ernst & young

Auto Added by WPeMatico

As remote work booms, Everphone grabs ~$40M for its ‘device as a service’ offer

The latest startup to see an uplift in inbound interest flowing from the remote work boom triggered by the coronavirus pandemic is Berlin-based Everphone, which sells a “mobile as a service” device rental package that caters to businesses needing to kit staff out with mobile hardware plus associated support.

Everphone is announcing a €34 million Series B funding round today, led by new investor signals Venture Capital. Other new investors joining the round include German carrier Deutsche Telekom — investing via its strategic investment fund, Telekom Innovation Pool — U.S.-based early-stage VC AlleyCorp and Dutch bank NIBC.

The Series B financing will go on expanding to meet rising demand, with the startup telling TechCrunch it’s expecting to see a 70-100% increase in sales volume versus the pre-crisis period, thanks to a doubling of inbound leads during the pandemic.

“The global pandemic has been a catalyst for growth in the field of digitization,” said CEO and co-founder, Jan Dzulko, in a statement. “We are currently experiencing a significant increase in demand at home and abroad, which is why we are aiming for European expansion with the funding.”

Everphone describes its offer as a one-stop shop, with the service covering not just the rental of (new or refurbished) smartphones and tablets but an administration and management wrapper that covers support needs, including handling repairs/replacements — with the promise of replacements within 24 hours if needed and less client risk from not having to wrangle traditional rental insurance fine print.

Other touted pluses of its “device as a service” approach include flexibility (users get to choose from a range of iOS and Android devices); lower cost (pricing depends on customer size, device choice and rental term but starts at €7,99 a month for a refurbished budget device, rising up to €49,99 a month for high-end kit with a 12-month upgrade); and rental bundles, which can include standard mobile device management software (such as Cortado and AirWatch) so customers can plug the rental hardware into their existing IT policies and processes.

Everphone reckons this service wrapper — which can also extend to include paid apps (such as Babbel for language learning) as an employee on-device perk/benefit in the bundle — differentiates its offer versus incumbent leasing providers, such as CHG-Meridian or De Lage Landen, and from wholesale distributors.

It also touts its global rollout capability as a customer draw, checking the scalability box.

Its investors (including German carrier, DT) are being fired up by the conviction that the COVID-19-induced shift away from the office to home working will create a boom in demand for well-managed and secured work phones to mitigate the risk of personal devices and personal data mingling improperly with work stuff. (On that front, Everphone’s website is replete with references to Europe’s data protection framework, GDPR, repurposed as scare marketing.)

“Everphone envisions that every employee will one day work via their smartphone,” added Marcus Polke, partner at signals Venture Capital, in a supporting statement. “With this employee-centric approach and integrated platform, everphone goes far beyond the mere outsourcing of a smartphone IT infrastructure.”

The 2016-founded startup has more than 400 customers signed up at this point, both SMEs and multinationals such as Ernst & Young. It caters to both ends of the market with an off-the-shelf package and self-service device management portal that’s intended for SMEs of between 100 and 1,500 employees — plus custom integrations for larger entities of up to 30,000 employees.

It says it’s able to offer “highly competitive” prices for renting new devices because it gives returned kit a second life, refurbishing and reselling devices on the consumer market. “Thanks to this profitable secondary lifespan, we are able to offer highly competitive prices and extensive service levels on our rental devices,” Everphone writes on its website.

The second-hand smartphone market has also been seeing regional growth. Swappie, a European e-commerce startup that sells refurbished iPhones, aligning with EU lawmakers’ push for a “‘right to repair” for electronics, raised its own ~$40 million Series B only last month, for example. Its second-hand marketplace is one potential outlet for Everphone’s rented and returned iPhones.

Powered by WPeMatico

UK report blasts Huawei for network security incompetence

The latest report by a UK oversight body set up to evaluation Chinese networking giant Huawei’s approach to security has dialled up pressure on the company, giving a damning assessment of what it describes as “serious and systematic defects” in its software engineering and cyber security competence.

