A Mediaplanet Guide to Simplifying Commerce
Payment Technology & Data Security
Blake Morgan The acclaimed author explains why retailers need to bring contactless payments into the fold How we can end the longstanding monopolies in digital payments Why the race to the cloud is continuing as workers return to the office
SEPTEMBER 2021 | FUTUREOFBUSINESSANDTECH.COM
An Independent Supplement by Mediaplanet to USA Today
Using Continuous Payment Technology Innovation to Stay Ahead Now’s the time for companies and organizations to embrace payment technology, including touchless payment systems and ecommerce.
T
hat’s the message from Shep Hyken, a customer service and experience expert, and chief amazement officer of Shepard Presentations. “COVID accelerated the use of many of these technologies by three to five years,” Hyken said. These products and services weren’t innovative, he says, they were just used more during the pandemic. Once consumers started using these contactless technologies, such as Apple Pay, they found them to be safe, easy, and convenient to adopt. Now they’re the payment standard. Hyken says touchless tech is very popular, and once everything is automated, consumers won’t want to go back to traditional payment methods. He recently used a selfcheck at an airport store to buy a sandwich. This type of checkout relies on the honor system, @MEDIAPLANETUSA
with the business typically having one support person available. “The newest technology that you’re going to see becoming more and more commonplace is the ability to walk into a store, pick up whatever it is you want, and walk out with it,” he said. For example, Amazon Go, which is currently available in Seattle, New York, Chicago, and San Francisco, allows customers to use the Amazon app, take what they want in a store, and walk out when they’re done, without having to wait in line or check out. Convenient and personalized A new way of paying is the hybrid model, where customers order items online and then physically pick them up in the store. The risk for retailers is that this limits impulse buying because it reduces the number of customers walking @FUTUREBUSINESSTECH
COVID accelerated the use of many of these technologies by three to five years.
the store, tempted by the items on display. “We’re headed to a world of complete convenience,” Hyken said. He says it’s very important for companies to suggest items during the online shopping process. For example, if a customer is buying paint online, does the website suggest buying brushes, tape, and other painting supplies? That personalized experience relies on artificial intelligence, but it can both improve the customer’s experience and increase revenue for the company. Getting started For companies looking to improve their payment technologies, Hyken advises looking at the competition and seeing what payment systems they have. If you like them, call the sales rep for that company. He also suggests looking at payment systems for com-
panies that you like, even if they’re outside your industry. Ask your employees and your customers for their opinions, too. Customer service The bestselling author says it’s smart to offer cash and traditional payment options, at least for a while, since not everyone adopts new tech right away. Having a variety of payment options means you’ll be accessible to more customers. While staying current on payment technologies is crucial for businesses, human customer service is still essential, too. “An important piece to remember is you cannot completely, 100 percent automate a relationship,” Hyken said. “Even Amazon has the ability for you to talk to people when you need to talk to people.” n Kristen Castillo
INQUIRIES: US.EDITORIAL@MEDIAPLANET.COM AND US.ADVERTISE@MEDIAPLANET.COM
PLEASE RECYCLE
Publisher Christian Whitney-Smith, Chandler Bishop Business Developer Abraham Freedberg Managing Director Luciana Olson Lead Designer Tiffany Pryor Designer Celia Hazard Lead Editor Mina Fanous Copy Editor Dustin Brennan Partnership and Distribution Manager Jordan Hernandez Cover Photo www.blakemichellemorgan.com All photos are credited to Getty Images unless otherwise specified. This section was created by Mediaplanet and did not involve USA Today.
2
READ MORE AT FUTUREOFBUSINESSANDTECH.COM
SPONSORED
How Every Business Owner Should Get Paid Business owners need a payment processor to help them be more efficient and make better business decisions through the power of payments — one company is streamlining the approach.
