.

Despite the serious nature of such an attack, 93% of respondents

stated that they would never pay a ransom to hackers.

The survey was carried out in association with TechPro

magazine among 137 senior IT decision makers in Irish businesses

during February and March 2016. The full results of the research

will be revealed at the Data Solutions Secure Computing Forum

taking place in the Mansion House, Dawson Street, Dublin 2 on

12th May.

In a clear sign of the changing landscape of information

security, and increased awareness of the threat of cybercrime, the

survey also found that 80% of businesses upgraded their IT

security in the past year, and that more than 55% of companies

Pictured at the announcement of the 2016 Data Solutions survey results are: (l-r) Michael O'Hara,

managing director, Data Solutions, and David Keating, security sales manager, Data Solutions.

expect to spend more on security measures in 2016 than they

did in the previous year.

Despite this growing awareness, less than 10% of respondents

stated that they were ‘absolutely confident’ that their information

security measures are effective. More than 40% said that they

considered brand and reputational damage to be the main risks

of a data breach with just 0.8% saying they would consider job

loss their primary concern. Brand protection from cybercrime will

be an important discussion point at this year’s Secure Computing

Forum.

Other notable stats highlight that businesses are concerned

about the risk of data loss or disclosure as a direct result of

cybercrime, with 55% stating that this was their main concern.

Other causes of concern were DDoS attacks – which recently

plagued Irish government and public sector websites and the

national lottery – social engineering and data destruction.

Although almost half of respondents stated that they were

concerned about attacks through the supply chain, nearly a

quarter (23%) do not build specific requirements for information

security into the contracts of third party suppliers. This is a 12%

increase from last year’s research, and highlights that businesses

are at even higher risk of a breach in the supply chain, the cause

of many high profile breaches such as the attack on retail giant

Target.

Micheal O’Hara, group managing director, Data Solutions,

said: “The results of this survey present an interesting and

worrying picture of the current state of the Irish information

security landscape and the approaches being taken by companies

to protect themselves. The Secure Computing Forum will focus

on where Irish businesses are falling short and what they need to

do to ensure their infrastructure is safe.

“The fact that 80% of businesses are upgrading and changing

their security infrastructure is reassuring,

but it begs the question what are the other

20% doing? Cybercriminals are forever

changing their approach and businesses

need to constantly adapt to keep up.

“93% say that they would never pay a

ransom, but faced with the reality of an

actual ransomware attack I think you’d find

most would. Every business has sensitive or

mission critical data and ultimately it would

come down to a business decision if that

was under threat. Less than 10% have

complete confidence in their information

security measures and this highlights the

pressing need for companies to take the

threat of these and other forms of

cyberattacks more seriously.”

Tickets for Ireland’s largest annual IT

security event the Data Solutions Secure

Computing Forum are available at

http://securecomputingforum.ie/. The

event takes place in the Round Room at the

Mansion House, Dawson Street, Dublin 2 on

12th May.

4

VOL 5 ISSUE 1


Ward Solutions predicts €1.2M

revenue from new ISO 27001

• Ward is first and only provider in Ireland recognised as an ISO 27001 Associate

Consultant Partner by the British Standards Institution

• Ward invested €50,000 in training staff for certification

Pat Larkin, CEO, Ward Solutions.

Ward Solutions, Ireland’s leading information security

provider, today announces the launch of its new

ISO 27001 consultancy service. It is forecasting

that this service will lead to new revenues of

€1.2M from its security consultancy business within the next

year.

The launch of the new service follows Ward’s investment of

€50,000 in ISO 27001 certification training for staff. More than

ten of Ward’s employees are now ISO 27001 accredited, and

the provider has now been recognised as an Associate

Consultant Partner by the British Standards Institution (BSI), the

organisation that oversees the certification process.

This partnership distinguishes Ward as the first and only

information security provider in the Republic of Ireland certified

to offer ISO 27001 consultation services to organisations hoping

to receive the accreditation. Ward Solutions will be identified to

new customers by the BSI as a specialist that can help with the

certification procedure.

Ward Solutions will offer two forms of consultation. The first

will be for organisations testing if they are ready to be assessed

by the BSI, and will consist of a review by Ward to establish this.

The second will be offered to companies in the early stages of

preparation towards becoming ISO 27001 compliant. Ward

Solutions will offer these companies comprehensive step-by-step

consultancy through the complex accreditation process.

Pat Larkin, CEO, Ward Solutions, said: “Irish enterprises and

government bodies are increasingly making ISO 27001

accreditation a mandatory requirement to work with them as

part of their supply chain assurance. As the only company in

Ireland to be recognised as an Associate Consultant Partner by

the BSI, Ward Solutions can provide clients with unique

guidance towards accreditation, something that will provide us

with a strong competitive advantage in Ireland.

”This new service will also allow us to grow our security

consultancy business significantly over the next year as we

forecast new revenues of €1.2M from this service alone. Our

pipeline is very strong as a large number of new and existing

customers are looking to become accredited this year.”

John Whyte of the British Standards Institution said, “Prior to

last year we didn’t have any ISO 27001 Associate Consultant

Partners in the Republic of Ireland and we’re delighted to offer

this to Ward Solutions. This accreditation highlights Ward’s indepth

and unique expertise in the Irish market to provide

consulting services to companies seeking to become ISO 27001

compliant.”

“ISO 27001 is the international benchmark for information

security management systems. It offers a way for companies to

set themselves apart from their competition by exceeding the

industry standard. Ward’s new consulting service will remove

the complexity associated with achieving this standard and will

enable more Irish organisations to become ISO 27001

compliant.”

About Ward Solutions

Ward Solutions is Ireland and Northern Ireland’s largest

information security provider with offices in Dublin, Belfast

and Ennis. It provides a comprehensive range of security

services including security auditing, consulting, incident

response, secure managed services and software

development services. It has the largest team of

information security specialists in Ireland providing a

highly responsive service to more than 300 leading private

and public sector organisations. www.ward.ie

About BSI

BSI (British Standards Institution) is the business standards

company that equips businesses with the necessary

solutions to turn standards of best practice into habits of

excellence. Formed in 1901, BSI was the world’s first

National Standards Body and a founding member of the

International Organization for Standardization (ISO). Over

a century later it continues to facilitate business

improvement across the globe by helping its clients drive

performance, manage risk and grow sustainably through

the adoption of international management systems

standards, many of which BSI originated. Renowned for its

marks of excellence including the consumer recognized

BSI Kitemark, BSI’s influence spans multiple domains

including Aerospace, Automotive, Built Environment,

Food, Healthcare and IT. With 80,000 clients in 182

countries, BSI is an organization whose standards inspire

excellence across the globe. To learn more, please visit

www.bsigroup.com

VOL 5 ISSUE 1

5


MHC Tech Law: What will the

General Data Protection Regulation

mean for business?

Mason Hayes & Curran introduces the General Data Protection Regulation, which

was agreed upon at the end of last year, and looks at what it will mean for businesses.

In December 2015, three years after the first draft was proposed,

and almost 20 years since the Data Protection Directive was

adopted, EU lawmakers came to agreement on the reform of data

protection law. The new General Data Protection Regulation

(GDPR) was agreed upon and is currently in the process of

formalisation and translation.

The General Data Protection Regulation is expected to come into

force in 2018. Let’s take a look at this piece of legislation and some

of the implications for businesses.

What is the General Data Protection Regulation?

The GDPR will replace the current Data

Protection Directive.

As a Regulation, and unlike the preceding

Directive, it applies directly. This means that

the GDPR does not need to be implemented

through each member state’s national law.

This should reduce the level of national

variation in relation to data protection law,

though it will not eliminate it entirely, as

member states retain some discretion in

certain areas

The GDPR will comprehensively regulate

data protection throughout the EU (with the

exception of data processed for law

enforcement purposes). The GDPR builds

upon familiar concepts and rules in the Data

Protection Directive, but in many ways it goes further. It has wider

scope, standards have been raised, and sanctions are much higher.

What does it mean for businesses?

With a greater level of harmonisation of laws across the EU, it should

be easier for businesses that sell goods or services across the EU to

take a unified approach in multiple EU states. However, the

compliance burden is generally greater than that currently in place,

so many organisations will have to review and enhance their existing

practices.

In particular, the introduction of the ‘accountability’ principle

means that affected organisations will have to work on their internal

compliance, including record keeping and, for some, the

appointment of a data protection officer.

Businesses have some time before the GDPR comes into effect.

However, getting to grips with a new compliance framework takes

time and, when developing any new products or projects, an eye

should be kept to the future.

Why is it important?

The GDPR represents the future of the regulation of data protection

in the EU. It is particularly important for two reasons. First, the GDPR

has a very wide scope and will capture both data and companies

that previously fell outside the realm of EU data protection

Under the GDPR, a failure to adequately protect

data could lead to large fines.

regulation. Second, the potential fines under the GDPR are

extremely high.

The GDPR provides for a two-tier system of fines, depending on

the type of non-compliance. For the lower tier of offences, a fine up

to the higher of €10m or 2pc of the organisation’s total worldwide

annual turnover in the previous year may be imposed. The lower tier

of offences includes breach of privacy by design obligations, the

rules relating to processor contracts, record-keeping obligations and

processing security requirements.

For the upper tier of offences, there is potential for fines up to the

greater of €20m or 4pc of the organisation’s total worldwide annual

turnover in the previous year. Offences that

attract the higher level of sanction include

breaches of the basic principles for

processing, including conditions for consent,

infringing data subjects’ rights and unlawful

transfers to countries outside the European

Economic Area.

For group companies, the percentage fine

seems to attach to the turnover of the group,

not just the individual company in question.

For large multinationals, this is a particularly

significant deterrent.

There are a number of factors that the data

protection authority must consider when

deciding the amount of the fine to be

imposed, including:

• The nature, seriousness and duration of the infringement

• Whether the infringement was intentional or negligent

• Actions taken to mitigate the damage suffered by data subjects

• Relevant previous infringements

• Whether the wrongdoer co-operated with the data protection

authority

• The categories of personal data affected.

What next?

As the finalisation and translation of the GDPR is currently in

progress, we can expect the GDPR to be formally adopted in the

coming months.

The Article 29 Working Party (the group of EU data protection

regulators) has released a statement indicating that its priorities will

be:

Setting up the new European Data Protection Board. The Board

will replace the Article 29 Working Party and have an enhanced role

under the GDPR

Preparing the one-stop shop and consistency mechanism.

Issuing guidance, in particular on data portability, the notion of

‘high risk’ and data protection impact assessments, data protection

officers and certification.

Communication relating to the new European Data Protection

Board and the GDPR.

6

VOL 5 ISSUE 1


Atlantic Bridge Capital confirms a

new €140m fund for tech

companies

Atlantic Bridge Capital has confirmed the

first close of Atlantic Bridge III, a €140m

fund for technology companies with the

potential to scale globally in the areas of

big data, internet of things (IoT), robotics and cloud

computing.

The Dublin-based fund will invest in up to 20

European companies.

Investments are already closing in seven

companies.

The fund will focus on scaling Irish and European

companies in high-growth enterprise technology

sectors such as cloud, big data, augmented and

virtual reality software, robotics and IoT.

“We already have a number of pipeline

investments identified for the fund and are

confident that this will build on the track record of

success of our previous Funds,” explained Brian

Long, managing partner of Atlantic Bridge.