Although the report falls short of calling for an outright ban on Huawei equipment in domestic networks — an option U.S. president Trump continues dangling across the pond.

The report, prepared for the National Security Advisor of the UK by the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, also identifies new “significant technical issues” which it says lead to new risks for UK telecommunications networks using Huawei kit.

The HCSEC was set up by Huawei in 2010, under what the oversight board couches as “a set of arrangements with the UK government”, to provide information to state agencies on its products and strategies in order that security risks could be evaluated.

And last year, under pressure from UK security agencies concerned about technical deficiencies in its products, Huawei pledged to spend $2BN to try to address long-running concerns about its products in the country.

But the report throws doubt on its ability to address UK concerns — with the board writing that it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects”.

So it sounds like $2BN isn’t going to be nearly enough to fix Huawei’s security problem in just one European country.

The board also writes that it will require “sustained evidence” of better software engineering and cyber security “quality”, verified by HCSEC and the UK’s National Cyber Security Centre (NCSC), if there’s to be any possibility of it reaching a different assessment of the company’s ability to reboot its security credentials.

While another damning assessment contained in the report is that Huawei has made “no material progress” on issues raised by last year’s report.

All the issues identified by the security evaluation process relate to “basic engineering competence and cyber security hygiene”, which the board notes gives rise to vulnerabilities capable of being exploited by “a range of actors”.

It adds that the NCSC does not believe the defects found are a result of Chinese state interference.

This year’s report is the fifth the oversight board has produced since it was established in 2014, and it comes at a time of acute scrutiny for Huawei, as 5G network rollouts are ramping up globally — pushing governments to address head on suspicions attached to the Chinese giant and consider whether to trust it with critical next-gen infrastructure.

“The Oversight Board advises that it will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated,” the report warns in one of several key conclusions that make very uncomfortable reading for Huawei.

“Overall, the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term,” it adds in summary.

Reached for its response to the report, a Huawei UK spokesperson sent us a statement in which it describes the $2BN earmarked for security improvements related to UK products as an “initial budget”.

It writes:

The 2019 OB [oversight board] report details some concerns about Huawei’s software engineering capabilities. We understand these concerns and take them very seriously. The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year Huawei’s Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of US$2BN.

A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation.

Seeking to find something positive to salvage from the report’s savaging, Huawei suggests it demonstrates the continued effectiveness of the HCSEC as a structure to evaluate and mitigate security risk — flagging a description where the board writes that it’s “arguably the toughest and most rigorous in the world”, and which Huawei claims shows at least there hasn’t been any increase in vulnerability of UK networks since the last report.

Though the report does identify new issues that open up fresh problems — albeit the underlying issues were presumably there last year too, just laying undiscovered.

The board’s withering assessment certainly amps up the pressure on Huawei which has been aggressively battling U.S.-led suspicion of its kit — claiming in a telecoms conference speech last month that “the U.S. security accusation of our 5G has no evidence”, for instance.

At the same time it has been appealing for the industry to work together to come up with collective processes for evaluating the security and trustworthiness of network kit.

And earlier this month it opened another cyber security transparency center — this time at the heart of Europe in Brussels, where the company has been lobbying policymakers to help establish security standards to foster collective trust. Though there’s little doubt that’s a long game.

Meanwhile, critics of Huawei can now point to impatience rising in the U.K., despite comments by the head of the NCSC, Ciaran Martin, last month — who said then that security agencies believe the risk of using Huawei kit can be managed, suggesting the government won’t push for an outright ban.

The report does not literally overturn that view but it does blast out a very loud and alarming warning about the difficulty for UK operators to “appropriately” risk-manage what’s branded defective and vulnerable Huawei kit. Including flagging the risk of future products — which the board suggests will be increasingly complex to manage. All of which could well just push operators to seek alternatives.