S
tax, a leading provider of integrated payment technology, has a onestop-shop solution that’s helping businesses thrive and grow. Since 2014, they’ve helped over 22,000 small and large businesses through their only all-in-one payments platform. Formerly known as Fattmerchant, the company has powered over $10 billion in transactions. Solving a problem Suneera Madhani, founder and CEO of Stax, started the company with her brother, Sal Rehmetullah, as a family-run business. “We’re two minority founders from an immigrant family and have operated in small businesses our entire life,” she says. “We didn’t just come out of school to say, ‘I want to be in payments.’ Having personally lived through the challenges faced by business owners, we really wanted to solve their problems.”
When they launched, they knew, “businesses were going to have to accept payments in a multitude of ways, in person, online, over the phone, via text message.” Suneera points out, “Whatever way consumers want to pay, the business has to be able to accept all those payments.” At that time, there wasn’t a singular platform that was connecting all the ways that consumers wanted to pay. For example, a company had to use Square for their mobile, go to the bank for their terminal, or use QuickBooks for an invoice. “We created our platform Stax Pay, which is essentially the hub of business management platforms for businesses to accept all payment types, in a single place,” she says. All-in-one platform With traditional processors, businesses have one processor for their website (if they have one) and a separate processor
for their brick-and-mortar store. They use different tools to manage invoicing, inventory, data, etc. But Stax streamlines payment processing for business owners by keeping all processing in one space. Stax Pay is easy to use and offers secure in-person, on-the-go, and online payment processing. The technology was built by business owners for business owners. “Stax also saves businesses so much money,” says Madhani. “That’s because they’re not having to go to four different processors for four different solutions. It’s a singular subscription for software that solves all your business needs.” The all-in-one platform has no hidden fees or contracts. They have full payment transparency and have no charges beyond their membership/subscription fee. Stax users save an average of 40 percent on their payment processing costs compared to other processors. With Stax, businesses can swipe, dip, and tap credit cards to accept contact-
less payments via customizable cloudbased terminals. They can also accept credit card payments over the phone. Stax customers can schedule recurring payments, send branded invoices, and send payment reminders, as well as track payments. Another of their offerings is Stax Connect, a fully managed payments facilitation ecosystem built for SaaS companies. The industry-first product allows software companies to integrate a white-labeled payments experience for a more complete end-to-end software experience, including services like user enrollment and risk management. Growing businesses Businesses can utilize Stax’s payment data to help them grow. For example, they can store information for transactions and with one click, access business insights through data analytics on payments, deposits, and inventory. “These are meaningful insights, meaningful data for businesses to understand their customer: how often they return, what they are purchasing, and how can we actually drive more top line, instead of just focusing on taking from a business’ bottom line,” says Madhani. She urges businesses to embrace this streamlined technology, noting that during the pandemic, businesses who adopted this new tech, including contactless payments, were the ones that succeeded. “We grew through the pandemic and it was our biggest growth year that we’ve had, because businesses needed to adopt seamless technology, save dollars and actually grow,” says Madhani. “I think that the future is now.” n Kristen Castillo
To learn how Stax can work for your business, visit fattmerchant.com.
MEDIAPLANET
3
How Flexible Payment Solutions Can Help Companies Win Over Customers Consumers want flexible payment solutions and smart businesses must meet that need. According to Nicole Reyhle, the founder of Retail Minded Magazine, the pandemic was a turning point for flexible payment solutions. “From a consumer perspective, customers were challenged with change,” she said. “And although many customers were frustrated, along the way they realized there’s a lot of new conveniences and new ways for them to shop.”
