cryptography
Auto Added by WPeMatico
Auto Added by WPeMatico
If you’re a tech company offering anyone a service, somewhere in your future is a security assessment giving you the seal of approval to manage clients’ data and operate on your devices. No one takes security lightly anymore. The business costs of cyberattacks have now hit an all-time high. Government bodies, companies and consumers need the assurance that the next software they download isn’t going to be an open door for hackers.
For good reason, security certifications like the SOC 3 really put you through the wringer. My company, Waydev, has just attained the SOC 3 certification, becoming one of the first development analytics tools to receive that accreditation. We learned so much from the process, we felt it was right to share our experience with others that might be daunted by the prospect.
As a non-tech founder, it was hard not only to navigate the process, but to appreciate its value. But by putting our business caps on, our team was able to optimize our approach and minimize the time and effort needed to achieve our goal. In doing so, we were granted SOC 3 compliance in two weeks, as opposed to the two months it takes some companies.
We also turned the assessment into an opportunity to better our product, align our internal teams, boost our brand and even launch partnerships.
So here’s our advice on how teams can smoothly reach an SOC 3 while simultaneously balancing workloads and minimizing disruption to users.
Because we can’t expect employees to stack those hours on top of their regular workdays, as a leader you have to accept — and communicate — that the speed of your output will inevitably decrease.
As a founder, you’ll be acting as captain steering a ship into that SOC 3 port, and you’ll need all members of your crew to join forces. This isn’t a job for a specially designated security team alone and will require deep involvement from your development and other teams, too. That might lead to internal resistance, as they still have a full-time job tending to your product and customers.
That’s why it’s so important to start by being crystal clear with your employees about what this process will mean to their work lives. However, they have to embrace the true benefits that will arise. SOC 3 will immediately raise your brand’s appeal and likely see new customers come in as a result.
Each employee will also come out the other end with well-honed cybersecurity skills — they’ll have a deep understanding of potential cyber threats to the company, and all security initiatives will carry a far lighter burden. There’s also the sense of pride and fulfillment that comes with having an indisputable edge over your competitors.
Powered by WPeMatico
While retail investors grew more comfortable buying cryptocurrencies like Bitcoin and Ethereum in 2021, the decentralized application world still has a lot of work to do when it comes to onboarding a mainstream user base.
Phantom is part of a new class of crypto startups looking to build infrastructure that streamlines blockchain-based applications and provides a more user-friendly UX for navigating the crypto world, something that can make the entire space more approachable to a non-developer audience. Users can download the Phantom wallet to their browsers to interact with applications, swap tokens and collect NFTs.
The crypto wallet startup has banked a $9 million Series A round led by Andreessen Horowitz (a16z), with Variant Fund, Jump Capital, DeFi Alliance, Solana Foundation and Garry Tan also participating. The round, which closed earlier this summer, comes as some venture capital firms embrace a crypto future even as volatility continues to envelop the broader market. Last month, a16z announced a whopping 2.2 billion crypto fund, the firm’s largest vertical-specific investment vehicle ever.
Image via Phantom
The co-founding team of CEO Brandon Millman, CPO Chris Kalani and CTO Francesco Agosti all come aboard from crypto infrastructure startup 0x.
At the moment, Phantom is best-known among the Solana community, where it has become the go-to wallet for applications on that blockchain. The startup’s ambition is to interface with more and more networks, currently building out compatibility with Ethereum and looking to embrace other blockchains, aiming to be a product built for a “multichain world,” Millman tells TechCrunch.
Alongside building out support for other networks, Phantom wants to build more sophisticated DeFi mechanisms right into their wallet, allowing users to stake cryptocurrencies and swap more tokens inside the wallet.
The startup says they have some 40,000 users of their existing wallet product.
Building out a presence on the popular Ethereum blockchain, which already has a handful of popular wallet providers, will be a challenge, but Phantom’s broadest challenge is helping a new breed of crypto-curious users interface with a network of apps that still have a long way to go when it comes to being mainstream-friendly.
“The entire space is kind of stuck in this ‘built by developers for other developers mode,’ ” Millman says. “This bar has been kind of stuck there, and no one is really stepping up to push the bar up higher.”
