www.insightssuccess.com September 2018
10Most Trusted
The
ERM Solution Providers 2018
Ingo Ernst Company of the year
CEO & Co-founder
4Stop GmbH
E d i t o r ’s P re s p e c t i v e s Network Scurity Threats & Soloution
Te c h Tre n d Embedded Systems are Gaining Popularity across all Domains
Editor’s Note
Utilizing ERM to Diminish Enterprise Risk Factors
A
n old Russian proverb asserts, “It’s not the wolves you see that you should worry about the most, it’s the one you don’t see.” Risk acts in the similar way. Thus, it has become extremely important for organizations to identify threats that could jeopardize their business objectives or any of the critical strategy. Though risk is an uncertain phenomenon, still it can be used to fuel innovation. It acts an opportunity to instigate the change, as by taking a risk centric approach businesses can formulate a strategy for success. Hence, by incorporating an integrated approach, Enterprise Risk Management (ERM), businesses are achieving their goals and objectives, even when they encounter obstacles. It is considered to be a strategic driver that assists businesses with the assessment of significant risks and the implementation of suitable risk responses. Risk management is more about making informed decisions with keeping risk in mind, rather than managing risks. Considering the enterprise-wide perspective, through a sound ERM, businesses are revisiting the approach to corporate strategy development to introduce more agility, adaptability, and responsiveness to emerging threats. Being a new management discipline, ERM is enabling businesses to continuously monitor the changes in the environment to determine which could be truly disruptive. Companies are able to easily predict and respond to the waves of disruption.
To shed light on the disruptions occurring in interpreting risks, Insights Success has enlisted “The 10 Most Trusted ERM Solution Providers, 2018”, which are providing an innovative approach and framework in identifying risks and resolving them. The listing includes AuditComply, a risk & performance platform developing comprehensive solutions for managing risk, quality, compliance and Environment Health & Safety (EHS), all in one centralized platform; JCAD, a leading company which is streamlining risk management and continuously striving to provide a personal touch at all customer touch points whether it be at point of sale, during implementation or subsequent support; Riskonnect, the provider of true integrated risk management solutions; Allgress, a global provider of automated next-generation integrated Compliance IT Security, and Risk Management Solutions for organizations and their business partners to effectively and efficiently manage business risk. Also, featuring as the company of the year is 4Stop, a leading fraud prevention provider, headquartered out of Cologne, Germany solving businesses risk-based approach (RBA) through a modern, all-in-one KYC, compliance and anti-fraud solution. Also, make sure to scroll through the articles written by our in-house editorial team and CXO standpoints of some of the leading industry experts to have a brief taste of the sector. Let’s start reading!
Hitesh Dhamani
10
4Stop Onboarding Customers with EfďŹ cient Fraud Prevention Services
14 Pitching Excellence Eminence at the Edge
28
34
Industry Intel
Interpreting Risks
Allowing Regulated Entitiesto Connect and Structuretheir Data
Minimizing the Adverse Effects of Risks
Articles
22
40
Editor’s Prespectives
Tech Trend
Network Scurity Threats & Soloution
Embedded Systems are Gaining Popularity across all Domains
Con ten t
s
Allgress Inc.
Innovation of Compliance and Risk Management Solutions
20 AuditComply: A Comprehensive Risk and Performance Management Platform
26 JCAD: Streamlining Risk Management
32 Riskonnect: Anticipating and Managing the Risks across Enterprises
38
Editor-in-Chief Managing Editor Executive Editor Assistant Editors Contributing Editors Visualiser Art & Design Director Associate Designer Co-designer
Pooja M. Bansal Anish Miller Hitesh Dhamani Jenny Fernandes Abhishaj Sajeev Bhushan Ghate Ishan Mittal David King Amol Kamble Kushagra Gupta Sumit Lunawat
Art & Picture Editors Paul Belin Jayant Khanna Senior Sales Manager Passi D. Business Development Manager Peter Collins Marketing Manager John Matthew Business Development Executives Steve, Joe, Alan, Ajay Sales Executives David, Kevin, Mark, Mayank Technical Head Jacob Smile Technical Specialists Amar, Pratiksha Digital Marketing Manager Marry D’Souza Online Marketing Strategists Alina Sege, Shubham, Vishal SME-SMO Executives Prashant Chevale, Uma Dhenge, Gemson, Prasad Research Analyst Patrick James Circulation Managers Robert, Tanaji Database Management Stella Andrew Technology Consultant David Stokes sales@insightssuccess.com
September, 2018 Corporate Ofces: Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone - (614)-602-1754 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com
Follow us on :
Insights Success Media and Technology Pvt. Ltd. Off. No. 513 & 510, 5th Flr., Rainbow Plaza, Shivar Chowk, Pimple Saudagar, Pune, Maharashtra 411017 Phone - India: +91 7410079881/ 82/ 83/ 84/ 85 Email: info@insightssuccess.in For Subscription: www.insightssuccess.in
www.facebook.com/insightssuccess/
www.twitter.com/insightssuccess
We are also available on : Copyright © 2018 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.
SUBSCRIBE
READ IT FIRST
TODAY Never Miss an
Issue
Yes, I would like to subscribe to Insights Success Magazine.
Global Subscription Date :
Name : Address :
Telephone : Email :
City :
State :
Zip :
Country :
Check should be drawn in favor of: INSIGHTS SUCCESS MEDIA TECH LLC
CORPORATE OFFICE Insights Success Media Tech LLC 555 Metro Place North, Suite 100, Dublin, OH 43017, United States Phone: (614)-602-1754,(302)-319-9947 Email: info@insightssuccess.com For Subscription: www.insightssuccess.com
THE
1
Most Trusted
Solution Providers 2018
Management
Brief
Allgress Inc. allgress.com
Jeff Bennett President & Co-founder
Allgress is a global provider of automated next-generation integrated Compliance, IT Security and Risk Management Solutions.
Audit Comply auditcomply.com
Kevin Donaghy CEO
AuditComply is a Risk & Performance Platform. Developing comprehensive solutions for managing Risk, Quality, Compliance and Environment Health & Safety (EHS).
cytegic cytegic.com
Elon Kaplan CEO
Cytegic’s ACRO implemented, organizations can utilize risk as the metric for prioritizing remediation plans.
eCompliance ecompliance.com
Adrian Bartha CEO
eCompliance is the leading software solution for improving worker participation in safety.
FourStop GmbH 4stop.com
Ingo Ernst Co-founder & CEO
4Stop, a leading fraud prevention provider, solving businesses risk-based approach (RBA) through a modern, all-in-one KYC, compliance and anti-fraud solution.
JCAD jcad.co.uk
Damian Crawford Managing Director
JCAD is a leading company streamlining risk management and strives its customer with valuable points like point of sale, during implementation or subsequent support.
Proactima proactima.com
Trond Winther CEO
Proactima is a leading company with good management competence, methods and practical experience that delivers that through consulting services, tools and training.
Riskonnect Inc. riskonnect.com
Jim Wetekamp CEO
Riskonnect, Inc. is the provider of true Integrated Risk Management solutions.
Soteria Risk LLC soteriarisk.com
David Young Founder
Soteria Risk, LLC is a technology based consulting firm focused on Enterprise Risk Management.
