How on-demand cloud is contributing to the ransomware problem

“Attention! All your files have been encrypted.” More and more businesses are being greeted with messages such as this one, with ransomware attacks against businesses having increased threefold last year.

Advice for preventing ransomware – which is malicious software that encrypts devices or data until the owner pays a ransom in exchange for access to their data – is typically something to the effect of “back up your data off-site so you don’t have to pay the ransom.” In response, businesses may vault their data in the cloud, assuming that it is secure and they no longer have to worry about the threat of ransomware as long as the backups are up to date.

To be sure, backing up data in the cloud is a good strategy. However, rapid adoption of on-demand cloud applications could be putting an organisation’s cloud backups at risk. In fact, a recent Netskope report found that 43.7 per cent of the malware found in the cloud is carrying ransomware. Below are some of the top ways ransomware can spread via the cloud.

Employees downloading unauthorised cloud applications

Employees can easily sign up for cloud applications, as many cloud services by nature enable users to bypass company and country security policies. When employees open accounts with unauthorised cloud services – whether they are software services, file-sharing applications or payment processors, IT staff are not able to monitor the apps appropriately and ensure proper security measures are implemented. This lack of security monitoring dramatically increases the likelihood of ransomware being introduced to the network. What employees may not realise is that the increased possibility of new security breaches essentially negates any gains made by the cloud applications. Worse, if the cloud provider itself is attacked, all its customers could be affected as well.

To put the risk into perspective, 1 in 10 of the enterprises monitored by Netskope yielded ransomware-infected files in sanctioned cloud apps. Although the report did not cover unsanctioned applications, it stands to reason that ransomware would be even more rampant in these, as they are not monitored by IT staff.

Syncing and sharing

Malware and malicious files and links can spread rapidly through an organisation, and more sophisticated ransomware is now using the cloud to spread. Imagine an employee opens a suspicious email attachment and downloads ransomware to their computer, encrypting all the files in their “Documents” folder. The employee has granted a file-sharing application access to this folder, and the application automatically syncs the infected files to the cloud account. Multiple other employees’ computers are also synced with the cloud folder containing the malware, and the moment they click on any of the infected files, the ransomware spreads to their systems as well.

One new variant of ransomware in particular, called Virlock, uses this method to spread. Unlike other ransomware strains, it does not tell the user their device has been infected by ransomware. Instead, it displays an official-looking message claiming to be an anti-piracy warning from the U.S. Federal Bureau of Investigation. The message demands the payment of a fine to avoid incarceration – a tactic designed to coerce businesses into paying the ransom.

Using personal devices for work

Bring your own device (BYOD) is ubiquitous now. Odds are, employees are using their personal devices for work whether or not BYOD is sanctioned by their employer. Unfortunately, access to data anytime, anywhere means more entrypoints into the network, and employees are typically less vigilant about security when it comes to their personal devices and are more likely to connect to public networks.

When employees fail to observe proper security measures, this can result in both their personal data and their employer’s data being held hostage. With 4 per cent of all mobile devices containing malware, ransomware is a real possibility. And, of course, this risk is exacerbated if the employee uses sync-and-share applications on their mobile device.

How can businesses prepare for these threats?

Businesses should continue to back up data both on-site and in the cloud, but with hackers taking advantage of the on-demand nature of the cloud to perpetrate ransomware attacks, businesses must take additional protection measures.

The first line of defence against ransomware is employee education and accountability. To encourage employee engagement, businesses should emphasise the following key points when training employees:  

  • Exercising caution when using personal devices for work not only protects corporate data but employees’ personal data as well. To keep information safe, employees should be encouraged to avoid connecting to public WiFi networks, be wary of clicking on links in emails and notify their IT department immediately if they suspect their device has been infected by ransomware.
  • Sensitive employee information is stored on the company network as well. Once malware infiltrates the corporate network, it can spread to other areas – including human resources files containing employees’ sensitive information. Employees can do their part to protect any data stored on the corporate network by working with IT administrators to understand how to identify phishing emails (e.g. typos, misspelled words and mismatched domain names). Additionally, they should be instructed to only download content or software from trusted sources and immediately run all software updates when prompted.
  • They learn valuable cybersecurity skills to apply in their personal lives. Do they know the telltale signs of a phishing email? Or what type of password is most secure? Or whether putting off computer updates really hurts anything? Knowing the answers to questions such as these is key to being security conscious at work, but they’re just as applicable at home.

Now that ransomware can spread more rapidly than ever before via the cloud, generating awareness of how to prevent ransomware is essential. Employees must be educated on how their security habits can negatively impact the organisation ‒ and even their personal data as well. The time to build awareness is now – not when the hacker delivers that dreaded message: “Attention! All your files have been encrypted.”

How on-demand cloud is contributing to the ransomware problem

“Attention! All your files have been encrypted.” More and more businesses are being greeted with messages such as this one, with ransomware attacks against businesses having increased threefold last year.