Powered by WPeMatico
Data breaches have become a part of life. They impact hospitals, universities, government agencies, charitable organizations and commercial enterprises. In healthcare alone, 2020 saw 640 breaches, exposing 30 million personal records, a 25% increase over 2019 that equates to roughly two breaches per day, according to the U.S. Department of Health and Human Services. On a global basis, 2.3 billion records were breached in February 2021.
It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world.
Conventional DLP solutions are built on a castle-and-moat framework in which data centers and cloud platforms are the castles holding sensitive data. They’re surrounded by networks, endpoint devices and human beings that serve as moats, defining the defensive security perimeters of every organization. Conventional solutions assign sensitivity ratings to individual data assets and monitor these perimeters to detect the unauthorized movement of sensitive data.
It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world.
Unfortunately, these historical security boundaries are becoming increasingly ambiguous and somewhat irrelevant as bots, APIs and collaboration tools become the primary conduits for sharing and exchanging data.
In reality, data loss is only half the problem confronting a modern enterprise. Corporations are routinely exposed to financial, legal and ethical risks associated with the mishandling or misuse of sensitive information within the corporation itself. The risks associated with the misuse of personally identifiable information have been widely publicized.
However, risks of similar or greater severity can result from the mishandling of intellectual property, material nonpublic information, or any type of data that was obtained through a formal agreement that placed explicit restrictions on its use.
Conventional DLP frameworks are incapable of addressing these challenges. We believe they need to be replaced by a new data misuse protection (DMP) framework that safeguards data from unauthorized or inappropriate use within a corporate environment in addition to its outright theft or inadvertent loss. DMP solutions will provide data assets with more sophisticated self-defense mechanisms instead of relying on the surveillance of traditional security perimeters.
Powered by WPeMatico
In 2011, a product developer named Fred Davison read an article about inventor Ken Yankelevitz and his QuadControl video game controller for quadriplegics. At the time, Yankelevitz was on the verge of retirement. Davison wasn’t a gamer, but he said his mother, who had the progressive neurodegenerative disease ALS, inspired him to pick up where Yankelevitz was about to leave off.
Launched in 2014, Davison’s QuadStick represents the latest iteration of the Yankelevitz controller — one that has garnered interest across a broad range of industries.
“The QuadStick’s been the most rewarding thing I’ve ever been involved in,” Davison told TechCrunch. “And I get a lot of feedback as to what it means for [disabled gamers] to be able to be involved in these games.”
Erin Muston-Firsch, an occupational therapist at Craig Hospital in Denver, says adaptive gaming tools like the QuadStick have revolutionized the hospital’s therapy team.
Six years ago, she devised a rehabilitation solution for a college student who came in with a spinal cord injury. She says he liked playing video games, but as a result of his injury could no longer use his hands. So the rehab regimen incorporated Davison’s invention, which enabled the patient to play World of Warcraft and Destiny.
QuadStick
Jackson “Pitbull” Reece is a successful Facebook streamer who uses his mouth to operate the QuadStick, as well as the XAC, (the Xbox Adaptive Controller), a controller designed by Microsoft for use by people with disabilities to make user input for video games more accessible.
Reece lost the use of his legs in a motorcycle accident in 2007 and later, due to an infection, his hands and legs were amputated. He says he remembers able-bodied life as one filled with mostly sports video games. He says being a part of the gaming community is an important part of his mental health.
Fortunately there is an atmosphere of collaboration, not competition, around the creation of hardware for gamers within the assistive technology community.
But while not every major tech company has been proactive about accessibility, after-market devices are available to create customized gaming experiences for disabled gamers.
At its Hackathon in 2015, Microsoft’s Inclusive Lead Bryce Johnson met with disabled veterans’ advocacy group Warfighter Engaged.
“We were at the same time developing our views on inclusive design,” Johnson said. Indeed, eight generations of gaming consoles created barriers for disabled gamers.
“Controllers have been optimized around a primary use case that made assumptions,” Johnson said. Indeed, the buttons and triggers of a traditional controller are for able-bodied people with the endurance to operate them.
Besides Warfighter Engaged, Microsoft worked with AbleGamers (the most recognized charity for gamers with disabilities), Craig Hospital, the Cerebral Palsy Foundation and Special Effect, a U.K.-based charity for disabled young gamers.
Xbox Adaptive Controller
The finished XAC, released in 2018, is intended for a gamer with limited mobility to seamlessly play with other gamers. One of the details gamers commented on was that the XAC looks like a consumer device, not a medical device.
