Source: Finance Derivative
by Gal Helemski, co-founder and CTO, PlainID
In little more than a decade, ‘zero trust’ has gone from an industry buzzword to the cornerstone of every cybersecurity programme worth its salt. The concept is a simple but effective one – trust makes you vulnerable, so nobody/nothing should be automatically trusted – and in today’s fast-paced, highly data-driven business world, it makes a lot of sense. But like so many things in life, the true effectiveness of zero trust lies in its implementation, and it is here where there remains room for improvement.
Trust must be earned, not given
Security programmes based on zero trust are designed to remove some of the key assumptions that make alternative approaches weak by comparison. Perhaps the best and most common example of such an assumption is that if someone logs into a network with certified user credentials, they are indeed who they claim to be (and will therefore operate responsibly at all times). As many organisations find out to their detriment, user credentials are all too easy to steal and/or lose, meaning the longer a set is used unchallenged, the higher the chance that they may become compromised by someone with malicious intent.
Security should match the way we work today
With the rise of remote working over the last few years making modern workplaces more fragmented than ever before, zero trust has become increasingly important. This is because the ‘walled garden’ approach that traditional perimeter security programmes rely on is no longer applicable to most organisations, particularly those with large, highly dispersed workforces.
Instead, zero trust architecture focuses around one key decision – whether to grant, deny or revoke access to a resource, each and every time a user requests it. While there are a variety of ways to implement this, the U.S. National Institute of Standards and Technology (NIST) has set out a useful framework that emphasises zero trust should never be an exclusive agent of the network alone. Instead, for zero trust to be fully implemented, it must apply three levels of access control:
- Access to the network
- Access to applications
- Access to intra-application assets.
Without this kind of approach, true zero trust protection simply can’t be achieved. Why? Because of the dynamic nature of risk. Today’s digital enterprises are driven by intricate environments containing hundreds of applications, numerous different systems, hybrid legacy and “cloudified,” microservices-driven infrastructures. Such environments support hundreds — or even thousands — of continually evolving roles, which require the constant creation of new access scenarios.
Zero trust technology is still maturing
The good news for security professionals is that there’s an ever-growing range of powerful technologies now available that address some of the basic tenets of zero trust, particularly around advanced authentication and network access control.
However, these technologies still do not address each of the three critical levels of zero trust access control. In fact, the current focus of available zero trust offerings is primarily on the network and does not include adequate reference to, nor support for, zero trust at the application level, or within applications themselves.
For instance, the solutions that are most heavily touted as supporting zero trust include gateway integration and segregation, secure access service edge (SASE), and secure SD-WAN. The problem is, these are all focused on network-centric zero trust when what’s really needed is a solution that addresses each of the three access control levels in turn.
Dynamic authorisation holds the key
For many, the solution is dynamic authorisation – an advanced approach that grants fine-grained access to resources, including data assets, application resources, and any other asset based on the specific context of that session, in real-time.
Dynamic authorisation completes zero trust by powering two of the main processes that are vital to its full and complete realisation: runtime authorisation enforcement and high levels of granularity. When a user attempts to access a network, application or assets within an application, this initiates the evaluation and approval process that focuses on a range of key attributes, including:
- User level attributes – such as current certification level, role and responsibilities, and whether they can access confidential and personally identifiable information (PII)
- Asset attributes – such as data classification, location assignments and any relevant metadata
- The location that a user is authenticating from – including whether from an internal or an external system
- The number of authentication factors being used – i.e. with single, two factor or multifactor authentication
- Additional external attributes – such as the risk level of the system and more
The policy engine evaluates each of these and all other relevant attributes, before making a real-time decision on whether to grant access. Furthermore, each time access is attempted, a new decision is made. This process is designed to be extremely granular, evaluating all the attributes that are updated to that specific point in time, as well as the real-time context and environment, rather than attributes that were already predefined by the application.
The business landscape is rapidly evolving, which means cybersecurity must as well. Many organisations have already recognised the importance of a zero trust approach for keeping sensitive data safe in increasingly fragmented working environments. However, the way it is implemented is critical to overall effectiveness. By using dynamic authorisation to address each of the three levels of zero trust access control (access to the network, applications and intra-application assets) business leaders can be confident that users accessing sensitive data are not only who they claim to be, but that they also have the right to do so.