On the mitigation front, the board writes that — “in extremis” — the NCSC could order Huawei to carry out specific fixes for equipment currently installed in the UK. Though it also warns that such a step would be difficult, and could for example require hardware replacement which may not mesh with operators “natural” asset management and upgrades cycles, emphasizing it does not offer a sustainable solution to the underlying technical issues.

“Given both the shortfalls in good software engineering and cyber security practice and the currently unknown trajectory of Huawei’s R&D processes through their announced transformation plan, it is highly likely that security risk management of products that are new to the UK or new major releases of software for products currently in the UK will be more difficult,” the board writes in a concluding section discussing the UK national security risk.

“On the basis of the work already carried out by HCSEC, the NCSC considers it highly likely that there would be new software engineering and cyber security issues in products HCSEC has not yet examined.”

It also describes the number and severity of vulnerabilities plus architectural and build issues discovered by a relatively small team in the HCSEC as “a particular concern”.

“If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network, in some cases causing it to cease operating correctly,” it warns. “Other impacts could include being able to access user traffic or reconfiguration of the network elements.”

In another section on mitigating risks of using Huawei kit, the board notes that “architectural controls” in place in most UK operators can limit the ability of attackers to exploit any vulnerable network elements not explicitly exposed to the public Internet — adding that such controls, combined with good opsec generally, will “remain critically important in the coming years to manage the residual risks caused by the engineering defects identified”.

In other highlights from the report the board does have some positive things to say, writing that an NCSC technical review of its capabilities showed improvements in 2018, while another independent audit of HCSEC’s ability to operate independently of Huawei HQ once again found “no high or medium priority findings”.

“The audit report identified one low-rated finding, relating to delivery of information and equipment within agreed Service Level Agreements. Ernst & Young concluded that there were no major concerns and the Oversight Board is satisfied that HCSEC is operating in line with the 2010 arrangements between HMG and the company,” it further notes.

Last month the European Commissioner said it was preparing to step in to ensure a “common approach” across the European Union where 5G network security is concerned — warning of the risk of fragmentation across the single market. Though it has so far steered clear of any bans.

Earlier this week it issued a set of recommendations for Member States, combining legislative and policy measures to assess 5G network security risks and help strengthen preventive measures.

Among the operational measures it suggests Member States take is to complete a national risk assessment of 5G network infrastructures by the end of June 2019, and follow that by updating existing security requirements for network providers — including conditions for ensuring the security of public networks.

“These measures should include reinforced obligations on suppliers and operators to ensure the security of the networks,” it recommends. “The national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. National risk assessments will be a central element towards building a coordinated EU risk assessment.”  

At an EU level the Commission said Member States should share information on network security, saying this “coordinated work should support Member States’ actions at national level and provide guidance to the Commission for possible further steps at EU level” — leaving the door open for further action.

While the EU’s executive body has not pushed for a pan-EU ban on any 5G vendors it did restate Member States’ right to exclude companies from their markets for national security reasons if they fail to comply with their own standards and legal framework.

Powered by WPeMatico

EY’s Jeff Wong brings startups into the boardroom

jeff_t1 In this episode of Technotopia I talk to Ernst & Young’s Jeff Wong. Jeff is a former startupper and early member of the eBay team. Wong is EY’s future guru now and is helping his clients build out interesting new products in the blockchain space. We had a far reaching-conversation but what I really wanted to know is why a young person leaving college should go work for EY… Read More

Powered by WPeMatico

Acqui-hire experts Tasman acqui-hired by consulting juggernaut Ernst & Young

Ernst And Young So you wanna buy a startup? But how do you get the deal signed and roll their team into yours? Consulting behemoth Ernst & Young wants to have the answers and rule M&A advisory services in Silicon Valley. So today it acqui-hired Tasman Consulting, Bay Area specialists in integrating acqui-hires and acquisitions into their new parent companies. Read More

Powered by WPeMatico