#anteelo Archives - Page 24 of 63

Growing threat of E-Skimming Attacks

Posted on 15/08/202009/06/2021 by Tushar

E-skimming has been an online shopping threat for a long time, keeping pace with the growth of e-commerce overall. The current global crisis presents another big opportunity for hackers to launch these strikes as people increasingly shop online. The nefarious cybercrime targets online payment systems to collect or “skim” the payment details of customers’ payment cards at the checkout.

Unlike more traditional cyber attacks, where an entire customer database may be targeted in a single hit-and-run attack, skimming attacks continually intercept customer payment details at the point of purchase, making them harder to detect and often invisible to both customers and retailers.

Several criminal groups have become very adept at this kind of attack over the years, the most prevalent and successful of which is known as Magecart. Magecart is an umbrella term for a set of sophisticated criminal groups using similar malware and techniques — all with the goal of stealing credit card information from online retailers.

The Magecart groups are known to have been active since 2016 and have been behind some of the largest payment system attacks in recent years, including British Airways (2018), Newegg electronics (2018), the Atlanta Hawks Shop fan merchandise store (2019), Forbes magazine subscriptions (2019), as well as ticket-reselling websites for the 2020 Olympic Games and the Union of European Football Associations (UEFA) Euro 2020 soccer tournament (2020). Such attacks earned Magecart a position on Wired magazine’s “Most Dangerous People on the Internet” list in 2018.

How it works

In most skimming attacks the threat actor introduces some additional code to a retailer’s e-commerce application. Recent attacks by the Magecart group have achieved this through the compromise of a trusted external third party whose code is legitimately included in the application, such as an external code repository, a chatbot or an advertising vendor.

So far, researchers have identified more than 40 different code-injection exploits, sometimes as small as 20 characters, which can be difficult to detect unless the application code is examined line-by-line for changes.

Attackers have also incorporated the use of valid SSL certificates tied to the domains that deliver malicious code, making traffic appear legitimate and preventing customers from receiving mixed content warnings when the website attempts to mix trusted, encrypted website content with malicious content that is served unencrypted.

A recent report has also described Magecart attacks where misconfigured access controls on Amazon S3 buckets allowed the attackers to tack their skimmer code onto existing JavaScript application code files.

Defending against card skimming

The best proactive cyber defense an organization can implement to defend against card-skimming attacks all focus on hardening the e-commerce application stack and limiting what code is allowed to run.

Use a free online scanning resource to help spot suspicious connections being opened by scripts injected into the application. Browser developer tools can also be used to analyze contents and spot suspicious connections made during a customer session.
Use the Amazon “Block Public Access” option on any S3 buckets in use by the organization to prevent unauthorized changes to application files.
Define a Content Security Policy (CSP) that defines a list of locations that resources can be loaded from on your site. This should be applied to all sensitive pages, such as payment pages, login pages and other areas where users may enter sensitive information.
Verify any external scripts, such as those from advertising partners, using Subresource Integrity (SRI). This will ensure that any scripts included from external sources are hashed and checked against a known good value to ensure that they are the files that you expect to be loaded and if not, they are blocked from loading by the browser.
Make sure that all assets on sensitive pages use SRI. Using the “require-sri-for” directive in the CSP to enforce SRI on all scripts and style tags will prevent assets being included on these pages that do not have SRI enabled.

The activity seen from Magecart and similar adversaries demonstrates that these are a persistent and resilient threat. The lucrative nature of card-skimming attacks ensures that attacks will continue to evolve in both stealth and capability in response to security precautions. However, for many of the attacks we have seen from these groups to date, had the measures described above been implemented, they would have gone a long way toward preventing some very embarrassing and expensive breaches.

Microservices vs Monolithic Architecture

Posted on 14/08/202009/06/2021 by Tushar

Microservices architecture has become a hot topic in the software backend development world. The ecosystem carries a profound impact on not just the enterprises’ IT function but also in the digital transformation of an entire app business.

The debate of Microservices vs monolithic architecture defines a revolutionary shift in how an IT team approaches their software development cycle: Whether they go with the approach that brands like Google, Amazon, and Netflix chose or do they go with the simplicity quotient that a startup which is at the development stage demands.

In this article, we are going to get startups an answer to which backend architecture they should choose when they are starting their journey to become a startup.

Table Of Content:

What are Microservices Architecture?
What is Monolithic Architecture?
Microservices vs Monolithic Architecture: Advantages and Disadvantages
How to Choose Between Monolithic and Microservice Architecture?
Migrating from a Monolithic Architecture to a Microservice Ecosystem
Conclusion

What are Microservices Architecture?

Microservices architecture contains a mix of small and autonomous services where every service is self-contained and must be implemented as a single business ability. It is a distinct approach used for development of software systems which focus on developing several single-function modules with clearly-defined operations and interfaces. The approach has become a popular trend in the past several years as more and more Enterprises are looking to become Agile and make a shift towards DevOps.

Components of Microservices architecture that makes it one of the best enterprise architecture:

The services are independent, small, and loosely coupled
Encapsulates a business or customer scenario
Every service is different codebase
Services can be independently deployed
Services interact with each other using APIs

With the question of what are microservices architecture now answered, let us move on to look into what is monolithic architecture.

What is Monolithic Architecture?

Monolithic application has a single codebase having multiple modules. The modules, in turn, are divided into either technical features or business features. The architecture comes with a single build system that helps build complete application. It also comes with a single deployable or executable binary.