Modern layaway As of June, 6.2 million Americans were unemployed because their employer closed or lost business due to the pandemic. In May 2020, 49.8 million Americans were out of work. This has caused financial strain, and flexible payment solutions can help reduce stress as consumers pay their bills. Reyhle encourages business decision-makers to welcome payment opportunities into their collective consumer “path to purchase.” For example, payments
provider and shopping service Klarna, which has a buy now, pay later (BNPL) model, has had impressive growth. The service splits payments for purchases into four installments. The service has 90 million global active users and 2 million transactions a day. Klarna has over 200,000 retail partners, including H&M, IKEA, Nike, and Samsung. Integration Businesses need to make sure these applications, as well as others like Venmo and Apple
Pay, are integrated into the company’s point of sale. Reyhle says younger consumers don’t want to use credit cards like the ones their parents and grandparents used. “Where and how they choose to spend their money is important for them,” she said. “They don’t want to carry debt, so they look at this ‘buy now, pay later’ as a savvier way to make purchases.” Reyhle says millennials are more likely than others to buy an item the first time they see it. This impulse buying
contributes to a significant percentage of a retailer’s total revenue. “If you are looking to strengthen your conversion of customers, introducing this buy now, pay later experience into your transaction options is highly desirable,” she said. “You want to convert your customers as quickly as possible, and by getting consumers like millennials to buy something now even though they want to pay later, they look at it as a better buying experience.” n Kristen Castillo
Why “Buy Now, Pay Later” Is the New Normal
O
How a “buy now, pay later” platform can lead to more business — and more repeat business.
ne of the biggest changes in the rapidly changing world of commerce is the rise of “buy now, pay-over-time” platforms. More than a third of shoppers would consider paying over time if it was offered, and flexible payment arrangements are expected to account for nearly $700 billion in transactions by 2025. “Offering this option allows merchants to meet consumers where they are,” says Libor Michalek, president of technology at Affirm, a leading finan-
4
cial technology company, “and provide options that align with their needs and preferences.” Benefits of flexibility Affirm offers a range of flexible paying services to businesses of all sizes. “Offering a flexible payment option helps businesses grow while minimizing discounting,” notes Michalek. “We help merchants capture larger orders, convert more consumers, and build consumer loyalty.” “We want to give customers the best possible deals and enable them to experience the
READ MORE AT FUTUREOFBUSINESSANDTECH.COM
moments that matter,” says Jacobus Kok, product director at Priceline, a leading online travel agency using Affirm’s platform. “Buy now, payover-time unlocks a unique opportunity for both the customer and merchant. We are seeing both new customers and higher order values with customers paying with Affirm. Implementing a pay-overtime option has driven a positive impact for our business.” Choosing a partner When it comes to implementing a buy now, pay-over-time
platform, Kok advises thorough research and testing. “The implementation, execution, and ease of use are important,” he says. “As are the alignment of values, specifically around trust and transparency,” he adds. Michalek agrees. “Affirm was founded with the mission to build honest financial products that improve lives. We don’t make money off consumer misfortune. We succeed when the consumer succeeds.” Michalek believes the future of commerce is all about giving customers the power of flexi-
bility. “Whether a consumer is purchasing fitness equipment, a ticket to Europe, or a new pair of sneakers,” he says, “Affirm is a flexible way to pay.” n Jeff Somers
To learn more about what Affirm can do for your business and your customers, visit affirm.com.
It’s Time for True Innovation in Payments The COVID-19 pandemic has accelerated everything digital, from how we shop to how we pay. Use of contactless cards and mobile payments by consumers worried about surfaces they touch has exploded.
