Companies and organizations are experiencing the first stage of a new digital support: GDPR management tools. We analyzed some of them.

The problem

In some cases the approach of the solution is technological -systems designed as if they were independent or of static nature- while in other cases it’s functional, thus technical in compliance matters, still specific.

We classify both approaches as mainly marketing-oriented; not in order to criticize the quality of these tools as such but the fact that the solutions primarily are momentum-driven commercial opportunities for a sudden demand, which market is still not well versed on the subject. This practice raises issues, indeed.

Talking with GDPR experts it emerges that some entrepreneurs and executives have taken a vision which limits GDPR compliance to – a bureaucratic – document management or, even worse, they seem a one-shot maintenance-free operation. All despite the many and repeated warnings and risks of running into huge administrative fines.

Moreover, we have been confided that companies apparently prefer a non-matching real-world business processes above the presenting of  ‘official processes’ and carry on with their usual ones. The bottom line: the risk and the purpose of the compliance audit is dispelled although time and money is expended, and at a high risk cost at the same time.

Back to the past

We note a remarkable parallel to the 90’s when ISO quality certification was fashionable. It was not uncommon to find entrepreneurs chasing contingently after a series of certificates, however without any serious intention to change their company culture.

We have worked with quite a few of them at that time and, unfortunately but not by chance, none of them had enlighten their future after such choices. (None of them exist anymore in the market, but this is just a personal account.)

Three decades later quality at large -finally- seems widespread in many business environments, and process mapping & re-engineering is nothing new anymore. The resulting benefits are acknowledged as part of our business culture.

An innovative approach – a golden opportunity

Underestimating the interventions required to meet the GDPR or not taking advantage of all actions needed during this process, may lead companies to choose wrong tools that require serious compliancy efforts. Often this road also leads to the impossibility to become connected with other fundamental areas of competence such as Legal and Operations. Given all of the above, we raise a crucial question:

Why should companies and organizations re-map their processes only for GDPR purposes? Why do GDPR tools not start from managed processes?

Exchange standards are available, such as IDEFx, FFBD or BPMN 2.0 for modeling or universal standards like XML or Json, just to provide some examples. Then, how common it is actually the adoption of process mapping tools?

This lack of integration of best practices and previous investments leads to a costly attrition.

Aziende e organizzazioni stanno vivendo la prima fase di un nuovo supporto digitale: gli strumenti di gestione del GDPR. Ne abbiamo analizzati alcuni.

Come per tutti i casi precedenti di nuovi processi di conformità aziendale, oggi c’è un numero crescente di strumenti sul mercato che affrontano la nuovissima legge europea sulla privacy, il Regolamento generale sulla protezione dei dati, entrato in vigore il 25 maggio 2018. Il nostro principale conclusione: questi strumenti per la privacy hanno limitazioni di progettazione.

Il problema

In alcuni casi l’approccio della soluzione è tecnologico -sistemi progettati come se fossero indipendenti o di natura statica- mentre in altri casi è funzionale, quindi tecnico in materia di compliance, ancora specifico.

Classifichiamo entrambi gli approcci come principalmente orientati al marketing; non per criticare la qualità di questi strumenti in quanto tali, ma il fatto che le soluzioni sono principalmente opportunità commerciali guidate dallo slancio per una domanda improvvisa, il cui mercato non è ancora esperto in materia. Questa pratica solleva problemi, anzi.

Parlando con gli esperti di GDPR emerge che alcuni imprenditori e dirigenti hanno adottato una visione che limita la conformità al GDPR a una gestione – burocratica – dei documenti o, peggio ancora, sembrano un’operazione one-shot che non richiede manutenzione. Il tutto nonostante i tanti e ripetuti avvertimenti e rischi di incorrere in enormi sanzioni amministrative.