Vose Software vosesoftware.com
David Vose Director
Vose Software offers an integrated suite of state-of-the-art risk analysis and management tools that give decision-makers access to comprehensive and precise risk information,
Company Name
Company of the Year
Onboarding Customers with Efficient Fraud Prevention Services
“We make it easy
to stay compliant. Ingo Ernst CEO & Co-founder 4Stop GmbH
10
|September 2018
”
H
eadquartered out of Cologne, Germany, Fourstop GmbH (4Stop) is a global leading fraud prevention provider that solves businesses riskbased approach through a modern, all-in-one KYC, compliance and anti-fraud solution. 4Stop brings together trusted information, managed services, software and expertise – an unrivalled combination into a single end-toend solution that helps businesses confidently anticipate risk and empowers them to make well-informed decisions. All backed by quantifiable data to confidently manage regulatory obligations and fraud risk to accelerate their business performance. 4Stop is designed to remove the cumbersome process of managing KYC, compliance and anti-fraud on a global scale, per localized regulation, and in a manner that does not require multiple integrations and drain on business operations, IT departments, costs or time to market. Through a single API integration businesses have access to hundreds of premium global KYC data sources to support compliance and risk mitigation in a fail-safe, futureproof, simplistic and real-time manner. Combined with their proprietary antifraud technology that services enterprise-level risk management with dynamic risk checks and granular risk analysis intelligence, businesses obtain a centralized global view of risk and can dramatically improve their authorization rates and stop fraud before it occurs. With 4Stop, businesses effortlessly not only are compliant, but stay compliant, combat fraud and grow their business globally with absolute confidence KYC and risks are managed. Enabling Organizations to Easily Activate Required KYC The 4Stops’ technology enables businesses to easily activate required KYC for seamless compliance and secure customer onboarding. Through 4Stop’s multitude of available KYC data sources businesses can activate and deploy required KYC in real-time for each and every customer journey touch point. Combined with 4Stop’s September 2018|
cascading KYC verification logic, customers are validated in the most efficient and cost saving manner possible. 4Stop backs their KYC performance with real-time intelligence and redundancy to ensure the best data enrichment experience is obtained. Through their platform back office 4Stop provides intel on all activated KYC and its associated data on performance volume, history, approval, warning and rejected rates by each data source type and customer journey touchpoint. Paired with the ability to review this data and apply advanced filters by merchant, country region, payment method and/or channel, businesses have full control on the data that is displayed to optimise their review processes. The 4Stop KYC solution has been designed to allow businesses to rapidly expand around the globe and to ensure compliance requirements are adhered to, regardless of the evolution of our regulatory landscape. Preventing Fraud in an Efficient and World-Class Manner 4Stop’s proprietary real-time anti-fraud technology allows businesses to monitor their traffic from a global centralized view of risk with quantifiable data and real-time intelligence. The multi-faceted risk rules engine allows for dynamic checking and securing of customers and their transactions. With over 800 predetermined rules, an easy-to-configure rules wizard, agile free-form rule scripting, and cascading ‘what-if’ rules, risk managers can establish endless rule configurations with real-time system actions and apply the rules to a specific merchant, sub-merchant, group, region, type, time-frame and payment method. All while being able to run rule simulation reports and deploy their rules in real-time. Furthermore, 4Stop provides a data rich dashboard, detailed customer and transactional queues, reports, granular customer profiles and overall data risk analysis recommendations to quickly and easily understand volumes in conjunction with risk indications at all touchpoints in the customer journey. Layered with advanced filters by merchant, sub-merchant, processing channel, and /or global
11
region, businesses can view their risk exposure and rectify it in minutes.
depth of knowledge to not only how the risk industry functions, but the trends in its evolution.
Businesses that have utilized 4Stops anti-fraud technology experience a 66.6% reduction in chargebacks in the first 2 months with an average of 81.5% approval authorization rate. The 4Stop data science analysis tools amplify these results by allowing quantifiable decisions to be made prior entering a new region and/or allowing businesses to tailor configured KYC and fraud prevention to optimize performance and significantly reduce their exposure.
Financial Institutions (FIs), banks and their customers are constantly managing the ever-changing regulatory landscape and trying to find new streamlined and costeffective methods to integrate changes when they occur. The founders of 4Stop through their experience, identified a need and developed 4Stop’s complete end-to-end solution to streamline businesses management of KYC, compliance and fraud prevention in the most cost-efficient, streamlined manner possible, regardless of where they perform their business across the globe.
Committed to the Risk Management Industry Ingo Ernst is the CEO and Co-founder of Fourstop GmbH (4Stop). He is a committed Fintech entrepreneur with excellent technical knowledge, operations management and supervisory skills gained over 15+ years through undertaking a series of highly challenging roles within the risk industry for large international organizations. This experience in conjunction with his extensive involvement in developing risk management and compliance software, gave him great understanding and reliability to businesses KYC, compliance and fraud prevention needs, with the ability to effectively establish a resolution to those needs and adapt proactively to the risk landscape. Through Ingo’s career he implemented numerous operational processes and managed multi-discipline teams across continents to improve overall business performance output and team culture. Ingo is a charismatic leader with the ability to engage and inspire his team to create impact and help businesses achieve their risk mitigation goals. All founding partners of 4Stop have a background in the payment and risk management space. Having worked in executive positions at acquiring banks, marketplaces and large scale eCommerce businesses, together they come to 4Stop with collectively over 60 years’ experience and a
12
Painting the Picture of Future 4Stop continuously expands its platform functionality and offering. Currently 4Stop is fully MLD4 and PSD2 ready for businesses and has over 1800 active KYC data sources and continues to integrate and aggregate API’s ongoing to support future regulatory obligations. In the coming year 4Stop plans on continuing to enhance their platform through a series of new UI/UX implementations to bring the best and intuitively simple experience for their clients. Additionally, 4Stop will further enhance their proprietary anti-fraud technology by including; an expansion of their advanced analytics and analytic data reporting, behavior and machine learning, advanced account association with premium logic and ongoing expansions to their KYC data source hub. 4Stop has been built to not only fully support todays KYC, compliance and anti-fraud processes but for 2020 and beyond. “At 4Stop, we can have up to 2,000 data parameters for a single transaction. If you multiply that by millions of transactions per day or sometimes even per hour, it’s tough for global companies trying to achieve instant payments under PSD2 to stay on top. With our 4Stop platform we make it easy and cost-efficient for businesses to effortlessly manage and stay abreast of their risk, compliance and fraud prevention processes.”- states CEO Ingo Ernst. |September 2018
Pitching Excellence
E
xecutive Summary
Since Internet of Things technology started to gain mainstream traction, multiple platforms, solutions and strategies have been developed. At the moment there are more than 450 ‘platforms’ commercially available. Yet, realistically speaking, most of these have been designed for a very specific function on out-dated technology and mostly down a vertical application path.
The true power and differentiator in IoT.nxt resides in our full IoT stack capability encompassing the edge and the cloud. Background Our thinking from the outset has been that we wanted to adopt thinking and develop tech that creates horizontal interoperability between multiple systems and platforms in a technology agnostic manner.
Why? Well, historically, technology companies argued that the best way to quickly create commercial value was to develop a strong vertically integrated application encompassing an ecosystem of partners.
In 2002, it was all about the cloud. Amazon Web Services was launched and, when OPC Unified Architecture was released in 2006 enabling secure communication between devices, data sources and applications, adoption of IoT began to rise. The early adopters developed their projects with the cloud in mind. The thinking being a simple connected mindset where billions of sensors will be deployed and easily spin up supercomputers at low cost in the cloud to process all of this valuable Big Data… how could they go wrong?
The quickest way to show value was to focus on a vertical and go after it. We have a different view.
During the .com bomb era, people ran around with amazing ideas that they thought would take over the world
Similarly, gateway players have developed powerful gateway technology with a portion that generically aggregates data to the cloud.