“We knew that we couldn’t design this product for this community,” Johnson told TechCrunch. “We had to design this product with this community. We believe in ‘nothing about us without us.’ Our principles of inclusive design urge us to include communities from the very beginning.”
There were others getting involved. Like many inventions, the creation of the Freedom Wing was a bit of serendipity.
At his booth at an assistive technology (AT) conference, ATMakers‘ Bill Binko showcased a doll named “Ella” using the ATMakers Joystick, a power-chair device. Also in attendance was Steven Spohn, who is part of the brain trust behind AbleGamers.
Spohn saw the Joystick and told Binko he wanted a similar device to work with the XAC. The Freedom Wing was ready within six weeks. It was a matter of manipulating the sensors to control a game controller instead of a chair. This device didn’t require months of R&D and testing because it had already been road tested as a power-chair device.
ATMakers Freedom Wing 2
Binko said mom-and-pop companies are leading the way in changing the face of accessible gaming technology. Companies like Microsoft and Logitech have only recently found their footing.
ATMakers, QuadStick and other smaller creators, meanwhile, have been busy disrupting the industry.
“Everybody gets [gaming] and it opens up the ability for people to engage with their community,” Binko said. “Gaming is something that people can wrap their heads around and they can join in.”
As the technology evolves, so do the obstacles to accessibility. These challenges include lack of support teams, security, licensing and VR.
Binko said managing support teams for these devices with the increase in demand is a new hurdle. More people with the technological skills are needed to join the AT industry to assist with the creation, installation and maintenance of devices.
Security and licensing is out of the hands of small creators like Davison because of financial and other resources needed to work with different hardware companies. For example, Sony’s licensing enforcement technology has become increasingly complex with each new console generation.
With Davison’s background in tech, he understands the restrictions to protect proprietary information. “They spend huge amounts of money developing a product and they want to control every aspect of it,” Davison said. “Just makes it tough for the little guy to work with.”
And while PlayStation led the way in button mapping, according to Davison, the security process is stringent. He doesn’t understand how it benefits the console company to prevent people from using whichever controller they want.
“The cryptography for the PS5 and DualSense controller is uncrackable so far, so adapter devices like the ConsoleTuner Titan Two have to find other weaknesses, like the informal ‘man in the middle’ attack,” Davison said.
The technique allows devices to utilize older-gen PlayStation controllers as a go-between from the QuadStick to the latest-gen console, so disabled gamers can play the PS5. TechCrunch reached out to Sony’s accessibility division, whose representative said there are no immediate plans for an adaptable PlayStation or controller. However, they stated their department works with advocates and gaming devs to consider accessibility from day one.
In contrast, Microsoft’s licensing system is more forgiving, especially with the XAC and the ability to use older-generation controllers with newer systems.
“Compare the PC industry to the Mac,” Davison said. “You can put together a PC system from a dozen different manufacturers, but not for the Mac. One is an open standard and the other is closed.”
In November, Japanese controller company HORI released an officially licensed accessibility controller for the Nintendo Switch. It’s not available for sale in the United States currently, but there are no region restrictions to purchase one online. This latest development points toward a more accessibility-friendly Nintendo, though the company has yet to fully embrace the technology.
Nintendo’s accessibility department declined a full interview but sent a statement to TechCrunch. “Nintendo endeavors to provide products and services that can be enjoyed by everyone. Our products offer a range of accessibility features, such as button-mapping, motion controls, a zoom feature, grayscale and inverted colors, haptic and audio feedback, and other innovative gameplay options. In addition, Nintendo’s software and hardware developers continue to evaluate different technologies to expand this accessibility in current and future products.”
The push for more accessible hardware for disabled gamers hasn’t been smooth. Many of these devices were created by small business owners with little capital. In a few cases corporations with a determination for inclusivity at the earliest stages of development became involved.
Slowly but surely, however, assistive technology is moving forward in ways that can make the experience much more accessible for gamers with disabilities.
Powered by WPeMatico
The two founders of Crusoe Energy think they may have a solution to two of the largest problems facing the planet today — the increasing energy footprint of the tech industry and the greenhouse gas emissions associated with the natural gas industry.
Crusoe, which uses excess natural gas from energy operations to power data centers and cryptocurrency mining operations, has just raised $128 million in new financing from some of the top names in the venture capital industry to build out its operations — and the timing couldn’t be better.