N
ew hardware, software, and services are rolled out daily, and no idea seems too farfetched — a Euromonitor survey conducted for the National Retail Federation found 20 percent of consumers are willing to implant a payment chip in their finger. But for all the headlines about innovation, most of what we’ve seen has stayed largely the same under the hood. That’s because most contactless cards, digital wallets, and even chips in fingers are just other ways to use a credit card, and most still operate over the Visa and Mastercard processing networks. Under the status quo, banks and card networks take a percentage of each card payment, and during the pandemic, almost all retail payments were made by card. Fees charged to merchants total over $100 billion annually and drive up consumer prices by hundreds of dollars for the average family. Changing the norm Government agencies are starting to do something. The Department of Justice derailed
Visa’s attempt to buy and bury Plaid, which supports apps like Venmo that let consumers send money to friends or retailers without using expensive networks like Visa. Both the DOJ and Federal Trade Commission are investigating whether banks are circumventing pro-competition fed-
eral law that gives merchants the right to choose where to route debit card transactions for processing. The Federal Reserve recently said routing choice has been blocked online and is developing regulations clarifying that routing rights apply online the same as in stores. And there’s talk of
expanding routing choice to credit cards. Some alternatives to Visa and Mastercard have appeared, such as buy now, pay later (BNPL). Unfortunately, BNPL processing fees can be far higher than card fees, severely limiting their usefulness. There’s also talk of cryptocur-
rencies like Bitcoin changing payments. But while cryptocurrencies might be a tempting investment, they lack the stability, wide use, and acceptance needed to be true currencies. One option with huge potential is the FedNow “faster payments” system being developed by the Federal Reserve, which could provide a direct link between retailers and consumers that would end card companies’ near monopoly. Perhaps the Fed should also create a “sandbox” to give non-bank fintech innovators — operating under proper supervision — a better chance to get into the game. The pandemic has brought an inflection point where we can either foster true innovation or just let the big card networks continue to run everything. As we think about payments, we must realize innovation isn’t about new card readers, high tech, or even chips in fingers. It’s about ending monopolies that stand in the way of progress. The time to demand true innovation and competition has arrived. n Leon Buck, Vice President for Government Relations, Banking and Financial Services, National Retail Federation
MEDIAPLANET
5
Customers Demand Contactless Payment Options — Here’s How to Make It Happen
5 Things Eaters Have an Appetite for When It Comes to Restaurant Technology Is technology changing the way your customers decide where and what to eat? The answer, according to the National Restaurant Association’s annual “State of the Industry” research, is yes. More than ever before, American consumers are relying on their laptops and smartphones to explore their dining options. Here are some takeaways from the National Restaurant Association’s recent research: 1. An online visit More than 6 in 10 consumers say they have looked up information about restaurants or viewed a menu online, or visited restaurant websites before choosing their dining destination. More than one-third of smartphone users say they use their phones to look up restaurant locations, directions, or hours of operation at least once a week. 2. The takeaway Half of adults, including 67 percent of millennials, say they’ve placed a food order online for takeout or delivery. Forty-two percent of adults surveyed — including 53 percent of millennials — say that if a restaurant offers online ordering, they’re more likely to choose it over another one.
Cash is out, contactless payments are in. It’s yet another change catalyzed by COVID. Over the past year, many stores stopped accepting cash payments and made the switch to contactless out of necessity to limit customer and employee touchpoints. In 2020 alone, in-store mobile payments grew
Contactless payments aren’t just a COVID trend.
3. Calories still count About 1 in 4 adults — and 1 in 3 millennials — say they’ve gone online to look up nutrition information for restaurant food. 4. Resting on loyals More than half of smartphone users report that they use their phones to engage in restaurant loyalty programs, rewards, or special deals. 5. Simply, service When asked whether they’d rather sit down for a restaurant meal with traditional table service, or sit at a table where they could place orders and pay for them with a tablet or phone app, more than 6 in 10 adults said they’d choose traditional table service. However, there are generational differences: 3 in 4 baby boomers said they would opt for traditional table service, but millennials were split. Fifty-two percent of millennials said they’d order and pay electronically from their table, while 48 percent would pick the section with table service. Bruce Grindy, Chief Economist, National Restaurant Association
6
experiences. On average, a contactless payment takes just 15 seconds, which is less than half the time of traditional payment methods. Over the next few years, contactless payment options won’t just be nice to have, they will become a necessity for retailers. They will be so important that customers will turn away from
29 percent, and the numbers are growing rapidly, with half of all shoppers expected to use contactless payment by 2025. Contactless payments aren’t just a COVID trend. What started as a way to limit the spread of germs has gained traction because of its speed and convenience — two of the most important factors for modern customer
READ MORE AT FUTUREOFBUSINESSANDTECH.COM
stores that don’t offer contactless payment to stores that offer more modern options. As Gen Z and millennials — already two of the most powerful buying groups — mature and increase their buying power, they will demand contactless payment options. Adopting contactless payments To keep up with the
increasing demand for contactless payments, retailers of all sizes and industries must adapt and invest in contactless payment options. Contactless payment options come in two forms: brickand-mortar and ecommerce. The biggest advantages of contactless payments are most obvious in physical stores when customers only have to tap their card, phone, or watch to make a payment. The other side of the (contactless) coin is easier payments through mobile shopping. Instead of requiring customers to enter their credit card information for every purchase, stores can integrate features like Apple Pay, Google Pay, or any other cashless wallet to quickly finish a transaction with a facial scan or fingerprint. Adding contactless technology is an investment for retailers, but it is a necessary cost of doing business in 2021. Stores that wait to add this new technology aren’t saving money — they’re driving away customers.
