Category: Steps forward

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.

Related: Countering Putin’s weaponizing of ransomware

The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return —  to validate the applicant — generates a fee for the phone company which it shares with the affiliate.

This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of text messages sent to seemingly legitimate users.

As a solution, Arkose Labs aims to increase the cost of attacks, making them less profitable for the fraudsters.

Guest expert: Kevin Gosschalk, CEO, Arkose Labs

Their technology detects malicious actions and offers differing levels of challenges, based on a risk threshold. They also provide their customers with threat intelligence that can be used to prevent attackers from profiting. For a full drill down on our discussion, please give the accompanying podcast a listen.

This is one more example of cybercriminals cleverly exploiting the flaws in a convenient business process. It surely won’t be the last. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Tel Aviv, Israel, June 19, 2023– Radiflow, creators of the leading OT network cybersecurity platform CIARA, continue to see budgetary pressure as a main driver in prioritizing OT Cybersecurity projects. This has created opportunities for more partnerships across the OT Cybersecurity sector, resulting in greater flexibility and coverage in the analysis of OT networks.

CISOs of OT operational facilities, such as production plants, utility operations, critical infrastructure, and logistics centers, are facing a hostile environment where outdated machines are susceptible to attack for financial gain or political statements. In response, Radiflow recently released CIARA 4.0, focusing on illuminating the vulnerabilities of all network devices and mapping of the recommended security controls using a breach attack simulation (BAS) engine.

Radiflow has partnered with industry leaders to feed greater data into its analytics platform and provide quick risk assessment insights to help CISOs optimize and justify OT security budgets despite the overall pressure for budget cuts. One such major integration is with Awen Collective to conduct in-depth asset discovery for critical infrastructure networks. Awen Collective provides Dot, an OT Asset discovery tool with a lightweight nature that can be deployed in a scalable way on portable devices in distributed OT networks. The in-depth assets map generated by Dot can now be uploaded into Radiflow’s CIARA to perform a data-driven risk assessment and quickly provide accurate risk scoring for large industrial enterprises.

Farrow-Lesnianski

“The OT cyber security industry is maturing and better serving the needs of our critical infrastructure, manufacturing, and defense organizations by working collaboratively to deliver better solutions,” said Jules Farrow-Lesnianski, Co-Founder & CEO of Awen Collective. “Providing in-depth visibility of traditionally hard-to-reach OT networks using Dot to Radiflow’s CIARA significantly increases our client’s ability to quickly and accurately quantify and mitigate OT cyber risk.”

Another partnership is with Atrinet Networks, a provider of a Network Management System (NMS). The NetACE tool of Atrinet can query a multitude of network infrastructure devices and generate a map of the assets in the network for the Radiflow CIARA tool without requiring the configuration of a span port in the OT network switches, thus simplifying the initial risk assessment exercise.

Barda

“Partnering across the industry allows us to pool together previously unidentifiable data, enabling greater automation across the full OT network,” said Ilan Barda, Co-Founder & CEO of Radiflow. “Relieving CISOs of tedious visibility gathering tasks grants them an extensive view to quickly deploy large-scale OT Cybersecurity operations.” These capabilities bring them in line with automation and continuous threat analysis which are being increasingly required in the dynamic market landscape.

To support the sector’s growth, Radiflow has opened offices in Spain, Germany, the Czech Republic, the Netherlands, and Italy, overall tripling its EMEA sales team in the last 9 months.

Miami, Fla. – June 20, 2023 –  ThriveDX, the leader in cybersecurity and digital skills training, today announced the official launch of its new Cyber Academy for Enterprise. This innovative solution, part of the company’s Human Factor Security suite, empowers organizations to reskill and upskill employees for cybersecurity positions while also attracting diverse external candidates, simultaneously addressing the growing talent and diversity gaps in the cyber industry.

Cyber Academy for Enterprise is more than a cybersecurity training program – it’s a complete solution that enables businesses and government agencies to cultivate their internal talents while simultaneously attracting diverse external candidates for cybersecurity positions.