Advice for preventing ransomware – which is malicious software that encrypts devices or data until the owner pays a ransom in exchange for access to their data – is typically something to the effect of “back up your data off-site so you don’t have to pay the ransom.” In response, businesses may vault their data in the cloud, assuming that it is secure and they no longer have to worry about the threat of ransomware as long as the backups are up to date.

To be sure, backing up data in the cloud is a good strategy. However, rapid adoption of on-demand cloud applications could be putting an organisation’s cloud backups at risk. In fact, a recent Netskope report found that 43.7 per cent of the malware found in the cloud is carrying ransomware. Below are some of the top ways ransomware can spread via the cloud.

Employees downloading unauthorised cloud applications

Employees can easily sign up for cloud applications, as many cloud services by nature enable users to bypass company and country security policies. When employees open accounts with unauthorised cloud services – whether they are software services, file-sharing applications or payment processors, IT staff are not able to monitor the apps appropriately and ensure proper security measures are implemented. This lack of security monitoring dramatically increases the likelihood of ransomware being introduced to the network. What employees may not realise is that the increased possibility of new security breaches essentially negates any gains made by the cloud applications. Worse, if the cloud provider itself is attacked, all its customers could be affected as well.

To put the risk into perspective, 1 in 10 of the enterprises monitored by Netskope yielded ransomware-infected files in sanctioned cloud apps. Although the report did not cover unsanctioned applications, it stands to reason that ransomware would be even more rampant in these, as they are not monitored by IT staff.

Syncing and sharing

Malware and malicious files and links can spread rapidly through an organisation, and more sophisticated ransomware is now using the cloud to spread. Imagine an employee opens a suspicious email attachment and downloads ransomware to their computer, encrypting all the files in their “Documents” folder. The employee has granted a file-sharing application access to this folder, and the application automatically syncs the infected files to the cloud account. Multiple other employees’ computers are also synced with the cloud folder containing the malware, and the moment they click on any of the infected files, the ransomware spreads to their systems as well.

One new variant of ransomware in particular, called Virlock, uses this method to spread. Unlike other ransomware strains, it does not tell the user their device has been infected by ransomware. Instead, it displays an official-looking message claiming to be an anti-piracy warning from the U.S. Federal Bureau of Investigation. The message demands the payment of a fine to avoid incarceration – a tactic designed to coerce businesses into paying the ransom.

Using personal devices for work

Bring your own device (BYOD) is ubiquitous now. Odds are, employees are using their personal devices for work whether or not BYOD is sanctioned by their employer. Unfortunately, access to data anytime, anywhere means more entrypoints into the network, and employees are typically less vigilant about security when it comes to their personal devices and are more likely to connect to public networks.

When employees fail to observe proper security measures, this can result in both their personal data and their employer’s data being held hostage. With 4 per cent of all mobile devices containing malware, ransomware is a real possibility. And, of course, this risk is exacerbated if the employee uses sync-and-share applications on their mobile device.

How can businesses prepare for these threats?

Businesses should continue to back up data both on-site and in the cloud, but with hackers taking advantage of the on-demand nature of the cloud to perpetrate ransomware attacks, businesses must take additional protection measures.

The first line of defence against ransomware is employee education and accountability. To encourage employee engagement, businesses should emphasise the following key points when training employees:  

  • Exercising caution when using personal devices for work not only protects corporate data but employees’ personal data as well. To keep information safe, employees should be encouraged to avoid connecting to public WiFi networks, be wary of clicking on links in emails and notify their IT department immediately if they suspect their device has been infected by ransomware.
  • Sensitive employee information is stored on the company network as well. Once malware infiltrates the corporate network, it can spread to other areas – including human resources files containing employees’ sensitive information. Employees can do their part to protect any data stored on the corporate network by working with IT administrators to understand how to identify phishing emails (e.g. typos, misspelled words and mismatched domain names). Additionally, they should be instructed to only download content or software from trusted sources and immediately run all software updates when prompted.
  • They learn valuable cybersecurity skills to apply in their personal lives. Do they know the telltale signs of a phishing email? Or what type of password is most secure? Or whether putting off computer updates really hurts anything? Knowing the answers to questions such as these is key to being security conscious at work, but they’re just as applicable at home.

Now that ransomware can spread more rapidly than ever before via the cloud, generating awareness of how to prevent ransomware is essential. Employees must be educated on how their security habits can negatively impact the organisation ‒ and even their personal data as well. The time to build awareness is now – not when the hacker delivers that dreaded message: “Attention! All your files have been encrypted.”

#2 Mac Usage in the Workplace

As enablers of Mac integration with traditional Windows networks, Parallels often surveys Windows IT professionals to understand the trends associated with supporting a dual-platform environment. This is the second in a series of five blog posts that will summarize our results, the challenges revealed in a recent survey we conducted to understand the usage and […]

The post #2 Mac Usage in the Workplace appeared first on Parallels Blog.