Secure and convenient transactions One of the biggest concerns of contactless payments is transaction security. While it’s important for retailers not to delay adopting contactless payment systems, they also shouldn’t rush into processes that put customers’ personal data at risk. For as much as customers crave convenience, they also demand privacy. The most secure path to authentic contactless transactions is through biometric measures, such as fingerprint scanners or facial recognition software. These methods are even more secure than a customer entering their PIN, although some customers — especially older customers — are still wary of new methods of payment. Contactless payments had their moment during the pandemic, but they are here to stay. To create a more convenient and customer-focused experience, all retailers need to adopt secure contactless payment options. n Blake Morgan, Author, “The Customer Of The Future”
ADVERTORIAL
There are also ample ways for restaurants to build a connected experience for diners. In fact, our Future of Restaurants report found that three out of four restaurants plan on offering contactless payments and ordering options. For example, QR codes are a contactless way to supercharge sales and extend your brand across channels. You can allow customers to pull up a menu right from their phones, pay for a product, or play a curated playlist that they can enjoy at your salon, restaurant, or store.
PHOTO: SQUARE
Omnichannel Is the Future of Payments — Here’s How to Get Started
From physical storefronts to social media posts, selling across multiple channels — and making that experience seamless — can help your business show up exactly where your customers are. If a customer can order from you in the way that’s most convenient for them, whether that’s online, in store, or a combination of both, it maximizes the odds that you’ll make a sale.
I
f you’re considering making your customers’ experience more connected with an omnichannel strategy, accepting different types of payments is a good place to start. Here’s how to get started with each method. Accept payments on the go By offering mobile and automated payment options, customers can pay you more easily. If your business offers a repeatable service or product, like monthly dog grooming, wine club membership, or a clothing subscription box, recurring payments can make it easier for customers to pay automatically. Invoicing customers through recurring
payments for card-on-file transactions can complement your online and mobile invoicing options, especially if you’re transitioning to eCommerce. Whether you’re processing payments, creating an email marketing campaign, sending text messages, or sharing promotions on digital receipts, accepting payments on the go can help you connect with your customers wherever they are. Take your business online If you’ve gone through stages of closing and reopening your business in the past year, perhaps you’ve transitioned away from taking in-person payments. Now, it’s crucial to meet customers on the online channels they use. For custom-
ers buying items online, you can sync your ordering pages with your Square Dashboard so payments appear in realtime. Allow your customers to buy where they want, when they want, how they want, and see all their payments in one place by offering On-Demand Delivery as well as curbside or in-store pickup. Virtual terminals, software that allows you to accept cardnot-present payments, are another alternative for remote transactions like online purchases, phone orders, recurring payments, and invoices. This also allows you to take payments without needing hardware or software. If you’re using Virtual Terminal, you can still wirelessly
hook your computer up to Square Terminal hardware to take in-person, touch-free payments directly from customers. Use mobile to build an immersive customer experience Mobile is a huge part of a unified omnichannel experience. Eighty-four percent of online retailers already sell on social media channels or plan to this year, according to data from our Future of Retail report. Businesses are selling directly on popular channels like Facebook and Instagram in addition to other integrated methods, like allowing customers to book services directly from their profiles.