Designed for an end-to-end cybersecurity learning journey, the program offers pre-training screening, intensive training, and post-training matching to facilitate an efficient talent acquisition and development process.

“The cybersecurity talent shortage and lack of diversity, is one of the biggest challenges of human resources and cybersecurity leaders. Effective reskilling of employees demands considerable investment, and recruiting diverse talent requires a comprehensive understanding of organizational needs to properly align candidates with open positions,” said Roy Zur, CEO of ThriveDX Enterprise.

“Our Cyber Academy for Enterprise creates unprecedented educational opportunities for all, irrespective of their background or skill level,” Zur continued. “It not only aids in talent acquisition from outside the company but also facilitates the reskilling and upskilling of current employees, fostering an environment of continual learning and development.”

Zur

The global shortage of cybersecurity talent and the skills gap continue to widen, with more than 3.5 million unfilled cybersecurity jobs worldwide. Eighty-percent of organizations attribute one or more recent breaches to a lack of cybersecurity talent and skills within their company.  At the same time, the industry suffers from a lack of diversity. The Cyber Academy for Enterprise targets both these issues, offering a robust platform for building cyber skills and enhancing diversity within the industry.

Holistic training

The academy offers a holistic training experience, with rigorous learning supplemented with access to virtualized cyber labs and challenges. Overall, trainees have an opportunity to access 1000+ hours of immersive learning and hands-on practice, ensuring they are thoroughly prepared for real-world cybersecurity scenarios. Key advantages of the Cyber Academy for Enterprise include:

•Access to over 1000 hours of immersive, hands-on training, adhering to globally recognized cybersecurity education frameworks such as the National Initiative for Cybersecurity Education (NICE) and National Institute of Standards and Technology (NIST).

•Real-world simulations on a skills-based learning platform, providing trainees with exposure to current threat landscapes.

•A comprehensive curriculum, offering diverse cybersecurity modules tailored to various career tracks.

•Access to a network of 1000+ professional cybersecurity trainers

•Pre-training screening to identify high-potential talent, offering an objective comparison of candidates and unbiased talent assessment.

•Data-driven post-training matching, enabling optimization of both internal and external recruitment practices.

•Partnership option to run the academy in conjunction with leading universities, providing graduates with a university certificate.

ThriveDX’s Cyber Academy has been implemented and deployed with global universities, enterprise, MSSPs, non-profits, and government agencies to broaden access to cybersecurity training and employment opportunities across all regions.

“We aim to democratize access to cybersecurity education, allowing anyone, regardless of their technical background, to embark on or advance a cybersecurity career. Having already reskilled more than 60,000 learners globally into cybersecurity and related positions, we now provide organizations with the tools to attract, develop, and retain diverse talent, educated in the latest cybersecurity technologies, and capable of mitigating enterprise risk,” Zur added.

For more information and to request a demo please visit thrivedx.com.

About the company:  The ThriveDX team is composed of military-trained cyber experts, industry veterans, and seasoned educators united in the mission to close the worldwide skills and talent gap in cybersecurity, and encourage diversity, equity and inclusion across industries.

# # #

Cambridge, Mass., June 15, 2023. The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Secure Payment Confirmation (SPC) enables merchants, banks, payment service providers, card networks, and others to lower the friction of strong customer authentication (SCA), and produce cryptographic evidence of user consent, both important aspects of regulatory requirements such as the Payment Services Directive (PSD2) in Europe.

Publication of Secure Payment Confirmation as a Candidate Recommendation indicates that the feature set is stable and has received wide review. W3C will seek additional implementation experience prior to advancing this version of Secure Payment Confirmation to Recommendation.

Customer authentication

For the past 15 years, e-commerce has increased as a percentage of all retail sales. The COVID pandemic appears to have slightly accelerated this trend. Improvements to in-person payment security and other factors have led to ongoing increases in online payment fraud.

To combat online payment fraud growth, Europe and other jurisdictions have begun to mandate multifactor authentication for some types of payments. Though multifactor authentication reduces fraud, it also tends to increase checkout friction, which can lead to cart abandonment (cf. for example, Microsoft merchant experiences with SCA under PSD2).