Inoltre, ci è stato confidato che le aziende apparentemente preferiscono processi di business del mondo reale non corrispondenti rispetto alla presentazione di “processi ufficiali” e continuano con quelli abituali. Conclusione: il rischio e lo scopo dell’audit di conformità vengono dissipati nonostante si spenda tempo e denaro e allo stesso tempo con un costo di rischio elevato.

Ritorno al passato

Notiamo un notevole parallelo con gli anni ’90, quando la certificazione di qualità ISO era di moda. Non era raro trovare imprenditori che inseguivano in modo contingente una serie di certificati, senza tuttavia alcuna seria intenzione di cambiare la loro cultura aziendale.

Abbiamo lavorato con un bel po ‘di loro in quel momento e, purtroppo ma non a caso, nessuno di loro aveva illuminato il proprio futuro dopo tali scelte. (Nessuno di loro esiste più sul mercato, ma questo è solo un account personale.)

Tre decenni dopo, la qualità in generale, infine, sembra diffusa in molti ambienti aziendali e la mappatura e la reingegnerizzazione dei processi non sono più una novità. I vantaggi che ne derivano sono riconosciuti come parte della nostra cultura aziendale.

Un approccio innovativo: un’opportunità

Sottovalutare gli interventi necessari per soddisfare il GDPR o non sfruttare tutte le azioni necessarie durante questo processo, può portare le aziende a scegliere strumenti sbagliati che richiedono un serio impegno di conformità. Spesso questa strada porta anche all’impossibilità di collegarsi ad altre aree di competenza fondamentali come Legale e Operativo. Considerato tutto quanto sopra, solleviamo una domanda cruciale:

Perché le aziende e le organizzazioni dovrebbero mappare i propri processi solo ai fini del GDPR? Perché gli strumenti GDPR non partono dai processi gestiti?

Sono disponibili standard di scambio, come IDEFx, FFBD o BPMN 2.0 per la modellazione o standard universali come XML o Json, solo per fornire alcuni esempi. Allora, quanto è comune l’adozione di strumenti di mappatura dei processi?

Questa mancanza di integrazione delle migliori pratiche e degli investimenti precedenti porta a un costoso logoramento.

Contract Management tools and CLM (Contract Lifecycle Management) practices offer the opportunity to integrate managed processes from the very beginning of the data stream: the contracts. Article 28 of GDPR provides some guidelines that we develop in this paper.

Contracts and GDPR

Organizations can almost easily identify the source of sensitive data in their contracts, either because contracts de facto represent the data collecting events (B2C and B2B) or because data treatment or manipulation is the subject of contracts themselves (B2B). This latter is the case of third parties involved in data manipulation or data treatment, the so-called “processors” by article 28 of the GDPR. Relationship with these parties is regulated by contracts.

Article 28

EU general data protection regulation 2016/679 (GDPR), in effect since 25 May 2018, states in Article 28 that

“…the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.” 

Wording in bold characters in the above quoted text is not our personal typographic choice. The impact of this article has not been overviewed by Brussels yet but the concept is crystal clear: processor’s responsibility goes beyond his own organization; it extends to the whole business network it relies on. This also affects foreign companies and organizations that treat EU citizen’s data.

When dealing with sensitive data the governance of relations with processors by contracts is not a common-sense or best practice anymore but an obligation as dictates Article 28, paragraph nr. 3:

“Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller […]”

From a practical point of view, organizations should develop governance procedures for managing the sensitive data chain and all relations with processors assuring their compliance. This is where CLM can help.

How can CLM help?

CLM’s basic principle is taking full control of the contract lifecycle and all contract related aspects impacting organizational issues. This means that by using CLM practices companies have the ability to control and manage direct relations between business processes and contracts, considering the latter as sources.

It is a fact that Legal Audit is a fast and precise operation when CLM tools are adopted. The same cannot be said about traditional or manual legal management: in one of our customers the Legal Audit process was reduced, after adopting CLM, from 2 or 3 days to 30 minutes.