Contactless pay options enable you to create a true omnichannel experience Creating a connected experience is at the heart of omnichannel, and it’s an important way to evolve your business as consumers’ purchasing preferences change. As customers embrace more touch-free shopping and dining experiences, they need payment options that make sense for where and how they’re making purchases. By selling in multiple ways, and using an omnichannel marketing strategy to reinforce it, you can quickly adapt to meet the changing needs of both your customers and your business. Selling across channels gives customers the ability to buy in the way that works for where they are and what they’re purchasing, while you can adapt your business to keep revenue flowing. With omnichannel, this kind of future is possible — and it’s already here. Welcome to the future of business. n
This has been paid for by Square.
MEDIAPLANET
7
Know Your Enemy: Top Tips From A Hacker Ask Kevin Mitnick and he’ll tell you that there is a silent war happening everywhere around us. You could even be a casualty right now, and more than likely not even know it. Recently, we spoke with the renowned computer security consultant, who opened up about the tookit of today’s hackers in the hope that it will help us better understand and stay protected against bad actors. What originally drew you into the world of hacking? Challenge — pursuit of knowledge, seduction of adventure. In high school, I met this other kid who could perform magic with the telephone. It was called “phone phreaking,” and it facilitated my other great passion: pulling pranks. As the phone company started using computers to control devices, such as phone company switches, my interest in hacking began. When I started, it was completely legal and hacking was cool. Hackers were considered the whiz kids. My favorite hack of all-time, still to this day, was when I was young, hacking the McDonald’s drive-through window. Truthfully, my passion for hacking has always remained the same. Businesses hire my company to try and break into their organizations to test their security. It’s like living in a heist movie. What’s not to love about that? What are the biggest barriers a hacker faces when attempting to access private information? Not much. Private information is freely available if you subscribe to the right databases, typically used by information brokers. These databases allow you to query a person’s social security number, birthdate, current and past addresses, current and past phone numbers. Once this information is obtained, it’s not too difficult to obtain the target’s credit report online. As far as gaining access to enterprise information, the biggest barrier is layered security controls, meaning I would have to compromise several layers of security to break in. I travel the world and demonstrate live hacking at many conferences, and speak to people of all walks of life. Lately, I’ve been showing how easy it is to steal someone’s personal identity in about 60 seconds. By accessing some databases, I’ll know an individual’s mother’s maiden name, social security numbers, a whole bunch of stuff.
8
READ MORE AT FUTUREOFBUSINESSANDTECH.COM
The Uncanny Similarities Between the COVID-19 Response and Cybersecurity The expert advice, and the resistance to it, about stemming the tide of COVID-19 infections bears remarkable resemblance to the expert warnings about cybersecurity.
T
here were plenty of data-backed warning signs that it was only a matter of time before a pandemic like COVID-19 would occur, and that it could result in catastrophic loss of life as well as sustained economic damage. Still, many outside the epidemiology field adopted a “can’t happen here” mentality. The rapid global spread within just a few months showed us the error in that type of thinking. The threat was obvious, and yet somehow overlooked to a great degree. Similarly, cybersecurity professionals across the public and private sectors consistently warn that the next mega data breach or compromise of critical infrastructure is a case of when, not if, and that the risk of financial loss or public safety at micro, macro, and even global levels could be immense. But because security is often viewed as a deterrent to efficiency and profitability, many of those warnings go unheeded. There are numerous parallels to be drawn between the virus response and our ongoing challenges with cybersecurity vigilance. Without borders Globalization and interdependent economic systems have resulted in a situation in which no region has been immune to