“As a growth equity stage fund, Atlantic Bridge III

will focus on taking companies with a solid and

exciting business model to the next level, scaling

them into key international markets like the US and

China.”

The project is supported by the Department of

Jobs through Enterprise Ireland.

Participants in the new fund include existing Atlantic Bridge

investors, the Ireland Strategic Investment Fund, Enterprise

Ireland and the European Investment Fund, along with new

institutional investors, including British Business Bank Investments

Limited, the commercial arm of the British Business Bank, and a

number of institutional pension funds.

Dublin's Atlantic Bridge has closed a major fund worth €140m which it will use

to invest in companies in cloud, big data, robotics and internet of things.

Brian Long, managing partner, Atlantic Bridge Capital, with Minister for Jobs, Enterprise and

Innovation Richard Bruton ,TD, and Kevin Sherry, executive director at Enterprise Ireland. Photo:

Maxwell Photography.

AIB is also a new investor in the Atlantic Bridge

III fund.

In February, we reported that the organisation was close to

closing a major fund.

Atlantic Bridge Capital is a global technology fund with more

than €400m of assets under management across four funds,

investing in technology companies in Europe. Headquartered in

Dublin, it has offices and staff based in London, Silicon Valley,

Beijing and Hong Kong.

Using its international platform and “Bridge model”, the

venture capital firm has scaled a range of European companies

into the US and Chinese markets

Examples of scaled Atlantic Bridge portfolio companies

include Movidius, FieldAware, PolarLake, Metaio, Swrve and

Glonav.

Atlantic Bridge currently has more than 20 companies in its

funds’ portfolio and has achieved 12 realisations with proceeds

totaling over €1.7bn.

“The Atlantic Bridge model of connecting Irish technology

companies with key global markets makes it a key component

of the funding landscape and we are excited to continue our

partnership with Atlantic Bridge for Fund III, following the

strong performance achieved by Fund II,” said Eugene

O’Callaghan, director of the Ireland Strategic Investment Fund.

“This investment aligns with our dual objectives of generating

economic impact and financial returns and we look forward to

seeing it support rapidly growing Irish companies in accessing

customers, investors and partners in global markets in the US,

China and Europe.”

VOL 5 ISSUE 1

7


Deciphering the puzzling

future of data security

From hackers to unencrypted smartphones and the

spectre of full-scale cyber warfare, the future of data

security is set to be a complex one that will affect us all.

What is the future of data security?

The question is both naïve and unfathomable. Asking the

question in the first place means being ignorant of the reality

that the battle between victims and those who threaten us is a

neverending one. There will never be a full stop.

The World Economic Forum named cyberattacks one of the

greatest threats to businesses and ranked it as a risk higher

than terrorist attacks, explained Theresa Payton, who was CIO

for the White House during the Bush administration from 2006

to 2008 and is now one of America’s leading cybersecurity

experts and CEO of Fortalice Solutions. “The world’s leaders

know that attacks on private sector companies will damage a

country’s economic wellbeing,” she said.

In February 2016, US president Barack Obama gained

Capitol Hill support for a budget increase of $5bn in additional

cybersecurity spending. This brings the cybersecurity budget

to $19bn in 2017 for the US government. “President Obama

said that data breaches and cybercrime are, ‘among the most

urgent dangers to America’s economic and national security’,”

explained Payton.

Backdoors are bad ideas. Weakening

encryption is an old-school argument

and I’m not sure that’s even what the

FBI wants’

Theresa Payton, Former White House

CIO.

“Up until recently, most data

Theresa Payton, former

breaches did not result in a long-term

White House CIO and CEO

financial impact on the victim. Once

of Fortalice Solutions

the victim cleaned up the breach and

accounted for expenses, usually stock prices or market

reputation returned to previous levels. The status quo will

change and the financial impact going forward is very real and

morphing with today’s threats,” she warned.

Payton cited IBM’s latest study, which revealed the average

cost of a breach rose to $3.8m in 2015. A recent study by

SkyHigh Networks asked companies if they would pay cybercriminals

in the event of a ransomware attack and almost 25pc

said yes, and 14pc of those said they would pay more than

$1m to get their data back.

Under constant threat

Terry Greer-King, the director of cybersecurity at Cisco UK and

Ireland, revealed that there are 3bn Google searches daily and

19.7bn threats detected in the wild every day. The tech sector

is trying to pare down the current industry benchmark for

threat detection but, at the moment, the bad guys have an

average of 100 days to do their worst before a threat is

discovered. Considering that the world in 2030 may have

500bn connected devices through the evolution of the internet

of things (IoT), the threats are only going to skyrocket.

“We are now in the realm of shadow IT where the internet

and devices from fridges to phones and thermostats are all

connected to clouds of clouds, and organisations don’t know

what apps employees are downloading, and businesses are

buying services without talking to IT,” said Greer-King. “The

truth is IT can’t control any bit of technology anymore.”

Paraphrasing Cisco chairman John Chambers, Greer-King

added: “There are only two organisations in the world today:

those that have been hacked and those that don’t know

they’ve been hacked.”

‘There are only two organisations in

the world today: those that have been

hacked and those that don’t know

they’ve been hacked’

– TERRY GREER-KING, CISCO

According to Cisco’s Annual Security

Report for 2016, cyberattacks continue Terry Greer-King, Cisco’s

to be a profitable business for cybercriminals,

who are refining the way security.

European expert on IT

they attack back-end infrastructure.

Last year, Cisco, with the help of Level 3 Threat Research and

Limestone Networks, identified the largest Angler exploit kit

operation in the US, which targeted 90,000 victims every day

and generated tens of millions of dollars a year by demanding

ransoms off victims. Cisco estimates that, currently, 9,515

users in the US are paying ransoms every month, amounting to

an annual revenue of $34m for certain cybercrime gangs.

The public face of a breach

Greer-King explained that 60pc of the “bad stuff” occurs

within the first few hours of an attack happening, when the

cyber-thieves gain access to a company system and accounts

get stolen or compromised. But remember, the industry

average for detecting a breach is 100 days, long after this

damage has been done.

At the rate at which attacks are accelerating, it is going to

be a case of when, and not if, an organisation’s capacity for

crisis management will be tested. How an organisation reacts

in the first 48 hours of detecting an attack or breach will be

revealing, not only for customers, but employees and

shareholders alike.

“It is like that old military analogy: even the best-laid plans

fall apart after the first five minutes of contact. Cool heads are

important and, unless people are tested and attacks are

simulated, you will never know what is going to happen in the

heat of the moment,” said Kris McConkey, PwC’s partner-incharge

of cybersecurity.

8

VOL 5 ISSUE 1


It is like that old military analogy, even

the best-laid plans fall apart after the

first five minutes of contact’

– KRIS MCCONKEY, PWC

Evidently, the march of technology is

creating chaos for CIOs and CSOs to

keep on top of, but the narrative is Kris McConkey, partner-incharge

of cybersecurity,

changing. CEOs and boards are now the

fall guys rather than IT professionals. PwC

McConkey posited that cyberattacks are

now a boardroom issue, citing the high-profile attack on Talk

Talk’s servers last year.

“In the UK, breaches like [the Talk Talk breach] have seen the

CEOs of companies suddenly propelled onto [current affairs

show] Newsnight and radio shows,” said McConkey. “This was a

seminal moment because it made boards realise that breaches are

no longer something that can be offloaded to the chief security

officer, but it is actually the boards themselves that are on the

spot when things can go wrong.”

You are the weakest link

Ultimately, the triggers for the biggest attacks and vulnerabilities

are people. No matter what elaborate security defences are put in

place, Accenture’s Bill Phelps explained that it is people – AKA the

‘wet firewall’ – who let the intruders in.

“There were con artists long before technology was ever on the

scene,” said the managing director and global lead for Accenture

Security, who tracks a natural evolution from this to the infamous

emails from Nigerian royalty and, today on social media, where

users try to persuade others to transfer money. “Today, we are

seeing mid-level executives being conned into allowing the bad

people in using phishing attacks.”

‘100pc defence is impossible, but it is

good to constantly test yourself against

mock adversaries’

– BILL PHELPS, ACCENTURE

Even senior US government officials

who ought to have been at the pinnacle

Bill Phelps, managing of awareness and protection – such as

director and global lead for the head of the CIA, John Brennan –

Accenture Security. were compromised and embarrassed

by amateur hackers. Individuals, as well

as businesses, need to be street smart, but also realise they

can’t protect everything.

“The battle space is so vast and takes in every person and

organisation,” said Phelps.“There are criminal gangs out to

steal your information or credit card numbers. Organisations

are staving off industrial espionage and front-running trading.

There are attacks on banks just to understand M&A activity,

and all of this is very specialised.”

And yet, all of the sophisticated defences in the world can

still be undermined by a human weakness, like falling prey to a

spear-phishing attack.

“It is an asymmetrical problem in which the defender has to

close every loophole, but the attacker has to only find one way

in. 100pc defence is impossible, but it is good to constantly

test yourself against mock adversaries.”

The devil is in the data

Mark Hughes, president of BT Security, said he believes

organisations need to prioritise what it is they are trying to

defend rather than locking down everything. He warned that

the era of security beyond the firewall will require granular

controls and privileges that define who can do what with the

data and where they can go with it.

“We are at a juncture where there is only a nuanced

understanding of the differences between sophisticated and

unsophisticated attacks,” he said. “Organisations are often so

busy trying to protect against mainstream, everyday malicious

activity that they are unprepared for the more sophisticated

targeted attacks.”

‘Organisations are often so busy trying

to protect against mainstream,

everyday malicious activity that they

are unprepared for the more

sophisticated targeted attacks’

– MARK HUGHES, BT SECURITY

The head of enterprise at Dropbox, Mark Hughes, president, BT

Ross Piper, is responsible for driving the Security.

US company’s growth in the enterprise

market, building on its presence in 97pc of Fortune 500

companies. Like Hughes, he believes the perimeter is no longer

the defensible part of the network. It’s all about the data.

Cloud services like Dropbox allow everyone from small teams

of creators right up to thousands of individuals in a corporation

to collaborate and share data on any device. In the past, this

would have given a CEO or CIO a heart attack, but the

productivity benefits and the inherent security to protect data

in the cloud have evolved in ways that could frustrate attackers.

‘This is a precursor to a fundamental

shift in security models that we’ve been

talking about for decades but which is

finally coming to fruition’

– ROSS PIPER, DROPBOX

“If you take a 400MB video as an

example. What we do when a user Ross Piper, head of

saves that into Dropbox is we actually enterprise at Dropbox.

break that into a hundred 4MB file

blocks. Each of those file blocks is individually encrypted. They

are stored at random within the storage service with 1bn new

files per day. Imagine 1bn files – that’s well more than 10bn

file blocks,” Piper explained.

To illicitly access a specific file on this service, a hacker

would have to get through the encryption tunnels, find the

right 100 4MB blocks amongst tens of millions of file blocks

saved that day, and individually unencrypt each one of them.

This intelligent breaking up and sequencing of blocks of data

represents the future of security in the cloud.

“This is a precursor to a fundamental shift in security models

that we’ve been talking about for decades but which is finally

coming to fruition,” said Piper.

