Business Concerns Over ‘Secondary Data’

A study by data protection and management company ‘Cohesity’ has shown that most companies store up to 10 copies of their ‘secondary data’ in different locations and must use multiple products to manage it.

The Problem With Secondary Data

Secondary data (not production data) e.g. all the data that a company collects from other sources such as reports, stats, information from trade / industry publications etc tends to be stored by businesses over time in the hope that it has / will have value to the business, could help the business to avoid problems, and could reveal more business opportunities with analysis. One main problem with the storing of secondary data, which has long been known about, is that it is often fragmented and / or trapped e.g. it is stored across many clouds, remote offices / edge locations, and / or is trapped inside a siloed infrastructure. This can result in problems such as the cost, complication and confusion of duplicated copies stored in different places and using resources to maintain and store data that may not be serving the current needs of the digital business, or adding value because of how it is stored.

The Research

Not surprisingly, the research by Cohesity, a company that offers platforms where all secondary data can be stored, appears to back up the fact that companies have a problem with secondary data fragmentation.  For example, the results of the survey, which drew upon responses from 250 UK IT decision-makers as part of a wider study involving 650 IT decision-makers in the US, France, Germany, Australia and Japan, found that most UK organisations store up to 10 copies of the same secondary data, use four or five different products to manage it, and keep it in up to four locations. These locations may include two or three different public cloud storage providers.

The research showed that the average number of copies of the same datasets of secondary data held by UK respondents is five, and that around 30% of IT teams’ time is spent managing secondary data.

Why?

The research findings indicated that 92.5% of UK respondents store multiple copies of production data in separate locations because their disaster recovery (DR) policies say they must, but when it comes to the reasons for storing so much secondary data, the findings are less clear.

The research findings do, however, show that there has been a big increase in secondary storage data volumes e.g. in 2016 to 2017 the UK average is was 38.5% rise.  This trend is also predicted to continue.

Redundant Copies In The Cloud

The research findings show that 41% of UK organisations replicate redundant copies of data held in one public cloud to another public cloud.

What Does This Mean For Your Business?

Many UK businesses appear to be storing increasing amounts of secondary data in a fragmented way with no clear plan on the horizon about what to do with it all.  Instead of being able to organise the data and use it to generate value and competitive advantages, many businesses are wasting money and resources in keeping often duplicated data stored in limbo across disparate locations.

Businesses may be able to save themselves money and turn the secondary data burden into a value-generating asset by switching to a secure, paid-for consolidated platform solution.  This could help solve the current fragmentation problems, free-up resources, could help businesses to start using the data productively, and help businesses to find an effective way of managing what looks likely to be an increasing amount of secondary data going forward.

Free VPN Tools May Be Linked To China

A new investigation by Metric Labs of the top free VPN (Virtual Private Network) apps in Apple’s App Store and Google Play has revealed that more than half are run by companies with Chinese ownership.

What’s A VPN?

A ‘Virtual Private Network’ (VPN) is generally used to keep internet activity private, evade censorship / maintain net neutrality and use public Wi-Fi securely e.g. avoid threats such as man-in-the-middle attacks.  A VPN achieves this by diverting a user’s traffic via a remote server in order to replace their IP address while offering the user a secure, encrypted connection (like a secure tunnel) between the user’s device and the VPN service.

Popular Free Apps

VPNs (Forbes, 2017) are the most searched-for apps in the world, partly because people have become much more concerned with privacy and they have become more afraid of government surveillance of their digital activities.  For example, the UK government’s Investigatory Powers Bill), which was passed into 29th November 2016 as the Investigatory Powers Act (“Snooper’s charter”) means that a large list of UK agencies, including various police forces and government departments, can ask for any UK citizen’s stored browsing history (details of every website and instant messaging apps that you have visited or used in the past 12 months).

China Links To Free VPNs – Security & Privacy Concerns

Bearing in mind that the main reason for getting a VPN is to preserve your privacy and security, the problem with the results of the Metric Labs survey is that they show that over half of the top free VPN apps that people can find e.g. in the App Store and Play Store for UK and US, have Chinese ownership or are based in China.

The problem with being linked to (or based in) China, according to the report about the Metric Labs (top10vpn) survey, is that China tightly controls access to the Internet from within the country, has clamped down on VPN services, and many of the free VPN services with links to China offer little or no privacy protection and no user support.

How Bad Are They?

The investigation revealed that 17 of the 30 top free VPN apps available from simple online searches have links to China and 86% of those apps have security issues.  It was also discovered that 64% of apps have no dedicated website, and 86% of apps have unacceptable privacy policies with many being presented in an amateur fashion e.g. posted on a Free WordPress sites with ads.  Some of the privacy policies either give no information about the sharing of information with third parties, have no privacy policy at all, use a stock privacy policy not related to VPNs, or simply state that information will be shared with China.

What Does This Mean For Your Business?

