datasecurity

In this episode, Stan and Rob sit down with Felix Asare, a seasoned cybersecurity leader with extensive experience in the financial sector, including roles at Allianz and Putnam Investments. They delve into the cybersecurity landscape within the financial industry, exploring why it's a prime target for cybercriminals.

Felix breaks down the appeal of targeting the financial sector,
emphasizing the shift from physical to digital methods of theft due to the
lucrative nature of financial data. He highlights the importance of regulations
in setting security standards and explains how compliance, while necessary,
isn't sufficient for robust cybersecurity.

The conversation extends to the risks posed by the software
supply chain, particularly third-party vendors, and the challenges of
maintaining oversight in a complex ecosystem. Felix shares insights into
mitigating risks associated with open-source software and the need for rigorous
approval processes.

They also discuss the emergence of smart contracts and the
security implications of blockchain technology. Felix underscores the
importance of auditing smart contracts and maintaining vigilance in the face of
evolving threats like deepfake technology.

Lastly, the discussion turns to the role of AI in cybersecurity
defense, with Felix emphasizing its potential to enhance response times and
analyze data. However, he also cautions against overreliance on AI and the need
for human validation to combat emerging threats effectively.

Overall, the episode provides valuable insights into the
evolving cybersecurity landscape within the financial sector and the strategies
employed to mitigate risks and enhance security posture.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In a rapidly evolving digital sphere, generative Artificial Intelligence (GenAI) is capturing the attention of technophiles across the globe. Regarded as the future of AI technology, GenAI is broadening boundaries with its potential for accurate simulations and data modeling. A prominent figure in this arena, Eduardo Alveraz, an AI Solution Architect at Intel and former geophysicist, holds invaluable insights into this fascinating world of GenAI. 

 An Intersection of Geophysics and AI 

Eduardo’s journey from geophysics to artificial intelligence provides an exciting backdrop to the emergence of GenAI. As he transitioned from a hands-on role in the field to an office-based role interpreting geophysics data, Eduardo was introduced to the ever-intriguing world of machine learning and AI. His first-hand experience collecting and processing data played a pivotal role as he explored the tech-saturated realm of AI. This journey underscores how disciplines often perceived as separate can contribute significantly to the development and application of AI technology.

 Bridging the Gap between Data Scientists and Users

Generative AI presents several promising benefits, a key being its potential to act as the bridge between data scientists and end-users. In traditional setups, a significant gap often exists between data scientists who process and analyze data and the users who leverage the results of these actions. GenAI attempts to close this gap by providing more refined and user-friendly solutions. However, it's crucial to acknowledge that GenAI, like any technology, has limitations. The thought of storing sensitive data on public cloud platforms is indeed a daunting prospect for many businesses.

 Enhancing Interaction with Proprietary Data

Despite concerns around data security, mechanisms exist to securely enhance models' interaction with private or institutional data. For instance, businesses can train their models on proprietary data. Still, this approach raises questions about resource allocation and costs. These interactions emphasize the significance of selectively augmenting data access to improve results while maintaining data security.

 The Exciting Potential of GenAI 

The conversations around GenAI hold promise for the future of AI. This period of rapid advancement brings countless opportunities for innovation, growth, and transformation. As more industries adopt this revolutionary technology, it's clear that Generative AI empowers the world by sculpting the landscape of artificial intelligence and machine learning. This exploration instigates a more profound interest in GenAI and its potential possibilities. Our journey into the AI landscape continues as we unravel the mysteries of this exciting technological frontier.

 Extending GenAI with Retrieval Augmented Generation (RAG)

GenAI has some limitations that include data privacy, long training times, and accuracy of results. This is because large language models require extensive data for training. Context becomes crucial, particularly in language processing, where a single word can have multiple meanings. RAG architectures help in augmenting user prompts with context from a vector database, which reduces the training time, enhances data privacy, and limits the wide out-of-the-box context of LLMs.