Software Defined, Cloud, Bulk and Object Storage Fundamentals | @CloudExpo #SDN #Cloud #Storage

Welcome to the Cloud, Big Data, Software Defined, Bulk and Object Storage fundamentals page part of the objectstoragecenter.com micro site collection of resources. Software defined, Bulk, Cloud and Object Storage exist to support expanding and diverse application data demands. There are various types of cloud, bulk and object storage including public services such as Amazon Web Services (AWS) Simple Storage Service (S3), Google, Microsoft Azure, IBM Softlayer, Rackspace among many others. There are also solutions for hybrid and private deployment from Cisco, DDN, Dell EMC, Fujitsu, HDS, HPE, IBM, NetApp, Noobaa, OpenStack, Quantum, Rackspace, Scality, Seagate, Spectra, Storpool, Suse, Swift and WD among others.

read more

The End Is Near for Microsoft SQL 2005

It’s an end of a great era some may say…SQL 2005 is going End of Support. It’s like finally selling that old Dodge Durango you had since college, or throwing away that T-shirt with a whole bunch of holes in it. It’s a sad day when you finally must say goodbye. The year 2005 brought some amazing things such as YouTube, Mr. Brightside by the Killers, and The Chronicles of Narnia movie (WHAT!) What was so special about SQL 2005 was that it took Microsoft five years to come out with it. The previous edition of SQL was 2000 so it took some time to perfect the next installment of this well-known database. Now all that is coming to an end as extended support will no longer be available for SQL 2005 as of April 12, 2016. 

With the End of Support, security updates and hotfixes are no longer available from Microsoft. There’s never been a better time to upgrade and benefit from the performance gains, higher availability, greater scalability, and rich BI capabilities that SQL Server 2014 and 2016 offer.

Reasons to Upgrade to 2014 or 2016

Breakthrough in-memory performance: SQL 2016 is 13x faster than 2005. That’s like challenging Usain Bolt to a game of “beat you there,” and expecting to win. Not going to happen. SQL 2005 crawls compared to what the current database can provide. Plus, SQL 2016’s additional in-memory OLTP delivers up to 30x more in performance.

High Availability: SQL 2014/2016 includes HA and disaster recovery with SQL AlwaysOn.

Security: Per the “National Institute of Standards and Technology,” SQL 2014/2016 was recognized as being the most compliant database with the least amount of security vulnerabilities for the past 6 years in a row.

Scalability: SQL 2014/2016 is scalable across computer, networking, and storage with Windows Server 2016 and has virtualization and live migration support.

Support: Since SQL 2005 will not have any support (hence this blog) there will be support if you upgrade to the latest edition. With 2014/2016 SQL Server, the support includes security patching and maintenance updates, and eliminates the expense of custom support agreements.

Another thing to consider is compliance, as it can be problematic for SQL Server 2005 just like it was when Microsoft ended support for Windows 2003. HIPAA and PCI compliance both require up-to-date patch databases, just like they do with the operating system. So, if you’re using SQL Server 2005 for anything related to HIPAA or PCI, you will be out of compliance in April.

If you’re looking to migrate from SQL 2005, the licensing has certainly changed over the past several years. SQL 2016 is the latest edition, however with backward compatibility rights, previous editions can be run like SQL 2014 and SQL 2012. SQL is offered in two editions: Standard and Enterprise (https://www.microsoft.com/en-us/sql-server/sql-server-editions) and is sold as a Per Server/Cal or by the Core. 

If you need any assistance migrating from SQL 2005, GreenPages has a team of experts who can help. Talk to your account manager or call us at 800-989-2989 and we’ll set up a time to discuss!

If you have any more questions, email us!

Three reasons 2017 will be the year of the hybrid cloud

The enterprise will increasingly live in a hybrid IT world in 2017, split between on-premises solutions and cloud environments. Recent reports have revealed that many organisations have already started to split their cloud budgets between public and private deployments, creating demand for hybrid cloud strategies that give businesses greater flexibility as well as more workload deployment options.

It’s easy to see why hybrid strategies are on the rise. Hybrid cloud enables workloads to exist on either a vendor-run public cloud or a customer-run private cloud. This means that IT teams are able to harness the security and control of a private cloud as well as the flexibility of public cloud services – thus, getting the best of both worlds. The most mature IT teams are reviewing their workloads – often in consultation with a cloud services provider – to determine which are most suited to a public or private cloud environment and adapting their workload placement accordingly across hybrid cloud options.

Here are the three key benefits often associated with implementing a hybrid cloud solution:

Scalability

Demand will wax and wane. Organisations’ requirements rarely run in a horizontal line and public cloud solutions are particularly valuable for dynamic or highly changeable workloads. When traffic surges, a hybrid environment allows for quick scalability in order to meet the needs of the moment. When the surge dies off the cloud resources consumed can be scaled back to avoid over-provisioning and keep costs under control.  With a hybrid cloud strategy, IT has the option to burst workloads into the public cloud when required to maintain performance during periods of increased demand.

