In a business environment where cybercrime continues to pose a real and present danger to businesses of all sizes, paying close attention to how data and devices are protected is now of paramount importance. As Werner Vogels, Amazon’s chief technology officer recently put it, we need to “encrypt everything”.

There has perhaps never been a more urgent time to look at encryption strategies. Government research from 2018 revealed that over two in five businesses (43%) have identified security breaches in their systems in the last 12 months. Some of the most common attacks included staff receiving fraudulent emails (75% of those breached), individuals impersonating the organisation online (28%) and viruses and malware (24%). What’s more, security breaches on average cost organisations 894 per incident over the past year.

Legacy systems such as desktop PCs and servers generally use high levels of encryption. However, mobile digital devices often use reduced levels of encrypted security, if indeed they use any encryption at all. According to Sophos, only a third of businesses encrypt the smartphones and tablets they hand out to employees.

Then there’s the cloud to consider, which has become a new battlefield in the fight against cyber crime. As cloud adoption has increased, businesses have slowly handed off the responsibility for encrypting data to service providers that are themselves becoming a favoured target for cyber criminals.

Businesses understand that their customer data, in particular, must be encrypted. Highly regulated industries, such as financial services, have long used strong encryption to meet their compliance responsibilities, with other sectors reacting to high-profile security breaches by enhancing their use of encryption tools and protocols.

For example, the payment card Industry’s Data Security Standard (PCI DSS) has strict requirements on how merchants need to employ encryption to protect stored cardholder data. The Data Protection Act 2018 and GDPR (General Data Protection Regulation) both make it mandatory that businesses take practical steps to protect customer data.

Data dispersal

However, companies are seeing that work is changing and that modern workplace practices, such as remote working, are creating new challenges when it comes to protecting data. Many businesses now operate with a highly dispersed workforce, one that still requires secure lines of communication to the office.

Some technologies have helped in this regard. Virtual private networks (VPNs) that use built-in encryption protocols are now becoming widespread, particularly across the small business community because of their relatively low cost and efficient deployment.

Yet this dispersal of employees is often a “barrier to a successful encryption strategy”, according to findings from the Ponemon Institute’s 2019 Global Encryption Trends report, with many businesses being unable to source where their sensitive data resides.

Some 69% of those surveyed said that data discovery was their biggest headache when it came to encrypting data, 42% found difficulties when first deploying new technologies, and 32% said they struggled to identify what data they should be encrypting as a priority.

For Martin Whitworth, research director of European Data Security and Privacy for IDC, businesses need to have an understanding of the application of encryption, specifically what it can and can’t do.

“It is important for all organisations to have a stance, and policy, on encryption,” says Whitworth. “However, this should not just be shelfware – it must reflect a well thought out position. In fact, one of the real benefits of developing an encryption policy is that it should drive a greater understanding of the topic, what it can do and what it can’t do.” 

He adds that even those businesses who do have encryption policies in place, these often fail to fully protect data once it has been transmitted to remote workers outside of the organisation’s firewall.

“Most small businesses are probably already using encryption – specifically encryption of data in transit, via their use of ‘secure’ web sites (SSL/TLS) and possibly VPNs for remote access,” Whitworth adds. “But they should also be seriously looking at encryption of data at rest; whether this is full disk encryption of laptops and/or smartphones to protect the sensitive data that they have.”

Despite there being an abundance of security tools available for businesses of all sizes, he believes that many of these are “off-putting to small businesses” as they are “not easy to integrate with existing applications”.

“What is often missing are the skills and knowledge to implement, maintain and operate them appropriately,” adds Whitworth, something which hits small businesses the hardest.

Understanding the basics

Despite the challenge facing small businesses, it’s possible to simplify the process of encryption, provided you have a well-defined and communicated policy across your business. Data is now your business’s most precious commodity – a commodity that must be protected.

The Ponemon Institute research found that 44% of businesses performed encryption on-premise before sending data to the cloud using keys their organisation generates and manage. However, 35% of respondents perform this encryption in the cloud, with cloud providers generating and managing those keys. Some 21% of respondents are using some form of Bring Your Own Key (BYOK) approach.

Regardless of the favoured approach to encryption, there are basic steps that all businesses should be taking. “Encryption is no longer an additional expense, it’s something you can enable on most new devices,” explains Oscar Arean, technical operations manager at Databarracks.