Methane emissions are emerging as a new area of focus for researchers and policymakers focused on reducing greenhouse gas emissions and keeping global warming within the 1.5 degree target set under the Paris Agreement. And those emissions are just what Crusoe Energy is capturing to power its data centers and bitcoin mining operations.
The reason why addressing methane emissions is so critical in the short term is because these greenhouse gases trap more heat than their carbon dioxide counterparts and also dissipate more quickly. So dramatic reductions in methane emissions can do more in the short term to alleviate the global warming pressures that human industry is putting on the environment.
And the biggest source of methane emissions is the oil and gas industry. In the U.S. alone roughly 1.4 billion cubic feet of natural gas is flared daily, said Chase Lochmiller, a co-founder of Crusoe Energy. About two-thirds of that is flared in Texas, with another 500 million cubic feet flared in North Dakota, where Crusoe has focused its operations to date.
For Lochmiller, a former quant trader at some of the top American financial services institutions, and Cully Cavness, a third generation oil and gas scion, the ability to capture natural gas and harness it for computing operations is a natural combination of the two men’s interests in financial engineering and environmental preservation.
NEW TOWN, ND – AUGUST 13: View of three oil wells and flaring of natural gas on The Fort Berthold Indian Reservation near New Town, ND on August 13, 2014. About 100 million dollars’ worth of natural gas burns off per month because a pipeline system isn’t in place yet to capture and safely transport it. The Three Affiliated Tribes on Fort Berthold represent Mandan, Hidatsa and Arikara Nations. It’s also at the epicenter of the fracking and oil boom that has brought oil royalties to a large number of Native Americans living there. (Photo by Linda Davidson / The Washington Post via Getty Images)
The two Denver natives met in prep-school and remained friends. When Lochmiller left for MIT and Cavness headed off to Middlebury they didn’t know that they’d eventually be launching a business together. But through Lochmiller’s exposure to large-scale computing and the financial services industry, and Cavness’ assumption of the family business, they came to the conclusion that there had to be a better way to address the massive waste associated with natural gas.
Conversation around Crusoe Energy began in 2018 when Lochmiller and Cavness went climbing in the Rockies to talk about Lochmiller’s trip to Mt. Everest.
When the two men started building their business, the initial focus was on finding an environmentally friendly way to deal with the energy footprint of bitcoin mining operations. It was this pitch that brought the company to the attention of investors at Polychain, the investment firm started by Olaf Carlson-Wee (and Lochmiller’s former employer), and investors like Bain Capital Ventures and new investor Valor Equity Partners.
(This was also the pitch that Lochmiller made to me to cover the company’s seed round. At the time I was skeptical of the company’s premise and was worried that the business would just be another way to prolong the use of hydrocarbons while propping up a cryptocurrency that had limited actual utility beyond a speculative hedge against governmental collapse. I was wrong on at least one of those assessments.)
“Regarding questions about sustainability, Crusoe has a clear standard of only pursuing projects that are net reducers of emissions. Generally the wells that Crusoe works with are already flaring and would continue to do so in the absence of Crusoe’s solution. The company has turned down numerous projects where they would be a buyer of low-cost gas from a traditional pipeline because they explicitly do not want to be net adders of demand and emissions,” wrote a spokesman for Valor Equity in an email. “In addition, mining is increasingly moving to renewables and Crusoe’s approach to stranded energy can enable better economics for stranded or marginalized renewables, ultimately bringing more renewables into the mix. Mining can provide an interruptible base load demand that can be cut back when grid demand increases, so overall the effect to incentivize the addition of more renewable energy sources to the grid.”
Other investors have since piled on, including: Lowercarbon Capital, DRW Ventures, Founders Fund, Coinbase Ventures, KCK Group, Upper90, Winklevoss Capital, Zigg Capital and Tesla co-founder JB Straubel.
The company now operates 40 modular data centers powered by otherwise wasted and flared natural gas throughout North Dakota, Montana, Wyoming and Colorado. Next year that number should expand to 100 units as Crusoe enters new markets such as Texas and New Mexico. Since launching in 2018, Crusoe has emerged as a scalable solution to reduce flaring through energy intensive computing, such as bitcoin mining, graphical rendering, artificial intelligence model training and even protein folding simulations for COVID-19 therapeutic research.
