With consumers required to divulge personal details to access many apps, ensuring the safety of data has become a collective responsibility. NEIL COSSER, Identity and Data Protection Manager for Africa at Gemalto, believes encryption is key to safeguarding data.
As technology continues to shift and shape how we connect with each other and brands, personal data has become a highly valuable and lucrative commodity. With consumers required to divulge personal details to access most of the plethora of apps available, ensuring the safety of data has become a collective responsibility: shared between service providers, app developers and the individual themselves. What does this mean for mobile providers, banks, government and brands, especially as South Africa starts grappling with the Protection of Personal Information (PoPI)? And what does it mean for consumers and corporates doing business across our shores, many of whom are still blissfully unaware of the risks involved?
Driven by relentless news of security breaches and data loss, many governments around the world are considering introducing or are in the process of introducing legislation that will help protect the personal data of their citizens. For example, the European Union has adopted the General Data Protection Regulation (GDPR) in April 2016. There are obvious signs that significant risks lie ahead if companies do nothing to change how they protect data because the new regulation will have major implications for all the ways in which data is collected, stored, accessed and secured. Locally, certain sections of the Protection of Personal Information Act (PoPIA) have already commenced (under proclamation No. R. 25, 2014).
But what does compliance mean for local businesses?
Given the proliferation of technology and what it has come to mean for companies, it is now an imperative for businesses to deploy suitable mechanisms to process personal information of employees, customers or other business stakeholders. This is done with the view to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which stakeholders – particularly within the employer and employees parameters – handle and process personal information.
According to renowned provider of legal solutions, Michalsons, GDPR’s grace period has been earmarked to end on 24 May 2018 – thus making it legally enforceable from that period onwards. Locally, we can expect PoPI’s grace period to end soon after the GDPR’s. Organisations that have to comply with both the PoPI Act and the GDPR might focus on complying with the GDPR first and then POPI second. Taking this approach could offer prudent lessons for businesses through the compliance of GDPR that can be applied to PoPI.
The writing on the wall
The release of Gemalto’s 2016 Breach Level Index (BLI) report has offered an intriguing backdrop to the issue of data management (particularly where data protection is concerned) in the local context. A key takeout from the 2016 report highlighted that that we cannot argue that we have a growing data security crisis evidenced by the almost 1.4 billion records being compromised during 2016. The sad truth is that this number is actually higher, because most breaches go unreported worldwide. This is particularly worrying given the impact that a data breach can have on an organisation’s reputation and ultimately revenue.
The Ponemon 2016 Cost of Data Breach Study indicates that the average cost of a data breach to a businesses now stands at $4 million (average cost per record $158), with reputation and the loss of customer loyalty most heavily impacting the bottom line. In fact, our research revealed that two thirds (66%) would be unlikely to do business with organizations responsible for exposing financial and sensitive information.
It’s all about action
The debate surrounding data protection vs. impact on reputation and revenue is not a new one but it seems that many executives agree that the issue is of data security is still taken for granted by those businesses with a big user base. This was the sentiment shared by the panelists who formed part of our Gemalto BLI roundtable event hosted on 28 March 2017 in Johannesburg.
Justin Williams, Executive: Group Information Security at MTN reiterated that consumer data is a prized commodity and it cannot and should not be taken for granted. “There is a concerning lack of regulation in Africa. Beyond the strict requirements of the regulations, what companies really need is to shift to a new data security mindset,” he explained. He added that now is the right time for businesses to start taking steps now to prepare for implementation of the new rules.
Williams’ advice begs the question, what should organisations do to limit their risk of breaches and ensuring that consumer data is protected against all odds. The answer to this is simple; securing a breach is the first point of call. Organisations should consider three factors when building a comprehensive data protection strategy. Firstly, we need to analyse where data being stored – is it in a database, file servers, virtual environments or the cloud? Secondly, how and where are encryption keys being secured? Finally, who’s accessing the data and more importantly, how is this access being controlled?
