Are you responsible…

 Are we really protecting our company's and customer data?
Are we really protecting our company’s and customer data?

A movie was just released on Netflix, called The Great Hack“, which was directed by Noujaim & Amer. This movie describing how Cambridge Analytica was able to change the outcomes of elections here and abroad. As I watched the movie, I was first taken by the right vs. left political commentary–finding myself riled up, like most of us concerned with the devisive nature of politics in America today.

However, as I listened to the journalist from the UK publication, The Guardian. I began to recognize the deeper and far more insidious consequence. The real issue is protecting personal data from nafarious uses against the person themselves. What companies like Cambridge Analytica did and do, is exploit user data against the person’s themselves. Brittany Kaiser of Cambridge Analytica, spoke plainly, stating that firms like her’s, used People’s personal data, targeted against that person to change their personal views without their knowledge, understanding or consent. She called it “Weapons Grade Communications.” Wow!

This movie, coupled with the recent $5 Billion Dollar fine levied against FaceBook, has many of us asking the important question: I’m I really protecting my company’s customers data appropriately?

At Ascension, we are working daily to make sure ourselves and our clients are protecting both corporate and individual data in an appropriate manner. Lately, many of our new clients are asking themselves, “Are we really protecting our company’s and customer’s data?”

I would ask you: “Are you responsible….and if so, what are you going do about it?”

Thank you for listening to my opinions. Paul Scott

CyberSecurity – The next 9/11?

We see many new clients that have to deal with cybersecurity breaches and/or issues of non-compliance with security standards. Today, I was reading about CEO’s concerns over cybersecurity may be the “biggest Threat to the world’s economy.” I believe they are correct. CNBC article: Cybersecurity is the biggest threat to the world economy over the next decade, CEOs say

Unforunately, many firms still have not realized the benefits of CyberSecurity Standards. These standards are not a fullproof remedy for breaches; however, it is the best defense for companies to protect themselves. To summarize, companies need to consider standards and procedures for:

  • Asset Management
  • Business Environment
  • Governance
  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain Risk Management
  • Identity Management, Authentication and Access Control
  • Awareness and Training
  • Data Security
  • Information Protection Processes and Procedures
  • Maintenance
  • Protective Technology
  • Anomalies and Events
  • Security Continuous Monitoring
  • Detection Processes
  • Response & Analysis
  • Mitigation
  • Improvements
  • Recovery Planning
  • Improvements
  • Communications

Paul Scott, CEO Ascension

Apple CEO declares “Our own information…is being weaponized against us with military efficiency!”

Wall Street Journal is reporting Apple CEO, Tim Cook, stated “Our own information—from the everyday to the deeply personal—is being weaponized against us with military efficiency,” Mr. Cook said. “Today, that trade has exploded into a data-industrial complex.”*

Washington’s small to mid-size businesses are not the “data-industrial complex.”  However, we can expect strong reactions from state and federal legislators to demand businesses, small to large; to implement much stronger defenses to protect personal data.  Also, we shall see tighter prohibitions regarding the collection of personal data. I understand and agree to some extent!

More and more, we are finding leaders beginning improve security and privacy as a matter of business cost control–not as a means of compliance.   It is better to make effective, measured improvements over time; rather than get forced by legislation to make significant changes–driven by an arbitrary compliance date.

I was personally involved with knee-jerk legislation, when the Sarbanes-Oxley Act was enacted into law.  Many of us–attorneys, auditors, business colleugues were all looking at each other, trying desparately, to intreprete the law.  We were also realizing the powerful consequences, if we do not meet the regulatory requirements, on time.  Tough times. The company I was working with at the time, spent millions over that year, just to produce a report with two signatures.  Huh!

Please feel free to comment or call me.

Paul Scott

(425) 750-0760

 

 

* https://www.wsj.com/articles/apple-ceo-tim-cook-calls-for-comprehensive-u-s-privacy-law-1540375675

 

‘Caveat Emptor – Buyer Beware’ 50Million accounts exposed…

As I began to read numerous news feeds and reports, regarding FaceBook’s apparent hack of over 50 Million user account.   I remembered an insightful debate in my graduate Business Law class, years ago.  Vaguely recalling, my law Professor contemptuously pontificating that Caveat Emptor should be applied to all business–not just between buyer and seller–rather “everyone should be skeptical” in all manner of business.