La Transformación Digital para la semana del 4 de febrero de 2024, contará con historias sobre Ciberseguridad, Inteligencia Artificial y Edge Computing. Esta semana marca nuestro primer aniversario y tenemos algunas noticias emocionantes para compartir, incluyendo actualizaciones sobre el internet espacial, un reciente ataque cibernético a un hospital y regulaciones de la UE sobre IA. Blog: https://embracingdigital.org/brief-EDW53-es Video: 

Digital Transformation for the week of February 4, 2024, will feature stories on Cybersecurity, Artificial Intelligence, and Edge Computing. This week marks our first anniversary, and we have some exciting news to share, including updates on the space internet, a recent hospital cyber-attack, and EU regulations about AI. Blog: https://embracingdigital.org/brief-EDW53-en Video: 

La Trasformazione Digitale per la settimana del 4 febbraio 2024 presenterà storie sulla Cybersecurity, Intelligenza Artificiale e Edge Computing. Questa settimana segna il nostro primo anniversario e abbiamo delle notizie eccitanti da condividere, tra cui aggiornamenti sul internet spaziale, un recente attacco cibernetico all'ospedale e le regolamentazioni dell'UE riguardanti l'IA. Blog: https://embracingdigital.org/brief-EDW53-it Video: 

In this podcast, we discuss the legal and regulatory factors for securing approval for your digital speaker program. Key points include 
prioritizing audience privacy, 
adhering to FTC disclosure regulations, 
explicit audience definition, 
distinguishing between educational and promotional content, and 
navigating health versus product claims. 

Link to the detailed podcast:  https://www.youtube.com/watch?v=MH6UEY_I-kI

In this podcast, five crucial considerations for obtaining approval for a digital speaker program are discussed:

1. Privacy Compliance:
   - Consider where audience data will be stored and ensure compliance with privacy laws (TCPA, CCPA, GDPR, etc.).
   - Prioritize secure handling of sensitive information and always obtain audience consent.

2. Transparency and Disclosure:
   - Adhere to FTC requirements for transparency and disclosure.
   - Communicate upfront about sponsorships, product claims, and any financial relationships impacting the content.

3. Controlled Audience Targeting:
   - Tailor the digital presentation to specific individuals or groups.
   - Adjust tone, scientific detail, and compliance messages based on the target audience (e.g., clinicians, P&T committees).

4. Distinguishing Marketing from Education:
   - Clearly differentiate between marketing and educational content.
   - Ensure that educational materials genuinely inform without serving solely as a sales pitch to benefit from legal protections.

5. Product or Health Claim Evaluation:
   - Scrutinize the presentation topic to determine if it constitutes a product claim or a disease awareness advertisement.
   - Adhere to FDA requirements for product claims, ensuring substantial evidence, while disease awareness ads follow a lower scientific evidence standard.

For assistance with digital engagement or marketing programs, contact Darshan Kulkarni at darshan@kulkarnilawfirm.com

On this episode, Darren interviews Phillip Griffith, a community leader of the open-source project OpenZiti. They discuss the importance of Zero Trust networking in modern IT networks.

# Unveiling the Dynamics of Zero Trust Networking and Overlay Networks

As the digital age progresses, the conversation around network security takes a frontline position. In a rapidly evolving digital landscape, Zero-trust networking and Overlay networks are critical strategies for tackling current security challenges. Here, we delve into these concepts, how they shape our digital systems and provide an understanding of their potential benefits and applications. 

 A Closer Look at Zero Trust Networking 

Zero-trust networking is a mindset that places security as a prime concern in designing and operating digital systems. Its critical aspect is the presumption of potential threats from every part of the network, irrespective of how secure they may appear. This approach moves away from the traditional fortress-style concept in security and leads to more robust networks that do not rely solely on a single firewall's protection. 

Firstly, the beauty of zero-trust networks lies in their capacity to work effectively and securely, presenting an advantage for software developers and engineers. Security becomes an enabler rather than a hindrance to the software development process. With zero-trust networking, developers can focus on feature development without worrying about blocked ports or consulting network teams—a significant step towards faster market releases. 

Nevertheless, zero-trust networking doesn’t eliminate the need for perimeter defenses or firewalls. The zero trust strategy assumes a possible network compromise; therefore, it calls for defense layering instead of solely relying on elementary perimeter defense. 

 The Rise of Overlay Networks 

Amid the rising security threats and data breaches, overlay networks are emerging as an invaluable tool. These software-defined virtual networks provide an extra layer of security compared to underlay networks such as routers or firewalls. 

Overlay networks like VPN and Wireguard allow secure communication between resources even when the underlying network has been compromised. They offer attractive features, like self-reorganization based on conditions, giving them temporary characteristics. These networks also come with options for secure in-application or data system communication—additionally, a clientless endpoint option bolsters user connectivity, requiring no software installation on individual devices. 

Overlay networks provide flexibility concerning deployment. There’s no need to rewrite your application code, as the code for the overlay network can be embedded directly into the application code. Alternatively, a virtual appliance can be deployed instead if you want to avoid altering your application. This convenience, combined with added security, sets overlay networks up as future-proof solutions to network security. 