Once these three factors have been understood, this can then be converted into a three-step approach to data protection which includes encrypting all sensitive data, storing and managing encryption keys and lastly, controlling access.
Fail to prepare, prepare to fail
Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring. But, if history has taught us anything, it is that walls are eventually breached and made obsolete.
The next and last layers of defense need to be around both the data and the individuals that access the data by surrounding them with end-to-end encryption, authentication and access controls that provide the additional measures necessary to protect customer data.
Security professionals will always need to consider the need to perform specific risk analysis in order to implement the organisational and technical measures that are needed to prevent, detect, and block data breaches. Data encryption solutions provide an essential basis for achieving reliable data unintelligibility. When encryption is combined with other measures, such as secure key management and access controls, these mechanisms provide a robust foundation for achieving compliance with applicable EU data protection laws.
The reality is that our world is quickly becoming an Internet of Things where every person, place, thing and organisation is connected to each other through the Internet. The proliferation of the cloud, digital content, mobile device usage, online banking, e-commerce, and social media means that we are creating, accessing and storing data and conducting transactions in more places than ever before. We simply have more to manage and more places of exposure.
For Joe Pindar, Research & Development Director: Identity & Data Protection at Gemalto, transparency is the best paved road to ensuring consumer trust. Security should be a key consideration for all businesses going forward. Telling customers about the security measures your organisation has put in place to protect their data can go a long way in cementing customer loyalty. “If you are doing something better than the rest of the industry, like encrypting data end-to-end, then you might be seen as a trusted innovator.”
As we look towards the future of data management and in order to be ready for upcoming legislative changes, companies need to start taking steps now and change their security mindset about protecting customer data. The signs for taking action are obvious. It’s clear that being breached is not a question of “if” but “when. Companies should move away from the traditional strategy of focusing on breach prevention, and move towards a ‘secure breach’ approach. This means accepting that breaches happen and using best practice data protection to guarantee that data is effectively useless when it falls into unauthorised hands. Traditional approaches to data security do not work anymore, and if companies don’t wake up to this new reality soon, the consumer revolt will come.
Cisco unveils ‘Internet for the future’ silicon breakthrough
Cisco One is a new silicon architecture that can be used in any form factor, while Cisco 8000 will reduce cost of building and operating mass scale networks
Cisco today unveiled a series of innovations it says will underpin “the Internet for the Future”. It launched Cisco Silicon One, a new networking silicon architecture, and the Cisco 8000 Series, the world’s most powerful carrier class routers built on the new silicon.
Chuck Robbins, chairman and CEO of Cisco, said its technology strategy was to build a new internet designed to push digital innovation beyond the performance, economic and power consumption limitations of current infrastructure. It would be a multi-year approach that will define the Internet for decades to come.
“Innovation requires focused investment, the right team and a culture that values imagination,” said Robbins. “We are dedicated to transforming the industry to build a new internet for the 5G era. Our latest solutions in silicon, optics and software represent the continued innovation we’re driving that helps our customers stay ahead of the curve and create new, ground-breaking experiences for their customers and end users for decades to come.”
Cisco said in its announcement: “Over the next decade, digital experiences will be created with advanced technologies — virtual and augmented reality, 16K streaming, AI, 5G, 10G, quantum computing, adaptive and predictive cybersecurity, intelligent IOT, and others not yet invented. These future generations of applications will drive complexity beyond the capabilities current internet infrastructure can viably support.
“For the past five years, Cisco has driven a technology strategy that is building the internet our customers will need for the future success of their business in an advanced digital world. Aimed at solving the toughest problems that will emerge as digital transformation taxes current infrastructure to its breaking point, this strategy will lead to the next-generation of internet infrastructure that combines Cisco’s new silicon architecture with its next-generation of optics.
“Cisco’s strategy will change the economics behind how the internet will be built to support the demands of future, digital applications and will enable customers to operate their businesses with simpler, more cost-effective networks.”
Cisco says its strategy is based on development and investments in three key technology areas: silicon, optics and software.
