“A great overview by Gigster CEO Chris Keene on how the gig economy is transforming work in the enterprise by making it more customer-centric and high performance. Don’t miss the stories of companies actually doing this.” Dion Hintchcliffe, Vice President and Principal Analyst, Constellation Research
As software continues to eat the world, companies must find ways to build more innovative teams. For these companies, The Future of Work is here today. How companies reshape the way they engage digital talent will have a huge impact on their ability to innovate. Here are six ways digital leaders are creating The Future of Work now. 1. Remote workers and work from home teams are the new normal The best talent is not always located where you are. Even within a company, silos can prevent the right people from working on the most critical innovation projects. Making it possible for team members to work remotely is the only way to liberate talent across the company. This is also the only way to source critical skill gaps that are not available inside the company, like AI/ML engineers. Supporting distributed teams calls for adopting a common set of processes and collaboration tools, including Slack, Github and Jira. 2. Hybrid teams beat monoculture teams Innovation requires a diverse mix of talent. The most innovative teams blend in-house employees who have industry context with expert global talent who have advanced technical skills. This is the opposite of the traditional systems integration model that outsources innovation. Hybrid teams also have the value of helping companies build in-house skills by working side by side with expert freelance talent. 3. Elastic Staffing beats fixed staffing Many companies adopt agile team processes but staff teams inefficiently — they follow a fixed staffing model that allocates each role as a full-time position for the duration of a project. This is only half agile. Because it makes experimentation too expensive to try, and reduces employee mobility and satisfaction. Compare this to Elastic Staffing, which allocates resources based on the workload for each project phase. For example, developers can join a project after the detailed design is complete, and technical architects may only be needed part time. Elastic Staffing can reduce the total hours to deliver innovative products by over 50%. 4. Employees want to be treated more like freelancers Top employees want the freedom and flexibility to choose how they work and what they work on. This doesn’t have to require radical organizational changes. For example, applying the Google 20% rule, where workers can choose their own projects 20% of the time, can boost morale and build skills. This lets more senior employees peer review deliverables from other projects to reduce risk. It also helps more junior employees grow by being exposed to new business and technology challenges. 5. Freelancers want to be treated more like employees Top freelancers want stability and work benefits without sacrificing their flexibility. Companies that learn how to work effectively with freelancers will have their pick of the best global talent. This includes setting up projects for success with distributed teams, incorporating advanced technologies, and providing predictability for freelancers that helps them plan effectively. In California, laws like AB5 are beginning to mandate providing more benefits for freelance workers, and putting them more on par with the benefits that full-time employees receive. 6. Automated team and talent assessments are here Technology will ultimately reshape jobs, but today, technology is reshaping talent ratings. Every collaborative tool – from Slack, to Jira, to Github – has open APIs that can automatically collect data about the productivity and quality of work being produced by people and teams. Tools like Pinpoint can collect this data. Applying analytics to this data enables the creation of “karma scores” by person and by team, to provide objective and trusted evaluation of skills. Examples of The Future of Work today A global telco created hybrid teams that mix in-house staff with top global experts to accelerate their machine learning and predictive analytics initiatives. They manage these distributed teams following Silicon Valley best practices and have been able to deliver new applications that leverage AI up to twice as fast as traditional in-house development teams. One of the world’s largest digital agencies created an entirely new digital transformation business unit using hybrid teams that blend employees and global freelance talent. This approach enabled them to onboard over 100 engineers in less than six months, with minimal recruiting costs. Summary The Future of Work describes a cultural shift that companies must adopt to grow their innovation capacity. The pace of those changes is accelerating as more companies adopt new work from home rules that support remote workers. Companies that embrace a Silicon Valley-style culture of innovation can become more customer-centered, more able to tap new talent pools, and to dramatically reduce risk. Author Bio: Chris Keene As CEO, Chris drives Gigster’s vision to de-risk digital innovation. Chris was previously VP Cloud for VMware, where he led the $400 million Pivotal spinout. Chris also founded and took public Persistence Software (NASDAQ:PRSW)
0 Comments
Written by Derek Goodman Regardless of your niche or the scope of your brand, the coronavirus has likely had a significant impact on business. Fortunately, though times are tough for companies both large and small, there are steps you can take toward widening your client market. Here’s what you need to know. Local Is Never Really LocalFrom advertising online to tapping into new markets, even small, local businesses are going global. To compete, you’ll need to step up your efforts.