14
once mass adoption took place. This was followed by an implosion which saw a huge number of concepts, ideas and investments disappear. A similar trend is developing in the adoption of IoT and in digitalisation in general. Part of the demise of this is because they were too early on the initial curve and either ran out of cash, were unable to build what they said they could, or saw new, sexier, more agile technology drive competitors closer to adoption. The .com bomb was a rationalisation and a reality for companies and their investors resulting in fortunes being made and lost in the hype. Timing is key in driving Big Tech. If you’re too soon, you are potentially busy developing a concept that will not only age quickly but give competitors plenty to learn from and piggy back off
|September 2018
allowing them to develop better tech that is more relevant and value driven. Often a cool idea is exactly that - a cool idea, but without real substance it doesn’t get wide commercial adoption. The commercial viability ultimately sits with the ability of a product to produce ‘real value’, whether quantitative or qualitative. And then there are the guys who make it. Amazon, Alibaba, Google. They were unprofitable for a number of years before they started to bear fruit simply because they played the long game. They saw past the hype and created products of real value. They made sure they will be relevant in future economies. The Importance of Timing Timing is everything, and tech is hard to time We entered this market at the perfect time. Two years in, our solution is strong and businesses at enterprise level are rallying to adopt Big Data technology. They’re embracing VR, AR, AI, cognitive, algorithmic machine learning technologies as they become a reality. As irrelevant solutions are being seeded out, the IoT.nxt approach to the problem of IoT is making us a major contender; cementing our position in the market. If we look at the solutions currently available, we understand more than most of these ‘platforms’ have all been built in the cloud. Five years ago everything was in the cloud, it is therefore unsurprising that it is still dominating IT discussions. Anyone who has, up until this point, embarked on an IoT initiative, has probably 1. built a solution that resides in the cloud; 2. leverages the power of the cloud and its ability to centralise and leverage processing power from the supercomputers that exist there; 3. adopted a top down approach incorporating the cloud as the central power behind the application. The Competitive Landscape Looking at the IoT industry and where the ‘competition’ and ‘incumbents’ are in the current IoT cycle, it is evident that IoT development are in a perfect bubble that I believe is not far from rationalisation. I think it will be less severe
September 2018|
than 2000 as I think investors have been more calculated; but there certainly will be a correction in the not so distant future. Driving my belief in this is that you need this type of event for eminence to be created. People need to start understanding where the true value lies. The companies that have the ability to lock into this IoT business value proposition and convert that into investor value will survive and will gain eminence. There are a number of great technologies and concepts available but only the ones that are able to truly unlock value will remain. What Sets us Apart The IoT.nxt approach has been somewhat different, defying the norm and, to date, it is my firm belief that ours is the only company that has this unique approach. Addressing the problems of interconnectivity from the bottom up, our solution acknowledges the power of the cloud and Big data, but also acknowledges that power is greatly diminished or even nullified if the edge layer is not correctly managed. Our definition of interoperability and data orchestration is, at times, diluted by platform players claiming to provide the same. They don’t. The general platform interoperability discussion talks to cloud interoperability. This is a hugely complex play that causes massive headaches for some of the most influential players as they try to fathom how to seamlessly integrate multiple platforms. API’s are the talk of the day, with the current solution to solving this dilemma, but it is simply not sustainable or practical. On a whiteboard it might look great having several platforms integrated via API and then plugging into some ESB via microservices, but I challenge to you to construct all of that and take into consideration the small part all of these guys initially did not deem necessary – the edge. This methodology is hugely reliant on smart sensor technology that has the ability to push data into the cloud. There’s a heavy reliance on networks and, as a result, ‘platforms’ are struggling to grapple with edge technology, all the while hopeful that a 5G, no, 20G network will resolve this problem. At almost all the international conferences we have attended in the last 24 months the major discussion has been Big Data and smart sensors, so most of the more mature platforms have been designed around the premise of them being able to receive data directly from the sensor.
15
The problem now is how to talk back to the sensor or machine and, more importantly, how to do this cross platform. An even bigger issue creeping to the forefront of discussions are regarding ecosystems in which near real-time data feeds are crucial. Yet still, the focus is on the cloud and understandably so, especially if you have invested millions into a technology that is reliant on the cloud. We do not believe this. For some time now we’ve been saying that the edge is eating the cloud. We’re not implying that the cloud will lose relevance. What we’re saying is that a true IoT ecosystem will become less and less reliant on the cloud and, in fact, that ecosystem design will rely heavily on edge capabilities. A natural oversight, but a crucial detail destined to form an integral part of this industry’s ability to commercialise in the near future. The IoT industry is inhibited by an inability to create interconnectivity and interoperability at the edge. Retrofit and Decrease the Barrier to Entry and Sweat the Assets. Correctly designed and engineered, edge technology enables edge interoperability and, more importantly, the ability to retrofit into legacy systems. Legacy systems, to a large extent, were disregarded, with current players relying on the ‘rip and replace ‘mentality that has governed and, to a degree, plagued the IT industry since the beginning, befuddling brands that have become household names. This mentality of winner takes all is not congruent with the ideation of a connected world and certainly does not embrace the concept of true scalability. Having to rip out and replace existing
16
technology and infrastructure on your journey towards digitalisation introduces a huge amount of additional complexity, disruption and a cost, all of which makes it a difficult sale to the business, contributing to the slow adoption rate of the 4th Industrial Revolution. So whilst the ‘big dogs’ are all trying to figure how they can develop and ensure technology lock-in to secure future revenue, they’re contributing towards the mixed message that is being sent out to the market, diluting the value of IoT technology as a tool to unlocking real business value. Value is a simple exercise for any business leader – Look at expenditure, then ROI. Satisfied? Great. Here’s the next question - is it relevant to my business? All Data is not the Answer. When we enter into discussions with big companies, the issue of legacy investments in technology at the edge comes up without fail. Remember that everyone is selling some type of cloud platform that is going to ‘change the business’, but that cloud engine is reliant on edge data i.e. devices, sensors, machines, protocols, PLCs, SCADAs, CCTV, access control systems - the list goes on and on. Clients start considering negotiating with each vendor and realising that, much like when our 1000 piece holiday puzzles has 1 missing piece can ruin the picture and make the whole exercise seem futile. It’s the same with many of the algorithms and predictive applications - the true power of these platforms lie in their ability to provide companies with insights. For this they are 100% dependent on having the correct, filtered, aggregated, curated, secure, real-time data from the edge, and they need all the pieces of the data puzzle to build the Big Data picture.
In every environment, on every piece of the puzzle there is information that is critical to the task at hand, and then there’s other information that isn’t needed in real-time. Things like whether a device needs to be serviced in a weeks’ time, whether stock is going to be depleted by the end of the month, etc. Now consider a sensor having a fixed normal range, and only recording exceptions rather than all data all the time - you’re able to reduce the amount of data passed by around 60%- 90% in real time monitoring environments, as a basic statistic. We are throwing away the rule book. While the rest of the industry scrambles to figure out how to showcase the exponential value of IoT whilst also attempting to lock clients in to their technology stack, we’re taking the IoT rule book and throwing it out of the window. We don’t care what technology our clients have now, and what technology they will have in five years’ time. We don’t talk about vendors, we talk protocols. We’re driving our clients to get to Big Data quicker, using what they have, thanks to our trademarked Raptor. Raptor technology is the missing link in most of the discussions around digitalisation. A normalised, edge layer of physical and virtual intelligence that can be retrofitted, deployed and connected seamlessly into an ecosystem of existing technologies and things, radically reducing the cost and time of having to develop multiple edge integrations into disparate cloud applications. The IoT.nxt Power-play Being able to retrofit onto all deployed devices, whether analog-, or IP-based has a huge benefit. |September 2018
Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ Ÿ
It reduces disruption to business processes, cost of implementation, cost of training, cost and impact of enterprise-wide change management, reduces vulnerability and cyber risk because of less technology disparity at the edge, reduces data moving across the network that reduces the cost of the network and network congestion, reduces processing required at the cloud platform level as the data has already been curated at the edge, reduces the cost associated with maintenance of edge integrated gateways, has less attack surface at the edge as the gateways are rationalised and simplifies real-time subsystem integration
All of this allows us to better leverage the power of our cloud platform as we can now understand the up-, and downstream effects of an event-triggered occurrence and effect dynamic and seamless recalibration and interoperability throughout ALL edge connected devices. We ensure that all the pieces of the puzzle are in the box, and ready to be pieced together to create the big picture. Conclusion Edge normalisation of data at the edge gateway layer form the foundation for rapid digitalisation and digital transformation. The disruption that everyone talks about is vested in the ability for an organisation to continue its business but iteratively and rapidly start to address the core issues within its business through digitalisation. This leads to more visibility on a real-time basis allowing for dynamic recalibration back into the business ecosystem to achieve optimised levels of production and efficiency that bring about change and new ways of doing the same thing, better. Peer-to-peer intelligence and learning will further drive this thinking – Raptor thinking - making us even more relevant as the necessity to drive edge analytics and decision making in critical business environments nullifies the cloud. Are you with me? If you control the edge you unlock the cloud, a bottom up approach.