Crusoe boasts 99.9% combustion efficiency for its methane, and is also bringing additional benefits in the form of new networking buildout at its data center and mining sites. Eventually, this networking capacity could lead to increased connectivity for rural communities surrounding the Crusoe sites.
Currently, 80% of the company’s operations are being used for bitcoin mining, but there’s increasing demand for use in data center operations, and some universities, including Lochmiller’s alma mater of MIT, are looking at the company’s offerings for their own computing needs.
“That’s very much in an incubated phase right now,” said Lochmiller. “A private alpha where we have a few test customers… we’ll make that available for public use later this year.”
Crusoe Energy Systems should have the lowest data center operating costs in the world, according to Lochmiller and while the company will spend money to support the infrastructure buildout necessary to get the data to customers, those costs are negligible when compared to energy consumption, Lochmiller said.
The same holds true for bitcoin mining, where the company can offer an alternative to coal-powered mining operations in China and the construction of new renewable capacity that wouldn’t be used to service the grid. As cryptocurrencies look for a way to blunt criticism about the energy usage involved in their creation and distribution, Crusoe becomes an elegant solution.
Institutional and regulatory tailwinds are also propelling the company forward. Recently New Mexico passed new laws limiting flaring and venting to no more than 2% of an operator’s production by April of next year, and North Dakota is pushing for incentives to support on-site flare capture systems while Wyoming signed a law creating incentives for flare gas reduction applied to bitcoin mining. The world’s largest financial services firms are also taking a stand against flare gas with BlackRock calling for an end to routine flaring by 2025.
“Where we view our power consumption, we draw a very clear line in our project evaluation stage where we’re reducing emissions for an oil and gas projects,” Lochmiller said.
Powered by WPeMatico
Smartphones will be included in the scope of a planned “security by design” U.K. law aimed at beefing up the security of consumer devices, the government said today.
It made the announcement in its response to a consultation on legislative plans aimed at tackling some of the most lax security practices long-associated with the Internet of Things (IoT).
The government introduced a security code of practice for IoT device manufacturers back in 2018 — but the forthcoming legislation is intended to build on that with a set of legally binding requirements.
A draft law was aired by ministers in 2019 — with the government focused on IoT devices, such as webcams and baby monitors, which have often been associated with the most egregious device security practices.
Its plan now is for virtually all smart devices to be covered by legally binding security requirements, with the government pointing to research from consumer group “Which?” that found that a third of people kept their last phone for four years, while some brands only offer security updates for just over two years.
The forthcoming legislation will require smartphone and device makers like Apple and Samsung to inform customers of the duration of time for which a device will receive software updates at the point of sale.
It will also ban manufacturers from using universal default passwords (such as “password” or “admin”), which are often preset in a device’s factory settings and easily guessable — making them meaningless in security terms.
California already passed legislation banning such passwords in 2018 with the law coming into force last year.
Under the incoming U.K. law, manufacturers will additionally be required to provide a public point of contact to make it simpler for anyone to report a vulnerability.
The government said it will introduce legislation as soon as parliamentary time allows.
Commenting in a statement, digital infrastructure minister Matt Warman added: “Our phones and smart devices can be a gold mine for hackers looking to steal data, yet a great number still run older software with holes in their security systems.
“We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.
“The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic.”
A DCMS spokesman confirmed that laptops, PCs and tablets with no cellular connection will not be covered by the law, nor will secondhand products. Although he added that the intention is for the scope to be adaptive, to ensure the law can keep pace with new threats that may emerge around devices.
Powered by WPeMatico
“There is no doubt that over time, people are going to rely less and less on passwords… they just don’t meet the challenge for anything you really want to secure,” said Bill Gates.
That was 17 years ago. Although passwords have lost some of their charm, they have so far survived many attempts to kill them for good.
The perception of high cost and tricky implementations has stalled some smaller businesses from ditching passwords. But alternatives to passwords are affordable, easy to implement and safer, show industry insights gathered by Extra Crunch. The move to zero trust systems is acting as a catalyst.
First, a primer. Zero trust focuses on who you are, not where you are. Zero trust models require companies to never trust any attempt to access its network, and must verify every single time — even from logins from inside the network. Passwordless tech is a key part of zero trust models.