Protection vs privacy

It’s not just the growth of data that concerns security

professionals and consumers, but the growth of datacollecting

devices. “More devices will simply mean more ways

to attack. Nothing is going to be safe,” said Cisco’s Greer-

King. “There will be sensors everywhere to collect data,

connect cities and ultimately change the way the world

operates. But not every data point, not every sensor, will have

a firewall.”

With the advent of IoT and machine-to-machine (M2M)

technology, threats against seemingly harmless consumer and

industrial devices are already accelerating. According to PwC,

the number of attacks on embedded IoT devices among

companies it surveyed increased 152pc in 2015, yet only 36pc

of these companies had a security strategy for IoT.

VOL 5 ISSUE 1

9


‘We have smart TVs that we didn’t

realise had microphones built in. They

are invisible to us and we don’t know

who captures this data and what it is

being used for’

– DR DIRK PESCH, NIMBUS CENTRE

Dirk Pesch, head of the Dr Dirk Pesch heads up the Nimbus

Nimbus Centre, CIT. Centre at Cork Institute of Technology,

where more than 80 researchers are

working on the future of the internet of things. He believes the

Stuxnet attack on industrial SCADA control systems in nuclear

plants foreshadowed the world that is to come, but instead of

factories and utilities being attacked, it will be the systems we

invite into our homes.

Pesch offered the example of remote meter readings, where an

M2M device with a SIM sends your data to the electricity or

water company. “If hackers know what they are doing and can

breach the system, it won’t take long for an attacker to know if

your house is occupied or not,” he said.

“We have smart TVs that we didn’t realise had microphones

built in. They are invisible to us and we don’t know who captures

this data and what it is being used for. There are huge issues of

privacy ahead.”

How the information stored on the multitude of personal

devices set to occupy our homes in the future will be treated

could well be defined by the outcome of the present legal

wrangle between Apple, the FBI and the US Department of

Justice. The San Bernardino iPhone case could be the defining

issue of our age, technologically and personally, but former

White House CIO Payton said the issue may not be resolved to

the satisfaction of Silicon Valley.

“This is historic. The decision that comes out of this ultimately

decides how we fight terrorism in this country,” she said.

Payton said she thinks it is important to note that other

industries compelled by a court order to produce records have

implemented methods of compliance. “The banks had to create

processes and systems to respond to anti-money laundering

requests and more. The phone companies have had to create

ways to respond,” she explained.

While Apple CEO Tim Cook described the opening of

backdoors into encrypted devices as the “software equivalent of

cancer”, offering no guarantee that the keys will remain in the

hands of the so-called good guys, Payton had a different view of

this analogy.

“Backdoors are bad ideas. Weakening encryption is an oldschool

argument and I’m not sure that’s even what the FBI

wants,” she said. “The FBI is not asking Apple to unlock the

phone or to create a master key to use to unlock all phones.

What the FBI is asking for is for Apple to remove a barrier, to

remove one step, so the FBI themselves can attempt to unlock

the phone.”

Non-stop security

It’s no surprise that a smartphone has

taken a central role in defining

information security, as millions of

people are now living their lives

through these devices. With the

evolution of mobile wallets, fingerprint

biometric security – once seen as sci-fi –

Tim Cook, CEO of Apple.

is now a reality, and companies from

Amazon to MasterCard are

experimenting with even more new ways to authenticate

payments.

“Payment technologies have never been safer, but criminals

have never been smarter,” said Bob Reany, executive president

of Identity Solutions at MasterCard. “Most of us can agree that

passwords are a real problem. “People forget them often and

it’s a pain to go through the retrieval process.”

Conceding that there is no silver bullet to fight fraud, Reany

said MasterCard implements multiple layers of protection to

protect users every time they pay. Following a trial in the

Netherlands, the credit card brand is rolling out a selfie security

system in 14 territories this summer, in an effort to move away

from the prevalence of passwords.

“I wish passwords were passé!” said Payton, though she’s not

yet satisfied with the proposed alternatives. “I am quite wary of

biometric data until the vendor devices, the storage, and

collection of biometrics are locked down and safe.”

And even if biometrics technology is a step in the right

direction, it is likely cyber-criminals are already working on a

way to circumvent it. “The moment we roll out selfie and big

data, behavioural-based analytics for authentication, it’s time to

go back to the drawing board to invent the next approach,”

concluded Payton.

What

makes

Ireland

the

ultimate

data

centre

capital of

Europe?

We regularly hear that Ireland has

established itself as the ‘data capital

of Europe’, with many of the world’s largest

tech companies basing data centres here,

but what exactly do we know about them?

Ronan Harris, head of Google Ireland,

recently described the country as the data

capital of Europe and, going by industry

reports, it’s hard to disagree.

Specifically, a detailed report published

by global data analyst group 451 Advisors

in 2013 predicted that Ireland’s data centre

industry would overtake the UK and

mainland Europe locations, with a growth

rate of 18pc over the coming years.

What makes a good data centre?

One of the key reasons Ireland is seen as a

good location in which to establish vast

warehouses full of servers is down to the

cold weather that many of us complain

about on a regular basis. Additionally, you’ll

find most Irish data centres clustered along

the M50 motorway, which mirrors the

route of the T50 fibre trunking system

running from north to west Dublin.

While cooling and connectivity are

essential for operations, there are other

technical standards that comprise Irish,

and, indeed, any, data centres.

For example, square footage and energy

usage contributes to what standard a data

centre finds itself in. One such standard

scrutinised by potential clients is power

usage effectiveness (PUE), which divides

the total facility energy into its IT

equipment energy with the most ideal

score being 1.0.

10

VOL 5 ISSUE 1


5 tips to help protect your business

from cybercrime

Businesses of all sizes are at risk from the ongoing threat of cyberattacks and the theft

of sensitive data. George O’Dowd from Novi Technology details the risks businesses

face from cybercrime and the steps they can take to protect their business.

Many businesses have fallen victim to security breaches

without their knowledge. An ageing infrastructure and

a growing trend in the automation of cyberattacks –

making them smarter, harder to detect and more

widespread – is contributing to the increasingly delicate security

environment.

SMEs in Ireland are taking risks with their reputation and their

ability to conduct their business by overlooking the dangers of

cybercrime. A recent survey by Zurich Insurance revealed that

nearly half of SMEs surveyed didn’t feel that they needed to

protect their business against cyberattacks, despite listing data

protection as one of their biggest concerns.

Small and medium-sized business owners need to become

acutely aware that they are as likely to be hit with cybercrime as

their bigger competitors but they are less equipped financially

and operationally to absorb the impact.

Below are some of the ways criminals can gain access to your

data – and what you should do to protect yourself.

1. Malware

Using malware hackers can silently transfer your customer data or

intellectual property to external servers where it is collected and

sold for substantial gains. More often than not employees provide

access to systems by clicking on a compromised email or a

disguised file download.

2. Unprotected systems

Criminals can also get inside your network by targeting security

vulnerabilities on unpatched devices. Many businesses have fallen

victim to ransomware, whereby company data becomes

encrypted, leaving the business paralysed unless a ransom is paid

to criminals for the unlocking key.

Nearly a quarter (23pc) of Irish organisations have been held to

ransom by a hacker, and yet the vast majority (93pc) assert they

would never pay a ransom.

3. Exposed Wi-Fi access

Poorly configured wireless access points are often an easy way to

access corporate networks from outside the building, and in

some situations guest access is not partitioned from internal

systems, leaving company data exposed. Organisations, small

and large, should implement more complex password policies

that need to be regularly changed.

4. Unsecured devices

Laptops should be encrypted and you should be wary of the

devices you allow to connect to your internal wireless network.

5. Data storage

If you are using cloud-based service providers ensure they are

credible and that your data is encrypted and protected offsite.

For online businesses it is important that you don’t store

customer payment data on your servers, ensure servers are

regularly patched and updated and consider implementing

safeguards against distributed denial of service (DDoS) attacks. A

DDoS attack consists of hundreds if not thousands of connections

being made to your systems at the same time, causing them to

become overwhelmed and unusable, which can lead to

significant loss by forcing your website offline.

Firms need more focus on detecting IT attacks, event hears

The biggest information technology security challenge for

companies is detecting and responding to threats, according to

Rob Sadowski, director of marketing at security company RSA.

However, many businesses are still wrongly focused on outdated IT

security tactics, trying to prevent attacks by using antivirus software

and firewalls rather than aiming to detect inevitable intrusions and

then prevent or contain damage, he said in an interview at the

company’s annual RSA Security Conference in San Francisco.

“Defences are often built for yesterday’s IT,” he said.

“Companies are warming to that idea that it now isn’t if, but

when, they will be attacked. But for that not to be a fatalistic point of

view, what do you do?”

The goal is to have systems, and increasingly, well-trained IT

specialists in the company that can recognise an attack when it is

happening, and detect it as early as possible to limit loss, he said.

A recent survey of companies by RSA indicated three out of four

organisations were “very dissatisfied with their ability to detect and

investigate those threats,” Mr Sadowski said.

VOL 5 ISSUE 1

11


Zinopy launches 'inSIght'

To help organisations to manage, monitor and measure their IT Security

posture and Systems performance.

For over a decade, Zinopy has been

Ireland’s Market leading Solutions

Advisor and Services Provider of

Information Security and

Virtualisation Technologies.

We have used our experience and

expertise to bring to the market Ireland’s

first Managed Operational Service called

“Zinopy InSIght”.

Zinopy InSIght has been designed to

deliver Business Outcomes through

Operational Excellence in both

Information Security and Citrix

Virtualisation.

Zinopy InSIght – Security

Intelligence

John Ryan, CEO, Zinopy: “We recognised

there was a gap in the market based

on security skills shortage, rise in

cyber attacks – in both sophistication

and volume – and an increase in the

complexity of today’s security

landscape. Our managed security

service is founded on Security

Intelligence and Analytics and it

provides organisations with full

visibility of their network so that they

can detect intrusions in real time and

respond to breaches effectively”.

Zinopy InSIght – Systems

Intelligence

Book your FREE consultation & demo with Zinopy to discover how our

managed security intelligence service can keep your organisation secure.

Email: ibmsecurity@zinopy.ie stating code ZinopyISO-01

Aidan McEvoy, Sales Director,

Zinopy: “We have been Ireland’s

Citrix Platinum Partner for over 10

years and have consistently invested

in the best and brightest talent in

the country; we are uniquely placed

to offer a world class service to our

customers. “Our goal is to help our

Customers deliver a consumer type

experience to their IT users through

the use of innovative tools, business

oriented processes and an

enthusiastic and experienced team

of people with one common

imperative - to deliver a great

Customer Experience”.

The Zinopy inSIght Centre is

based at our dedicated facilities in

Dublin using industryleading

innovative technology, providing

the backbone for Zinopy’s managed

services.

Contact Zinopy to discuss your

business requirements:

Phone: 01-8976750

Email: info@zinopy.ie

Web: www.zinopy.ie

12

VOL 5 ISSUE 1


EXHIBITOR DIRECTORY

SPONSORED BY

Arkphire &

Edgescan

Tel: +353 (0) 1 207 5700

Email: rita.martin@arkphire.com

Website: www.arkphire.com

Certification

Europe Ltd

Tel: +353 (0) 1 642 9300

Email:

info@certificationeurope.com

Website:

www.certificationeurope.com

Managed Security Service

2015 was a year of serious security breaches;

Arkphire with edgescan can help prevent you

from getting hacked while continuously protecting

your business and client data.