With that memory prominent in my thoughts, I became very concerned regarding the clear use of FaceBook content for social engineers to profile subjects; you and me.  Over 50 million pseudo-psychological blueprints of our behaviors–likes, “un” likes, visual photography and many more artifacts, directly tied to us.  A mother, child, father, friend–pick your own labels, most all apply to this situation.

Then a second question began to surface, which led me down the road to how FaceBook’s Authentication systems works?  Could it be fully breached?  Does anyone really know how many third-party applications use the FaceBook Authentication system for access?  I know of many…..but how many?  Let’s just say, a lot!

Where does this road end?  I’m not a big facebook user, however, I use it to keep up with a few friends.  We all know that a majority of users, over the years, have shared and accumulated a considerable amount of personal information and actual behaviors on FaceBook?

This specific situation may have significant impact on busineses.  Because these users, these persons, are employees–employees having access to the crown jewels of our businesses.

I think my professor was correct, “Omnis Cave — Everyone beware”*

Please feel free to comment and/or contact me to discuss.

Paul Scott

 

*Google latin translator.

Ascension Technical Group Welcomes John Winters, Colonel, U.S. Army (Retired)

Cybercrime is the greatest threat to every company in the world,” according to a recent Forbes magazine article.  The World Economic Forum assesses a significant portion of these criminal activities go undetected.  Companies are struggling to protect their intellectual property. Ascension brings decades of Cybersecurity experience in keeping companies’ enterprise and data safe.  In that spirit, we are pleased to announce, John Winters is joining the Ascension team.  He brings over 30 years of experience protecting our nation’s most sensitive information, operations, and technology.  John has extensive knowledge of global cyber threats and has designed and implemented risk mitigation programs and directed large scale  strategies  for international organizations in Africa, Asia, Europe, and the United States.

You may contact him at  john@ascension-tg.com

 

Near shore vs. Off Shore development…

Culture, Culture, Culture!  Many of have heard this espoused, time after time, regarding companies valuing culture.   Whether a small start-up or a mature, large corporation; culture has become a significant factor for success.

I have found the same success factor, when using development teams outside the US. Some good and some not so good.   We have adopted the use of “Near” shore development teams.  We have excellent relationships with teams within Mexico and the Southern Americas.  The cost of using said teams, has helped our clients manage tight budgets while receiving excellent results.   I have been experiencing success with these teams and appreciate this new way of looking at technology sourcing.   I would relay to you, culture is perhaps the single most, success factor, that I have observed, while using near shore teams.

Working with these near shore teams, I have seen difficult discussions, technical design disparities and conflict resolution, handled very similarly to our US ways.   A respectful culture that encourages; seeking answers, rather than, wanting customers to feel good.  We have discussions that involved working through difficult issues and all parties are  working towards the solution and not an outside agenda.  In the distant past, unfortunately,  I and possibility you, have witnessed the opposite.  It has tarnished my view of sourcing, until now.  I don’t worry about losing meaning due to translation.  Or fighting over who has the better mousetrap.   Also, A HUGE factor, I can pick up the phone and call any of the team, within the relatively same time period of time– no more calling at 9pm or 2am.

I would encourage businesses to consider the use of near shore teams.  Where outside consulting and/or services can help you attain your goals, while paying less for the same result, the near shore option is available to you.  Feel free to call me @ 425-750-0670.

We have seen near shore work in the development of –

  • Systems and applications
  • Process refinement to reduce IT costs
  • High end Analytics
  • SharePoint and systems management
  • Development coaching for migrations to Agile and Dev/Ops
  • Systems refresh and re-architecture
  • Program and Project Management
  • Other Technology and IT deployment services programs

Yes, T-Mobile/Sprint is a good deal for all!

