Sales of hardware for cloud infrastructure slid slightly over the past year as part of overall weaker sales in IT, according to IDC, but they still exceeded spending on non-cloud infrastructure for the second time ever.

The analyst firm said cloud IT infrastructure spending declined for the second quarter in a row in the third quarter of 2019, down 1.8% from the same period last year.

While public cloud infrastructure declined 3.7% on the year, that segment is still worth $11.9 billion in quarterly sales. And while sales for public cloud dropped versus the same period last year, they were up by 24% from the quarter before.

“As the overall segment is generally trending up, it tends to be more volatile quarterly as a significant part of the public cloud IT segment is represented by a few hyperscale service providers,” IDC reported, adding that public cloud makes up most of the spending.

With such volatile quarterly figures, it’s easier to look at the market on an annual basis, and IDC noted public cloud IT infrastructure had stable growth since the analyst firm began tracking the segment. “In [the third quarter of 2019], vendor revenues from private cloud environments increased 3.2% year over year, reaching nearly $5 billion. IDC expects spending in this segment to grow 7.2% year over year in 2019 to $21.4 billion,” the company predicted.

IDC splits infrastructure into three areas: ethernet switches, compute platforms, and storage. While compute will remain the largest segment for cloud infrastructure spending, it’s expected to see growth of just 3% in 2019, while storage will be flat. The Ethernet switches segment is predicted to climb 11% on the year.

IDC said that the IT infrastructure industry was reaching the point where cloud will outstrip spending on traditional, non-cloud systems. Up until this last quarter, cloud spending topped non-cloud only once, back in the third quarter of 2018. In the last quarter, cloud hardware spending topped 53%.

“However, for the full year 2019, spending on cloud IT infrastructure is expected to stay just below the 50% mark at 49.8%,” IDC added. “This year is expected to become the tipping point with spending on cloud IT infrastructure staying in the 50+% range.”

IDC forecasts traditional infrastructure will make up 42% of sales by 2023, down from 52% in 2018. That’s in part due to spending on traditional environments declining, with IDC predicting it to fall by 5.3% over 2019.

“This share loss and the growing share of cloud environments in overall spending on IT infrastructure is common across all regions,” added IDC. “While the industry overall is moving toward greater use of cloud, there are certain types of workloads and business practices, and sometimes end user inertia, which keep demand for traditional dedicated IT infrastructure afloat.”

Spend management software provider Compleat Software has expanded its relationship with Sage, adding a new integration between iCompleat and Sage Intacct.

Designed to streamline the accounts payable process, the expanded relationship will see the firm market and sell its AI-powered iCompleat Buy to Pay service on the Sage Intacct Marketplace.

The move becomes the third integration between the two companies, following previous Sage 50 and Sage 500 additions, and forms part of Compleat’s plans to expand internationally in places such as North America and Australia.

“The simplicity, rapid deployment, increased levels of automation, and cost savings achieved when buying online makes iCompleat an asset for every business,” said Annabel Sim, VP of global sales at Compleat. “This expanded partnership will help our solution to stand out and be successfully adopted in the USA and Australia, in addition to the success achieved in the UK already.”

Initially focused on North America, Sage’s Intacct integrated services repository was recently launched in the UK and Australia and is the first and only preferred financial management service of the American Institute of Certified Public Accountants (AICPA).

Compleat’s software is the first accounts payable automation add-on with a built-in online buying service available on the platform. Its latest product allows users to make Amazon Business purchases from iCompleat, enabling automated invoice matching with simple product ordering tasks.

Through AI and machine learning, the software automates the cycle of buying, invoice capture and approval processes. This increases accounts payable efficiency, the firm said, and eliminates the risk of fraud by providing full visibility and control of company spend.

“We continue to add powerful solutions to the Sage Intacct Marketplace,” commented Eileen Wiens, VP of business development for Sage Intacct. “Sage Intacct customers can now benefit from the built-in online buying functionality and Compleat’s partnership with Amazon Business which takes the Buy to Pay software functionality to a whole new level of automation and end convenience.”

Up to 100 million is being poured into researchers and small businesses as part of public sector efforts to invest in emerging technologies like artificial intelligence (AI).

The government’s Future Leaders Fellowships scheme will receive 78 million to be invested in 78 researchers to work on scientific and technological discoveries.

The remaining 20 million will be allocated to universities to support small businesses in rapidly-growing industries including AI, but also areas like clean growth and agri-food.

The 20 University Enterprise Zones (UEZs) will provide specialist support to small businesses and raise the level of knowledge-sharing between academics and entrepreneurs through frequent collaborations.