Edgescan is a Managed Security Service

providing full stack coverage on both network and

applications with continuous vulnerability

assessment. It detects technical vulnerabilities and

weaknesses before the hackers do. This is a hybrid

offering as a managed service with human

validation (edgescan security analysts) supporting

customers globally. The combination of Arkphire’s

ICT expertise with edgescan will provide an overall

comprehensive solution to address the growing risk

from insecure web applications and hosting

environments.

Arkphire combines their Managed Service

Certification Europe is an accredited ISO

Certification Body serving a wide range of

clients from SME's, Multinationals and

Government bodies. Certification Europe

awards certification against a range of ISO

Standards giving you a competitive advantage

as well as driving quality, innovation & cost

savings. ISO standards have helped company’s

open up export markets and increase brand

recognition and prestige.

Proud of our expertise, we are considered an

authority in Energy Management (ISO 50001),

Information Security (ISO 27001),

Environmental (ISO 14001), providing

assessments as well as public and bespoke

offerings with edgescan’s SaaS-based vulnerability

management platform. The edgescan family offers

advanced scanning technology with expert website

and server security analysis, to enable customers to

identify, prioritise, manage and remediate

vulnerabilities. With a SaaS solution, customers can

focus time and resources on the execution of other

information security and ICT activities.

Of all the vulnerabilities discovered by in 2015,

63% could have been mitigated via patch,

configuration and component management

combined. Edgescan detects security weakness

non-stop.

ISO27001 focuses on "continuous improvement",

so does edgescan. Talk with us today and feel free

to measure your cyber resiliency and posture

improvement with the edgescan vulnerability

management service

training courses in these areas.

We partner with our clients to ensure their

ISO certification becomes a valuable asset.

With headquarters located in Dublin, we have

local offices in the United Kingdom, Italy,

Turkey and Japan.

CloudAssist

Tel: +353 (0) 1 685 2556

Email: info@cloudassist.ie

Website: www.cloudassist.co

CloudAssist is a certified Microsoft Cloud Depl

oyment Partner and is an Office 365 migrator

for Microsoft Exchange and Sha repoint with a

user-centric approach for improved Business

Process efficien cies and cost savings while

achieving ISO27001 level of IT security includi

ng digital signatures and Mobile Device

Management MDM.

We assist our clien ts to adopt the many

cloud features of Office 365 and 3rd party addons

so that their users are more connected

both internally in the organisation and with

external users such as suppliers, partners and,

most importantly, the ir customers. Our aim is

to help our clients to get the most of their

inves tment in Office 365 by understanding

the business needs and their own cloud

readiness. CloudAssist is eligible to provide

Office 365 and SharePoint De ployment

Planning services for clients with more than 50

users which is wor th up to €3K towards their

migration to Office 365 along with furth er

grants for enterprises with more than 150

Office 365 seats and clients w ith Enterprise

Agreements. CloudAssist is the Proud sponsor

of the non-pro fit initiative, Just Social, (Social

Tech donations for Irish Charities) which

includes Microsoft Office 365

CalQRisk

Tel: +353 (0) 61 477 888

Email: enquiries@calqrisk.com

Website: www.calqrisk.com

CalQRisk was established to provide

organisations with world class Enterprise-wide

Risk Management software solutions-enabling

them to identify and manage risks to the

achievement of their objectives.

Using CalQRisk, our flagship product, we

provide access for clients to an extensive

knowledgebase of risks and associated controls

allowing them to measure and improve their

risk management capability. Our

knowledgebase is the product of the

experience and wisdom of over forty subject

matter experts. It continues to grow as

additional sectors are addressed.

Included in our rich knowledgebase are the

risks and associated controls that would be

expected to be in place in organisations that

are ISO27001 compliant. If you are planning to

seek accreditation to this standard you can

carry out a self-assessment simply by

answering the questions in our risk question

sets. The CalQRisk Dashboard will quickly tell

you those areas that need to be addressed to

ensure you are compliant.

For tools to support your Governance, Risk

and Compliance efforts contact us today.

16

VOL 5 ISSUE 1


EXHIBITOR DIRECTORY

SPONSORED BY

Integrity360

Tel: +44 (0) 1 2934 0207

Email: info@integrity360.com

Website: www.integrity360.com

Now in its tenth year, Integrity360 has grown

consistently year on year since its

establishment in 2005, highlighting its position

as the largest IT security specialist in Ireland,

and the fastest growing in the UK.

The company offers a complete 360 degree

security services offering which includes

Managed Security, Security Testing, Incident

Handling, Security Integration and

Governance, Risk & Compliance services.

Its enterprise clients can be found in all

business verticals and include some of the

largest and most well-known brands in the

country.

IT Governance

Ltd

Tel: + 44 (0) 8450 701 750

Email:

servicecentre@itgovernance.co.uk

Website: www.itgovernance.co.uk

IT Governance is one of the foremost global

providers of information security and ISO

27001 solutions.

Our strong focus on consultancy, training,

penetration testing, software, tools, resources

and guides, combined with flexible and costeffective

delivery options, provide a unique,

integrated alternative to the traditional

information security provider.

Having led ISO 27001 implementations since

the inception of the Standard, our strong

global presence gives us the knowledge and

insight to provide valuable advice, tailored to

meet any organisation’s specific needs and

budget. We have helped hundreds of

companies worldwide achieve ISO 27001

certification, while many thousands of

organisations use our products daily to help

them tackle ISO 27001 implementation

projects.

Laztech IT

Services

Tel: +353 (0) 1 525 3627

Email: carmel@laztech.ie

Website: www.laztech.ie

Laztech IT Services is an IT Managed Services

provider.

Our mission is to provide peace of mind to

our clients. We consider ourselves to be the IT

Department to our clients. Through

collaboration we aim to ensure that IT systems

are managed to the highest level of efficiency

and performance, whilst maintaining data

security. We are determined to deliver

innovative, practical and cost-effective IT

solutions that improve business performance.

Our services include:

• Telephone, Remote, Offsite & Onsite

Support / Fully Managed Services

• Data Encryption, Virus Protection & SPAM

Filtering

• Data Protection Compliance

• Online Backup & Disaster Recovery / Cloud

& Web Services

• Hardware & Software Sales / Virtualisation

• Consultancy & project Management

Logicalis Ireland

Tel: + 353 1 295 8966

Email: info@ie.logicalis.com

Website: www.ie.logicalis.com

Logicalis is an international IT solutions and

managed services provider with a breadth of

knowledge and expertise in security services, data

centre and cloud services, and managed services.

Our IT security practice delivers a range of

services that will help your organisation to reduce

risk, ensure compliance, and secure sensitive data

and systems across all platforms. We will protect

your network, safeguarding the perimeter, critical

internal assets, data, remote users, customers and

partners. Our services provide key controls for

regulations including PCI, ISO 27001 and 27002.

Logicalis has specialised solutions for

enterprise and medium-sized companies, across a

range of vertical markets. Depending on your

requirements, we can augment your existing

security team or we can manage your entire

security environment. Our services include

security consultation, round-the-clock monitoring

and management of intrusion detection systems

and firewalls, overseeing patch management and

upgrades, performing security assessments and

security audits, and responding to emergencies.

We maintain strong partnerships with

technology leaders such as Cisco, IBM, HP, CA

Technologies, NetApp, Microsoft, Oracle,

VMware and ServiceNow on an international

basis.

For more information, visit

www.ie.logicalis.com.

VOL 5 ISSUE 1

17


EXHIBITOR DIRECTORY

SPONSORED BY

MM Barcoding Ltd

Tel: +353 (0) 1 846 2902

Email: mrtnmulligan@gmail.com

Website: www.mmbarcoding.com

MM Barcoding (Ireland) Ltd is a long

established company specialising in automatic

identification.

We supply a full range of barcode printers,

scanners,verifiers,label making and asset

tracking software as well as portable on line

validation systems.

In line with our policy of continuous product

development,we have just launched our new

unique printer with on board barcode

verification which ensures that no barcodes are

produced which will fall below the required

quality.

All products are backed by our in field

service network supplying on site

service,maintenance and parts.

Sungard

Availability

Services

Tel: +353 (0) 87 762 9861

Email:

ciara.conifrey@sungardas.com

Website: www.sungardas.ie

Sungard Availability Services (“Sungard AS”) is

a leading provider of critical production and

recovery services to global enterprise

companies.

Sungard AS partners with customers across

the globe to understand their business needs

and provide production and recovery services

tailored to help them achieve their desired

business outcomes.

Leveraging 35 years of experience, Sungard

AS designs, builds and runs critical IT services

that help customers manage complex IT,

adapt quickly and build resiliency and

availability. Visit Sungard Availability Services at

www.sungardas.ie or call (+353) 01 467 3650.

Connect with us on Twitter and our Blog.

Ward Solutions

Tel: +353 (0) 86 1843 722

Email: info@ward.ie

Website: www.ward.ie

Ward Solutions are an information security

consultancy and system integration company.

We help organisations protect their brand,

people, assets, intellectual property and profits

by identifying the threats, and minimising the

risks that they face.

Zinopy

Tel: : + 353 (0)1 897 6750

Email: info@zinopy.ie

Website: www.zinopy.ie

Zinopy is one of Ireland’s leading IT solution

and service providers and specialist in driving

business agility through Security, Virtualisation,

Mobility and Managed Services.

Zinopy offers a unique blend of deep

industry knowledge and specialist technology

expertise to deliver real business value to

organisations of all sizes across a wide range of

commercial sectors.

The company has 25+ years’ experience in

delivering security solutions and managed

security services to Irish businesses across a

range of verticals in the Public and Private

sectors, including Data Security, Data

Classification, Identity and Access

Management, Application Security, Email and

Web Security, Advanced Threat Protection,

SIEM, Intrusion Prevention and Detection and

Secure File & Data Sharing.

Zinopy is Ireland’s leading Citrix Platinum

Solutions Advisor, an IBM Security Business

Partner and partners with an extensive range

of other world-wide leading vendors in the

virtualisation and security markets.

See www.zinopy.ie for more information.

18

VOL 5 ISSUE 1


Panama Papers show there’s no place

to hide in a data-centric world

The only guarantee of secrecy in the 21st century will be to have no secrets. In

what is the biggest data set to fall into the hands of journalists, a treasure trove of

data on tax avoidance and dodgy dealings by the so-called great and good has

been laid bare.

The 2.6 terabyte leak of Panama-based shell company

Mossack Fonseca has rocked the establishment

worldwide, revealing a tawdry industry that involved

banks, legal firms and asset management companies all

centred on managing the estates of a motley crew of well-heeled

types ranging from FIFA officials to politicians, celebrities,

professional athletes, property developers and more.

The revelations have even led to calls for the prime minister of

Iceland Sigmundur Daví? Gunnlaugsson to step down and

brought 10,000 protestors to the streets after leaked documents

showed his wife owned a secret offshore company that had a

potential claim on the country’s collapsed banks.

It is a tawdry tale of offshore tax havens for rich and powerful

individuals, including, it is alleged, Russian president Vladimir

Putin and the late father of British prime minister David Cameron,

and shows how Mossack Fonseca allegedly helped clients launder

money and avoid paying taxes for 40 years.

