Blockchain

iDenfy, a Lithuania-based RegTech startup specialising in ID verification and fraud prevention solutions, announced a new partnership with Bitlocus, a regulated cryptocurrency exchange platform known for its comprehensive crypto-to-fiat and fiat-to-crypto solutions. iDenfy’s full-stack Know Your Customer (KYC) solution will aim to increase conversions and help Bitlocus maintain a simple and compliant verification flow.  Need for identity verification solutions As the cryptocurrency industry continues to expand, the importance of robust security measures has never been more critical. In 2023 alone, cryptocurrency investment scams and fraud cases resulted in losses of over $4.57 billion. These alarming statistics underscore the urgent need for effective identity verification solutions to protect users and maintain trust within the digital asset market.  Anti-Money Laundering (AML) technologies Bitlocus has taken proactive steps to safeguard its platform by partnering with iDenfy Bitlocus, recognising these challenges, has taken proactive steps to safeguard its platform by partnering with iDenfy and implementing its fully automated identity verification, along with extra Anti-Money Laundering (AML) technologies, such as Politically Exposed Persons (PEPs) and sanctions list screening, as well as adverse media screening to ensure a more effective risk management process.  Bitlocus is a regulated crypto exchange platform, established in 2019, which offers a range of services designed to meet the needs of retail clients with its decentralised financial solutions. KYC and AML compliance services According to the crypto platform, what sets Bitlocus apart from its competitors is its commitment to providing a secure trading environment and a suite of ready-made tools to help other FinTech and crypto projects thrive, as Bitlocus’s mission is to empower other businesses to grow by providing them with the necessary blockchain infrastructure.  As a company that’s scaling itself, Bitlocus needed a feature-rich RegTech platform that would offer both KYC and AML compliance services under one platform, which wouldn’t require partnering with multiple vendors. Ease of integration Additionally, Bitlocus wanted to customise its verification flow based on various risks, which meant more rigorous checks for customers who showed signs of suspicious activity.   As a result, the company chose iDenfy over other providers due to its ease of integration, solid market reputation, competitive service package, and its ability to support different compliance processes, like verification and AML screening. Advanced biometric and face recognition algorithms Bitlocus can utilise iDenfy’s advanced biometric and face recognition algorithms and ensure high accuracy For Bitlocus, this meant more opportunities and potential expansion of its service offerings. Currently, the platform offers Crypto-as-a-Service, White-label crypto exchanges, payment gateways, NFT development, advisory services, and more.  Through the new partnership, Bitlocus can utilise iDenfy’s advanced biometric and face recognition algorithms and ensure high accuracy in verifying user identities. Their ability to recognise, verify, and extract information from over 3,000 identity documents across 200 countries and territories allows comprehensively and precisely identify and analyse users' documents on a global scale. Near-perfect user experience More importantly, the switch to a comprehensive KYC/AML platform helped the crypto business change the user experience, making the KYC check a simple, four-step process that takes less than a minute on average. For Bitlocus, ensuring that every user is checked correctly is not just a regulatory requirement but a cornerstone of its commitment to providing a safe trading environment. Bitlocus’s decision to integrate iDenfy’s identity verification and AML screening solutions was driven by the need to enhance its security protocols while maintaining a near-perfect user experience, which is vital for the current crypto industry’s standards.  Maintaining security standards “With iDenfy, we already noticed positive changes in our user onboarding process. The ability to quickly and accurately verify our users’ identities allows us to maintain the highest security standards on our platform,” said Andrius Normantas, the CEO of Bitlocus.  Domantas Ciulde, CEO of iDenfy, commented on the partnership, “We’re very excited to work with Bitlocus. Our team’s expertise allows us to optimise the experience, both for the end-users and the platform’s internal compliance team, with a focus on certain nuances that are vital in the crypto sector.”