September 2018|
17
Allgress Inc. Innovation of Compliance and Risk Management Solutions
T
oday organizations are staying ahead with innovative solutions to proactively manage and enhance the reliability of the business. By executing its unique solutions and activities which help them to take advantage of opportunities to grow in the competitive business world organizations are finding new ways to tackle risks. Analysis of risk and solving them also play a crucial role in the transformation process. Allgress Inc. is a global provider of next-generation integrated risk management IT Security, Compliance and Risk Management Solutions for organizations to manage their risk posture. Its unified solutions automate processes for assessment, reporting, monitoring, and remediation of business risks with less complexity and also reduced management costs. Unlike other solutions, Allgress’ awardwinning technology allows customers to derive quickertime-to-value without an army of consultants. Allgress Addresses the Continuum of these challenges with an Intergrated ERM Solutions Suite: · Changes in technology, business evolution, new and updated regulations plus hard requirements demanded from third-party vendors will continue to evolve at a fast pace. · Organizations will continue to be challenged using spreadsheets and manual methods of risk management which will continue to raise financial loses. · Automated platforms will continue to evolve to overcome the losses and challenges of disconnected risk management. · Lack of agility to identify, communicate and respond timely to changing risks and regulations. · Complicated methods to integrate solutions together so customers can utilize their existing investments Pioneers in Risk Management Expertise Jeff Bennett, President, COO, and Co-Founder and
20
Gordon Shevlin, CEO and Co-Founder, Jeff Bennett leads Allgress’ Business Operations, Product Direction, and Development. Jeff brings more than two decades of Business Leadership, Product Development, IT Security and Compliance industry experience to the company. As an entrepreneur, he has founded and led several companies, including digital defense services firms SiegeWorks and SiegeWorks International. He also frequently speaks at industry events to emphasis business risk management solutions. Jeff has also served on the advisory boards of other leading security providers. He holds a Bachelor of Science Degree in Business Administration from California State University at Hayward. Jeff and Gordon have a relentless drive to create a win-win partnership with customers and company partners along with the input of their internal teams to achieve innovative product and solution expansion. The rapid pace of change in business, technology, and computing requires creative thinking to reduce business risk. True to their passion, their efforts of keeping pace with the rapid change have leveraged the Allgress platform to identify business risk with less complexity and cost. Wide Array of Cutting-Edge Solutions Allgress provides an intuitive modular integrated risk management platform comprised of shared services that focus on helping customers and their partners to reduce business risk quicker with less complexity and cost. Its Risk Management platform includes data collectors, assessment, workflow, reporting, and incident management to correlates relevant data across regulations, assets, policies, controls, processes and business elements of their organization and partners to clearly identify potential business from a single dashboard. "We help our customers buy solutions by understanding their specific use-cases regarding solving challenges that |September 2018
”
THE
1
Most Trusted
Solution Providers 2018
Reducing business risk with less complexity and cost.
”
specifically focusing on their organization. We engage with our customers to develop proof of concepts to determine to solve their real-world risk management challenges then we introduce new solutions and technology where there are a business benefit and partnership to develop solutions further," note Jeff Bennett. Providing All-inclusive Platform The current non-automated approach to risk, compliance and third-party vendor management has led to increased complexity and lack of accountability. Usage of disparate spreadsheets, document, email and separate solutions has led to disjointed solutions. This method of risk management continues to put organizations at a greater business risk because of the inability to assess, communicate and mitigate risks. This common scenario leads to the lack of common platform services to enable automation and standardization of managing the entire risk management lifecycle. That’s where a common infrastructure enables the efficient and cohesive management of risks by consolidating the information from multiple sources to provide an intelligent enterprise view aligned with business objectives. Allgress provides a complete integrated Risk Management Solutions Suite that provides a common infrastructure that automates the entire risk, compliance and IT security, thirdparty vendor process without the complexity seen in other offerings.
September 2018|
Jeff Bennett President & Co-Founder
Benefits of the Allgress Innovative Approach · Flexible delivery options for rapid deployment · Leverages data feeds from existing investments in other business and technical solutions · Visual representation of risk posture, compliance status and state of third-party vendors that is easily interpreted by different stakeholders · Quick time to actionable results · Intuitive GUI for the administer and user · Simple License Model Offering Unified ERM Solutions Allgress is continuing to evolve its platform to accommodate the changing environment by providing features and functions to enable better decision making to improve the risk management process and organizations risk posture. Endeavoring Future Goals Allgress is continuously advancing its risk management platform to automate more tasks and making it easier to manage business risk with a focus on usability. The firm has also enhanced its functionality according to the need of its customers to supports new features of computing models and technology. Allgress’s risk management platform has the ability to continuously consume more IT data sources and business metric data along with the goal of incorporating artificial and business intelligence. It also is an exemplary management platform that will contribute to better risk management decision-making by taking advantage of advancements in technology.
21
Editor’s Prespectives
NETWORK SECURITY Threats
&
N
Solutions
ovember 3, 1988, is considered as a turning point in the world of Internet. 25 Years ago a Cornell University graduate student created first computer worm on the Internet, “Morris Worm.” The Morris worm was not a destructive worm, but it permanently changed the culture of the Internet. Before Morris unleashed his worm, the Internet was like a small town where people thought little of leaving their doors unlocked. Internet security was seen as a mostly theoretical problem, and software vendors treated security flaws as a low priority.
Let’s Take a Look at Recurrent Security Threats Types-
Today, there is a paradigm shift, Morris worm was motivated more by intellectual curiosity than malice, but it is not the case today. According to a 2015 Report, 71% of represented organizations experienced, at least, one successful cyber attack in the preceding 12 months (up from 62% the year prior).
Brute Force Attacks
According to survey report, discloses that, among 5500 companies in 26 countries around the world, 90% of businesses admitted a security incident. Additionally, 46% of the firms lost sensitive data due to an internal or external security threat. On average enterprises pay US$551,000 to recover from a security breach. Small and Medium business spend 38K. Incidents involving the security failure of a third-party contractor, fraud by employees, cyber espionage, and network intrusion appear to be the most damaging for large enterprises, with average total losses significantly above other types of the security incident.
Denial of Service Attacks A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report. A standard approach is to overload the resource with illegitimate requests for service.