Now that we have looked into what is monolithic architecture and microservices architecture, let us look into the disadvantages and benefits that both the backend system offers to get an understanding of what separates them from each other.

Microservices vs Monolithic Architecture: Advantages and Disadvantages

Advantages of Monolithic Architecture

A. Zero Deployment Dependencies

An organized and well-documented Monolith architecture makes it possible for Backend developers to not worry about which version would be compatible with which service, how to find which services are present and what they do, etc.

B. Error Tracing

One of the biggest benefits of monolithic is that all the transactions are logged into one place, making error tracing task a breeze.

C. No Silos

The one factor that works in the favour of monolithic in the microservices vs monolithic architecture debate is absence of silos. It becomes very easy for the developers to work on multiple parts of the app for they are all structured similarly, using the same tools, which makes it okay to have no prior distributed computing knowledge.

D. Cross-cutting concerns:

Spending time in defining the services which do not bleed in each other’s time is the time that you can actually spend in developing things that help the customers.

E. Shared Code:

No shared libraries where the complete scope needed for services to operate is sent along each request.

Limitations of Monolithic Architecture

A. Lack of Flexibility:

Monolithic architectures are not flexible. You cannot use different technologies when you have incorporated Monolithic. The technology stack which have been decided at the beginning have to be followed throughout the project, making upgrades a next to impossible task.

B. Development Speed:

Microservices speed development process is famous when you compare microservices architecture vs monolithic architecture. Development is very slow in monolithic architecture. It can be very difficult for team members to understand and then modify the code of large monolithic applications. Additionally, as the size of codebase increases, the IDE gets overloaded and gets slower. All of this results in a slowed down app development speed.

C. Difficult Scalability:

Scaling monolithic applications becomes difficult when the apps becomes large. While developers can develop new instances of monolith and load balancer to distribute the traffic to new instances, monolithic architecture cannot scale with the increasing load.

Benefits of Microservices Architecture

The biggest factor in favour of microservices in the difference between microservices and monolithic architecture is that it handles complexity issues by decomposing the app into manageable service set that are faster to develop and easier to maintain and understand.
It enables independent service development through a team which is focused on the particular service, which makes the ideal choice of businesses that work with an Agile development approach.
It lowers the barrier of adopting newer technologies as the developers have the freedom to choose whatever technology that makes sense to their project.
It makes it possible for every microservice to be deployed individually. The result of which is that continuous deployment of complex application becomes possible.

Drawbacks of Microservices Architecture

Microservices add a complexity to project simply by the fact that the microservices application is distributed system. To solve the complexities, developers have to select and implement inter-process communication that is based on either RPC or messaging.
They work with partitioned database architecture. The business transactions which update multiple business entities inside the microservices application also have to update different databases that are owned by multiple services.
It is a lot more difficult to implement changes which span across multiple services. While in case of Monolithic architecture, an app development agency only have to change the corresponding modules, integrate all the changes, and then deploy them all in one go.
Deployment of a microservice application is very complex. It consists of a number of services, which individually have multiple runtime instances. In contrast, a monolithic application is deployed on set of identical servers behind load balancer.

The benefits and limitations are prevalent in both monolithic and microservices architecture. This makes it extremely difficult for a startup to gauge which backend architecture to incorporate in their journey.

Let us help you.

How to Choose Between Monolithic and Microservice Architecture?

The fact that both the approaches come with their own set of pros and cons are a sign that there is no one size fits all methodology when it comes to choosing a backend architecture. But there are a few questions that can help you decide which is the right direction to head into.

Are You Working in a Familiar Sector?

When you work in an industry where you know the veins of the sector and you know the demands and the needs of the customers, it becomes easier to enter into the system with a definite structure. The same, however, is not possible with a business that is very new in the industry, for the amount of looming doubts are much greater.

So, the use of microservice architecture in app development is best suited in cases where you know the industry inside out. If that is not the case, go with monolithic approach to develop your app.

How Prepared is Your Team?

Is your team aware with the best practices for implementing microservices? Or are they more comfortable with working around the simplicity of monolithic? Will your team and your business offering expand in the coming time? You will have to find answers to all these questions to gauge whether the people who have to work on a project are even ready to migrate.

What is Your Infrastructure Like?

Everything from the development to the deployment of a monolithic web application would require a cloud-based infrastructure. You will have to make use of Amazon AWS and Google Cloud for deploying even tiny elements. While the cloud technologies make the process easier, The idea of setting up database server for every other microservice and then scaling out is something that startup entrepreneur might not be comfortable with.

Have you Evaluated the Business Risk?

More often than not, businesses take microservices’ side in the Microservices vs Monolithic Architecture thinking it is the right thing for their business. What they forget to factor in is the chance that their application might not become as scalable as they are optimistically expecting and they might have to suffer the risks of adding a highly scalable system in their process.

Here is a short list of pointers that would help you make the decision of choosing to opt for software development processes with microservices vs monolithic architecture:

When to Choose Monolithic Architecture?

When your team is at a founding stage
When you are developing a proof of concept
When you have no experience in microservices
When you have experience in the development on solid frameworks, like the Ruby on Rails, Laravel, etc.

When to Choose Microservices Architecture?

You need independent, quick delivery service
You need to extend your team
Your platform need to be extremely efficient
You don’t have a tight deadline to work with

Migrating from a Monolithic Architecture to a Microservice Ecosystem

The right approach for migrating a monolithic architecture to a microservice ecosystem is to divide the monolith processes and turn them into microservices. The result of this is a two-factor plan:

Identification of existing monolithic elements which can get decoupled
A validation that the new functionality can be developed as microservice

One of the main challenges that can emerge when initiating the migration from a monolithic architecture to a microservice architecture is to design and create an integration between existing system and a new microservice. A solution for this can be to add a glue code which allows them to connect later, something like an API.