“A password on a laptop doesn’t make the data secure. It’s relatively easy to get access to the data either on the laptop or by removing the disk itself. BitLocker is a good start on new Windows laptops, or Mac’s have FileVault. Neither are enabled by default; however, so the first and most important step is actually to enable encryption.”

David Sutton is author of Cyber Security: A practitioner’s guide, published by BCS. His advice is provided in a private capacity and doesn’t necessarily reflect the views of BCS. He believes that encryption can be turned into a fairly straight forward exercise for small businesses, but they should be aware of the added restrictions it could place on day-to-day operations.

“Most commercial encryption software is suitable (or has a product) suitable for small business use,” explains Sutton. “For file and disc encryption, there are really no cons.”

However, he adds that “for email encryption, both sender and receiver must operate the same encryption standard, which can lead to complications when dealing with other organisations who already operate different systems. On the pro side, it’s normally win-win on all types.”

How to use encryption

Having a full understanding of the data landscape across your enterprise will help you figure out what types of encryption you need. When data is at rest stored on hard drives, servers or mobile devices, for instance, file or full drive encryption should be considered.

It’s when data is in motion that encryption becomes even more vital. When data moves over your business’s network or out onto the wider internet, it must have some form of encryption. It’s likely your business has continued to expand its use of the cloud in some capacity and is probably developing hybrid cloud deployments. If that’s the case, data must be encrypted at rest as well as when it’s being transmitted.

Ramon Krikken, research VP Analyst at Gartner, tells IT Pro: “Encryption is considered a baseline control and often provides a first technical step in compliance programs. Encrypted communications, such as TLS (Transport Layer Security), provide a strong control.

“Data-at-rest encryption is more challenging,” he adds, “because the layer at which it is deployed determines how much protection it provides – it’s but a small part of a larger control set that includes monitoring and access control. In addition, encryption key management for data-at-rest encryption is a critical element, because losing the keys means losing the data.”

Of course, the quality of any encryption policy comes down to how keys are generated, applied and managed. For larger businesses, this is somewhat of an easier task despite the quantity of data that needs to be encrypted. Cryptography is often managed by in-house experts equipped with expensive hardware and software.

These resources aren’t something that’s typically available to small businesses, and investing in in-house expertise isn’t usually feasible. As a small business, you’ll likely find yourself working more closely with service providers. However, if that isn’t an option that works for you, you can call upon key management products that are provided as a service. These tend to give you more control over encryption keys, but generally, it’s more difficult to maintain full control unless you have the resources to do so.

What has become clear for all business owners is encryption must form a fundamental component of their data security policies. Where data is stored, who has access and, importantly, how data is protected when in transit and at rest, all require strong encryption protocols.

The use of mobile devices has also moved the perimeter of the security environment businesses have to manage outside of the control of their premises. Ensuring all data communications use strong encryption is now critical to meet data protection and regulatory privacy requirements.

Also, don’t forget your staff. Consistently, one of the weakest links in a security system will often be the people handling data. Ensure your business has detailed and on-going education and training to encompass the encryption tools you are using to ensure they are always correctly used and not avoided for forgotten.

Many businesses faced with complying with Making Tax Digital (MTD) need to take some time to assess their current business needs, how these might change in the near to medium-term future, and figure out what technology they’ll need to comply.

The key driver behind MTD is to move businesses, no matter their size, to some form of digital accounting. MTD is seen as not only a major efficiency win for the enterprises concerned, but it also enables the government to streamline the tax systems that are in place today. In an ideal world, this would mean an online tax account for every business and self-employed person, for fast and efficient tax filing.

However, how businesses use IT can vary significantly, particularly as access to certain technologies is not always possible. Adopting MTD may be a significant challenge for some enterprises, while for others it will require little more than a few tweaks to their existing systems. The vast majority of companies will, however, fall between these two extremes.

It because of this that calls have been issued to delay the rollout of MTD, currently expected to arrive in April, something that the UK government has seemingly rejected.

Tax shouldn’t be taxing

How your business’ digital accounting systems will evolve will, of course, depend on many factors. Your company may already use some form of digital accounting software, so the question may be, does this application need to be upgraded to be compatible with MTD?

With research from Spiceworks revealing 52% of businesses are still using Windows XP, this doesn’t bode well for small enterprises keeping their accounting applications up-to-date.

There is also the matter of training and competence with the applications, especially if these are new to your company. It won’t be possible to instantly use any of the cloud-based applications without a period of training. Factoring this into your transition period is vital.