Photo via Rawpixel For more information, Small Business Survival Guide to Combat COVID-19
Written by Ena Kadribasic on Security•
The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products. Companies now have advanced B2B payment solutions at their fingertips, and online financial solutions have never been more convenient - largely thanks to the progress made by fintech startups. But, despite being on the cutting edge of digital financial products, young fintech companies are at a disadvantage in a wildly important arena: data security. Table of Contents What is Data Security? The Importance of Cyber Security in Fintech Data Security Challenges Faced by Fintech Startups Modern Fintech Data Security: Trends and New Innovations With limited resources, growing compliance regulations around the world, and a constantly-evolving list of increasingly dangerous cyber threats, fintech startups face a uniquely difficult uphill battle. And, with data breaches continuing to leer as an ever-present security threat, fintech firms are turning to new and advanced approaches to data privacy. But, first, what do we mean when we talk about data security for startups? What is Data Security?Data security is the process of protecting digital assets - like information stored in a database - from unauthorized access by unapproved actors. When we refer to data security, we’re simply talking about the set of standards and technologies that protect your business’ data. These days, data security is a fundamental aspect of IT at any modern organization. From encryption and tokenization to cloud storage, data security technologies run a wide spectrum - and a number of advances have been made in recent years. This progress has been in response to, though not quite as speedy as, the growing sophistication of large-scale cybersecurity threats - like data breaches. In the healthcare sector, for example, Black Book Market Research found that 96% of healthcare IT professionals agreed that data security attackers are outpacing their medical enterprises. Healthcare data breaches will cost the industry $4 billion by the end of the year. Next year, by Black Book’s estimates, will be even worse. And that’s just the healthcare sector. Organizations from all industries are vulnerable to data breaches - especially in the age of ID verification, endless online payment methods and 1-click purchasing. Even multinational tech giants have fallen prey, in extremely public ways. Yahoo just reached a $117.5 million class-action settlement with the victims of its infamous 2016 data breach. That announcement came on the heels of a $700 million settlement that Equifax reached to deal with the aftermath of a 2017 data leak that exposed the Social Security numbers of almost 150 million consumers. We could keep going down the list - data breaches happen, and they happen to organizations with ample resources invested in information security. What about smaller organizations? The Importance of Cyber Security in FintechFinancial technology companies have revolutionized the way that consumers bank, how startups reach their customers and how businesses all over the world can run more smoothly. Fintech investments took off in the past five years - providing us with simple alternatives to slow, conventional financial solutions. Advances in the industry has brought us instant P2P payments, purely-online banking, seamless B2B solutions, innovative lending approaches and products that many businesses and consumers can’t even imagine living without at this point. But the global fintech ecosystem’s consistent growth, potency and complexity make it inescapable that some solutions won’t be secure enough to guard against sensitive data exposure. It’s likely that these vulnerabilities will keep getting identified by attackers, then exploited. This is a harsh reality that modern businesses are realizing - and starting to invest against. We can see this when we look at application security spending. Businesses are pouring money into protecting their applications and the data flowing through them. According to Market Research Future (MRFR), the worldwide application security market is expected to reach a staggering $9.64 billion by 2023 - up from just $2.56 billion in 2017. That’s an annual growth rate (CAGR) of 24.95%. Within this market, SMEs are estimated to be the fastest growing investors in application security, when broken down by type of organization. Unfortunately, when it comes to data privacy and protecting sensitive information, fintech startups face a unique set of challenges that make growing their core business an even more difficult endeavor than it already is. Data Security Challenges Faced by Fintech StartupsIn the world of securing sensitive data and avoiding data breaches, younger organizations in the fintech space have it especially hard. Why is that so? 1. Reliance on sensitive