The Office of Qualifications and Examinations Regulation (Ofqual) has begun a consultation about the introduction of new BDSQs [Basic Digital Skills Qualifications] that are designed to improve the digital skills of adults across England.

What’s the Problem?

Research by UK domain name company Nominet, for example, has shown that less than half of adults have the digital skills needed to easily complete a number of common tech tasks, with only 42% of adults being able to easily complete digital tasks such as downloading apps, uploading videos or using online maps. The same research from October 2017 showed that:

• Older people struggled more with their digital skills
• Only 46% of those born between 1965 and 1980 (Generation X) have appropriate digital skills.
• 64% of millennials could be described as “digitally savvy”.
• Surprisingly, only 34% of ‘digital natives’ Generation Z (those born from 1997 and onward) could be considered “digitally savvy”.

The results of this and similar research indicate that those without a good basic digital skill level could lose money in savings from online shopping, could miss out on work and other important opportunities, and could be prevented from fully participating in society. Also, with a digital skills gap costing the UK economy approximately £63bn a year, and after Brexit, tech skills are going to become an even more important advantage.

The New Qualifications

The latest consultation about the proposed new BDSQs [Basic Digital Skills Qualifications] is part of the government’s investment in increasing the level of digital skills in adults throughout the country, and it has been reported that Department for Education (DfE) is aiming to introduce a national entitlement to basic digital skills by 2020.

The qualifications, which will be ‘Beginner’ level for those with no previous digital / Internet experience, and ‘Essential’ for adults with some experience, will cover what the DfE believes to be the five key skill areas which are handling information, creating and editing digital content, communication, transacting, and being safe and responsible online.

Delivery of the Qualifications

The delivery of the training for BDSQs will be undertaken by organisations or providers selected by the DfE, and students will be expected to have received a minimum of 45 guided learning hours.

Providers will have some flexibility in designing and delivering the qualifications, but will be required to follow existing naming conventions to make employers and learners more comfortable with the qualifications’ delivery.

What Does This Mean For Your Business?

The UK, and specifically England in this case, has been suffering from an IT / digital skills gap for several years now. This has affected the competitiveness of UK businesses and poses a major challenge to the UK government’s vision of making the UK global technology centre. A further digital skills drain and drought caused by Brexit fears, and an apparent lack of people graduating from colleges and universities with the right digital skills has added to the need for the government to do something now to increase the home-grown digital skill level among adults in England.

These new qualifications should ultimately help businesses and the wider economy by helping more adults to take a greater part in a society that relies more on digital communications and transactions, improve their employment prospects, and give employers more opportunities and choice in getting the skills into their businesses that they need.

NatWest bank is reported to be testing a new app-based banking platform called ‘Mettle’ that combines banking with other business services, and is specifically aimed at the needs of SMEs.

Mettle – Independent From NatWest Bank

Mettle is the first standalone banking app to be launched by one of the UK’s big retail banking brands, and is described by Mettle as a “forward-looking business current account”.

The new SME-focused banking platform is to be run independently from NatWest, is not a bank but operates as an agent under an e-money licence held by PrePay Solutions, and is being developed in partnership with 11:FS and Capco.

The pilot of the new mobile-app based Mettle service has been rolled out to between 100 and 150 existing and new customers, and their feedback will be taken into account before a general roll-out to the public.

Why?

According to Alison Rose, CEO of commercial and private banking at NatWest, the premise for the Mettle banking app is that it will provide customers with data they can use to make business decisions and to let “customers focus on forward-looking finances, combining technology and proactive insights so that SMEs can make better decisions and run their businesses more successfully”.

Other reasons for introducing Mettle are that:

• Greater awareness of and trust in fintech (financial technology) in the market place, and rapidly advancing technology and a trend towards ‘mobile everything’ mean that traditional banks need to adapt to more customer-focused services, and feel that they can now diversify their offerings.
• Large banks such as NatWest need to head-off the threat of fast-growing challenger banks such as Monzo, Starling and Revolut.

About Mettle

Apart from the obvious convenience aspect of being able to use a mobile banking app, some of the key features that could make Mettle popular among SMEs are:

• The account is free and fast to open, and can be operated just using a mobile app and a debit card.
• Receipts can be added to customer transactions and expenses can be tracked straight from the phone.
• Customers can lock and unlock their card from their phone with a single tap.
• It offers other business tools to help SMEs stay on top of a current account.
• It offers SMEs a maximum balance of £50,000 and a maximum pay out of £10,000.
• Mettle has the backing of a big banking brand.

Limitations (many of which may be temporary due to it being at the pilot stage) include that Mettle:

• Offers no overdrafts or interest.
• Limits cash withdrawals to £500 a day and £4,000 a month.
• Is currently by invitation only (after interest has been registered online).