The modern pay experience and the role of financial education
Attributed to Judith Lamb, CHRO at CloudPay
Despite news that salaries are on the rise, and turbulent economic conditions are still being experienced globally, few businesses can afford to keep pace with the increase in wage rise demands that much of the workforce is seeking. But with skills shortages being felt across sectors, employers are finding they need an alternative solution to help their staff, without breaking the bank. This is why we believe offering financial education and wellness as an employee benefit can play a significant role.
Better financial benefits
There is a glaring gap in education curriculums for financial education, in the UK at least. This lack of focus in syllabuses means that providing a base level of understanding around financial management is often left to the individual or their employers. While businesses may be committed to supporting the wider skills development of their workforce, providing this guidance on what is often considered a life skill is rarely taken into account.
With the uncertain economic climate that staff continue to face, though, providing this support will be valuable to both the workforce and organisation as it will serve as a crucial attraction and retention tool. Household budgets are being stretched and over-inflated salaries won’t be a sustainable option for anyone. Any ability to make money go further will be welcomed by workers struggling to manage their finances.
It also can’t be overlooked that by improving general money management skills amongst workforces, firms can then gain from the knock-on benefit of enabling staff to make more informed decisions on a professional level as well.
A modern pay experience for modern needs
While financial education will certainly act as an advantage for the workforce, it more broadly follows the trend of providing a modern pay experience as a benefit that is growing in popularity. How and when people are paid, how they access their financial information and what control staff have over their payroll has changed significantly in the last year, and will only continue to do so.
Nowadays, people expect a consumer-like experience in more than just their shopping habits. Online banking has put greater control into the hands of individuals to manage their finances at the touch of a screen. This has translated into payroll as well, and flexibility is a key driver of this change.
While flexible working isn’t always an option or a desire for everyone, these type of benefits are. Permanent employees are questioning why they should wait for a rigid monthly pay day for work they’ve already delivered. This sentiment was certainly more widely felt in the peaks of the Cost-of-Living crisis, but is a challenge to the norm that has been picking up pace for some time.
That’s why we’ve seen solutions such as Earned Wage Access (EWA) becoming increasingly popular, largely driven by the demands of the workforce than employers themselves. Streamlining processes for firms and individuals has also become a priority in the modern world of work. Time is hugely valuable to everyone and for that reason, no one wants to wait around for the payroll or accounts teams to give them data relating to their own salaries, taxes or other documentation that they need at any given time.
Everyone is becoming more aware of how their information and data is stored and used, and no one wants to wait around to access their own personal documents when applying for a mortgage, for example. They want instant access and full control.
This demand for a modern pay experience that is underpinned by financial education or support from their employer is only going to increase in popularity. For payroll and finance teams, this really is a prime opportunity to showcase the role they can play in changing the employee experience for the better and improve recruitment and staff retention levels. But it takes a commitment to and investment in the right technology to achieve.
Judith Lamb is CHRO at CloudPay, the expert in global pay solutions
How will regulations effect the open banking sector?
Source: Finance Derivative
Martin Hartley – Group CCO of emagine Consulting
Comments on the future of the open banking sector and how it will affect the UK market.
“The UK Open Banking Sector is still primarily driven by regulation. In my view, two of the major current regulations will remain at the forefront moving forward, namely the CMA (Competition and Markets Authority), which mandated the major banks to provide open banking access to authorised third-party providers, and PSD2 (Second Payment Services Directive), which set the standards for secure data sharing. Cybersecurity regulations will only increase in importance, as will Brexit-related changes as any divergence between UK and EU standards could impact open banking.
“Over the upcoming months, increased data sharing through open banking will add crucial pressures to cybersecurity, likely creating a surge in the sector once again.
“I expect ongoing scrutiny and efforts to enhance data protection measures, potentially leading to more stringent cybersecurity regulations being adopted by businesses. I expect to see more partnerships between traditional banks and FinTechs or consultancy firms as they collaborate to enhance cybersecurity or offer innovative services to plug the gap. Conversely, there could be consolidation within the FinTech industry as companies merge to gain market share.
“When it comes to the size of the business and how it is affected, history has shown us that there are certainly positives and negatives of being an SMB when responding to new regulations. On the positive side, they can leverage their agility and they will have a more personal relationship with their customers, potentially leading to a higher level of trust. However, SMBs may face challenges due to their limited budgets and resources. The larger firms will have much larger budgets, allowing them to have more advanced IT systems and IT security, making it easier for them to integrate APIs and develop the necessary infrastructure.