All the above can be translated into the following general actions:

1. Identifying specific contracts and contract categories that represent sources of sensitive data.
2. Identifying IT and service contracts with third-parties and contractors related to a).
3. Collecting contracts in b) for auditing the GDPR required guarantees and compliancy of the involved parties for the whole data stream.
4. Integrating CLM with Business Process Management and its link to the GDPR process management: data treatment audit items should be identified with their legal sources in order to guarantee their management and enhance all following process maintenance.
5. Evaluating the opportunity of sharing the same tools as common language between controller and processor.
6. Managing GDPR processes (audit and maintenance) using the legal perspective as a starting point.

Conclusions

Organizations need support regarding EU sensitive data manipulation compliance; complex activities must be managed involving IT and service contracts review. Contract Lifecycle Management tools help organizations in the tedious task of identifying and collecting their processors for a correct GDPR risk management.

This article is also available in LinkedIn, in pdf format, here.

As for all previous cases of new business compliance processes there is today a growing number of tools in the market addressing the all new European privacy law, the General Data Protection Regulation, which came into force on May 25, 2018. Our main conclusion: these privacy tools have design limitations.

The problem

In some cases the approach of the solution is technological -systems designed as if they were independent or of static nature- while in other cases it’s functional, thus technical in compliance matters, still specific.

We classify both approaches as mainly marketing-oriented; not in order to criticize the quality of these tools as such but the fact that the solutions primarily are momentum-driven commercial opportunities for a sudden demand, which market is still not well versed on the subject. This practice raises issues, indeed.

Talking with GDPR experts it emerges that some entrepreneurs and executives have taken a vision which limits GDPR compliance to – a bureaucratic – document management or, even worse, they seem a one-shot maintenance-free operation. All despite the many and repeated warnings and risks of running into huge administrative fines.

Moreover, we have been confided that companies apparently prefer a non-matching real-world business processes above the presenting of  ‘official processes’ and carry on with their usual ones. The bottom line: the risk and the purpose of the compliance audit is dispelled although time and money is expended, and at a high risk cost at the same time.

Back to the past

We note a remarkable parallel to the 90’s when ISO quality certification was fashionable. It was not uncommon to find entrepreneurs chasing contingently after a series of certificates, however without any serious intention to change their company culture.

We have worked with quite a few of them at that time and, unfortunately but not by chance, none of them had enlighten their future after such choices. (None of them exist anymore in the market, but this is just a personal account.)

Three decades later quality at large -finally- seems widespread in many business environments, and process mapping & re-engineering is nothing new anymore. The resulting benefits are acknowledged as part of our business culture.

An innovative approach – a golden opportunity

Underestimating the interventions required to meet the GDPR or not taking advantage of all actions needed during this process, may lead companies to choose wrong tools that require serious compliancy efforts. Often this road also leads to the impossibility to become connected with other fundamental areas of competence such as Legal and Operations. Given all of the above, we raise a crucial question:

Why should companies and organizations re-map their processes only for GDPR purposes? Why do GDPR tools not start from managed processes?

Exchange standards are available, such as IDEFx, FFBD or BPMN 2.0 for modeling or universal standards like XML or Json, just to provide some examples. Then, how common it is actually the adoption of process mapping tools?

This lack of integration of best practices and previous investments leads to a costly attrition.

Fog computing extends the concept of cloud computing to the network edge, making it ideal for internet of things (IoT) and other applications that require real-time interactions.

Published on NetworkWorld By Brandon Butler  Jan 17, 2018

Fog computing is the concept of a network fabric that stretches from the outer edges of where data is created to where it will eventually be stored, whether that’s in the cloud or in a customer’s data center.

Fog is another layer of a distributed network environment and is closely associated with cloud computing and the internet of things (IoT). Public infrastructure as a service (IaaS) cloud vendors can be thought of as a high-level, global endpoint for data; the edge of the network is where data from IoT devices is created.