Through these UEZs, startups and small businesses will be given the facilities and expertise to help take their ideas through from a concept into the production and marketing stages.

These programmes will run across the UK in cities like Exeter, Falmouth, and Durham, not just London, with the government hoping this regional diversity will lead to several improvements to local economies.

These packages are part of the government’s UK Research and Innovation (UKRI) programme, which has seen various sums allocated to boosting aspects of tech growth in recent months.

The NHS, for example, this month received 69.5 million to fund four projects that involve developing therapies and technologies to treat genetic mutations that predicate life-threatening conditions like cancer and arthritis.

The UKRI programme even funded three R&D projects in Bristol with a 50,000 round of investment in March this year.

“UKRI is committed to creating modern research and innovation careers and our Future Leaders Fellowships aim to support and retain the most talented people, including those with flexible career paths,” said UKRI chief executive Professor Sir Mark Walport.

“These 20 University Enterprise Zones funded by Research England will be important focal points for collaboration in business-friendly environments, driving innovation and delivering benefits that will be felt across economies at the local, regional and national scale.”

The largest recipient of the 20 million UEZ fund is the University of Southampton, which will use a 1.5 million boost to fund the Future Towns Innovation Hub.

Other prominent projects include Oxford Brookes’ 1.2 million AI & Data Analysis Incubator, and Lancaster University’s Secure Digitisation UEZ.

Blockchain is an advanced way of logging and protecting data and changes to a decentralised database that makes it difficult to manipulate. It’s the technology that underpins digital currencies, such as Bitcoin, and helps to protect against double-spending and hyperinflation in banking. It’s even used to achieve automated supply chain management in manufacturing.

Blockchain is a type of distributed ledger, one that operates as a public platform of data records that isn’t “owned” by any individual. It allows people to exchange information in real-time, with that information changing hands multiple times at once, all while being verified to ensure changes are legitimate.

Blockchain is among the most experimental and emerging technologies around given the sheer amount of moving parts needed to ensure the information is correct at all times, wherever it resides. There’s also a pressing need to ensure it’s accurate, and that everybody can access the same information as each other.

Data resides in a limited number of “blocks” that together make up a “chain”, hence the name Blockchain. Any data sent or received over the chain of data blocks can be viewed by any person, at any time. Any changes to the chain are confirmed and uploaded at the same time as well. Because it doesn’t reside in a single location, however, such as a database or server, it means it’s incredibly difficult to disrupt or hack; this would require every single node supporting the network to be compromised at the same time.

Although originally developed for digital currencies, businesses are now seeing the benefits of implementing forms of distributed ledgers in their own organisations, particularly to protect secure data in environments such as hospitals or by estate agents to secure property purchases.

New use cases

No-one really knows who invented Blockchain. Its initial research paper was published under the name ‘Satoshi Nakamoto‘, the same person attributed to the creation of Bitcoin but it’s likely that the name on the paper was a pseudonym for a group of people who all had a hand in the technology’s development.

Blockchain solved the problem of ‘double spending’, recording what transactions had taken place on the network and preventing users from using the same digital token more than once. It also presented the opportunity for the currency to be decentralised, so governments and other authorities were not required to regulate or oversee it, making it a completely free, global currency.

However, the idea of having a distributed ledger that is not owned by anyone clearly has benefits. For one, it’s super-secure because no one owns the original file and it can be updated without the threat of hack.

It also means data even the most sensitive information such as that related to personal identities, medical information and insurance records can be stored in a place that can be made accessible by all parties in a way that’s trusted.

Now that the technology has been in the public domain for a good few years, companies are finding innovative ways of deploying it. There are, for example, a slew of cannabis startups using blockchain to get a head start in an emerging industry. Most recently, startup TruTrace Technologies partnered with auditing firm Deloitte to track cannabis using blockchain technology, according to Proactive Investors.

The system tracks the drug from seed to sale in order for customers and retailers to know the history of the product as it passes through the supply and consumption chain. 

The rise of blocks

Blockchain relies on blocks of data connected in a chain, as its autonym name suggests. The chain is cryptographically secured and distributed among those that want to change or tweak parts using a network. As the chain evolves, new blocks are added and the person or node that adds that block is solely responsible for authorising it and ensuring it’s correct.

What’s unique about blockchain technologies is that none of the blocks can be changed or removed after being added – a reason to ensure it’s definitely correct or accurate before adding to the chain.

The way blockchains are created makes them perfect for highly regulated industries that need to have a paper trail of changes. Because it’s tamper-proof, the financial sector is one of the industries taking the technology seriously and it was created for Bitcoin for exactly this reason.