There are several alternatives for passwords, including:
Wolt, a Finnish food-delivery site, is just one example of going passwordless.
“The user registers by entering their email address or a phone number. Login to the app takes place by clicking the temporary link in the user’s inbox. The app on the user’s mobile phone places an authentication cookie, which enables the user to continue from that device without having to go through any further authentication,” said Erka Koivunen, CISO at F-Secure.
In this case, the service provider is in full control of the authentication, allowing it to set expiration time, revoke service and detect fraud. The service provider does not need to count on the user’s commitment to keep track of their passwords.
Passwordless tech is not inherently costly but may take some adjustment, explained Ryan Weeks, CISO at managed service provider Datto.
“It is not necessarily costly in terms of monetary investment, because there are a lot of easily accessible open-source alternatives for multi-factor authentication that don’t require any sort of investment,” said Weeks. But some companies believe passwordless tech may cause friction to their employees’ productivity.
Koivunen also dismissed that zero trust models are unaffordable for startups.
“Zero trust recognises the futility of forcing users to authenticate themselves by presenting something they should keep as secret. Instead, it prefers to establish the user’s identity using some context-aware method,” he said.
Zero trust goes further than authenticating users; it also includes the device and the user.
“From a zero trust perspective, there is an idea that there is a continuous authentication or revalidation of trust occurring. Therefore, passwordless in a zero trust model is potentially easier for the user and more secure as the combination of the ‘something you have’ and ‘something you are’ factors are more difficult to attack,” said Datto’s Weeks.
Larger companies, like Microsoft and Google, already offer zero trust technologies. But investors are also eyeing smaller companies that offer zero trust for growing companies.
Axis Security, a zero trust provider that allows remote employees to access their company’s network, raised $32 million last year. Beyond Identity raised $75 million in funding in December. And Israel identity validation startup Identiq raised $47 million in Series A funding in March.
Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.
Powered by WPeMatico
Typically when we talk about tech and security, the mind naturally jumps to cybersecurity. But equally important, especially for global companies with large, multinational organizations, is physical security — a key function at most medium-to-large enterprises, and yet one that to date, hasn’t really done much to take advantage of recent advances in technology. Enter Base Operations, a startup founded by risk management professional Cory Siskind in 2018. Base Operations just closed their $2.2 million seed funding round and will use the money to capitalize on its recent launch of a street-level threat mapping platform for use in supporting enterprise security operations.
The funding, led by Good Growth Capital and including investors like Magma Partners, First In Capital, Gaingels and First Round Capital founder Howard Morgan, will be used primarily for hiring, as Base Operations looks to continue its team growth after doubling its employe base this past month. It’ll also be put to use extending and improving the company’s product and growing the startup’s global footprint. I talked to Siskind about her company’s plans on the heels of this round, as well as the wider opportunity and how her company is serving the market in a novel way.
“What we do at Base Operations is help companies keep their people in operation secure with ‘Micro Intelligence,’ which is street-level threat assessments that facilitate a variety of routine security tasks in the travel security, real estate and supply chain security buckets,” Siskind explained. “Anything that the chief security officer would be in charge of, but not cyber — so anything that intersects with the physical world.”
Siskind has firsthand experience about the complexity and challenges that enter into enterprise security since she began her career working for global strategic risk consultancy firm Control Risks in Mexico City. Because of her time in the industry, she’s keenly aware of just how far physical and political security operations lag behind their cybersecurity counterparts. It’s an often overlooked aspect of corporate risk management, particularly since in the past it’s been something that most employees at North American companies only ever encounter periodically when their roles involve frequent travel. The events of the past couple of years have changed that, however.
“This was the last bastion of a company that hadn’t been optimized by a SaaS platform, basically, so there was some resistance and some allegiance to legacy players,” Siskind told me. “However, the events of 2020 sort of turned everything on its head, and companies realized that the security department, and what happens in the physical world, is not just about compliance — it’s actually a strategic advantage to invest in those sort of services, because it helps you maintain business continuity.”
The COVID-19 pandemic, increased frequency and severity of natural disasters, and global political unrest all had significant impact on businesses worldwide in 2020, and Siskind says that this has proven a watershed moment in how enterprises consider physical security in their overall risk profile and strategic planning cycles.