In 2019 the Web Payments Working Group began work on Secure Payment Confirmation to help fulfill Strong Customer Authentication requirements with low checkout friction. Stripe conducted a pilot with an early implementation of SPC and, in March 2020 reported that, compared to one-time passcodes (OTP), SPC authentication led to an 8% increase in conversions at the same time checkout was 3 times faster.

W3C continues to receive feedback about Secure Payment Confirmation through pilot programs, including a second experiment by Stripe. The Web Payments Working Group anticipates more experimental data will be available by September 2023.

Industry collaboration

Telford-Reed

In the Web Payment Security Interest Group, W3C, the FIDO Alliance, and EMVCo pursue improvements to online payment security through the development of interoperable technical specifications. Secure Payment Confirmation reflects this collaboration: it is built atop Web Authentication and is supported by both EMV® 3-D  Secure (version 2.3) and EMV® Secure Remote Commerce (version 1.3); see the Web Payment Security Interest Group’s publication How EMVCo, FIDO, and W3C Technologies Relate for more details.

Secure Payment Confirmation is not just for card payments. The Web Payments Working Group regularly discusses how SPC might be integrated into other payment ecosystems such as Open Banking, PIX (in Brazil), as well as in proprietary payment flows.

“Making it easy for people to pay for things online while improving security has been the vision of our working group since we started in 2015,” said Working Group co-Chair Nick Telford-Reed. “Secure Payment Confirmation means that for the first time, there will be a common way of authenticating shoppers across payment methods, platforms, devices and browsers, and builds on the success of W3C’s Payment Request and the work of both the FIDO Alliance and EMVCo.”

Secure Payment Confirmation

Secure Payment Confirmation adds a “user consent layer” above Web Authentication. At transaction time, Secure Payment Confirmation prompts the user to consent to the terms of a payment through a “transaction dialog” that is governed by the browser; the Chrome implementation of the transaction dialog is shown above. The transaction details are signed by the user’s FIDO authenticator, and the bank or other party can validate the authentication results cryptographically, and thus that the user has consented to the terms of the payment (a requirement under PSD2 called “dynamic linking”). EMV® 3-D Secure and other protocols can be used to communicate the authentication results to banks or other parties for this validation.

SPC is currently available in Chrome and Edge on MacOS, Windows, and Android. During the Candidate Recommendation period the Web Payments Working Group will seek implementation in other browsers and environments.

About W3C: The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C well-known standards HTML and CSS are the foundational technologies upon which websites are built. W3C works on ensuring that all foundational Web technologies meet the needs of civil society, in areas such as accessibility, internationalization, security, and privacy. W3C also provides the standards that undergird the infrastructure for modern businesses leveraging the Web, in areas such as entertainment, communications, digital publishing, and financial services. That work is created in the open, provided for free and under the groundbreaking W3C Patent Policy.

W3C’s vision for “One Web” brings together thousands of dedicated technologists representing more than 400 Member organizations and dozens of industry sectors. W3C is a public-interest non-profit organization incorporated in the United States of America, led by a Board of Directors and employing a global staff across the globe. For more information see https://www.w3.org/.

Media Contact: Amy van der Hiel, W3C Media Relations Coordinator w3t-pr@w3.org +1.617.453.8943 (US, Eastern Time)

# # #

Back in 2002, when I was a reporter at USA Today, I had to reach for a keychain fob to retrieve a single-use passcode to connect remotely to the paper’s publishing system.

Related: A call to regulate facial recognition

This was an early example of multifactor authentication (MFA). Fast forward to today; much of the MFA concept is being reimagined by startup Circle Security to protect data circulating in cloud collaboration scenarios.

I learned about this at RSA Conference 2023 from company Co-founder and CEO Phani Nagarjuna, who explained how Circle extends the use of encryption keys fused to biometrics and decentralizes where copies of the keys are stored. For a full drill down, give the accompanying podcast a listen.