Fog computing is the idea of a distributed network that connects these two environments. “Fog provides the missing link for what data needs to be pushed to the cloud, and what can be analyzed locally, at the edge,” explains Mung Chiang, dean of Purdue University’s College of Engineering and one of the nation’s top researchers on fog and edge computing.

According to the OpenFog Consortium, a group of vendors and research organizations advocating for the advancement of standards in this technology, fog computing is “a system-level horizontal architecture that distributes resources and services of computing, storage, control and networking anywhere along the continuum from Cloud to Things.”

Benefits of fog computing

Fundamentally, the development of fog computing frameworks gives organizations more choices for processing data wherever it is most appropriate to do so. For some applications, data may need to be processed as quickly as possible – for example, in a manufacturing use case where connected machines need to be able to respond to an incident as soon as possible.

Fog computing can create low-latency network connections between devices and analytics endpoints. This architecture in turn reduces the amount of bandwidth needed compared to if that data had to be sent all the way back to a data center or cloud for processing. It can also be used in scenarios where there is no bandwidth connection to send data, so it must be processed close to where it is created. As an added benefit, users can place security features in a fog network, from segmented network traffic to virtual firewalls to protect it.

Applications of fog computing

Fog computing is the nascent stages of being rolled out in formal deployments, but there are a variety of use cases that have been identified as potential ideal scenarios for fog computing.

Connected Cars: The advent of semi-autonomous and self-driving cars will only increase the already large amount of data vehicles create. Having cars operate independently requires a capability to locally analyze certain data in real-time, such as surroundings, driving conditions and directions. Other data may need to be sent back to a manufacturer to help improve vehicle maintenance or track vehicle usage. A fog computing environment would enable communications for all of these data sources both at the edge (in the car), and to its end point (the manufacturer).

Smart cities and smart grids Like connected cars, utility systems are increasingly using real-time data to more efficiently run systems. Sometimes this data is in remote areas, so processing close to where its created is essential. Other times the data needs to be aggregated from a large number of sensors. Fog computing architectures could be devised to solve both of these issues.

Real-time analytics A host of use cases call for real-time analytics. From manufacturing systems that need to be able to react to events as they happen, to financial institutions that use real-time data to inform trading decisions or monitor for fraud. Fog computing deployments can help facilitate the transfer of data between where its created and a variety of places where it needs to go.

Fog computing and 5G mobile computing

Some experts believe the expected roll out of 5G mobile connections in 2018 and beyond could create more opportunity for fog computing. “5G technology in some cases requires very dense antenna deployments,” explains Andrew Duggan, senior vice president of technology planning and network architecture at CenturyLink. In some circumstances antennas need to be less than 20 kilometers from one another. In a use case like this, a fog computing architecture could be created among these stations that includes a centralized controller that manages applications running on this 5G network, and handles connections to back-end data centers or clouds.

How does fog computing work?

A fog computing fabric can have a variety of components and functions. It could include fog computing gateways that accept data IoT devices have collected. It could include a variety of wired and wireless granular collection endpoints, including ruggedized routers and switching equipment. Other aspects could include customer premise equipment (CPE) and gateways to access edge nodes. Higher up the stack fog computing architectures would also touch core networks and routers and eventually global cloud services and servers.

The OpenFog Consortium, the group developing reference architectures, has outlined three goals for developing a fog framework. Fog environments should be horizontally scalable, meaning it will support multiple industry vertical use cases; be able to work across the cloud to things continuum; and be a system-level technology, that extends from things, over network edges, through to the cloud and across various network protocols. (See video below for more on fog computing from the OpenFog Consortium.)

Are fog computing and edge computing the same thing?

Helder Antunes, senior director of corporate strategic innovation at Cisco and a member of the OpenFog Consortium, says that edge computing is a component, or a subset of fog computing. Think of fog computing as the way data is processed from where it is created to where it will be stored. Edge computing refers just to data being processed close to where it is created. Fog computing encapsulates not just that edge processing, but also the network connections needed to bring that data from the edge to its end point.