API gateway can also help in combining multiple individual service calls in one coarse-grained service, and this in turn would help reduce the integration cost with monolithic system.

Conclusion

When you compare microservices architecture vs monolithic architecture, you will find the former being a hot trend. Every entrepreneur wants to say that their app is based on this architecture. But the temptation to focus only on the problems of monolithic architecture and abandon the architecture should be measured against the actual value of microservice architecture.

The right approach would be to develop new apps using a monolithic approach and move to microservices only when the justification of the move is backed by proper metrics like performance monitoring.

For established businesses, microservices tend to be avenues for continuous deployment, team based development, and an agility to shift to new technologies. But for startups, or companies that are just starting, adopting microservices can impact the software project success very negatively.

Major Trends that will affect Cyber Security

Posted on 14/08/202009/06/2021 by Tushar

Will this year be as tumultuous as 2020? Let’s hope not. But one thing won’t change: In 2021, as is the case every year, companies will continue to be challenged by new or evolving cyber security threats.

We expect 5 security trends that emerged or accelerated last year to demand even more attention from organizations this year. Here is a look at key threats, potential vulnerabilities and defense strategies in 2021:

Zero Trust becomes more relevant than ever

While the concept of Zero Trust has been around for over a decade, only now is it becoming a viable defense strategy. Today, every endpoint including remote PCs, smartphones, tablets, IoT sensors, containers, virtual systems and cloud resources is susceptible to attacks.

Traditional defenses are meaningless in an environment where the traditional network perimeter is slowly dissipating. It’s not just a matter if these assets will be compromised, but when. The only safe response is to trust nothing on your network and assume the environment is compromised. The premise of Zero Trust management is that to be secure, organizations must verify and authenticate access in a continuous manner.

In 2021, the rise of machine learning is paving the way for Zero Trust. Machine learning can be used to help document baseline user behavior and detect anomalies in actions. For example, if you normally log in from London, but today you’ve logged in from Hong Kong, the system recognizes this anomalous behavior, blocks access and triggers an alert to raise an investigation.

Applying Zero Trust will become an integral part of every organization’s business behavior as a way to future-proof the protection of data and assets.

Remote working is your new threat vector

As a result of government-mandated stay-at-home orders, remote working grew faster than anyone could have foreseen in 2020. Approximately 40 percent of the global workforce shifted to working from home or other remote locations. What’s more, the transition happened practically overnight and is expected to settle into a long-term trend.

Traditional security strategies, developed for staff working in the office within the same corporate network, are insufficient. In many cases, home routers and networks are not secure, and family members’ computing devices may be easily compromised.

What’s needed in 2021 is a new way of operating to work securely from remote locations. It will require changes in behavior, such as keeping access to corporate data from a home network to a minimum. Organizations must verify access to data and assets using various authentication methods that require human intervention and leverage new technologies, such as remote browsing or remote terminals, where no actual data is transmitted to the computing device at home.

Such changes, once unthinkable and impractical, will be crucial to securing work-from-home environments.

5G wireless offers new opportunities, enables new threats

After being touted for years as wireless networking’s next big thing, 5G is finally becoming mainstream. Apple introduced its first 5G-capable iPhones in late 2020, and telecom providers worldwide have rolled out 5G services.

5G computing with its high-speed connections and improved network reliability should empower organizations to quickly deploy compute servers, IoT sensors and other devices on the edge in remote hubs.

The features of 5G, however, can pose new threats if not well-managed. If infrastructure is not carefully secured, adversaries can exfiltrate information very quickly and in large amounts from compromised environments, thanks to 5G’s blazing-fast bandwidth.

Another concern is that most endpoint devices are not designed to deal with a high-volume network, which means adversaries could use 5G bandwidth to easily overwhelm network assets through denial-of-service attacks.

Ransomware moves one step ahead

Ransomware dominated headlines in 2020 and security experts have developed new tactics for responding to these threats. For example, by studying ransomware campaigns, security teams can deduce the decryption keys needed to unlock systems without having to pay the ransom.

Cyber criminals are aware of such countermeasures and are already developing ransomware encrypted at the code level. This means cyber security teams will have to wait for the code to run before it can be studied, thus slowing the development of countermeasures.

Attackers are also rewriting ransomware code to infect the firmware of computing devices and ensure perpetual presence in the victim’s environment. Code that is running at the firmware level may not be detected, stopped or removed by antimalware software.

As this malware cannot be simply overwritten, once a device is infected, the hardware must be either replaced or sent back to the factory to reinstall the firmware.

Cyber analytics drives more data-driven decisions

Organizations are starting to understand the importance of using data to improve business decisions. Operational data can give insights about potential growth and cost-savings opportunities, and how to optimize business process.

Security operations, like other parts of business, are harnessing operational data to understand how business events tie to security events. Organizations can use cyber analytics and AI to predict when and where attacks are most likely to occur so they can then focus their investments to achieve the greatest protection.

AI systems must target aspects of operations unrelated to security that can be correlated with past security events. For example, an AI system might determine that most attacks occur 3 days before quarterly financial results are due to be publicly reported. With that information, organizations can proactively bolster security protections prior to the next public disclosure.

In 2021, such pre-emptive knowledge will help organizations plan ahead. However, to succeed they must thoroughly analyze and understand all the data they collect about operations and business behavior.