Bitcoin miners add the blocks, acting as nodes in a huge peer-to-peer (P2P) network. Everyone works together to validate transactions, without changing anything in the chain. Because every block is linked together in a chain, nothing can be changed without breaking the chain and to change anything, it would need every person who’s ever added a block to change their additions – an impossible task when so many people are using a single network. 

Not all blockchains are built the same, and the time it takes to process blocks of transactions can vary. Given the nature of buying and selling, cryptocurrency blockchains tend to be the quickest examples. The Ethereum blockchain, which supports the Ether cryptocurrency as well as countless other industry projects, is able to process transactions in around 15 seconds, whereas Bitcoin’s network generally takes around 15 minutes.

More affordable and efficient

Blockchain networks can operate through multiple computers across the world, sometimes thousands, in an open P2P configuration. There is no centralised database or server, and because of this users, or nodes, can organise and audit information quicker and more effectively. But the time taken to verify information does scale with the size of the network.

There are benefits to the nature of blockchain networks, with implications for privacy and security. For instance, the fact the data is not stored in any one location means it is difficult, if not impossible, to hack these networks and steal any data, or shut them down. They are also able to withstand the risk of outages, as all nodes would have to be individually taken down for the blockchain to be knocked offline.

Cooperation and collaboration is normally at the heart of most blockchain networks too, with the various users operating under a shared goal. For example, users in the financial services sector would be working to building a safer and more secure method for storing and processing transaction information. While a physical file room may have once been a fixture of such operations, a blockchain network can enable one to transmit data far quicker, and more accurately.

The scope for blockchain to reduce the risks of fraud, and allow for more affordable financial processes, is greater too – with many systems such as these, albeit in their infancy, already producing some results. Santander, for example, earlier this year rolled out a blockchain technology based on Ripple that could accelerate payments across borders.

Public vs private

Much like the field of cloud computing, the function and implementation of blockchain can vary significantly depending on whether it’s designed to be public or private. The primary distinction between these types comes down to who can access a system.

Public

Public blockchains operate a shared network that allows anyone to maintain the ledger and participate in the execution of blockchain protocol – in other words, authorise the creation of blocks. It’s essential for services such as Bitcoin, which operates the largest public blockchain, as it needs to encourage as many users as possible to its ledger to ensure the currency grows.

Public blockchains are considered entirely decentralised, but in order to maintain trust, they typically employ economic incentives, such as cryptocurrencies, and cryptographic verification. This verification process requires every user, or ‘node’, to solve increasingly complex and resource-intensive problems known as a ‘proof of work’, in order to stay in sync.

This means public blockchains often require immense computational power to maintain the ledger, which only worsens as more nodes are added, and predicting how much that will increase is difficult. Given the number of voices in the community, it’s also incredibly difficult to reach a consensus on any technical changes to a public blockchain – as demonstrated by Bitcoin’s two recent hard forks.

Private

Private blockchains are arguably the antithesis of what the technology was originally designed for. Instead of a decentralised, open ledger, a private blockchain is entirely centralised, maintained by nodes belonging to a single organisation or entity.

It’s a novel design tweak that has allowed the technology to flourish within those organisations looking for the same streamlined transactions afforded by public blockchains, only with highly restricted access. As there are fewer participants on the network, transactions are normally cheaper and verified far quicker on private chains, and fixes to faults or network upgrades can be implemented almost immediately.

In order to share the data stored on a private chain, they often operate using a permission-based system, in which node participants are able to grant read access to external parties, such as auditors or regulators looking to check the inner workings of a company.

Unfortunately, as there are fewer nodes maintaining the blockchain, it can’t offer the same high levels of security afforded by decentralised chains.

Consortium

‘Consortium’ is best described as the ‘hybrid cloud’ of blockchain. It provides the robust controls and ‘high trust’ transactions of private blockchains, only without being confined to the oversight of a single entity.

It sits somewhere in the middle. Although they provide the same limited access and high efficiency afforded by private blockchains, dedicated nodes are set aside to be controlled by external companies or agents, instead of having only read access under a private blockchain.

The easiest way to understand how it differs is to think of consortium blockchains as the equivalent of a council group – with each member having responsibility for maintaining the blockchain, and each having permissions to give read access.

Given its collaborative design, it’s a perfect solution for supporting the work of government committees or industry action groups where a number of companies may come together to tackle an issue – whether that be industries working to combat climate change or maintaining a shared ledger to support the work of the United Nations.

Blockchain vs Distributed Ledger Technology

The term blockchain’ is often deployed to refer to a host of similar yet different technologies, and is often falsely used to refer to any decentralised distributed database. Blockchain is, in reality, only one form of the emerging distributed ledger technology (DLT).