Guest expert: Phani Nagarjuna, CEO, Circle Security

According to Nagarjuna, Circle’s technology places a small agent on the endpoint device. This facilitates the creation of an asymmetric key pair and a symmetric AES256 key. Together these keys authenticate the user’s identity and enable secure and private access to cloud-stored data and resources.

Access to cloud-stored files can then be shared widely. But only authorized individuals, with proof of identity originating from their authenticated device, can open the files. All access attempts get audited using a built-in distributed ledger, allowing policy enforcement and quick remediation.

This iteration of my old-school keychain fob thus eliminates the need for usernames and passwords while much more robustly protecting sensitive data, Nagarjuna asserts. How much traction will it get? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The inadequacy of siloed security solutions is well-documented.

Related: Taking a security-first path

The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing.

At RSA Conference 2023 I visited with Elias Terman, CMO, and Sudarsan Kannan, Director of Product Management, from Uptycs, a Walthan, Mass.-based supplier of “unified CNAPP and EDR ” services.

They described how Uptycs is borrowing proven methodologies from Google, Akamai, SAP and Salesforce to harness normalized telemetry that enables Uptycs to correlate threat activity — wherever it is unfolding. Please give a listen to the accompanying podcast for a full drill down.

Guest experts: Elias Terman, CMO, Sudarsan Kannan, Director of Product Management, Uptycs

Kannan described how Uptycs technology platform was inspired by Google’s dynamic traffic monitoring, Akamai’s content distribution prowess and Salesforce’s varied use cases based on a single data model, to help companies materially upgrade their security posture. The aim, he says, is to think like attackers, who certainly don’t operate in silos.

Terman offered the analogy of a “golden thread” stitching together varied threat activities and serving as a cloud security early warning system. The entire value chain is thereby protected, Kannan added, from the developers writing the code to automated connections to critical cloud workloads.

Terman detailed how Uptycs’ platform, indeed, touches everything within the modern attack surface and, in doing so, breaks down legacy silos and facilitates  better security outcomes.

This is part and parcel of the helpful dialogue that will carry us forward. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour.

Related: Tapping hidden pools of security talent

Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them. This problem, called ransomware, explains why keeping backups is so important. Hijackers’ demands lose power when you can just recover your operations from backups.

Cyberattacks can also lead to a loss of productivity. When your team can’t do their work because they don’t have access to the systems or these are unavailable, everything gets delayed and projects fall behind.

Finally, don’t forget the bad press that results for businesses when they are hacked. This isn’t the kind of exposure you want for your brand.

Compliance

If your organization is privy to confidential data, then you’re in charge of protecting it, and the law will hold you accountable for doing so.

The penalties for failing to protect this data can be steep. Depending on the type of information businesses lost and how they tried to protect it, they can be fined up to five percent of their revenue.

Sugar

If the hacked businesses can show they’ve been trying to protect data by investing in security, then fines become less likely. Keep remediation costs in mind. If your organization has wrongfully released information, then you may have to pay for credit protection for people whose private information was compromised.

Best practices

Just two easy technology fixes can help protect against a lot of cyberattacks: multi-factor authentication and deep e-mail scanning, in which incoming emails are automatically screened to avoid phishing and problems. Toward that end, products like Microsoft Defender for Office can help.After that, businesses and organizations should monitor and manage how employees can access sensitive data. Limit availability as much as possible, ensuring people can only see it on a need-to-know basis.

This information should also only be accessible from trusted areas or from areas that relevant staff should be in. Set up rules that employees can only use this information from whatever country you’re doing business in. When staff members travel, keep in mind the minimum travel time. If someone asks for information in Toronto and then again in Texas only an hour later, a security alert should go off, and their access should be blocked. It’s not possible to fly across North America that fast.

As a general rule, all organizations should have a secure operation center as well as a security incident management tool that’s either run internally 24 hours a day, seven days a week, or outsourced to a partner who provides managed-security services. If your business hasn’t been investing a lot in cybersecurity, then the top practice you should implement is tying a monitoring or detection service to a managed-security services provider.

Security awareness training

Finally, employees are arguably the most important piece, so everyone at your organization should be thoroughly trained on best practices to protect data on an ongoing basis.