Thankfully, 2020 is behind us, but new threats await. Protecting enterprises this year will require new cyber defense strategies and tactics, and better threat intelligence.

Building A Cyber-Resilient Culture

Posted on 13/08/202009/06/2021 by Tushar

No enterprise is completely immune to cyber security attacks. Instead of focusing solely on preventing attacks, organizations should ensure they are able to respond quickly, recover and maintain operations. In other words, they should become cyber resilient.

Cyber resiliency requires establishing policies and processes that help an organization to survive and continue to execute its long-term strategy in the face of evolving security threats. Cyber resiliency should be part of a holistic approach to security that takes all aspects of the business into consideration, from employees and partners to the board of directors. Improving security is not a one-time project, but instead is a program of continuous improvement.

To become cyber resilient, enterprises must strike a balance between these three actions: protecting critical assets, detecting compromises and responding to incidents. Making the IT landscape cyber resilient requires investments in infrastructure, design and development of systems, applications and networks. At the same time, organizations must create and foster a resilience-conscious culture, of which security is an essential part.

An enterprise cyber resilience strategy includes three main components:

Adapt business and IT systems to next-generation threats. Enterprises must prepare for global malware and ransomware attacks, as well as more subtle attacks, where the adversary lurks inside the network. Begin by defining your enterprise security architecture to address prioritized risks. Get a fresh baseline of your current security stance. For example, find out how your enterprise would recover from ransomware if multiple sites, the Active Directory, and backup platforms were to become encrypted. Evaluate critical applications and their dependencies on infrastructure; then define a communications and command structure to ensure business continuity.
Update your security governance strategy. Governance is essential to successful security planning and key to attaining cyber resiliency. To ensure that your strategy measures up, incorporate strategies for protection, detection and response. Update and test business continuity and crisis management plans to cover new models of sourcing. Expand crisis management requirements to include all partners and suppliers. Make board members aware of cyber risks and the steps to effective cyber resiliency. Review and refine older access and software-patching policies and consider adopting role-based access control (RBAC) to more efficiently regulate access to computer and network resources.
Create a resilience-conscious culture. Encourage all employees — not just the cybersecurity team — to adopt a cyber resilient mindset. Stress that employees are the first line of defense when it comes to threats such as phishing and malware. Promote collaboration across teams with pertinent information about security and threats. Coach employees to share knowledge with appropriate authorities and peers both within and outside of the enterprise.

Keep looking ahead

New threats are emerging as organizations adopt new technologies as part of ongoing digital transformation. Enterprises must be prepared and properly staffed to address these challenges:

Internet of things (IoT) vulnerabilities. Consider system cyber and physical security requirements and resilience before widely deploying and depending on IoT systems. Use IoT gateways and edge devices to segregate and provide layers of protection between insecure devices and the internet to help manage the overall lack of IoT security.

Blockchain complexities. Blockchain technology, by its nature, is distributed and resilient. But blockchain moves transactions toward a decentralized model, making it essential to control private cryptography keys. When embedding security into blockchain transactions, use role-based authentication and end-to-end encryption to properly protect data.

Lack of Security Operations Centers (SOCs) resources. Examine the important role SOCs play in bringing together the resources needed to direct the defense. Define what constitutes suspicious activity, identify vulnerabilities, configure detection technologies, search for and validate active threats and ultimately notify affected parties. SOCs must manage and monitor identities, as well as ensure compliance with policies and regulatory requirements.

Transition to DevSecOps. Consider adopting a comprehensive DevSecOps model that incorporates review and governance and supports faster release schedules and innovation. Determine whether your organization can commit to the requirements necessary for success, which include changing to a culture of collaboration, building security throughout the development life cycle and evaluating technical and business risks.

Achieving cyber resiliency should be a modular transformation that evolves from a well-defined strategy to a project roadmap. Make sure you define a strategic direction aligned with business objectives, outline a plan to achieve that direction, and ensure proper execution of that plan, including decision making based on risk management.

Digital Security Strategy’s guiding concepts

Posted on 08/08/202009/06/2021 by Tushar

Digital transformation represents the greatest opportunity for the enterprise in the 21^st century. CEOs across the globe have digital innovation on their agenda as they seek to deliver innovative new business models, create new digital customer experiences, and optimize and automate their processes to enhance business performance.

BUT…digital technologies and the rapid pace of change in a digital world also threaten the enterprise through a growing cyberthreat landscape with a widening attack surface that exploits the very same digital technologies being used to transform the business.

To prevent cyberattacks from derailing your digital initiatives, we need to build security into the very fabric of the digital enterprise. Delivering secure digital transformation is about building security into the digital core platform which is the foundation for how we transform the business…put simply, we must become “Secure to the Core” and have a consistent framework for digital security transformation.

Deploying the right Cyber Defense

One of the key imperatives for secure digital transformation is the ability to monitor every aspect of technology (both IT and OT) across the business. In short, we need to Monitor Everything.

The modern enterprise requires a plethora of security tools to secure their infrastructure and endpoints (networks, firewalls, servers, storage, devices, applications, data, etc). These tools generate an enormous volume of data each day, making it almost impossible to identify and respond to true cyberthreats in a timely manner.

Intelligent Security Operations can detect threats quickly, respond to attacks rapidly, and defend the enterprise from security breaches by applying intelligence and automation to handle the enormous volume of incidents we see across the globe.

To ensure a secure core, Anteelo’s approach is to provide next-generation digital services with a high degree of automation through a Security Platform that applies lean process, deep analytics and intelligent automation to the security information and event management (SIEM) process.