Aerospike, Inc. announced that the BSV Blockchain trials of Aerospike, which underpins its groundbreaking Teranode blockchain transaction platform, has achieved sustained throughput of over three million transactions per second (TPS), enabling Teranode to support over one million global BSV Blockchain transactions per second (100 billion a day). These results far outstrip the performance of traditional core banking infrastructure and payment systems. BitCoin (BTC), the first and most common implementation of Bitcoin, supports just seven transactions a second (605,000 a day). Scale of digital asset transactions BSV Blockchain is an enactment of the famous Bitcoin whitepaper written by Satoshi Nakamoto The BSV Blockchain is an implementation of the famous Bitcoin whitepaper written by Satoshi Nakamoto. BSV Blockchain is designed to overcome the limitations of earlier implementations, such as Bitcoin and Bitcoin Cash, around scalability, transaction speed, and realising a truly distributed network. This is achieved, in part, by having an unlimited block size, but a larger block requires a new infrastructure approach to achieve high performance and a low cost per transaction. Aerospike meets these challenges and enables Teranode and BSV Blockchain to support an unlimited scale of digital asset transactions across a host of new categories. These include protecting intellectual property rights, enabling direct financial transactions between two parties with no intermediary, and Web3, which, when implemented, will allow millions of microtransactions to take place daily, supporting new granular payment models, such as pay as they use data. Aerospike enables 100 billion Bitcoin transactions a day The BSV Association, which works to advance business on the BSV blockchain, explored multiple DBMS architectures to underpin Teranode. Traditional RDBMS solutions and other NoSQL technologies were cost prohibitive, however, requiring a disproportionately high investment in expensive RAM and other resources across the global network that push up costs and impact scalability. Conversely, Aerospike’s NoSQL architecture makes Teranode exceptionally efficient, maintains performance as Teranode scales, enables a cost per transaction that undercuts traditional payment providers, and is financially sustainable to support micro-transactions. Aerospike’s NoSQL architecture makes Teranode very efficient, keeps version as Teranode scales Siggi Óskarsson, Teranode Director at BSV Association, said: “Aerospike has enabled us to achieve our goal of creating a platform that supports boundless transactions far beyond the financial, with unmatched performance. The Aerospike database enables low and sustainable implementation costs and will scale with ease as the BSV Blockchain adds support for large-scale enterprise and governmental blockchain applications.” Faster and more reliable mining Aerospike’s performance and strong consistency gains also enable those mining for new coins. In cryptomining, cost, speed and scale are all equally vital to the individual miner. Solutions prior to Teranode could incur substantial latency on each interaction with the Blockchain, but the efficiency and distributed nature of Aerospike means that Teranode users experience <10 ms latency and much higher throughput on their existing infrastructure. Aerospike’s native consistency features also dramatically reduce the risks of inconsistencies, which would take a miner offline and result in loss of revenue when, all the while, they are paying for expensive infrastructure. Behrad Babaee, Principal Solutions Architect at Aerospike, said: “The potential for unboundedly scalable core systems could revolutionise financial infrastructure modernisation. This implementation of Aerospike clearly demonstrates its ability to outperform traditional RDBMS banking systems, which are often unscalable and inefficient on every metric. Aerospike, as part of Teranode, is transformative for the BSV Association, enabling it to easily scale, with no need for the complexity and risks associated with dedicated solutions to manage scaling.” 

IRClass Systems and Solutions Pvt Ltd (ISSPL), announces the launch of a Digital Centre to offer a wide range of technology solutions. The Digital Centre, located in Mumbai, was inaugurated by the Chairman of ISSPL – Mr. Arun Sharma. The Digital Centre will provide a comprehensive suite of services to help organisations navigate the digital landscape across maritime and non-maritime sectors. New cybersecurity services ISSPL recognises the critical importance of cybersecurity in the digital landscape. The company’s new cybersecurity services offer tailored solutions to safeguard organisations from evolving cyber threats, which include vulnerability scanning and penetration testing. The centre also includes an Internet of Things (IoT)/Operational Technology (OT) testing lab and will offer services like digital forensics, AI, ML, and blockchain. At the launch event, Mr. Arun Sharma, Chairman of ISSPL, said: "The ISSPL Digital Centre serves as a comprehensive cybersecurity solution for all maritime and non-maritime needs. With a commitment to excellence and customer satisfaction, ISSPL aims to be the trusted partner for organisations seeking to confidently navigate the digital landscape."

SecuX, a blockchain security and cryptocurrency hardware wallet company, join them on May 29, 2024, at 3:00 PM at Halcyon, Austin, Texas, for an exclusive side event at the 2024 Consensus conference. "Safeguarding the Future: Innovations in Blockchain Security" brings together industry pioneers and experts to explore the latest trends and innovations in blockchain security. Engage with top experts and speakers, as they share insights on securing digital transactions and infrastructures. The event features keynote sessions, Q&A, and networking opportunities. Don't miss this chance to connect with like-minded professionals and stay ahead in the blockchain security landscape. New product lines In addition to thought-provoking discussions, SecuX will unveil its new product lines designed to enhance digital security: Neo Series: Neo-X: A premium hardware wallet featuring a sleek space grey metal casing, engineered for crypto enthusiasts and investors. It supports over 5000 cryptocurrencies and various NFT blockchains such as Ethereum, Solana, Polygon, and BSC. With WalletConnect for seamless Dapp interactions and the ability to display NFTs directly on the hardware wallet, the Neo-X ensures top-tier security and a user-friendly experience. NeoGold: Tailored specifically for beginners, this metallic gold hardware wallet offers a fast and simple setup with step-by-step illustrated instructions. Despite its beginner-friendly design, the NeoGold provides the same comprehensive security, ease of use, and extensive crypto coverage as the Neo-X, making it ideal for those new to cryptocurrencies. SecuX Forte: SecuX Forte is a groundbreaking encrypted USB memory stick designed to offer unparalleled security for important files and documents. Utilising AES 256 encryption technology and anti-brute force attack features, SecuX Forte ensures data protection from unauthorised access and is available in 64 GB and 128 GB capacities. The device automatically locks upon unplugging and includes a password hint feature to prevent losing access to stored data. Groundbreaking security solutions These innovative products will be available on the crowdfunding platform Indiegogo for a limited time with an early bird offer. Attendees of the event will have the exclusive opportunity to be among the first to experience these groundbreaking security solutions. SecuX is committed to pioneering advancements in blockchain security, ensuring the safety and integrity of digital assets for individuals and businesses alike. Join them at Consensus 2024 and be part of the future of blockchain security.