Brute force attack tries to kick down the front door. It’s a trial-and-error attempt to guess a system’s password. The Brute Force Attack password cracker software simply uses all possible combinations to figure out passwords for a computer or a network server. It is simple and does not employ any inventive techniques. Identity Spoofing IP spoofing, also known as IP address forgery. The hijacker obtains the IP address of a legitimate host and alters packet headers so that the regular host appears to be the source. An attacker might also use special programs to construct IP packets that seem to originate from valid addresses inside the corporate intranet. Browser Attacks Browser-based attacks target end users who are browsing
22
|September 2018
the internet which in turn can spread in the whole enterprise network. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application. Malicious and compromised websites can also force malware onto visitors’ systems. SSL/TLS Attacks Transport layer security (TLS) ensures the integrity of data transmitted between two parties (server and client) and also provides strong authentication for both sides. SSL/TLS attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information. Secure Sockets Layer (SSL) attacks were more widespread in late 2014, but they remain prominent today, accounting for 6% of all network attacks analyzed. Network Security is an essential element in any organization’s network infrastructure. Companies are boosting their investments in proactive control and threat intelligence services, along with better wireless security, next-generation firewalls and increasingly advanced malware detection. The U.S. Federal Government has spent $100 billion on cyber security over the past decade, $14 billion budgeted for 2016. Increased use of technology helps enterprises to maintain the competitive edge, most businesses are required to employ IT security personnel full-time to ensure networks are shielded from the rapidly growing industry of cyber September 2018|
crime. Following are the methods used by security specialists to full proof enterprise network systemPenetration Testing Penetration testing is a form of hacking which network security professionals use as a tool to test a network for any vulnerabilities. During penetration testing IT professionals use the same methods that hackers use to exploit a network to identify network security breaches. Intrusion Detection Intrusion detection systems are capable of identifying suspicious activities or acts of unauthorized access over an enterprise network. The examination includes a malware scan, review of general network activity, system vulnerability check, illegal program check, file settings monitoring, and any other activities that are out of the ordinary. Network Access Control Network Access Controls are delivered using different methods to control network access by the end user. NACs offer a defined security policy which is supported by a network access server that provides the necessary access authentication and authorization. Network Security is a race against threats, and many organizations are a part of this race to help enterprises to
23
secure their network systems. Organizations like IBM, Symantec, Microsoft have created solutions to counter the global problem of network security threat. These cutting-edge products show genuine promise and are already being used by enlightened companies. Good Network Security Solutions Traits A real security solution should have four major characteristics; Detect Threats Targeted attacks are multi-faceted and specially designed to evade many point technologies attempting to identify and block them. Once they are inside, the only way to find these cyber threats is to understand the behavior of the individual attack components and use analytics to understand their relationships. Respond Continuously Today it is not important that an organization will be attacked, but important and more crucial is to identify when and how much they can limit the impact and contain their exposure. This means having the capability to respond quickly once the initial incident has been discovered. Prevent Attacks Malware is gettings quick-witted day by day. They utilize heuristics to change their code dynamically. A capable solution should have an adaptive architecture that evolves with the changing environment, and threats today’s business faces. Integration Today’s threats have multiple facets, and a single software or solution is not sufficient. Protection system should have the capability to integrate with other security tools from different vendors to work together as a single protection system, acting as connective tissue for today’s disjointed cyber security infrastructure. Solutions In Market Like infectious diseases, cyber threats will never be eradicated entirely, but they can be better contained and understood, and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive security architecture to battle today’s cyber pathogens. IBM has developed a vast fleet of products, QRadar, X-Force Threat Intelligence, Trusteer Pinpoint Malware Detection, IBM Threat Protection System a dynamic, integrated system to meddle the lifecycle of advanced attacks and prevent loss. The IBM Threat Protection System integrates with 450 security tools from over 100 vendors acting as connective tissue for today’s disjointed cyber security infrastructure. Symantec is another major player in catering enterprise network security systems with Symantec Advanced Threat Protection. Symantec ATP operates via a single console and works across endpoints, networks, and emails, integrating with Symantec Endpoint Protection (SEP), and Symantec Email Security cloud, which means organizations do not need to deploy any new endpoint agents. Symantec says, ATP is the only threat protection appliance that can work with all three sensors without requiring additional endpoint agents. With ATP, Symantec’s goal is to deliver end-to-end threat protection, prevention, detection, and response in a single pane of glass, offering more value to businesses than individual point products can provide. Symantec Advanced Threat Protection combines multiple layers of prevention, detection, and response.
24
|September 2018
AuditComply: A Comprehensive Risk and Performance Management Platform
R
isk is one of the fatal flaws, organizations often witness. Unmanaged risks can become the greatest source of waste in a business as well as the economy as a whole. Identifying risks and analyzing them in a planned and organized manner has become a requisite for the successfully completion of projects for every organization nowadays. Thus, a discipline or a strategy of interpreting and managing risks must be undertaken by businesses in order to avoid the adverse affection of risks and compliances in the operations or processes of the organization. Taking this scenario of the market into consideration, a risk and performance management platform, AuditComply, is developing comprehensive solutions for managing risk, quality, compliance and Environment Health & Safety (EHS), all in one centralized Risk & Performance platform. A Centralized Platform The company, which has grown rapidly since it was set up in 2014, provides software and services to organizations operating within highly regulated industries such as aviation, automotive, finance, healthcare and manufacturing. A list of large customers include Autoliv, Coca-Cola, Belfast Health & Social Care Trust, Sysco and Bushmills. Recently AuditComply was awarded a place on the G-cloud government framework and was shortlisted for Risk Management Software of the year at the CIR Risk Management awards. The fast growth of AuditComply in the last 4 years comes from its ability to deploy its solution into an organization’s
26
processes within minutes. AuditComply counts in hours and minutes, instead of months and years. It has a single solution designed for multi-site global deployment with local management. Its comprehensive & configurable enterprise workflow and desktop/mobile app are the perfect match for providing greater flexibility and visibility, instant reporting and real-time insights. Through this, the company gives organizations the ability to embrace change every day without software vendor intervention. Servings Shaping the Future of Risk Management AuditComply is a data-driven and SaaS-based solution to monitor risk and controls, spot hazards/issues, mobilize action and measure performance. The company’s powerful, scalable, and advanced analytics engine is trusted worldwide by organizations, as it helps them in uncovering data insights to drive better business decisions. Its dataintensive and high-level management software is suitable for manufacturing, government bodies, food, aviation, automotive and healthcare industries. “Our world class development team gives AuditComply a competitive edge within the market. Their continuous high level of innovation has acted as the catalyst for an extremely successful year for the company” said Richard Wilson, Marketing Manager at AuditComply. Organizations operating in regulated industries face an ever growing and increasing challenge to demonstrate compliance, manage and mitigate risk, whilst maintaining |September 2018
THE
1
Most Trusted
Solution Providers 2018
and exceeding quality levels. To this end, AuditComply is driven by this opportunity and challenge and one that it truly has an innovative solution to. The company is shaping the future of risk management, adding value from day one for their clients and ultimately building a platform that allows for digital transformation whilst enabling business process optimization. It meets the demand for the need to detect, report and manage processes in an intelligent system approach.