We often describe the underlying technologies within this platform as SOAR (security, orchestration, automation and response).

IDC, meanwhile, describes these cybersecurity technologies as AIRO (Analytics, Incident, Response, and Orchestration). The AIRO technologies trace what is required in the Security Operations Center (SOC) to protect the enterprise network through to threat detection and formal remediation.

Whether your approach is “SOAR” or “AIRO,” either way we must apply automation and orchestration to cyber defences in order to keep up with the sheer volume of data and incidents generated across a wide array of infrastructure and endpoints.

In addition to monitoring everything with SOAR (or AIRO), we also believe in two more critical imperatives that are needed to secure the enterprise: Verify Everything and Encrypt Everything.

Verify Everything is about adopting a zero-trust approach to digital identity and access management. Enterprises engaged in digital transformation need a new approach if they are going to thrive in the digital world. The principle for security is no longer about the “where” it’s about the “who.” Success requires a comprehensive focus on digital identity management. Identity and access management can effectively establish a logical perimeter that enables digital transformation. The right identity and access management solutions prevent unauthorized access to enterprise information using multiple authentication methods with user access management and provisioning.

Privacy by Design

Encrypt Everything is about minimizing the risk of unauthorized or unlawful processing of business-critical data and avoiding accidental loss and destruction or damage to data. All sensitive data requires encryption and/or tokenization using trust services (PKI, certificate and key management), encryption solutions, and rights management. The right data protection and privacy solutions encrypt sensitive data and prevents data loss from malicious cyberattacks.

So, to enable your digital transformation journey, remember these three key security principles: Monitor Everything (with cyber defense solutions), Verify Everything (with digital identity solutions) and Encrypt Everything (with data protection solutions).

Creating a safe networking of linked devices

Posted on 07/08/202009/06/2021 by Tushar

The number of connected devices is predicted to grow to 75 billion by 2025. This will create a massively connected ecosystem, and data security will be paramount.

Many of these devices will be cyber-physical systems, which closely integrate computation, networking and physical processes. The devices consist of a physical entity and its cyber twin, which can replicate the behavior of the physical machine and give insights into how the machine will react when prompted by various actions. Connect these devices to the internet, for data transfer, and the result is the internet of things. Smart grids, autonomous vehicles and medical devices are examples of cyber-physical systems.

In cyber-physical systems, digital and physical components interact with each other in a variety of ways that change with context. For example, an offshore drilling facility transmits sensor values from devices to check that machinery is functioning; the alerts from the devices will vary depending on whether it is a normal scenario or an emergency. Similarly, a connected medical device will send an alert based upon the patient’s condition.

In all contexts, it is imperative to maintain security and privacy of the data. This is particularly true in a data-sensitive field like healthcare, where there is growing concern about cybersecurity in connected medical devices.

A secure framework for cyber-physical systems

We have created a secure framework for connecting cyber-physical systems by leveraging distributed ledger technology (DLT). DLT is a digital system for recording asset transactions in multiple places at the same time, making fraud and manipulation difficult.

Our framework addresses:

Two-way tamper-proof device communication
Financial transactions between devices (e.g., machine-to-machine micropayments using crypto currencies)
Message transfer and data storage between devices with minimal or no transaction fees and mining (network) fees

The framework integrates edge computing components, which are industry-specific (such as medical devices), and has DLT at its core for data transfer and communication.

Edge devices communicate with a central system, the Directed Acyclic Graph distributed ledger, which powers data storage, transfer and access and ensures data security and data privacy. Click image to enlarge.

Inside the framework

We developed the framework’s components using directed acyclic graphs (DAG) — specifically IOTA — as the underlying DLT technology. DAG architecture is well suited for scalability and does not carry mining fees.

IOTA uses an invention called “The Tangle” at its core. The Tangle is a new data structure, based on DAG, that takes care of data privacy needs by providing restricted and private storage and retrieval options.

We describe each component with an industry example but the components can be extended to other industries:

Financial transactions – This component stores all transactions and automates micropayments between machines without any manual intervention. This component can be directly applied to the automobile industry for vehicle charging, toll payments, parking place payments and more. Details are available in this earlier post.
Tamper-proof data transfer / two-way remote communication – The underlying DLT technology of this component ensures data security and privacy in transmission, storage and usage. One direct application is remote patient monitoring in healthcare. This can be extended to any industry that needs remote device monitoring or secure data communication (e.g., offshore drilling and its machines).
Track and trace of a device’s location with indoor positioning – This component helps track and trace sensitive assets, when knowing the status of a device or machine is paramount. For example, use this component to optimize x-ray machine use in a trusted hospital network and reduce patient wait times.
Secure over-the-air firmware updates – This component addresses the exponentially growing need to push secure firmware updates to connected devices, with tamper-proof audit trails made possible by DLT. It is applicable to all connected devices in almost every industry including automotive, healthcare, technology and energy, and utilities.

The components are designed to work online, offline and in mesh networking mode (when Wi-Fi or cellular networks are not available). For example, if connectivity is lost due to an emergency or an outage, these systems can still transmit messages in up to a 65-mile radius. This is critical because it means your medical device stays connected if Wi-Fi or cellular goes down.

Moving toward a unified Digital Security Transformation Framework

Posted on 06/08/202009/06/2021 by Tushar

Organizations pursuing digital transformation initiatives are typically doing so to achieve a variety of possible business outcomes ranging from improved customer experience to improved operational efficiency. As enterprises plan their digital journeys, they are increasingly moving to a more distributed IT environment where corporate applications reside on premises as well as in public cloud environments, and access to these applications is provided on an anytime, anywhere basis to a variety of endpoint devices.