Cost

Public cloud is fast and inexpensive to scale out and does not require the up-front investment in infrastructure of private cloud. The great thing about a hybrid approach is that it brings long-term savings. It is no longer a case of trying to determine the maximum load, reserving what is needed for that maximum load and paying for it all whether it is used or not. A hybrid solution allows for location and reallocation to meet changing workload needs as and when required which can have a significant impact on the IT bottom line.

Security

While the perception that the cloud is not as secure as on-premises infrastructure is a persistent one, there is increasing evidence that public cloud environments actually suffer from fewer attacks such as ransomware and viruses than traditional IT environments. Cloud service providers like iland now offer levels of security and compliance reporting that is very difficult for medium to small enterprise businesses to match in their own IT infrastructure.  Despite this, there may still be reasons why certain apps – particularly those running on legacy systems – may need to stay on-premises and a hybrid cloud strategy enables that dual approach.

Despite all the opportunities and related benefits provided by a hybrid cloud strategy, there is a key challenge that businesses must overcome – having visibility into and control of their cloud workloads and resources. All too often, organisations looking to adopt hybrid cloud as a means to increase agility within their IT operation get stuck in the implementation stage. They are left fighting for control of their environment because the majority of cloud providers don’t offer the same level of visibility teams are accustomed to from their on premise resources. They also struggle to maintain consistent network and security policies meaning that migration becomes a far bigger headache than initially expected. As companies make cloud computing a more strategic part of their overall strategy, having that visibility and management control over areas such as performance, billing, security and compliance reporting, is more important than ever.

At iland, we find that while customers continue to value and leverage our support teams, they increasingly want to take a more strategic and self-sufficient approach to cloud management in order to fully leverage all of its benefits. This means having the capability to perform data analytics, adjust resources, do DR testing on-demand, generate security reports and manage networking. And, increasingly, customers are using our APIs to link essential data about their cloud resources and workloads to their own IT systems which is invaluable in managing both public and private on-premises cloud environments in a holistic way.

As adoption of hybrid cloud increases, IT teams will need cloud service providers to provide the visibility and end-to-end cloud management tools that will help them approach and manage cloud in a more strategic way. The need for agility continues to be one of the biggest drivers of cloud adoption and with more complex hybrid cloud environments becoming the norm, management is key.

You can find out more about how customers leverage the iland cloud management console here.

Three reasons 2017 will be the year of the hybrid cloud

The enterprise will increasingly live in a hybrid IT world in 2017, split between on-premises solutions and cloud environments. Recent reports have revealed that many organisations have already started to split their cloud budgets between public and private deployments, creating demand for hybrid cloud strategies that give businesses greater flexibility as well as more workload deployment options.

It’s easy to see why hybrid strategies are on the rise. Hybrid cloud enables workloads to exist on either a vendor-run public cloud or a customer-run private cloud. This means that IT teams are able to harness the security and control of a private cloud as well as the flexibility of public cloud services – thus, getting the best of both worlds. The most mature IT teams are reviewing their workloads – often in consultation with a cloud services provider – to determine which are most suited to a public or private cloud environment and adapting their workload placement accordingly across hybrid cloud options.

Here are the three key benefits often associated with implementing a hybrid cloud solution:

Scalability

Demand will wax and wane. Organisations’ requirements rarely run in a horizontal line and public cloud solutions are particularly valuable for dynamic or highly changeable workloads. When traffic surges, a hybrid environment allows for quick scalability in order to meet the needs of the moment. When the surge dies off the cloud resources consumed can be scaled back to avoid over-provisioning and keep costs under control.  With a hybrid cloud strategy, IT has the option to burst workloads into the public cloud when required to maintain performance during periods of increased demand.

Cost

Public cloud is fast and inexpensive to scale out and does not require the up-front investment in infrastructure of private cloud. The great thing about a hybrid approach is that it brings long-term savings. It is no longer a case of trying to determine the maximum load, reserving what is needed for that maximum load and paying for it all whether it is used or not. A hybrid solution allows for location and reallocation to meet changing workload needs as and when required which can have a significant impact on the IT bottom line.

Security

While the perception that the cloud is not as secure as on-premises infrastructure is a persistent one, there is increasing evidence that public cloud environments actually suffer from fewer attacks such as ransomware and viruses than traditional IT environments. Cloud service providers like iland now offer levels of security and compliance reporting that is very difficult for medium to small enterprise businesses to match in their own IT infrastructure.  Despite this, there may still be reasons why certain apps – particularly those running on legacy systems – may need to stay on-premises and a hybrid cloud strategy enables that dual approach.

Despite all the opportunities and related benefits provided by a hybrid cloud strategy, there is a key challenge that businesses must overcome – having visibility into and control of their cloud workloads and resources. All too often, organisations looking to adopt hybrid cloud as a means to increase agility within their IT operation get stuck in the implementation stage. They are left fighting for control of their environment because the majority of cloud providers don’t offer the same level of visibility teams are accustomed to from their on premise resources. They also struggle to maintain consistent network and security policies meaning that migration becomes a far bigger headache than initially expected. As companies make cloud computing a more strategic part of their overall strategy, having that visibility and management control over areas such as performance, billing, security and compliance reporting, is more important than ever.