Small business owners are also concerned that their level of technical knowledge won’t be good enough to avoid what could be costly mistakes when choosing new digital accounting systems.

Peter Ford, public sector industry principal at Pegasystems, says that his company is working with HMRC to develop their front facing services.

“Digital solutions used by SMEs and their agents should offer the customer experience that allows them to complete online filing without any technical knowledge, and only the level of business engagement that one would expect any other major mandatory function within their organisation. Systems that HMRC provide, including APIs, interfaces and online services should be equally easy to use that will allow an SME to complete digital filing as they would any other regular business function, such as paying staff.”

Your business’s current level of technical knowledge will determine how complex supporting MTD will be for your company. Small businesses, in particular, will have to potentially make the most radical changes, as until now they may have simply completed their own self-assessment tax form. In the world of MTD, moving to a hosted accounting service will be unavoidable.

Understanding your objectives

Mark Taylor, a technical manager in the Technical Innovation wing of the Institute of Chartered Accountants (ICAEW), explains to Cloud Pro that businesses need to assess their requirements before choosing an MTD software provider.

“Choosing an MTD application should be approached in the same manner as selecting business software,” explains Taylor. “An organisation should start with understanding its business objectives, what problem are you attempting to address? In this case MTD.

“Next, technology requirements need to be considered. Should the application be cloud-based? Do you need to support mobile devices or need to integrate with an existing application? Once these requirements have been established, a business can start to research possible solutions.

He explains that some businesses have found success with a scorecard approach, in which each application is marked against a company’s existing systems and requirements, with the totalled scores revealing the best overall package. How a business implements this system isn’t important – what matters is that it helps to “formalise the selection process and provide more assurance that the right application is being selected.”

As with all software moves, pitfalls are almost certainly going to be encountered, yet, given the fierce market competition that is developing ahead of the April deadline, vendors will be trying to make the onboarding process as simple as possible.

“Software vendors often provide trial versions of their applications for free,” explains Taylor. “The key to making successful use of these trials is to use them with realistic data and in a representative manner. Casually playing with an application will not provide sufficient insight as to how well it will integrate into your business.”

Approaching the transition to digital accounting and tax filing needs all the due diligence you would use when choosing any new services for your business. Today, the cloud-based accounting market has continued to expand and evolve. Stalwarts of business accounting such as Sage have been joined by newer services such as FreeAgent and Crunch. What they all attempt to do is simplify the accounting and tax filing processes all business must comply with.

As each application or service is different, one size doesn’t fit all. Take your time to talk to other businesses in your sector. Case studies and information from your business’s trade associations can often shed light on the shortcomings of some applications or services you may not be aware of. Use this knowledge to make sure you purchase the right digital services to comply with MTD.

As the quantity of customer data flowing into your business continues to grow, automating aspects of your enterprise’s processes has become a commercial imperative. One key area to focus this development upon is marketing.

Your cloud deployment has already brought several benefits to your company. Whether you have a private, public or hybrid cloud deployment, the hosted infrastructure you have in place is the ideal environment to radically alter how your business uses its marketing technology.

According to Flexera’s State of the Cloud Report, optimising existing cloud use for cost savings continues to be the top initiative in 2019 for the third year in a row, increasing from 58% in 2018 to 64% this year. Others include moving more workloads to cloud (58%), expanding the use of containers and adopting a cloud-first strategy (tied at 39%) and implementing automated policies for governance (35%).

Noah Elkin, senior analyst with Gartner, tells Cloud Pro: “When you look at the momentum within the marketing automation systems (MAS) marketplace, the direction of travel is towards more cloud deployments. Most of the mega-vendor solutions are either 100% cloud or some level of hybrid cloud deployment. Ultimately, MAS connects a business with data that enables them to deliver more personalised services to its customers. The 360-degree view of a customer that MAS can deliver is now central to the development of all businesses.”

Implementing MAS isn’t just about cost reductions either. It also offers the opportunity to bring in other related technologies, such as artificial intelligence (AI) and machine learning (ML). A report by tech advisory and investment firm GP Bullhound recently showed that $1 billion was invested into AI-related marketing companies in Q2 2019 alone.

Speaking to Cloud Pro,Oliver Schweitzer, executive director at GP Bullhound, explains: “Artificial intelligence heralds the beginning of a new marketing era, driven by the need to connect vast amounts of disparate data, uncover patterns and make predictions, which only AI can accomplish.