In this type of environment, there are a number of technology-related issues that will drive enterprises to think about new security risks such as the adoption of new technology, IT architectural migration, and the implementation of new operational processes. While these issues typically drive the front end of a digital transformation plan, security is often viewed as an obstacle to a digital transformation initiative or is an afterthought and only considered after the plan and design of the digital transformation initiative is finalized.

Security as an obstacle to innovation

Technology issues like cloud migration, the proliferation of endpoint devices (or “things”) attached to the network, and the adoption of new technologies like AI and IoT can potentially create new vulnerabilities for attackers to exploit. For some organizations, the thought of digital transformation creating a need for incremental security spend above what is currently being spent can slow the pace of digital transformation or stop it entirely.

The reality is that digital transformation is driven by business objectives and the development of a digital transformation strategy must include security requirements at the outset to minimize potential technology and business risks that cybersecurity represents to an organization. What is needed is a better understanding of the business risks associated with a digital transformation plan and the potential impact to the business if those risks ever materialize.

Attempting to “bolt on” a security strategy after the digital transformation plan is in place can put an organization at significant risk once the transformation plan is implemented by not having the proper controls, processes and technologies in place. Every component of a transformation initiative brings inherent risk, and organizations must rethink their overall security posture and the effectiveness of the current security controls they have in place.

Therefore, in the shift from an organization’s current state of IT operations to their future state, IDC believes that a framework for security that includes the combination of a comprehensive security strategy in conjunction with a digital transformation strategy would provide a guide to help organizations understand where potential risks exist and how best to address the risks inherent in their digital transformation journeys. This approach brings security concerns and technical risk in better alignment to business objectives.

Accelerating the path to digital transformation securely

Reference architectures are commonly used as a template for highlighting the various components of an architecture, their functions, and the interdependencies of the functions provided through a set of interfaces. The objective of the reference architecture is to provide a level of commonality for consistent implementation and reuse. This helps to accelerate the delivery of a technology solution while ensuring consistent implementation.

When considering the architectural changes taking place in enterprise IT environments as organizations execute on their digital transformation strategies, the use of a security reference architecture can help bring business objectives and security concerns in alignment, while also accelerating the path to digital transformation in a secure manner.

Given the challenges businesses face today keeping pace with the ever-changing security threat landscape and the demands for IT to be an enabler to digital transformation, a consistent approach to implementing security at the strategy, operational and technical level is a business imperative. The use of a holistic framework that provides a consistent methodology, uses a common language and provides a step-by-step guide for embedding security into any digital initiative will help organizations streamline transformation and accelerate the time to realize real business value.

A Centralised System for Sharing Logistics Data

Posted on 03/08/202009/06/2021 by Tushar

The transport and logistics industry has been experiencing tremendous growth with the evolution of services such as Alibaba and Amazon. However, there’s one major challenge to the smooth delivery of online orders: retailers and manufacturers use different data formats for issuing and tracking order shipments.

In the absence of universal agreements for identity and access management that work across the entire industry, companies have had to draw up individual written contracts for every shipment. Customers may get their items in a reasonable period of time, but when it comes to the retailer, shipper or consumer tracking the product, there’s no uniform view of the entire shipping route as the package is on route to its final destination.

That’s why a group of forward-thinking public- and private-sector partners within the transport and logistics sector in the Netherlands have formed iSHARE, a consortium that seeks to develop a uniform standard for automatically exchanging data while shipping products following an online sale. All data and policies are stored in a central repository, enabling each partner to work with the same identification, authentication and authorization methods, thereby eliminating the need to manually type multiple contracts in order to share data and ship a product.

The Netherlands has been funding this project over the past few years, and consortium members hope that iSHARE can become a global standard. To give credibility to the notion that iSHARE will be embraced wordwide, large maritime port and airport cargo handlers – in tandem with a large U.S. retailer – have also contributed to investing in the project.

Recently, the consortium has been testing the last mile of delivery in the online food sector using crypto technology developed by iSHARE. For the last mile, solutions are being developed that can open a smart lock or box via Bluetooth or Wi-Fi with crypto tokens. Sometime soon, the delivery agent will only need an app on a smartphone or tablet to open the lock/box. A crypto token will work in tandem with policies, developed by solutions providers, that will determine whether the contents of the box need simply to be cooled or remain frozen.

Once this last mile technology emerges, then the great potential of online shopping can be realized. A Rabobank report found that total supermarket spend in the Netherlands in 2018 across 3,730 stores was 38.7 billion euros, of which 1.4 billion euros (3.6%) came via online shopping. The good news: Rabobank expects online food shopping to grow up to 30% by 2030.

Despite this promise, online food shippers still face unique challenges, namely that perishable food items need to be stored in temperature-controlled conditions and can’t just be left at a front door or on a person’s driveway. Residents must be home to receive the goods or pick them up at so-called pick-stations. An analysis by Dutch supermarket franchiser Ard van de Huijgevoort, owner of van de Huijgevoort Group, found that because deliveries can only be made when people are home, only nine deliveries are made per van, per day — well below the volume they know is possible.

But what if deliveries could be made at any time of day so that the shippers can drive the most cost-effective routes? In addition to the use of crypto tokens noted, there are systems under development that include iSHARE for data exchange in leveraging autonomous delivery and other modern food storage techniques. Ard van de Huijgevoort found that, under such a system, three to four times as many deliveries can be done in one day. Along with considerably better economics for the supermarket, this also reduces carbon emissions because the trucks drive fewer kilometers for the same deliveries.

