News

End-to-End Encryption: Important Pros and Cons

Posted in: Big Data, Mobile, Security - Jun 02, 2021

According to the 2020 Cost of a Data Breach Report by Ponemon Institute and IBM Security, data breaches are costing enterprises $3.86 million on average, and they’re taking an average of 280 days to discover the problem. Clearly, hackers can and already do easily identify and access both corporate and personal information when files are transmitted from device to device unless certain cybersecurity measures are put into place. End-to-end encryption is the easiest solution for protecting this data so it doesn’t get into the wrong hands.

End-to-end encryption is the practice of encrypting data and information as it passes from device to device. The sending and receiving devices can see the original contents, but no other interceptors have the correct keys to decrypt the message. This approach to cybersecurity offers many benefits to companies and users that implement the protection, but there are still some drawbacks in areas like consumer-provider relationships. Read on to learn more about how end-to-end encryption works, as well as some of the pros and cons of end-to-end encryption security.

“The total number of records compromised in 2020 exceeded 37 billion, a 141% increase compared to 2019 and by far the most records exposed in a single year since we have been reporting on data breach activity.” –Risk Based Security 2020 Year End Report 

Read Next: 2021’s Most Successful Phishing Ploys (So Far)

What is End-to-End Encryption?

How it Works

But how does end-to-end encryption keep data encrypted while it travels? Two cryptographic keys, a public key and a private key, are generated on the sender’s device. The public key is public, in the sense that a public key can be generated by anyone.

However, the paired private key can only be generated by that particular sender and can only be used to decrypt data for the designated recipient device. Hackers can theoretically intercept the message in transit and service providers can access the encrypted message in order to store it, but it will remain completely illegible until it is received and decrypted by the recipient device. This practice ensures that the data can only be viewed in its true form on the sending and receiving devices, and nowhere in between.When end-to-end encryption is applied to data in transit, the data is first encrypted, or jumbled, on the sending device. The message cannot be decrypted by hackers, service providers, or anyone else until it is received by the end device.

The Pros of End-to-End Encryption

Protection of Privacy

With end-to-end encryption, private communications and other details, like timestamps and significant locations, are not easily read if intercepted by hackers or service providers like Google or Apple. When end-to-end encryption is enabled, you can rest assured that personal privacy prevails and consumer data is protected from outside viewers.

Integrity of Data

In other security setups, outside users can potentially gain access to a piece of data and manipulate its contents before it reaches the recipient (or worse, they can stop its delivery entirely). End-to-end encryption means that these malicious actors do not have the necessary key to access data in transit, so the integrity of data is maintained.

Highly Sensitive Data Exchanges

Whether it’s due diligence for a high-profile M&A transaction or the sharing of sensitive government intelligence data, end-to-end encryption is one solution that makes sure that no one outside of the sending and receiving parties can spread highly sensitive information. The reasons are twofold: 1) The key system in end-to-end encryption prevents unauthorized devices from opening the message. 2) If users maliciously or accidentally come across the message, end-to-end encryption has made it indecipherable to them.

Device Level Over Server Level

Other types of encryption focus on encrypting data at the server level, but if a malicious actor or other outsider gains access to that server, they can decrypt any information in that server fairly easily. Overcoming end-to-end encryption requires hackers to perform device-level hacks to get the information that they want, which is considerably more difficult and time-consuming to do, leading most hackers to avoid those types of attacks altogether.

Avoiding High-Cost Attacks and Reputation Damage

Let’s take a look at the biggest data breach in history: Yahoo’s 2013 breach that compromised approximately 3 billion user accounts (all of their customers’ accounts at that time). Yahoo claims that no clear-text passwords or financial information were compromised in the attack, but experts believe that Yahoo’s “outdated, easy-to-crack” encryption still exposed those records—billions of records—to malicious actors.

Needless to say, this attack damaged Yahoo’s reputation with customers, but it also damaged their negotiation powers with other major businesses. In 2017, Yahoo was in acquisition negotiations with Verizon, and after this news came to light, they were forced to lower the price of their assets by at least $350 million.

Making Security Affordable: 8 Low-Cost Ways to Improve Cybersecurity

The Cons of End-to-End Encryption

Although end-to-end encryption offers many high-value benefits to enterprises and users, the security practice still suffers from several shortcomings and has led to some public safety concerns:

Ledger is Still Available

End-to-end encryption jumbles all of your data’s contents in transit, but it does not hide the fact that data is being transferred. The ledger of communication remains, so people can still find records of transactions and possibly deduce the contents, based on sending and receiving parties.

Unreliable Receiving Devices

End-to-end encryption does not guarantee the protection of data once it reaches the receiving device. If there’s a security problem on that device or if that device falls into the wrong hands, the data has already been decrypted on the receiving device, leaving it susceptible to outside parties who gain access to the device.

Law Enforcement and Surveillance Concerns

One of the most important and highly controversial issues with end-to-end encryption is that it’s almost too successful at protecting data from third parties. This is a great feature as far as protecting private information against hackers, but what about for law enforcement and intelligence officers who need to conduct a serious investigation? 

With end-to-end encryption, they cannot access evidence that has been encrypted, and neither can service providers if they are asked to cooperate in the investigation. Only participating devices can provide the information they need. In serious cases related to allegations like terrorism, murder, and physical abuse, this data protection becomes a major hindrance to public safety and national security.

Many national governments and international committees have fought against end-to-end encryption in personal devices and applications for this reason. One of the most recent end-to-end encryption ban coalitions includes India, Japan, New Zealand, Australia, the UK, and the United States. In their International Statement on End-to-End Encryption and Public Safety on October 11, 2020, they called for a ban on end-to-end encryption in apps like WhatsApp and pushed for technology companies to allow greater data access to international law enforcement forces.

Learn More About Security at CISA: Cyber Agency Launches Security Awareness Campaign

Apps & Software that Use End-to-End Encryption

Several major companies have added end-to-end encryption features to their offerings over the years, and while some have experienced great success, others have become embroiled in controversy. 

Zoom-Arrived in late October 2020 as a technical preview for free and paid users
-Zoom's traditional GCM encryption remains, but with public key cryptography and meeting participant key distribution
-Users can enable on meetings so that only participants have the decryption key (not even Zoom servers have access with this approach)
-Users can confirm that they are using end-to-end encryption by looking for a green shield on their Zoom window
-In November 2020, Zoom came to a settlement with the FTC regarding allegations that they had misled customers into thinking they offered end-to-end encryption since 2016. Their previous “end-to-end, 256-bit encryption” still gave Zoom full access to meeting data.
Whatsapp/Facebook-End-to-end encryption fully launched in April 2016
-Designed to secure messages, photos, videos, voice messages, documents, status updates, and calls
-Whatsapp changed its privacy policy in early 2021, now allowing it to share metadata on users with Facebook, its parent company
-Millions of users moved away from Whatsapp after finding out how their metadata could be used
Amazon Ring-Video end-to-end encryption launched in January 2021
-Only enrolled customer mobile devices can decrypt security footage
-Launched in response to several security breaches and concerns in previous years
Microsoft Teams-Announced end-to-end encryption plans at Ignite conference in March 2021
-Functionality is expected for both personal and business use cases, on Signal, Skype, Jabber, and Teams
-Expected to secure 1:1 meetings and communications between users on Microsoft Teams

Data breaches are costing enterprises around $3.86 million per year, and that number only seems to grow, particularly in key areas of infrastructure. Although there’s some controversy and concerns surrounding how end-to-end encryption works, it’s clear that the solution is a valuable security investment for the enterprises that select it and the consumers who benefit from it.

More on End-to-End Encryption from IT Business Edge: Enterprise End-to-End Encryption is on the Rise

The post End-to-End Encryption: Important Pros and Cons appeared first on CIO Insight.

top

Unlocking Insights from ERP Data

Posted in: Business Intelligence - May 26, 2021

Join TDWI’s senior research director James Kobielus on this webinar to explore how to extract maximum business value from self-service analytics on ERP and other data sets in the cloud. He will discuss how the cloud’s on-demand, fully managed, subscription-based service model enables knowledge workers to rapidly access powerful ERP insights without having to engage internal IT staff.top

Why Most Data Platforms Fail (And How You Can Succeed)

Posted in: Business Intelligence - May 24, 2021

The co-founders of Monte Carlo discuss the challenges -- and solutions -- to operationalizing data at scale.top

AI & Machine Learning: Substance Behind the Hype?

Posted in: AI, Innovation, machine learning - May 22, 2021

It’s become inevitable in IT. Something new appears on the horizon and the hype machine ramps up to warp speed as it drafts a new term into its sales and marketing patter. In some cases, companies relabel their existing wares to align with the new term without making any actual change to the product.

Sometimes the hype is justified, often it is not. How about artificial intelligence (AI) and machine learning (ML)? Gartner believes they are over-hyped according to its recent Gartner Magic Quadrant for Data Science and Machine-Learning Platforms.

Case in point: a recent interview with a software vendor led to the confession that the “AI capabilities” spoken about in their brochures weren’t there yet. In other words, they were taking advantage of the hype to get more eyes viewing their software.