DLT is a form of technology comparable to a database but distributed across multiple physical sites and locations, regardless of how near or far from one another. The purpose of such a phenomenon is to avoid having to rely on a centralised storage system or the need for a middle-man, like a network, to authorise and record changes to the records. When changes are requested, the lack of a centralised system means approval is demanded from all notes across a DLT network.

This concept is being adopted by businesses and organisations at a fast pace, and across various industries. This is not just an innovation developed and taken up by tech companies, but sectors like manufacturing and finance.

There are a number of formats in which DLT arises, but the central idea of a diversity of control is at the heart of all of these. One form of distributed ledger, for example, allows data to be stored on separate nodes, such as banking records beginning with each letter of the alphabet dispersed among different locations Rather than replicated to each area, like in a database as we’ve always known, the data is spread across parts of a network.

Blockchain simply refers to one iteration of this form of technology, more specifically, a data structure that takes the shape of entries stored in blocks. This form of structuring data offers an element of synchronisation between parts of a network – and it’s essential for supporting innovations like Bitcoin.

Despite its success as the building block of currencies like Bitcoin, the system doesn’t necessarily need to have miners and tokens to qualify as a blockchain – the term simply refers to the structure of arranging data into blocks. Blockchains, as a result, are decentralised ledgers where data is replicated rather than distributed.

Unfortunately, the frequency at which blockchain and distributed ledger are used interchangeably has created confusion over the technology as a whole, leading many to dismiss blockchain as simply a tool for Bitcoin.

In a business environment where cybercrime continues to pose a real and present danger to businesses of all sizes, paying close attention to how data and devices are protected is now of paramount importance. As Werner Vogels, Amazon’s chief technology officer recently put it, we need to “encrypt everything”.

There has perhaps never been a more urgent time to look at encryption strategies. Government research from 2018 revealed that over two in five businesses (43%) have identified security breaches in their systems in the last 12 months. Some of the most common attacks included staff receiving fraudulent emails (75% of those breached), individuals impersonating the organisation online (28%) and viruses and malware (24%). What’s more, security breaches on average cost organisations 894 per incident over the past year.

Legacy systems such as desktop PCs and servers generally use high levels of encryption. However, mobile digital devices often use reduced levels of encrypted security, if indeed they use any encryption at all. According to Sophos, only a third of businesses encrypt the smartphones and tablets they hand out to employees.

Then there’s the cloud to consider, which has become a new battlefield in the fight against cyber crime. As cloud adoption has increased, businesses have slowly handed off the responsibility for encrypting data to service providers that are themselves becoming a favoured target for cyber criminals.

Businesses understand that their customer data, in particular, must be encrypted. Highly regulated industries, such as financial services, have long used strong encryption to meet their compliance responsibilities, with other sectors reacting to high-profile security breaches by enhancing their use of encryption tools and protocols.

For example, the payment card Industry’s Data Security Standard (PCI DSS) has strict requirements on how merchants need to employ encryption to protect stored cardholder data. The Data Protection Act 2018 and GDPR (General Data Protection Regulation) both make it mandatory that businesses take practical steps to protect customer data.

Data dispersal

However, companies are seeing that work is changing and that modern workplace practices, such as remote working, are creating new challenges when it comes to protecting data. Many businesses now operate with a highly dispersed workforce, one that still requires secure lines of communication to the office.

Some technologies have helped in this regard. Virtual private networks (VPNs) that use built-in encryption protocols are now becoming widespread, particularly across the small business community because of their relatively low cost and efficient deployment.

Yet this dispersal of employees is often a “barrier to a successful encryption strategy”, according to findings from the Ponemon Institute’s 2019 Global Encryption Trends report, with many businesses being unable to source where their sensitive data resides.

Some 69% of those surveyed said that data discovery was their biggest headache when it came to encrypting data, 42% found difficulties when first deploying new technologies, and 32% said they struggled to identify what data they should be encrypting as a priority.

For Martin Whitworth, research director of European Data Security and Privacy for IDC, businesses need to have an understanding of the application of encryption, specifically what it can and can’t do.

“It is important for all organisations to have a stance, and policy, on encryption,” says Whitworth. “However, this should not just be shelfware – it must reflect a well thought out position. In fact, one of the real benefits of developing an encryption policy is that it should drive a greater understanding of the topic, what it can do and what it can’t do.” 

He adds that even those businesses who do have encryption policies in place, these often fail to fully protect data once it has been transmitted to remote workers outside of the organisation’s firewall.