To be sure, there are still many challenges in the transport and logistics industry, but uniform data sharing standards, such as those created by iSHARE, should accelerate improvements across the many stages of the delivery journey.

The need for Technology Plan for Renovating an Airport

Posted on 02/08/202009/06/2021 by Tushar

Experts predict air travel will grow steadily over the next two decades. The Federal Aviation Administration (FAA) reports that the number of passengers boarding planes is expected to increase from 880.5 million in 2018 to 1.3 billion by 2039. Airports are responding with massive construction programs and new processing technologies to help them handle more gates and passengers and deliver enhanced security.

Airport managers understand that deploying new technologies can be a critical component of managing expected growth. Yet too often they find it simpler and more expedient to expand their current systems rather than start construction projects with the more modern solutions. I have personally seen how this short-sighted approach ultimately costs more and adds delays to projects, as newer systems are eventually retrofitted anyway. A more intelligent strategy would be to begin projects by thinking of technology and construction from a business perspective.

How technology helps travelers

Numerous existing and conceptual technologies can make airports the efficient, high-tech facilities that today’s travelers expect. The most obvious ones include WiFi and emerging 5G technology. More sophisticated technologies include smart sensors that can determine the mood of the crowd, monitor how full trash cans are, and automate how planes park at the terminal — without human intervention. In addition, modern communications technology can tie into retail service companies so travelers can order coffee or food that’s ready for them at the gate when they arrive at a destination.

It’s all possible, and can bring tremendous benefits to airports and travelers, but it needs to be properly planned for. Airports can expect the best business outcomes when technologists are part of the design and orchestration process. Here’s how incorporating their input from the beginning of a project can enhance five key business initiatives:

1. Situational awareness

Both management and the public expect airport security to know what’s going on around the perimeter of the airport. By bringing IT into the conversation at the beginning of a project, cameras and sensors can be strategically placed around airport property to give the security team a 360° view of vehicle break-ins or other criminal incidents. In addition, video footage coupled with predictive analytics can help determine crime patterns that emerge over several months and years. Technologists’ input will ensure that there’s a good balance between ongoing support costs, the desired capability of the application and cybersecurity.

2. Improved risk management

Similarly, involving IT early in the construction process can help airports deploy sensors and cameras in optimal locations. Salt Lake City International Airport, for example, installed seismic sensors to monitor potential earthquake activity in the region. More commonly, facial recognition sensors, installed properly, can read the mood of people passing through terminals and alert security to potentially suspicious activity. Technologists and legal staff can ensure that airports don’t inadvertently take on more risks when implementing new capabilities.

3. Reduced costs

It’s always more cost-effective to allow for the technology upfront, as opposed to doing a retrofit. After all, airport construction project managers don’t want to reopen ceilings or redo wiring once a building or parking lot is done. Sometimes a new construction project provides an opportunity to “forklift” out existing technology and replace it with far more capable and easier-to-maintain equipment, which lowers total cost of ownership over time. However, the actual technology equipment should be bought later in the construction cycle — just before the implementation — to ensure it doesn’t get out of date before it’s even turned on.

4. Improved public reputation

Today’s travelers expect access to lightning-fast WiFi, self-service check-in kiosks and other digitally enabled features. Any airport renovation project that fails to deliver modern technology will likely result in negative feedback scores for the airport and a public outcry on social media. There’s no reason for that, especially when most IT teams are more than willing to work with airport management to deploy modern technologies that will improve safety and deliver a better experience for travelers. Additionally, IT staff can help guide the use of new 3D technology to simulate future environments so that all stakeholders know that the airport staff understands their concerns and intends to feature the latest technology.

5. Enhanced customer satisfaction

The best IT staff are customer-focused today, so building in the technology to help airports improve services is second nature. Airport managers can work with the airport IT staff and the carriers to install the right WiFi technology and 5G towers to facilitate all kinds of new services, such as deploying applications that can text travelers the location of the closest restroom when they get off the plane or let them know if the restroom is closed for construction. Also, airport managers should make sure IT and marketing staff can fully leverage social media to properly track and respond to concerns.

Making technology upgrades part of airport construction projects brings business value and isn’t a hard concept to grasp, but it’s essential if an airport hopes to maximize its investment. Give technologists a seat at the table – and airports can meet the traveling public’s technology expectations while in turn avoiding expensive retrofits.

Cost of a Mobile Banking App Development- Determine

Posted on 01/08/202009/06/2021 by Anteelo Master

A massive percentage of the finance sector is willingly switching to mobile banking. But how much does mobile banking app development cost?

Irrespective of how slow we call the adoption of technology in the finance sector, there is one transformational event that can not be ignored – a massive percentage of people willingly switching from desktop and branch-visiting banking to mobile banking.

Mobile banking apps have today become one of the primary ways in which people log on to their bank accounts and perform transactions. The attraction towards mobile banking is so high and prominent that banks, across size and geographical locations, are not just expanding into the online banking app development offering but are also looking for ways to make them new-gen technology-rich.

In this article, we are going to deep dive into the different facets of banking application development and the feature-sets that come together to define how much does it costs to create a mobile banking app.

A Peek Into the Mobile Banking App Market

The ease that banking apps come with – real-time access of account information, ease in transactions, card-less ATM withdrawals, etc – has led to the fact that every bank now comes with their own banking applications.

But does it mean that the time for entrepreneurs to join the bandwagon has passed? No!