“The benefits of open banking are endless, and the UK Government is showing their forward-thinking mentality in exploring the idea of implementing the technology to streamline wider services. But, much like anything, there are always pros and cons.
“Open banking would simplify payments for public services, making transactions quicker and more convenient for everyone. As it relies on APIs and authentication protocols, open banking would make payments more secure for the public and it would allow access to digital payments for members of the public who have smartphones but possibly no bank accounts. For any digital implementation, it goes without saying that we need to be aware of the risk of cyber attacks and data breaches. These, combined with the exclusion of non-tech savvy individuals, could mean that certain members of the public may not embrace the change, which poses a risk. There is also the additional cost of providing the infrastructure and this will have to be managed carefully to avoid burdening the taxpayer.
“We have already seen digital transformations in areas such as the GOV.UK Pay System and there are two main indicators of the success of any digital implementation; adoption rates and incidents. There haven’t been any high profile incidents that have hit the headlines in recent times so that to me is a huge positive and provides a level of confidence. It would be interesting to see how many government departments and agencies have adopted GOV.UK Pay for their payment processing needs to understand the system’s usefulness and acceptance within the government. The government must be committed to continuous improvement and to ensure that the system continues to comply with regulations and consciously drives the adoption rate to hit at least 90% of government departments and agencies.
“A favourable regulatory environment will encourage more banks and third-party providers to participate in open banking initiatives, leading to growth in the UK market and positioning the nation as industry leaders.”
Advancing green mobility for a sustainable future
Accelerating decarbonisation, the transition to SDVs and reshaping urban ecosystems, are helping revolutionise the global automotive industry
By Amit Chadha, CEO & Managing Director, L&T Technology Services
The world is changing. There is an urgent need for a transition toward sustainable practices to combat the threat of climate change. As global temperatures rise and weather patterns evolve, achieving net-zero emissions by 2050 could still help prevent irreversible damage to our planet.
With global carbon emission levels continuing to rise at an accelerated rate, there is a growing momentum toward addressing the scenario on war footing. As the most visible source of emissions, the automotive industry, and, consequently, the future of mobility, is in focus. By helping accelerate decarbonisation, reshape evolving urban ecosystems, and redefine the global automotive industry – we can help reverse the trend and preserve our shared future.
Green mobility has emerged as a major enabler in this direction. Leading stakeholders are becoming increasingly invested in developing a deeper understanding of the multifaceted realm of green mobility and its potential to shape a sustainable future.
Accelerating decarbonisation: A global mandate
Decarbonising the transportation sector is crucial to mitigate the harmful effects of climate change. Fossil fuel-based vehicles are responsible for a substantial portion of carbon dioxide emissions, exacerbating the greenhouse effect. To accelerate decarbonisation, governments and businesses today need to prioritise the adoption of clean, renewable energy sources, such as electricity and hydrogen, for powering vehicles and other modes of public transportation.
Automakers, recovering from the impact of the pandemic and global supply chain disruptions, are therefore exploring new avenues to meet the rising demand for electric mobility. Electric vehicles (EVs), by eliminating the need for fossil fuel-powered engines, play a vital role in improving overall air quality and have emerged as a promising solution for reducing carbon emission levels. They are capable of meeting the diverse needs of all kinds of drivers and offer affordable mobility and maintenance options. Recent advancements in battery technology, including the growing availability of charging infrastructure and incentives for adoption, have led to a significant rise in the EVs popularity.
However, to achieve widespread adoption of electric vehicles, there is a need to address key issues such as battery disposal, supply chain sustainability, and equitable access to EV technology.
Reshaping urban ecosystems: Driving the frontiers of change
Urban areas are central to the momentum around green mobility transformation. As growing global populations gravitate towards cities – congestion, pollution, and limited availability of green spaces have emerged as major challenges. As a result, cities must increasingly reinvent themselves to promote sustainable mobility and improve the quality of life for their residents.
Smart technologies and vertical green systems can contribute to a reduction in the energy demands of buildings by providing shade and insulation, mitigating urban heat islands, and cooling down public spaces. They also enable carbon sequestration, a reduction in pollution levels, and improvements in biodiversity.
