The EU’s revised Payment Services Directive (PSD2) includes Regulatory Technical Standards on strong customer authentication and secure communication. These are key to achieving PSD2’s objective of enhancing consumer protection, promoting innovation, and improving the security of payment services across the European Union. Fintechs, banks, and other financial services firms have spent considerable time, effort, and resources in preparing to comply with the strong customer authentication and secure communication requirements, which go into effect on September 14, 2019. These requirements, coupled with the modernization of the U.S. financial system through open banking, will enable fintechs, banks, and other financial services firms doing business in the U.S. to leverage some of the processes and technologies being deployed in Europe. This will expedite the Treasury’s vision. Echoing the aforementioned associations, it is imperative that consumers’ personally identifiable information, including financial data, be protected. Of course, saying it is one thing; implementing it is another.
Cozens believes technology could play a major role in helping staff keep a work-life balance. “Potentially, it could be used to support different learning styles and to track and encourage positive behaviours. This could provide datastreams we can learn from, too,” she says. Fieldfisher is contacted “all the time” by providers wanting to demonstrate well-being apps and wearable devices, and is keeping a close eye on developments. The firm has started with a learning and development programme, called I-Plus, to address the health and well-being of everyone across the firm. “We want our people to embrace the ‘oxygen-mask principle’,” says Cozens. “On a flight, you are always reminded that if the cabin pressure falls, oxygen masks will be provided, and you should attend to your own needs first and then help others.”
Regulated businesses often cite auditors as the main reason for the gatekeeper approach to production application deployments, because they often don't understand DevOps and the changes IT pros want to make. However, legislators, policymakers, and the regulatory and risk management industries are increasingly aware of the market disruption risk tied to IT security, and public policy in the last year reflects a better grasp of cybersecurity. The European Union's General Data Protection Regulation, for example, specifies a goal to ensure customer digital privacy, rather than a technical method to attain that goal. In the U.S., the Office of the Comptroller of the Currency has started to regulate fintech companies, even if those companies don't qualify as banks under the OCC's traditional purview. The fintech industry has fought this regulation, but some IT security experts believe government policies will drive DevOps security best practices.
"Modernization" may be the watch word, but so large an enterprise, and one that is still so rooted in legacy systems, is not a quick ship to turn, Wennergren notes. The continued reliance on aging technology is another symptom of the Pentagon's condition that will likely resonate with CIOs of smaller shops. "DoD, like many other federal agencies and some private sector firms, is still spending the preponderance of its money on maintaining an aging set of legacy infrastructure systems — 80 percent or more — and that is not a recipe for success in the long term," Wennergren says. "These thousands of legacy systems are eating our lunch in terms of money, and we need to look at them and decide what do we want to retire, what do we want to replace, and what might we want to refresh." "You're falling behind," he adds. "Not only does it cost too much to maintain that old stuff, but it also makes it harder to implement new technologies and it creates huge sets of cyber vulnerabilities. So there is a push across DoD to address this IT modernization issue."
John Hancock, one of the oldest and largest North American life insurers, will stop underwriting traditional life insurance and instead sell only interactive policies that track fitness and health data through wearable devices and smartphones, the company said on Wednesday. The move by the 156-year-old insurer, owned by Canada's Manulife Financial Corp, marks a major shift for the company, which unveiled its first interactive life insurance policy in 2015. It is now applying the model across all of its life coverage. Interactive life insurance, pioneered by John Hancock's partner the Vitality Group, is already well-established in South Africa and Britain and is becoming more widespread in the United States. Policyholders score premium discounts for hitting exercise targets tracked on wearable devices such as a Fitbit or Apple Watch and get gift cards for retail stores and other perks by logging their workouts and healthy food purchases in an app.
Unfortunately, retailers often make the wrong decisions about which stores to close, thus inadvertently hurting their business further. They also overlook valuable opportunities to expand their market presence and unlock growth. The main reason is that they’re using outdated metrics: many retailers continue to use a combination of trend analysis and “four-wall economics” to assess store performance—that is, they’re still primarily taking into account the sales and profits that the store generates within its four walls, without considering its impact on other channels. This assessment then affects other decisions, including the store’s payroll, labor coverage, and sometimes inventory selection. However, consumers today shop across channels: they might visit stores to look at products and then eventually buy them online, or they might research a product online and then buy it in a store. In this environment, the traditional four-wall metrics are, at best, incomplete indicators of a store’s potential.
The primary driver cited for the elevation of the CISO is the increasing difficulty of protecting enterprise data. Nearly 80 percent of the 413 enterprise security professionals surveyed cited the expanded volume and sophistication of malware as the main reason it is becoming is harder to protect vital information. According to the report, multiple security researchers indicate that 80–90 percent of malware attacks target a single device and 50–60 percent of malicious web domains are active for one hour or less. These trends speak to the rise of targeted attacks designed to penetrate the network of a single organization. Targeted attacks act as small needles in a large haystack, making cybersecurity practices increasingly difficult. The second most frequently cited reason for the increase in cybersecurity difficulty is the increase in the number of company IT initiatives. Digital business projects, cloud and third-party infrastructure, and the IoT make security substantially more challenging.
In the past, security was thought of as an IT afterthought at many SMBs. Consequently, these organizations purchased security products on an ad-hoc basis with no central strategy, while cybersecurity responsibilities were often delegated to an interested IT employee who was simply told to do his or her best without disrupting the business. Employee training was often either neglected or guided by regulatory compliance requirements and little else. Given that the ESG research reveals that two-thirds of SMBs have experienced at least one security incident over the past two years, it’s high time to abandon this laissez-faire attitude. This means creating a cybersecurity strategy that aligns with the business mission, formalizing processes, investing in skills development, and getting executive management onboard. Like it or not, strong security has become a required utility — the cost of doing business. If you must do something (such as cybersecurity) to achieve business success, you may as well do it well.
There are a number of ways developers can use these building blocks -- intelligent edge, massive compute at the core and open source -- to drive the digital era forward. An intelligent edge gives developers the ability to get sensory information and use it to generate interactions that can occur anywhere, at any time, in a very natural way. Along with the sheer computing power in the core of the network, this unlocks a whole set of new applications for developers to tackle. Open source is the special sauce that brings it all together. Gone are the days when open source was thought of as cute, but not quite ready for prime time. The Cloud Native Computing Foundation (CNCF) has done yeoman's work in building a community around and driving open source, cloud-native computing standards. Importantly, CNCF provides corporate users and vendors with forums in which they can make their concerns known. CNCF also helps produce a reliable roadmap for further development.
As we've noted, you can't do AI projects without the data science. Not all data science projects require AI. For instance, if a customer segmentation model for a highly stable market, such as home heating oil deliveries, probably doesn't require a lot of machine learning if you have a neighborhood with a stable housing stock and demographics. But if you are trying to stay a step ahead of cyber attacks, machine learning or deep learning models may be necessary because of the constantly morphing threat. Another core assumption with AI is the central role, not only of models, but data. And because AI models are extremely hungry for data, errors in data set selection or data quality can readily snowball. If getting the data right is important for analytics, it's even righter for AI models. So should the impetus for AI start from the top down, or is it more effective for ideas to percolate up from the trenches? Given the makeup of the survey group, it wasn't surprising that in most cases, the inspiration for AI came from the C suite. But that doesn't mean that CEO mandates are the only way to go.
Quote for the day:
"Many have exchanged the touch of God for the applause of men" -- John Paul Warren