There are a number of statistics that validate the need for a mobile banking application. Here are some prominent ones –

In a decade’s time, mobile banking apps have taken over the combined user count of internet banking, branch-visit banking, and telephone banking. We can only imagine how big the market will be in the years to come.

The Top Players That Every Mobile Banking App Development Company Looks Up To

These are some of the top banking apps that the mobile banking application development companies look up to as benchmarks and the users compare other apps with.

The experience that these brands offer has played a massive role in increasing the adoption of mobile banking apps in the industry by showing the users that the process can be extremely seamless and automated.

Another factor that helps these applications become revolutionary is the feature-set that they come with.

Let us look into some of those features.

Must-Have Features of Banking App

There are a number of features that come together to define a well-strategized mobile banking app creation process. In order to get an idea of which is the best one, it can be helpful to look into the reasons why people use banking applications in the first place.

While the image gives a good idea of the kind of features that must be considered when you are looking for answers on how to develop an online banking application, let us reinstate the primary features.

1. App access

Like a majority of applications, a banking application also starts with authorization and registration. The sign-in option in the banking application should be simple but also highly secure. There are two options that brands generally follow when building a banking app – PIN entry and Fingerprint. A multi-factor authentication system can help secure the application to a great extent.

2. Account information

You should enable the users to access their bank account information – account number, balance, card number, name, etc. There are a number of success stories that highlight the need of showcasing the feature of checking balance and other information in the first screen that opens when the user logs in. However, even if it goes differently than your plan, at least make the sections easily accessible for the users.

3. Payment and transfer

The next must-have feature of a banking application would be the ability to make real-time payments and transfers. There should be a specific section for the transfer activities containing the ability to add beneficiaries, view account balance pre and post-transfer, etc.

At the payment stage as well, you should ask the users to put in their password/PIN or fingerprint to allow money transfer.

4. Transactions history

Another primary feature of a banking application is real-time transaction history. On a usual note, you should give your users the feasibility of viewing their transaction history for the period that they want, i.e custom date setting.

5. Push Notifications

A well-thought-of push notification strategy can not just help you retain your customers but also increase the engagement levels in your application.

Generally, push notifications are divided into three parts:

Transaction-based – notify users of everything related to their bank accounts
Promotion-based – inform the users about offers, discounts, and deals
Application-based – document submission or password change request

6. Bank and ATM locations

It is one of the most convenient features present in a banking application. You should integrate Apple or Google Maps in the application to help guide the users to the nearby bank locations and ATMs.

7. In-app chat

There are a number of ways chatbots make banking better. The number one is making banking accessible to the users on a 24*7 mode. A securely devised chatbot can help keep updated with their account details, check if x amount was credited from their accounts, etc.

While these are the must-have features that define how to build a banking mobile app, there are a number of advanced features that can elevate the returns on mobile banking development services investment. They can be – regular payments, QR scan, integration of third-party services like investment portals, hotel or travel booking options within the app, etc.

Now that we have looked at the must-have feature sets of banking applications, let us get to the point where we look into the cost of banking application development.

How Much Does it Cost to Develop a Banking App?

The banking app development cost is dependent on a number of factors. Here are the top ones –

1. Features

Mobile banking app feature-set is the first thing that contributes to the development cost estimate. The more advanced the features, the greater would be the development cost. For example, the more you move away from a standard mobile banking app and gravitate towards the integration of Blockchain for IoT in the application, the higher would be the overall cost range.

2. App design

There are a number of information present inside a banking mobile application – account information, money transfer details, customer service information, an active chatbot, etc. It is very easy to create a design which tries to add all the information in place. But what is needed and appreciated is minimalistic design – something that carries its own place in the mobile app design cost list.

3. Technology Integration

The other key factor that has a direct impact on the banking app development cost is technology integration. While we do suggest adding new-gen technologies like AI or Blockchain to future-proof your banking applications, it can increase the development cost to a great extent.

4. Location of the agency

The last element is the location of the agency. As you move from East to West, the cost of app development increases. The average hourly rate of mobile banking app developers in the US is usually in the $100 to $120 range, while in India it can be anywhere between $60 to $80.

All the elements come together to define the cost of banking application development. If you are looking for a numeric value, share your idea with our banking software experts. They’ll help you validate your app idea while giving you a costing estimate.

While you are working on your banking application idea, keep the banking trends into consideration which would help make your app 2021 ready.

Mobile Banking Development Trends That Will Rule 2021-22

ATM connectivity

Innovations in QR code scans and near-field communication technology will help customers manage their ATM transactions without fumbling to find their debit cards, while saving them from entering passwords in a public setup.

Voice commands

Voice technology will find itself getting adopted by the banking sector by a greater extent. Users will now be able to check their bank balance or transfer money to people in their contacts simply by initiating a voice request.

Greater integration of AI

This year will see a number of innovative use cases of AI in the payment & banking sector. Right from fraud detection to establishing a 24*7 connectivity between users and banks, AI and Machine Learning will be integrated by the banking institutions to a great extent.

Improved app security

Although the banking sector is still one of the most secure sectors, 2021 will see it become unhackable. Here are a few elements that we will be adding in the banking applications to make them breach-proof:

Multi-factor authentication system
End-to-end encryption
Fingerprint authentication
Real-time alerts
Incorporation of AI to identify fraud instances, etc.

At this point, you have all the information needed to initiate a mobile banking application and the factors that will help you get an estimate on the project. The next step? Find a team of developers who can help you with the project. We are one of them.