[ Related (NetworkWorld): What is edge computing and how it’s changing the network ]

It may be time for the U.S. government to step in to coordinate security standards across all the players that participate in creating the internet of things, Frost & Sullivan says

Article published on NetworkWorld by Jon Gold, Senior Writer, Jan 15, 2018

Thanks to the Mirai botnet attacks, few people in the world of tech need a reminder that IoT devices remain a serious threat to enterprise networks. Still, more than a year after the botnet made headlines worldwide, IoT security remains mostly an idea, rather than a reality.

Such is the scope of the problem that Frost and Sullivan IoT research director Dilip Sarangan argues for governmental intervention. Sarangan says that, because the responsibility for IoT security is diffused across device manufacturers, network providers, software developers and many others, it’s difficult for the industry to make progress on all-encompassing standards.

“The only entity that has the ability to actually dictate what the minimum threshold is, unfortunately, is the U.S. government,” he said.

The difficulty in creating overarching standards mostly has to do with the fact that any given IoT implementation has a large number of moving parts, each of which may be administered by different organizations, or even by third parties. For example, a set of medical devices provided by company A connecting to a network provided by company B, running an application, originally written by company C and residing in company D’s cloud.

“Everyone talks about it like they’re going to provide end-to-end security, and there’s actually no way to do that,” said Sarangan. “You have no control over a lot of parts of an IoT solution.”

Network visibility

From the networking side, Sarangan said, there are plusses and minuses to most of the options available to any given IoT implementation. Cellular networks, for example, tend to be a lot more secure than Wi-Fi, ZigBee or the other wide-area options, but a company will probably have much more limited visibility into what’s happening on that network.

That, in and of itself, can be a security issue, and it’s imperative for the carriers to provide more robust device management features in the future.

“What type of device it is, what type of information it’s supposed to send, where it’s supposed to send the data, what you are supposed to do with that data – until you know all of that, it’s hard to be completely secure,” said Sarangan.

Improved network visibility is key to preventing worst-case scenarios like malicious actors accessing power grids and Internet infrastructure, but so are common-sense measures like air gaps.

“You have the hacks happening, but the hacks haven’t been significant enough to where you’d worry about it,” he said. “The other side of it is that a lot of critical infrastructure – let’s say a smart grid – is on private networks.”

A sea of IoT devices

A lack of quality control and the presence of a host of very old devices on IoT networks might be the most critical security threats, however. Decades-old hardware, which may not have been designed to be connected to the Internet in the first place, let alone stand up to modern-day security threats, creates a serious issue.

“You have over 10 billion IoT devices out there already … and a lot of these devices were created in 1992,” noted Sarangan.

Moreover, the huge number of companies making IoT-enabled hardware makes for a potentially serious problem where quality control is concerned. Big companies like Amazon and Microsoft and Google make headlines for their smart home gizmos, but the world of IoT is a lot broader than that.

China, in particular, is a major source of lower-end IoT devices – speakers, trackers, refrigerators, bike locks and so on – and it’s not just the Huaweis and Xiaomis of the world providing the hardware.

“[There are] hundreds of mom-and-pop shops out there developing hardware that we don’t necessarily know whether to trust or not – these are devices that are getting on unsecured Wi-Fi networks,” said Sarangan. “That’s already a security threat, and a large portion of Americans don’t actually protect their routers.”

Indeed, hidden backdoors have already been found on some such devices, according to The Register.

Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldn’t begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and “smart” lightbulbs.

Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

-Rule #1: Avoid connecting your devices directly to the Internet — either without a firewall or in front it, by poking holes in your firewall so you can access them remotely. Putting your devices in front of your firewall is generally a bad idea because many IoT products were simply not designed with security in mind and making these things accessible over the public Internet could invite attackers into your network. If you have a router, chances are it also comes with a built-in firewall. Keep your IoT devices behind the firewall as best you can.

-Rule #2: If you can, change the thing’s default credentials to a complex password that only you will know and can remember. And if you do happen to forget the password, it’s not the end of the world: Most devices have a recessed reset switch that can be used to restore to the thing to its factory-default settings (and credentials). Here’s some advice on picking better ones.

I say “if you can,” at the beginning of Rule #2 because very often IoT devices — particularly security cameras and DVRs — are so poorly designed from a security perspective that even changing the default password to the thing’s built-in Web interface does nothing to prevent the things from being reachable and vulnerable once connected to the Internet.

Also, many of these devices are found to have hidden, undocumented “backdoor” accounts that attackers can use to remotely control the devices. That’s why Rule #1 is so important.

-Rule #3: Update the firmware. Hardware vendors sometimes make available security updates for the software that powers their consumer devices (known as “firmware). It’s a good idea to visit the vendor’s Web site and check for any firmware updates before putting your IoT things to use, and to check back periodically for any new updates.

-Rule #4: Check the defaults, and make sure features you may not want or need like UPnP (Universal Plug and Play — which can easily poke holes in your firewall without you knowing it) — are disabled.

Want to know if something has poked a hole in your router’s firewall? Censys has a decent scanner that may give you clues about any cracks in your firewall. Browse to whatismyipaddress.com, then cut and paste the resulting address into the text box at Censys.io, select “IPv4 hosts” from the drop-down menu, and hit “search.”

If that sounds too complicated (or if your ISP’s addresses are on Censys’s blacklist) check out Steve Gibson‘s Shield’s Up page, which features a point-and-click tool that can give you information about which network doorways or “ports” may be open or exposed on your network. A quick Internet search on exposed port number(s) can often yield useful results indicating which of your devices may have poked a hole.

If you run antivirus software on your computer, consider upgrading to a “network security” or “Internet security” version of these products, which ship with more full-featured software firewalls that can make it easier to block traffic going into and out of specific ports.

Alternatively, Glasswire is a useful tool that offers a full-featured firewall as well as the ability to tell which of your applications and devices are using the most bandwidth on your network. Glasswire recently came in handy to help me determine which application was using gigabytes worth of bandwidth each day (it turned out to be a version of Amazon Music’s software client that had a glitchy updater).

-Rule #5: Avoid IoT devices that advertise Peer-to-Peer (P2P) capabilities built-in. P2P IoT devices are notoriously difficult to secure, and research has repeatedly shown that they can be reachable even through a firewall remotely over the Internet because they’re configured to continuously find ways to connect to a global, shared network so that people can access them remotely. For examples of this, see previous stories here, including This is Why People Fear the Internet of Things, and Researchers Find Fresh Fodder for IoT Attack Cannons.

-Rule #6: Consider the cost. Bear in mind that when it comes to IoT devices, cheaper usually is not better. There is no direct correlation between price and security, but history has shown the devices that tend to be toward the lower end of the price ranges for their class tend to have the most vulnerabilities and backdoors, with the least amount of vendor upkeep or support.

In the wake of last month’s guilty pleas by several individuals who created Mirai — one of the biggest IoT malware threats ever — the U.S. Justice Department released a series of tips on securing IoT devices.

One final note by the author (Krebs): I realize that the people who probably need to be reading these tips the most likely won’t ever know they need to care enough to act on them. But at least by taking proactive steps, you can reduce the likelihood that your IoT things will contribute to the global IoT security problem.

By Jonas DeMuro  – 18th Jan. 2018 – World of tech  

The blockchain is the technology behind Bitcoin (and other cryptocurrencies) which is currently dominating the headlines, due to its meteoric rise over the past month, and the equally massive plunge it has taken this week. Bitcoin is nothing but volatile.