In particular, workers need to judge accurately whether or not to click on something, understanding that they shouldn’t trust every message that comes to them. If they have a hunch something isn’t right, they should pick up the phone to verify things or else go talk to the IT team.

Businesses and organizations should always assume someone’s trying to breach them. Smart business leaders choose to be proactive and manage the risks by staying current with cybersecurity solutions. Quite simply, investing in cybersecurity is a standard cost of doing business today.

About the essayist: Eric Sugar is president of ProServeIT, an Ontario, Canada-based vendor that supplies managed IT services, custom software development, and technology consulting services advantage to companies of all sizes in all industries.

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense?

Related: Security sea-change wrought by ‘CMMC’

This would fit nicely with the ‘stronger together’ theme heralded at RSA Conference 2023.

WithSecure is one cybersecurity vendor that is certainly on this path. I had a lively conversation at Moscone Center with CEO Juhani Hintikka and CTO Tim Orchard all about something they’re championing as “outcome-based security.” In sum, this refers to the notion of correlating the mix of security tools and services a company has at hand much more directly with precisely defined business targets.

“We actually need to integrate cybersecurity with the business goals of the enterprise,” Hintikka observes.

WithSecure isn’t a startup; it’s the rebranding of Helsinki-based F-Secure, which has been around since 1988 and is well-established as a leading supplier of endpoint security and threat intelligence.

Guest experts: Tim Orchard, CTO, and Juhani Hintikka, CEO, WithSecure

Hintikka and Orchard argue for a more collaborative style of security services; for a drill down on our conversation please give the accompanying podcast a close listen.

The efficacy of this approach, they told me, is proving out in the success WithSecure is having with its customers, especially mid-sized companies. “In Germany, which is famous for mid-market companies, we seamlessly integrate our MDR service on top of our customers’ legacy systems, working alongside their teams,” Hintikka told me. “It’s truly a joint effort.”

The maturation of managed security services continues. There should be plenty more to come. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Email remains by far the no.1 business communications tool. Meanwhile, weaponized email continues to pose a clear and present threat to all businesses.

Related: The need for timely training

At RSA Conference 2023, I learned all about a new category of email security — referred to as integrated cloud email security (ICES) – that is helping companies more effectively keep email threats in check.

I met with Eyal Benishti, CEO of IRONSCALES, a supplier of ICES tools and cybersecurity training services. For a full drill down on our conversation, please give the accompanying podcast a close listen.

Phishing is still the main way bad actors slip into networks; and Business Email Compromise (BEC) attacks can instantly translate into crippling losses.

Guest expert: Eyal Benishti, CEO, Ironscales

Successful attacks slip past legacy security email gateways (SEGs) and even past the newer ‘cloud-native security’ controls that Microsoft and Google have embedded Microsoft 365 and Google Workspace. These filters look for known bad attachments and links.

ICES solutions vet the messages that slip through. IRONSCALES, for instance, applies natural language processing technology to identify patterns and flush out anything suspicious. And its complementary security awareness training modules encourage employees to participate in isolating anything suspicious that leaks into their inboxes.

“The security gateways and cloud-native security controls look at content but that’s not enough,” Benishti observes. “You also need to look at context; both perspectives are needed.”

It’s clear that layers of protection, along with better-trained employees, have become table stakes. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

One meeting I had at RSA Conference 2023, was a briefing about a  new  partnership, announced this morning, between a top-rung Silicon Valley tech giant and the leading provider of digital trust.

Related: Centralizing control of digital certificates

I had the chance to sit down with Deepika Chauhan, DigiCert’s Chief Product Officer, and Mike Cavanagh, Oracle’s Group Vice President, ISV Cloud for North America. They walked me through a partnership that gives their joint customers the option to deploy Oracle Cloud Infrastructure (OCI) combined with  DigiCert ONE. Here are a few of my takeaways:

Seeds of the partnership

In 2017, DigiCert acquired and commenced reviving Symantec’s PKI business. This was all part of the Lehi, Utah-based vendor’s efforts to support enterprise cloud migration and the rise of IoT systems, which were both gaining steam.