“Most small businesses are probably already using encryption – specifically encryption of data in transit, via their use of ‘secure’ web sites (SSL/TLS) and possibly VPNs for remote access,” Whitworth adds. “But they should also be seriously looking at encryption of data at rest; whether this is full disk encryption of laptops and/or smartphones to protect the sensitive data that they have.”

Despite there being an abundance of security tools available for businesses of all sizes, he believes that many of these are “off-putting to small businesses” as they are “not easy to integrate with existing applications”.

“What is often missing are the skills and knowledge to implement, maintain and operate them appropriately,” adds Whitworth, something which hits small businesses the hardest.

Understanding the basics

Despite the challenge facing small businesses, it’s possible to simplify the process of encryption, provided you have a well-defined and communicated policy across your business. Data is now your business’s most precious commodity – a commodity that must be protected.

The Ponemon Institute research found that 44% of businesses performed encryption on-premise before sending data to the cloud using keys their organisation generates and manage. However, 35% of respondents perform this encryption in the cloud, with cloud providers generating and managing those keys. Some 21% of respondents are using some form of Bring Your Own Key (BYOK) approach.

Regardless of the favoured approach to encryption, there are basic steps that all businesses should be taking. “Encryption is no longer an additional expense, it’s something you can enable on most new devices,” explains Oscar Arean, technical operations manager at Databarracks.

“A password on a laptop doesn’t make the data secure. It’s relatively easy to get access to the data either on the laptop or by removing the disk itself. BitLocker is a good start on new Windows laptops, or Mac’s have FileVault. Neither are enabled by default; however, so the first and most important step is actually to enable encryption.”

David Sutton is author of Cyber Security: A practitioner’s guide, published by BCS. His advice is provided in a private capacity and doesn’t necessarily reflect the views of BCS. He believes that encryption can be turned into a fairly straight forward exercise for small businesses, but they should be aware of the added restrictions it could place on day-to-day operations.

“Most commercial encryption software is suitable (or has a product) suitable for small business use,” explains Sutton. “For file and disc encryption, there are really no cons.”

However, he adds that “for email encryption, both sender and receiver must operate the same encryption standard, which can lead to complications when dealing with other organisations who already operate different systems. On the pro side, it’s normally win-win on all types.”

How to use encryption

Having a full understanding of the data landscape across your enterprise will help you figure out what types of encryption you need. When data is at rest stored on hard drives, servers or mobile devices, for instance, file or full drive encryption should be considered.

It’s when data is in motion that encryption becomes even more vital. When data moves over your business’s network or out onto the wider internet, it must have some form of encryption. It’s likely your business has continued to expand its use of the cloud in some capacity and is probably developing hybrid cloud deployments. If that’s the case, data must be encrypted at rest as well as when it’s being transmitted.

Ramon Krikken, research VP Analyst at Gartner, tells IT Pro: “Encryption is considered a baseline control and often provides a first technical step in compliance programs. Encrypted communications, such as TLS (Transport Layer Security), provide a strong control.

“Data-at-rest encryption is more challenging,” he adds, “because the layer at which it is deployed determines how much protection it provides – it’s but a small part of a larger control set that includes monitoring and access control. In addition, encryption key management for data-at-rest encryption is a critical element, because losing the keys means losing the data.”

Of course, the quality of any encryption policy comes down to how keys are generated, applied and managed. For larger businesses, this is somewhat of an easier task despite the quantity of data that needs to be encrypted. Cryptography is often managed by in-house experts equipped with expensive hardware and software.

These resources aren’t something that’s typically available to small businesses, and investing in in-house expertise isn’t usually feasible. As a small business, you’ll likely find yourself working more closely with service providers. However, if that isn’t an option that works for you, you can call upon key management products that are provided as a service. These tend to give you more control over encryption keys, but generally, it’s more difficult to maintain full control unless you have the resources to do so.

What has become clear for all business owners is encryption must form a fundamental component of their data security policies. Where data is stored, who has access and, importantly, how data is protected when in transit and at rest, all require strong encryption protocols.

The use of mobile devices has also moved the perimeter of the security environment businesses have to manage outside of the control of their premises. Ensuring all data communications use strong encryption is now critical to meet data protection and regulatory privacy requirements.

Also, don’t forget your staff. Consistently, one of the weakest links in a security system will often be the people handling data. Ensure your business has detailed and on-going education and training to encompass the encryption tools you are using to ensure they are always correctly used and not avoided for forgotten.

​Every day, more and more blockchain stories find their way into news feeds as the technology is implemented into the industry in some form or another.

It’s a distributed database that can be used to store ordered records in real-real time, called blocks, which are linked and secured using cryptography, which is the ‘chain’ part.

