Thursday, February 15, 2018

Feeling secure? It could be the way we walk that secures future transactions …

Who knew? Computers will be watching and learning more about us in order to satisfy themselves that yes, it really is us initiating a transaction and for HPE and NonStop, this is heralding the age of analytics and AI!

Back on land, after a short voyage back and forth between Long Beach and Hawaii, despite all the steps we took to mitigate interaction with fellow passengers, I managed to catch the dreadful flu that was going around and not only did I catch it, but passed it on to Margo. If you haven’t been keeping up with my Facebook, twitter and blog posts this may be news to you, but even as I am now close to good again, Margo still has a few days to go.

Of course, we avoided the buffet lines, rarely ventured into the public eat-anytime dining rooms and essentially, ate at the specialty restaurants even as we stuck to one café and one bar. All good, but no matter what steps we took clearly they weren’t enough! On the other hand, none of this proved to be a distraction to spending time at sea, a pastime for me that remain my favorite way to relax. As for the casino well, and the ease with which the cruise line can empty your account, I stayed well clear of that deck as distracting as it appeared to be for many of my fellow travelers!  

These days we are all being forced to take steps to protect ourselves whether it has to do with getting ill, having our financial situation compromised or perhaps much worse, our digital footprint hijacked. So many new words have entered the language of late – reverse this and reverse that and shame this and shame that – it’s almost as if not only have we let the genie out of the bottle, as we so thoroughly evangelized the internet, but given the genie the keys to practically everything we thought we had hid safely under the bed!

And don’t get me started on malware or ransomware … safe to say, despite the best intentions of government agencies and big institutions, we are pretty much on our own! While I am not advocating we all build fortress-homes, it is a safe assumption that barely a week goes by when we don’t think about the downside of always-on, always-connected!

A short time ago, seated in a piano bar in Las Vegas, rather than charging the last round of drinks to the hotel room a client elected to hand over his credit card. Returning to his room, he received a call from his bank asking whether he really did purchase two one-way tickets to the Middle East? Running a large business as he was doing, cancelling the card meant spending a week dealing with subcontractors and suppliers to unwind any dependency on the card. No harm was done, but there was no reimbursement for him and his staff to devote that week to sorting it all out. As for me, yes, I have left my card at the cash register a couple of times but to date, no harm has befallen me.

This past week, the ATM Industry Association has been holding its US Conference in Las Vegas. If you have not missed the promotional emails that came out in support of this event, you may have seen how there were a handful of NonStop vendors supporting the event even as there were many NonStop users among the crowd that showed up. ESQ and Paragon were exhibiting and OmniPayments stole the show with a coffee session Yash threw for all attendees.

There was ample opportunity for the attendees to hear about NonStop and for me, it is a bit of a shame that HPE doesn’t do a better job of supporting this event, as the NonStop users in attendance were the cream of the crop, so as to speak! I assume I would be on safe ground to suggest that there is so much more that HPE could do when it comes to marketing that benefits the NonStop, after all, marketing is all about creating an environment in which to sell not to mention, as champions of NonStop, communicating the value of NonStop. And on very friendly turf, I might add!

Even though I missed this event because of the flu, what I really wanted to hear was the keynote presentation by Theresa Payton, Former White House CIO & Cybersecurity Authority, who is now starring on CBS's New TV Show, "Hunted". Last year, the keynote speaker was Herman Edwards a former NFL coach and ESPN analyst who was returning to the ranks of coaching. More telling was his presentation “Doing the little things and executing vision.” The common thread here was that Edwards took time to explain that he is resorting to cash simply because it is a budgeting tool. When he runs out of cash for the week he is done.

But he also reminded us that like me, having cash in his wallet gave him comfort and security. No third party to get into his card accounts if he didn’t have his cards on him. While I wasn’t able to hear Payton’s keynote this year I am sure there will be members of the NonStop community only too happy to fill me in on what was said, but the credentials alone suggest it was bound to be about security!

We may be pretty much on our own when it comes to securing our own presence in the world, be that financial or social. However, when it comes to our systems and the applications they support, I have misgivings about a lot of the security steps being promoted. Sure, nothing that ends up in storage should be in the clear, but in time, I see this as being more a hardware opportunity than anything to do with software – if it is in software, well then it can be compromised at some point given access to enough compute power. And just as importantly, nothing going into the ether should be in the clear when it comes to our personnel information but that too is more a case of leaving it to the hardware. Software handling such sensitive issues is a non-starter for me, except when it comes to some of the more advanced work being done directing analytics and AI at the problem.

What it all comes down to, according to Gartner, is ensuring we truly understand who it is at the other end of the line and that means developing a “360-degree customer view!” The more you know about your customer the more you can then detect variances where you can challenge the party on the other end of the line.

As Jim Marous, Co-Publisher of The Financial Brand and Owner/Publisher of the Digital Banking Report, suggested in a post of February 6, 2018,
Data-Savvy Banking Organizations Will Destroy Everyone Else, “when an identity assertion on a web portal is suspect, corroborate the identity of the customer via mobile push to confirm that he or she is in possession of a previously enrolled device. Also, capture location and other signals, to check additional passive behavioral biometric traits (e.g., gait, gestures and handling), or to exploit native or third-party active biometric modes (e.g., fingerprint, face or voice).”

I particularly like the reference to gait as this implies we track and record the way our customers approach an ATM or POS device each and every time and implies there is a substantial amount of analytics going on behind the scenes. To this end, I am even more impressed these days with what the Striim team has been up to – if you missed it, their web site page, Enterprise Securitymakes an interesting read. “With the increase in cyberattacks, both in number of incidents and complexity, protecting intellectual property and business data against internal and external threats is a top concern. Striim delivers a fast and customized data security solution that transcends single-point solutions to analyze multiple sources and domains in real time.” And when it comes to real world deployment, Striim has turned its powerful streaming analytics engine onto handling complex scenarios just as Jim Marous suggested in his post.

While I am a little wary of the claims of some security products and of the many such offerings that find their way onto systems including NonStop, analytics is key and this is where Striim has scored a direct hit with one of the largest issues of plastic on the planet. “When its existing 50+ security solutions resulted in a flood of alerts and false positives, the leading credit card network turned to Striim to increase alert accuracy with more sophisticated rules, and improve the security team’s understanding of the alerts generated. Striim ingests and joins security devices’ log and session data files in (Apache) AVRO format, representing every security-related event from 50+ siloed security applications. With multi-log correlation and advanced pattern matching capabilities, their Striim application accurately and immediately detects data security breaches and attacks.” 

While we do need to take steps to protect ourselves and do as much as we can to protect our systems from compromise, adding layer after layer of software to help ward off unwanted guests may not be sustainable over the long haul. All the silos in the world can’t pack together tight enough to ward off serious intrusions – there will always be a gap or two! Improved hardware is definitely going to play a role and I know that HPE is across this. But when you dig a little deeper, the question of security isn’t so much a question of which software to use but rather what degree of intelligence you apply to the problem and here I see analytics and AI having an opportunity to address a rapidly expanding marketplace.

As for me, the next time I saunter over to an ATM, I have to wonder, with each step I take, is it keeping an eye out for the gestures I make and the nature of my gait? Makes you wonder, doesn’t it! Then again, there is some comfort to be gained knowing that it is just me and nobody else that has access to my information, accounts and yes, cash.  

No comments: