BIOMETRICS & SECURITY
ISSUE May 2021 www.pcr-online.biz
BIOMETRICS & SECURITY SECURITY ISSUE #207 May 2021
PCR May21 Cover Section.indd 2
27/04/2021 11:59
PCR MAY21 QBS F SECURE happiest:Layout 1 27/04/2021 10:04 Page 1
www.pcr-online.biz @pcr_online
PCRmag
CONTENT
Editor Michelle Winny michelle.winny@biz-media.co.uk 0759 529 8729
TheEditor
Graphic Designer Steve Williams swilliams@designandmediasolutions.co.uk Advertising & Commercial Partnerships Sarah Goldhawk Sarah.Goldhawk@biz-media.co.uk 0787 259 4600
SUBSCRIBER CUSTOMER SERVICE
To subscribe, change your address, or check on your current account status, go to www.pcr-online.biz or email subscriptions@bizmediauk.co.uk
ARCHIVES
Digital editions of the magazine are available to view on ISSUU.com Recent back issues of the printed edition may be available please call +44 (0)203 143 8777 for more information.
INTERNATIONAL
PCR and its content are available for licensing and syndication re-use. Contact Colin Wilkinson for opportunities and permissions. colin.wilkinson@biz-media.co.uk
MANAGEMENT
Media Director Colin Wilkinson colin.wilkinson@biz-media.co.uk
Printed by Buxton Press Ltd ISSN: 1742-8440 Copyright 2020
Biz Media Ltd • 4th Floor 44 Maiden Lane • London • WC2E 7LN All contents © 2020 Biz Media Ltd. or published under licence. All rights reserved. No part of this magazine may be used, stored, transmitted or reproduced in any way without the prior written permission of the publisher. All information contained in this publication is for information only and is, as far as we are aware, correct at the time of going to press. Biz Media Ltd. cannot accept any responsibility for errors or inaccuracies in such information. You are advised to contact manufacturers and retailers directly with regard to the price of products/services referred to in this publication. Apps and websites mentioned in this publication are not under our control. We are not responsible for their contents or any other changes or updates to them. This magazine is fully independent and not affiliated in any way with the companies mentioned herein. If you submit material to us, you warrant that you own the material and/or have the necessary rights/ permissions to supply the material and you automatically grant Biz Media Ltd. and its licensees a licence to publish your submission in whole or in part in any/all issues and/or editions of publications, in any format published worldwide and on associated websites, social media channels and associated products. Any material you submit is sent at your own risk and, although every care is taken, neither Biz Media Ltd. nor its employees, agents, subcontractors or licensees shall be liable for loss or damage. We assume all unsolicited material is for publication unless otherwise stated, and reserve the right to edit, amend, adapt all submissions.
www.biz-media.co.uk
+44 (0)203 143 8777
www.pcr-online.biz
03 PCR May21 Leader.indd 1
Access granted
I
f you follow PCR’s daily newsletter then you will be familiar with the frequency of news on cyber security we regularly cover. Just the other day we reported on Bloomberg’s findings that cyber security spending is headed for $200 billion a year as the market switches to cloud-based security with the network and endpoint security sectors likely to see the fastest growth. Since COVID-19 has accelerated the shift towards digitization, many businesses are now looking to adopt a more robust security infrastructure and the May issue of PCR reflects this market demand, in addition to the rapidly accelerating field of biometrics that is bringing a whole new dimension of security access control. In this issue QBS: Alpha Gen, the UK’s Cyber Security Value Added Distributor arm of QBS, Hitachi Security Business Group discuses the latest advances in biometrics. In our big interview with BullGuard we look at cybersecurity, the burgeoning gaming industry and the need for greater security. In our channel security focused round table, we talk to Amanda Adams at CrowdStrike, Antony Byford, at Westcon UK & Ireland and Anton Shelepchuk, from NAKIVO about the underworld of cyber crime and what the channel needs to consider to stay safe. In our Biometric security Q&A we find out more about Corsight’s facial recognition technology and Kaspersky’s views on biometric technology. In our security hardware focus, Frank Crouwel at NW Security Group discuses managing migration of CCTV up into the Cloud. In our Internet security focus, Andy Still from Netacea discusses how hackers are taking advantage of websites that use JavaScript. In our IT security focus Jack Garnsey from VIPRE SafeSend and Security Awareness Training advises on the layers of cyber security businesses should implement to safeguard themselves against cyber attacks. And now why not grab yourself a cup of tea whilst you read Life in the Channel as we catch up with Jo Lawrence at Exertis on empowering its people, creating a workplace of inclusion and embracing diversity.
Michelle Winny, Editor
michelle.winny@biz-media.co.uk
Editorial: 0759 529 8729 Advertising: 0787 259 4600
THE TEAM
ADVERTISING SALES
Michelle Winny
Editor michelle.winny@biz-media.co.uk
Sarah Goldhawk
Advertising sarah.goldhawk@biz-media.co.uk
April 2021 | 3
26/04/2021 17:03
Partner content from
Capture and record Jermaine Campbell, Surveillance Segment Lead – EMEA at Seagate Technology explores why recording, analysing and archiving huge volumes of security data requires a state-of-the-art storage solution
I
n our data age, security has evolved from physical patrols by security agents to a myriad of sensors and systems that offer 24/7 surveillance in crystal-clear HD resolution. Those cameras, thermal sensors, motion-control and access-control systems all have one thing in common; they produce a massive amount of data that is used to make better decisions. Before a system can analyse data and make decisions, all the data must be properly stored. Everywhere around us we generate and use data. In security, data is very dynamic. Take the analogue cameras that we used for surveillance 10 years ago and compare them to our modern devices; new cameras produce at least 600% more data for the same recording with the same duration. According to IDC, the amount of data we produce will increase from 66ZB in 2021 to 175ZB in 2025. Enough data to fill a series of Blu-Ray disks that together cover the distance from the Earth to the moon … 23 times! Security-related data is a major contributor to this exponential growth, driven by the proliferation of cameras, increasing resolutions, longer retention time, as well as Artificial Intelligence and IoT.
New technologies
Artificial intelligence is certainly changing the way we use security data. In the past, it was sufficient to store the data and only inspect suspicious images. Today, the data is often analysed at the edge because cameras can now recognise (ab)normal behaviour on their own. This technology is based on machine learning algorithms that require the system to capture and store lots of data. Moreover, the AI program running in the background of the cameras also produces its own metadata. With the rise of new technologies, the amount of data will only continue to grow. Autonomous cars need data to ensure that they will not hit any other vehicles or pedestrians. Smart cities use data to improve security and support their police forces, for example by identifying locations with a higher risk of incidents or violence. The COVID-19 pandemic will probably boost the use of sensors that measure people’s body temperature at airports or help to manage crowd control in stadiums. This huge volume of data simply cannot be processed by a human being. In addition, data is becoming increasingly valuable and often needs to be archived. Retaining data for a longer period of time can be useful for investigations or to enable forward-planning. Of course, this means that you need another point of storage as you cannot erase yesterday’s data to store new information.
SkyHawkTM AI
The ability to record, analyse, archive and access data requires state-of-the-art storage solutions. As a pioneer with more than 40 years of experience, Seagate is passionate about building storage devices for the security market. Seagate SkyHawk TM AI is a leading series of surveillance hard drives that can easily cope with the extra workloads created by simultaneously recording and analysing data at the edge of systems.
Compare it to a Volkswagen Fox and a Mercedes S-Class both going 70 miles per hour. Although both cars are driving at the same speed, the Volkswagen has a smaller engine and has to work much harder. SkyHawk TM AI drives have the same capacity as regular hard drives, but they are better suited to cope with larger workloads required for surveillance. Recently, Seagate also launched its enterprise data systems with SAN and JBOD solutions that can store more than 5PB, rebuild data sets in minutes instead of days, and offer the fastest technology to stream data from thousands of cameras and sensors. This is very important if you capture data on multiple sites and want to send the data to a central location that serves as a big storage pool.
Are you also passionate about data? Want to know more? Then join in and register for our Seagate partner program: seagate.com/partners 4
|
May 2021
04 PCR May21 Seagate Partner v2.indd 4
www.pcr-online.biz
22/04/2021 14:39
24 May 2021 06 Retail analysis: Post Covid: Why Winning Brands Will Focus on Trust 10 News 14 Industry Opinions 20 Big Interview: BullGuard’s Steve Hicks 24 Roundtable Q&A: State of the channel security industry 28 Biometrics: Hitachi
20
28
30 Biometrics: Corsight & Kaspersky 34 Security hardware: NW Security Group’s Frank Crouwel 38 Security software: Netacea’s Andy Still 40 IT Security: VIPRE’s Jack Garnsey 44 Sector guides: Security hardware and security software 48 Life in the channel: Exertis’ Jo Lawrence
www.pcr-online.biz
38 48 @pcr_online
PCRmag May 2021 | 5
05 PCR May21 Contents.indd 2
27/04/2021 12:01
Retail Analysis
Post COVID:
Why Winning Brands Will Focus on Trust
In a guest article Derek O’Carroll, CEO, Brightpearl shares five strategies online retailers can deploy to build trust with their customers and why it’s vital to get this right to survive the post-Covid retail landscape.
6
|
May 2021
06-08 PCR May21 Retail Analysis v2.indd 6
www.pcr-online.biz
13/04/2021 10:05
Retail Analysis
S
ince the onset of Covid-19 consumers appear to have reassessed their priorities when they’re shopping online. Today, consumers are expecting higher levels of authenticity, seeking out brands they can trust will deliver on promises and that also align with their own values. In fact, 52% of respondents from a Lifestyle Survey in 2020 agreed that they only buy from brands that they completely trust. And, in our own poll, 51% of shoppers say that trust is now their motivating factor when selecting whom to shop with. In fact, trust has become more important to them than brand names or even low prices. However, today’s ecommerce market is fraught with fulfilment issues, with a third of shoppers experiencing problems with delivery since the pandemic, something that’s leading to greater levels of disappointment and mistrust in online shopping. Engineering trust will be a key driver of both customer retention and acquisition in 2021, so it’s vital retailers are able to cultivate and strengthen the bond between brand and the consumer which can see them through these troubled waters. Here are five strategies online retailers can deploy to build trust with their customers in the post-Covid landscape:
Offer A Personalised Online Experience - Or, Something Unique
As retail adapts to social distancing and store closures, we can expect to see growth in the personal shopping experience, particularly at the premium end. This will be an opportunity for brands to connect with their customers on a deeper, personal level and understand customers’ needs, while the user benefits from having a great personalised experience that will see them wanting to revisit. John Lewis has launched a free, virtual personal shopping service for customers to receive the product advice without leaving their home, while luxury brands Burberry and Gucci are betting on personalised video consultations spurring sales, launching their own video services. Taking it a step further, Burberry also saw huge interest as it live streamed its catwalk show for the unveiling of its Spring/Summer collection, which offered a new unique, and exclusive experience that helped build greater connection - and trust - with its audience, while also making their online space a destination point, rather than just a store. These approaches help replicate the exclusivity, excitement and individuality of the personalised service one receives in store and we expect it will become standardised in the online space.
Offer Convenient Delivery Options
Convenience is key to building trust, so as well as offering home delivery, aim to offer Buy Online Pick Up In Store (BOPIS) wherever possible. According to recent research, 79% say Click & Collect options are very important to them. At Brightpearl, many companies we work with have added more delivery options to support customers’ increased preference for local shopping, and adoption of Click & Collect has gone through the roof, as a necessity of Covid enforced change, and in response to our data which suggests that 41% of shoppers plan to increase their Click & Collect use this year. www.pcr-online.biz
06-08 PCR May21 Retail Analysis v2.indd 7
May 2021 | 7
13/04/2021 10:05
Retail Analysis
This strategy also appears to have helped some ecommerce businesses weather the Covid storm. US firm BJs Wholesale puts much of its year-on-year 300% digital growth down to allowing customers to pick up in store. By offering customers extra layers of convenience, they’re more likely to secure their trust and win their business in future. It’s becoming apparent that retailers need to think out of the box when it comes to adopting new technology. By offering customers extra layers of convenience, they’re more likely to secure their trust and win their business in future.
Don’t Over Promise On Delivery Times - And Be Consistent
Promising what you can’t deliver is a sure-fire way to destroy your customers’ trust in your brand. So have realistic order fulfillment goals, and use them as a basis to improve your fulfillment service going forward. Here’s a quick tip; implement automated forecasting features to help you gauge your shipping delivery capabilities. That way, you’ll avoid costly mistakes and unfulfilled orders. With an automated system, you can create fulfillment quotes in real-time - so they’re based on your actual inventory and warehouse capacity. The key to building trust is consistency over time - creating engaging customer experiences that are done right every single time, across every single sales channel - which then help to build brand advocacy, create positive sentiment, and encourage brand loyalty. With a lot of brands out there selling the same or similar products, it’s no longer the product differentiation that gets you seen. It’s the experience differentiation. Creating these outstanding experiences requires ownership of all ends of the buying journey - thinking about the feelings you want to create for customers every step along the way and removing any
potential bottlenecks within the pre-and post purchase customer journey, from the website experience, to delivery and returns.
Start automating your workflows
As consumers move online, vendors must process increased demand of online orders more quickly - and that can lead to mistakes. Unfortunately, many ecommerce retailers have struggled to cope with the sometimes huge spikes in demand for online shopping, especially those brands simultaneously hit by reduced operational capacities. Companies without robust, automated backend systems in place have faced an even bigger struggle, facing logistical nightmares that are damaging their reputation. So, if you’re running out of stock or shipping to the wrong addresses on a regular basis, these mishaps are often down to ineffective workflows or human error. In a poll by Brightpearl, we found that 77% of all 1-star reviews were related to issues after the buy button, like delayed deliveries, or items being shipped to the wrong place. The survey also shows these mistakes will not win you any favor with customers - it will quickly erode their trust in your brand and you can count out any repeat business. Post-Covid, maximising customer lifetime value is going to become even more essential. Recently, we’ve seen data supporting the value of retention vs. acquisition like improving customer retention 5% increases profits by 35% to 95%. With this in mind, companies simply can’t afford to utilise weak setups that lead to issues pre-or-post purchase. Automation should top the wishlist for those wanting to build trust with customers. The best online retailers are using automated solutions to oversee the creation of estimates, sales orders, shipping orders, and invoices. Thus avoiding human error, increasing the productivity of the operation, and ensuring customers are happy.
Ask For Feedback - And Engage With It
Customers want to feel that brands value their opinions, so asking for feedback will show you care. Send out surveys on a regular basis, have live chat or phone support available when they run into issues, and ask customers to share whether your products and service have lived up to their expectations. Use feedback as a basis to improve your end-to-end service - and then communicate that back to customers as a way to further connect with them. You must engage with customer feedback, even if it’s not glowing, and use it as a way to reinforce your high standards of customer service. A Brightpearl poll revealed that forty-six per cent of respondents regularly check star ratings for online retailers before buying from them, and two in five consumers have been put off a brand or a retailer they might have shopped with – by a single unfavourable review. However, two-thirds of shoppers said that their concerns were alleviated if the brand responded quickly, and resolved the issue.
8
|
May 2021
06-08 PCR May21 Retail Analysis v2.indd 8
www.pcr-online.biz
13/04/2021 10:05
PCR MAY21 QBS Kaspersky:Layout 1 26/04/2021 09:07 Page 1
News
Tech Data speeds up renewals with Dell software store Tech Data’s latest Software Store with dedicated pages for Dell support contracts enables partners to maximise renewals. Using the online portal via InTouch, Tech Data’s ecommerce platform, it is possible to see renewals for the current and next two quarters. As prices are pre-approved, partners can provide a quote for the customer instantly and place the order. Matt Warwick, Dell Technologies business unit director
Channel confidence high after year of change New research conducted by Agilitas IT Solutions has revealed that optimism and confidence in the future of the channel remains high despite a challenging year, as decision-makers give an overall confidence score of 7.4 out of a possible 10. These findings come as the company launches its latest Channel Confidence Index 2021. Decision-makers across the channel were asked to rate their feelings of confidence on a scale of 1 to 10 (1 being very pessimistic, 10 being very optimistic) in response to a range of topics. New for 2021, Agilitas asked respondents to score their optimism for emerging trends, including sustainability, resilience, customer experience and productivity in addition to the report’s staple themes of people, finance, technology, disruption, innovation, collaboration, globalisation and relevance. Given the year just passed, overall confidence has understandably shown a slight decline from the 7.6 levels recorded in the first Channel Confidence Index in November 2019. However, within the same context, such a marginal decrease proves that optimism is generally holding firm across the board, even as businesses face new challenges and transformation as a result of the pandemic. A closer look at the Index’s core themes saw channel decision-makers give an average score of 7.2 across business transformation, going global, innovation and disruption, regulation, and political factors. This also represents a drop from the last report (7.5), but is yet another score that should encourage the sector about its commitment to withstanding both internal and external market challenges. As is the nature of channel partners, ‘stronger together’ categories of investment and culture and alliances were also positively scored with the same combined average of 7.2. 10
|
May 2021
10-11 PCR May21 News.indd 10
at Tech Data, UK said: “The new Dell Software Store will ensure Dell partners need never miss out on support contract renewals and make it faster and easier for them to transact renewals business. It’s going to help them do more business and save a huge amount of time.” Previously, Dell partners would have needed to keep a record of renewal dates and pro-actively request a quote through Tech Data.
Netatmo brings HomeKit Secure Video to its smart outdoor cameras
Netatmo’s Smart Outdoor Cameras (with and without Siren) now support Apple HomeKit Secure Video. Users can view videos from their Cameras in the Apple Home app and securely store them in iCloud. This free and automatic software update, available since February 2020 for the Netatmo Smart Indoor Cameras, will be progressively available to all Outdoor Cameras in the upcoming days, including those already purchased. The Netatmo Smart Outdoor Cameras alert the user in real-time if a break-in occurs. They distinguish between a person, animal, vehicle or harmless movement and immediately warns the user if a suspicious activity is detected.
ServiceNow delivers new unified agent solution ServiceNow’s Agent Client Collector (ACC) is a unified agent solution that gives teams the ability to capture and monitor data – as well as meet visibility requirements – across software, hardware, and cloud infrastructure. ACC enables automation of incident resolution and to identify and help prevent service disruptions. For example, a remote employee experiencing VPN issues can open an interactive chatbot that connects to a live agent experience. The help desk agent can then use the Live Asset view feature to visualise end-user asset data and collect diagnostic information – without the need to implement remote desktop software. www.pcr-online.biz
26/04/2021 17:01
News
New Research Identifies Surge in Cybercriminals Using TLS to Carry Out Attacks Sophos has unveiled new XGS Series firewall appliances featuring Transport Layer Security (TLS) inspection, including native support for TLS 1.3. “Sophos Firewall XGS Series appliances represent the most significant hardware upgrade that we have ever released, providing huge opportunity for the EMEA market,” said Kevin Isaac, senior vice president at Sophos. “The last year has seen a dramatic increase in the pace of digital transformation. New and rapidly scaled digital business processes combined with the need to support remote workforces has opened up new areas of risk as well as opportunity. Organisations need powerful, next-generation protection that can defend the organisation and its daily operations against threats such as ransomware and other malware.” “Security teams can no longer afford to overlook encrypted traffic for fear of breaking something or hurting performance – there’s too much at risk. We’ve completely redesigned the Sophos Firewall hardware to handle the modern encrypted Internet. Security teams now have the ability to easily inspect encrypted traffic and shine a light on what used to be a black hole, and they can confidently do so without compromising performance,” said Dan Schiappa, chief product officer at Sophos. Sophos has also published new research, “Nearly Half of Malware Now Use TLS to Conceal Communications,” identifying a surge in cybercriminals using TLS in their attacks. The increasingly popular tactic is used by adversaries to encrypt and obfuscate the content of malicious communications to avoid detection as they carry out attacks. 45% of malware detected by Sophos from January through March 2021 used TLS to conceal malicious communications. That’s a staggering rise from the 23% Sophos reported in early 2020. Sophos has also seen an increase in the use of TLS to carry out ransomware attacks in the past year, particularly with manuallydeployed ransomware. The majority of malicious TLS traffic that Sophos has detected is comprised of initial-compromise malware, such as loaders, droppers and document-based installers like BazarLoader, GoDrop and ZLoader. “TLS has undoubtably changed the privacy of internet communications for the better, but for all the good it’s done, it’s also made it much easier for attackers to download and install malicious modules and exfiltrate stolen data – right under the noses of IT security teams and most security technologies,” said Schiappa. “Attackers are taking advantage of TLS-protected web and cloud services for malware delivery and for command and control. Their initial compromise malware is simply the advance guard for major attacks, as they’re setting up camp for the heavy artillery that follows, like ransomware.”
Tech Data adds VIVO smartphone range to UK webstore Tech Data is now a distributor of Vivo smartphones. Vivo’s 6.51-inch Y20 Android smartphone was one of the best-selling devices of last year and is one of three Vivo devices available from Tech Data immediately – the others are the higher-specification Y70 and the X51 5G device.
www.pcr-online.biz
10-11 PCR May21 News.indd 11
TP-Link offers Wi-Fi 6 range extenders with OneMesh TP-Link’s OneMesh roll-out coincides with the launch of two new, OneMesh compatible Wi-Fi 6 Range Extenders. OneMesh eliminates dead zones and boosts signal strength via a single Wi-Fi network that covers every corner of the home, so users no longer have to wander around in search of a stronger signal or faster connection. OneMesh also intelligently connects mobile devices to a router or extender based on whichever provides the best connection. The OneMesh router and extenders create a seamless network under a single Wi-Fi name to ensure that users can stay online with the best connection levels as they roam from room to room, enjoying uninterrupted streaming, downloading, and more throughout their homes.
TransferGo defies remittance predictionTransferGo has hit over £3billion in time highs international money flows and over 10 million customer transactions. In April 2020, the World Bank predicted the pandemic would cause the sharpest decline in remittances in recent history, and would ultimately affect providers in the market. However, TransferGo has proven that the migrant community continues to rely upon instant and affordable cross-border payments with registered customers on the platform increasing to 2.5million. In fact, demand for global real-time transfer services has been so high that TransferGo has unlocked 95 new markets this year through key industry partnerships with Mastercard and Visa. By integrating with Mastercard Send and Visa’s real-time push payments platform, Visa Direct, TransferGo has empowered new customers in countries like Nigeria, Moldova, Georgia, Ghana, Saudi Arabia and Vietnam to send payments directly to a card without having to navigate online banking or find the International Banking Account Number.
May 2021 | 11
26/04/2021 17:01
APPOINTMENTS
This month’s movers and shakers in the tech industry...
Exertis
Exertis Pro AV has made three new appointments to its Unified Communications and Collaboration (UC&C) team. Andy Pollard, Pre-sales Architect, Haifa Jinadu, Pre-Sales Architect and Jon Grundy, UC&C Business Development Manager, will all report into Greg Bennett, Head of AV Solutions. The new recruits have almost 40 years’ experience between them.
Anzu
Anzu.io has appointed Josh Schmiesing as a strategic advisor. Schmiesing has experience leading brands spanning 65+ countries in the areas of research, marketing, advertising, media, and digital production. Recently, he led WPP’s Global Microsoft Relationship, including global digital marketing for Xbox. He also serves on the advisory board for Limbitless Solutions, a non-profit organisation that uses engineering to promote empowerment, inclusivity, and accessibility by creating personalised bionics and solutions for children with disabilities.
WatchGuard
WatchGuard Technologies has appointed cybersecurity and service provider veteran, Miguel Carrero, as vice president of Strategic Accounts. In this role, Miguel is responsible for leading the growth and expansion of the company’s global effort to target, onboard and manage partnerships with strategic accounts including multi-national service providers and managed security service providers (MSSPs).
Miniclip
Miniclip has appointed Stefan Beurier as Chief Financial Officer. He joins from Ascential plc, where he had been EVP, Group Finance, and has previously held finance leadership roles at The Economist Group, Bandai Namco, Expedia and Electronic Arts. Stefan will replace Craig Dixon who will be retiring from full-time employment at the end of April.
Cityfibre
CityFibre has appointed Matt Walker as its new Director of Customer Delivery and Assurance. Walker has over 20 years of experience in the industry, previously holding roles such as Director of Customer Service for consumer business at Openreach and senior roles in Group Strategy at BT Technology.
Atos
Atos has appointed Carol Houle as Global Head of Consulting and Marketing to its global Financial Services and Insurance (FS&I) division. Formerly a Global Practice Leader for Digital Consulting, Carol brings over 25 years of industry experience and will lead marketing, pre-sales engineering and portfolio for the financial services and insurance industry at Atos, as well as being responsible for global FS&I industry consulting. She will report directly to Global Head of FS&I Adrian Gregory.
OnBuy
OnBuy.com has appointed Mark Lister as Chief Commercial Officer as part of a series of C-suite hires. Mark Lister brings over 20 years’ commercial experience to the role, including expertise in the eCommerce and marketplace sector built over the past 12 years. Before being headhunted to grow a marketplace in Kuwait, Mark held the position of Senior Director in eBay Classified Group’s (eCG) commercial business function. 12 | May 2021
12 PCR May21 Appointments.indd 12
Wipro
Wipro Limited has appointed Pierre Bruno as Chief Executive Officer, Europe. In this role, Bruno will lead Wipro’s business in six distinct regions across Europe.
www.pcr-online.biz
16/04/2021 10:51
Partner content by
TeamViewer launches quick partner activation
T
eamViewer, a leading connectivity platform, has launched a new and improved channel partner program to enable Managed Service Providers, System Integrators and Value Added Resellers to collaborate quickly and effectively with one of the most well-known brands in the field of ‘remote control’: remote work, remote support, remote access and Augmented Reality. The unique approach lets partners start selling right away – on a commission basis – with only a registration initially required. Plus, any channel partner can sell TeamViewer products without limitations on country, language or deal size – leveraging the global prominence of the TeamViewer brand as well as its strong network of local teams. If you want to join our partner program – or learn more about us or our Man Utd and Mercedes Benz F1 partnerships – simply speak to your QBS Software account manager
Why should Partners work with TeamViewer?
It is so easy to become a TeamViewer partner, with no budget commitment or contract required to start reselling. Any reseller, MSP or SI can simply order our products through a TeamViewer distributor (in the UK, QBS Software is the obvious choice). Depending on the focus and commitment, partners can grow together with TeamViewer – winning more customers, increasing sales, receiving training, and gaining specific knowhow about the more complex solutions (leading to Certified Partner level, which brings additional benefits). At the same time, this development path is not mandatory. Partners can simply continue as a Business Partner if they prefer. The subscription model helps too. Partners can build up their TeamViewer customer base step by step based on recurring business from renewals plus adding new customers on top. Apart from a global footprint, strong brand and dedicated local channel support, TeamViewer offers all the leading-edge technology for ‘remote control’ – from solutions for individuals and small businesses to comprehensive enterprise solutions – connecting anyone, anything, anywhere and anytime.
What value will come from the Man Utd sponsorship?
This is a really strong partnership for TeamViewer: Manchester United is one of the few sports clubs offering a very emotional www.pcr-online.biz
13 PCR May21 QBS Teamviewer.indd 35
brand and a large platform. For TeamViewer this means a total package for promoting our brand – digital and offline: We will be present on the social networks of the club and the players’ kit. In the stadium, we will also be visible on the boards. We will be able to play on many channels, worldwide. That will make a big difference. We wanted exactly this breadth and attention in the consumer world. TeamViewer is already very relevant for private individuals because our software can be used free of charge. However, we want to expand this further and address private users on a broader basis. Interestingly, decision-makers are also often interested in football! There is a trend in sport right now to work with technology companies. We want to implement joint technology projects with Manchester United, in augmented reality, in crowd control and other things; we have a lot of plans. TeamViewer is also working closely with Mercedes as part of its sponsorship of the F1 team: TeamViewer software will make the Mercedes teams more efficient, with optimized remote operations and enhanced connectivity between team processes trackside and back at base, notably in terms of race support during testing and racing. TeamViewer will furthermore play an important role in motorsport’s journey towards net zero emissions, by enabling people and companies to effectively monitor systems remotely. By enabling remote working and IoT solutions across multiple sites, TeamViewer technology can deliver further reductions of the carbon footprint of the racing teams, each of which achieved the FIA’s 3* Environmental Accreditation standard last year. www.teamviewer.com/en/sponsorship
What exciting things are on the horizon?
COVID-19 became a wake-up call for digitalization and accelerated many of the global megatrends. Automation, robotics, networking of machines, ie, Industry 4.0 and digital transformation are more relevant than ever before. Here we are talking about Operational Technology (OT), ie, the businesscritical operation of machines and plants and their permanent monitoring. As far as new solutions are concerned, we would like to significantly expand the application possibilities of our software, especially in the technology fields of AR and IoT, and also enrich them with intelligent data management as well as innovative solutions for customer engagement.
May 2021 | 13
27/04/2021 11:10
industryopinion
Vulnerable To Attack Retail’s Patchy Cybersecurity Problem Stephen Roostan, VP EMEA at Kenna Security explores how retailers can ramp up their security and block any potential cyber attacks.
T
he seemingly unstoppable rise of e-commerce means more customers are flocking online to fulfil their retail needs, 24 hours a day. Nearly every large retailer runs an online store where customers create accounts to fulfil their orders, and it’s this ubiquitous online presence that also attracts the attention of cybercriminals, who target customer data (addresses, emails, phone numbers), alongside payment details with a wide range of increasingly sophisticated attacks. In December for instance, US retailer, Kmart, was reportedly the victim of a ransomware attack, reminding the industry that it remains extremely vulnerable to downtime, loss of revenue and the huge brand damage that can result from a breach. One of the key issues retailers face is that of vulnerability management and the pressure placed on IT teams to continually monitor, track and fix vulnerabilities across their infrastructure to protect the organisation from any potential cyberattack.
Managing Vulnerabilities
To manage the sheer volume of vulnerabilities, organisations often adopt a ‘divide and conquer’ process in deciding which to prioritise patch. The problem with this approach is that only 2% to 5% of all the potential vulnerabilities represent a real threat to the IT environment. What’s more, widely used free tools, such as the Common Vulnerability Scoring System (CVSS), come with limitations that make it difficult to manage the sheer volume of vulnerabilities out there. To give this some context, 451 Research assessed that an organisation using CVSS v3 to score 2 million vulnerabilities could find that 660,000 are classified as ‘critical’. Without understanding the exact relative risk these vulnerabilities pose, prioritising which to address first requires considerable time and resources from security specialists to decide where to focus remediation efforts.
Taking a Risk-Based Approach
Instead, many organisations are now adopting a risk-based approach to vulnerability management (RBVM), making it possible to apply meaningful metrics and evaluate potential risk factors. These platforms are designed to make the overall process much easier and more efficient for security and IT teams because they can assess and 14
|
May 2021
14-17 PCR May21 Opinions.indd 14
predict which vulnerabilities pose a real threat – based on actual risk to the organisation. By employing predictive data science modeling and real-time threat intelligence feeds, RBVM platforms shift the emphasis of vulnerability management by enabling security teams to assess exactly how critical each threat is to each specific environment. In contrast to CVSS scoring that may identify huge volumes of vulnerabilities as ‘high risk’, RBVM solutions focus on evidence-based information so retail tech teams can focus on just the most critical vulnerabilities that represent a true risk at that moment in time. As a result, adding the ability to confidently identify what to fix first – and what patches can be added at a later date – can help improve efficiency, and most important of all significantly reduce the cybersecurity risks presented by infrastructure vulnerabilities. In practical terms, security teams using RBVM no longer have to put time and effort into creating extended patch lists for their IT colleagues to implement, because they understand the priorities required to protect their systems. And on the other hand, the IT teams can confidently focus on a clearly defined set of cybersecurity issues, knowing they can be remediated without wasting time and effort on vulnerabilities that aren’t important and without adversely impacting application or service uptime. No retailer wants to take customer-facing technology offline, even for a short period, and especially if the updates might not be required. And because security and IT teams end up spending less time focused on the headline vulnerabilities that, when assessed for risk, don’t pose a particular threat, they can move on from constantly playing catch-up and focus on those areas of greatest risk. Time saved by using RBVM to plan and apply patching schedules can be devoted to other cybersecurity or IT tasks - for retailers with dynamic digital strategies, this can deliver an important dividend for optimising technology strategy as a whole. Given the pressure the retail sector is currently facing, IT efficiency is paramount - but not at any cost. Balancing customer-facing and back office technology performance, usability and reliability with security is a delicate balancing act, but by intelligently dealing with vulnerabilities based on risk, retailers can focus on delivering a compelling customer experience in today’s highly competitive market. www.pcr-online.biz
12/04/2021 15:59
industryopinion
The case for delivering managed services through the data cloud Tim Alexander, Senior Director of Alliances EMEA at Snowflake makes the case for managed services infrastructure and its importance when developing a mutually beneficial relationship between partners and customers.
L
ast year, the channel faced one of the most uncertain years on record. As the pandemic rewrote the notion of the traditional office, customers grappled with shifting their channel budgets to support a remote workforce. For the channel, the immediate and sustained impact of the ‘new normal’ was a significant dip in onpremises infrastructure as demand for collaboration and comms, security and cloud infrastructure increased rapidly. This shift was a significant inflection point for the channel that underscored just how important it is for them to have cloud managed services in place for their customers. Research shows that the cloud managed services market has grown exponentially in recent years and is expected to soar from USD 62.4 billion in 2020 to USD 116.2 billion by 2025. As well as providing capacity and communication to make working from home as seamless as possible for their employees, businesses have found that moving to a cloud managed services platform has given them significant benefits in how they service their customers. The change in consumer behaviour in the last 12 months has been difficult for businesses to keep up with, and even data-driven organisations have seen their data models lose impact in the disruption. Businesses are now looking for new ways to harness data driven strategies. Looking ahead to 2021 and beyond, it’s clear that one of the technology legacies of 2020 is that many businesses will retain and develop the cloud strategies they adopted during the pandemic. With this in place, the question for channel partners is how can they stay ahead of their competitors and deliver value on top of this? Given this increased reliance on data, the answer is investing in a managed services solution that harnesses the data cloud. Entering a global network, managed by a dedicated cloud provider, where thousands of organisations store their data will give customers both flexibility and the insights required to make better business decisions.
A data-driven solution for customers
Cloud managed services not only save time for customers by outsourcing specific responsibilities but also offer considerable financial benefits. By outsourcing cloud maintenance support, companies don’t need to spend time hiring a larger IT team to maintain their cloud services. Staffing a full-time in-house team is extremely expensive, whereby expert cloud managed services www.pcr-online.biz
14-17 PCR May21 Opinions.indd 15
providers can instead deliver round-the-clock, dedicated services at a fraction of the cost. These benefits can be further amplified by investing in a channel partner that delivers solutions through the data cloud. For organisations to be successful in today’s data economy they must have a platform that enables them to make decisions based on increasingly granular data. A managed service solution delivered by the data cloud can unlock the value of a business’ data and eliminate silos across the company. Rich data can be connected, shared and utilised all in real-time by partners and customers who are part of the data cloud, without having issues of concurrency or data silos. With consumer predictability at an all time low, the ability to make quicker business decisions is a significant competitive advantage for customers. This model means that not only does the customer get more time back for their IT teams to focus on the most important projects, but the organisation gets a more comprehensive, informed view of its business and customers. More time also gives small, medium and large businesses time to focus on innovating faster through managed services, on a budget that is respective to their goals and objectives. With cloud managed services, channel partners will be safe in the knowledge that cloud providers are maintaining constant control of the cloud environment, continuously monitoring performance and ensuring any issues with the system are dealt with immediately. By proactively monitoring for potential issues, cloud providers can prevent any periods of downtime and can fix a problem remotely across any time zone. Channel partners will also be reassured by the fact that their solutions are functioning at optimal levels throughout the day through the support of a cloud provider. With optimum bandwidth, data storage and uptime, channel providers can rest assured that their services will go uninterrupted, even under heavy workloads. As the channel industry forges ahead into 2021, channel partners should look to embrace data-driven, low maintenance technology partners who can lead their customers to success in what will surely be another uncertain year. Cloud managed services have now become an essential extension of this journey. Using a service that provides a global network of data through the data cloud will empower companies and channel partners to stay competitive in an otherwise challenging landscape. May 2021 | 15
08/04/2021 11:09
industryopinion
Adapting to the new security buying environment Florie Lhuillier, Head of Security at CCgroup highlights key findings from Research that uncovers top vendor marketing strategies to influence buyer awareness and purchasing decisions
T
he COVID‐19 pandemic has created considerable uncertainty and caused sudden and widespread disruption in businesses security operations. Remote working in particular has been an issue. With remote work here to stay for many, in this post-COVID world – and new threats emerging every day, it’s no wonder companies are still planning to make considerable investments in security technology despite ongoing economic uncertainty. According to CCgroup’s recent study “Security marketing strategies: influencing contemporary purchasing behaviour, conducted in partnership with Coleman Parkes Research, four out of five UK companies are currently on the lookout for new suppliers in the security technology space. This is despite 78% of companies already having made an unplanned purchase as a result of the pandemic. The average ticket price for those new security purchases in the past 12 months came just below £800K and rose to nearly £900K amongst companies in the financial services sector. It’s clear the future for security vendors is looking bright. But this begs the question, what factors are currently driving these purchases? The study reveals technology advances (72%), keeping up with increasingly sophisticated threats (62%) and regulatory demands (50%) were the top three factors driving the purchase of new security technology. The legacy of working policies implemented in response to national lockdowns and social distancing is also reflected in the results. While digital transformation has long been the preeminent priority area where new security technology is being applied, enabling staff to work from home is now as much, if not slightly more, of a priority. When it comes to the type of security solutions companies plan to buy in the next 12 months, unsurprisingly, cloud security tops the chart (41%), closely followed by endpoint security (36%). With companies having undergone years’ worth of transformation in a matter of months, to become reliant on service delivery models hosted on cloud infrastructure, and BYOD policies becoming more widely adopted due to the pandemic, companies must adjust their security programmes and supporting tools. Clearly, the market for security products is still very much alive. However, seizing this burgeoning opportunity cannot be done using the same methods that were employed before or during the COVID-
16
|
May 2020
14-17 PCR May21 Opinions.indd 16
19 pandemic. The market environment has changed; therefore, the way security vendors market products and services must change too. So, what and how should security vendors be communicating in today’s tougher and highly competitive market? According to security technology buyers, the most influential channel in terms of building their awareness of security vendors are industry events, followed by trade media publications and discussion with colleagues and/or peers at other companies. Webinars and broader business events were also regarded as highly impactful by respondents across all industries, with a quarter describing these channels as having a “heavy influence” on their awareness of security technology suppliers. Despite almost every major security industry event having moved online in 2020, their value in establishing and maintaining brand awareness has clearly been left unshaken. When asked about the channels and content buyers find most influential when narrowing down lists of prospective security vendors to engage with, industry events once again took the top spot while long-form content – written either by industry analysts or by vendors themselves – was cited as most influential. By offering technical specifications on products and services, whitepapers help buyers make tangible decisions on the vendor’s pure ability to meet the RFP criteria and foresee any potential issues. Analyst reports, on the other hand, provide insight into the more intangible qualities, which affect the selection process, such as a supplier’s reputation, flexibility, and ability to set and/or align with wider industry trends. The market for security solutions may be booming but grasping this opportunity requires a new approach. From a potentially more open attitude toward remote working, to ongoing uncertainty regarding international travel, the legacy of 2020 will continue to influence the business world for months or even years to come. This brings with it a new set of objectives, priorities and spheres of influence, all of which hold the key to understanding and influencing the purchasing decisions of security technology buyers. In other words, security technology vendors simply cannot rely on throwing every marketing strategy at the wall and waiting to see what sticks. To master all channels simultaneously, they need to design and implement a data-driven, precise and highly dynamic marketing strategy that is in line with the new buying landscape. www.pcr-online.biz
12/04/2021 16:03
industryopinion
Now you see me, now you don’t AOC and MMD’s Paul Butler looks at enabling on screen privacy.
I
n today’s world data security is more important than ever issue. We developed a privacy monitor, the Philips 242B1V which before. Educational, financial, medical, governmental has a built-in “Privacy mode”. It comes with all the specs you would organisations are increasingly transitioning to the digital need from a business display but what makes this monitor unique world, where the data needs to be secured with various layers of is its privacy switch. encryption and with controlled user access. However, one Once activated, a special filter limits the horizontal viewing of the largest concerns in terms of security is nonangles from 178° to 90°, while also reducing the digital forms of hacking. brightness to 180 cd/m². In this mode, only people Non-digital hacking, you ask? Well, in the that are straight on looking to the monitor can old days, confidential documents were see the content it displays. After dealing with “Once activated, a special locked up and only selected, authorised sensitive data, it can be easily deactivated filter limits the horizontal people had access to them. Physical – a simple but genius solution to a keys and locks were good enough modern and serious problem. viewing angles from 178° to 90°, safety measures. Such secured Another form of visual hacking while also reducing the brightness to data included health records affects passwords. Let’s assume a user 180 cd/m². In this mode, only people that filed with doctors or hospitals, is taking their security seriously and records of employees, financial the OS is secured by a password are straight on looking to the monitor can documents or highly confidential when they are away from their desk. see the content it displays. After dealing government or military-specific This means when they want to login, information. Today, with the digital they will have to physically type their with sensitive data, it can be easily transformation such documents are password, which can be watched and deactivated – a simple but genius kept digitally, with a highly secure IT recorded from afar. A really dangerous solution to a modern and serious infrastructure managing and controlling but common practice as well is using the access to these data. same password for multiple logins. Once problem.” What is often overlooked, however, stolen these cases present even more serious is “visual hacking”. Theoretically, when a security risks. workstation or an account is used by one specific Just like today’s smartphones are increasingly person, no other people without their specific password secured by biometric features (facial recognition or could access this account. But the reality is much more complex fingerprint readers) and less by entering a passcode, the same than that. When a customer, another colleague, or a random security paradigm is being applied to laptops and desktop PCs. So, person physically comes near the workstation, they can see with at Philips we simply built this feature into several of our monitors. their own eyes what’s on the screen, even if they’re not authorised Models from Philips monitors that come with webcams featuring by the digital security system. Windows Hello support (such as the Philips 346P1CRH for The point is, even with a multi-layered security system, instance) offer easy integration of face recognition to the existing sometimes what people see as simple hardware such as displays can systems. be a point of failure and compromise the company’s or institution’s Additionally, the webcam can be physically tucked away behind confidential data. the panel when not in use which also eliminates the need for the For increased viewing comfort, the best monitors we use for our primitive “post-it over the webcam” situation to physically block workstations today have viewing angles wide as 178° horizontally, the camera, that we see often in offices all over the country. so the colour and contrast shift is kept to a minimum. However this Security as a concept should not only cover the digital domain, also means that bystanders can also see what’s on the display when but the physical domain as well, and Philips monitors offer great standing in this radius. tools for enterprises and institutions to handle these weaknesses So at Philips we have come up with a very sleek solution for this gracefully.
www.pcr-online.biz
14-17 PCR May21 Opinions.indd 17
May 2020 | 17
27/04/2021 12:48
industryopinion
Brexit’s impact on the channel PSA Part’s Sales Director, Nick Walsh looks at how Brexit is impacting cross European border trade for the tech channel and how companies can look to address these challenges.
P
rior to finalising a deal, or Trade and Cooperation Agreement to give it its official title, there was a great deal of uncertainty and a lack of clear information for a lot of organisations directly impacted by Brexit. This; coupled with the late timing of the deal left many businesses awaiting answers and guidance on what they needed to do with only a matter of days to make those changes once the deal was confirmed. Whilst an earlier deal would have allowed organisations to make provisions for incoming changes, the lack of clarity up until the 11th hour meant that for many businesses, detailed preparations weren’t being made for the new rules and procedures to follow. We’ve seen businesses of all different sizes caught unaware by details such as country of origin rules or correct EORI requirements. Whilst the UK government made a concerted effort to get businesses set up with a UK EORI number, a considerable percentage of these businesses weren’t aware this only allowed them to export goods from the UK and didn’t allow them to take care of the importing of those goods into the EU and on to their customers. Despite headlines that a deal would “enable UK goods to be sold without tariffs, and without quotas in the EU market”, the realities of trade post-Brexit for UK resellers has been somewhat different. Because of the importance of country of origin rules, products exports to the EU must have originated from (not just shipped from) the UK to avoid potential tariffs. In practice, the vast majority of IT hardware typically originates from the Far East. As such, tariff exclusion for these products does not apply. As an industry we’re fortunate that most of our products are either zero rated or have relatively low tariffs when compared to industries such as food or automotive, but there is still a hidden cost for a surprising variety of products within the tech industry. Even if goods have a zero rate of duty, a sale and shipment from the UK to the EU is no longer a simple movement from one member state to another. It is now an export and an import. Despite the physical proximity of the EU, the process can be as costly and as complex as shipping goods halfway around the world now. Depending on the incoterms selected for your shipment, either you or your customer will be responsible for clearing customs in the destination country. Resellers that chose to take care of this for their EU customers via DDP (Delivered Duty Paid) shipments usually find themselves unable to reclaim the VAT element of the charges, the net effect of which is to increase the cost of the goods by between 19-24%, wiping out or severely reducing any margin in the sale. This cost is in 18
|
May 2020
14-17 PCR May21 Opinions.indd 18
addition to any other charges the courier may levy for providing the clearance service. The costs soon add up Those that selected DDU or DAP found customers unhappy at having to deal with the clearance themselves. Again, there is often a non-reclaimable fee from the courier for providing the clearance service. These additional checks, combined with large numbers of shipments with incorrect or incomplete paperwork caused the cross border courier networks to grind to a halt in January with a number of the big names closing their services for days or weeks at a time. There are still backlogs and delays in most of the networks now. Depending on the nature of the goods and transaction, your EU customers may be reluctant to assume the role of importer or consignee as this brings additional responsibilities for them as the party that places the goods in free circulation within the EU. Third party services are available to help you with this but again this comes at a cost and brings complexity to the deal. Certification will also become a consideration in the near future. Whilst standards such as CE and it’s UK equivalent UKCA are currently identical and technically interchangeable, this may not last for long. The testing standards can and most likely will diverge at some point meaning UK products carrying only the UKCA mark, will no longer be able to be sold to customers in the EU. The opposite could apply for sourcing from suppliers in the EU. Vendors may choose to use this to control grey market product in the future. This is definitely one to watch. Free ports, customs warehouses and temporary imports schemes can all potentially help resellers to prevent duplication of charges and tariffs on goods that need processing before delivering but are complex and expensive to establish and operate. Resellers don’t need the administrative and financial overheads of operating such schemes. A handful of distributors, PSA included, took the decision to establish new divisions and logistics centres within the EU. This has helped to shield UK resellers from the cost and complexity of shipping goods cross border. Resellers who wish to benefit from such facilities may need to make an additional VAT registration depending on their current business setup but that’s a relatively quick and painless formality and companies such as ours can connect resellers with an advisor to guide them through that process if it is required. It’s early days yet and it will be interesting to see how the major brands adapt to new regulation, how it shapes their distribution networks on both sides of the channel and what effect this will have for resellers. www.pcr-online.biz
27/04/2021 12:42
PCR MAY21 QBS Bitdefender:Layout 1 27/04/2021 09:59 Page 1
thebiginterview
BullGuard’s Steve Hicks Steve Hicks, Head of Global Sales at BullGuard talks to PCR about consumer cybersecurity, the burgeoning gaming industry and the current channel opportunities.
20
|
May 2021
20-22 PCR May21 Bullguard Big Inteview.indd 20
www.pcr-online.biz
22/04/2021 16:32
thebiginterview Steve Hicks, Head of Global Sales, BullGuard had this to say: How do you see the coming year developing in terms of consumer cybersecurity?
Consumer awareness of cybersecurity has certainly grown over the past year, which is clearly a positive, and we expect this greater awareness to inform decisions that consumers will make in the coming 12 months. For instance, time spent online increased dramatically over the last 12 months but alongside this came a storm of new and increased online threats, triggering a wave of understanding for many that online safety was dubious and indeed precious. This is going to and already has made a difference. Previously, many people haven’t given online protection much thought because they didn’t believe they would become a victim of cybercrime. Now, people are very aware that it could easily happen to them and are actively making efforts to ensure they are protected online rather than being nudged and prompted.
In turn, this is going to make it much easier for resellers to sell cybersecurity in the coming year. For example, lots of people thought VPNs were technically complex to use and only suitable for those with in-depth knowledge which stunted take-up. But consumer perception is now changing with end users realising that VPNs are for all and easy to use, and subsequently demand is increasing exponentially. People today are also questioning how safe they are while online and as such we can expect to see growth in identity protection software that safeguards payment cards and banking information. To summarise, I’d say in the coming 12 months resellers will find a lot more consumer receptivity to cybersecurity. Resellers can benefit from this by helping educate customers about cybersecurity and privacy solutions and ensuring their digital lives and personal information is protected.
WhatsApp alerted users to a change in its terms and conditions and millions fled the platform faster than you could say ‘terms and conditions are changing.’ Figures from the UK parliament’s home affairs committee showed that Signal gained 7.5 million users in the first three weeks of the year, while Telegram gained a whopping 25 million. And all because WhatsApp didn’t explain clearly what the changes meant. People assumed their privacy would be breached which speaks volumes about how concerned and aware people are about what companies do with their data. Facebook’s recent leaking of 500,000 user records, including phone numbers, and the company displaying near indifference, is only going to strengthen resolve. It leaves many feeling uncomfortable and rightly so. Technologies that secure privacy and are easy to use, such as VPNs, will certainly gain more traction in the coming year.
How important is innovation in defending against new threats?
It’s essential. Take zero-day threats for instance. A little over ten years ago they were relatively rare. Today, the number that are discovered in-the-wild attacking systems are more common and the damage they can do is significant indeed. Many can easily infect 300,000 computers and more in a short space of time. We recently introduced Advanced Dynamic Machine Learning in our 2021 cybersecurity suite to help protect against these threats. It is layered over traditional signature-based detection and behavioural learning, and continually accesses large and dynamic pools of data that are constantly updated. It draws on this mass of data to make decisions about whether or not code is harmful based on a series of traits. Some code traits, for instance, may rank higher than other traits. In terms of detecting new attack vectors, new strains of malicious code, zero-day threats and new emerging malware, it’s certainly an innovation and an important detection tool for new threats. We’ve always had a multi-layered approach to protection, and alongside dynamic machine learning, we’ve also included new cloud detection technology that detects threats as they emerge in real-time, without the need to update signatures on the device. And an On-Access engine that protects customers even if a manual scan is never run.
Do you think consumers will take more active steps in protecting their privacy in the coming year?
Most certainly. Just look at what happened in January of this year. www.pcr-online.biz
20-22 PCR May21 Bullguard Big Inteview.indd 21
May 2021 | 21
22/04/2021 16:32
thebiginterview Are there any market opportunities that you think are currently underserved?
Yes, it’s got to be gaming. Gaming is a huge industry. According to Statista, there are currently more than 2.4 billion gamers in the world - that’s about one-third of the world’s entire population. Gamers are under constant attack from all sorts of threats such as credential hacking, gamingspecific malware and in-game ransomware, password stealers, phishing campaigns, software imitating wellknown gaming platforms, dodgy third-party apps and DDoS attacks. Yet gamers are one of the most exposed groups of people online because gamers don’t want anything to interfere with gameplay. They don’t want games jittering, they don’t want games lagging and they certainly don’t want games freezing. Fractions of a second can make the difference between beating an opponent or hanging their head between their legs and many gamers have the negative perception that antivirus software uses lots of system resources, which in turn slows gaming down. To avoid this, they either don’t use online protection or turn it off if they are running it. We’ve addressed this shortfall with patented Game Booster technology. It recognises when a game is active and other apps are also running. It then automatically isolates all other apps, which are not games, on one or two CPU cores and stops all annoying popups. As a result, other CPU cores are fully dedicated to the gaming app, enhancing gameplay without lag and ensuring the gamer is protected against malware threats and attacks at the same time. We think this is an important development and one that provides good revenue growth opportunities. Game Booster is an important component within BullGuard’s software and we believe it provides a unique proposition to this huge and underserved market.
What is BullGuard’s view on channel opportunities in the coming year?
Privacy is an issue that is certainly gathering pace, and within this context, there are certainly healthy ongoing opportunities for VPN sales. BullGuard VPN is one of the few VPNs available to the Channel. Importantly, it doesn’t track or store user data, is low cost and extremely simple to use. In the current climate of growing awareness about the need for individual privacy, it certainly provides much potential for growing revenues and increasing profit. Another area where sales opportunities are likely to increase is antimalware software, which ‘clearly’ contains user-friendly parental controls. Kids have inevitably spent more time online during lockdowns, which means even more exposure to malicious content and people with bad intentions. The Internet Watch Foundation (IWF) recently revealed that children, even as young as three, have been exposed too much more predatory abuse during the pandemic. 22
|
May 2021
20-22 PCR May21 Bullguard Big Inteview.indd 22
Keeping children safe from the dark corners of the Internet is always an issue, and now, huge campaigns backing the need to address the growing problem really helps drive home the message that children need to be kept safe online. Parental controls are vital in enabling parents, grandparents and carers to block malicious websites, create filters so the kids don’t inadvertently stray onto sites that contain adult and malicious content, and set screen time boundaries. BullGuard Internet Security 2021 provides discrete, robust parental controls, as well as multi-award-winning antimalware and advanced protection technologies. BullGuard Premium Protection 2021 provides the same features and also includes identity protection and a Home Network scanner. In short, full protection for all the entire family, including kids and avid gamers, is available in one neat product. Given that receptivity to cybersecurity and privacy technologies is greater than ever, we believe the next 12 months will present significant sales opportunities for the Channel.
What does BullGuard bring to the channel?
The importance of the channel is embedded in our DNA. The channel comes first and so our main goal is to boost our partners’ profits and to help them grow. To support this, we developed an industry-leading partner programme that provides extensive support, delivers healthy margins and offers compelling financial incentives. The Advantage Programme gives partners the products and tools they need to be successful and a lucrative revenue share scheme that is unique in the industry. The Advantage Programme pays BullGuard partners a 25% share of online revenue from all renewals for the life of the product. With one of the highest customer renewal rates in the industry, this recurring revenue quickly becomes very significant. The revenue share scheme allows us to share our success with our partners, turning license renewals into a highly profitable revenue stream. During the Covid pandemic, we ensured our partners were fully supported with regular “check-in” calls and were very much able to help with bespoke requests. Our visibility to partners during this period, where many other vendors disappeared, was extremely important in helping partners steer a successful course through the pandemic and explicitly reinforcing our determined commitment to the channel. BullGuard has won PCR’s Award for Best Software and Services Vendor three years running (2018, 2019 and 2020) as well as PCR’s Company of the year award in 2020. This is testament to the strength of our products and also the support we provide to our partners. www.pcr-online.biz
22/04/2021 16:32
PCR MAY21 QBS F SECURE:Layout 1 27/04/2021 09:56 Page 1
Security Industry Roundtable
Channel security:
Combating cyber crime In a channel security focused round table, Amanda Adams, Senior Director - European Alliances at CrowdStrike, Antony Byford, Managing Director, Westcon UK & Ireland and Anton Shelepchuk, NAKIVO’s VP of Sales delve into the underworld of cyber crime and what the channel needs to consider to stay safe.
H
Please can you explain a bit more about the company and the products and services it offers?
providing specialty resellers with end-to-end technology solutions for business network and application infrastructure. Our security, compliance, data center, unified communications and cloud solutions are backed by a complete range of professional support, operational and marketing services. We recently signed an agreement to distribute the CrowdStrike Falcon platform to the European market.
Antony Byford, Westcon: Westcon is a value-added distributor
Anton Shelepchuk, NAKIVO: NAKIVO is a private company that was founded back in 2012. The name of our product is NAKIVO Backup & Replication. NAKIVO Backup & Replication is a backup and recovery solution for SMBs and large enterprises. We help businesses back up their data. The solution facilitates operation recoveries for accidental data deletions or data loss related to ransomware and other malicious activities. In addition, we offer a built-in Site Recovery functionality for disaster recovery
ere’s what Amanda Adams, Senior Director - European Alliances at CrowdStrike, Antony Byford, Managing Director, Westcon UK & Ireland and Anton Shelepchuk, NAKIVO had to say:
Amanda Adams CrowdStrike: CrowdStrike is a cybersecurity company protecting customers from all cyber threats by leveraging its security cloud to stop breaches. The CrowdStrike Falcon platform offers enterprise security for the cloud era. Its single lightweight-agent architecture leverages AI and offers realtime protection and visibility across the enterprise, preventing attacks on endpoints and workloads on or off the network.
24
|
May 2021
24-27 PCRMay21 Security Round Table.indd 24
www.pcr-online.biz
16/04/2021 11:30
Security Industry Roundtable
automation. MSPs can also use our solution to offer backup as a service and disaster recovery as a service to their clients.
What is the current state of the security industry in your opinion?
Amanda Adams CrowdStrike: Threats and incidents vary in complexity and potential impact, so the one-size-fits-all approach pushed by many traditional, legacy vendors, is impractical and impossible. Organisations Amanda Adams big and small need a range of response capabilities. CrowdStrike believes that a combination of automation and analystdriven intervention provides the flexibility organisations need for incident response. The industry has been slow to take advantage of the cloud and AI, and signature-dependent defences are simply too cumbersome, destroying the ability of employees to work quickly. Antony Byford, Westcon: From a partner channel perspective and in the UK specifically, Westcon has seen strong growth in security technology sales across the board, particularly Zero Trust remote access, identity and threat prevention. Yet there has also been a considerable number of established communications and networking Value-Add Resellers (VARs) that have chosen to pivot and enhance their client offerings with cloud-first security technologies. Anton Shelepchuk, NAKIVO: I think that it’s facing additional challenges with the surge in malicious activity. Some are launched by state actors, others are more difficult to trace. However, what’s clear is that both the security and the backup industry have to adapt quickly and help businesses find innovative solutions. Just in the past few months, we’ve seen the SolarWinds hack, the Microsoft Exchange Server hack - both allegedly by state actors - and the recent Office 365 malicious account deletion by a disgruntled employee. For our part, we’re working on ensuring that backup targets can be made immutable to avoid data modification and overwriting and adding other security features.
What are the key challenges or threats affecting the channel?
Amanda Adams CrowdStrike: Zero day attacks play havoc with traditional cybersecurity defences, and onpremise solutions make the administration of security piecemeal, opening cracks in the armour where adversaries slip in. Organisations want to remove the overheads, the administration, the performance degradation they have felt for years from legacy technologies. They simply want to stop breaches. The trouble is that adversaries from eCriminal www.pcr-online.biz
24-27 PCRMay21 Security Round Table.indd 25
Antony Byford
Anton Shelepchuk
gangs and states are able to take advantage of a sophisticated set of tactics, techniques, and procedures designed to evade traditional defences. Antony Byford, Westcon: The pandemic has had profound effects on enterprise, with remote working rolled out across multiple industries, increased adoption of cloud resources and applications, and a shift to greater workplace flexibility. These changes have brought a variety of security challenges, and organisations that implement a Zero Trust Access approach will be much more resilient to threats and crises in the pandemic and beyond. Anton Shelepchuk, NAKIVO: I would focus on ransomware attacks and cloud vulnerabilities. One of the pressing challenges is the skyrocketing cloud technologies adoption and taking stock that cloud data is not immune to loss by default. Often businesses mistakenly think that having data in the cloud automatically protects them from data loss vulnerabilities. Going back to the disgruntled employee deleting over 1,200 accounts of the company’s 1,500 Microsoft 365 user accounts. The company had to deal with financial losses and days of downtime while it scrambled to recover. So when security defences fail, backups remain the only chance to recover your data with minimal downtime. Needless to say, we have to concentrate our efforts on educating our clients about possible threats and what can be done to avoid them.
What industrial sectors are experiencing increased threat and challenges of cyber security?
Amanda Adams CrowdStrike: It really is a problem across all industries, with ransomware a pandemic poses great risk. CrowdStrike Intelligence identified the highest number of ransomware-associated data extortion operations in 2020 from the engineering sector (229 incidents), manufacturing (228 incidents), then technology and retail, both with just over 140 incidents. Healthcare and pharmaceutical targets however suffered a lot of state actor attention as countries looked to acquire COVID-19 information and vaccine IP. Any business that uses technology and accesses the Internet is at risk, and until models like Zero Trust and cloud-based endpoint protection become widely used, then organisations will continue to suffer intrusions and data loss. May 2021 | 25
16/04/2021 11:30
Security Industry Roundtable
Anton Shelepchuk, NAKIVO: The attackers often target organisations that have critical data for their operations and those with small cybersecurity budgets. The sectors include healthcare and educational institutions. Hospitals have sensitive information such as patient records. Other frequently targeted businesses are the accounting firms and banks. Cybercriminals are motivated by monetary gains, thus they often target organisations that have valuable data or high returns. Other targets have been government agencies, and the recent SolarWinds attack has brought into focus the dangers of using the same software across agencies and thus being exposed to the same attacks.
Are there any new threats that have emerged recently? If so what and how have these come about?
Amanda Adams CrowdStrike: An interesting twist on a profitable ransomware technique is how ‘big game hunter’ adversaries took different approaches in the release of stolen data onto data leak sites, many staggering the data release. eCriminal group TWISTED SPIDER became the most adept, spacing out releases in percentages of the dataset. VIKING SPIDER adopted this approach with some victims, as have affiliates of PINCHY SPIDER for some REvil victims. Whichever release method is chosen by the adversary, the intent is to increase pressure on the victim company to pay the ransom. Anton Shelepchuk, NAKIVO: Yes, ransomware attacks have recently caused many issues for organisations. Hackers can initiate a ransomware attack by exploiting any vulnerability in a system; they look for imperfections in the code or security systems to insert a payload and take over a specific machine or network. In 2020-2021, there was a great number of cyberattacks around the world. And each day cyber criminals come up with more elaborate methods. Sometimes businesses are not even suspecting that they are under attack and that their valuable data is being exposed. Today attackers may use social engineering, AI botnets, supply chain attacks, 0-day attacks, DNS-tunneling, eavesdropping and SQL injections to get access to their desired target.
What advice would you give to the tech channel to help safeguard their business?
Amanda Adams CrowdStrike: Visibility and speed are critical for blocking attackers that have the capability to steal data and disrupt operations. Security teams must understand that it is their responsibility to secure their cloud environments, just as on-premise systems. They must establish consistent visibility for all environments and proactively address vulnerabilities before they can be leveraged by attackers. Multifactor authentication should be mandatory on all public-facing employee services, and a robust privilege access management process limits the damage from adversaries. Zero Trust solutions should be implemented to 26
|
May 2021
24-27 PCRMay21 Security Round Table.indd 26
compartmentalise and restrict data access too. Anton Shelepchuk, NAKIVO: I would advise getting quality antiransomware software with endpoint security and performing regular backups. Though, there are instances where attackers still manage to invade the system even with all security measures in place. There is never a 100% guarantee of being fully protected against a cyber threat. To ensure the safety of your data, I would recommend using a 3-2-1 approach. The method implies having two backup copies of your data in separate locations and keeping another copy offsite. That way, even if the backup becomes infected, you can still restore your files from the offsite copy. Today you can also make replicas of your VMs if you have a virtual infrastructure. This will allow you to power on your machines and keep the business operations running during and immediately after the attack.
What new threats or challenges is the consumer industry facing in regards to cyber security? Amanda Adams CrowdStrike: Whilst other industries may see state adversaries also joining eCriminals in probing defences, consumer industries face the greatest risk from ransomware and cyber extortion. The numbers of ransomware operators, their sophistication, and their tenacity really can’t be overstated - it’s sweeping over industries as adversaries refine their techniques and target organisation after organisation in an efficient moneymaking operation. With data leaking as well as ransom demands, organisations face the risk of needing to pay twice to secure their data. These adversaries do their research and know how much to ask for to secure a big payday from victim organisations.
Anton Shelepchuk, NAKIVO: The newest security threats include social engineering tactics, phishing mail, DDoS attacks, cloud attacks, AI-related attacks, botnet attacks and so on. Since new threats appear daily, the major challenge for the consumer industry is to give consumers the latest technologies to prevent these attacks. Another part is promoting cybersecurity awareness and education. This means helping their customers understand how to recognise and handle a fraudulent phishing email, for example. The challenge for them is identifying emerging threats and developing the right tools quickly to help consumers avoid being victims. Take Microsoft, for example. It overhauled Advanced Threat Protection and Defender, to create Defendere for Office 365 to help customers prevent, detect and respond to threats.
How can businesses look to simplify their security infrastructure to manage all endpoints and areas that could come under attack? Amanda Adams CrowdStrike: The cloud is key. By leaving on-premise security, businesses gain a big increase in the
www.pcr-online.biz
16/04/2021 11:30
Security Industry Roundtable
sophistication of their ability to stop breaches. It’s possible to remove a number of legacy services all managing different areas of security and use next generation endpoint protection that can stop all kinds of threats, fileless or hands-on-keyboard attacks and even zero day never-seen-before threats. The power of AI running at scale in the cloud means that providers can spot indicators of attack and stop anomalous behaviour dead. Legacy providers look for indicators of attack - which is too late, and relies on already having seen threats before. Antony Byford, Westcon: The European market needs strong cyber security solutions in a time when safeguarding precious business assets is increasingly becoming a key priority for companies across all industries. Solutions like CrowdStrike’s category-defining Security Cloud provides customers with the highest level of protection while minimising performance impact. Additionally, CrowdStrike’s EDR, threat intelligence and Zero Trust security platform allows customers to significantly reinforce their detection and response offering. Anton Shelepchuk, NAKIVO: You can implement the endpoint security method. It has been widely used over the last couple of years. The main idea here is to protect the endpoints. Endpoints are laptops, computers, mobile phones and any IoT devices. Attackers compromise endpoints to get control over the machines and networks. Endpoint security requires having a VPN, an OS and an endpoint agent. The endpoint agent is an app that can pick up suspicious activity in the browser or network and send it to the threat detection console. The endpoint security system allows the administrator to monitor endpoints, networks and control backups from a single console.
Just how sophisticated are the attacks becoming, who are these attackers? Amanda Adams CrowdStrike: It’s incredible how sophisticated attackers are. Take the StellarParticle attack. This sophisticated supply chain attack against SolarWinds was able to move from this initial intrusion vector to deploy code by a very large number of organisations worldwide. The design of SUNSPOT suggests StellarParticle developers invested significant efforts into ensuring the tampering process worked, and added strong conditions to avoid revealing their presence. The adversary took steps to avoid common operational security mistakes in the process of registering and managing its infrastructure. This was a long-term, multi-developer, likely state-funded approach. This is the calibre of many adversaries.
their security system are more likely to be attacked than those that follow high cybersecurity standards. But then as we’ve seen in 2020 and 2021, there are also state actors. At such a high government level, sanctioning those actors and understanding their motivations is even more complex.
What future threats should companies be aware of and how can businesses ensure they have means of protection?
Amanda Adams CrowdStrike: Two concerning threats are likely to continue to evolve and frustrate companies: ransomware and supply chain attacks. These should be top of mind for all organisations, and considerable effort should be placed on planning the processes, technology, and people skills/training to stay alert to these threats. In addition to endpoint protection, 2FA, and Zero Trust approaches, managed threat hunting can make or break the corporate defence. With white hats, hunting for threats in the business environment, anomalies can be remedied before they turn into risks. Antony Byford, Westcon: In 2021 we will see extended detection and response (XDR) capabilities improving accuracy and productivity. Privacy will become a security discipline of its own. Network security will continue to migrate from LAN-based models to SASE. Cloud-native apps will require a full life cycle approach to protection, and more emphasis will be placed on Zero Trust Network Access. Anton Shelepchuk , NAKIVO: Businesses should be focusing on keeping their security strategies up to date. But they should not stop there. Businesses that are successful at overcoming cybersecurity incidents usually have several things in place. An advanced security system and a powerful backup solution for when the first line of defence fails. This is all the more important given that governments seem set on sanctioning payments to hackers in return for regaining access to data. For example, the US Treasury’s October 2020 advisory on penalising payments to malicious actors to avoid incentivising future attacks.
Anton Shelepchuk, NAKIVO: Very sophisticated. And investigating and tracing these attacks is getting very difficult. Sometimes, these are individuals with high tech programming skills who carefully study their targets before launching an attack. In a majority of cases the reason for the attack is financial gain. Companies that have many holes in www.pcr-online.biz
24-27 PCRMay21 Security Round Table.indd 27
May 2021 | 27
16/04/2021 11:30
Biometric Security
The dawn of fingervein technology QBS: Alpha Gen, the Cyber Security Value Added Distribution Arm of QBS, Hitachi Security Business Group’s, Head of Sales and Marketing, Andy Milton discusses the latest advances in fingervein technology.
M
odern biometric systems started to emerge at the same time as computer systems, in the second half of the twentieth century. Initial efforts to replace passwords with biometrics spurred the development of fingerprint systems. As these methods become ubiquitous in consumer electronics, businesses have started to test their applicability. Statistics suggest nearly one in five UK office IT security teams have started to experiment with biometric security techniques. However, an alternative, less well-known, biometric technology does exist that offers businesses a superior solution. Fingervein technology, first developed and patented by Hitachi in 2005, is increasingly being used across a range of sectors, from banking to retail. This form of verification uses the unique finger vein patterns to verify an individual, and works through a process of image capture, verification and authentication. Finger vein devices use infrared light to penetrate the skin, which when absorbed by the haemoglobin in the blood reflects the image of the finger vein pattern to the device. This image is captured by an in-device camera, and image processing constructs a finger vein pattern from this image. When a user sets up their finger vein authentication, after the first image is digitized and changed into a user token. Whenever the device is used, it will grant access when a match is made. The enrolment token does not match the verification token. The adoption by Apple of biometrics as an authentication method has really helped in opening the market to fingervein, as people are increasingly used to using biometrics for verification. Finger vein technology has been around for 20 years, but the adaptation of this technology to laptop and mobile cameras, alongside developments in the technology itself, has opened the market up and turned finger vein into a huge opportunity for the biometric market. The question many might ask is what is different about a fingervein and a fingerprint, and what makes veins better?
Fingervein technology over fingerprint
There has long been a demand on the market for a more accurate technology than fingerprint. It has taken longer for finger vein technology to come to fruition on the market largely because of the relative complexity of making finger vein scanners – it is 28
|
May 2021
28-29 PCR May21 Hitachi.indd 28
easy and cheap to make fingerprint scanners. However, people are increasingly realising the drawbacks of using cheaper fingerprint applications, and the numerous benefits instead of using finger vein.
Physical contact
Fingerprint recognition requires physical contact with a scanning device, making the technology vulnerable to prints being lifted from finger smears left behind. Alongside collecting individual prints, “Masterprints” can also be generated using machine learning to match with many fingerprints. The accuracy of fingerprints is also questionable – not just because fingerprints can be faked, but because the surface of skin changes over time. For users this can mean repeated failures to access the device. Fingervein scanners don’t require physical contact with the scanner, removing the risk of spoofing or failed authentications due to change overtime. We are launching as part of the Hitachi response to the new normal, a completely contactless device, that will read a Vein pattern from roughly 20mm and this coupled with our camera based technology is providing the user with safe, highly effective solutions.
Data storage
Hitachi have a long record in producing highly secure technology and the new solutions will never capture an image of a Vein pattern, we will use the Vein pattern to build a user token that is highly secure and similar to the method used in many of the world’s highly secure PKI technology. Fingerprint scanning holds information on the device rather than centrally – if you lose your phone or tablet, your fingerprint is of no use to you, as you can’t use it to access your details on another device. Finger vein applications can be stored centrally, making it easier to operate across multiple devices.
Cost
Previously cost has been the key prohibiting factor in finger vein technology becoming mainstream, despite its obvious benefits over face and fingerprint. But with the shift to using standard www.pcr-online.biz
27/04/2021 12:45
Biometric Security
cameras in various applications of the technology, and moving away from specialist hardware, we can now see that start to change. For example, in applications that utilise a user’s own camera, the cost for deploying finger vein becomes a simple software licence cost – reducing the cost of deployment by around 20% compared to previous costs. This helps to make finger vein technology a highly secure and robust mode of biometric now available to everyone.
Ease of use of fingervein
Fingervein technology can work seamlessly with existing technology, without the need to add a physical scanner or use tokens. For a PC or laptop, the in-built camera can be upgraded using software to scan finger veins. Utilising existing technology makes it far easier for a large business to install the tech at scale. The process of software installation on a laptop is typically quite fast. It generally takes around five minutes, and applications can take less than two seconds to authenticate a user. For the user, identifying themselves through finger vein technology is also an incredibly simple process. In the case of the technology being installed on a computer, for example, the unique finger vein pattern of the user can be identified by a computer’s camera with a simple raising of the hand. Barclays Bank have recently deployed finger vein for corporate customers and found that it has reduced the number of errors and instances of fraud. Customers have also found it enabled them to process payments much faster and more efficiently. It’s simple, and it’s fast, whilst offering a long-term solution that doesn’t need to be constantly updated.
Sector applications of fingervein
Ecommerce applications
Online businesses are also increasingly turning to biometrics. Ecommerce is another area where we can expect to see finger vein technology increasingly being used. There are of course the natural security considerations, but also a business-case perspective - one in three online shoppers in the US have abandoned a transaction rather than re-enter payment details. This is again another area where finger vein has an advantage over fingerprint.
Computer Login
Removing the password from Windows Login or application login, even when the application is not hosted by you. Users have battled with long complicated passwords that can be forgotten, borrowed, reused or lent and relying on this as a method of guaranteeing someone identity is flawed. With the proliferation of compromised passwords over the Internet moving to something that physically is part of a user to identify them is much more secure and easy for them to manage, reducing Phishing risks and password stuffing attacks.
Access Control and Time and Attendance
Now more than ever, know where you employees are on a given day and time, to limit the risks and issues that may occur in the workplace. Fire, Theft, Illness and ensuring you can tell the right people to take the right steps and be flexible in allowing them to work in whichever location is needed, Home, customer, site or office. A solution that provides an option for all of these scenarios is key.
For a long time, finger vein technology was seen as a high-end banking solution, and not one for the mass market. However, this has already started to change. Fingervein technology is of course useful for individuals who simply don’t want to have to remember a plethora of passwords. For a range of businesses there is value to found by using this technology in their operations.
HealthCare
Banking applications
The use of our technology to identify staff and visitors to track who has visited and when to ensure only tested and authenticated people can enter the home to protect the residents and the reduce the risk of the Virus being spread within the home. Biometrics are increasingly becoming the preferred verification method for both consumers and corporates. Studies are finding that, for consumers, security is increasingly starting to outweigh convenience, signalling a turning tide for the era of passwords. Importantly, we are also moving into an age where people are increasingly comfortable with biometrics. An IBM survey found that, globally, 87% of adults say they will be comfortable with these technologies in the near future. Whilst Finger Vein is tried and tested, the new options and solutions make this robust and reliable Biometric technology available to a much wider audience, when more people get used to the idea of biometric technology, this is therefore an exciting time for finger vein technology. With its proven security advantages over alternative modes of authentication, including both facial recognition and fingerprint scanning, finger vein technology is set to emerge as the easiest and most secure method of authentication.
There is naturally a strong impetus for banks to turn to a more secure method of authentication. In Japan, finger vein technology was first deployed at ATMs in 1997. In Europe, entry of biometrics into the sector was given the official nod in Europe June of 2019, when the European Banking Authority clarified that all biometric techniques, including methods such as finger vein recognition, are acceptable. This also has benefits for consumers, as it reduces the risk of fraud. A report by Goode Intelligence estimates that by the end of 2020, 1.9 billion banking customers will be using biometrics for banking services.
Payment applications
The increasing use of fingervein in the banking sector has naturally started to extend to wider payment uses, with finger vein technology appearing in a variety of retail applications. A bar in Manchester last year became the first to start using finger vein technology, enabling customers to pay for orders with a simple swipe of their finger. Launched in partnership with Fingopay, this followed successful pilots across other venues across the UK. www.pcr-online.biz
28-29 PCR May21 Hitachi.indd 29
The use of biometrics to correctly identify staff and patients before any procedure or drugs are administered, to reduce the chance of an error or a mistaken identity and comply with best practice, especially if the patient is unable to communicate or non verbal.
Care Homes
May 2021 | 29
27/04/2021 12:45
Biometric security
The next generation of access control PCR talk to Rob Watts, Corsight CEO about its facial recognition technology (FTR) and Claire Hatcher, Global Head of Business Development for Fraud Prevention at Kaspersky about its views on biometric technology Please could you tell me a bit more about the company and its core specialisms in regards to biometrics?
Rob Watts, Corsight CEO
Claire Hatcher, Kaspersky’s Global Head, Fraud Prevention
30
|
May 2021
30-33 PCR May21 Biometrics.indd 30
Rob Watts, Corsight CEO: Corsight specialises in Facial Recognition technology powered by Autonomous AI – an advanced artificial intelligence (AI) system. Corsight’s solutions significantly reduce the possibility of false positives with accurate detection that far exceeds the human brain’s ability to register and recognise faces. The company also specialises in real-time detection and can accurately identify individuals with up to 50% of their face covered, from challenging and oblique angles, or in low-light environments. The organisation, jointly headquartered in the US and UK and with R&D facilities in Israel, provides law enforcement, transportation, government agencies, airports, retail outlets, banks, and more with forensic video analysis that can identify and flag individuals of interest within minutes. Claire Hatcher, Global Head of Business Development for Fraud Prevention at Kaspersky: We believe biometrics will become an increasing part of authentication options, with much more
sophisticated technologies and approaches to secure its development in the future, and our aim is to raise awareness on the topic and show that data requires strong security regulations. We believe people should have the ability to use technologies free from worries, unnecessary limitations and other obstacles brought by cybersecurity risks. As part of our Fraud Prevention solutions, we use behavioral biometrics to help analyse unique customer’s interaction with their device, for instance, mouse movements, clicks, touches, swipe speed and more, to detect whether a device is being used by a legitimate user or not. This technology is also often used to detect either a bot or script.
What is the safest form of biometric tech to use?
Rob Watts, Corsight: Many British citizens already place implicit trust in FRT to unlock and pay with their personal devices; by 2024, Mercator forecasts that 66% of smartphone owners will use biometrics for some form of authentication. Yet, when used by a third-party – either in the public or private sector – concerns about the safety and privacy of Facial Recognition are regularly voiced and listened to. www.pcr-online.biz
21/04/2021 12:43
Biometric security
However, this debate also needs to hear about the great work that is currently being done in the field, to improve algorithms, significantly reduce false acceptance rates (FAR) and deploy Facial Recognition solutions within a framework of regulation and best practice. As promising research continues to influence the industry, and technological improvements are being made with the advances of AI and machine learning, FRT can now operate with the highest safety and reliability standards.
Please could you explain a bit more about the functionality of biometrics devices and how they are being used in specific applications?
Rob Watts, Corsight: There have been significant improvements in FRT in recent years, and therefore there are a number of real-world scenarios in which these solutions are being used as a ‘force for good’ within society. We are seeing a growing number of airports, worldwide implement Facial Recognition solutions to streamline the overall customer experience, as FRT is the best way to confirm identities without having to pass various security checks. FRT solutions paired with security surveillance technology are also helping enhance overall airport security, whilst identifying dangerous individuals from watchlists. For law enforcement specifically, FRT is helping departments speed up the analyses of real-time or historic CCTV footage – ultimately saving police time and resource. According to Cloudview research, there are approximately 8.2 million surveillance cameras in the UK, producing 10.3 petabytes of visual data every hour. However, much of this data is ‘wasted’ or goes un-analysed. By integrating FRT solutions with security surveillance technology, law enforcement can gain increased insight into hours of footage within seconds. Therefore, investigations can be speed up and, for some cases, it could be the difference between life and death.
What industry trends or demands does this technology respond to?
Rob Watts, Corsight: Continuing with examples of use cases within law enforcement, a big demand as we re-enter ‘normality’ is for police to have the ability to identify criminals or threatening
www.pcr-online.biz
30-33 PCR May21 Biometrics.indd 31
individuals within large crowds. While officers may engage in surveillance initiatives, busy locations may hinder their success. Facial Recognition could overcome these issues and identify an individual on a watchlist instantly, regardless of how many other people surround them. If reports come to fruition that an upcoming ‘summer of crime’ will overstretch police capabilities, this technology may be more important than ever before. There are also demands for increased privacy protection; Facial Recognition systems are sometimes installed and utilised without consent, but instead due to public interest. In order to encourage more trust in this technology, the technology itself needs integrated privacy-solutions that act to protect and secure biometric data. Corsight’s FRT solutions in particular have the ability to blur the faces of any individual passing a camera who is not part of a watchlist. Data is stored for 0.6 seconds before being wiped from the system permanently, therefore protecting the biometric data passers-by that pose no threat. Claire Hatcher, Kaspersky: Today, biometric authentication is used to access government and commercial offices, industrial automation systems, corporate and personal laptops and mobile phones. Both the number and the variety of applications for these technologies continues to grow. Whether customers are unlocking a shared vehicle using a fingerprint scanner or accessing their Spotify or Netflix account via facial recognition, biometrics will enable developers to create detailed, digital customer profiles and potentially a truly seamless user experience. The popularity of solutions such as Apple’s TouchID can certainly be considered as proof that biometrics are well trusted by consumers. Use of fingerprint or face recognition for device authentication is now commonplace on smartphones and tablets. However, it’s not just the biometrics that you see on your device, but it can also be embedded within devices. This is often used by banks or financial institutions for fraud prevention and authentication purposes.
How is the industry benefiting from this technology?
Rob Watts, Corsight: Part of the fear surrounding FRT is the misunderstanding of who is being watched and why. Former Surveillance Camera Commissioner and current Corsight Chief
May 2021 | 31
21/04/2021 12:43
Biometric security
Privacy Officer, Tony Porter, has already done great work interrogating how watchlists are compiled and audited. As he argues, they should never be impermissibly wide, and must always be strictly compiled based on significant public interest, e.g. tracking a dangerous criminal. Tony has recently created an FRT Charter of Ethics, pulling together all the leading thinking from the biometrics space. Claire Hatcher, Kaspersky: Biometric identification is playing a growing role in our everyday security. Physical characteristics are relatively fixed and individualised - even in the case of twins. Each person’s unique biometric identity can be used to replace or at least augment password systems for computers, phones, and restricted access rooms and buildings. Given the importance of authentication in online transactions, and the key role played by passwords in authentication, this is data that cybercriminals have been consistently interested in since the advent of online transactions. The use of behavioural biometrics for authentication can make a real difference – making the task of authenticating almost frictionless. The use of behavioural biometrics also helps the industry view the user’s activity during the login and session, analysing the typical navigation and time patterns, how the user acts in the personal account, what he clicks and more.
What are the key issues with implementing this technology?
Rob Watts, Corsight: Data protection is more important than ever before – take the recent backlash over WhatsApp’s privacy changes for example. FRT can analyse and store very personal, biometric data, which when implemented incorrectly can threaten an individual’s privacy and security. A particularly contentious issue, when implementing this technology, has been the risk of mistaken identities, and what happens if an algorithm mis-identifies an innocent individual. However, each issue can be overcome and it is essential that FRT is paired with a trained human intervener that can mitigate the risk of bias or incorrect identifications. In coming years, we will also hopefully see further regulation of biometric technology, as well as a single, regulatory body to provide an educational framework for those leveraging FRT. For now, vendors and channel partners themselves must be proactive in establishing and following their own ethical principles, and working with end-users to make sure they utilise the technology in a safe and privacy-focused manner. Claire Hatcher, Kaspersky: New technologies are always vulnerable - because they are new. Biometric data stored by a service provider is just as valuable a target for cybercriminals as a database containing usernames and passwords. Any security breach resulting in leakage of this information is likely to have much more serious consequences than the theft of a password: after all, we can change a weak password or pin, but we can’t change a compromised fingerprint, or other biometric. There are also privacy implications of replacing an ID to verify someone’s age with biometrics. Biometric data, unlike a username or password, is persistent: we carry it with us for life. 32
|
May 2021
30-33 PCR May21 Biometrics.indd 32
Before this technology is rolled out in full force, it’s important that people are informed about the way personal data is used and held, and under what circumstances it might be passed on to other agencies – and this is no less true of biometric data. Biometrics of all kinds are an effective way of identifying a customer, but this technology should be used as a secondary protection method that complements other security measures rather than replace them completely.
Can you mention any key industry partnerships that you are currently involved in in regards to biometrics?
Rob Watts, Corsight: Corsight also partners with a number of law enforcement, defence and security organisations around the world. The Corsight team is working closely with various police forces in the UK to support the implementation of FRT solutions, and ensure that if and when they leverage this technology, they do so not just lawfully, but with ethics and privacy at the very centre of each application. Claire Hatcher, Kaspersky: We’ve previously teamed up with a 3D accessory designer from Stockholm and created a piece of jewellery at the intersection of technology and art – a unique ring that serves as an extension of a person’s digital identity, designed to keep everyone’s unique biometric data safe. While the ring is just one of the possible ways to tackle the current cybersecurity problems related www.pcr-online.biz
21/04/2021 12:43
Biometric security
increasingly common, as most recent smartphone models have at least one built-in mechanism for biometric authentication. Biometrics has become so embedded in our devices and the way we live, it’s almost invisible to the end consumer. However, it’s important that security vulnerabilities are eliminated before we entrust sensitive data to it. As these concerns are addressed, we can expect to see adoption of biometric technology increase significantly, similar to the adoption patterns of other technology such as smartphones and online banking. For example, people were initially wary of online banking, but now it’s hard to find anyone who doesn’t bank online. There will always be early adopters of new technologies, but in time biometric technology will become mainstream across all industries. The possibilities are endless.
Has COVID-19 had any impact on the need for this tech such as temperature readers?
to biometrics, it is certainly not a silver bullet. A real solution will involve creating measures and technologies that would guarantee the protection of people’s unique identities. Such a solution is yet to be developed, but it is extremely important that we start the conversation within the relevant industries to develop a collaborative approach to ensure this data is protected.
How advanced is this technology and do you see it being increasingly used in the future?
Rob Watts, Corsight: Corsight’s technology is revolutionising the FRT market, with its ability to recognise and identify individuals accurately with face masks on, even from the most oblique angles. In the future, biometric solutions will be integral in realising the roadmap to normality post-COVID and is expected to be increasingly leveraged over the summer period. Facial Recognition is best positioned to enhance virtual passport efforts, expedite wait times at airport terminals and streamline payments to avoid queues and the transmission of the virus. FRT in particular is set to support a number of large-scale festivals and events re-opening this summer, whereby each attendee’s face will act as their ‘ticket for entry’ and their method of ‘payment’ for food and drinks. Claire Hatcher, Kaspersky: Biometric technology has the possibility to be used in a variety of sectors and provides endless opportunities for innovation. Use of biometrics on mobile devices is becoming www.pcr-online.biz
30-33 PCR May21 Biometrics.indd 33
Rob Watts, Corsight: There has certainly been an increased demand for temperature-monitoring technology across the last 12 months. However, to ensure environments remain as safe as possible in the new normal, businesses must integrate a variety of other key biometric technology solutions – from surveillance cameras equipped with FRT to identify individuals entering facilities with or without masks, to contactless entry to reduce crowds in office spaces. COVID-19 has also led to many more industries becoming interested in FRT solutions, as businesses hoping to re-open their sites in a safe, hygienic manner are searching for new ways to do so without risking the health of their employees or clients. While fingerprint biometric readers are still prevalent for authentication purposes, FRT offers a more contactless – and therefore perhaps safer – identification solution.
How is this technology being used in the financial industry such as payment authentication and identity verification?
Rob Watts, Corsight: The financial services industry is highly regulated, and for organisations to comply with PSD2’s new Strong Customer Authentication (SCA) directive, they need to ensure that electronic payments are transacted using multi-factor authentication, one of which biometrics, to enhance security and reduce the risk of fraud. For mobile banking apps – which increased in usage by 26% from 2019 to 2020 – Facial Recognition has now become a typical solution for safely logging in, accessing accounts and streamlining payments. Claire Hatcher, Kaspersky: There are three main instances where people encounter biometric authentication in the financial industry. Firstly, where banks have palm scans on ATMs, as well as voice authentication on phone-based service desks. Secondly, where individual electronic devices use touch and face recognition as login security credentials. Thirdly, where behavioural biometrics are embedded within the device itself for security reasons. The financial industry uses behavioural biometrics to help distinguish between legitimate users and cybercriminals, identifying people by how they behave and interact online rather than by static information or physical characteristics. May 2021 | 33
21/04/2021 12:43
Security hardware
Challenges of Cloud Migration Frank Crouwel, Managing Director of security technology installer NW Security Group discuses managing migration of CCTV up into the Cloud.
Frank Crouwel, Managing Director NW Security Group 34
|
May 2021
34-36 PCR May21 Security Hardware NW.indd 34
M
arket research, which we conducted late last year, uncovered plans for many organisations to move their CCTV systems into the cloud. The most startling finding was that 71 per cent of England-based private sector firms with 50 or more employees are planning to move their CCTV systems into the cloud over the next 12 months. With this Cloud CCTV boom in mind, we decided to take a closer look at why this is happening now and offer some guidance for making sure cloud migration plans are thought through adequately before implementation. There is no doubt that there are at least four key reasons why so many CCTV system owners are considering migrating them into the cloud right now: 1. COVID-19 has definitely stimulated an acceleration in the migration of all IT applications into the cloud, creating a ‘Remote Everything’ phenomenon, as we like to call it. It makes sense, with so many of us working away from our normal workplaces, that remote access to all essential systems is enabled. For many, that’s naturally led to a push to put more systems into the cloud. 2. The UK has finally gone through its ‘CCTV to Network Video’ tipping point, so that 61 per cent of all UK-installed CCTV systems are now on an IP network. As such, many more video surveillance management systems are that much easier to migrate into the cloud now. www.pcr-online.biz
13/04/2021 15:10
Security hardware
3. You also need to set cloud migration in the context of a wider drive to ‘servitize’ IT systems to accommodate IT decisionmakers and C-suite executives who want to pay for all networkbased services based on usage levels, rather like a utility. Servitization fuels cloud migration as this is the preferred way of delivering IT services via affordable monthly subscriptions, while delivering highly reliable IT services with near 100 per cent uptime. 4. Finally, cloud migration supports a growing trend for managers to request access to video evidence wherever they are. Why? Surveillance camera data is increasingly used to check site operations, as well as ensuring security of premises and the health and safety of workers.
Multi-site businesses early adopters of CCTV in the cloud
The idea of not having to maintain a dedicated server, with video management software licenses in the cramped backroom of each and every premise you run is appealing. The hardware cost savings and ongoing management efficiencies alone are obvious when you multiply that by the number of sites you run. With Cloud CCTV, cameras can be connected directly to the Internet and no other equipment is needed, whilst users experience the systems remotely through standard web-browsers and smart mobile apps like many other cloud-based services.
Start with operational requirements review
However, it’s important to remember the operational requirements of your surveillance system. We often find ourselves recommending clients review their Standard Operating Procedures (SOP) and actual requirements, well before considering moving to Cloud CCTV. Failing to do so can reduce or eliminate anticipated savings from migrating your CCTV system into the cloud or lead to inadequate functionality.
Video monitoring data is different
Managing video data is not as simple as typical data flowing through corporate computer networks. For a start, it requires much more bandwidth and storage resources. Large volumes of data are being accumulated quickly; and much of it may never be accessed. Video data is 97 per cent input (i.e. recording) and only three per cent output (i.e. playback). Therefore, a thorough assessment is needed, including basics such as video resolution and frame rates needed, retention requirements as well as anticipated playback use and speed of access. Additionally, advanced tools such as video analytics should be considered to only capture, transmit and store video data of operational value.
How much video data do you really need to store up there?
Would-be cloud migrators of CCTV systems need to focus on the fact that Infrastructure as a Service (IaaS) providers like Amazon Web Services (AWS) or Google Cloud charge monthly, based on how much data you are moving up into the cloud, for how long you keep it there and how often you are retrieving some of that data. www.pcr-online.biz
34-36 PCR May21 Security Hardware NW.indd 35
When it comes to cloud, data is a key cost driver. So, you want to ensure you transfer, store, and retrieve video data as efficiently as possible. Similarly, Video Surveillance as a Service (VSaaS) providers typically charge based on your resolution and frame rate requirements and the length of time you want to keep the CCTV footage for (i.e. data volumes). One obvious area to look at is your video storage and retention policy. Many companies still adhere to traditional CCTV video retention times of 30 days which were really geared to the era of VHS tape-based video cassette recording in the 80s and 90s and daily tape rotation regimes for ease of management in those days. In reality, an incident or event of interest is identified within a few days. Recorded video evidence associated with any security incidents can be secured swiftly today. In most businesses, there is rarely an operational requirement to keep all recorded footage beyond seven days. Cloud migration offers a powerful stimulus to consign outdated data retention practices to the bin. In most cases, this can mean storing just 25 per cent of the amount of CCTV data many are collecting today. This assessment of data transfer, storage and use is vital prior to deciding to move your CCTV system into the cloud. Remember, cloud providers make money out of data volume and use. So, it’s not in their interests to warn you about this! If your operational requirements truly require a combination of high-resolution video, high frame rates as well as long retention times (i.e. a lot of data accumulation), then a hybrid on-premise, off-premise model may be more suitable if you are a multi-site operation. For single site operations, with very high video data storage and access requirements, cloud is unlikely to be a good option. Having said that running the application in the cloud, but keeping your video data on-premise, may be beneficial in some instances. For example, if there are many remotely based managers who need quick, easy, and secure access to your CCTV system.
Managing user expectations
Normally when you move from hosting your own software to a cloudbased service, the user will benefit from some feature and performance enhancements with enterprise IT systems. Companies tend to have similar expectations when moving CCTV into the cloud. However, because of the huge amount of video data involved with CCTV, some features and performance might actually suffer. It’s important for companies to gain a true understanding of the advantages and disadvantages of Cloud CCTV versus on-premise video management before they leap. Video analytics are only just moving to the edge never mind the cloud. Also, you need to bear in mind that until very recently, most video analytics functionality could only be managed on-premise, on high CPU servers because of the amount of processing power required to analyse the video data. For example, only with Axis’ seventh generation chipset ARTPEC-7 launched just 1.5 years ago, did it become possible for higher-end Axis network cameras to perform CPU-hungry video analytics capabilities in the camera itself. May 2021 | 35
13/04/2021 15:10
Security hardware
Only basic video analytics capabilities are currently available from VSaaS providers today. If you are looking to use more advanced video analytics available on the edge, then moving your video management system (VMS), such as Milestone, into AWS or Google Cloud would be a more suitable cloud option. So, if you are migrating your CCTV system into the cloud, be prepared to compromise on some features when you are doing your planning work. Certainly, if advanced video analytics is a significant or essential part of your system, then cloud is probably not the best option for implementation and ongoing system management.
within its platform. However, all the basics and more tend to be covered and for most businesses this will be enough. But third party or true eco system integrations do not really exist for VSaaS platforms yet. We don’t anticipate this changing in the near future. There is a lot to think about when contemplating moving your CCTV into the cloud. You may need to speak to a CCTV solution specialist before you make the step.
IaaS versus VSaaS
We touched upon this a few times already. When considering moving your CCTV to the cloud you have, in general terms, two available options: 1. Migrate your existing video management system (VMS) into the cloud using an Infrastructure as a Service (IaaS) provider such as Google Cloud, Azure or AWS, or 2. Move to a Video Surveillance as a Service (VSaaS) provider offering you a ready cloud platform. Running your existing VMS in an IaaS environment will give you all the features and functionality that the same software would deliver if installed on-premise. An open platform eco system, such as the one provided by Milestone, will continue to benefit from the many integrations and advancements that exist. Moving to a VSaaS provider, such as Morphean or Arcules, means you’ll be restricted to the features and functionality available 36
|
May 2021
34-36 PCR May21 Security Hardware NW.indd 36
www.pcr-online.biz
13/04/2021 15:10
PCR NOV20 SMITHIE:Layout 1 22/10/2020 14:18 Page 1
Internet Security
Where does JavaScript belong as bots get more sophisticated?
Andy Still, CTO, Netacea discusses how hackers are taking advantage of websites that use JavaScript.
W
Andy Sill, CTO, Netacea
38
|
May 2021
38-39 PCR May21 Internet Security Netacea.indd 38
e have a bot problem. At least half of all web traffic is automated, and some of this traffic is buying our gig tickets, our sneakers, our plane tickets and our games consoles before the rest of us have a chance. This has been a problem for some time, but the combination of national lockdowns and some high-profile launches has seen it become a major news story. The lack of availability of Nintendo Switch consoles last year, followed by PlayStation 5 and graphics cards going out of stock as soon as they arrive, have all been blamed on bots. In the UK, there have even been moves in parliament to try and protect consumers by outlawing the use of “scalper bots” to buy in-demand goods. Ecommerce platforms are understandably keen to limit the use of bots on their sites for a number of reasons. Most obviously, if bots are snapping up consumer goods before real consumers can, that means losing
sales—while real people can be upsold and are worth building a relationship with, all bots are interested in is buying what they came for. Regular customers will be disappointed by the lack of stock, damaging any existing relationship. But the problems can be more subtle. If retailers cannot differentiate between bot traffic and real traffic, they’re likely to make poor decisions based on this tainted data. This is true of not just ecommerce sites, but any business with a customer-facing web presence, whether that’s financial service providers, travel brokers, or online gaming. Bots may, for example, increase bounce rate, making a business think that what they are offering isn’t compelling enough. Or their inclusion in the stats may mean that conversion rates are way down, making businesses think there is a problem where none exists. Any business that is vulnerable to bot attacks will be keen to understand the traffic on its www.pcr-online.biz
14/04/2021 11:31
Internet Security
site better. But traditional ways of doing this are becoming less useful as bots become more sophisticated. Tackling bots with JavaScript-based solutions One of the hurdles any traffic analytics solution faces is integration—how can the solution get access to the data it needs to understand the traffic on the site and allow the business to make good decisions? Not all bots are bad, of course, with some being crucial to search engine discovery, so the solution is not as simple as banning all bots from the site. One of the simplest ways of doing this is to insert snippets of JavaScript into each page. That piece of code collects signals from the user, providing information on where they are browsing from, how long they spend on each page, mouse movements, button clicks and many other pieces of behaviour that together helps to build a profile and complete picture of the user. JavaScript integration has the advantage of being simple to integrate and collecting a wealth of information about those visiting a site. They work a little like a polygraph or, if we’re indulging in a little sci-fi, like Blade Runner’s Voight-Kampff test to distinguish between bots and real people. When you tick a box marked “I am not a robot”, it is not the act of ticking the box that proves you are real, but the other signals being collected about your browsing. Unfortunately, the big disadvantage of this method of bot mitigation is that, more and more, it is failing to keep out bots. The rise of sophisticated bots Bot attacks and bot mitigation is an arms race. We are continually developing tools to identify and keep out bad bots, but the enemy is a moving target. The idea that hackers are kids in their parents’ basement is now decades out of date, but we find that many people don’t quite realise the extent to which hacker groups have professionalised their service. They are constantly updating their software to handle the best that security vendors can throw at them, just as the vendors do with their software. Many advertise their bots as being able to deal with the bot mitigation present on popular sites. The problem with JavaScript-based solutions is that those code snippets are little calling cards, letting the bot creator and bot user know exactly what tricks you have up your sleeve waiting for them. Any good heist movie has the scene where the gang gets their inside information - details on the locks they’ll need to bypass, the electronic surveillance they’ll need to slip by, the safe that needs to be cracked. But JavaScript means there’s no need for an inside man - there’s a big neon sign telling anyone exactly what they’re up against. Bot operators don’t have to figure out how they can try and bypass the mitigation in place, instead they just need to browse a bot marketplace for the right tool for the job. Does this mean that JavaScript is no longer useful? Not quite. www.pcr-online.biz
38-39 PCR May21 Internet Security Netacea.indd 39
So, what’s the alternative? Rather than integrating through JavaScript, server-side solutions should instead be implemented via cloud, CDN or API. As server-side bot management does not expose code, this means that attackers no longer know exactly what they are facing—bot operators have no visibility of bot identification methods and cannot reverse engineer a way around the solution. As well as full visibility of web traffic, mobile and API traffic is monitored too. The solution is easily maintained by the vendor, meaning customers will always automatically have the latest protection. No site-wide JavaScript updates are needed. So, it’s simple, right? Ditch the old JavaScript methods of bot mitigation and use other server-side methods? We shouldn’t be quite so hasty. JavaScript still has a place in bot mitigation, though it may become less useful over time. JavaScript can still be used to collect a wealth of information on how the user is interacting with the site - the button clicks, how the user is scrolling, the path the user is taking through the site and more. These signals, while they can be subverted by a sophisticated bot, can also be used to gain a better understanding of the user and in combination with the server-side solution, give a clearer picture of who is using the site - not just a simple Voight-Kampff test of “bot or not”, but of intent: good bot or bad bot? Unfortunately, JavaScript may become increasingly less useful. Major browsers are phasing out fingerprinting, a detection technique that JavaScript-based bot mitigation relies on that is seen as a privacy nightmare, and also a notorious attack vector for other hackers, and so Chrome, Safari and Firefox are all changing how they work. This means that there is no long-term future for JavaScriptbased bot mitigation alone. The bot creators won’t be happy, as it means many businesses will have to find alternative solutions, effectively removing the help they were giving those who were reverse engineering their mitigation techniques. But this doesn’t mean bot mitigation has won. Instead, it’s just a new phase in the arms race.
May 2021 | 39
14/04/2021 11:31
IT Security
Why taking a layered approach is critical to a strong IT security infrastructure Jack Garnsey, Product Manager, VIPRE SafeSend and Security Awareness Training advises on the layers of cyber security businesses should implement to safeguards themselves against cyber attacks
V
IPRE is a provider of IT security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats and user errors. Jack Garnsey, Product Manager, VIPRE SafeSend and Security Awareness Training had this to say:
Please could you tell me a bit more about VIPRE and the products or services it offers?
VIPRE provides IT security solutions to protect businesses and home users from costly and malicious cyber threats. We cover endpoint security including web access control, email security including anti-spam, antivirus, anti-spoofing and anti-phishing engines, cloud-based VPN, data loss prevention including protection from misaddressed emails, security awareness training and enterprise-grade web security. Our services are all underpinned by our behavioural analysis detection engines, which have over twenty years of experience determining the difference between good and bad actors, safely identifying which information will hurt your organisation and what is allowed to get through to your users.
What are today’s emerging digital threats and how can we stay protected? A number of misconceptions still exist when it comes to cybersecurity. Apple Macs, for example, have been around for a 40
|
May 2021
40-41 PCR May21 Internet Security VIPRE.indd 40
long time, yet people still have the mentality that Macs don’t get viruses. However, only recently, at least 40,000 Macs were apparently infected by the Silver Sparrow, which is a new family of Mac malware that runs natively on Apple’s new M1 processors. With the ever-evolving threat landscape, businesses and vendors need to respond to modern attacks with the right protection. A new way of attacking that we’ve seen an increase in the IT industry is the use of fileless attacks, which exploit tools and features that are already available in the victim’s environment. These can be used in combination with social engineering deploys, such as phishing emails, without having to rely on file-based payloads. Above all, users continue to play a significant role in safeguarding organisations from threats by ensuring they install updates to software, stay away from shadow IT, and are cyber aware in everything they do. Circumventing security protocols to make their lives easier, especially when remote working, should not be allowed. But, using security awareness training programmes to help with understanding why this is the case should help organisations keep security under control.
How are cybercriminals looking to gain access to our data? Cybercriminals are innovative, and continue to adjust to the modern threat landscape. They will try to gain access to data in
www.pcr-online.biz
14/04/2021 11:30
IT Security
any way they can, whether this is through email attachments and links, phishing or spear phishing, social engineering attacks, malicious websites or as mentioned above, fileless attacks. They can also gain access through having outdated software and plugins on your desktop, or through routers and open networks. The possibilities are endless.
What layers of security should we be looking at to safeguard ourselves and our businesses?
We talk a lot at VIPRE about layers, and layers within layers – particularly looking at not only the different types of security, but the layers inside those security services. For example, if we look at layered email security, it covers not only spam and virus protection, but protection against spoofing, malicious links and attachments as well. It’s no coincidence that every serious email security vendor has an Advanced Threat Protection package that includes some form of behavioural-based detection techniques. Also, strong protection needs to include some form of MachineLearning, because zero-day, polymorphic threats are here to stay and are only getting more sophisticated. AI has an important part to play in specific areas such as virus detection, sandboxing and threat analysis and combined with tools to prevent accidental data leakage – as well as trained human insight – users are empowered to make more informed decisions about the nature and legitimacy of their email before acting on it
What are the current SMB security trends?
SMBs themselves can be their own biggest problem by thinking that they are immune to cyber-attacks or that they are too small or ‘uninteresting’ to be a big target for attacks. There are no size restrictions when it comes to IT security threats, and just because a business may not think it is big or important enough to invest in multiple levels of threat protection, the consequences of an attack on an SMB are still devastating. Relying on tools that come as ‘part of your IT package’ instead of investing in dedicated Endpoint and email protection is so much more common than you would think. And now with the pandemic and the move to remote working, a lot of SMB staff are working with even less security than usual.
How is business antimalware different from the consumer?
It isn’t about looking at the quality of protection, but rather the way the protection is configured, managed and analysed. In theory, there is very little difference in the quality of protection given to consumer and business customers, however, the risk a business runs is much bigger than an individual and so they need better analytics, management, deployment and reporting capabilities in their endpoint or email solution. A business can be taken down for hours, days or even weeks with ransomware attacks and this impacts the whole supply chain, including employees, customers and suppliers. We have built our solutions from the ground up to focus on those specific things: analytics, management, deployment and reporting, because that is where a business solution brings the power not seen in consumer products and can make a big difference to an IT www.pcr-online.biz
40-41 PCR May21 Internet Security VIPRE.indd 41
Manager’s time investment. Having to log in to different systems and subsystems to figure out what went or could go wrong is not an option anymore and our services have been designed to eliminate the interface problems seen in other solutions on the market.
How can businesses look to keep their data safe?
The key to successful data security is having a strong IT security infrastructure in place – there is no way around that. However, a strong IT security infrastructure is only possible by having a layered approach to security, looking at both technology and humans or users as part of the solution. This includes endpoint security, email security and a business-grade firewall for the security of your network. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. That is why regular training, in addition to complementary security tools, can provide a fortified strategy for users to mitigate the threat of a cyberattack.
What predictions do you have in regards to data and security?
Cyber threats are only going to increase in sophistication and become more personalised to the individual by using social engineering attacks. We have already seen an increase in new threats, such as fileless based attacks and they are only going to continue to evolve and become more prevalent. Attackers are going to continue to take advantage of current events, such as the ongoing pandemic, to trick users into clicking a link, downloading an attachment or signing into a phishing website and so on. Users have to become a part of the solution, rather than the problem. In order to do this, businesses need to place cybersecurity as a priority throughout their processes and invest in the right tools and training to make this more of a business-critical solution, and less of an ‘emerging necessity’ as it is now. We can see some organisations are already adapting to these changes, but they are the exception rather than the norm right now. Some element of remote working is going to become the new normal for many people, and as more organisations discover the advantages of home-based workforces, this new way of working brings with it a huge question around data access and security that needs to be resolved. May 2021 | 41
14/04/2021 11:30
PCR Awards Hurry - entries close Friday 28 May! Calling incredible companies from across the UK PC & Tech sector – if you want to be in with a chance of winning a prestigious PCR Award, time is running out to submit your entries. Whether you’re an amazing vendor or distributor, an unrivalled reseller or retailer or provide outstanding services to the industry, you’re sure to find your prime opportunity to shine in our expertly-curated array of categories. Once you’ve found your perfect fit, it’s quick, easy and completely free of charge to put yourself in the running. All you need to do is put together a short statement detailing why you deserve to win and gather any documents that will help illustrate this to our panel of judges, then submit it via the simple online portal available on the PCR Awards website. But hurry – there will be no further deadlines beyond Friday 28 May, so don’t delay! Secure your seats at the ceremony We can’t wait welcome industry professionals from across the market back to the PCR Awards ceremony, taking place
Event partner 42
|
May 2021
42-43 PCR May21Awards v2.indd 42
in the heart of London on Wednesday 29 September – and early bird tickets are available to purchase! After a turbulent year, we are looking forward to providing a platform for the industry to reconnect and revel. Sales manager Sarah Goldhawk says: “This will certainly be a night to remember – the PCR Awards 2020 was one of the last events before the pandemic hit and now, we aim to be one of the first to gather the industry together again. So, dust off your suits and frocks – you’ll see me on the dance floor!” Whether you’re looking for a unique way to reconnect with your key clients, want to network with a room packed with the industry’s finest or simply want to let your hair down and reward your employees for all of their hard work over the past twelve months – you should make sure you’re on the list for the PCR Awards 2021. You can secure your seats at the special discounted early bird rate via the booking form available on the PCR Awards website until Friday 28 May. Subject to circumstances, numbers at the event may be limited so be sure to secure your spot early and ensure you don’t miss out on this incredible celebration!
Distribution category partner
Marketing and PR category partner www.pcr-online.biz
27/04/2021 09:29
CATEGORIES INCLUDE: VENDOR CATEGORY: • Security software vendor of the year – NEW for 2021 • Security hardware vendor of the year – NEW for 2021 • Smart home vendor of the year – NEW for 2021 • Networking vendor of the year • Business peripherals vendor of the year – NEW for 2021 • Business monitors vendor of the year – NEW for 2021 • PC Vendor of the Year GAMING VENDOR CATEGORY: – NEW for 2021 • Gaming peripherals vendor of the year • Gaming monitors vendor of the year RETAILER CATEGORY: • Gaming retailer of the year – NEW for 2021 • Repairs services of the year – NEW for 2021 • System builder of the year • Online retailer of the year • Independent retailer of the year RESELLER CATEGORY: • SMB reseller of the year • Corporate VAR of the year • MSP specialist of the year DISTRIBUTION CATEGORY: • Software and services distributor of the year • Hardware distributor of the year • Consumer electronics distributor of the year CHANNEL SERVICES CATEGORY: • Dealer services of the year • Marketing and PR agency of the year PCR COMPANY OF THE YEAR
For Sponsorship opportunities please contact: Sarah Goldhawk Sales Manager - magazine/website advertising, event partnership PCR sarah.goldhawk@biz-media.co.uk
Don’t miss this legendary event that continues as the pinnacle of the tech channel’s social calendar www.pcr-online.biz
42-43 PCR May21Awards v2.indd 43
May 2021 | 43
27/04/2021 09:30
Sector Guide
Security hardware and security software From Open frame monitors to secure memory devices and keyboards, here’s some of the latest products with added security features.
HANNspree H0105HTB Open Frame Monitor
“HANNspree UK’s Open Frame monitors are ideal for security hardware integration. This 10.1” touch display is a cost-effective solution for a multi-monitor surveillance setup. The rugged bezel and edge-to-edge glass makes the HO105HTB ideal for tabletop integration as well as kiosk and totem integration. It supports rear VESA and external mounting brackets for multiple, flexible mounting options and features a tough glass display which is IP65 rated. The touch function will even remain unaffected if the glass is scratched!”
Kingston’s DataTraveler 2000
“Kingston’s DataTraveler 2000 is designed to be secure, with an alphanumeric keypad that locks the drive with a word or number combination for easy-touse PIN protection. The DT2000 features hardware-based, full-disk AES 256-bit data encryption in XTS mode. Encryption is performed on the drive and no trace of the PIN is left on the system. It is FIPS 140-2 Level 3 certified to meet frequently requested corporate IT requirements.”
Specs: 10.1”, 1280 x 800, 170°/170° wide viewing angle, VGA + HDMI, IP65, 6H hard panel surface, 12-volt external power supply, VESA mount and multiple mounting options, Landscape, Portrait and Face-up orientation.
Specs: Alphanumeric keypad makes it easy to unlock your device, Full-disk AES 256-bit hardware-based encryption, Can be used on any device with a USB 2.0 or USB 3.1 Gen 1 (USB 3.0) port, FIPS 140-2 Level 3, Administrator (admin) PIN – enables admin access to the drive and ability to issue a new user PIN if the user forgets the PIN, Read-only access – Admin can pre-provision a drive with pre-loaded content as read-only for the user
Contact: HANNspree
Contact: Kingston Digital Europe Co LLP
HANNspree H0325PTB Open Frame Monitor
“A superior view for large format surveillance, the H0325PTB is a 32” open frame touchscreen display, ready for security hardware integration. Full HD resolution, high brightness and super wide viewing angles combine to deliver picture excellence with fine detail for accuracy from any angle. Advanced touch technology enables a precise and highly responsive user-interface for security applications, while a protective glass overlay provides protection against the daily rigors of touch control as well as liquid spills and cleaning solutions – ideal for ‘clean’ environments.” Specs: 32”, 1920 x 1080, 178° Ultra- Wide Viewing Angle, 400cd/m, DP + HDMI, IP55, 7H hard panel surface, Built-in speakers, VESA mount and multiple mounting options, Metal chassis, Landscape, Portrait and Face-up orientation. Contact: HANNspree 44
|
April 2021
44-47 PCR May21 Sector Guide.indd 44
www.pcr-online.biz
27/04/2021 08:10
Sector Guide
KC600 SSD Remarkable performance in full capacity
“Kingston’s KC600 is a fullcapacity SSD designed to provide remarkable performance and is optimised to provide functional system responsiveness with incredible boot, loading and transfer times. It comes in both 2.5” and mSATA form factors using SATA Rev 3.0 interface with backwards compatibility. The KC600 utilises the latest 3D TLC NAND technology while supporting a full security suite that includes AES 256-bit hardware encryption, TCG Opal and eDrive. It features read/write speeds of up to 550/520MB/s to efficiently store your data up to 2TB. It’s available in a bundle kit that provides everything you need for a smooth and easy desktop and notebook installation and upgrade.” Specs: 3D TLC NAND technology, Supports a full security suite (TCG Opal, AES 256-bit, eDrive), Available in range of full capacities Contact: Contact: Kingston Digital Europe Co LLP
CHERRY KC 1000 SC (JKA0100GB-0 / JK-A0100GB-2) “CHERRY KC 1000 SC combines the benefits of a classic CHERRY office keyboard with the securityrelated requirements of a security keyboard.”
Specs: Smart, wired security keyboard with integrated chip card terminal Secure PIN entry, PC/SC smartcard reader, Protocols: T=0, T=1, S=8, S=9, S=10 EMV 2000 Level 1 approved, CCID compatible, Reading/ writing ISO 7816 compliant smartcards, Flat design, low smart card contacting unit, Satisfies requirements defined by FIPS-201, German version with DIN/GS compliant layout, Driver support for Windows/ MacOS-X/Linux, One-handed operation of smart card module, German version complies with BGI 650 guidance for ergonomics, Awarded the ‘Blaue Engel’ environmental seal Contact: Westcoast & Exertis
KC2500 NVMe PCIe SSD
“Kingston’s KC2500 NVMe PCIe SSD delivers powerful performance using the latest Gen 3.0 x 4 controller and 96-layer 3D TLC NAND. With read/write speeds of up to 3,500/2,900MB/s, KC2500 delivers outstanding endurance and improves the workflow in desktop, workstation and highperformance computing (HPC) systems. The compact M.2 design gives greater flexibility, increasing storage but also saving space. Available in capacities from 250GB –2TB to meet your system’s needs. KC2500 is a self-encrypting drive that supports end-to-end data protection using XTS-AES 256 bit hardwarebased encryption and allows the use of independent software vendors with TCG Opal 2.0 security management solutions, such as Symante, McAfee and WinMagic.” Specs: Incredible NVMe PCIe performance, Supports a fullsecurity suite (TCG Opal 2.0, XTS-AES 256 bit, eDrive), Ideal for desktops, workstations and high-performance computing (HPC) systems, Upgrade your PC with capacities of up to 2TB Contact: Kingston Digital Europe Co LLP
CHERRY SECUREBOARD 1.0 (JK-A0400GB-0 / JK-A0400GB-2)
“The SECURE BOARD 1.0 is an ergonomic keyboard with an integrated reader for smart cards and cards/tags with an RF/NFC interface. For added security and confidentiality, the keyboard can be switched to a secure mode. Now the device can authenticate itself with a certificate and the key transmission is encrypted. This renders hardware key loggers useless and because the standard keyboard channel is locked, BadUSB attacks cannot be carried out on it. Thin clients that have the necessary software integrated are particularly suitable for using these functions.” Specs: Intelligent security keyboard with integrated reader for smart cards and cards/tags with RF/NFC interface, Secure mode with authentication and encryption, especially with thin clients, PC/SC smart card reader, CCID compatible, Protocols: T=0, T=1, T=CL, Read/write with ISO 7816 and ISO 14443 A/B compliant cards, Read/write with FIDO2 NFC Token Contact: Westcoast & Exertis
www.pcr-online.biz
44-47 PCR May21 Sector Guide.indd 45
May 2021 | 45
27/04/2021 08:10
Sector Guide
CHERRY SMARTTERMINAL ST-1144 (ST-1144UB)
“Smart, stable and can be operated with one hand. The SmartTerminal ST-1144 reads and writes your chipcards and offers extremely low power consumption. Whether access controls, network log-on or smart card-based Internet transactions - the SmartTerminal with USB connection supports you in protecting your sensitive data in an easy and reliable way.” Specs: High-quality USB-smartcard reader, OmniKey 3121 (Aviator) compatible USB 2.0-compatible, “Single-handed operation” through high weight and stable standing, PC/SC smartcard reader, Protocols: T=0, T=1, S=8, S=9, S=10 CCID compatible, EMVco Level 1 compliant, CAC and FIPS 201 compliant, TAA compliant Contact: Westcoast & Exertis
Archer AX90 Tri-Band Gigabit router “TP-Link’s new Archer AX90 Tri-Band Gigabit Wi-Fi 6 Router, equipped with HomeShield is designed to respond to any security threats your home network may encounter. HomeShield provides a home network scanner for your private WiFi to detect potential threats and alert you of security issues. Customise your home network with enhanced security using TP-Link HomeShield’s kit of built-in features. Whether you’re identifying network security holes, limiting the time your children spend online, or blocking websites, HomeShield gives you the tools you need to fully manage your network.”
CHERRY MC 4900 (JM-A4900) “The integrated, capacitive FingerTip sensor enables the CHERRY MC 4900 wired mouse to have easy log-on, with fast and secure user authentication via your fingerprint.”
Specs: Fingerprint reader in the mouse, Easy log-on using fingerprint, Windows Hello, SDK for integration into other applications, 3-button mouse, Symmetrical mouse, 1.8m cable with USB connection, Optical sensor (1375 dpi) Contact: Westcoast & Exertis
Seagate SkyHawk AI 18 TB
Seagate SkyHawk AI 18 TB is a surveillance-optimised drive designed for NVRs with artificial intelligence (AI) for edge applications. ImagePerfect AI firmware delivers zero dropped frames while supporting heavier workloads. SkyHawk Health Management actively helps protect your surveillance storage by focusing on prevention, intervention, and recovery options. Higher reliability is offered with 2M hours MTBF and a 550 TB/year workload rate for more than 3× that of standard surveillance hard drives. SkyHawk AI supports video analysis and recording simultaneously with GPU analytics workloads.”
Specs: Tri-Band Gigabit Wi-Fi 6 Router, HomeShield provides a home network scanner, Wi-Fi 6 compatible
Specs: ImagePerfect AI firmware delivers zero dropped frames while supporting heavier workloads, Versatile capabilities intelligently adapt to the scale of your AI environment, Supports up to 64 HD video streams and 32 AI streams, three years of Rescue Data Recovery Services, 90% success rate against unexpected data loss
Contact: TP-Link
Contact: Seagate
Advanced VPN Firewall
“Zyxel Network’s ZyWALL VPN Series delivers enhanced web filtering functionality and security through its powerful combination of reputation and category-based filtering. It runs dynamic categorisation, analyses the content of a previously unknown website and determines if it belongs to an undesirable category. It also supports CTIRU (CounterTerrorism Internet Referral Unit) to restrict access to any online terrorism material.” Specs: Enhanced web filtering, Geo Enforcer, Manage up to 1032 APs from a centralised user interface, VPN features multi-WAN load balancing and failover safety with USB 3G/4G support as a backup WAN Contact: Zyxel Networks 46
|
May 2021
ZyWALL VPN50/100/300/1000 VPN Firewall Advanced VPN Firewall with an option to run SD-WAN
Diverse VPN solution (IPSec/ SSL/L2TP over IPSec) for better security
ZyWALL VPN Series Firewall, when as a standalone gateway, features many robust VPN functionalities to empower your business network with better connectivity and higher security, so your daily operations including all information flow between HQ and branches become faster, easier and safer to achieve maximum business performance.
Nebula SD-WAN cloud management makes it easy to manage multiple firewalls
Except serving as a standalone gateway, ZyWALL VPN Series can also be cloud-managed by Nebula SD-WAN Orchestrator, a cost-effective solution that optimizes WAN service quality, featuring zero-touch deployment, centralized monitoring, great agility, and higher throughput with lowered cost.
www.pcr-online.biz
Benefits Your secure connection to the world The ZyWALL VPN Series integrated innovations connects your cross-group network while providing you the world’s best central management and security features.
44-47 PCR May21 Sector Guide.indd 46
Content Filtering and Geo Enforcer protect your network from web threats AP Controller technology allows you to manage up to 1,032 APs
Same security across networks with 2FA logins, NVGRE over IPSec for a more safer tunnel protection
27/04/2021 08:10
Sector Guide
BullGuard Premium Protection
“BullGuard Premium Protection 2021 protects up to 10 devices (Windows, Android and macOS) with one licence. Featuring unique Dynamic Machine Learning, it continually monitors everything that happens on a device, enabling real-time detection and protection even when a device is not connected to the Internet. Further layers of protection include light and fast signature-based detection, a Sentry behavioural engine that detects zero day and other complex threats, and new cloud detection technology which detects real-time threats as they emerge. Virus signature updates are applied automatically.” Specs: Operating System: Windows 10, 8.1, 8, 7 SP1+ macOS X 10.11 or later Android Tablets and Phones, Android 5.0 and higher Contact: UK: Spire, Target, VIP and Centerprise
BullGuard Internet Security
“BullGuard Internet Security 2021 provides unique Dynamic Machine Learning, which continually monitors everything that happens on a device. This enables real-time detection and blocking of potentially malicious behaviour, even if a device is not connected to the Internet. Light and fast signature-based detection protects against the most common threats, while the Sentry behavioural engine protects against zero day and other complex threats. An On-Access engine protects even if you never run a scan and new cloud detection technology detects threats as they emerge in realtime. A custom-built Secure Browser delivers top security and tough protection when shopping and making payments online. A patented award-winning Game Booster protects gamers when they are gaming, Safe Browsing flags up websites harbouring malicious content, and tough but discreet Parental Controls keep kids safe.” Specs: UK: Spire, Target, VIP and Centerprise
BullGuard VPN
“BullGuard VPN enables users to safely and securely access the Internet and online services from home, work or abroad. It uses military grade encryption to encrypt and secure a user’s data, ensuring that the websites a user visits, the content they upload or download, or what applications and services they use are all kept completely private. BullGuard VPN automatically launches when a device starts up and includes an auto-connect for open Wi-Fi networks. Users receive secure connections into unprotected Wi-Fi hotspots, which are common in airports, hotels and cafes, protecting them against data theft, malware, privacy breaches and cyberattacks via Wi-Fi. BullGuard VPN customers can also enjoy BullGuard’s renowned 24/7 customer support, regular software updates and a no-logs policy. A single license secures up to six devices and it runs on all major operating systems; Windows, MacOS, Android and iOS (iPhone + iPad).”
Contact: Westcoast & Exertis
SEH Technology utnserver Pro
“Perfect for remote working environments and small to mediumsized businesses, the utnserver Pro allows users to access all types of USB devices over a network. As a “plug & play” solution, users can integrate the device server into their network and connect their USB devices to its USB ports. It is also equipped with SEH UTN Manager software to create a virtual USB connection to the USB device with one click. The connection to the USB devices works via LAN, VPN, VLAN, the Internet or in server-based and virtualised environments. This means that companies can access their USB devices from any work environment and any location, benefiting from highperformance and flexibility.”
Specs: Operating System: Windows 10, 8.1, 8, 7, macOS X 10.11 or later iOS 10 or later, Android Tablets and Phones, Android 5.0 and higher
Specs: Gigabit Ethernet, 2 x USB 3.0 Gen 1 (SuperSpeed), Simple installation with the SEH UTN Manager for Microsoft Windows, macOS and Linux, SEH Product Manager, Secure connection of USB devices in remote environment, Encrypted point-to-point connection via the network, utnserver Control Centre with integrated user interface, E-Mail, SNMP and Bonjour, Regular software updates and technical support worldwide
Contact: UK: Spire, Target, VIP and Centerprise
Contact: Bechtle Direct UK
www.pcr-online.biz
44-47 PCR May21 Sector Guide.indd 47
May 2021 | 47
27/04/2021 08:10
Interview
Life in the channel
Exertis’ Jo Lawrence PCR catches up with Jo Lawrence, UK HR Director for Exertis on empowering its people, ensuring equal representation of women and the importance of making everybody count.
48
|
May 2021
48-50 PCRMay21 Life in the Channel Exertis.indd 48
www.pcr-online.biz
13/04/2021 15:07
Interview
J
o Lawrence, UK HR Director for Exertis is relatively new to the company having joined Extertis in 2019, here Jo chats to PCR about life so far in her new role and how she views female representation within the channel and the importance of diversity. Please can you tell me a bit more about your role within Exertis? I’m the HR Director for Exertis UK and I also sit on the Board of Directors. I work alongside a great team in our people function where we champion all things people related, at all stages of the employee life cycle. This includes attracting and onboarding talent, ensuring colleagues are set up for success with access to learning and development, providing reward and recognition programmes that drive business performance, creating listening mechanisms that help us continuously improve our people experience, all the way through to creating advocates of the brand. I’m a champion of diversity, inclusivity and engagement and part of my role is ensuring that managers have the tools they need to get the best out of people and that we have a strong offering to help our people be the best that they can be. I recently headed up a project to launch a ‘You Belong Here Toolkit’ for all people managers as we ask them to ensure they contribute to making a demonstrable positive shift in diversity representation within their area of the business.
when it comes to senior positions. This is something we’re working on improving by implementing our new diversity and inclusion initiatives across the business, both in the UK and globally. We’re working hard to raise awareness, understand the blockers and shift the conversation. In the last year we’ve increased the number of females in our senior leadership population from 14% to 28%. What made you want to work within the tech channel? The opportunities within the tech channel are endless and it’s been great to join such a fast moving and dynamic business. Exertis is a company that fosters an inclusive culture and really empowers its people, providing fantastic prospects for both business and personal growth. Technology is reshaping business and society in ways that were previously unimaginable, and innovation is taking place at such an accelerated rate that it’s a really exciting time to be in the tech world.
“In the last year we’ve increased the number of females in our senior leadership population from 14% to 28%”
What’s your background in the tech channel? I joined Exertis in 2019 and this is my first experience in the tech channel. Previous to my current role, I spent two years at Life and Pensions Insurer LV where I was Head of HR for talent, learning and resourcing. Prior to that, I spent more than fifteen years at the Kingfisher Group in senior HR positions within the PLC and its DIY and home improvement retailer, B&Q. Have you encountered any challenges working as a female in the tech channel, if so please explain? I haven’t personally experienced any challenges as a female in the tech channel, but that’s not to say that I haven’t observed that there is less female representation www.pcr-online.biz
48-50 PCRMay21 Life in the Channel Exertis.indd 49
Do you have any outside work involvement beyond the remit of Exertis within the channel? As a business we get involved with a number of great initiatives such as PCR’s ‘Top 25 Women in Tech’ and ‘30 under 30’ to ensure we’re celebrating the achievements of our people. We have a voice on LinkedIn and other platforms where we ensure we’re driving dialogue around the benefits of diversity and inclusivity and championing our people. We have a regular schedule of celebration and awareness events throughout the year to increase understanding and empathy. These events are driven by our Equality, Diversity and Inclusion Team (EDIT), which is an incredible group of people who come together every month to champion D&I and encourage others to do the same. Our celebration and awareness days centre around everyone’s right to feel valued, included and celebrated and have recently included initiatives such as International Women’s Day and LGBTQ+ History Month. All of these things play a part in ensuring that Exertis is a place where people can bring their true selves to work. May 2021 | 49
13/04/2021 15:07
Interview For other aspiring young women in the channel, what words of encouragement can you offer to aspire them to pursue a career within the channel? My advice to aspiring young women would be to try new things, be brave and always strive for success. The channel is so exciting because of the pace in which it moves, and this means that so many opportunities constantly present themselves. Technology has such a huge impact on people’s lives and over the last twelve months we’ve really seen just how crucial it really is. Being part of the channel means that we enable working, learning and entertaining from home. Where do you see a shortfall in female representation within the channel and how can companies look to overcome this? I’ve definitely seen a shortfall of females in senior roles, which isn’t dissimilar to other sectors. One way we can enable women and improve representation at senior levels is to seek to understand the lived experiences of women currently working in the channel. This helps with identifying and removing any perceived barriers that prevent women from entering these roles. Male allies play a huge role in listening, understanding, and removing any blockers that may be in place. Involving senior executives in reverse mentoring is a great way to do this, and we need to involve men in this too. Training and development play a crucial role in enabling females to progress in their careers. We offer career opportunities across a wide range of functions from sales to finance and have over 860 courses available for employees. When considering performance ratings and talent profiles, it’s important to analyse data by breaking it down in to male and female segments in order to see the bigger picture and identify any key takeaways. Most importantly, we need to tackle micro inequalities and challenge and remove unconscious bias. What subjects or disciplines do we need to be advocating more of at a young age to encourage a more even adoption by both sexes at education level? I believe more could be done in schools in terms of educating and encouraging young females when it comes to STEM subjects
(science, technology, engineering, and mathematics). The opportunities are vast, and we should be encouraging young women to understand the art of possible. One way of inspiring and motivating people from a young age is to celebrate fantastic role models and their achievements. If you can see it then you can achieve it! There should also be more focus on core competencies, such as self-belief, resilience, and agile thinking, rather than subject specific grades. Why does Exertis want to encourage a culture of diversity what are the motives behind this? Above anything else, fostering a culture of diversity is the right thing to do. A diverse workforce with equal representation supports the development of an excellent, progressive company culture. There’s evidence to show that diverse teams outperform and do better in terms of productivity. It’s also extremely important that we’re representative of the needs of our diverse customer base. Part of this is to ensure that all of our people complete unconscious bias training and are accountable for implementing all reasonable measures to ensure a diverse range of candidates are interviewed for vacancies. We recently announced a new set of diversity and inclusion initiatives, to demonstrate our strong commitment to fostering a diverse culture across the business. In recognition of the differing needs of employees, Exertis has increased maternity, paternity and adoption packages as well as offering flexibility in terms of location and hours, which we believe will encourage diversity. Is diversity within the channel still a major issue or have things moved on in recent years? I haven’t been in the channel for long enough to comment on this one, but it was brilliant to see so many organisations within the channel celebrate International Women’s Day on the 8th March. Seeing so many businesses get involved in the campaign felt like a real shift, however, it’s crucial that under-represented or marginalised groups are given the platform and tools to prosper every day of the year.
“Training and development play a crucial role in enabling females to progress in their careers. We offer career opportunities across a wide range of functions from sales to finance and have over 860 courses available for employees” 50
|
May 2021
48-50 PCRMay21 Life in the Channel Exertis.indd 50
www.pcr-online.biz
13/04/2021 15:07
PCR MAY21 QBS F SECURE happiest:Layout 1 27/04/2021 10:04 Page 1
PCR May21 Cover Section.indd 1
27/04/2021 11:28