Someone recently asked me, whether I thought the T-Mobile/Sprint deal should be approved.  I responded quickly YES, the deal SHOULD be approved.  This is good for the companies, shareholders and consumers.  When I worked within the DOJ Transition Trustee Group for the Verizon/Alltel deal, I was fortunate to see, from the inside, how the deal works.   There are benefits that many do not see from the outside.

Most people do not realize that deals like the T-Mobile/Sprint deal involve all the carriers.  The deal will parse out geographical and spectrum area between the carriers.  This is to continue, to ensure consumers are not monopolized by a single carrier. The deal will help re-formulate customer focus on more offerings and products of both carriers.  Deadwood will fall out and new, better offerings will surface to the top.  This will take time, however, in the long run will be better for all.

For the shareholders, the value of both companies will, over time, prove to be valuable as one.  The combined firms will be able to compete head to head with Verizon which has had, since the Verizon/Alltel Merger, a significant advantage over all the other carriers, especially rural & roaming coverages.

2018 subscribers

 

As we enter the new era of 5G+, this is a must for consumers.  ATT and Verizon currently have a strong advantage, therefore T-Mobile and Sprint customers may be left out in the cold comparatively.  If fact, based on subscriber basis, it would not be fair to consumers, to reject the deal.  5G implementations are expensive and need to have the companies combined to provide expansion appropriately.

There are considerably more advantages over time, that will bear out.  I’m encouraged by the T-Mobile leadership and fervor to make this deal happen.  Again, this will be good for all!

Cybersecurity: It’s still about fundamentals.

At Ascension, we spend a good percentage our time, improving business functions for our clients. We work with the organization through effective process change and implementations of modern technical solutions.  Without question, we are seeing security becoming top of mind for leadership.   Many organizations are becoming fearful of the almost certain prospect, that they will become victims of a data breach and/or ransom-ware in the near future.

I have no illusions about technology and the critical need for cybersecurity to advance. Fortunately, the central issue of combatting cybersecurity still is about focusing on the fundamental principles of  security management.  Making sure security is an integral part of day-to-day operations.   Ascension will always remain neutral regarding brands and vendors, however, we are seeing the need for companies to use newer technology platforms to perform the needed and necessary operational functions. Today, good security means good business.

Strictly speaking the market is showing strong indications that Cybersecurity is a major issue and the market is pushing extremely hard to innovate and invest in real solutions.  Over the last year the S&P 500 performed with a 4.7 percentage improvement, however, companies such as CyberArk and Imperva have between 22% and 55% improvement over the same year.  Impressive!  Market forces are showing us the way.

Cybersecurity Stock by goldman 2018

I pray that the industry will focus efforts to utilize technologies such as blockchain and Machine Learning to help combat the security issue of today as well as tomorrow.

Please feel free to comment and/or contact me to discuss.

Paul Scott

Connected Cities

Smart or Connected cities is an exciting new strategy.  Ascension and one of our premier clients have been involved in new initiatives.  The other day, when attending a technology leadership summit, a colleague and I were pontificating on the disparate nomenclatures involved with smart cities.  It reminded both of us of the confusion during the beginning of the World Wide Web days.  As I was querying  my phone for definitions, I, as a matter of course, looked a Wikipedia for a primer to the question.  I found that 2 of the 4 frameworks, listed, we very helpful in providing a baseline understanding “Smart Cities” and the relationship to humans.

Directly from https://en.wikipedia.org/wiki/Smart_city July 17th, 2018

Technology frameworks

Several concepts of the Smart city rely heavily on the use of technology; a technological Smart City is not just one concept but there are different combinations of technological infrastructure that build a concept of smart city.

  • Digital city: it combines service oriented infrastructure, innovation services and communication infrastructure; Yovanof, G. S. & Hazapis, G. N.[45] define a digital city “a connected community that combines broadband communications infrastructure; a flexible, service-oriented computing infrastructure based on open industry standards; and, innovative services to meet the needs of governments and their employees, citizens and businesses”.

The main purpose is to create an environment in which citizens are interconnected and easily share information anywhere in the city.