The technology has long been associated with Bitcoin, which is one of the world’s most popular cryptocurrencies and is the original use for blockchain. The first blockchain was conceptualised by the pseudonymous Satoshi Nakamoto in 2008 who implemented it into Bitcoin.

In recent years, more applications and use-cases have arisen due to the technologies fundamental secure by design and decentralised architecture Because of this, it has grown as an effective way to store important, timely data such as names, identities, medical records, and, of course, financial transactions.

Despite the obvious benefits and clear evolution of the technology, it’s still in the early stages and has yet to have won the world over. But, there are many who believe it could have the capacity to completely transform business.

Wide business applications

A common presumption around blockchain is that its only application is cryptocurrency. But this is far from the reality, with businesses and organisations constantly exploring new avenues of how this technology can help streamline operations and processes, especially with regards to organising critical information.

Blockchain is changing the cards for storing, distributing and transacting data, according to WhiteHat Security’s security manager Ruchika Mishra. She expects blockchain to transform the financial sector particularly in the next few years; used to ensure institutions conduct transactions more efficiently.

“Despite blockchain technology underpinning cryptocurrencies like Bitcoin, the concept of a de-centralised and cryptographically secured ledger has multiple business applications. Any ‘asset’ that can be stored, distributed or transacted property titles, music, insurance and even personal data could make use of blockchain technology,” she says.

“The technology shows great promise for improving the financial industry’s efficiency. For example, the three-day wait on ‘pending’ transactions could be eliminated if a distributed ledger were implemented. This is because a public registry, such as blockchain, would remove the need for a central authority to verify the identities of all parties in the transaction. Settlement could then be instantaneous, since the transaction and settlement would happen simultaneously once the ledger is updated,” she adds.

Mishra can also see blockchain having a positive impact on identity management, providing companies with a way to control who has access to valuable information and ensuring it’s protected from cyber criminals. This is something that’s crucial for firms, especially as the number of cyber attacks carried out each year is constantly increasing.

“An alternative business application is to use blockchain technology for identity management. As we go through our lives, each snippet of our digital identity is being collected to form a publicly-obtainable digital profile of us. Blockchain technology could help us take control back over our virtual data: who has access to it and how much they can obtain. This could be a great leap forward for privacy protection,” she says.

High-growth industry

Blockchain is an emerging technology and one that’s advancing rapidly, with people quickly realising the potential it offers. Sam Davies, lead technologist at UK tech industry growth organisation Digital Catapult, says blockchain will grow immensely over the next decade. In the 2020s, it’ll be an industry generating billions, many predict.

“The impact Blockchain will have on business over the next 10 years will be transformational. This distributed ledger technology will completely reimagine the way data and transactions are recorded and processed,” he tells IT Pro.

“Well-known for its applications in fintech, this disruptive technology is growing at an unprecedented rate with potential reaching far beyond finance. Gartner predicts that by 2022 a blockchain-based business will be worth $10 billion, and the technology itself will be established as the next revolution in transaction recording.”

Davies believes that as blockchain technology improves, it will become an integral part of the business world and Internet of Things (IoT) industry. “As the underlying blockchain infrastructure matures, businesses are presented with a great opportunity to implement increasingly automated and intelligent smart contracts,” he says.

“This, for example, offers the potential to redefine what the IoT can deliver. By taking away the need for a centralised broker, the distributed, decentralised nature of IoT devices can be reflected in any underlying access, management or marketplace systems,” he adds.

Streamlining government and banking

Jason Ward, senior director of enterprise UK&I at Dell EMC, says blockchain can streamline clearing processes and internal operations for banks. There’s also huge potential for governments right around the world, such as civil servants using blockchain to combat fraud, error and the cost of paper-based systems.

“Blockchain offers the promise of addressing some of the key challenges faced by the financial sector and offers a way of improving central clearing, back office operations and cross-border payments. If banks started sharing data using a tailor-made version of Blockchain, they could essentially remove the need for a lot of manual processing, and speed up transactions,” Ward explains.

Governments are also starting to explore the possibilities of blockchain, he says, as exemplified by a recently-published report from the Office for Science, which recommended the UK government begins work to exploit distributed ledger technology in the public sector.

“The report highlighted how distributed ledger technology could provide governments with new tools to reduce fraud, error and the cost of paper intensive processes,” explains Ward. “Of course, there is a need for more education if we are to ensure policy makers understand how it works and its potential applications, independently from bitcoin.”

“Blockchain has the potential to help drive unprecedented opportunities for innovation, as well as new and better ways to interact with citizens and businesses, and more efficient regulatory initiatives.”