Siren, the all-in-one investigation platform company on a mission to keep people, assets and networks safe, and Chainalysis, the blockchain intelligence platform, announced details of a strategic partnership at the annual Chainalysis Links event in New York. As cryptocurrency becomes more mainstream and used by both good and bad actors, the partnership addresses the increasing need for more sophisticated intelligence technology to fight illicit cryptocurrency activity. Chainalysis’ mission Many believe cryptocurrency is the future, and it is expected that blockchains will soon be the world’s primary mechanism for the exchange of value. Chainalysis’ mission is to build trust in blockchains, setting the stage for the mass adoption of crypto in a way that gives participants safety and security.  Its data powers investigation, compliance, and market intelligence software that has been used to solve some of the world’s most high-profile criminal cases and grow consumer access to cryptocurrency safely. AI-driven search functionality Using patented technology, Siren delivers a modern search venture at firm speed and scale Siren is an AI-driven investigative intelligence platform that is used by some of the world’s pioneering Law Enforcement, National Security and Cyber threat investigators. Siren connects and enriches local classified information with external vendor data as well as data available from public sources to identify patterns, actors and events. Siren’s AI-driven search functionality dramatically reduces the complexity in searching for intelligence-like browsing the internet or shopping online anyone can search for intelligence links, regardless of technical abilities, across multiple data sources and get immediate results on both desktop and mobile devices. Using patented technology, Siren delivers a modern search experience at enterprise speed and scale, making advanced intelligence queries accessible to all across the organisation. Chainalysis Investigations solution Studies API is a REST-based API that programmatically aids to prioritise and accelerate studies Through the collaboration, illicit activity is easier to identify in real-time across multiple data sources, including Chainalysis’ on-chain data, allowing investigators and analysts to map addresses to named services, detect illicit activity as it happens, and build cases. The Siren platform leverages the Chainalysis Investigations API (IAPI), part of the Chainalysis Investigations solution. The Investigations API is a REST-based API that programmatically helps to prioritise and accelerate investigations. This ensures investigation teams can focus on the most important cases with the highest likelihood of success. The IAPI enables data engineers and scientists to enrich existing datasets with Chainalysis insights to enhance large-scale investigations, surface new leads, and uncover previously unknown connections between different cases for deconfliction. New York at Links 2024 John Randles, CEO of Siren, said: "Linking to crypto across multiple data sources is pivotal for investigators. We're delighted to announce the partnership here in New York at Links 2024. We were lucky to attend a couple of Chainalysis events last year and experience first-hand the synergies in our offerings and missions." John Randles will speak on Day Two of Chainalysis Links 2024 on the Intersection of AI and Crypto panel. Shannon Hughes, Senior Director, Head of Business Development and Partnerships commented: "Cryptocurrency is no longer just a niche specialty for elite cyber law enforcement units – our customers find connections to crypto across national security, crime, fraud, and cyber threats. This partnership enables investigators to combine Chainalysis data with other data sources to identify intelligence signals and actionable leads across specialties. This is the future of harnessing the transparency of blockchains to build a safer economic system."