At iland, we find that while customers continue to value and leverage our support teams, they increasingly want to take a more strategic and self-sufficient approach to cloud management in order to fully leverage all of its benefits. This means having the capability to perform data analytics, adjust resources, do DR testing on-demand, generate security reports and manage networking. And, increasingly, customers are using our APIs to link essential data about their cloud resources and workloads to their own IT systems which is invaluable in managing both public and private on-premises cloud environments in a holistic way.

As adoption of hybrid cloud increases, IT teams will need cloud service providers to provide the visibility and end-to-end cloud management tools that will help them approach and manage cloud in a more strategic way. The need for agility continues to be one of the biggest drivers of cloud adoption and with more complex hybrid cloud environments becoming the norm, management is key.

You can find out more about how customers leverage the iland cloud management console here.

The World’s First Commercial Quantum Computing Service is Here

Quantum computing is the technology that allows you to develop computational systems based on quantum theory. Broadly speaking, this theory taps into the power of atoms to perform memory and processing-related tasks. The obvious advantage with this technology is its speed, as it can perform calculations significantly faster than any device we know today.

To be more specific, quantum computing will tap into the power of the properties of subatomic physics, where small bits of information called quantum bits or qubits possess the property to change into multiple states simultaneously. This way, bits don’t have to be just 0 or 1, as in classical computing. Rather, they can take on any value, and this flexibility can open a world of possibilities for computing.

While the above is a theoretical explanation, the practical side of it has been more challenging. Getting enough qubits to work together to run any algorithm is challenging, to say the least. To address this issue, two major systems have helped. The first one traps individual ions in a vacuum using magnetic or electrical fields while the other sends qubits to microscopic superconducting circuits.

IBM has been one of the pioneers in the area of quantum computing and it has relied heavily on the second approach to build its systems. Recently, it has announced that the world’s first quantum computing service will be available later this year. Called as IBM Q, this service will be accessible over the Internet for a fee.

So, what can we expect from this system? A super-computer that will outperform all the existing computers today? Well, not really.

What we can expect is a system that will play a crucial role in developing other quantum machines that can perform complex tasks, especially those that have been impossible with our current computing technologies.

This system builds around the knowledge and research around IBM’s cloud computing eco-system called Quantum Experience, that anyone can now access for free. This system has been available for public use since May 2016, and it got an upgraded interface recently. Currently, this system allows thousands of researchers worldwide to build the quantum algorithms they want, without having to build their own quantum computer.

So far, IBM has not been forthcoming about the details of IBM Q. It has not given a specific release date, and hasn’t mentioned about how powerful this system would be, or how much it will cost to access it. The only information we have in this regard is that it has lined up its first set of clients, though it hasn’t even specified the exact names.

Though we don’t have much information in this regard, the fact that the first quantum computing system is going to be available, is a big news by itself. It can pave the way for future developments in this industry, and can even propel it to great heights in the near future. In many ways, this is an exciting development simply because quantum computing can do things that were believed to be undoable earlier.

The post The World’s First Commercial Quantum Computing Service is Here appeared first on Cloud News Daily.

How data acceleration will make the blockchain even more secure

Michael Salmony, executive adviser at Equens, spoke about ‘Making Tea on the Blockchain’ at the Financial Service Club in January 2017. He argued that blockchain is but one solution. Other options for making smart and secure transactions should also be considered. He even goes so far as to ask on Linkedin: ‘Blockchain – not for payments?

Questions like this one are important because so many people have been jumping onto the Bitcoin and blockchain bandwagon over the last few years with the view that it’s the answer to all of their prayers. In some cases it might; in others it might not be.

Blockchain will revolutionise the financial systems overnight, taking away the need for the banks’ stuffy 300 year old way of doing things

In his blog he refers to Satoshi Nakamoto, the creator of Bitcoin, who described in one of his papers “how to make remote payments ‘without a trusted third party’ (like a bank) that are ‘computationally impractical to reverse’.” The problem is that much of the hype around Bitcoin has largely gone away as it has been subsumed by massive episodes of fraud and losses, and internal political wrangles. The analyses of the European Banking Authority and other organisations has also laid bitcoin bare to the point that its volatility became too much. Their scrutiny opens up the fact that there are other opportunities for manipulation and so he claims its flaws become very apparent.

Applying caution

“However, the underlying distributed consensus algorithm now popularly called blockchain still is the subject of heated discussion and massive investments of time and money”, he says before adding: “Normally I am very much in favour of innovations, but in this case I lean towards…being cautious about blockchain for payments (although the discussion around this may be anything but short-lived).”

His caution is based on the following:

  • Blockchain is a solution looking for a problem. He argues that innovation should always put the customer first and not the technology. “People are madly trying to work out what this Blockchain solution could be used for”, he explains.
  • It isn’t new. He says that Blockchain is often praised for its novelty, but points out the distributed ledgers have been around for decades.
  • It isn’t good technology. He comments that some people say that Blockchain is a much better system than what has previously existed. They argue that it maydrastically improve cost, security, speed, and user friendliness compared to current existing systems.