Blockchain tech, on the other hand, is a transparent, distributed digital ledger, that is inherently secure. It has the promise to revolutionize many diverse sectors, including musical digital rights management, secure digital voting, storage of healthcare records, and digital ‘smart’ legal contracts – to name but a few applications. The blockchain is frequently referred to as a disruptive invention, even compared to the very invention of the internet itself.

While blockchain technology offers many advantages, including a high level of security against fraud, and potentially cost-effective transactions, it may not become a storming success and sweep the world off its feet as soon as you might think. As with most fresh technological innovations, it faces an uphill battle towards adoption.

Here are some of the current obstacles that are ‘blocking the blockchain’, as it were.

1. Energy wastage

Bitcoin and cryptocurrency mining are highly dependent on GPUs and ASIC miners for profitability. Anyone who has built a computer is aware that GPUs require a robust power supply to function, with a greater amount of power on tap being ideal for stability.

Also note that the security of the Bitcoin blockchain is obviously critical, and must mean that any effort to defraud the system isn’t worth the while, as that effort would be better directed at simply mining the next Bitcoin, as this would be more profitable.

Now, as of December 6, 2017, the energy consumption of Bitcoin mining reached 32.36 Terawatt-hours per year, which is a ridiculous amount of power, and is actually higher than the energy usage of 159 individual countries according to one estimate.

With all this in mind, maintaining data in a blockchain – and keeping it intact and free of fraud – is an inherently energy-inefficient process. In the current era of 6W processors for laptops, deep sleep states for electronics, and solar panels, all aimed at greater energy efficiency and independence, the high energy consumption of blockchain technology and virtual currency mining flies in the face of this.

2. Data woes

Generally speaking, the internet is fairly efficient when it comes to the transmission of data. The user requests information, and the server transmits back the piece of data requested with only a small amount of additional data required to get it there.

However, the blockchain, in order for it to be preserved, as well as to prevent hacking, needs multiple copies distributed across many nodes. And the blockchain then requires a large amount of storage – for example, Bitcoin’s blockchain was nearly 150GB in size as of last month, and it’s getting bigger all the time.

Furthermore, transmitting so much data for the blockchain each time also consumes additional electricity, making the blockchain quite inefficient. In a time where efforts are being made to compress video further to decrease the data required for a download, blockchain’s bulkiness makes little sense.

3. Time for adoption

While blockchain technology may ultimately work for some sectors, its wider adoption may be a sluggish process, particularly when it comes to industries which are notably set in their ways.

Some sectors – like legal and healthcare – have only just started to move away from paper records, and in some cases still maintain them as backups. They are unlikely to jump to a cutting-edge solution such as the blockchain overnight.

The technology will need to clearly demonstrate advantages and gain a proven track record before this happens, and that could potentially take decades. After all, remember that stock markets held onto their old ticker tapes in the 1970s, after using them from 1867, and the last telegram in the world was sent in 2013.

4. Centralized may be a good thing

Bitcoin was developed to be a decentralized cryptocurrency that allows for peer-to-peer transactions. However, this can be a disadvantage, such as when governments cannot track funds easily, and risk losing on the tax side of the equation (which may, potentially, mean that the average taxpayer ends up paying more). It also makes things more challenging when users experience fraud, and recovering funds can be difficult.

5. Slow transactions with cryptocurrency

Some tout Bitcoin as the future of currency, and the promise is that peer-to-peer transactions can happen in a fast and cost-efficient manner that can compete with traditional credit cards.

However, Bitcoin transactions are painfully slow, with transactions occurring at the glacial pace (at least in the world of finance) of multiple hours for each transaction in some cases. One of the current reasons for this bottleneck is that each transaction has to be confirmed by six miners.

Obviously enough, this process needs to be sped up significantly for Bitcoin to realistically become a true rival to established methods of buying goods.

6. Private problems

Many of the advantages of the blockchain come from its public use – anyone can download the entire blockchain, and mine for additional currency, which democratizes this process.