The inaugural Milipol Asia-Pacific & TechX Summit (MAP-TXS) will take place from 3 to 5 April 2024 at Sands Convention Centre, Singapore. Jointly organised by Singapore’s HTX (Home Team Science and Technology Agency), GIE Milipol, and Comexposium Singapore, the biennial event comes under the auspices of the Ministry of Home Affairs, Singapore, and the Ministry of the Interior of France. Singapore’s Minister for Home Affairs and Minister for Law, Mr. K Shanmugam will deliver the opening address at Milipol Asia-Pacific & TechX Summit 2024. Innovations in Homeland Security Themed - 'Powering Innovation: A Safe & Secure Future', the event is positioned to be Asia Pacific’s flagship homeland security gathering covering both public and private sector security. Milipol Asia-Pacific’s trade exhibition will showcase the latest innovations in homeland security, while the TechX Summit will host prominent Government officials, industry pioneers, and academia at this high-level conference. Artificial intelligence and homeland security TechX Summit delves into a spectrum of specialised topics including the deployment of AI in homeland security Spanning 14,500 sqm, over 350 international exhibitors and 10,000 senior government officials, operational experts, industry pioneers, security providers, integrators, and academia will converge at the event to discuss the latest solutions, strategies, best practices, and challenges; share technological trends; and foster greater collaboration within the regional homeland security community. Centered around the theme - 'Artificial Intelligence and Homeland Security', the TechX Summit delves into a spectrum of specialised topics including the deployment of AI in homeland security by governments worldwide; the industrial integration of AI; AI safety and regulation; biometrics and blockchain; the fight against cybercrimes and scams; and human-centric AI innovation. Conference panelists Prominent personalities who will speak at the conference include: Dr. Dimitri Kusnezov, Under Secretary for Science and Technology, US Department of Homeland Security; Jean-Christophe Fondeur, Chief Technology Officer, IDEMIA; and Professor Simon Chesterman, Vice Provost, and Senior Director of AI Governance at the National University of Singapore. Enhance public safety and security Chairman of TechX Summit 2024, and Assistant Chief Executive (Programmes) at HTX, Sean Tan, said, “The collaboration between HTX, GIE Milipol, and Comexposium Singapore in organising Milipol Asia-Pacific & TechX Summit underscores the importance of leveraging S&T to enhance public safety and security in the Asia Pacific." Sean Tan adds, "We have brought the best of both worlds together – the trade exhibition with the latest S&T solutions and global experts for the conference to provide an impactful and engaging platform to foster even greater collaborations within the homeland security community.” Capable and efficient security systems Milipol Asia-Pacific’s Managing Director, Andrew Marriott, said, “Countries are uplifting their security systems partly to reduce manpower utilisation and to drive more capability and efficiencies. Increased security budgets across the region are attributed to more technology to be procured." Andrew Marriott adds, "As we continue to build eminence across the region, we are delighted that our new partnership with HTX reinforces this event’s objective and theme across Asia Pacific.”