David Goeckeler, executive vice president and general manager of the Networking and Security Business at Cisco, elaborated: “Pushing the boundaries of innovation to the next level — far beyond what we experience today — is critical for the future and we believe silicon, optics and software are the technology levers that will deliver this outcome.
“Cisco’s technology strategy is not about the next-generation of a single product area. We have spent the past several years investing in whole categories of independent technologies that we believe will converge in the future — and ultimately will allow us to solve the hardest problems on the verge of eroding the advancement of digital innovation. This strategy is delivering the most ambitious development project the company has ever achieved.”
Visit the next page to read about the dramatic performance improvements in the new products.
Building the Internet for the Future begins now
By JONATHAN DAVIDSON, SVP and general manager of Cisco’s Service Provider Business
“We do not remember days; we remember moments.” Those words from Cesare Pavese have been one of my personal favorites. Interestingly, we remember thesesignificant, or “flashbulb” moments in our lives in vivid detail. We rememberexactly where we were, whom we were with, what we felt, or even what we werewearing. One of my flashbulb moments was 20 years ago in 1999 when Brandi Chastain made the winning penalty shot during the Women’s World Cup inspectacular fashion. At the time, I was coaching my oldest daughter’s soccer team.That victory felt like the start of something big. It had this wonderful feeling thatwomen’s soccer was going to change for the next generation.
I believe we are having one of those “flashbulb” moments right now in the networking industry. Years from now, we will look back and remember this moment in time. Because today, Cisco revealed breakthrough innovations sosignificant and expansive, they will change the economics of the Internet forthe next generation.
Significant technological innovations have defined human history. The steamengine replaced muscle with machinery. With the telegraph, communications exceeded the speed of animals. And, with the Internet, information wasdigitized, and global communities were created.
IP infrastructure connects our world. The Internet has profoundly changed the waywe work, live, play, and learn – anything, anywhere, anytime. The results are astounding. Our ability to connect and collaborate has caused society to evolve faster than ever before. We have made more progress in mitigating wars, preventing famine, and curing disease in the last 35 years than in the previous35,000.
Today is the moment when we enter a new phase of the Internet. Technologiessuch as 5G, IoT, 3D printing, and advanced analytics are connecting more, increasing participation, and pushing digitization further. And as a result, industries like mining becomes safer, agriculture becomes more efficient, transportation becomes autonomous, and healthcare becomes wellness-driven, not crises-driven. The possibilities are endless. And service providers will be the catalysts for changing economies, countries, and the world because at the very heart of this next transformation is the network infrastructure that makes it all possible.
The route to success for service providers is not straightforward or simple. There are fundamental business challenges. Networks, which are already huge, must become even more massive. And to succeed, service providers need to transform not only their infrastructure but their operations and their business models as well.
Our current network economics will begin to break as we evolve to operate at massive scale. The physics behind our past achievements are already showing signs of slowing down, while traffic growth continues to accelerate. So far, performance increases have helped to reduce the cost of traffic at about the same rate that traffic has increased. $1 in CapEx today does eleven times the work that it did just a few years ago. However, continuing with the status quo will likely lead to a significant increase in CapEx unless we reinvent the rules.
The cost of operations must be reduced too. Today, many operators spend almost $5 in OpEx for each $1 of CapEx. With current network management technology, that situation is likely to get worse, as the larger a network becomes, the more inefficient it is to operate unless we reinvent the rules.
With innovation from a technology pioneer that spans multiple dimensions across silicon, optics, software, and systems to create entirely new network architectures, this is that “flashbulb moment” when Cisco is redefining the economics of the Internet.
Redefining the economics of the Internet has to begin at the foundation. The very “DNA” of the Internet itself. The engine to a car. Silicon.
Moore’s law is stalling. While the rest of the industry slows down from the physics of traditional approaches, we have unlocked new dimensions of innovation. By rethinking silicon design entirely, we can deliver industry-leading performance today and create a “fast lane” to the future. We are excited to introduce our groundbreaking programmable silicon architecture, Cisco Silicon One. The first member of this new family, Cisco Silicon One Q100, delivers over twice the network capacity and twice the power efficiency over any other silicon. It is the first routing silicon to break through the 10Tbps barrier without compromising carrier-class capabilities (e.g., feature richness, large buffers, advanced programmability). And Cisco Silicon One is available right now; we won’t make you wait for it.