 The Power of ZTN and OpenZiti Solutions 

Zero Trust networking (ZTN) offerings, like Open Zero Trust (Open Ziti), provide competent solutions in zero trust and overlay networking. They deliver robust Zero Trust principles into the field of overlay network solutions. 

ZTN, for instance, brings its identity system to the table, perfect for edge IoT devices unable to access typical identity services. It offers secure data transmission through mutual tunneling and an intelligent routing fabric that determines the most efficient path from point A to point B. On the other hand, Open Ziti facilitates multiple use cases, managing east-west and north-south connections smoothly and securely. It integrates well with service meshes to provide high-level security. 

Thus, adopting such holistic security measures becomes necessary as we step into the digital era. ZTN and OpenZiti present practical solutions for those embracing the Zero Trust model, with advantageous features ranging from identity management to secure connectivity. No doubt, these innovations are setting the benchmarks for network security.

During this episode, Darren and SafeLishare CEO Shamim Naqvi discuss how confidential computing can be employed to create managed data-sharing collaborative environments in the cloud.

 The SafelyShare Revolution in Data Sharing and Confidentiality 

Data sharing has always been a key issue when dealing with sensitive and confidential business information. The advanced technological solutions including SafelyShare have been tackling this problem, offering a controlled system for data access without violating data protection. The fundamental basis of this system is "Zero Trust", a unique strategy that doesn't assume trust for anyone and keeps control and monitoring at its core. 

 Harnessing the Power of Secure Enclaves

A critical aspect of SafelyShare's approach is the use of secure enclaves, or trusted execution environments, ensuring a safe space for data sharing, authentication, and management. These enclaves are created with the help of specific confidential computing chipsets that fully enclose the shared data. With encryption practices implemented outside of these enclaves, data can only be decrypted once it enters the enclave, thereby providing an end-to-end encryption policy. The output exiting the enclave is also encrypted, adding another layer of security to protect the data.

But challenges exist within this process. Not all online services incorporate a secure enclave in their operation, leading to a high demand for a more flexible, effective solution to confidential computing.

 The Hybrid Approach of Confidential Computing

To address this issue, SafelyShare offers an approach that is best described as a hybrid model of confidential computing. To compensate for services that don't operate within secure enclaves, this methodology introduces the idea of 'witness execution.' In this scenario, the user places trust in the providers' guarantee of their competency and safe data handling. It's a kind of tacit agreement between the user and the remote service provider, making the confidential computing more feasible in the real world scenarios.

This hybrid approach redefines the secure sharing paradigm in a world that's continuously evolving. With its elastic foundation, SafelyShare incorporates a profound understanding of the changing security parameters, making confidential computing adaptable and responsive to changing demands and realities.

 Conclusion: Revolutionizing Secure Data Sharing

In essence, SafelyShare is the leading forerunner in the journey to making sensitive data sharing secure, efficient, and feasible. Navigating around traditional hurdles, it integrates hybrid confidential computing into its framework, achieving a unique blend of trust and practicality. The innovative approach of integrating witnessed computing into the process blurs the lines between full and partial trust, making data security more achievable and delivering a promising narrative for the future of data sharing and security.

In this episode Darren interviews Patrick Conte from Fortanix about leveraging confidential computing in securiting applications in zero trust architectures.

 The Evolution of Confidential Computing 

Confidential computing allows encrypting data not just at rest and in transit, but also while it is actively in use. This protects against attacks even if an attacker gains root access, since memory dumps will just show useless encrypted data. Intel's Software Guard Extensions (SGX) technology provides a hardware-based foundation for confidential computing. Fortanix builds on top of SGX and related Intel advancements to make confidential computing accessible and easy to use. 

A core Fortanix offering is their Data Security Manager platform. This replaces purpose-built hardware encryption solutions with software encryption powered by SGX enclaves. Data Security Manager enables advanced crypto functions like global key management for millions of encryption keys all from a unified console. It can also handle database encryption, certificate management, and other critical data protection needs. This software-defined approach represents the future of data security. 

 Enabling True Zero Trust Applications 

Confidential computing has implications beyond just data security. It also allows attaching security profiles directly to applications themselves, so the security travels with the application regardless of where it runs. Fortanix analyzes applications to assess if they can run seamlessly in SGX enclaves. If modifications are needed, they provide guidance on rewriting portions in enclave-friendly languages like Python. 