It’s no secret that the data security sector is constantly changing. It has an annual CGR of about 12.3%. Future trends in data security Much of this has to do with the rise of cybercrime in recent years, with reports showing that cyberattacks happen as often as every 39 seconds. To combat the growing rate of cybercrime, data security has been on the rise. As we journey further into this era, it becomes evident that a spectrum of significant trends is molding the future of data security. This exploration delves into a selection of these trends, unraveling their importance and the potential implications they carry  1. AI security tools will increase  Artificial Intelligence is also being used in the development of smart attacks and malware The introduction of Artificial Intelligence in the data security industry brought significant changes, especially in cybersecurity. AI has been the golden standard for face detection, natural language processing, automated threat detection, and automated security systems. Additionally, Artificial Intelligence is also being used in the development of smart attacks and malware, bypassing even the latest security protocols in data control. And as time progresses, AI security tools will flourish and dominate the scene. Let’s take a more in-depth look at three of the top AI security tools. Targeted attack analysis tool  Manufacturers utilise targeted attack analysis tools to uncover targeted and stealthy attacks. Artificial Intelligence can be applied to the program’s capabilities, processes, and knowledge. For instance, Symantec launched this tool to combat the Dragon 2.0 attack in 2022. The phishing attack reprimanded multiple energy companies while trying to gain access to their operational networks. Targeted Attack Analysis Tools can analyse incidents and look for similarities from previous situations. They also help detect suspicious activities and collect all the necessary data to determine whether a specific action is malicious. Intercept X tool  Results from the Intercept X Tool feature high accuracy and a low false positive rate Sophos, a British security hardware and software company, launched the Intercept X Tool. It engages a neural network that records and analyses data like a human brain. Sophos’ Intercept X Tool can extract features from a single file and perform a deep analysis. It detects malicious activities within 20 milliseconds. Plus, it’s also trained to work on bi-directional sharing and real-world feedback of threat intelligence. Results from the Intercept X Tool feature high accuracy and a low false positive rate.  IBM Watson Technology  IBM’s QRadar Advisor uses IBM Watson Technology, a unique AI tool for fighting cyber attacks. Artificial Intelligence can auto-investigate activities and indicators for potential exploitation or compromise. With cognitive reasoning, IBM Watson Technology can present critical insights to accelerate the response cycle. Security analysts can utilise this technology to search for threat incidents, reducing the risk of letting them fly under the radar. 2. Blockchain as a security solution  It guarantees no points of failure or hackable entrances that can expose datasets inside the system Blockchain is a type of distributed ledger technology (DLT) that aims to establish trust within an untrusting ecosystem. Today it’s one of the most robust cybersecurity technologies in the industry. Blockchain utilises a decentralised ledger system, but your team members can still gain access to transparent information in the cloud. Members can also record, pass along, and view necessary transactional data in the blockchain. The entire blockchain process maintains data integrity within the system while establishing trust among team members. It guarantees no points of failure or hackable entrances that can expose datasets inside the system. Cybersecurity, biometrics Cybersecurity primarily benefits from these features because blockchain can create a secure and robust wall between data and hackers. On top of that, blockchain ledgers can include biometrics like fingerprints and retina scans. These prevent hackers from accessing any private data. Because blockchain is decentralised, it also limits hackable data. Together with the technology’s record-keeping system, each node is provided insight into data manipulation exposing real-time cybercrime attempts.  3. Increased and widened access control  Without access control, expect your company to be open to security issues, including theft, data loss, and breach of data Access control is critical in data security. More than a valuable security tool, business leaders can use access control to regulate people accessing any given resource. A company with an IT security setting can control who has the liberty to edit certain files. One of the primary goals of access control is to minimise threats or attacks to organisations and businesses to keep people and data secure. Without access control, expect your company to be open to security issues, including theft, data loss, and breach of data protection laws. Benefits The benefits of increased and widened access control include: Identifying who can access and control your data at specific time intervals. Protecting data from overwriting, accidental deletion, and malicious intent. User permissions that can be readily changed. Compliance and regulation with data privacy laws. Central management of access to data through a reporting portal or a dashboard.  Multi-factor authentication Access control comes in various types and systems, so it’s critical to know the features of what you’re looking for. The most common type is multi-factor authentication or MFA. It involves multiple steps before logging in, requiring the user to enter other relevant information besides the password. Some other examples of information include biometrics, answering a security question, or entering a code sent to the user’s email address. Two-factor authentication, role-based access control Two-factor authentication further prevents unauthorised entries that can result in unnecessary data possession Two-factor authentication further prevents unauthorised entries that can result in unnecessary data possession.  Another type of access control is role-based access control. In this setup, only one individual can set up access guidelines and grant permissions to specific team members within an organisation. 4. Greater use of the zero-trust security model  The zero-trust security model is a framework that requires every user within and outside the organisation to undergo authentication, authorisation, and validation. These are all essential to ensure proper security configuration before access is granted to the company’s applications and data. A zero-trust model assumes that anyone can cause data breaches and that a traditional network edge is not taken into effect. Moreover, it addresses the following modern-day challenges: Hybrid cloud environments. Security of remote workers. Ransomware threats.  This framework utilises the combination of multiple advanced technologies, including:  A risk-based multi-factor authentication. Endpoint security.  Identity protection.  Cloud workload technology.  The zero-trust model uses all these innovative tools for system identification, user verification, access consideration, and system security maintenance. Constant validation and monitoring Enforcing strict policies and compliance with data privacy laws are also essential Additionally, it also considers data encryption, email security, and asset verification before establishing connections with applications. The architecture of a zero-trust framework requires constant validation and monitoring of the users and the devices they are using. Enforcing strict policies and compliance with data privacy laws are also essential. More importantly, the zero trust architecture requires all organisations to be aware of all their available services and accounts to gain complete control of data handling and manipulation. 5. Increased privacy regulations  Privacy regulations and policies guide organisations in proper data control, handling, and security. These policies guide organisations in proper data control, handling, and security. As a responsible business owner, you must comply with these regulations to avoid legal issues. With cybersecurity attacks becoming common, expect increased and stricter privacy regulations to be released in the next few years. While current policies are still taken into effect, various modifications and adjustments will occur to compete with the rising numbers of data breaches, thefts, data loss, and more.  California Privacy Rights Act (CPRA) Currently, the California Privacy Rights Act (CPRA) is the most comprehensive legislation on state data privacy. It only started to take effect on January 1, 2023. The CPRA introduces the following principles: Broad individual consumer rights. Significant duties of people who need to collect sensitive and personal information. Additional definitions of data privacy and security. An individual’s duties include releasing information about data collection to concerned data subjects and proper access, correction, and deletion of information. Final thoughts  2023 is a big year for data security. Trends such as increased adoption of zero-trust policies, a greater reliance on AI security tools, and the implementation of blockchain as a security solution are all things we expect to see shortly.  Staying up-to-date with these trends is important for keeping your business current and ensuring that you’re adhering to new and changing regulations. Doing so can give you an edge over the competition and keep you out of legal hot water.