The unfolding drama could potentially touch nerves in every

country.

Panama Papers: the biggest data breach of its kind?

The interesting thing about the Panama Papers is that it signals a

new era in terms of data breaches and the impact they can have.

This has been labelled by the media as the biggest data breach of

its kind in history.

This data, in turn, was quietly studied by more than 400

journalists from more than 100 media organisations in over 80

countries who were part of the International Consortium of

Investigative Journalists.

They have spent the past year studying more than 11.5m

documents relating to Mossack Fonseca and the companies

linked to it.

What we are witnessing is merely the tip of the iceberg as more

and more data will get analysed and deciphered by not only 400

journalists but a growing army of volunteers on sites like Reddit

who are only too happy to stick it to the man.

For example, Reddit is currently recruiting translators who can

help translate documents from Spanish, Dutch and Brazilian

Portuguese.

Crucially, the entire drama signals a new era for the

whistleblower and could dwarf even the Snowden revelations or

the Wikileaks Cablegate in 2010.

What is unclear is how the data got out there, was it the work

of an insider or whistleblower or the work of a sophisticated hack

made possible by the most basic but insidious of phishing

attacks?

But what is very clear is this: a new benchmark in how data

matters has been established. A digital trail can be a definitive

trail.

And the very notion of corporations, banks, legal firms and

assorted advisers hiding a digital trail of sensitive breadcrumbs for

no one to follow is a fairytale.

A tawdry digital trail mulled over by hundreds of journalists and now a

growing army of Reddit volunteers shows secrecy is a 21st-century

fairy tale.

20

VOL 5 ISSUE 1


Staying In Business

Setting the Scene

You arrive at work and everybody is standing in the car park,

your building looks fine, but your neighbour’s building is

billowing smoke and flames. The fire chief says nobody is

allowed within 100 meters of the building. Your IT manager is

there, looking pleased, you enquire. He says “Now aren’t you

pleased we spent all that money on the remote backup and

server replication. I just tested it last week and it’s all working

fine”. “But”, you say, “Where will we go?” With no place to

go how long will your customers wait for you?

West of the Shannon

For 9 years now Work Area

Recovery Solutions (WARS) have

been providing large and small enterprises with a “place to

go”. The WARS recovery centre is located in Ennis Co Clare

and includes an air-conditioned computer room with UPS and

generator backup, 5 individual rooms with a total of 200

desks, telephones and PCs. The model is simple; you pay an

annual subscription /seat and you come and test your

continuity plans. When disaster does strike, you are ready and

you have a place to go to continue providing service to your

customers.

WARS continue to invest in their recovery centre. In March

this year they completed the hardware re-fresh of the

equipment. 206 new Dell Optiplex 3040 PCs were purchased

and installed. This refresh ensures support for latest version of

operating systems can be imaged onto the PCs.

This refresh follows on from last year’s upgrade of the Cisco

Unified Communications System. Gerard Joyce, CTO of WARS,

says “Our customers tell us that their customers are asking

them what their “disaster arrangements” are”. Don Kearns, IT

Manager with Kneat Solutions and customer of WARS says

“We were impressed with the range of services in the Disaster

Recovery space that is provided by WARS. To find this gem in

the Mid-West region was doubly impressive. We found Gerry

and the team at WARS to be extremely helpful and flexible,

providing first class support in the setup and operation of our

DR solution.”

Loss Events = Opportunities for Disaster

Loss events come in many guises: fire, flood, storm damage,

utility outage, systems loss, people loss and many more. Any

loss event is an opportunity for disaster. A loss event turns

into a disaster for an enterprise if the Maximum Tolerable

Outage (MTO) is exceeded or the Minimum Essential Service

is lost. The MTO is the point in time at which the loss event

begins to damage your business. It depends on a number of

factors driven by the enterprise objectives and its

commitments. How long can you be “away from the market”

before the objectives are materially impacted? How long

before permanent un-recoverable damage is done to your

revenue, reputation, or the things that matter to your

enterprise? The MTO is a function of time, measured in

minutes, hours or days, depending on the nature of your

enterprise. The Minimum Essential Service (MES) is the

degree to which the enterprise has to recover from a loss

event in order to stem loss of revenue, reputation or the

things that matter to your enterprise.

VOL 5 ISSUE 1

21


Now in its fifth year, Data Centres Ireland is the county’s leading event for all those

involved with smaller server-rooms and coms-rooms through to to the staff

responsible for Operations, NOC, IT, Networking and Facilities Management, at

large co-location, corporate and cloud data centres.

Data Centres Ireland will be held at the RDS, Dublin on

the 8 – 9 November 2016. This refreshingly intimate

venue adds to the quality of the conference - and the

ability to have unhurried and high quality

conversations with vendors and speakers which makes Data

Centres Ireland well worth taking time to visit.

Feedback received from exhibitors following the 2015 event,

was that exhibitors were extremely impressed with the quality of

attendees delivered and the professional atmosphere created, as

they were able to spend time with clients, discussing their needs

and potential solutions.

“This is a business forum where all those involved can come

together, share knowledge, see the latest in products, services

and solutions which can assist them. As well as an opportunity for

companies providing datacenter services to meet their customers

and be seen to be supporting their industry and their suppliers.”

Say Hugh Robinson, Event Director

Visitors included senior level people from key target companies,

as well as representatives from companies operating their own

data centres and server rooms from across the country. These

Business networking.

included Microsoft, Intel, Ebay, Interxion, Facebook, Digital

Realty, Amazon Web Services, Telecity, Apple, Trinity College,

Boston Scientific and Primark to name but a few.

Many repeat exhibitors, commented that this year’s event had

delivered a greater number of senior level decision makers from

leading organisations, compared to previous years, and that the

opportunity to meet these people in person would not have

occurred, if they had not been exhibiting.

The Data Centres Ireland conference programme will address

three main areas:

Strategy – This will focus on the Development Drivers, Market

Drivers, Finance, People and Opportunities, which Ireland offers.

Operational Issues – Covering the whole remit of design and

operations from the latest updates on standards, the relevance

(or otherwise) of PUE in smaller data centres and server rooms,

and all of the hardware and services from cabling through

cooling, power, UPS, monitoring, DCIM, Construction Products

Regulation & how it applied to DCs, Codes and Standards.

Data Storage – This will look at storage options whether using

your own servers, co-location, managed services, outsourced and

cloud based solutions.

Call for Papers - Get involved

“We would like to invite all those who have

interesting case studies to submit a paper

for consideration and potential inclusion in

the Data Centres Ireland conference

programme. Simply send a 200 word

outline of your proposed paper detailing the

key points it will address to

datacentres@stepex.com. The deadline for

paper submission is 10 July 2016.

Attendees of Data Centres Ireland can

expect the entire catalogue of high quality

speakers as when the programme is

announced in the coming months.

Those interested in reserving a stand at

the event or wanting to know more about

the opportunities Data Centres Ireland can

offer them should call Hugh Robinson on

+44 (0) 1892 518877, email

datacentres@stepex.com or visit the website

www.datacentres-ireland.com.

22

VOL 5 ISSUE 1


AdaptiveMobile estimates up to 80% of

‘connected’ devices do not have adequate

security measures

AdaptiveMobile, the world leader in

mobile network security, predicts

that up to 80% of connected

devices currently deployed do not

have adequate security measures in place,

with four in five devices on the market

vulnerable to malicious or inadvertent

attacks and data breaches.

As the level of connectivity between

devices continues to grow, a new model

using a ‘big security’ approach of

harnessing big data, telemetry and security algorithms is going to

be needed to effectively protect the billions of devices connected

through the Internet of Things (IoT).

Gartner’s research report, Predict 2016: Security Solution,

discusses how the “security market will continue to evolve

alongside new requirements from the Internet of Things, cloud

computing and sophisticated targeted attacks…Gartner estimates

that a new architectural model will evolve, alongside such

demands, in which security technology and services will be made

available at the device and network layer, characterizing the

emergence of security solutions made within endpoints,

gateways and IoT platform providers.”

AdaptiveMobile’s CTO, Ciaran Bradley, explains, “A new

security architecture is required to deal with the increasing

connectivity of devices belonging to the Internet of Things. There

will be billions of devices connected through IoT – many unable

to run traditional endpoint security – and there is no definitive

ruling on who has responsibility to enforce this security and who

is liable when a vulnerability is exploited.” He continues, “We

need to be able to detect threats at scale –

using a combination of lightweight

telemetry and anomaly detection to give

early indicators of compromise – and then

enforce protection at scale. Not only are

consumer devices at risk but automotive

and industrial categories need to ensure

security is a critical consideration – we do

not believe this will be solved through

current approaches to security, particularly

when it comes to legacy systems.”

Given the increasing number of connected devices on the

market, the frequency at which IoT vulnerabilities are being

exploited and the pressure to keep costs of commercial devices

low, manufacturers need to make security a priority. IoT security

is complex, constantly evolving and needs to be a critical

consideration.

AdaptiveMobile’s NPP6 is the world’s first converged carrier

security platform, providing consistent security irrespective of

device, operating system or end-user’s technical expertise.

Combining the latest data science techniques, machine learning

and advanced anomaly detection algorithms, with the

Company’s world-class threat intelligence services,

AdaptiveMobile is increasingly working with existing customers

and industry partners to bring its expertise to help secure the

rapid growth of IoT connectivity.

For more information on new IoT security demands and to read

Gartner’s Predicts 2016: Security Solutions please visit

https://www.gartner.com/technology/mediaproducts/newsletters/AdaptiveMobile/1-2TP3L1F/index.html

Weekend takeaway: 10 tech stories you need to read right now

Ten nuggets of knowledge to take away for the weekend,

including: the future of security; cool and unusual data

centre designs; and security issues over driverless cars.

1. Deciphering the puzzling future of data security

From hackers to unencrypted smartphones and the spectre

of full-scale cyber warfare, the future of data security is set to

be a complex one that will affect us all.

2. Autonomous cars are terrifying some cybersecurity

experts

Driverless cars are on the way, of this we are sure. But,

truthfully, how safe are they going to be? We asked some

cybersecurity experts and the answers were pretty worrying.

3. Check out 7 cool data centres with oddly innovative

designs

As the growth in data centres continues apace, we look at

some of the more creative ways tech companies store their

mounds and mounds of data.

4. With great amounts of data comes great responsibility –

and opportunity

We are in danger of turning data and privacy into taboo

subjects. Instead, we need to direct the conversation towards

the potential opportunities of a data-centric world, writes

John Kennedy.

5. Are you ready to jump into hybrid cloud?

Hybrid cloud is the major enterprise trend of today. But what

is it, why does it matter and should you invest in it, asks John

Kennedy.

6. 3 issues defining data protection in Ireland today

To mark Data Week, Mason Hayes & Curran looks at three

areas surrounding data protection that are important both

now and for the future.

7. From the pinnacle of knowledge CIOs talk data

management

Leading CIOs and IT leaders give an insight into the data

challenge, how to manage it and the kind of cutting-edge

projects they are embarking upon.

8. Leaders’ Insights: Bill Kearney, IBM Ireland Lab

Bill Kearney is the vice-president of the IBM Ireland Lab and

its Dublin Technology Campus.