user information These days, fintech and data analytics go hand-in-hand. From robo advisors to AI-powered saving apps, data-driven technologies have been at the heart of the fintech revolution. With fintech products deeply intertwined in modern retail banking, asset and wealth management, capital markets and insurance, organizations in this space are inevitably going to have to handle and store sensitive information from your users. From ID verification to processing credit card payments, large volumes of sensitive data will make its way onto the databases of fintech organizations. The mere possession of such sensitive consumer information puts them both at risk of sensitive data exposure and places them within the scope of any number of data privacy laws. 2. New, updating and evolving data privacy laws The nature of how fintech startups do business make it so that a lot of sensitive data hits their systems, which attracts the interest of government regulators - who are increasingly focused on protecting consumer data. In the last few years, governmental regulatory institutions around the globe have started to take greater steps in protecting the rights of consumers when it comes to their personal information. From Europe’s General Data Protection Regulation (GDPR), effective since 2018, to the soon-to-be-implemented California Consumer Protection Act (CCPA), businesses are suddenly needing to juggle compliance certifications for new regulatory frameworks. Not only that, but fintech companies that accept or process credit card transactions have already been saddled with the burden of needing to maintain compliance with PCI DSS - a set of requirements that are aimed at preventing credit card fraud. 3. Limited resources for securing personal data To successfully prevent data breaches and - simultaneously - meet the complex requirements set forth by legal frameworks like the GDPR, the CCPA and PCI DSS, you’re going to need a team of information security experts and compliance specialists that can create data flow maps, secure your networks and sensitive data storage solutions, ensure that you’re meeting regularly compliance rules… the list goes on. Conglomerates have the resources to put towards a large-scale data security effort, but fintech startups have much less at their disposal. 4. Increasingly sophisticated cyber threats As mentioned above, even some of the most widely-recognized tech brands have suffered from data breaches. From increasingly sneaky malware to highly-targeted phishing attacks, which skyrocketed 250% higher last year, there are simply too many ways for threat actors to gain access. It just takes one team member on the wrong end of a phishing campaign to trigger a sensitive data exposure event - which can ruin a startup-stage business overnight. And it’s not just unauthorized malicious actors that fintech startups need to be worried about, as there are threats coming from all angles - even some unexpected ones. According to Verizon’s Insider Threat Report, 57% of database breaches involved some kind of insider threat from within an organization. Add that to the possibility of accidental sensitive data sharing and ransomware attacks, and covering all your bases becomes a costly and complex endeavor. Modern Fintech Data Security: Trends and New InnovationsThankfully, advances in the realm of data security have sprung up in recent years, helping relieve much of this pressure faced by fintech startups that need to secure their sensitive data. From tokenization to data encryption, fintechs have employed a number of tried-and-true data security methods. Even with innovative approaches like these, however, data breaches are still a probable threat. If sensitive data is stored in your database, there is a chance it will be exposed, and there are several avenues through which this could happen. Fortunately, VGS has been securing fintech startups’ sensitive data for years using a next-generation data security approach that enables businesses to evade storing sensitive information on their systems altogether - while still enabling businesses to reap all the benefits of the original data. This approach is called data aliasing, which is a technique that redacts sensitive information in real-time and replaces it with a synthetic data alias, enabling organizations to offload their data security responsibilities entirely by keeping the original data off their systems. Businesses simply put their data security burden in the hands of VGS, which takes care of all sensitive data collection, storage and transfer on their behalf. With their systems significantly freed from sensitive data, businesses’ data security and compliance scope is drastically minimized - enabling them to spend time focusing on innovating their products instead of designing a complex data privacy policy. This article was originally posted on Very Good Security.