Identity management is an important element of both data security and physical security in an organisation. But all ID management solutions are not the same—especially when it comes to security. There are no uniform security standards for the industry, and many off-the-shelf systems fall short when it comes to data protection. To protect people, property, and data, make sure you select a system that maximises security at every stage. What is identity management? Identity management—also known as ID Management (IdM) or Identity and Access Management (AIM)—is a framework for managing digital identities and controlling who has access to what. It includes both policies laying out what types of access different people should have and technologies for enabling and enforcing those access controls. An identity management system makes it easy for IT to define access levels for individuals or groups within the organisation. Each user is assigned a unique identity within the system with specific user rights and restrictions These systems enable companies to increase security and productivity while reducing the costs and labour associated with security efforts. At the lowest level, identity management involves defining what a user is allowed to do on a network, with what devices, and under what circumstances. Each user is assigned a unique identity within the system with specific user rights and restrictions. Specific business system For example, what files, business systems, and programs is the user allowed to access? What are they allowed to do within a specific business system? What physical locations and resources are they allowed to access, and at what times? Access rights and restrictions may be role-based or individualised. An IdM system may provide the backend for a Single Sign-on (SSO) system that controls access to everything on the network with one user identification key. Many security products focus on mobile device management (MDM) systems that control access of devices to the corporate network. As more workers shift to remote and hybrid models, managing what devices are authorised to connect to the network, how users are authenticated when they log on to the device, the activities that can be performed by these devices while on the network, and the data and applications they have access to while offline is essential. Meeting the security challenge Ultimately, the ID management system is only as secure as the access system it connects to In an IdM solution, the user administration system that provisions the roles and rights within the system is linked to an access system that verifies the identity of the user. Ultimately, the ID management system is only as secure as the access system it connects to. Access systems include input screens for passwords or PINs, biometric input systems (such as fingerprint or facial recognition), or readers that connect to identification media (such as an ID badge or smartphone) via Radio-Frequency Identification (RFID), Bluetooth® Low Energy (BLE), or Near-Field Communication (NFC). Some systems may require multifactor identification. RFID and smartphone-enabled BLE and NFC access systems are highly popular for their combination of security, reliability, user convenience, and ease of administration. While there are many access systems available, there are no uniform standards for security—and many standard systems are not very secure. User administration system When evaluating security for an IdM and access system, there are two important aspects to consider. Data storage: How is data stored in the IdM system and on the local reader or input device? Are user identities, rights, and activity logs stored in an unencrypted table on a single server or device? Is a blockchain system used for data storage? Or something in between? Data transmission: How is data transmitted between the access system and the user administration system? Is data transmitted in encrypted form? Is the Advanced Encryption Standard (AES) used? Security starts with the creation of the user ID and identification medium Security starts with the creation of the user ID and identification medium. To protect business data and systems, organisations should look for an IdM solution that uses industry best practices for encrypted data storage and transmission. If using ID badges—as a majority of organisations still do—they also need to consider how and where those badges are produced. Industry best practices For example, our partner evolutionID offers a secure ID-Management system with extended security functions. In-house badge production enhances security by eliminating the need to send sensitive, personalised data to a third-party badge printer. It also streamlines the badge production process, so employees can get their badges right away without waiting. With the creation of the identification medium, individual security features such as biometric properties, user ID, and permissions can be programmed directly onto the transponder card using an RFID reader or distributed to relevant systems by interfaces. This system maximises security and gives organisations the tools they need to customise their security concept for their needs. On top, cost-saving self-service features such as image acquisition or badge management are available for every employee on any device.

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”

The U.S. Department of Homeland Security (DHS) will be participating at ISC West in a big way. Representatives of the federal department will be taking part in more education sessions this year, and the DHS tech-scouting team will be on hand to view the latest technologies on display at the show. Exhibitors – and anyone else at the show – are invited to the “DHS Town Hall” on March 19 (Thursday) at 3:30 p.m. in meeting room Galileo 1001. The aim is for DHS to engage with the technology community and provide guidance as industry innovation moves forward. In the face of growing operational demands and complex threats, the need for homeland security technology solutions continues to rise. The Department of Homeland (DHS) is seeking new ideas and partners to safeguard public trust, save lives, reduce risks, and protect the flow of commerce and goods for the community. They will share information about the department’s problem sets, capability needs and business opportunities for accelerating technology development to ensure they are keeping pace with the speed of innovation and complex threats. Speaking at ISC West DHS seeks to challenge industry partners to develop technology to enhance security operations across multiple end user missions. The DHS Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) will jointly speak and exhibit at ISC West. Attendees can meet DHS professionals working in cyber security, critical infrastructure, resilience, aviation security, border and port operations, and first responder capabilities. Attendees are invited to visit the DHS exhibit booth #33040 in the Drones and Robotics Zone. The DHS Town Hall on Thursday, titled “Enhancing Security and Doing Business at the Speed of Life,” will be a “call to action” for show participants to help secure the future. DHS seeks to become more agile and to pursue new pathways to do business in a fast-moving world. Through strategic partnerships, DHS is mobilising the innovation community to safeguard the public trust. Security sessions DHS will also be participating in these sessions at ISC West, March 17-20 at the Sands Expo, Las Vegas, Nev: You Say It’s Going to Change the World? Tues., March 17, 9:45 a.m., Sands 302. Security relies on anticipating what comes next and staying a step ahead. How will 5G increase secure capabilities and reduce threats from bad actors? How will blockchain secure personal and financial identity and when will quantum computing render all encryption obsolete? How is DHS investing in counter-drones? How does AI change the security landscape? The New Federal Security Landscape – Are You Prepared? Wed., March 18, 1 p.m., Sands 302. The federal security landscape is evolving alongside the private sector. What are the new high-risk areas of concern and how are emerging threats (cyber, UAS) changing the way federal facilities are protected? How are these new risks balanced against traditional ones? How is the Interagency Security Committee (ISC) responding? DHS panelists will discuss. CISA Special Guest Speaker at SIA Interopfest. Wed., March 18, 4 p.m., Sands 701. Daryle Hernandez, Chief, Interagency Security Committee, DHS, Infrastructure Security Division, will provide insights to complement the technology interoperability demonstrations. Enhancing Security Through UAS Technology, A DHS Perspective. Thurs., March 19, 11:30 a.m., Venetian Ballroom. What is DHS doing today to prepare for a future of increased visualisation and automation? New questions are emerging around capabilities and vulnerabilities. Emerging technologies like AR, Next Gen Sensors, and UAS, provide the Department of Homeland Security (DHS) with tools to become more responsive and adaptive to new threats.