He explains that this often isn’t the case: “Increasingly experts agree that there is little evidence for this – especially regarding the public blockchain that would be needed for global payments. Its major pitfall is that it does not scale well (transaction limits, latency, storage explosion), uses extraordinary amounts of resources (energy, processing power), has severe security concerns and is even surprisingly bad at privacy. Should we really base a critical infrastructure like payments on this?”

He therefore argues that it is becoming increasingly clear “that central entities are actually required in real world blockchain implementations.” As a result of this situation blockchain won’t favour any ideologists whom are in favour of a system without central points of trust – such as banks. This leads to a lack of compliance and to the technology being favoured by darknet users looking to undertake a number of dubious activities. However, banks and financial services institutions have to live in the real world to ensure that they are compliant with Know Your Customer and anti-money laundering (AML) legislation and regulations.

Subsequently they need to provide an infrastructure they can all depend upon. This need for compliance may in turn lead to more technological leadership in the financial services community. This leads to companies and individuals prioritising their own agenda and business decisions concerning business issues and about technologies such as blockchain, API, NFC, quantum, identify, authentication, wearables, and so forth. In essence, what matters is whether a certain technology works in terms of scalability, compliance, cost effectiveness, and proven capabilities.

Changing the world

In contrast to Salmony’s personal viewpoint I think that blockchain technology will likely, maybe, or possibly change the world. It will revolutionise the financial systems overnight, taking away the need for the slow incumbent banks and their stuffy 300 year old way of doing things. For anyone that has been in the IT industry for the last 20 years will know and recognise the hype cycle that tends to happen when a new technology emerges – just look at the internet.

The revamped Gartner hype cycle – Throw VC Money At It, the Peak of Oversold Over Promises, the Trough of Reality, and finally the Gentle Slope of Making It Work in the Real World

Hang on, I hear you say. The internet has changed the world of information, social interaction, consumer purchasing, and so on.  In reality it has shrunk and transformed the world beyond all recognition, but those of us who are ‘long in the tooth’ will remember the hype that went into it in the early days. This involved a lot of money, speculative ventures with mind boggling valuations that really didn’t have at the centre a solid business idea or plan. 

Some of these were just too far ahead of their time. Take for example what author Steven Banks highlighted in his book “The Four Steps to the Epiphany: Successful Strategies for Products That Win”. In it he wrote about the home grocery delivery Webvan. This company focused so much on the back end functions to the detriment of gaining customers – or perhaps the market just wasn’t ready yet.

Technology dèja vu

So what has this all got to do with blockchain? Well, it does have a bit of dèja vu feeling similar to that of the internet where just maybe, the hype doesn’t quite match reality. Over the past 300 or so years, the world’s banking infrastructure has grown up on a basis of trust with traceability, governance, dispute resolution, etc. This postulates that in reality there is no need or appetite within the core business of banking and finance. In fact how is one going to regulate such subjects as money laundering local reporting requirements? The list of compliance issues is quite extensive.

However, the proponents of blockchain technology or distributed ledger technology (DLT) as it is now known, talk of the speed of transactions compared to traditional banking process. With a large DLT the norm for confirming transactions on the original bitcoin DLT is around 10 minutes. This is a minuscule amount of time when compared to foreign currency movements through our traditional banking system that can take up to five days. Well, in our hearts of hearts, we all know that this is not the fault of the underlying technology in the banking system, but percentage skimming by the banking system.

When you consider the sheer amount of money passing through banks each day, holding it for a couple of days before processing it can create some considerable bonuses.  Let’s go over that part again and consider the number of transactions each day on a DLT, which is increasing as performance increases. Firstly, it will never reach the numbers required say for the Visa network that handles on average 47,000 transactions per second or Nasdaq’s potential 1M tps. All this brings into question its scalability. But does this mean that there are no uses for DLT – far from it.

Let’s go back and review that wonderful Gartner hype cycle where they talk about the Innovation Trigger, the Peak of Inflated Expectations  and that all important Trough of Disillusionment. I would like to call them – Throw VC Money At It! People do this in the belief that it will solve everyone’s problem. There’s also the Peak of Oversold Over Promises, then the Trough of Reality, and finally, the Gentle Slope of Making it Work in the real world.

Dot-com peak

Now with these in mind, cast your minds back to the turn of the century in just the same way the dot-com peak turned itself into real businesses. I think we are nearly there with distributed ledger technology despite what a lot of detractors claim that this is a solution looking for a problem.  To understand this it’s important to take a step back, to gain a more pragmatic viewpoint, because blockchain could well be at the heart of many of the trusted transactions in the world because it has some highly valuable features. Much depends on whether it is used in the right manner. 