It also keeps it immune from hackers – with such a large legitimate group dedicated to mining, any fraud attempts would effectively have to ‘out-mine’ the miners, a process that would take a colossal amount of computing power for a popular cryptocurrency. This type of blockchain is known as a public blockchain.

So what about a private blockchain? Well, the same blockchain tech can be applied as a storage medium, and if a company doesn’t want anyone to download the entire blockchain – and no one is going to mine it – then this is kept as a private blockchain. It is also held in a handful of private nodes, rather than distributed across thousands of public nodes as is the case for a public blockchain.

With a private blockchain, while it is more carefully controlled, and far less likely to be hijacked or hacked, it also flies in the face of the whole fundamental idea of this technology – losing the advantages of transparency and wider distribution that make the blockchain tech intriguing in the first place.

Article published on TechRadar

Targets and benefits of ITP

Today it’s almost impossible to find organizations of any size not using information technology (IT); moreover, the smaller the company the more it relies on automation or IT services. It is both a powerfull tool for business and, if not properly managed, a certain source of risks and hidden costs.

IT specialists inside organizations are expensive and should not be on payroll if IT is not the core business of the company, but even in those cases, outsourcing is a common practice; the task of harmonization of services and assets is impossible when relying on outsourcing for IT without previously defining criteria and policies for the matter. These policies must address company’s business rules and specific operational needs. Nonetheless, it’s a common bad practice in small organizations to bend company operations and processes to adopted software or services instead of all the way around. Fortunately, IT market is full of possibilities and an accurate selection of tools is the best recommended practice.

The Business IT Alignment

All companies and situations are different, but every company that uses computers, email, the internet, and software on a daily basis should have IT policies in place: these policies apply both for employees and IT sub-contractors and provide a vision and strategy for such an important asset as technology. Without an internal IT policy the company is subject to the risk of adopting vendor or third-parties policies implicitly. An important secondary benefit of owning an IT policy is the control and indipendence it grants from vendor strategies and vendor-lock-in practices that must be avoided.

Solving these important risks, saving costs, granting business-centric priority and indipendence is what we call the “Business IT Alignment“.

Target and control

Employees need to know what is expected and required of them when using the technology provided by their employer, and it is critical for a company to protect itself by having policies to govern areas such as personal internet and email usage, security, software and hardware inventory and data retention. It is also important for the business owner to know the potential lost time and productivity at their business because of personal internet usage. Contractors, on the other hand, must operate within the frame of customer’s IT policies for granting security, compliance, operations and, quality.

With Baermann

Although it seems a difficult task it is not indeed when relying on Baermann indipendent approach to the problem and it’s fundamental for yielding the much need of reliable systems working properly on a daily basis. Baermann helps customers to define these policies minimizing or eliminating unnecessary risks and hidden costs while putting business needs in the right priority of importance.

Guidelines

Without written policies, there are no standards to reference when both sticky and status quo situations arise, such as those highlighted above. So, what exactly are the IT policies? There are six areas that need to be addressed, for each area specific guidelines will be documented:

1. AUT – Acceptable Use of Technology: guidelines for the use of computers, telephones and mobile devices, internet, company and external email services, voicemail and the consequences for misuse.
2. Security: guidelines for passwords, levels of access to the network, internet navigation policies, anti-virus policies, data confidentiality, and storage and usage of data.
3. Disaster Recovery: guidelines for data recovery in the event of a disaster, and data backup methods.
4. Technology Standards: guidelines to determine the type of software, hardware, and systems will be purchased, supported and used at the company, including those that are prohibited.
5. Network Set up and Documentation: Guidelines regarding how the network is configured, how to add new employees to the network, permission levels for employees, and licensing of software.
6. IT Services: guidelines to determine how technology needs and problems will be addressed, who in the organization is responsible for technical support, maintenance, installation, and long-term technology planning.