A Tech Enthusiast A Techno geek, Kevin Donaghy, CEO, founded AuditComply with an aim of shaping the future of enterprise risk management. Kevin has led teams and companies from the earliest stages of development through commercialization and hypergrowth phases. He started his career with WPDS in San Diego as a software engineer focused on Equipment Configuration Management systems for air forces across the globe. He quickly progressed to run multiple teams for Spirent Communications both in Ireland and the US. Kevin then founded Swan Labs which specialized in WAN optimization and was acquired by F5 Networks in 2005. In 2007, he founded Replify which focused on mobility optimization and virtualization. Through his own consultancy, Kevin has worked for web security firm Blue Coat Systems on mobile optimization strategy and on multiple projects from mobility, security and virtualization to online GRCl platforms. Kevin holds a PhD in Computational Fluid Dynamics from Queen’s University Belfast. Kevin holds a PhD in Aeronautical Engineering, an MSc in Computational Science and a BSc in Mathematics from Queen’s University Belfast. Moving towards the Vision AuditComply has a great vision of what a risk and performance management platform can have for their customers. It can truly transform and manage risk in real-time for large September 2018|
organizations, adding to their bottom line through improved supplier due diligence and ongoing assessment, better internal quality control and ultimately better custom service. AuditComply’s future goal is to become the leading platform in the risk and performance management, with the ability to consolidate document management and governance risk/compliance demands and requirements into the one platform. This will transform how they manage risk through fully connected drivers of policies, to the assessment and management of the evidence seamlessly. Customers Expressing their Satisfaction “AuditComply’s solution has greatly improved our productivity for both internal audits and production checklists. We found the assistance in moving existing audits to their solution excellent and seamless. Their approach and services simply work” - Michael Caughey, IT Support Specialist, Bushmills “AuditComply is playing a crucial role in changing the risk, quality & compliance culture. A worldclass system, a game changer in our industry. We required a solution that was mobile, automated our data and could be accessed in real time to ensure we are meeting quality standards across the supply chain.” - Johnny Elgin, Technical Manager, Sysco
“
AuditComply continues to see rapid growth year on year. Listening to our customer’s requests and working towards delivering a product that exceeds their expectations is vital. It is amazing to be part of such a fantastic team, building a solution that really meets both the market and customer demands.
—Kevin Donaghy CEO
” 27
W
hat are the latest trends in business world? An impressive raise in regulatory, compliance and risk management requirements together with an exponential growth of data that corporations struggle to manage. The idea behind Governance.com is a spot-on observation and vision of our founders, Bert (CEO) and Rob Boerman (CTO) to allow regulated entities to connect and structure their data. As a Regtech, our purpose is to allow our clients to structure and simplify their data and control their business by building their workflows, checklists and activities around it. Governance.com is a totally flexible and customizable central system which can be interfaced with legacy and external systems of our clients. All their data and operational flows are centrally linked and easily accessible via our platform. This explains our continuous growth and recognition among the industry (winning Fintech of the year Award in 2016 in LU, included on Fintech 50 2018 and Global 100 Regtech in 2017). We all know that a revolutionary vision and performant system do not guarantee commercial success. Regtech is a relatively young concept which has to show all its potential and concrete value to traditional companies. I truly believe that the key for a successful collaboration lies on an open and transparent communication. The biggest concern and
28
pain point of Regtech companies is the lengthy decision and procurement process of the companies. There is no point to get frustrated on this as we have no control on this process. I believe the optimal way to build long-lasting relationships is to focus on the challenges, needs and culture of our clients. An intensive risk assessment, a multi-layer decision taking and procurement process is part of the DNA of the regulated companies we are talking to. So, either deal with it or stay aside for Regtech CCOs. This is one of the first strategic decisions I have taken as Commercial Director: rather than beginning to talk how marvelous and innovative our solution is (and I truly believe Governance.com is an awesome platform) we always begin discussions by asking our contacts: How do you manage your business? What would you like to achieve with it? Ÿ What are you biggest pains? st Ÿ Who are the users? What is the 1 thing they will do on Governance.com? Ÿ Ÿ
Based on their feedback, second step is to show the features and functionalities of our platform adapted to their needs. During the advanced negotiations phase, we aim to underline our concrete support and value:
|September 2018
Define together the Return on Investment of the project: our aim is to achieve 600% ROI within 3 years Ÿ Focus on Simplicity of our platform: our motto is that a system is useful and will be used massively if it is simple to use Ÿ Propose Agile and timely Implementation: tech means a quick, easy and efficient deployment Ÿ Close follow-up of their activity: our Business Support experts are easily accessible during the entire process and afterwards to assist our clients in case of need Ÿ
This approach is the key for the strong and long-term relationships. It is also vital to integrate the decision-making and procurement variables very early in the process. Regtech is a new concept and Senior Management and DecisionMakers are sometimes informed of the procurement process once they have decided to use our platform. A pro-active and continuous support is the key to be able to work with them quicker and help them throughout the process. This, I believe, is the reason of our success and our shortened relationships activation compared to our industry standards. We are all so proud to be part of this exciting adventure, which allowed us to grow from 2 to 17 FTE with offices in Luxembourg and the Netherlands
We have many exciting challenges for the upcoming year: Continue our international expansion by partnering with high-quality organizations and direct presence via local offices. We plan to be present in the UK during 2018 and extend to US and Asia during 2019 to get closer to our clients worldwide. Ÿ Ensure continuous enhancement of our functionalities by listening to our clients Ÿ Implement Machine Learning and AI functionalities we are working on our platform Ÿ
Financial Regulation and Compliance costs around 780 BN $/year: 1% of Worldwide GDP! This is why it is so exciting for me to work within tech and being able to participate to a sustainable economy by providing a cost-efficient, safer and user-friendly solution!
Olus Kayacan, CCO of Governance.com, has over 20 years of experience in Financial Markets including prime brokerage and asset management with a substantial network of Institutional Investors, Retail and Private Banks, Brokers, Asset managers, Family O ces and Corporates. His career has allowed him to meet extremely exciting, interesting and professional individuals every single day. He has successfully participated to the launch & development of several businesses and overachieved commercial targets on each of them. September 2018|
Governance.com
29
E
Damian Crawford Managing Director
JCAD: Streamlining Risk Management
very organization, large or small, across every sector, needs to understand and manage the threats to achieving its objectives. Over the years, ERM has continued to grow in importance. In the opinion of JCAD, risk management used to be a tick box exercise that would be completed, perhaps shared with a couple of stakeholders and not looked at again for another 6 months or so. Now, the business pace has quickened and become more complex. The significant technology enhancements available today make the world much more accessible and this in turn makes the risks facing an organiza on vast. Events have a much more immediate effect on organizations too, partly down to the visibility and accessibility that social media and smart phones bring. Compliance and legislation have had to tighten due to these changes, for example, changes to data protection (GDPR). Risk management is less about managing risks and more about making informed decisions with risk in mind. This approach has allowed risk management to be considered as a business wide concern rather than siloed as its own department. JCAD’s risk management solution, CORE, allows for any risk to be linked back to strategic objectives. This centralized solution allows for consistent information to be available to the whole business and for more informed decisions to be made. A family-owned business, JCAD envisions becoming a globally recognized brand delivering cost effective business assurance, claims handling and risk management technologies. This confidence stems from over 25 years of successful software development and a client base of over 200 organizations all of whom recognize the value that JCAD brings to their business. JCAD continuously strive to provide a personal service at all customer touchpoints
32
|September 2018
THE
1
Most Trusted
Solution Providers 2018
whether at point of sale, during implementation or subsequent support. In fact, it is JCAD’s friendly team of consultants and developers that are the firm’s greatest asset ensuring that products are innovative, easy to use and well supported; in this way clients improve efficiency, productivity and thus save money. Delivering Intuitive, Functional and Long Lasting Products
JCAD develop two distinct business applications, CORE, which provides enterprise risk and compliance management and LACHS, which delivers claims handling functionality. Both systems have been developed with input from our client and prospect base thus ensuring that the systems are easy to use, functionally rich, cost effective and quick to implement. In Damian Crawford’s opinion the decision to focus on ‘off the shelf’ solutions is what has made JCAD so successful, that and great customer care. “We took the decision many years ago to concentrate on delivering robust solutions straight from the box. This makes implementation far quicker and training much easier as all clients utilize the same suite of tools in pretty much the same way with minimal disruption”. The company offers a standardized approach that replicates industry best practice but also enables a level of configuration of certain elements that are client specific. Taking Family Business Further As a family-run business, John Crawford founded the company in 1991. Having now retired, John has passed the mantle to his two sons, who now lead the company. One of his sons, Damian Crawford, serves as the Managing Director of the company. Damian’s role involves overseeing the continued development of its company, employees and customers. Alongside this role, he also heads up JCAD’s product design and development. Having been with the company since 1995, he has a full understanding of its customers claims handling and risk management requirements with his key aim to continue to listen, deliver and exceed expectations. Paramount Lessons Learned
‘‘
We aim to have a measurable and positive impact on our clients’ business performance and processes to help them achieve business growth.