DLT (blockchain) has some valuable practical usage in markets segments outside of the core banking world where traceability is vital such as in the diamond trading (this could possibly bring an end to Blood Diamonds), fine art, medical records, land transactions and deeds. In fact, the USA grocery giant Walmart is about to enter trials of a DLT for tracking foods from the point of origin all the way through distribution and inspection to the shelf in the store.  Should anything raise the suspicion as to the safety of the items, these can be traced over every single store and the whole supply chain. With this they are looking to provide a greater level of food safety, reducing not only the costs possible litigation but also minimising food wastage.

Security and consensus

Great emphasis has been put on the security of the blockchain with its encryption and its distributed consensus model. For the technology to work on a global scale in a commercial world then the performance and flexibility has to improve dramatically. One of the concerns with the consensus model is about the computing power required. This could lead to the possibility of a minimum number of nodes being concentrated in one region. That happened to Bitcoin in China where 80% of the mining nodes are based.

If the number of blockchains could multiply rapidly globally, it no longer becomes a computational burden but also a data transportation problem

As this technology spreads into other walks of life, not only could the size of the chains increase but also the number of blockchains could multiply rapidly globally, as well as within a single organisation such as Walmart where it has a diverse supply infrastructure. This no longer becomes just a computational burden but also a data transportation problem. 

To maximise the security and performance, the greater the number and diversity of nodes or miners the better, but this leads to a problem of how to transfer this encrypted data around the world in a performant and efficient way. In the past we have used compression to improve the performance of data transmission over large distances, but trying to compress encrypted data is very inefficient. What is therefore needed instead is a technology such as PORTrockIT to enable data to travel more securely and faster than before – making it harder for hackers to gain unauthorised access to even blockchain data. This is a need that the customer wants to be addressed, and it can now be done well.

How data acceleration will make the blockchain even more secure

Michael Salmony, executive adviser at Equens, spoke about ‘Making Tea on the Blockchain’ at the Financial Service Club in January 2017. He argued that blockchain is but one solution. Other options for making smart and secure transactions should also be considered. He even goes so far as to ask on Linkedin: ‘Blockchain – not for payments?

Questions like this one are important because so many people have been jumping onto the Bitcoin and blockchain bandwagon over the last few years with the view that it’s the answer to all of their prayers. In some cases it might; in others it might not be.

Blockchain will revolutionise the financial systems overnight, taking away the need for the banks’ stuffy 300 year old way of doing things

In his blog he refers to Satoshi Nakamoto, the creator of Bitcoin, who described in one of his papers “how to make remote payments ‘without a trusted third party’ (like a bank) that are ‘computationally impractical to reverse’.” The problem is that much of the hype around Bitcoin has largely gone away as it has been subsumed by massive episodes of fraud and losses, and internal political wrangles. The analyses of the European Banking Authority and other organisations has also laid bitcoin bare to the point that its volatility became too much. Their scrutiny opens up the fact that there are other opportunities for manipulation and so he claims its flaws become very apparent.

Applying caution

“However, the underlying distributed consensus algorithm now popularly called blockchain still is the subject of heated discussion and massive investments of time and money”, he says before adding: “Normally I am very much in favour of innovations, but in this case I lean towards…being cautious about blockchain for payments (although the discussion around this may be anything but short-lived).”

His caution is based on the following:

  • Blockchain is a solution looking for a problem. He argues that innovation should always put the customer first and not the technology. “People are madly trying to work out what this Blockchain solution could be used for”, he explains.
  • It isn’t new. He says that Blockchain is often praised for its novelty, but points out the distributed ledgers have been around for decades.
  • It isn’t good technology. He comments that some people say that Blockchain is a much better system than what has previously existed. They argue that it maydrastically improve cost, security, speed, and user friendliness compared to current existing systems.

He explains that this often isn’t the case: “Increasingly experts agree that there is little evidence for this – especially regarding the public blockchain that would be needed for global payments. Its major pitfall is that it does not scale well (transaction limits, latency, storage explosion), uses extraordinary amounts of resources (energy, processing power), has severe security concerns and is even surprisingly bad at privacy. Should we really base a critical infrastructure like payments on this?”

He therefore argues that it is becoming increasingly clear “that central entities are actually required in real world blockchain implementations.” As a result of this situation blockchain won’t favour any ideologists whom are in favour of a system without central points of trust – such as banks. This leads to a lack of compliance and to the technology being favoured by darknet users looking to undertake a number of dubious activities. However, banks and financial services institutions have to live in the real world to ensure that they are compliant with Know Your Customer and anti-money laundering (AML) legislation and regulations.

Subsequently they need to provide an infrastructure they can all depend upon. This need for compliance may in turn lead to more technological leadership in the financial services community. This leads to companies and individuals prioritising their own agenda and business decisions concerning business issues and about technologies such as blockchain, API, NFC, quantum, identify, authentication, wearables, and so forth. In essence, what matters is whether a certain technology works in terms of scalability, compliance, cost effectiveness, and proven capabilities.

Changing the world

In contrast to Salmony’s personal viewpoint I think that blockchain technology will likely, maybe, or possibly change the world. It will revolutionise the financial systems overnight, taking away the need for the slow incumbent banks and their stuffy 300 year old way of doing things. For anyone that has been in the IT industry for the last 20 years will know and recognise the hype cycle that tends to happen when a new technology emerges – just look at the internet.