Fortanix's Confidential Computing Manager solution orchestrates encrypted applications across different environments like on-prem, private cloud, and public cloud. This orchestration engine achieved zero trust not just for sensitive data, but also for mission-critical applications. Workloads can be dynamically shifted to different SGX-enabled environments as needed while maintaining end-to-end security. 

 The Future of Confidential Computing 

There are many exciting potential use cases for confidential computing, like running distributed analytics collaboratively within isolated secure enclaves. While there used to be substantial performance penalties, improvements by Intel and Fortanix have now reduced overhead to single digit percentages in most cases. Adoption is rapidly growing in healthcare, government, finance, and other industries to protect valuable algorithms and regulated workloads. As confidential computing becomes more ubiquitous and accessible, it will form a foundational pillar of modern zero trust architectures. 

 Conclusion 

This insightful podcast provides a thought-provoking overview of how confidential computing can enable true zero trust applications. The ability to encrypt data in use and attach security profiles to applications opens up intriguing new possibilities for end-to-end data protection and application security across dynamic environments. As threats become more sophisticated, confidential computing will only increase in strategic importance. 

Embracing Digital news for the week of October 22, 2023 including news in cyber security, Ubiquitous computing, and artificial intelligence. This week’s highlights include going back to pen and paper in school distributes, watching for Q-Day, and AI in healthcare guidelines. Blog: https://embracingdigital.org/briefs/edw-38/en/episode.html Video: 

Accogliendo le notizie digitali per la settimana del 22 ottobre 2023, tra cui notizie sulla sicurezza informatica, l'informatica ubiqua e l'intelligenza artificiale. I momenti salienti di questa settimana includono il ritorno alla carta e penna nella distribuzione scolastica, l'attesa del Q-Day e le linee guida sull'intelligenza artificiale nel settore sanitario. Blog: https://embracingdigital.org/briefs/edw-38/it/episode.html Video: 

Aceptando las noticias digitales de la semana del 22 de octubre de 2023, incluyendo noticias sobre ciberseguridad, computación ubicua e inteligencia artificial. Los momentos destacados de esta semana incluyen volver al papel y lápiz en la distribución escolar, estar atentos al Día Q y las pautas de IA en la atención médica. Blog: https://embracingdigital.org/briefs/edw-38/es/episode.html Video: 

In this episode Darren interview cloud solution architect, Rajiv Mandal, about developing a multi-hybrid cloud strategy in your modern IT organization.

In today's digital age, businesses are increasingly turning to the cloud as a strategic move to improve efficiency, reduce costs, and enhance customer experience. However, before jumping on the cloud bandwagon, it is essential for organizations to take a step back and assess their specific needs. Developing a cloud strategy is a crucial step in this process, as it allows businesses to align their goals and objectives with the cloud technologies available to them.

 Understanding Your Business Goals and Objectives

The first step in developing a cloud strategy is gaining a clear understanding of your business goals and objectives. What are you trying to achieve? Are you looking to improve operational efficiency, reduce costs, or enhance customer satisfaction? By having a clear vision of your goals, you can better determine how the cloud can support and enable these objectives.

 Evaluating Your Existing Infrastructure

After establishing your goals, it is important to evaluate your current IT infrastructure. This assessment helps identify any potential challenges or limitations in migrating to the cloud. Determine what systems and applications you currently have in place and consider their compatibility with a cloud environment. This evaluation will inform decisions about which applications and services are suitable for migration.

 Choosing the Right Cloud Model

With various cloud deployment models available, organizations need to assess the different options that align with their business requirements. Public clouds, private clouds, and hybrid clouds each offer distinct advantages and drawbacks. Evaluating the pros and cons of each model will help you determine the most appropriate choice for your organization. Consider factors such as data security, scalability, and regulatory compliance when making this decision.

 Creating a Migration Plan and Ensuring Governance and Security

Once you have chosen a cloud model, it's time to create a migration plan. This involves outlining the steps and timeline for moving your applications and data to the cloud. Prioritize critical applications that need to be migrated first, and develop a strategy to migrate the remaining applications later. Additionally, implement a governance and security plan to protect your data and comply with any regulatory requirements. Cloud security is a top concern for many businesses, so it is vital to ensure that your data is protected throughout the migration process.