How To Open A Mettle Account

At the moment, opening a Mettle account involves going to www.mettle.co.uk, clicking on “register your interest” and entering your email when prompted. After this, Mettle will email you a list of questions to understand the nature of your business, and will let you know whether you can be part of the first group of users with early access.

What Does This Mean For Your Business?

If you’re an SME, this kind of account could provide a much faster and more convenient way of operating and staying on top of your finances, and it has been designed specifically with the needs of SMEs in mind. It also offers other helpful business insights that a simple bank current account doesn’t and, therefore, could help SME business decision-making.

For the big banks, app-based systems enable them to keep up with consumer trends and needs, aid customer retention and with the attraction of new customers, and fight-off competition from the other big banks and fast-growing challenger banks.

At its conference in Barcelona, VMware (tech subsidiary of Dell Technologies and CO2 emission-reducing evangelist) has announced that it has introduced a beta version of blockchain-as-a-service.

Part of VMware Tools

According to VMware, the new blockchain-as-a-service product will be integrated into existing VMware tools and will provide permissioned blockchain for enterprise consortiums, which will be more secure than public blockchains.

What Is Blockchain?

Blockchain, the open-source, free technology behind crypto-currencies like Bitcoin, is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Why Blockchain-as-a-Service?

The BaaS market is likely to take off in a much bigger way because it offers enterprises the chance to deploy distributed ledgers without the cost or risk of deploying it in-house, and without needing to find in-house developers.

VMware has highlighted a need by financial customers to use a version of blockchain in a commercial environment that is secure and can be audited, and the way in which a blockchain service could be a way for organisations to run distributed ledgers efficiently.

VMware believes that the decentralised trust, enterprise-grade scalability, reliability, security and manageability, with the ability to deploy nodes across multiple cloud environments, (including on-premise) and a single management interface with enterprise monitoring and auditing tools will make its blockchain-as-a-service product attractive to businesses.

Why Environmentally Responsible?

VMware’s CEO, Pat Gelsinger, has described the computational complexity of blockchain as being an “environmental crisis”, and the company is keen to point out that the virtualisation and server consolidation that VMware offers has reduced hundreds of tonnes of CO2 emissions.

Not The Only One

VMware is certainly not the only company in the race to get a blockchain-as-a-service product out to businesses. Microsoft was one of the first software vendors to offer BaaS on its Azure cloud platform as far back as 2015, and tech commentators have noted that Microsoft and many of the other big tech companies, including Amazon and Oracle, are now looking to make the most of the growing blockchain as a service (BaaS) market.

Real-World Blockchain Examples

The benefits of blockchain technology are already being in enjoyed by many companies, and some of the ways that it is currently being deployed include:

• Walmart’s pilots where the time it takes to trace a food item from shop to farm was reduced, through the use of blockchain, from 7 days to just 2.2 seconds.
• A pilot project between car-maker BMW and start-up Circulor with a view to eliminating battery minerals produced using child labour. In that project, blockchain is being used to help provide a way to prove that artisanal miners are not using child labour in their cobalt mining activities.
• Using the data on a blockchain ledger to record the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates. The ‘incorruptible’ aspect of the blockchain data gives a clear record of care and responsibility along the whole supply chain.
• Using an IBM-based blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
• Shipping Company Maersk using a blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
• Start-up company ‘Electron’ building a blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.

What Does This Mean For Your Business?

VMware is one of many big tech names that now want to make the most of a BaaS market, although VMware’s (currently beta) offering is targeted at enterprises in regulated industries. VMware has plenty of powerful support in this venture in the shape of partnering with Dell Technologies, Deloitte and WWT as well as having the advantage of IBM Cloud for VMware Solutions supporting VMware Blockchain.

Blockchain is growing in popularity as companies are able to see real examples of how it can be used save time and costs, provide fast and secure traceability, visibility and efficiency, and provide a real competitive advantage.

As businesses come to realise that they may be required to store some data for decades, encrypted data should be secure well beyond its useful life, and with this in mind, security architect for Benelux at IBM, Christiane Peters, is suggesting that businesses should start preparing now to implement post-quantum data protection.

Post What?

The suggestion is that, in a relatively short time, quantum computers will be commercially available. One threat from this could be that quantum computers in criminal hands could be used to try and crack encrypted business data. For example, in the US, the National Security Agency (NSA) warned back in 2015 that progress in quantum computing was at such a point that organisations should deploy encryption algorithms that can withstand such attacks from quantum computers.

The encryption algorithms that can stand up to attacks from quantum computers are known by several names including post-quantum cryptography / quantum-proof cryptography, and quantum-safe / quantum-resistant cryptographic (usually public-key) algorithms.