When you bear in mind that the reason for downloading a VPN app is to preserve privacy, the results of this investigation indicate that simply trusting one of the free VPN apps available online, and without pausing to look at its privacy information or look too much into it could be a mistake.  If your privacy is valuable to you (and you’ve not already been provided with a trusted VPN), it may be worth seeking out a trusted paid-for service. There are many lists available online from Tech magazines that offer useful comparisons and information to help you choose a VPN that will give you the right levels of performance and security.

Tech Tip – Turn Your Handwriting Into a Font on Your Computer

In a creative and fun way, the latest update to Microsoft Windows now means that you can achieve maximum personalisation in your written communications by using the ‘Microsoft Font Maker’ to turn your handwriting into a font that you can install and use on your computer. Here’s how (n.b. it works best with a digital pen and tablet) :

– Download Microsoft Font Maker: https://www.microsoft.com/en-us/p/microsoft-font-maker/9n9209f8s3vc?activetab=pivot:overviewtab

– Either click the pen icon on the taskbar or manually enter the Settings > Devices > Pen & Windows Ink.

– Launch Font Maker, and write each letter in each box as shown.

– On the next page, write 3 short sentences to tell the program how to space your words.

– Make any final adjustments in the size of font and spacing in the sample page (you’ll be shown this).

– Click the Create button to export your font.

– Save your new font to the fonts folder – go to the File Explorer folder icon on your taskbar, then – This PC > Local Disk > Windows > Fonts, or save it to a known location and then copy and paste it into the fonts folder.

You can now use a digital version of your own handwriting in popular programs e.g. Word and WordPad.

Jail For Car Accident Data Thief

An employee at a vehicle accident repair centre who stole the data of customers and passed it to a company that made nuisance phone calls has been jailed for 6 months following an investigation by the Information Commissioner’s Office (ICO).

Used Former Co-Worker’s Login To Company Computer

The employee of Nationwide Accident Repair Services, Mustafa Kasim, used a former co-workers’ login details to access software on the company computer system (Audatex) that was used to estimate repair costs.  The software also stored the personal data (names and phone numbers) of the owners of the vehicles, and it was the personal data of thousands of customers that Mr Kasim took without the company’s permission, and then passed on to a claims management company that made unsolicited phone calls to those people.

ICO Contacted

Mr Kasim was unmasked as the data thief after the Accident Repair Company noticed that several clients had made complaints that they were being targeted by nuisance calls, and this led to the decision to get the ICO involved.

During the investigation, it was discovered that Mr Kasim continued to take and pass on customer data even after he started a new job at a different car repair organisation which used the same Audatex software system.

First With A Prison Sentence

What makes this case so unusual is that it is the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.

Computer Misuse Act

Even though the ICO would normally prosecute in this kind of case under the Data Protection Act 1998 or 2018 with penalties of fines rather than prison sentences, in the case of Mr Kasim it was judged that the nature and extent of the criminal behaviour required making a wider range of penalties available to the court.  It was decided, therefore, that s.1 of the Computer Misuse Act 1990 would be used in the prosecution, and it was the offences under this that resulted in the 6-month prison sentence that Mr Kasim received.

What Does This Mean For Your Business?

Since preparing for GDPR, many companies have become much more conscious about the value of personal data, the importance of protecting customer data, and the possible penalties and consequences of failing to do so.  In this case, the ICO acknowledged that reputational damage to affected companies whose data is stolen in this way can be immeasurable e.g. Nationwide Accident Repair Services and Audatex. The ICO also noted the anxiety and distress caused the accident repair company’s customers who received nuisance calls.

This case was also a way for the ICO to send a powerful message that obtaining and disclosing personal data without permission is something that will be taken very seriously, and that the ICO will push boundaries and be seen to use any tool at its disposal to protect the data protection rights of individuals. The case also serves as a reminder to businesses that looking at ways to provide the maximum protection of customer data and plug any loopholes is a worthwhile ongoing process, and that threats can come from within as well as from cyber criminals on the outside.

Facial Recognition For Border Control

It has been reported that the UK Home Office will soon be using biometric facial recognition technology in a smartphone app to match a user’s selfie against the image read from a user’s passport chip as a means of self-service identity verification for UK border control.

Dutch & UK Technology

The self-service identity verification ‘enrolment service’ system uses biometric facial recognition technology that was developed in partnership with WorldReach Software, and immigration and border management company, with support from (Dutch) contactless document firm ReadID.

Flashmark By iProov

Flashmark technology, which will be used provide the biometric matching of a user’s selfie against the image read from a user’s passport chip, was developed by a London-based firm called iProov.  The idea behind it is to be able to prove that the person presenting themselves at the border for verification is genuinely the owner of an ID credential and not a photo, screen image, recording or doctored video.