The revamped Gartner hype cycle – Throw VC Money At It, the Peak of Oversold Over Promises, the Trough of Reality, and finally the Gentle Slope of Making It Work in the Real World

Hang on, I hear you say. The internet has changed the world of information, social interaction, consumer purchasing, and so on.  In reality it has shrunk and transformed the world beyond all recognition, but those of us who are ‘long in the tooth’ will remember the hype that went into it in the early days. This involved a lot of money, speculative ventures with mind boggling valuations that really didn’t have at the centre a solid business idea or plan. 

Some of these were just too far ahead of their time. Take for example what author Steven Banks highlighted in his book “The Four Steps to the Epiphany: Successful Strategies for Products That Win”. In it he wrote about the home grocery delivery Webvan. This company focused so much on the back end functions to the detriment of gaining customers – or perhaps the market just wasn’t ready yet.

Technology dèja vu

So what has this all got to do with blockchain? Well, it does have a bit of dèja vu feeling similar to that of the internet where just maybe, the hype doesn’t quite match reality. Over the past 300 or so years, the world’s banking infrastructure has grown up on a basis of trust with traceability, governance, dispute resolution, etc. This postulates that in reality there is no need or appetite within the core business of banking and finance. In fact how is one going to regulate such subjects as money laundering local reporting requirements? The list of compliance issues is quite extensive.

However, the proponents of blockchain technology or distributed ledger technology (DLT) as it is now known, talk of the speed of transactions compared to traditional banking process. With a large DLT the norm for confirming transactions on the original bitcoin DLT is around 10 minutes. This is a minuscule amount of time when compared to foreign currency movements through our traditional banking system that can take up to five days. Well, in our hearts of hearts, we all know that this is not the fault of the underlying technology in the banking system, but percentage skimming by the banking system.

When you consider the sheer amount of money passing through banks each day, holding it for a couple of days before processing it can create some considerable bonuses.  Let’s go over that part again and consider the number of transactions each day on a DLT, which is increasing as performance increases. Firstly, it will never reach the numbers required say for the Visa network that handles on average 47,000 transactions per second or Nasdaq’s potential 1M tps. All this brings into question its scalability. But does this mean that there are no uses for DLT – far from it.

Let’s go back and review that wonderful Gartner hype cycle where they talk about the Innovation Trigger, the Peak of Inflated Expectations  and that all important Trough of Disillusionment. I would like to call them – Throw VC Money At It! People do this in the belief that it will solve everyone’s problem. There’s also the Peak of Oversold Over Promises, then the Trough of Reality, and finally, the Gentle Slope of Making it Work in the real world.

Dot-com peak

Now with these in mind, cast your minds back to the turn of the century in just the same way the dot-com peak turned itself into real businesses. I think we are nearly there with distributed ledger technology despite what a lot of detractors claim that this is a solution looking for a problem.  To understand this it’s important to take a step back, to gain a more pragmatic viewpoint, because blockchain could well be at the heart of many of the trusted transactions in the world because it has some highly valuable features. Much depends on whether it is used in the right manner. 

DLT (blockchain) has some valuable practical usage in markets segments outside of the core banking world where traceability is vital such as in the diamond trading (this could possibly bring an end to Blood Diamonds), fine art, medical records, land transactions and deeds. In fact, the USA grocery giant Walmart is about to enter trials of a DLT for tracking foods from the point of origin all the way through distribution and inspection to the shelf in the store.  Should anything raise the suspicion as to the safety of the items, these can be traced over every single store and the whole supply chain. With this they are looking to provide a greater level of food safety, reducing not only the costs possible litigation but also minimising food wastage.

Security and consensus

Great emphasis has been put on the security of the blockchain with its encryption and its distributed consensus model. For the technology to work on a global scale in a commercial world then the performance and flexibility has to improve dramatically. One of the concerns with the consensus model is about the computing power required. This could lead to the possibility of a minimum number of nodes being concentrated in one region. That happened to Bitcoin in China where 80% of the mining nodes are based.

If the number of blockchains could multiply rapidly globally, it no longer becomes a computational burden but also a data transportation problem

As this technology spreads into other walks of life, not only could the size of the chains increase but also the number of blockchains could multiply rapidly globally, as well as within a single organisation such as Walmart where it has a diverse supply infrastructure. This no longer becomes just a computational burden but also a data transportation problem. 

To maximise the security and performance, the greater the number and diversity of nodes or miners the better, but this leads to a problem of how to transfer this encrypted data around the world in a performant and efficient way. In the past we have used compression to improve the performance of data transmission over large distances, but trying to compress encrypted data is very inefficient. What is therefore needed instead is a technology such as PORTrockIT to enable data to travel more securely and faster than before – making it harder for hackers to gain unauthorised access to even blockchain data. This is a need that the customer wants to be addressed, and it can now be done well.