In conclusion, developing a cloud strategy is a complex process that requires careful planning and assessment. It is essential to understand your business goals, evaluate your existing infrastructure, choose the right cloud model, create a migration plan, and implement proper governance and security measures. By effectively embracing digital transformation and leveraging the power of the cloud, organizations can achieve their objectives, enhance efficiency, and drive growth and success.

CyberSecurity Awareness: Back2Basicsmode

Removable Media. Another security awareness topic that is used daily by companies is removable media. ... 

Passwords and Authentication. ... 

Physical Security. ... 

Mobile Device Security. ... 

Working Remotely. ... 

Public Wi-Fi. ... 

Cloud Security.

Surfing NASH is joined by Tim Jobson, Co-founder of Predictive Health Intelligence, to discuss a system by which historic blood test results are combined and analyzed to flag patients in need of intervention. This wrap-up conversation revisits many of the same themes explored in the preceding sessions: data aggregation, data transparency and patient enthusiasm to name a few. An important note emerges from Roger Green. He suggests that such an enormous initiative does not have to be thought of as exceedingly complicated. Instead, this project could be conceptualized as taking action on the complex task of organizing vast quantities of data. There is a need to account for, align, compute and otherwise use and test the existing data in pursuit of improving patient care.

…

To learn more about Tim and Predictive Health Intelligence, be sure to visit their website. If you enjoyed this episode, we kindly ask you to leave a review on your preferred listening platform. We also encourage our audience to write us questions to include your on-ground experiences and ideas in the weekly discourse. Most important of all, we whole-heartedly thank you for the continued support as we set out to put a major dent in Fatty Liver disease in 2023 and beyond.

Surfing NASH is joined by Tim Jobson, Co-founder of Predictive Health Intelligence, to discuss a system by which historic blood test results are combined and analyzed to flag patients in need of intervention. This conversation begins with focus on the dual issues of patient data and proactivity. Roger Green states that “the careful and intelligent use of early data to empower patients to know when to ask about their own health” should yield a myriad of benefits. Louise Campbell agrees and comments on how patients feel when the system is proactively supporting them. Louise then asks what happens when the system produces an inaccurate diagnosis. Tim notes that this system provides data to clinics so that they can make the decisions. This minimizes the chance of systematic error and discourages autonomic reliance while still supporting patients in self-managing their health.  

The conversation continues on the issue of patient data, concluding with Roger’s observation that the passionate belief in protecting data is half-right. He reasons that patients (like all people) favor protected data against those who would take advantage of it. However, most are comfortable with affording accessibility to those who use their data to improve patients’ health and general life.

Which category are you in?

A) You are so worried about your data that you are paralyzed and don't do anything.

or   

B) You feel you are invincible and have nothing to worry about.

Both scenarios are bad for brands that want to grow into the future.

Today, I spoke with Pauline Murphy from 1 Stop Data. We spoke about the importance of having and using only clean, compliant data. This push must come from the board level. Therefore, train and assign specific team members in data protection and security (GDPR, PECR).

Start with an Information audit:

• What data do you hold?
• Where do you keep the data?
• What do you do with the data?

Then do a Data Protection Impact Assessment, which is very important to manage your company's data protection risk. If you do not do an assessment, you will find yourself all over the place. 

Key Elements to consider:

• Data Security
• Data Accuracy
• SARS
• Audit Trail
• DPO Officer
• Legal Basis

Ensuring everyone in the data chain is compliant

Analyzing your in-house data is a great way to pinpoint your ideal customers, so you must ensure the information you review is current, updated, and compliant.

If you would like the Data Protection and Key Element Reference Links, please send an email to Pauline or Donna.:

Donna Peterson: dpeterson@worldinnovators.com

Pauline Murphy: pmurphy@osd.global

For more information about how to find quality marketing data to reach your ideal niche client, contact Donna Peterson at 860-210-8088 or dpeterson@worldinnovators.com.

Visit our website at http://www.worldinnovators.com

Hit subscribe so you will be one of the first to get the next Episode of B2B Marketing Excellence.

We're busy doing business, closing deals and keeping our customers happy. But who's watching after us and our data? We assume it's safe & secure in the cloud, or that a third party vendor will gladly grant us access when needed.  In this episode, FNF's Chuck Cain invites Premier One COO Kevin Nincehelser to share what independent title agents and our partners must consider when handling their data.

With online retail doubling in volume from last year you need to know the new ways to keep your data secure.

Apple makes it easier to say goodbye to your traditional terminal. Change is here.

How has Wirecard gotten away with fraud for so many years? And what do we need to do to make sure there isn’t another debacle like wirecard.