Gartner doesn’t dismiss AI and ML as being without wholly substance. In fact, it goes on to name the top 20 candidates, explaining their strengths and weaknesses. These platforms are already proving valuable to data scientists and analysts in sourcing data, constructing models, analyzing data, and spotting trends.  That value is translating into sales. Gartner reports heavier investment in AI during the COVID-19 pandemic. The analyst firm’s best advice on how to see beyond the glowing marketing promises is to tightly focus ML and AI into actual use cases that deliver tangible business value.

Read more on COVID-19’s impact on IT spending patterns.

And IT has to be cognizant of how the hype may be influencing top management. CEOs and board room members are being assailed on all sides by the wonders of this or that AI platform. This may cause them to demand the replacement of existing analytics and business intelligence tools at once!

Before going all in…

Calm heads must prevail for a number of reasons. Here are five to keep in mind.

  1. Changing platforms may be expensive and may not add that much functionality or value.
  2. Your existing vendor may offer add any missing features at a fraction of the cost and on a timeline you dictate. You never know until you ask.
  3. The new functions drooled after by top management may sound good. But will they add much value to the bottom line? And will the new platform alter ongoing and successful organizational sales processes?
  4. Does any proposed new platform integrate well with existing cloud platforms and BI tools?
  5. Are users being considered? All too often, management buys into features that make their lives easier such as enhanced reporting. One example from many years ago: a new post office was loved by management and hated by front line workers as it actually slowed their ability to complete transactions.

Choosing the Right AI and ML Tools

If real value can be gained, push ahead with AI and ML investments. Gartner noted that the market generated $4 billion in 2019 and is growing at 17% per year. But not all tools are the same. Some platforms are focused on the data scientist and require highly trained personnel. A few can afford such personnel, but many can’t. Other tools aim to democratize AI and ML. That may work for some organizations and not others.

Gartner listed the usual suspects as its leaders in the Magic Quadrant such as long time BI pioneers SAS, IBM Watson, and MathWorks. SAS Visual Data Mining and Machine Learning currently rules the roost, according to Gartner, with the two others not far behind.

But beware the incursion from the cloud giants Google, Microsoft, and Amazon. The latter was late to the party and is now coming on strong. There are also a lot of others competing in a crowded market. Those earning high markets from Gartner include Dataiku, Databricks, Tibco, Alteryx, DataRobot, KNIME, RapidMiner, and H2O.ai.

The question remains: Will SAS, IBM, and MathWorks be able to maintain their grip on the market? Or will they be overwhelmed by the cloud brigade? Amazon SageMaker is making a big play right now and is gaining major traction. Not to be outdone, the launch of a unified AI platform from Google is imminent.

Regardless of the hype, this market is primed for major growth in the coming years. Those who win will be those who see through the marketing blitz to direct AI and ML initiatives towards the attainment of strategic business objectives.

The post AI & Machine Learning: Substance Behind the Hype? appeared first on CIO Insight.

top

Oracle NetSuite ERP: The Pros and Cons

Posted in: Business Intelligence, Enterprise Apps, enterprise resource planning, Enterprise Resource Planning (ERP), ERP, ERP software, HR software, NetSuite, NetSuite ERP, Oracle, oracle netsuite, Oracle NetSuite ERP, SME - May 21, 2021

Long regarded as the #1 cloud ERP solution, Oracle NetSuite ERP offers a robust portfolio of procedural management software that streamlines business processes for 24,000+ cross-industry customers. The company has experienced great success as both an upgrade from less powerful ERP systems and as a solution that pulls multiple disconnected systems together. Their holistic approach to enterprise management is best illustrated by their seven key feature categories:

  1. Financial Management
  2. Financial Planning
  3. Order Management
  4. Procurement
  5. Production Management
  6. Supply Chain Management
  7. Warehouse and Fulfillment

The NetSuite ERP portfolio can eliminate a lot of administrative headaches at businesses of any size, but is their ERP the right solution for your business? Take a look at some of the pros and cons that their current customers have highlighted to help you make an informed purchasing decision.

Read Next: Essential Features in Foodservice ERP

A Deep Dive Into Oracle NetSuite ERP

The Pros of Oracle NetSuite ERP

Customizable and Scalable Features

NetSuite offers the same flexibility as most other platforms in the way of add-on modules, user seats, and length of contract. However, Oracle NetSuite’s platform sets itself apart by extending several options to customize their boilerplate solutions to fit your business needs. Users have praised the customizable templates that NetSuite offers in all of its ERP modules, and although doing so may require more extensive technical knowledge, users can code their own solutions into any of the modules. 

A favorite customizable feature in Oracle NetSuite ERP can be found in the HR SuitePeople module, where administrators have the freedom to customize and adjust pay options beyond typical pay categories.