the pandemic’s spread. Likewise, our digital world has become borderless, and no region is immune to cyberattacks, no matter from where they emanate. We all know what we’re supposed to do to avoid contracting the virus: wear a mask, social distance, avoid large crowds and events, wash hands thoroughly, don’t shake hands, and report symptoms and seek medical testing if you suspect you’ve been infected. Similarly, to prevent cybersecurity breaches, we constantly advise people to employ tools like firewalls, VPNs, and antivirus software; update and patch software regularly; avoid visiting unsecured websites and connecting to public WiFi networks; be wary of clicking on links in emails from untrusted sources; and notify your organization’s security team if you suspect you’ve been infected. We do all of these things not only to protect ourselves, but to ensure the safety and security of those around us as well. Yet individuals are often reluctant to do the things experts advise to avoid infection, and sometimes are even adamantly against it. For decades, the cybersecurity community has encouraged people to use strong passwords and adopt other best practices only to be met with considerable resis-
tance. Just like mask use, cybersecurity hygiene is often seen as inconvenient and unnecessary, despite most of us having a basic understanding of how to limit our risk of infection. The weakest link These lessons should have been learned long ago and applied to this pandemic. Why do we continue to ignore them at our own peril? What’s true of cybersecurity is also true of this pandemic: the weakest link in the chain affects us all. The only way we’ll solve the problem is if we as a whole take the proper steps to protect ourselves and those around us. Just as the cybersecurity landscape changes and new threat vectors emerge and mutate, scientists and medical professionals are still learning more about how COVID-19 behaves and how immunity is built, and the guidance they provide will evolve over time. We may need to go back to the drawing board from time to time to build environments that are inherently secure. Whether you’re dealing with a pandemic or global cybersecurity, one fundamental truth is the same: We need to listen to the experts and adapt in order to stem the tide. n David Shearer, CEO, (ISC)2
MEDIAPLANET
Don’t be the next victim of a ransomware attack. Keeper protects your organization against ransomware attacks with robust delegated administration, role-based access controls, event logging, audit reporting, real-time alerts and dark web monitoring. Attend a demo today and get a Free 3-Year Keeper Personal Plan ($74 value): keeper.io/protect
Photo Credit: iStock.com
Safeguarding our Digital Transformation Together
Cloud environments and the security, privacy, and governance controls required to safeguard them are now arguably the top priorities for most chief information security officers (CISOs) and other executive-level stakeholders. No matter their current stages in the race to cloud, both private and public entities quickly pivoted to leveraging these services to support robust and often far-reaching remote workforces during the pandemic. As a result, they realized the many benefits of relying on them. From reduced IT costs and improved uptime, to increased agility and elasticity, to experiencing DevOpsfriendly environments, according to recent research from the Cloud Security Alliance (CSA) and AlgoSec. Armed with these reasons to increase moves of organizational workloads to the cloud, spending on cloud services has not only grown exponentially during the pandemic, but will keep on
rising as we now endeavour to return to some sense of normalcy. Approximately 70 percent of organizations currently leveraging cloud services plan to expand these investments as we attempt to move on from COVID-related disruptions, according to forecasts from research firm Gartner. Additionally, IT spending overall is shifting focus to cloud. This trend is expected to persist all the way through 2024, Garter finds. And I’m betting we’ll see sustained spikes well after. Securing the cloud Cybersecurity and IT teams’ somewhat meteoric shift of focus to cloud — especially in the past year or two — is triggering yet another head-spinning challenge: a demand for more cloudand cloud security-focused expertise on their teams. According to Burning Glass Technologies, a labor market analytics firm, the second-fastest growing cybersecurity skill needed over the next five years is
10 READ MORE AT FUTUREOFBUSINESSANDTECH.COM
cloud security, following on the heels of application security development. It turns out that taking on new and ever-changing demands managing and securing their digitally transforming infrastructures — which now also sees the C-Suite eyeing strategic business initiatives aiming for robust post-pandemic growth — is emphasizing the requirement to more nimbly adapt. And this, of course, necessitates growing and steady investment in cloud, cloud security, and cloud auditing training and education. All the while exacerbating this is the intensity and volume of varying cyberattacks being successfully launched at government and private entities alike. Just think Kaseya, SolarWinds, the Colonial Pipeline, the Microsoft Exchange mass cyberassault, the recent misconfigured AWS S3 buckets that compromised residents’ data in more than 80 U.S. towns, the poisoning of a Florida-based water utility by means of a cyberattack … the list goes on.