“[Companies] have just realized that if you don’t invest [in] how to keep your operations running smoothly in the face of rising catastrophic events, you’re never going to achieve the profits that you need, because it’s too choppy, and you have all sorts of problems,” she said.
Base Operations addresses this problem by taking available data from a range of sources and pulling it together to inform threat profiles. Their technology is all about making sense of the myriad stream of information we encounter daily — taking the wash of news that we sometimes associate with “doom-scrolling” on social media, for instance, and combining it with other sources using machine learning to extrapolate actionable insights.
Those sources of information include “government statistics, social media, local news, data from partnerships, like NGOs and universities,” Siskind said. That data set powers their Micro Intelligence platform, and while the startup’s focus today is on helping enterprises keep people safe, while maintaining their operations, you can easily see how the same information could power everything from planning future geographical expansion, to tailoring product development to address specific markets.
Siskind saw there was a need for this kind of approach to an aspect of business that’s essential, but that has been relatively slow to adopt new technologies. From her vantage point two years ago, however, she couldn’t have anticipated just how urgent the need for better, more scalable enterprise security solutions would arise, and Base Operations now seems perfectly positioned to help with that need.
Powered by WPeMatico
Now more than ever, IT teams play a vital role in keeping their businesses running smoothly and securely. With all of the assets and data that are now broadly distributed, a CEO depends on their IT team to ensure employees remain connected and productive and that sensitive data remains protected.
CEOs often visualize and measure things in terms of dollars and cents, and in the face of continuing uncertainty, IT — along with most other parts of the business — is facing intense scrutiny and tightening of budgets. So, it is more important than ever to be able to demonstrate that they’ve made sound technology investments and have the agility needed to operate successfully in the face of continued uncertainty.
For a CEO to properly understand risk exposure and make the right investments, IT departments have to be able to confidently communicate what types of data are on any given device at any given time.
Here are five questions that IT teams should be ready to answer when their CEO comes calling:
Or, more specifically, exactly how many assets do we have? And, do we know where they are? While these seem like basic questions, they can be shockingly difficult to answer … much more difficult than people realize. The last several months in the wake of the COVID-19 outbreak have been the proof point.
With the mass exodus of machines leaving the building and disconnecting from the corporate network, many IT leaders found themselves guessing just how many devices had been released into the wild and gone home with employees.
One CIO we spoke to estimated they had “somewhere between 30,000 and 50,000 devices” that went home with employees, meaning there could have been up to 20,000 that were completely unaccounted for. The complexity was further compounded as old devices were pulled out of desk drawers and storage closets to get something into the hands of employees who were not equipped to work remotely. Companies had endpoints connecting to corporate network and systems that they hadn’t seen for years — meaning they were out-of-date from a security perspective as well.
This level of uncertainty is obviously unsustainable and introduces a tremendous amount of security risk. Every endpoint that goes unaccounted for not only means wasted spend but also increased vulnerability, greater potential for breach or compliance violation, and more. In order to mitigate these risks, there needs to be a permanent connection to every device that can tell you exactly how many assets you have deployed at any given time — whether they are in the building or out in the wild.
Device and data security go hand in hand; without the ability to see every device that is deployed across an organization, it becomes next to impossible to know what data is living on those devices. When employees know they are leaving the building and going to be off network, they tend to engage in “data hoarding.”
Powered by WPeMatico
As any startup grows, getting new products out the door and securing that next round of funding are always top priorities.
But security, all too often, falls by the wayside. After all, why would you invest money in something that you hope never happens when you could be funneling cash back into the business?
Fostering a corporate culture that embraces cybersecurity best practices keeps customer data safe and your company’s reputation intact. But security isn’t something you can easily tack on later. It must be ingrained in your company’s culture, and it’s so much easier to start in the early days of your company than scrambling in the aftermath of a data breach.
But how do you get there?
At TechCrunch Early Stage, we asked Casey Ellis, founder, chairman and chief technology officer at Bugcrowd, to share his ideas for how startups can improve their security posture.
Bugcrowd helps companies dip into a huge pool of cybersecurity talent — including hackers and security researchers — to find vulnerabilities. By helping companies identify flaws, they can shore up their defenses before malicious hackers break in. Few know better than Ellis — who’s run Bugcrowd for close to a decade — which policies, procedures and protections companies have put in place to get there.
Extra Crunch subscribers can log in and watch the video below.
Powered by WPeMatico