Implementing efficient transportation systems, such as buses and trains powered by clean energy, can further reduce individual vehicle usage, traffic congestion, and emissions. Pedestrian-friendly infrastructures, cycling lanes, and micro-mobility solutions like e-scooters and bike-sharing programs can further help promote eco-friendly transportation choices. At a macro-infra level, smart city technologies and data-driven urban planning practices are helping optimise traffic flow, reduce idling times, and minimise fuel consumption.
Integrating green mobility into urban ecosystems is therefore a win-win proposition – fostering cleaner air, enhanced mobility options, and healthier communities.
From a public health perspective, improved air quality can drive a decline in respiratory and cardiovascular diseases linked to air pollution. Healthier citizens translate to a more productive workforce and reduced healthcare costs, further strengthening the growing impetus for vehicle electrification. The shift towards vehicle electrification offers significant economic benefits, including greater job creation, enhanced research and development, and greater investments in sustainable innovations. A consequent reduction in the demand for fossil fuels, scarce in terms of availability and mostly imported, in turn, helps enhance energy security and stabilise fuel prices.
Software Defined Vehicles: Pioneering the change
The global automotive industry is at the core of driving the emerging frontiers of green mobility. Traditional automakers and new entrants are racing to produce eco-friendly vehicles, and this competitive spirit, in turn, is transforming the industry landscape.
Automakers worldwide need to embrace sustainable practices by reducing their carbon footprint during the production process and implementing circular economy principles. Moreover, investing in research and development of alternative materials and manufacturing processes can lead to lighter, more energy-efficient vehicles. The rise of autonomous vehicles presents an opportunity to optimise transportation networks, enhance traffic flow, and reduce accidents. Leveraging this technology, in combination with electric and shared mobility solutions, can lead to a more sustainable and efficient future for transportation.
Software would play a key role in this direction, delivering a streamlined passenger and driver experience paradigm while ensuring conformity with the evolving regulatory standards. With Software Defined Vehicles (SDVs) increasingly constituting a focus area for major automakers worldwide, the future would witness a greater demand for digital engineering services to unlock new value streams.
The importance of ecosystem partnerships
Automotive industry stakeholders are already working with ER&D partners who can deliver across the value chain and understand each of the key parameters in the EV/SDV ecosystem. However, approaching separate vendors for product conceptualisation, design and development, testing, maintenance, manufacturing and after-sales support can increase costs and complexities.
An ER&D partner, equipped with multi-industry expertise, digital engineering capabilities, and a co-innovation commitment, can help drive transformation initiatives for transportation enterprises, overcoming technology constraints with cross-vertical learnings. Leveraging global delivery capabilities, the partner can also provide computing models that consume less energy, boost performance, and optimise data-led algorithms. In addition, they can enable scalable software stacks that leverage sensors and physical components to provide the safety and performance that electric vehicles need.
ER&D companies are also increasingly being called upon to help redefine focus areas with software, ensuring third-party integration, driving feature deployment, enabling CloudOps and fast over-the-air updates. The rising complexities within the connected car landscape further call for adopting software-defined designs that can overcome multi-layered challenges – ranging from development to subsequent deployment, maintenance, and updates.
A multi-stakeholder approach
Achieving the goal of green mobility demands collaboration among various stakeholders. Governments play a crucial role in enacting policies and regulations that incentivise the adoption of sustainable practices and technologies. Subsidies for EVs, emission standards, and urban planning regulations are some of the ways governments can drive the transition towards greener mobility.
Private sector involvement is equally critical. Corporate sustainability initiatives, investment in research and development, and partnerships for innovative mobility solutions can accelerate the transformation. Additionally, consumer awareness and support for eco-friendly practices are essential in shaping market demands and influencing business decisions.
Advancing green mobility is a pivotal step towards a sustainable future. By accelerating decarbonisation, embracing the transition to SDvs, reshaping urban ecosystems, and revolutionsing the automotive industry, this can combat climate change on a significant battleground. The collective efforts of governments, industries, and individuals are crucial in driving this transformation.
Embracing green mobility is therefore not just about reducing emissions, but rather, about fostering a healthier, cleaner, and more resilient world. It is about our common future –striving together toward a prosperous, inclusive, and sustainable tomorrow.