This ultimately resulted in the 2020 roll out of DigiCert ONE, a new platform of tools and services aimed at “embedding digital trust across the board within the enterprise and between all parts of the cloud ecosystem,” Chauhan says.

Back in Silicon Valley, Oracle was playing catchup. Amazon had introduced Amazon Web Services in 2006 and Microsoft Azure became commercially available in 2010. Oracle launched OCI in October 2016.

Cavanagh

As a latecomer to the hyperscale data center market, Oracle focused on its heritage of helping large enterprise customers securely and efficiently run their mission critical systems and applications, Cavanagh told me.

“We went out and hired engineering talent from our competitors, gave them a clean slate and tremendous executive commitment,” he says. “We told them, ‘If you had a chance to build a hyperscaler where security, performance, and high availability were priorities, with our enterprise customers in mind, what would you do?’ And that was the design point we gave them.”

Extending ‘digital trust’

As DigiCert and Oracle separately headed down these paths, digital transformation shifted into high gear and massive interconnectivity built off of wide distribution of ephemeral APIs took center stage.

In the past, APIs mainly connected users to websites and mobile apps. But APIs have come to be relied upon to hook company networks into AWS,  Azure and Google Cloud resources as well as to enable wide-open, rapid-fire software development practices, i.e. DevOps and CI/CD.

This highly dynamic, intensely complex operating environment has translated into an exponentially larger attack surface. So it was a natural progression for traditional PKI solution providers to extend digital certificates and PKI — the tried-and-true form of authenticating and securing digital connections – into this realm of hyperconnectivity.

DigiCert launched DigiCert ONE to innovate a more holistic approach to digital trust, Chauhan says, and the company has continued to innovate on that platform.

Today, DigiCert is focused on defining standards for digital trust, global compliance and operations, she says. This includes centralizing management of digital certificates and PKI across software supply chains, edge devices, remote users and evolving digital ecosystems.

“We understand the problem our customers need to solve,” Chauhan told me.  “Our focus has been on reducing the risk of business disruption, protecting attack surfaces and delivering identity-based digital innovation with ease.”

Late mover advantage

As DigiCert was innovating in the digital trust space, Oracle’s engineers filled their blank slate with a meticulous plan to distribute leading-edge  hyperscaler services globally — much more nimbly than Amazon, Microsoft or Google.

They divided the planet into 55 “public cloud regions” spread across 22 nations on five continents. The plan called for well-equipped, optimally sized hyperscaler data centers to be put on the ground near where demand could be anticipated.

Today Oracle delivers OCI services from 41 data centers in locales like South Africa, Spain, Serbia, Colombia, Paris and Chicago; secondary facilities are in the works for Chile, Saudi Arabia, Mexico and Singapore.

“We can quickly roll out new data centers and deploy all 300 OCI services across each of those data centers,” Cavanagh says. “Our vision is to open up small to medium sized data centers in as many strategic geolocations as we can, based on input from our customers, and then scale those data centers out over time as the demand increases.”

Honoring data sovereignty

Name any business use case: banking, retail, healthcare, government, military, entertainment, elections. They’re all becoming increasingly dependent on hyperconnectivity. Oracle’s global deployment of OCI services clearly gives its customers more flexibility by giving them the option to deploy DigiCert’s digital trust platform.

Chauhan

With this partnership, DigiCert, which also operates regional data centers, gains an expanded capacity to localize the delivery of its DigiCert ONE platform to more locations outside of the U.S. This is a very big deal because of the “data sovereignty” rules emerging in Europe and the Middle East that require cloud-centric services to physically remain inside national borders, Chauhan observes.

To account for data sovereignty, Oracle has set up “sovereign cloud regions” in Germany and Spain to meet new data privacy rules.

“Oracle already is an undisputedly a leader in enterprise security with a software stack that now has jurisdictional sensitivity, as well,” she says. “If you combine a digital trust offering like ours with a really scalable infrastructure that you can take to any country, any region and provide services across different verticals, that’s a real strength.”

This is yet another terrific example of “stronger together.” I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)