What’s The Problem?

Ultimately, with technology advancing at such a rapid rate and with organisations needing to keep some data for long periods of time, there is the risk that even though this sensitive data is stored in secure encrypted formats now, this encryption could be cracked in the not-too-distant future by cyber-criminals with access to commercial supercomputers. Being able to crack encryption could mean encrypted data could no longer be safe even if it is stolen. For example, this could mean that encrypted data lost / stolen in a breach this year could be accessed in the future. Indeed, it is known that some data is being stolen today with this in mind.

How To Prepare Now For Quantum Computer Risk

Christiane Peters is reported as suggesting that ways in which companies could prepare to counter the encryption code-cracking risk posed by the ability of cyber-criminals to use commercially available quantum computers include:

• Developing / updating crypto policies.
• Creating an inventory of all systems and applications using cryptography.
• Classifying data and mapping data flows.
• Creating an enterprise-specific outlook and timeline for quantum safe crypto.

Developing a Post-Quantum Implementation Strategy

Understanding that encryption is just one way to protect data, combining other capabilities with encryption will help overall cyber resilience over time. For example, companies could also focus on certificate management, mobile device management, application scanning, data loss prevention, security incident response, access control, data classification and digital forensics.

Personal Data Protection Could Pay Off In The Long Term

Christiane Peters, commenting on the findings of a Ponemon Institute study, has also pointed out that, as well as preparing for the security of cryptography in the post-quantum era, businesses that are able to focus on data protection could, by investing in security and encryption now, reap the benefits in the longer term. For example, the report shows that the average cost saving with extensive use of encryption is $13 per data record.

What Does This Mean For Your Business?

What the experts appear to be saying is that even though the use of robust, high-assurance encryption technologies may make the decrypting of protected data impossible in the short-term, this may not always be the case. The power of super-computers may mean that, quite soon, criminals may be able to crack encryption codes. In order to ensure that sensitive company data, particularly personal data is safe in the longer term, companies may want to start looking into ways that they can prepare for quantum data protection standards.

Researchers from Radboud University in the Netherlands have released a paper highlighting several security flaws that they’ve discovered in SSDs which mean that data from a flash disk can recovered in more than one way, even if it’s supposedly self-encrypted.

What Is An SSD?

An SSD is a solid-state storage device that uses integrated circuit assemblies (memory chips on a circuit board with and In/Out interface to feed power and transfer data) as memory to store data persistently. Even though it doesn’t actually contain a physical disk, it is sometimes called a called solid-state disk.

Hardware Encryption Not Better Than Software Encryption

Whereas the popular belief is that AES encryption should stop you from accessing data on a disc that isn’t plugged in to its home system (encryption with SSD through ATA security and TCG Opal encryption methods) and that hardware encryption is similar to or better than software encryption, the findings of the research appear to disprove this.

Not Just Cheap Drives Vulnerable

The research looked at top-of-the-range drives including models by Crucial and Samsung, and found that only the T3 and T5 (external) drives remained secure, whereas the others were found to have fatal vulnerabilities, some to non-cryptographic hacking. Even BitLocker, the Microsoft encryption with each copy of Windows was found to be vulnerable. According to the research, vulnerabilities are such, across the range of vendors, that determined attackers could access data in many so-called encrypted drives without any keys or passwords.

Vulnerable to a Range Attack Methods

Through the reverse-engineering of the firmware of a sample of SSDs, the researchers were able to discover a number of vulnerabilities in self-encrypting SSDs that can leave them open to a range of attacks and exploits. These could include attackers seizing full control of the CPU, corrupting memory, and cracking default passwords, thereby bypassing a custom password set by a user.

Example

The researchers provided a case study of how an attacker could try to breach a locked Crucial MX300 drive with encryption via TCG Opal. The case study outlines how an attacker could install modified firmware that includes read/write capabilities, and then, if encryption is performed via TCG Opal, write executable code to bypass several layers of security, and thereby access the precious data.

What Does This Mean For Your Business?

The discovery by the researchers shows that hardware-based encryption is far less secure than businesses may have thought and that hardware-based full-disk encryption may not, in fact, be a more secure alternative to software-based methods. Also, it seems that the security flaws are in leading products across multiple vendors.

Businesses may, therefore, be best advised not to rely solely on hardware encryption as offered by SSDs for confidentiality. In fact, it may be better to also employ an open source, audited, software full-disk encryption solution.

As well as alerting businesses to the risks of relying solely on the apparently flawed hardware encryption offered by SSDs, this story should surely make vendors take another close look at their SSD products and how the security of them can be improved.