The innovations in Cisco Silicon One bring significant value to lowering operational costs as well. In the past, multiple types of silicon have been used across a network and even within a single device. Feature development was inconsistent. Telemetry varied dramatically.
Operators had to spend too much time and effort coordinating and testing parity of new features across the network. Now, a single silicon architecture can serve different market segments, different functions, and various form factors for a unified experience that dramatically reduces costs of operations and time-to-value for new services.
Optic costs matter. At lower interface speeds, optics were roughly 10% of the total solution cost, and systems accounted for the remaining 90%. At 400G and beyond, that equation flips. Optics become the dominant part of the total spend.This dynamic needs to change, a long-term strategy is required to make it easier to deploy both short-reach and long-haul optics solutions.
Cisco is investing in technologies like silicon photonics to accelerate the adoption of 400G and prepare for the future beyond 400G. Our recent acquisition of Luxtera brings a highly automated wafer-scale manufacturing process to Cisco that improves production volumes and quality.
If silicon is the engine of a car, the software is the steering and suspension to enable phenomenal handling. Even the world’s most advanced silicon can be wasted without the right software to steer correctly and operate smoothly. Imagine the ride at 400 km/h without proper steering and suspension. Any unfortunate bump or turn could be disastrous.
To redefine the economics of operating a network, the Internet of the future needs software that recognizes operations is just as important as functionality. Cisco IOSXR7, the new release of our industry-leading Networking Operating System (NOS), has been overhauled to prioritize operations – with simplicity and automation. It has been simplified to reduce required resources, install procedures, and deployment efforts (e.g. zero-touch).
Most notably, XR7 has been completely modernized. XR7 is the first-of-its-kindcloud-enhanced NOS. XR7 can leverage new cloud-delivered SaaS deployment models from Cisco Crosswork Cloud to enhance operations. Now, operations team scan optionally consume insights and analytics as a service for agile, proactive management without the risks and resources of traditional models.
Now, we get to the “car” itself. With new silicon and new software, we can build new systems that have the performance, efficiency, and operational improvements to meet the next wave of traffic demand. Today, we introduce theCisco 8000 series routers, new systems optimized for high-density 100GbE and400GbE, including:
- 2 fixed platforms – providing 10.8Tb/s of network bandwidth starting at I RU
- 3 modular form-factor platforms – 8 slots, 12 slots and 18 slots delivering upto 115 Tbps, 172 Tbps and 260 Tbps respectively
These are systems designed without compromise and with a very bright future.No oversubscription. Full fabric redundancy. Power efficiency down to as little as4 Watts/Gb. That is 1/4 to 1/5th the amount of power that our nearest competitor uses. And a “clean sheet” design allows us to grow into 1.6 TbE interfaces and beyond.
Wait, there’s more. The most distinctive characteristic of the Cisco 8000 relates to trustworthiness. Networks are critical infrastructure as they connect industries,finance, utilities, and governments and service providers must maintain the integrity of their infrastructure. The chain of trustworthiness begins by knowing whether or not the hardware and software are authentic. The Cisco 8000 Series are equipped with tamper-proof hardware that serves as the root of trust to prevent any modification of the hardware or software. Next, the NOS, XR7, works with Cisco Crosswork Cloud to provide real-time visibility and control to deliver the trustworthy networks that the Internet requires.
To grow to the size and capabilities that the next generation will demand, the Internet requires fundamental changes. We reinvented from the ground up, the DNA, the performance curve, operations, trust, and even the rules. We reinvented what Cisco does best.
And these reinventions will allow us to build the future on new architectures –converged, cloud-enhanced, and trustworthy. We that work in the networking industry will hopefully remember this moment years from now. I hope it is just as vivid a memory as Brandi Chastain’s winning goal 20 years ago.