Art&Co., the world’s renowned online art auction for COVID-19 relief that connected art, finance and support groups, brings continued relief to COVID-19 victims a year on, via blockchain technology provided by LuxTag. LuxTag's blockchain solution Records of funds raised and dispensed to seven charities and various artists were documented using LuxTag's blockchain solution, providing a perpetual audit trail. The receiving charities providing healthcare, food, medicines and guidance to those affected by the contagion were ICU steps, The Care Workers Charity, Khalsa Aid International, Painting Our World in Silver, Solace Women's Aid, Za Teb and Race on the Agenda. The artwork collated came from more than 30 emerging artists as well as famous creators such as Pablo Picasso, Salvador Dali, Jeff Koons and Andy Warhol. The aggregate value of art available in the auction was £1.65 million (US$ 2 million) with prices ranging from £1,000 ($1,250) to £36,000 (US$ 45,000). All art created represented themes connected to the continued trying times, such as health, nature and spirituality. Blockchain technologies for immutable transactions record  Blockchain technologies provide an immutable record of transactions, transparent and open for inspection 24/7" “Blockchain technologies provide an immutable record of transactions, transparent and open for inspection 24/7,” said PremFina Group’s Chief Executive Officer (CEO), Bundeep Singh Rangar, adding “The use of LuxTag's blockchain technology not only helped record the dispersion of funds to charities, it bridged a gap between art and technology via a philanthropic cause.” “Artwork is of unique beauty and often, the beauty lies in its uniqueness. At LuxTag, we work hard to protect unique objects and their authenticity, so projects like Art&Co. 2020 are duly close to our heart,” said Jeff McDonald, the Founder of LuxTag, adding “Blockchain technology, authenticity and provenance of artwork are vivid examples of how traditional crafts can be enhanced with modern tech.” Charity work for the live Art&Co. auction Silicon Valley tech investor, Tim Draper hosted the final live auction event to drum up donations for the live Art&Co. auction, while commenting on the ability of blockchain technologies to record provenance, authenticity and ownership of art objects. Fundraising for charities and not-for-profits has become increasingly significant, as demand for their services have increased and conventional funding routes have shrunk. Helping charities in COVID-19 pandemic period More than 300 million COVID-19 infections have been recorded worldwide and new virulent variants of the coronavirus (COVID-19 virus) have emerged, such as Omicron and Delta. Nearly 15 million people have been infected in the United Kingdom, resulting in more than 150,000 deaths.