Protecting assets Optimistically, there’s an increasingly positive association between cloud technology and cybersecurity, according to a recent survey by industry analyst firm ESG, “2021 Data Protection Cloud Strategies.” Approximately 90 percent of the IT practitioners responding said that cloud computing actually has enabled their organizations to better and/or more cost-efficiently safeguard their data assets. Nevertheless, due to the complexity of managing cloud services alongside some of the legacy systems on which many companies still rely, establishing and continually updating related cyber resiliency strategies that touch on these and still other needs is proving not only an individual corporate requirement but also an industry-wide necessity. It’s therefore imperative for private entities, a range of government agencies, and other industry bodies like us at CSA to actively and persistently engage, partner, and share intelligence and guidance. To help illustrate this, our global, vendor-neutral nonprofit has more than 400 international corporate and cloud-service-provider members, some 100,000 individual members, over 100 chapters worldwide, and a bevy of research working groups coming together to proliferate security controls, assessments, research assets, training/education programs, professional certificates, professional networking/learning events, and so much more. Now more than ever, there is an overwhelming C-suite focus on cybersecurity. That once missing seat at the table is firmly in place, with IT decision-makers engaged with other executive leaders on a number of tactical and strategic business initiatives. There’s much to be done. We all have our parts to play, and together we can take on the urgent call to protect our new and transforming digital landscape. n Illena Armstrong, President, Cloud Security Alliance
Why VPNs Don’t Keep Companies Safe Anymore Virtual private networks (VPNs) were once the hallmarks of corporate security to connect remote workers and partners. Today they are an open invitation for hackers to trespass on a corporate network, leaving an organization’s critical data exposed.
I
t is well known that hackers are always looking for opportunity. And with the advent of the pandemic, the perfect storm came together as companies rapidly transitioned to a fully remote work environment and enabled their employees to connect to the corporate network from home. Many companies that used VPNs and remote desktop protocol (RDP) struggled to secure their networks. Both technologies enable remote access that can put an intruder deep inside an organization’s firewall. Attempts to break into VPNs or access RDP solutions have risen exponentially over the past 17 months. Many organizations are moving away from these technologies and are looking to systems based on Zero Trust that are centered on the principle of “trust no one.” As a company that advocates for Zero Trust Network Access (ZTNA),
we believe this is the right path and approach for secure remote access. Here’s why we think that starting with a closer look at VPNs: What’s wrong with VPNs VPNs are cumbersome technology that are expensive and require a lot of maintenance with limited visibility
into today’s IT environment. In addition, VPNs work by installing a software agent on the user’s computing device. The user must sign in with a username and password, and may also have to supply a one-time passcode that’s dynamically generated. VPNs then open an encrypted tunnel from the user’s device directly into
the company network, which makes them great attack vectors, leading hackers right into the heart of the company’s IT systems. Quite frankly, VPNs were never designed to withstand the scale and scope of attacks directed against them in today’s environment. What’s even more concerning is that many VPN and RDP hacks are being carried out in support of ransomware extortion. Nefarious actors use the VPN tunnel to access encrypted critical systems that they can take hostage. VPNs allow users to access the entire system and are not just limited to one application, as is the case with ZTNA technology. A better solution At Axis Security, we offer a solution that is simple to deploy, use, and manage while delivering more secure access by keeping users off the corporate network and reducing risk by isolating applications. Our approach is built for the future and transforms access from an overly complex, insecure, and overall poor user experience, to an easy-to-manage, scalable, and secure SaaS experience that users significantly prefer. The ability to better manage policy and enhance monitoring capabilities increases with a ZTNA solution. It also allows organizations to choose and enforce a strict policy, and improves user and application visibility. Being secure is more important today than it’s ever been. One of the most important concepts to keep in mind is that retrofitting old technologies is really ineffective in the age of the cloud. It’s almost guaranteed you will not get the desired outcome if you do not use next-generation, cloud-native technologies and solutions. Companies should look to re-architect their entire IT environments to become more secure, and Zero Trust is the perfect place to start. n
Dor Knafo, Co-Founder and CEO, Axis Security
MEDIAPLANET
11
Read more about payment technology & data security at futureofbusinessandtech.com