9. How will we store data in the zettabyte era? (Infographic)

The amount of data we produce nowadays is truly mindboggling,

so how will we store it?

10. 4 top employers hiring for data management roles right

now

When it comes to the glittering world of data jobs, it’s often

all about data science and data analytics. Data management,

sadly, generally gets short shrift.

VOL 5 ISSUE 1

23


Protect your business online and

offline

Risk of physical attack will always be there, but new threats are emerging

It used to be the case that if somebody tried to steal from

your business, an alarm would go off and the authorities

would act accordingly. In the 21st century however, the

landscape is entirely different and changing rapidly.

Of course, the threat of physical attack is much as it always

has been, and the Garda has guidelines for business owners

on its website as to how best to mitigate the risk to your

business and what to do if the worst happens.

These include keeping the premises well lit, utilising grilles

or shutters at entrances and windows, keeping tills out of the

sight of the public, employing anti-ram bollards outside, and

investing in appropriate locks and CCTV.

But how can you protect your business when the assailant is

not barging through the front door with a spanner in hand

but rather manipulating staff and covertly gaining access to

sensitive information before you have even noticed.

Protecting your business is about knowing what the risks

are, how to recognise the signs when they appear and taking

the necessary action to fend off attacks.

The Irish Small and Medium Enterprises Association (Isme)

produces a crime survey of its members each year. Last year,

79 per cent of companies who responded said they had been

targeted by computer-related criminal activity.

Some 51 per cent said their business had fallen victim to a

“virus infection”; 51 per cent to “hacking or electronic

intrusion”; and 20 per cent to credit card fraud.

Among the things to look out for is “ransomware”. One of

the fastest-growing types of cyber threats, it encrypts data on

infected machines before asking businesses to pay ransoms in

hard-to-trace digital currencies to retrieve their data.

Companies with an online presence are also facing what is

called a “distributed denial of service” attack, which is when

so much traffic is sent to a website that it cannot cope and

legitimate users cannot gain access. Like ransomware, a sum

of money is demanded before normal service can resume.

“It’s become much more prevalent, and particularly with

small- and medium-sized enterprises because they may not

have the resources to dedicate to these types of issues,” says

information security consultant Brian Honan.

“If your website is of high value to your business, you need

to make sure you’re talking to your host and provider to make

sure you have appropriate protection in place.”

In terms of a defence against blackmail or extortion,

something as simple as backing up your data could make all

the difference.

There is also an attack called “CEO fraud”. This is when

company employees receive emails or correspondence

purporting to be from the chief executive or a senior member

of staff requesting money transfers to specific accounts that

are under the control of the perpetrators.

“The emails will look like they come from the company’s

CEO and sound like the company’s CEO in tone but in actual

fact they’re coming from the criminals, who may have hacked

the CEO’s email account,” says Honan.

Among the most serious type of attack is what is known as

Caption for image - Hacker attack: last year, 79 per cent of companies in an

Isme survey said they had been targeted by computer-related criminal activity.

an “advanced persistent threat”. This uses multiple phases to

break into a network, avoid detection and harvest valuable

information over the long term. Perpetrators will often

employ a combination of social engineering, blackmail and

malware to achieve their aims.

Paul Dwyer, president of the International Cyber Threat

Task Force, believes breaches are inevitable these days.

Criminals, he says, want to “work under the radar” and

detection is key to prevention.

“Data is the new cash,” he says. “What bad guys want is to

get your data. Once they have it, they can sell it a number of

times on underground stock exchanges. All different types of

data have different values.”

Another safeguard is to employ proper anti-malware

controls, and to carry out regular security checks to make

sure the system is actually working.

“People need to look from the inside out as well,” says

Dwyer. “They need to look at whether, if somebody does get

in, they do have any safeguards. If they are in, will we

actually be able to detect them?”

Whether you are protecting your business from physical or

online attack, a key thing to do is identify what is most

valuable to your business, whether that is information, cash

or stock.

Steal information

“If you’re connected to the internet, you need to realise the

internet is connected to you,” says Honan. “It doesn’t matter

where you’re located, criminals can still reach out and attack

you or steal information. The biggest and best way to fend

against them is to identify what information it is you’re trying

to protect, where it’s located, and how best to protect it.

“If it’s on a mobile device, make sure it’s encrypted and

that you have anti-virus software installed. On your company

network, make sure you have appropriate firewalls to prevent

malicious traffic getting into your network.”

Another important defence is to train staff to be aware of

the risks and how to identify suspect attacks before it is too

late. Government website makeitsecure.ie provides more

24

VOL 5 ISSUE 1


information on how best to do this.

On April 1st, the International Cyber Threat Task Force will

host a conference in Dublin’s Shelbourne Hotel to discuss

“cyber risk oversight”. The event is directed towards

business leaders who wish to learn more about cyber

attacks.

Dwyer says this “collaborative approach” will be vital in

terms of online security. “The criminals collaborate,” he says.

“They share information, intelligence, techniques, and they

assist each other. That’s what businesses need to do. We

need to share intelligence and give each other the heads-up

in terms of the modus operandi, what they do, and what

they’re after, and that’s the best way to thwart these guys.

“You can invest in tonnes of technology, but active

intelligence that can prevent this stuff is far more beneficial,

and it costs next to nothing for businesses to be in touch

with one another on a sector by sector basis.”

Isme estimates the direct cost of crime per enterprise has

risen to €9,539 per annum and the annual cost of

prevention is €4,652 per company. This gives a total

average cost of €14,191 per company annually. Chief

executive Mark Fielding says finding the necessary resources

is often a key constraint preventing businesses from

employing the necessary security measures.

What is a VPN and do you

need one

blocked in their country (One of the common examples is Netflix

which have restrictions in many countries).

2. People who are active in grey or even in dark areas, such as users

who want to watch porn and do not want their internet provider or

Google to know about it (in some countries, this is a criminal act),

terrorists dealing with weapons, criminals encrypting data about their

activity, etc.

3. Journalists or people who live in countries that are run by repressive

regimes that want access to social media or blocked news content.

VPN applications were originally designed for big organizations

with more than one PC office. VPN is an acronym for Virtual

Private Network.

Originally, VPN was used by large companies to connect computers in

distant locations and until today, the use of VPN is popular among

organizations with more than one PC office.

Imagine, for example, that the Coca-Cola Company in Atlanta has an

office building where all of the computers are connected to the

company’s server through cables, and there is little danger that hackers

will break into Coca-Cola’s private network.

Now Coca-Cola opens an office in Canada and its employees in

Toronto need access to the private network. But running a cable from

the office in Atlanta to Toronto is a bit too much just to maintain

privacy. Therefore the company uses a VPN to virtually create a private

network (hence the acronym “Virtual Private Network” or VPN).

This is how a connection was formed between the computer in

Toronto and the main server in Atlanta in a secure way (the different

communication protocols of the VPN are responsible for the security,

which is, of course, not as perfect as a real private network, but is close

enough).

This connection that is established between these computers without

any real cables is, of course, made through the internet. That is why,

many workers (working from home, working from a hotel, or people

commuting) can connect to Coca-Cola’s virtual private network as long

as they have proper credentials.

The illustration (on right) demonstrates how a VPN works.

What can be done with VPN?

Some of the most common uses of VPN are listed below:

1. Unblocking sites – Some countries block services like Facebook,

YouTube, Twitter and more. A VPN service allows you to be in

China but lets you surf as if you are in the USA. Similarly, some

schools and organizations block the access to popular sites and social

networks and the solution to this is VPN.

2. Hide identify – With VPN you can impersonate a user from a foreign

country for a handful of reasons. (This is very useful in the internet

community.)

Recommended VPN services

Nowadays, numerous VPN services are available. It seems as if every

website developer is maintaining servers in different countries and calling

themselves a VPN service.

Nevertheless, load management (so that your surfing will not be

slowed down because many people are using the server), the ability to

slip past Netflix and its counterparts (that constantly try to detect the

VPN services and block them) and more parameters create a distinction

between these VPN services.

There are three main audiences for VPN services:

1. Regular people who simply want to surf anonymously, be it for

security reasons, or the will to watch content over the internet that is

VOL 5 ISSUE 1

25


‘Irresolvable tension’ exists in data

retention

Conference told Experts say governments want to collect data, but are not

focused on adequately protecting it

An “irresolvable tension” often exists between the

desire of government bodies to collect and use

personal data, and the need to adequately protect

that data, say experts.

According to a panel on the second day of the RSA Security

Conference, government bodies also are unaware of all the

data they are collecting because it isn’t properly tracked or

inventoried.

In addition, many private organisations, research groups and

other bodies are eager to obtain these large data sets, but

generally have not thought through privacy concerns or

management, said the participants in a session entitled

“Government in the Crossfire: Data Privacy in an Era of

Growing Cyberthreats”.

“In order for us to approach how to manage (DATA

PRIVACY), we need to know where it is,” said Flint Waters,

state chief information officer for the state of Wyoming.

Data gathering

Agencies have a long history of mandating various types of

data gathering “and we truly do not know what has been

gathered.”

Wyoming was preparing legislation to change this and

require datasets be inventoried, he said.

Road toll authorities also have gathered large data sets that

they have resisted destroying, because they’ve never had

access to such a range of data and now want to mine it, said

Lee Tien, senior staff attorney with the Electronic Frontier

Foundation.

For example, data from Fastrak devices used to automatically

pay tolls has been of interest to law enforcement but they’ve

had no specific reason for holding it.

“We asked, ‘well, why are you holding all this trip data from

Fastrak?’, and they said, well, just in case,” Mr Tien said,

noting this view was a major problem across agencies as well

as companies.

However, JR Reagan, global chief

information security officer with Deloitte,

said that general privacy policies were too

broad to cover the more nuanced uses

people might desire their information to be

used for, for example to to receive specific

services.

these blanket policies around privacy, so data can be used for

uses that you would like, but also be protected.”

One problem with government discussions of privacy and

security – such as the current US case where the FBI is pushing

Apple to give access to a terrorist’s iPhone – is that they are

seen as separate when they are actually closely intertwined,

said Mr Tien.

“It doesn’t make sense to talk about either without talking

about the other, especially as people see privacy as security in

many ways,” he said.

In the Congressional hearings for Apple versus the FBI, a lot

of people were resisting any sort of suggestion that there’s any

sort of tension between privacy and security.”

Instead, the government has framed the discussion as

differing approaches to a security debate, he said.

Conundrum

While Mr Reagan argued that privacy is essentially contextual,

Mr Tien said he could not see technology solving that

conundrum any time soon – for example, that people might

someday be able to tag their own information to allow it to be

used in different ways in different contexts.

A large problem was potential misuse, or abuse of such data

by law enforcement, which can be very hard to uncover.

“They’re capturing data and leveraging it against other data

sets only they have access to,” said Mr Waters, noting he

comes from a law enforcement background.

“Then the data goes to private companies. In going to

private companies, we’re seeing partnerships we’ve never seen

before”, and the implications haven’t been adequately

analysed.

“I don’t see any solutions, except for all sides to accept there

are problems. Denial is the step where we’re at. There are a lot

of folks that don’t want to acknowledge that there’s a privacy

problem in the first place,” said Mr Tien.