How To Use Social Media To Market Your Event from Total Event Resources
How To Create A Corporate Travel Policy from Planemasters
A bizcation is business trip that turns into a mini-vacation by extending the stay or making some time throughout their trip to take in the local sites and culture. It appears that more and more business travelers are considering bizcations. If you are, here are some tips on how to make the most of your bizcation.
Running a business in the digital age is no easy feat. This is especially true nowadays, when consumer data security is at the forefront of the conversation.
Data breaches have hit even some of the biggest multinationals out there, enabling the exposure of sensitive user data and compromising the privacy and trust of their customers. When it’s payment card data that leaks on a large scale like this, the damage goes far beyond consumer confidence. Table of Contents
Individual customers’ financial lives can be severely hurt when their sensitive data gets into the wrong hands. That’s why it’s incredibly crucial to secure cardholder data, which is what PCI DSS aims to do. Like many compliance programs, the Payment Card Industry Data Security Standard (PCI DSS) is designed to ensure a more stable and secure vendor, which leads to a more reliable payment card industry overall. PCI DSS ensures that you, your fellow merchants, and all the stakeholders in the payment card industry are held to a rigorous industry standard for security. But what about your business - do you need to be PCI DSS compliant? If you store, process, or transmit cardholder data, the short answer is yes, but let’s go over a few things for you to understand exactly why this data security regulation is so vital and why it’s so important for your business. What is PCI DSS?All merchants and service providers that process payment card information must comply with PCI DSS, which is a set of controls and obligations that reduce the likelihood of cardholder data being compromised. To put it simply: PCI DSS is a set of requirements that businesses who touch payment card data must follow as part of an industry-wide program against credit card fraud and loss. The most recent DSS version from the Security Standards Council (SSC), which is a consortium of payment card brands like Visa and MasterCard, contains 12 requirements that merchants and service providers must implement. A dozen boxes to tick doesn’t sound too difficult, right? Not so fast: within these 12 requirements are hundreds of sub-requirements. Installing firewalls, encrypting cardholder data, performing patch management and maintaining traceable records are just a few of the requirements for PCI DSS compliance, many of which are complex and can require an entire cross-functional team to tackle. Some of these requirements may be especially difficult for smaller organizations to meet, particularly without any expert help. Who needs to comply with PCI DSS requirements?So, how do you know if your business needs to worry about attaining and maintaining compliance? PCI DSS applies to any organization, without regard to size, value, or number of transactions, if that organization collects, transmits, maintains, or transfers cardholder data. Anyone who transacts a major brand card such as American Express, Discover, MasterCard or Visa must comply with the PCI DSS requirements. In other words, if payment card data touches your network at any point, you must comply. For smaller organizations out there, the journey to reaching full PCI DSS compliance without any help may seem incredibly daunting - but failing to fulfill the requirements can and does lead to hefty consequences. What happens when you don’t comply with PCI DSS?Like GDPR and CCPA requirements, non-compliance is not an option for PCI DSS requirements. While it is technically not a law, like GDPR and CCPA both are, businesses agree to adhere to PCI requirements when they engage in any activity related to the payment card industry. Failure to comply with PCI DSS could cost you dearly, particularly if you ever have a breach of payment card data. The penalties for non-compliance range from sizable monetary finesto getting your ability to process payment cards revoked - both of which can be detrimental for an early-stage company. These can be just the tip of the iceberg compared to the total financial harm caused by non-compliance. From there, businesses may have to pay to inform every individual impacted by the data breach, reissue cards, pay legal fees - the list goes on. The fines for non-compliance are just the start, and don’t even factor the brand damage a data leak causes and the loss of consumer trust that follows. Brand image is, in fact, one of the biggest vulnerabilities when it comes to data security. According to research from the Ponemon Institute, 61% of Chief Marketing Officers believe that the largest cost of a security incident is the erosion of brand value. Not only should you, as a business leader, want to maintain a secure cardholder data environment (CDE) for your customers, but you should also want to avoid the liability of not implementing these compliance requirements. The question, therefore, should not be “is PCI compliance mandatory” (it is), but rather “why would you take the risk of not implementing it?” Understanding that PCI DSS compliance is absolutely vital is the first step - but how would a business go about becoming compliant? The DIY approach to PCI complianceTo build a PCI compliant network you will, at a minimum, need to follow the following steps. Step one: Download and review the PCI DSS details from the Security Standards Council and study it. There are resources that will help you understand how to comply. Read through them and understand the challenges ahead. Step two: Conduct a risk assessment to determine the robustness of the controls and how you will mitigate the risks. Not every control applies to every environment. Use your risks to find the gaps you need to fill. It can be helpful to work with an expert for this step. Budget-busting solutions often exceed the needs of most smaller businesses, but untrained personnel often struggle to identify which controls do not apply, or how to compensate for them. Step three: Determine which of your current resources can be leveraged for one or more of the controls indicated by your risk assessment. Identify any gaps that will require new resources, including servers, routers, communication equipment, physical security, and full-time employees. Step four: Create a project plan with budget and timeline/milestones. Be careful with how long you take to get compliant, as your risks don’t drop until you are compliant. For many smaller businesses, this process will take 3-6 months, usually requiring significant consultation from experts as well as costly technology, including firewall(s), access control systems, vulnerability scanning services or tools, and more. Step five: Gather your resources and build or rebuild your network. It is likely you will need at least one full-time employee to manage your network for PCI DSS compliance. Step six: Test and verify that your controls reduce the risks you identified as expected. Controls do not always work as intended, since technology changes rapidly, so the method you chose a few months ago may have been circumvented in the intervening time. Step seven: Go live with your solution and hope it works as designed. It might not but you will tweak it until it does. Step eight: Have your system audited by a Qualified Security Assessor listed on the PCI Security Council website. You won’t really know how well you have done until you are audited (that is unless you have a breach, in which case, you did poorly). Step nine: Revise your controls or infrastructure based on the audit findings. Once all nine steps are completed, constant vigilance, testing and reworking are required on a regular basis. The human resources and funding required to complete all of the above is, unfortunately, out of reach for many younger companies. For this reason, many small-and-medium-sized organizations opt to work with a trusted third-party data security partner to manage all their PCI compliance needs. The easiest and fastest path to PCI complianceRather than have a cross-functional team undertake the arduous process of gaining PCI DSS compliance the DIY route, the fastest and simplest way to become compliant is to make sure payment card data never touches your business’ servers. But how can you possibly transact payment cards and run an online business without ever touching cardholder data? The solution is an innovative approach called data aliasing, during which sensitive user data - like cardholder information - is redacted in real time and replaced with a synthetic data alias so that none of the original data ever passes through your system. Data aliasing is the foundation of Very Good Security’s Zero Data solutions, which enable businesses to collect, store and transmit any sensitive data they want without ever coming into possession of it. This effectively removes most of your business systems from PCI DSS compliance scope, so your burden is drastically reduced - and your risk of data breaches plummets to almost zero. Very Good Security offers nearly instant compliance for smaller merchants and service providers upon integration. For organizations that are PCI Level 1, either because of transaction volume or because their bank or partners require it, compliance can be achieved in as few as 21 days. By taking the DIY path, the same result can take several months - after you’ve already poured a substantial amount of human and financial capital into securing your databases and processes. Very Good Security is a completely scalable solution that grows with your business, and can take your PCI burden off your plate almost entirely. Interested in descoping your company’s networks from PCI requirements and achieving compliance the simple way? Try a demo of VGS by clicking here. This article was originally posted on Very Good Security. |