Larger companies like Smartsheet have chosen NetSuite because of scalability built into its ready-made ERP features. Mark Mader, the CEO of Smartsheet, specifically highlighted how the SuiteBilling billing and revenue software has enabled his company to grow: 

“We needed a solution that could support significant growth in our primary segments—enterprise customers as well as SMBs where we leverage a self-service model—each of which has its own unique set of complexities…NetSuite was the only solution that offered us the ability to automate both the back office and customer-facing aspects across both these important segments of our business.” 

Strong Business Intelligence Backbone

NetSuite ERP consistently receives high marks for its business intelligence and financial management tools. Through the platform’s automation of processes like billing, accounting, and reporting, finance teams can focus on financial planning, predictive analysis, and other strategic product and systems-facing actions that require their expertise.

One of their strongest business intelligence and finance features is SuiteBilling, advertised as the industry’s first unified order-to-billing-to-revenue recognition solution on the cloud. Other notable features in this segment of the NetSuite ERP include revenue recognition, customizable analytics and dashboards, and multi-currency transaction capabilities. 

NetSuite ERP What If Analysis for Business Intelligence.
This is an example of the NetSuite ERP “What If” Analysis feature, which allows you to plan and assess potential changes in your business model through what-if scenarios.

Workflow and People Management

At the core of any business, you’ll find people relations and management. Many companies rely on separate HR software that does not wholly integrate with their other company software. But NetSuite ERP’s HR module, SuitePeople, seamlessly connects HR data with financial, procurement, project, payroll, planning, and budgeting data across other modules in the platform. These connections help companies set and analyze performance against company-wide, department, and individual KPIs based on product and market success. NetSuite’s analytics framework is particularly useful for visualizing these types of metrics, as the dashboard shows people and financial analytics side by side and in real-time.

Beyond the people analytics found in NetSuite ERP, you’ll also find a system that simultaneously encourages administrative freedom with widespread employee data protection. Features like the employee directory and other searchable databases within the system make it easy for anyone to connect with the right person in the organization. However, features like effective dating and access control ensure that only administrators with the right access privileges can view employees’ most private data.

NetSuite ERP SuitePeople HR and Finance Metrics.
This is one chart found on the SuitePeople HR dashboard, which compares people analytics with revenue and other financial analytics.

The Cons of Oracle NetSuite ERP

Pricing and Add-On Costs

Although some custom packages and pricing options are available, NetSuite’s baseline package costs $999 a month plus $99 per user, which will likely strain the budgets of smaller companies. These costs also don’t account for the fact that companies pay for nearly every customization they choose to add, with things like 24/7 support and upgrading to the latest versions of different modules incurring extra fees.  

You’re paying for a high-value product that streamlines all of your business software into one tool. So if the price works for your business, it makes sense to pay a higher price than you might pay for a solution like QuickBooks Enterprise, which includes many financial and BI modules, but completely misses on CRM and HRMS features. The ROI is there for the right business model, budget, and tenacity to keep up with changing costs on the platform. 

Customer Support

NetSuite’s technical support is included with all NetSuite subscriptions, but multiple user reviews have indicated the limitations to the service. The included support package offers only 10 hours of customer online support, during regular business hours Monday through Friday. Premium and Advanced Customer Support packages extend that service to 24/7 support for additional fees. Users have also expressed that the support team offers highly technical solutions without always guiding customers, which makes it difficult for teams with less technical staff to resolve NetSuite ERP problems.

NetSuite ERP Support Plans, Basic and Premium Support Comparison.
Basic Support, which is included with all NetSuite purchases, only provides guided support to users when they are experiencing a Severity 1 (Critical) problem in the system.

Although their actual support team may be limited in the scope of what they offer to customers, NetSuite ERP extends several self-help resources to their customers for free:

  • SuiteAnswers support ticketing system
  • NetSuite support user group
  • Online case submission
  • Full training class curriculum

Accessibility for SMEs

Oracle NetSuite has often claimed that they want to be an ERP solution for small and mid-size enterprises (SMEs), but many SMEs have expressed that the solution better fits larger companies. These smaller organizations have shared that the customizations that they want or need to implement in their ERP require two things that they don’t always have: specialized employees who know how to make those coded adjustments, and large budgets to pay for customizations and new add-ons. Managing customizations and version history across the portfolio may require more training, specialized knowledge, FTE, and budget than SMEs can reasonably afford, which is why the solution continues to be selected by mostly larger enterprises.

Read Next: Three Key Advances in ERP for 2021

The post Oracle NetSuite ERP: The Pros and Cons appeared first on CIO Insight.

top

Daman News and Events

This showcases our company news and upcoming events. Please check back as this page will change frequently.