  • Virtual city: In these kinds of cities functions are implemented in a cyberspace; it includes the notion of hybrid city, which consists of a reality with real citizens and entities and a parallel virtual city of real entities and people. Having a smart city that is virtual means that in some cities it is possible the coexistence between these two reality, however the issue of physical distance and location is still not easy to manage. The vision of the world without distance still remains unmet in many ways. In practice this idea is hold up through physical IT infrastructure of cables, data centers, and exchanges.
  • Information city: It collects local information and delivered them to the public portal; In that city, many inhabitants are able to live and even work on the Internet because they could obtain every information through IT infrastructures, thanks to the sharing information method among citizens themselves. Using this approach, an information city could be an urban centre both economically and socially speaking; the most important thing is the linkage among civic services, people interactions and government institutions.
  • Intelligent city: it involves function as research or technological innovation to support learning and innovation procedure. The notion emerges in a social context in which knowledge, learning process and creativity have great importance and the human capital is considered the most precious resource within this type of technological city. In particular one of the most significant feature of an intelligent city is that every infrastructure is up to date, that means have the latest technology in telecommunications, electronic and mechanical technology. According to Komninos and Sefertzi,[46] the attempt to build an “intelligent” Smart City is more a radical innovation rather than an incremental innovation owing to a big quantity of efforts to use IT trying to transform the daily life.
  • Ubiquitous city (U-city): It creates an environment that connect citizens to any services through any device. According to Anthopoulos, L., & Fitsilis, P.,[47] U-city is a further extension of digital city concept because of the facility in terms of accessibility to every infrastructure. This makes easier to the citizen the use of any available devices to interconnect them. Its goal is to create a city where any citizen can get any services anywhere and anytime through any kind of devices. It is important to highlights that the ubiquitous city is different from the above virtual city: while the virtual city creates another space by visualizing the real urban elements within the virtual space, U-city is given by the computer chips inserted to those urban elements.
  • Cognitive Smart City: Cognitive smart city expands the concept of the smart city by referring to the convergence of the emerging Internet of Things (IoT) and smart city technologies, their generated big data, and artificial intelligence techniques. Continuous learning through human interactions and consequently performing a dynamic and flexible behavior and actions based on the dynamic environment of the city are the core components of such framework.

Human framework  

Human infrastructure (i.e., creative occupations and workforce, knowledge networks, voluntary organisations) is a crucial axis for city development.

  • Creative city: creativity is recognized as a key driver to smart city and it represents also a version of it. Social infrastructures, like for instance intellectual and social capital are indispensable factors to build a city that is smart according to the human framework. These infrastructures concern people and their relationship. Smart City benefits from social capital and it could be possible and easier to create a Smart city concept if there are mix of education and training, culture and arts, business and commerce as Bartlett, L.[48] said.
  • Learning city: according to Moser, M. A.,[49] learning city is involved in building skilled workforce. This type of city in the human context improves the competitiveness in the global knowledge economy and Campbell [16] established a typology of cities that are learning to be smart: individually proactive city, city cluster, one-to-one link between cities, and city network. That lead a city to learn how it should be possible and realistic to be smart through learning process followed by city workforce.
  • Humane city: It exploits human potential, in particular the knowledge workforce. Following this approach, it is possible focus on education and builds a center of higher education, which is the city, obtaining better-educated individuals. According to Glaeser, E. L., & Berry, C. R,[50] this view moves a smart city concept in a city full of skilled workforces; the same reasoning could be make for those high tech knowledge-sensitive industries which want to migrate in a so dynamic and proactive community. As a consequence of the above movement, the difference between Smart City and not are getting wider; Smart places are getting smarter while other places getting less smarter because such places act as a magnet for creative people and workers (Malanga, S. 2004 [51]).
  • Knowledge city: It is related to knowledge economy and innovation process; this type of Smart City is very similar to a learning city, the only difference refers to “a knowledge city is heavily related to knowledge economy, and its distinction is stress on innovation” (Dirks, S., Gurdgiev, C., & Keeling, M.[52]).

The concept of knowledge city is linked with similar evolving concepts of Smart City such as intelligent city and educating city. The most important feature of this city is the fundamental concept of knowledge-based urban development, which has become an important and widespread mechanism for the development of knowledge cities.

We live in exciting times 😉