Flashmark works by using a sequence of colours to illuminate a person’s face and the reflected light is analysed to determine whether the real face matches the image being presented.

iProov is a big name in the biometric border-control technology world, having won the 2017 National Cyber Security Centre’s Cyber Den competition at CyberUK, and winning a contract from the US Department of Homeland Security (DHS) Science and Technology Directorate’s Silicon Valley Innovation Program.  In fact, iProov was the first British and non-US company to be awarded a contract by the DHS to enable travellers to use self-service of document checks at border crossing points.

Smartphone App

The new smartphone-based digital identity verification app from iProov has been developed to help support applications for The EU Settlement Scheme.  This is the mechanism for resident EU citizens, their family members, and the family members of certain British citizens, to apply on a voluntary basis for the UK immigration status which they will need to remain in the UK beyond the end of the planned post-exit implementation period on 31 December 2020.

It is believed that the smartphone app will help the UK Home Office to deliver secure, easy-to-use interactions with individuals.

What Does This Mean For Your Business?

Accurate and secure, automated biometric / facial recognition and identification / i.d. verification systems have many business applications and are becoming more popular.  For example, iProov’s technology is already used by banks (ING in the Netherlands) and governments around the world, and banks such Barclays already uses voice authentication for telephone banking customers.

Biometrics are already used by the UK government.  For example, in the biometric residence permit (BRP) system, those planning to stay longer than 6 months, or apply to settle in the UK need a biometric permit. This permit includes details such as name, date and place of birth, a scan of the applicant’s fingerprints and a digital photo of the applicant’s face (this is the biometric information), immigration status and conditions, and information about access public funds (benefits and health services).

Many people are already used to using some biometric element as security on their mobile device e.g. facial recognition, fingerprint, or even Samsung’s iris scanner on its Note ‘phablet’. Using a smartphone-based i.d. verification app for border purposes is therefore not such a huge step, and many of us are used to having our faces scanned and matched with our passports anyway as part UK border control’s move towards automation.

Smartphone apps have obvious cost and time savings as well as convenience benefits, plus biometrics provide a reliable and more secure verification system for services than passwords or paper documents. There are, of course, matters of privacy and security to consider, and as well as an obvious ‘big brother’ element, it is right that people should be concerned about where, and how securely their biometric details are stored.

Blockchain To Stop Counterfeit Disk-Drive Products

Data storage solutions company Seagate Technology (Seagate), and IBM are reported to be working together and using blockchain and advanced cryptographic product identification technology to reduce disk-drive product counterfeiting.

What’s The Problem?

The problem for Seagate and other manufacturers, integrators, and business partners is the problem of counterfeit hard disk drives (HDDs) being made available for sale online.  For example, these are usually sub-standard counterfeit drives, or old drives that have been re-labelled with false claims of higher speed and greater capacity.

The scale of the counterfeiting problem faced by electronics companies is illustrated by International Anti-Counterfeiting Coalition figures which show that global trade in counterfeit and pirated electronic products is now worth more than US $1.7 Trillion!

What Is Blockchain and How Can It Help?

Blockchain, the open-source, free technology behind crypto-currencies like Bitcoin, is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

IBM has considerable blockchain expertise and powered by the Linux Foundation’s Hyperledger Fabric distributed ledger framework, IBM’s Blockchain Platform on the IBM Cloud enables network participants to append and view blockchain data.

The collaboration with IBM means that whenever Seagate manufactures a hard drive, it will update the IBM blockchain platform with product authentication data which will include each Seagate Secure Electronic ID (eID).  This is a kind of electronic fingerprint that can verify the identity of a hard drive at any time during its product life cycle.  Also, Seagate will use cryptographic erasure technology (Certified Erase) to electronically sign the drive using Seagate Secure public key infrastructure (PKI), and this data will also be added to IBM’s blockchain platform.

With all this unique product-identifying data stored in secure and incorruptible blockchain on IBM’s cloud, technology vendors, service providers and end users will (depending on the permission they have) be able to check a disk-drive product’s provenance on the blockchain.

The Results

The hope is, of course, that by being able to provide an indisputable record of events, from manufacturing through to end-of-life for Seagate’s products, this should reduce data loss, cut warranty costs, go some way towards tackling the counterfeiting problem, and improve customer confidence.

What Does This Mean For Your Business?

This is another example of how businesses are only just beginning to realise the potential of blockchain and what it can offer.  Blockchain has so far proven itself to be particularly useful in applications where authentication, provenance, and proof of different aspects of a supply chain are needed.  For example, an IBM-based blockchain ledger has been used to record data about wine certification, ownership and storage history, and blockchain has been used to record the temperature of sensitive medicines being transported from manufacturers to hospitals in hot climates.  It makes sense, therefore, that blockchain could be an ideal solution in the fight against counterfeiting of electrical and other products and items.

VMware recently joined Microsoft and other companies in offering a blockchain-as-a-service product to companies.

Each week we bring you the latest tech news and tips that may relate to your business, re-written in an techy free style. 

Archives