‘Yesterday’s privacy constructs’

“We fall into the trap of thinking all issues are

resolved around privacy if we solve for the

bad thing,” he said, noting that to often we

are “trying to apply yesterday’s privacy

constructs to a digital world that keeps

moving faster. We actually need to have

different constructs to manage the data

differently. We need to move away from

26

VOL 5 ISSUE 1


New FCC rules could require ISPs to

get user permission about data sharing

The US Federal Communications Commission (FCC) is proposing new rules that

will require internet service providers (ISPs) to get permission from users before

they can share data about customers’ online activities with advertisers.

FCC chairman Tom Wheeler has called for broadband

service providers to disclose how data is collected about

users’ online browsing activities. He also wants to see

companies bolster the security of customer data.

This will significantly curb the ability of companies like Comcast

and Verizon, for example, to share advertising data.

In effect, the FCC is establishing privacy rules for companies

that manage web traffic and this is the next major step change in

US telecoms policy after net neutrality.

‘This isn’t about prohibition; it’s about permission’

– TOM WHEELER, FCC CHAIRMAN

“We all know that the social media we join and the websites

we visit collect our personal information, and use it for

advertising purposes. Seldom, however, do we stop to realise that

our ISP is also collecting information about us,” Wheeler said in

an op-ed in the Huffington Post.

“What’s more, we can choose not to visit a website or sign up

for a social network, or choose to drop one and switch to

another. Broadband service is different. Once you subscribe to an

internet service provider – for your home or for your smartphone

– you have little flexibility to change your mind or avoid that

network.”

Wheeler pointed out that because the ISP handles all network

traffic it has a broad view of a user’s unencrypted online activity.

ISPs have access to an unencrypted feed all about your

private life

“If you have a mobile device, your provider can track your

physical location throughout the day in real time. Even when

data is encrypted, your broadband provider can piece together

significant amounts of information about you – including private

information such as a chronic medical condition or financial

problems – based on your online activity.”

Wheeler said that strict regulations exist around what phone

companies can do with such information and that similar rules

are required for the information collected by ISPs.

“I’m proposing to my colleagues that we empower consumers

to ensure they have control over how their information is used by

their ISP. Every broadband consumer should have the right to

know what information is being collected and how it is used.

Every broadband consumer should have the right to choose how

their information bits should be used and shared. And every

consumer should be confident that their information is being

securely protected.

“This is not to say network providers shouldn’t be able to use

information they collect – only that since it is your information,

you should decide whether they can do so. This isn’t about

prohibition; it’s about permission.”

Wheeler proposes users can opt in or opt out of the various

uses ISPs could have with the rich trove of data they can glean

from web traffic about users.

“One of the most important things to remember about this

proposal is that it is narrowly focused on the personal information

collected by network providers. The privacy practices of the

websites that you choose to visit are not covered by this

proposal,” Wheeler said.

National Broadband

Plan: At least 10 firms

bid to end Ireland’s

digital divide

T

he Irish Government’s long overdue intervention to bring

750,000 postal addresses into the 21st century is gaining

impetus after it emerged that at least 10 players have bid for

two State broadband contracts valued at between €300m

and €500m.

The plan – supported by EU state aid – will fund operators

to compete to deliver a guaranteed minimum of 30Mbps

download speeds and 6Mbps upload speeds with 99.95pc

uptime.

However, there are indications that bidding firms, which

includeEir, Enet and the ESB/Vodafone joint venture SIRO,

intend to go way beyond this to 1Gbps fibre-to-the-home

services, potentially creating a scenario where rural dwellers

could, in time, have better broadband than their urban

counterparts

VOL 5 ISSUE 1

27


Move to electronic payments adds

€1.8bn to Ireland’s coffers

Ireland’s move from being a cheque and cash dependent economy to an electronic

one has resulted in €1.8bn being added to the nation’s GDP in just the last four

years, creating an average of 3,700 jobs each year in the process.

“The cheque is in the post,” were usually the last

words Irish business owners heard from a

customer before having to go to the bank

manager in order to make payroll or before the

bailiffs came calling.

Ireland’s dependence on cheques and cash

payments were a thorn in the side for most business

owners, even if they didn’t realise it themselves, and

this made Ireland something of an anomaly

compared with more progressive countries, especially

Scandinavian ones.

But, in the last few years, something has changed

and, according to a new Visa-commissioned study by

Moody’s Analytics, the move to electronic payments

has added €1.8bn to Ireland’s GDP.

The contribution of the growth of electronic

payments in Ireland to Irish GDP was double the

European average.

Cheque-ing out

Moody’s economists also estimated that an average

of approximately 3,700 jobs were created per annum

over the four-year period as a result of the increased

card penetration.

The Moody’s Analytics study, which analysed the

impact of electronic payments on economic growth across 70

countries between 2012 and 2015, found that increased use of

electronic payment products, including credit, debit and

prepaid cards, added $296bn to GDP globally. The 70

countries in the study make up almost 95pc of global GDP.

“Electronic payments are a major contributor to

consumption, increased production, economic growth and

employment creation,” noted Mark Zandi, chief economist,

Moody’s Analytics.

“Those countries which saw large increases in card usage

also saw larger contributions to overall growth in their

economies.”

The study indicates that the

electronification of payments benefits

governments and contributed to a more

stable and open business environment.

Annual spending on Visa cards –

debit, credit and prepaid – in Ireland

reached a new record of €31.7bn last

year.

As a result, transactions with a Visa

card – debit, credit and prepaid – now

account for more than a third of Irish

consumer spending.

This is due to the continued shift from

cash and cheque usage as consumers

opt for the convenience and security of

Caption for image - No longer a cheque-driven backwater, the contribution of the growth of

electronic payments in Ireland to Irish GDP was double the European average.

x

card payments.

New technology such as contactless payments for purchases

up to €30 has increased overall card usage, with more than

one million contactless transactions now being made in Ireland

every week.

“Over the last 50 years, the rapid proliferation of electronic

payments has enabled and improved how consumers pay for

goods and services, how merchants manage their businesses,

and how governments make and collect all sorts of payments,”

Philip Konopik, Ireland Country Manager for Visa Europe, said.

“The report findings reinforce the positive benefits that

electronic payments have brought to Ireland, as increased

consumption has contributed to

growth in Irish GDP and also seen firms

expand in order to meet increased

demand for goods and services.”

“We ultimately want to see this

positive trend continue and are

working globally with governments,

financial institutions, merchants and

technology companies to develop

innovative payment products and

services that will accelerate electronic

acceptance, grow commerce, and

bring the benefits of card payments to

more people everywhere,” Konopik

said.

28

VOL 5 ISSUE 1


Data Solutions announces

20 jobs and €5M investment to

triple its business

· Irish company aims to triple its business to €80M turnover

· €5M investment involves new hires and expansion into the UK with new Reading

offices

· 20 jobs across Ireland and UK to be filled by 2018

Data Solutions announced it is investing €5 million and

creating 20 new jobs to bring its team to 40. The

leading Irish IT solutions distributor aims to triple its

business over the next three years to €80 million

turnover on the back of this investment.

Part of the investment will be used to penetrate the

competitive UK market, with new offices in Theale, Reading. This

expansion will be used to bring best-in-class IT solutions from

leading vendors Nutanix and Skyfii to the UK market. Data

Solutions expects its UK operations to grow to the same size as its

Irish business by 2018 and is targeting £30 million in UK turnover

by then.

The 20 new positions are being divided evenly between Data

Solutions’ Dublin headquarters and its new offices in Reading.

Roles are spread across technical support, sales and marketing

and will be filled by 2018. The company has already hired two

new account managers in Ireland and a managing director and

sales manager to run operations in the UK.

Along with Nutanix and Skyfii, Data Solutions has also signed

partnerships with leading vendors Arista, CommVault and

Supermicro. Other vendors Data Solutions works with in Ireland

include Aruba, Check Point, Citrix, Dell Wyse, RSA Security and

ShoreTel. It also has channel partnerships with the likes of Capita,

Trilogy Technologies and Integrity 360.

Speaking about the announcement, Michael O’Hara, group

Pictured at the announcement of Data Solutions' expansion at the company's

new UK offices in Theale are (l-r) Michael O'Hara, managing director, Data

Solutions; Andrew Brewerton, channel manager, Nutanix; and Sean Fane, UK

managing director, Data Solutions.

Pictured at the announcement of Data Solutions' expansion at the company's

new UK offices in Theale are (l-r) Brian Davis, datacentre sales manager, Data

Solutions; Andrew Brewerton, channel manager, Nutanix; Michael O'Hara,

managing director, Data Solutions; and Sean Fane, UK managing director, Data

Solutions.

managing director, Data Solutions said: “We’ve achieved

exponential growth in the Irish market over the past few years

and now we want to do that in the UK. We have a strong

network there already and we’re bolstered by our new

partnerships to grow a real presence now.

“Our value comes from being more than a distributor. We’re

passionate for partner growth and our team has the in-depth

sales and marketing skills that can only be developed from being

a true IT specialist unit. We choose products that will grow

quickly and fast-track the introduction of disruptive new

technologies to the market.”

Andrew Brewerton, channel manager, Nutanix added: “We are

committed to establishing strong relationships with our

distributors and partners to deliver the best experience for

customers. With its strong channel and remarkable ability to

bring new technologies to market, Data Solutions has given us

access to top-tier resellers in Ireland, which has been instrumental

to our own growth in the region. We see a lot of opportunities in

delivering invisible infrastructure, where computers, storage and

virtualisation can be converged at any scale. We look forward to

seeing the success with Data Solutions replicated across the UK.”

Data Solutions specialises in security, next generation data

centres and unified communications. The company has achieved

steady year-on-year growth over the past 25 years. Through its

channel, it can mobilise a sales force of more than 600 enterprise

sales specialists.

VOL 5 ISSUE 1

29


Check out 7 cool data centres with

oddly innovative designs

As the growth in data centres continues apace, we look at some of the more

creative ways tech companies store their mounds and mounds of data.

Last month, Microsoft trialled its first underwater data

centre. It had been planning it for years, and the move

beneath the depths is reflective of a growing need to find

better ways to store data. Cloud storage is intangible in

consumers’ eyes, but that mystical, vague concept evaporates

once you see the behemoth centres popping up all over the

world.

Often ugly, often gargantuan, and often major energy

consumers, companies are now searching for ways to do things

more efficiently. The net result is a growing suite of very clever,

very attractive approaches.

Here are 7 of the more innovative centres:

Microsoft

We’ll start with

Microsoft, which

said its Leona Philpot

data centre (a

38,000-pound container,

10ftx7ft) was

a resounding success.

“The shrimp

exploring the seafloor

made more

Microsoft

noise than the data

centre inside the container, which consumed computing power

equivalent to 300

desktop PCs,” Microsoft

said.

ected by a steel

door 40cm thick.

Google

Google has revealed

more about its data

centres than most

Google

major tech companies,

with Street View

tours of some of their facilities. Branding is important, even when

its as simple as painting tubes. Council Bluffs, with added deer,

below, and an overview

of the Lenoir

base beneath that.

CyberBunker

Now we’re into

some seriously weird

scenarios, with CyberBunker’s

use of a

pretty impenetrable

NATO bunker in the

CyberBunker

Netherlands enjoying

a colourful history.