Challenges ahead

James Lowry, EMEA head of state at Street Global Exchange, is also a believer in blockchain technology. He says it’ll transform the global financial system, but there are still some challenges the biggest of which is cyber security.

“Blockchain is one of the more compelling vehicles in terms of technological disruption and opportunity because it could create a single source of truth for transactions and other types of shared data. We believe that this could have far-reaching consequences for the global financial system,” Lowry says.

“There are some challenges,” he adds. “One is that blockchain must show that it has the wherewithal to withstand a major cyber attack. Its cryptography does provide a strong element of security but it is unlikely to be infallible against all cyber threats. Secondly, numerous firms are creating their own private blockchains, which is somewhat contrary to the idea of a public, shared blockchain.”

But, in the end, the technology will evolve and even more benefits will be realised.

“While the industry is still far from realising the full impact of blockchain and other emerging technologies within financial services, if we can make blockchain the internet of financial services, we all benefit particularly if it allows for real-time settlement across different geographies and currencies,” concludes Lowry.

Many businesses faced with complying with Making Tax Digital (MTD) need to take some time to assess their current business needs, how these might change in the near to medium-term future, and figure out what technology they’ll need to comply.

The key driver behind MTD is to move businesses, no matter their size, to some form of digital accounting. MTD is seen as not only a major efficiency win for the enterprises concerned, but it also enables the government to streamline the tax systems that are in place today. In an ideal world, this would mean an online tax account for every business and self-employed person, for fast and efficient tax filing.

However, how businesses use IT can vary significantly, particularly as access to certain technologies is not always possible. Adopting MTD may be a significant challenge for some enterprises, while for others it will require little more than a few tweaks to their existing systems. The vast majority of companies will, however, fall between these two extremes.

It because of this that calls have been issued to delay the rollout of MTD, currently expected to arrive in April, something that the UK government has seemingly rejected.

Tax shouldn’t be taxing

How your business’ digital accounting systems will evolve will, of course, depend on many factors. Your company may already use some form of digital accounting software, so the question may be, does this application need to be upgraded to be compatible with MTD?

With research from Spiceworks revealing 52% of businesses are still using Windows XP, this doesn’t bode well for small enterprises keeping their accounting applications up-to-date.

There is also the matter of training and competence with the applications, especially if these are new to your company. It won’t be possible to instantly use any of the cloud-based applications without a period of training. Factoring this into your transition period is vital.

Small business owners are also concerned that their level of technical knowledge won’t be good enough to avoid what could be costly mistakes when choosing new digital accounting systems.

Peter Ford, public sector industry principal at Pegasystems, says that his company is working with HMRC to develop their front facing services.

“Digital solutions used by SMEs and their agents should offer the customer experience that allows them to complete online filing without any technical knowledge, and only the level of business engagement that one would expect any other major mandatory function within their organisation. Systems that HMRC provide, including APIs, interfaces and online services should be equally easy to use that will allow an SME to complete digital filing as they would any other regular business function, such as paying staff.”

Your business’s current level of technical knowledge will determine how complex supporting MTD will be for your company. Small businesses, in particular, will have to potentially make the most radical changes, as until now they may have simply completed their own self-assessment tax form. In the world of MTD, moving to a hosted accounting service will be unavoidable.

Understanding your objectives

Mark Taylor, a technical manager in the Technical Innovation wing of the Institute of Chartered Accountants (ICAEW), explains to Cloud Pro that businesses need to assess their requirements before choosing an MTD software provider.

“Choosing an MTD application should be approached in the same manner as selecting business software,” explains Taylor. “An organisation should start with understanding its business objectives, what problem are you attempting to address? In this case MTD.

“Next, technology requirements need to be considered. Should the application be cloud-based? Do you need to support mobile devices or need to integrate with an existing application? Once these requirements have been established, a business can start to research possible solutions.

He explains that some businesses have found success with a scorecard approach, in which each application is marked against a company’s existing systems and requirements, with the totalled scores revealing the best overall package. How a business implements this system isn’t important – what matters is that it helps to “formalise the selection process and provide more assurance that the right application is being selected.”

As with all software moves, pitfalls are almost certainly going to be encountered, yet, given the fierce market competition that is developing ahead of the April deadline, vendors will be trying to make the onboarding process as simple as possible.

“Software vendors often provide trial versions of their applications for free,” explains Taylor. “The key to making successful use of these trials is to use them with realistic data and in a representative manner. Casually playing with an application will not provide sufficient insight as to how well it will integrate into your business.”