“AI will become increasingly integrated into digital services and marketing processes; however, human intelligence and intuition will remain critical to interpret its findings and implement strategic and creative plans accordingly.”

Three significant themes within marketing AI are considered within the report: Hyper-personalisation, branding and B2B. Personalising customer journeys is the most common way for marketers to deploy AI, with a quarter (24%) already using AI to this effect, and almost two thirds (59%) planning to do so in the next two years. When coupled with a cloud-based MAS, this technology becomes an even more powerful marketing tool.

Automated marketing

MAS has seen a massive uptick in popularity, as it offers businesses a suite of tools they can use to potentially expand and improve their marketing channels.

Explaining the reasons behind this, Melody Siefken, research analyst for digital media at Frost & Sullivan, tells Cloud Pro: “All marketing is data-driven and measurable, and in the digital environment, there is no shortage of customer data for marketers to use, ranging from qualitative data such as page views, to call-to-action clicks, and conversion percentages. There are also measurable qualitative data, such as an attitude about a product or service, product reviews, and social media interactions. Businesses are adopting MAS to try and make sense of the unlimited amounts of customer data and turn this data into actionable, intelligent leads and lead scoring for sales enablement.

“MAS also allows them to execute an omnichannel approach to reach customers from all sides, including through channel partners and direct sales, to create a seamless and consistent customer experience/journey. Tools found in end-to-end MAS act as the central data repositories that monitor and collect all customer data for all the departments in a business to use. By adopting MAS, enterprises of all sizes have a dependable and scalable tool that allows them to make sense of the many types of customer data to bring up a bottom line and show a valuable return on investment.”

For marketing automation systems to realise its full potential, it’s vital to ensure cloud and MAS services are integrating across business functions.

“The cloud and MAS integrate by building a big-picture platform that manages all customer data and parameters of communication. Typically, MAS is made up of four components: campaign management, lead management, sales enablement, and marketing analytics and measurement,” Siefken says.

“Most MAS offerings on the cloud are accessible from anywhere, and all are based on a subscription pricing model, which typically gives the users unlimited access with the right authorisation. Cloud-based MAS often have large integration libraries so customers can connect their existing software and solutions to the platform for that seamless experience. Data silos are removed this way.”

It’s also important to take the time to carefully think about data location when implementing a MAS solution in the cloud. For many businesses, data security and data sovereignty, as well as how easy it is to locate and migrate the data are major considerations. This will feed into questions about what cloud service providers and platforms are the most suitable for your needs.

For a further minority of organisations, latency is also a serious hurdle that may put paid to any thoughts of deploying MAS entirely in the cloud.

“[Frost & Sullivan] research also shows that in a few use cases with MAS and customer interactions, response times need to be in milliseconds, and so there is an increasing desire to reduce latency by computing some of the algorithms at the edge, rather than on the cloud,” explains Siefken.

When it comes to how MAS will evolve in the coming years, Siefken says that it’s moving from point and standalone options to full suites, thanks to the use of cloud services.

“Businesses can pick and choose the apps and functionalities they require to build their MAS, and this will be a continued trend in the era of personalisation,” she says. “MAS is evolving from an out-of-the-box solution to a customised, tailored fit platform. Integration is a must-have feature, especially as businesses look to connect their CRMs, ERPs, and sales tools like Salesforce to their MAS.”

Leveraging the cloud

As your business has embraced more cloud services, the benefits hosted services such as MAS has become apparent.

“We see the adoption of MAS in the mid 50% range, with another 25% of organisations planning to deploy this technology within the next two years. Projecting this forward, we will see an 80% uptake within the B2B and B2C sectors,” says Gartner’s Noah Elkin.

“When you are making a marketing technology purchase – especially when it is a major purchase like MAS, you must have a clear sense of what your business goals are. Ask yourself what the technology is expected to deliver. Also, pay close attention to the other stakeholders in your business or organisation. This is critical, as they will help integrate and maintain the system you are installing. As MAS could affect a range of business processes, MAS implementations are business-wide taking in IT and marketing.”

The cloud infrastructure your business has in place is an ideal environment for MAS. Moving forward, automating some critical areas of your enterprise’s marketing activities will become the norm. It’s vital, though, to understand that MAS touches multiple areas of your business. The most successful MAS implementations consider this. With all stakeholders working in unison, MAS could be massively transformative for your business.