Pluralsight, Inc., the enterprise technology skills platform announced that Frontier Software is partnering with Pluralsight to upskill its workforce and modernise its technologies while executing on its mainstay software solutions. Implementing intelligent workflow automation process Frontier has partnered with Pluralsight to implement technology skills development that will close its skills gaps Based in Australia, Frontier Software provides integrated HR and payroll solutions to more than 1,500 organisations across 23 countries throughout Europe, the Asia Pacific, and the Far East, including payroll services to nearly 10% of Australia’s workforce. To keep up with the rapid pace of change and enable the business to continually evolve to meet client expectations in the age of technology, Frontier Software has partnered with Pluralsight to implement a technology skills development strategy that will close its skills gaps and transition the company’s manual processes to intelligent workflow automation and robotic automated processes. Skills development  “Keeping the business and technologists relevant in the marketplace while delivering product offerings that meet what the market demands are the hallmark of a successful business,” said Darren Hnatiw, Chief Technology Officer at Frontier Software. “Providing a solid foundation for technical skill development keeps employees engaged and satisfied while helping Frontier Software ensure we’re getting the most out of our resources.” Upskilling workforce Access to self-paced learning and quality content means we don’t have to spend resources bringing in external consultants" With Pluralsight, Frontier Software can address immediate resource needs to support current solutions by upskilling its workforce. Team members are empowered to develop the technology skills of today and the future in a way that is tailored to their role. Individuals can also take courses they deem valuable to their growth and use Pluralsight’s Skills IQ assessments to identify how to focus their effort. “The impact with Pluralsight has been huge,” added Hnatiw. “Access to self-paced learning and quality content means we don’t have to spend that time and resource bringing in external consultants.” Developing emerging technology skills Frontier Software not only uses Pluralsight to keep team members engaged and upskilled, but it is also using Pluralsight as part of its strategic roadmap to lay a foundation to develop emerging technology skills, such as blockchain and artificial intelligence, that will move the company forward. “Whether we’re addressing the needs of our core offerings, transitioning developers to web development, or steeping ourselves in new, disruptive technologies, we know we can use Pluralsight to get to the meat of their content quickly,” added Hnatiw.

Traka’s innovative key and equipment management solutions have been installed at a new national distribution centre for a top four UK supermarket. The new distribution centre, fulfils orders for the superstore’s chain across all channels, including wholesale, online and retail. On average, it deals with 2.4 million cases per week, which can grow to 3.1 million at peak periods. Biometric locker solutions To keep up with demands, our distribution centres are constantly growing and evolving" Traka’s intelligent key management and biometric locker solutions were installed to improve efficiency and reduce the risk of asset loss. The lockers also present instant access by authorised personnel to fault reporting and audit control capability. Speaking about the need for key management, a representative of the superstore chain said: “To keep up with demands, our distribution centres are constantly growing and evolving, driving new standards in design and use of technology to ensure our products get to our customers on time, in full.” Key and asset management “For the warehouse to operate at maximum capacity, we try to make it as simple as possible for authorised colleagues to gain total control of key and asset management, with full traceability at all times. Traka added value, not only in providing a solution to meet our current needs, but also a futureproof system with an opportunity to network and build, as our operation requirements continue to grow.” Three further locker systems with biometric access have been added to enhance security On site, Traka’s L-Touch key cabinets have been installed, which are specifically designed for larger organisations with a high key turnover. Three further locker systems with biometric access have been added to enhance security and ensure only authorised ‘finger print assigned’ personnel can operate assets at any given time. As with all Traka solutions, audit control capability across key cabinets and asset locker solutions presents instant traceability and reporting. Investigating networking opportunities to integrate Morrisons teams can also benefit from fault logging against items that have been returned with access rights restricted to prevent further damage, wasted time or injury until the issue is resolved. Steve Bumphrey, UK Sales Director added: “Being and maintaining a position as one of the top four retailers in the UK places an enormous responsibility on logistics teams to perform every minute of every day, with no margin for confusion or delay." "We saw first-hand the extent of the challenge and dedication to meet customer needs. As such, we installed systems that could make an instant difference and add value, with the ability to grow and meet ongoing requirements for long-term efficiency and productivity.” Whilst systems are currently installed on a standalone basis, the logistics team at the superstore is currently investigating networking opportunities to integrate Traka technology seamlessly into everyday operations, across the extensive site for the benefit of staff and visitors.

Supply chain issues have plagued the economic recovery during and after the COVID-19 pandemic, and the problems show every indication of persisting for months or even years to come. Supply chain challenges have impacted the security marketplace in many ways, reflecting the breadth and variety of products needed to secure people, facilities, and assets. Wondering about the specifics of that impact, we asked this week’s Expert Panel Roundtable: How does disruption of the global supply chain of components impact players across the security industry?

Our Expert Panel Roundtable is an opinionated group. However, for a variety of reasons, we are sometimes guilty of not publishing their musings in a timely manner. At the end of 2020, we came across several interesting comments among those that were previously unpublished. Following is a catch-all collection of those responses, addressing some of the most current and important issues in the security marketplace in 2021.

The new year comes with new opportunities for the security industry, but what technologies will dominate our discussions in 2020? Topics such as artificial intelligence (AI) and HCI (hyperconverged infrastructure) became familiar in conversations during 2019, and they are likely to dominate our thoughts again in the new year. But other buzzwords are also gaining steam, such as “blockchain” and “frictionless access control.” Connectivity and the cloud will also be timely technology topics as the industry evolves. We asked this week’s Expert Panel Roundtable: What technology buzz will dominate the security industry in 2020?