Client testimonials “The Council required a better way of managing its risks, rather than the disjointed arrangements we had using Excel and Word. JCAD CORE has enabled us to report with the most current data across strategic, operational and programme/project risks. It has the flexibility in the format of reports, so we have a ‘corporate’ look but enables bespoke reporting that is designed by our own JCAD administrator.” - Pam Pursley, Risk Manager, Somerset Council. “The team was very helpful during implementation and continues to be very responsive to questions. Even with our 6-hour time difference, they make it work. We are very pleased with the product and use it as an electronic database of our enterprise risks.” - Joda Morton, Risk Manager, University of Illinois.
JCAD believes in sticking to one or two technologies and doing them well. According to the company, keeping things simple is more likely to engage users than an overly complex tool that can at best confuse and at worst alienate stakeholders. Over the years, it has also learned that client communication is the vital component to run a successful business. It understands the customers’ problems and provides simple solutions. September 2018|
33
Interpreting Risks
Minimizing the Adverse Effects of Risks H
as the number of security issues you deal with on a routine basis ever made you feel a bit like Atlas carrying the world on your shoulders? I can’t tell you the number of conversations I’ve had with discontented security practitioners who lament to me the woes of trying to speak with management about the latest Heartbleed or Spectre/Meltdown vulnerabilities and ‘management just doesn’t understand’. Even worse, when management inevitably turns a blind eye to the issue, the security practitioner worries that they’ll be searching for a new job if the vulnerability is ever exploited. As the Information Security Program Owner at National Instruments for over eight years, I frequently find myself offering up the following bit of advice to my compatriots who are struggling with what to do in this situation. When I first started the security program at National Instruments, I had these same feelings of anxiety. The tools that I was using to scan our networks, systems, and applications were coming up with vulnerabilities left and right, but there were few things that I had the ability to fix. I had to go to another team, explain what had been found, and then I had to somehow try and convince them that they needed to fix it. In some cases they humored me, but in many cases the result was that my vulnerabilities were just another bug that they’d get
34
Josh Sokol Creator & CEO SimpleRisk
|September 2018
to when they had time. The weight of all of these unmitigated issues was crushing me. I knew that if I didn’t find a better way to do things, then I wouldn’t last long in that role. I quickly came to realize that my role as a security practitioner never was to fix the vulnerabilities that I found. That was the function of the application administrators. Nor could I control the resources and roadmaps which determine the prioritizations of the various mitigations. That role belongs to members of the business. My primary function as a security practitioner was to assist in identifying the issues, advise on how to mitigate them, and ensure that the right stakeholders are aware and educated so that they could make the most informed decision possible for the business. In short, my role was that of a risk manager and my job was to drive visibility and accountability of the risks the organization is accepting to the stakeholders who are accepting them. To formalize the processes around my newly found risk management role, I did quite a bit of research around what others were doing. Eventually, I stumbled across the NIST SP 800-30, a Risk Management Guide for Information Technology Systems. I’ll admit that it wasn’t the most titillating document I’ve ever read, but the content really helped to solidify what our risk management process needed to look like. To start with, I needed a way to track all of the risks that we were collecting through various assessment processes in our environment. This system, typically referred to as a risk registry, would become the aggregation of risks found in our organization through vulnerability assessment, auditing, interviews, vendor notifications and many other sources. In order to be successful, I needed a system that everyone could access quickly and come across a risk in their environment and a system that allowed them to enter a minimal amount of data about the risk so that they could get right back into what they were doing when they identified the risk. I would then use that information to later populate the details myself or to schedule time on their calendar to fill me in. My system also needed a way for me to understand the prioritization, or risk level, of the risks I was capturing.
September 2018|
Once the risk had been recorded, I needed a way to track how we were going to handle the risk. Possible options ranged from accepting the risk because the likelihood and impact were within what we considered to be a tolerable range to planning some sort of mitigation for the risk. I needed a way to understand the level of effort involved so we could balance those costs against the risk level. If my ultimate goal was to drive visibility and accountability up the chain of management, my last step was to have a process for who would perform a review of the risks. I decided to use a combination of the team a risk is assigned to and the risk score. Since risk management is designed to be a cyclical process with risks re-evaluated on a routine basis, I also used the score to determine how often the risk would be reviewed. Most of the organizations I speak with these days about risk management start out using complicated formulas on excel spreadsheets, but there are tools called ‘Governance Risk and Compliance’ (GRC) that can help you with this endeavor. There range options from open source tools like ‘SimpleRisk’ to more expensive options like ‘Archer’. It depends on how complicated you need your workflows to be and how many resources you can afford to spend to run the program. I started this discussion with the person telling me that ‘management just doesn’t understand’. The fact of the matter is that management doesn’t understand because they weren’t speaking the same language. Your business understands risk because they use it every day to make calculated decisions about the investments it is making. Risk is the language of business and shifting the focus of your conversations to risk will ensure that everyone is on the same page and that you are not only viewed by management as an excellent communicator, but also a stellar security professional helping to guide the organization in proper risk management. Not only that, but you will sleep better at night after shedding that weight off your shoulders and placing it back on the solid risk management foundation on which it belongs.
35
Anticipating and Managing the Risks across Enterprises
M
any organizations are sensitive to the inherent risks in their businesses, and constantly struggle to enable a continuous flow of feedback on residual risks and solutions. But, in many ways, the stakes are higher, and the risks are greater today. Simply put, to remain competitive today, corporations must consider risk management as a critical component of their operations. Without it, a firm can hardly define its future objectives. And if a company defines its objectives without taking the risks into consideration, it may lose its direction if uncertain risks hit their operations. Riskonnect identified this ongoing scenario, and started helping organizations address it through an integrated risk management platform. Riskonnect was founded with three elements in mind: being a customer-centric organization, serving as an application of leading technology, and enabling organizations to manage all types of risk. An Integrated Risk Management Platform Riskonnect is the trusted, preferred source of integrated risk management technology. The company offers a growing suite of solutions on a world-class cloud computing model that enable organizations to better manage risks across the enterprise. It is a sophisticated technology platform delivered on SaaS basis that covers both insurable and noninsurable risks. It allows organizations to holistically understand, manage and control risks to operate more efficiently and positively impact shareholder value. Riskonnect’s highly configurable technology is ideal for forward-thinking organizations facing increased scrutiny and accountability for corporate governance, strategy and strategic risk. The company’s solutions help their customers plan and respond intelligently to risks that could potentially harm an organization and its corporate reputation.