Approaching the transition to digital accounting and tax filing needs all the due diligence you would use when choosing any new services for your business. Today, the cloud-based accounting market has continued to expand and evolve. Stalwarts of business accounting such as Sage have been joined by newer services such as FreeAgent and Crunch. What they all attempt to do is simplify the accounting and tax filing processes all business must comply with.

As each application or service is different, one size doesn’t fit all. Take your time to talk to other businesses in your sector. Case studies and information from your business’s trade associations can often shed light on the shortcomings of some applications or services you may not be aware of. Use this knowledge to make sure you purchase the right digital services to comply with MTD.

​Whether your business is in marketing, IT, retail, the services industry or another sector, and whether it’s small or large, GDPR will have made life just that little bit harder. Since coming into force in May 2018, the new rules have hit every company and industry that deals in data, in other words, everyone.

Designed to give data subjects far greater control over how their data is collected and processed, and to provide regulatory alignment across the EU, companies now need to be far more careful when it comes to data.

GDPR dictates what, how and when data can be collected and processed. It requires companies to be far more transparent about the ways they use customer data for their services, and imposes far stricter rules about the disclosure of data breaches.

One of the sectors most affected by the changes is the financial services industry, particularly as it already has to comply with a number of existing regulations that may not always complement responsibilities under GDPR.

Below we look at the various responsibilities a company now has as part of GDPR, and how they pertain to the financial services industry.

Complying with GDPR and other financial regulations

The Information Commissioner’s Office (ICO) has advised that GDPR does not contradict any existing regulatory requirements that financial services firms need to adhere to. There are exceptions to the new regulations that allow data processing specifically where it is necessary to comply with other legal obligations. Regulators such as the Financial Conduct Authority also work closely with the ICO and account for data protection rules when releasing their own guidance.

Consent

Consent is one of a number of legal justifications for processing data, however, outside of marketing industries, it is arguably the weakest legal basis. Organisations should consider carefully what legal basis fits best for their processing needs, a list of which is detailed on the ICO’s website. Provided you are able to justify the processing of data in other ways, explicit consent is not always needed.

Right to be forgotten

The ‘right to be forgotten‘, as set out under article 17 of GDPR, gives data subjects the right to have their data removed from a company’s systems and excluded from marketing material and data collection.

This is not an absolute right, however, as the article stipulates criteria on what data can be removed, and the defences a company can use to reject a request. For example, data must be removed if consent is withdrawn, unless the business has an alternative legal basis for collecting it.

Each request needs to be considered carefully and judged in isolation. If any company refuses a data deletion request, it must be prepared to justify this decision.

The need for a data protection officer (DPO)

Some companies are unsure whether they need to appoint a DPO or not, but the ICO guidance on the subject is quite clear and offers a checklist to assist businesses in meeting their GDPR obligations in this respect. 

“The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body, or if you carry out certain types of processing activities,” the ICO states. 

“DPOs can help you demonstrate compliance and are part of the enhanced focus on accountability.”

A DPO can be an existing or newly appointed employee and can also work in this role across multiple organisations, according to the ICO. However, they must be an absolute expert in data protection, have the resources available to them to help them do their job – of monitoring compliance, informing and advising of obligations and providing the necessary advice – and report directly to the highest level of management in the organisation. 

Data breaches

GDPR regulations stipulate that organisations report any data breach to the supervisory authority of personal data within 72 hours. This should contain details about the breach, the categories and estimated number of people impacted, and contact details of the DPO. 

ICO guidance states: “From 25 May 2018, if you experience a personal data breach you need to consider whether this poses a risk to people. You need to consider the likelihood and severity of any risk to people’s rights and freedoms, following the breach. When you’ve made this assessment, if it’s likely there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. You do not need to report every breach to the ICO.“

It’s important to also reassure customers, partners and employees that you are following the necessary procedures and certain certifications to ensure continued GDPR compliance in order to avoid a data breach occurring in the first place or at the very least minimising its impact. The information security standard ISO 27001 is one such certification. 

The ICO states: “You must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. You should remember that while information security is sometimes considered as cybersecurity (the protection of your networks and information systems from attack), it also covers other things like physical and organisational security measures.

“You need to consider the security principle alongside Article 32 of the GDPR, which provides more specifics on the security of your processing. Article 32(1) states:

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk’

“Poor information security leaves your systems and services at risk and may cause real harm and distress to individuals lives may even be endangered in some extreme cases.”

Managing vendors

Financial firms will have client data passing through several applications. GDPR means that firms will need to understand how data flows through these. Personal client data can also be exposed to external vendors, such as outsourcing partners. GDPR enforces accountability right across the data flow to ensure that personal data stays protected.