Because of its “many controv-ersial customers”, CyberBunker

has seen police forces attempt to break into the bunker to shut it

down multiple times. However, but for a bit of damage to the

doors, nobody has gotten through. The cold water circulation

(below) is almost as old-school as those immensely thick doors.

Citigroup

Citigroup’s Frankfurt

data centre won a

green award back in

2008 for its use of

spacing and plants to

drastically cut down

on its CO2 emissions.

Bahnhof

Citigroup

Bahnhof

Bahnhof has a

selection of remarkable

looking data

centres, with this

one in Pionen –

located in a nuclear

bunker from the

Cold War – its best

known location. The

entrance is prot-

Green Mountain

MareNostrum

Located in a former

chapel, the MareNostrum

supercomputer sits in a

wonderful glass case in the

Barcelona Supercomputing

Centre.

Green Mountain

Green Mountain’s

data centre in Stavanger

is built into a

former NATO ammunition

store. Here it is

before they packed in

the servers, with those

colourful inclus-ions

below, via Knut Bry

MareNostrum

30

VOL 5 ISSUE 1


3 issues defining data protection in

Ireland today

Mason Hayes & Curran looks at three areas surrounding data protection that are

important both now and for the future.

Data protection in Ireland is being ramped up, with

companies failing to adhere to data laws now in

greater danger of facing fines of up to €20m.

Looking globally, there have been some high-profile

examples of data protection and the legal rights to it being

played out in the courtroom, including the Google Spain ‘right to

be forgotten’ case.

There is then, of course, the EU’s highest court declaring in

2014 that the EU Data Retention Directive was invalid, resulting

in uncertainty for the corresponding national laws across the EU.

In an opinion piece from the European Parliament’s Legal

Services, the organisation said it firmly believed that EU member

states should examine their national data retention measures to

see whether they complied with the decision of the court.

So, what changes has Ireland undergone in recent years and

what precedent has been set by decisions outside of our control?

ISO 27018: Cloud computing privacy standard – one

year on

Last September marked the first anniversary of the publication of

ISO 27018 – an international privacy standard governing the

processing of personal data in the cloud – that has been well

received by data protection experts, but has not been without

challenges for both customers and cloud providers.

The standard confused many analysts and cloud providers as it

made a number of references to both physical storage media and

hard-copy materials, which seems somewhat out of place on a list

of requirements for online cloud services.

However, as Mason Hayes & Curran explains, cloud customers

have been welcoming of the decision in the face of a growing

demand for total company transparency now and in the future.

Personal data and your right to access it — Ireland vs

the UK

We might share much in common with our nearest neighbour

but, in some instances, we can be worlds apart.

Highlighted last September by Masan Hayes & Curran, one

such instance of this is when it comes to the legal framework for

data protection surrounding a person’s right to access data

Dropbox is just one of the world’s major cloud service providers adopting ISO

27018. Photo: Connor McKenna.

relating to them in contentious cases.

One area that the two nations differ on was highlighted in the

case of Ali Babitu Kololo, who submitted a subject access request

(SAR).

Kenyan national Kololo was found guilty of robbery with

violence and the kidnapping of British nationals and sentenced to

death by a Kenyan court and, as part of a challenge to his

conviction, lawyers for Kololo submitted a SAR to the UK

Metropolitan Police Service (MPS), which assisted with the

investigation, but the reasoning behind this request was

challenged by the MPS.

Under Ireland’s legal framework, however, there’s much more

power in the hands of the individual

IoT

Regular readers will be

familiar with the concept

of the internet of things

(IoT), believed to be the

next step in technology

that will connect billions

of devices sharing vasts

amount of information

with one another.

Unsurprisingly, within

that, there are major

implications for data protection, which led to think tanks and

governmental organisations putting their minds at work to

develop frameworks that could lead to a regulatory standard for

IoT devices to follow.

What came from this, among other things, was the Article 29

Working Party – a collection of 28 EU national data protection

authorities – which devised a list of 10 of the biggest challenges

facing an IoT future.

VOL 5 ISSUE 1

31


Irish Government not budging

from original National Broadband

plan route

The Department of Communications said last night that the intervention area in

the National Broadband Plan remains at 750,000 premises, despite Eir’s plans to

connect 300,000 homes to 1Gbps broadband.

The issue of broadband in Ireland is

a highly emotive one and it

became an election issue in 2016

as many people who are unable to

receive adequate broadband feel they are

missing out on the social and economic

opportunities provided by it.

Before Christmas, the Government began

the procurement process for the ?275m EUbacked

plan that aims to deliver at least

30Mbps broadband to 1.8m people, or

38pc of the population not served with

broadband of 21st-century quality, by

2020.

Around the same time, Eir revealed its

plans to connect 300,000 homes in

broadband-deprived rural areas to its latest

1Gbps service with the first 100,000 home

to be connnected by March 2017.

Such a move would require the

Government to amend the rollout plan as

EU state aid cannot be directed towards

areas supplied by a private sector provider.

Broadband intervention area won’t be

altered… just yet

But it appears the Department of Communications

is sticking to its original plan as

drawn up in 2015.

Five companies had applied for the first stage of the formal

procurement process by the deadline of 12 noon yesterday (31

March).

The department said that certain criteria would need to be

met and a binding agreement signed before premises can be

excluded from the broadband intervention area.

The department said that so far it has assessed the commercial

plans of six operators in 2015 in respect of its criteria and it has

found no reason to alter its plans.

“The department wishes to place on record that, to date, no

company has satisfied all of the relevant criteria and signed a

Commitment Agreement in respect of any proposed commercial

plans,” the Department of Communications stated last night.

“The High-Speed Broadband Map 2020, therefore, remains as

it was when published in 2015, and the intervention area,

therefore, also remains at more than 750,000 premises.

“The Department is monitoring existing commercial rollout

The Irish Government said it is sticking to its multi-million euro EU-backed plan to connect up to 38pc of

the population to high speed broadband.

plans to ensure that all of the 1.6m premises, which commercial

operators indicated they would complete by end 2016, will have

access to high-speed broadband of at least 30mbps by end

2016.”

The Department of Communications said that while it does

not plan to change the intervention area during the

procurement process, it reserves the right to do so.

“In the event that the department becomes aware of an

increase or decrease in planned private sector investment, the

department may review such changes and if it considers it

appropriate, it may update the High-Speed Broadband Map

2020 and the intervention area. Any review and change to the

intervention area will take account of public procurement rules

as well as State Aid rules and guidelines.

“In this way, the separtment aims to ensure that all

commercial plans are fully assessed and validated, and that the

Government’s commitment to delivering high-speed broadband

to every premises in Ireland is fully realised.”

32

VOL 5 ISSUE 1


Fastest-ever data transfer

clocked at incredible

1.125Tbps

Imagine being able to download all of Game of Thrones in one

second? Well, researchers have achieved a data transfer speed

that could do just that.

The fastest-ever data transfer record, achieved by a team from

University College London (UCL), clocked in at a blistering

1.125Tbps, which, the team is quick to point out, is 50,000-

times faster than the average UK household speed of 24Mbps.

With its research published in Scientific Reports, the team

undertook the challenge by building an entirely new optical

system to transmit the data, as well as developing its own

coding techniques to fine-tune the transfer speed to the ultrafast

speed it achieved.

The optical system contains 15 channels, each of which

transmits at a different wavelength and is then combined and

sent to a single optical receiver for detection.

In doing this, the researchers say that it turns it into a ‘superchannel’,

widely believed to be the future of high-capacity

communication, but it is years from being commercially

available.

Looking for a longdistance

relationship

The project is part of a UK-funded programme called

UNLOC, which gave the team access to state-of-the-art

lab facilities.

Explaining the super-channel concept further, lead

researcher on the project, Dr Robert Maher, said: “Superchannels

are becoming increasingly important for core

optical communications systems, which transfer bulk data

flows between large cities, countries or even continents.

“However, using a single receiver varies the levels of

performance of each optical sub-channel, so we had to

finely optimise both the modulation format and code rate

for each optical channel individually to maximise the net

information data rate. This ultimately resulted in us

achieving the greatest information rate ever recorded using

a single receiver.”

Having only achieved this speed in a lab, the researchers

will now aim to expand their concept to long-distance

transmissions up to thousands of kilometres in distance,

which typically leads to data loss.

A booming time for Cork


Communications infrastructure and the internet economy as a

whole are developing fast in Cork,” said Barry Rhodes, INEX’s

chief executive, when commenting on the news.

“The arrival of the Hibernia Express subsea fibre cable, and the

other international subsea fibre cables that are expected, has

created a momentum in the city that the INEX Cork internet

exchange will help to further stimulate. INEX celebrates its 20th

anniversary in 2016 and we are delighted to be marking this

milestone with the launch of INEX Cork.”

The news today follows the announcement by Interxion that

the group is to open its third data centre in Dublin to better cope

with demand, with the centre to be built in Grange Castle

Business Park.

Short Stories

New INEX internet

exchange to open in Cork

to boost region

Ireland’s Internet Neutral Exchange Association (INEX) is to

open its first regional internet exchange point in Cork to

help facilitate faster internet in the region.

Founded in 1996, INEX has been providing IP peering

facilities to more than 100 members, with six data centres

currently based in the Dublin region.

This, however, will be the association’s first opening outside of

the capital as it looks to expand its national capacity following a

year in which its centres reached peak traffic levels of 110Gbps,

with a total usage of 200 petabytes of data for 2015.

To be designated INEX Cork, the new venture will be located

in the CIX data centre located in Holyhill and is expected to

begin operations by the beginning of Q2 this year.

As part of its remit, INEX Cork will also be operated as a

standalone exchange.

Banking is undergoing its most

disruptive era ever, with every

aspect of its traditional

business model under attack

from outside forces

– This is bad news for frontline staff

Up to 30pc of employee numbers at traditional banks could

go over the next decade, with growing automation

rendering huge swathes of staff roles outdated.

That’s according to Citi’s report into digital disruption in the

banking world, with it claiming a fintech-driven automation

‘tipping point’ is coming in the immediate future.

Saying branches are soon to become about “advisory and

consultation” rather than transaction, the loading of fintech

investment towards the end-user experience means plenty of

lower-end positions are on the ropes.

“We believe that there could be another 30pc reduction in staff

during 2015-2025, shifting from the recent 2pc per year decline

to 3pc per year, mainly from retail banking automation,” the

report reads.

Fintech feeding an Uber moment

It’s worse news for countries like Greece and Ireland, where the

financial crises were felt most, with the decline topping out at

5pc per year according to Citi’s estimates.

Fintech investment by financial institutions has risen from

$1.8bn at the start of the decade to $19bn now, with 70pc of it

focused on the customer experience. Given that this experience

used to be ‘in-store’, you can see where the warning signs are.

Calling the impending tipping point “banking’s Uber

moment”, Citi claims it will specifically see a huge shift towards

mobile banking, with it becoming customers’ primary mode of

interaction with their banks.

“Branches will be only one of the distribution channels. They

will still play an important, albeit diminishing, role,” reads the

report.

Last December, the European research institute BearingPoint

found that the vast majority (90pc) of banks’ new digitalisation

prioritisation was needed, however, at that point just 17pc felt up

to the task.

Citi’s findings show that that low base is poised to skyrocket.

VOL 5 ISSUE 1

Hooray! Your file is uploaded and ready to be published.

Saved successfully !

Ooh no, something went wrong !