38
An Industry Veteran As the company’s innovation continues to advance, so does its leadership. Jim Wetekamp recently joined the organization as CEO. He has more than 20 years of extensive experience in leading organizations. Before Riskonnect, Jim was CEO at BravoSolution, a Chicagobased cloud procurement solutions provider for three years. He led the firm to an increasingly global footprint with a continuing profitable growth. Jim’s hiring came on the heels of a strong first quarter for Riskonnect, including being named as a Leader in The Forrester WaveTM: Governance, Risk, and Compliance Platforms, Q1 2018, and a finalist in the Atlanta Business Chronicle’s 2018 Pacesetter Awards. Responding Risks through its Unified Solutions Riskonnect’s integrated risk management technology solutions address insurable and non-insurable risks, enabling organizations in various vertical markets to make informed strategic decisions by tracking, analyzing, connecting and mitigating risks along with a holistic view of risk management. Its broad range of solutions includes enterprise risk management, risk management information systems, health and safety management, audit management, compliance and regulatory management, vendor risk management, business continuity management, and healthcare risk management. In addition, Riskonnect offers a single, unified, and automated risk-assessment tool that provides critical insight into all the strategic and operational risks across the enterprises to align with the risk tolerance of the organization. Its integrated risk management addresses risks across a variety of levels in the organization, including strategy and tactics, covering both opportunities and threats. |September 2018
THE
1
Most Trusted
Solution Providers 2018
Designing the Future of ERM Successful ERM programs will require GRC technology to improve executive-level risk awareness and visibility and to drive action at the operational levels. Many organizations feel compelled to embrace ERM due to regulatory demands, while the company believes that all the organizations must employ the innovative program. An effective ERM program can serve as the ‘voice of reason’ in the executive suite. Effective ERM programs provide a platform for organizations to evaluate decisions about reserves, investment levels and funding of key initiatives. Thus, ERM programs should expand their use of data and analytics, instead of simply studying a single event that had a significant impact to a series of events that have a significant impact. Additionally, risk management organizations should monitor trending events in an attempt to solve the problem sooner, which results in having a more positive financial impact on the organization. Riskonnect’s vision is to continue to grow in scale that is measured by the breadth of its offerings across the risk spectrum, the breadth of its reach in terms of industries and geographies, and the depth of its value-added experience and support to drive customer success. Statements of Appreciation “With Riskonnect, there is more time to focus and spend more time on the analytics as opposed to the data gathering.”- National Food Company You all have designed, developed, tested and implemented a risk management Information System with deployment to 37 countries (including developing the training materials and training almost 100 users in those countries) in just 5 months! You guys are awesome, and while we still have worked to do, I want you to know how proud I am of what has been done and how much I appreciate all those midnight hours spent on bringing this project home.”Jackie Hair, Executive Director, Risk Management - Corporate Ingram Micro, Inc.
“We are the
trusted, preferred source of Integrated Risk Management technology. — Jim Wetekamp CEO
September 2018|
” 39
Tech-Trend
EMBEDDED
SYSTEMS ARE GAINING
POPULARITY
ACROSS ALL DOMAINS
I
n today’s emerging world, systems have bought an ease of work due to its inherent advancements and features. The embedded system is one of the most imperative subjects in the digital world. Thinking about technology, daily lifestyle essential devices like mobile phones, tablets and laptops come to our mind, but the internal features is not known to most of us. The presence of these devices is almost inevitable in all facades of the human endeavor. In order to understand more about the operations, functions and features of embedded systems, it is defined here ahead. Embedded Systems -It is an electronic system incorporating hardware integrated circuit with software programming techniques for delivering various projects solutions. The main advantage of using an
40
embedded system is it helps to reduce the complexity of the circuits which becomes expedient. It also offers a cost effective and an appropriate size which is suitable for the system. This electronic system can perform single or multiple tasks based on the application. An embedded system consist of hardware such as power supply kit, central processing unit, memory devices, timers, output circuits, serial communication ports and system application specific circuit components and circuits. Types of Embedded Systems The Embedded systems are classified into categories such as · Based on its performance and functional requirements · Performance of the Microcontroller
The category- based on its performance and functional requirements are classified into four types that are Stand alone, Real time, Networked, and Mobile embedded systems. Further, the categoryperformance of the microcontroller is classified into three types that are small scale, medium scale and sophisticated embedded systems. An Excellent Application Provider The embedded systems are highly applicable as it is a special-purpose system due to its unique characteristics. It is used in a diversified area of things as its components and functions of hardware and software are different for each system. It is applicable in areas like communication, space, transportation, robotic systems, and home appliances and many more.
|September 2018
Real Time Applications of Embedded Systems Ø As it has a vast variety of application domains it differs from high expense to low, consumer electronics to industrial equipment, academic equipment to entertainment devices and from weapons to medical instruments and aerospace control systems. Here goes some of the categories embedded systems are used: Ø Consumer electronics- Mobile phones, videogame consoles, digital camera Ø Household appliances- Washing machines, microwave ovens, refrigerators Ø Medical Equipment- CT Scanners,
September 2018|
Ø
Ø Ø
heartbeat monitors, electrocardiogram Automobiles- Antilock braking systems, air-conditioner controls, electronic fuel injection systems Industrial Applications- Assembly lines, multiple parameter monitoring systems, data collection systems Aerospace- Navigation systems, guidance systems, GPS Communications- Routers, network hubs, satellite phones
Progression of Embedded Systems over the Decade With changing times, inventions have become a routine in the world of technology; the embedded systems have also undergone some salient modifications. In the existing times,
the embedded technologies are responsible for the intellectual capabilities of utmost modern devices, for both consumers as well as industrial. To present this in a simpler manner, the embedded systems not just control the lifestyle devices like microwaves, smartphones, tablets, and other consumer electronics but also directs the telecommunication systems, submarines, ATMs, and many more. The upper echelons in the field of embedded technologies have created some innovative technologies over the last decade which is highly admired. Multi-core processors, virtualization, the expansion of devices with improved security requirements, 64-bit processors and new chip manufacturing processes are some of
41
the innovative achievements. Embracing such innovative technologies addresses the scale of the market and the number of its players which include companies like semiconductor suppliers, system software development, and mechanical components suppliers, system software development companies, and mechanical components suppliers. The embedded systems market leaders include national and international renowned companies. Advancing with Multifunctional Features With the advent of multi-functional engineering, the next age of wireless communication systems is encouraging a new level of technology integration. Incorporating effective measures like progressive data rates, great connectivity for systems such as the Internet of Things (IoT), less power consumption, and other striving goals can be achieved by joining advanced digital, RF, and antenna technologies. An embedded system which performs multiple applications is known as a multi-mode embedded system as it dynamically recomposes the system functionality. Moreover, an embedded system which additionally assists multiple tasks to be executed in a mode is known as a multi-mode multi-task embedded system. The multi-material additive manufacturing processes offer the potential for multi-functional parts to be manufactured in a single procedure. To utilize the potential benefits of the developing technology, analysis, new designs, and optimization methods are needed. Such methods are facilitated in the optimization of a multifunctional part by pairing both the structural design aspects and system. An application development platform known as Multifunctional Embedded Application Platform (MEAP) is used to create customized applications. Trends to Watch Developers should constantly keep an eye on the trends and make appropriate use of the latest advances in techniques and technologies. Some of the trends include Internet of Things (IoT), processor technology, storage, artificial intelligence and, virtual and augmented reality. Also, there are several trends like embedded security, realtime visualization; cloud connectivity and Bluetooth mesh networking, low power consumption and optimization that will help developers working with microcontroller-based solutions. Elevating with Time Over the years, embedded systems have come a long way and contributed to every aspect of the industrial sector. All the devices or appliances used in our daily lives are designed in such a way that can be used without creating difficulties using the embedded systems. Taking this into account, in coming times every object around will consist of a either a small processor or sensor embedded within itself. Even though it is invisible to the naked eye it still connects with multiple other devices to make the lives more allied and accessible than ever before. Using embedded systems, wonders like driverless cars, fully automated factories, adaptive home appliances and many more devices have successfully been created. In the upcoming times, the embedded systems are looking forward to evolve with technologies that will assist large data storage dimensions, faster communication and highly linked connections among the devices.
42
|September 2018