Monthly Archives: October 2013

Britain’s banks told to draw up cyber-attack plans

Original story on finextra.

Britain’s financial institutions must put concrete plans in place over the next few months to deal with the growing threat of cyber-attacks, the Bank of England has warned.

Minutes of last month’s BofE Financial Policy Committee meeting reveal concerns that, with the cyber-threat growing, the financial system has “a number of potential vulnerabilities, reflecting its high degree of interconnectedness, its reliance on centralised market infrastructure, and its sometimes complex legacy IT systems”.

The Treasury is already working to assess, test and improve the UK’s financial system’s resilience to cyber-attacks, developing general guidance on best practice for banks.

The FPC has backed the “direction of travel” but says that the next step is for regulators to make sure that banks have concrete plans in place. Action plans should be ready by the first quarter of 2014, with progress report by the end of this year. The Bank of England will also “be reviewing its own resilience”.

Last month a top US banking regulator warned that more legislation may be needed in the fight against an ever-growing cyber-security threat which has seen bank Web sites come under repeated DDoS attacks in recent months.

To find out how best to draw up plans for these regulations, register for the Ovum and Incapsula webinar Effectively mitigating the largest and smartest DDoS attacks here.

Ovum says organisations investing in mobile enterprise apps will not be blown over by St Jude

London, 28 October, 2013 – As severe weather warnings continue across the UK, organisational productivity is likely to suffer as employees struggle to gain access to key business applications beyond email. This is according to global industry analysts Ovum, who believe that CIOs that embrace the need for mobile enterprise apps and cloud productivity apps will maintain productivity in the face of disaster, such as the arrival of the storm dubbed “St Jude”.

In a new report*, Ovum explains that when it comes to providing value to a business and reaping the benefits of the mobile consumerisation and BYOX trends, mobile enterprise apps will make the difference. Failing to provide employees with the right applications across the right range of devices will increase their inability to access to the tools and services they need on days like today, when conditions make it difficult for many to get where they need to be. It may also drive employees to engage in “bring your own app” (BYOA) activity – finding and using their own cloud productivity applications such as file sync & share and enterprise social networking – therefore exposing corporate data to security threats.

“Many employees are already using cloud file sync & share applications to share files and documents between their various devices, better enabling them to work wherever they are and no matter what device they have in front of them, whether a corporate-provided laptop or their own tablet,” says Richard Absalom, analyst at Ovum. “This may help in terms of letting them get on with their jobs, but if it is informal, unmonitored activity then it also presents a severe risk to businesses in terms of data protection. Giving employees access to services with similar functionality but business-grade security is key to any business continuity program. Going a step further and providing employees with enterprise mobile apps, specifically designed to let them perform core tasks beyond email and document sharing on their smartphones and tablets, will vastly improve mobile and flexible working practices.”

The growing demand to develop and manage these types of mobile enterprise applications is creating an opportunity for platforms and vendors in the enterprise mobility management (EMM) space – one that they are quickly seizing upon. Ovum expects many more businesses to start deploying them over the next 12 months, meaning events like St Jude will pose less of problem.


*The Case for Mobile Enterprise Applications

To arrange an interview or for more information, please contact: Claire Booty on +44 (0) 20 7017 7916, or email

Ovum’s Future of Work Summit on 21st November in London will address how to engage with and harness the mobile, connected employee to increase productivity. For a free press pass, or to speak to an analyst ahead of the event please contact

Ovum provides clients with independent and objective analysis that enables them to make better business and technology decisions. Our research draws upon over 400,000 interviews a year with business and technology, telecoms and sourcing decision-makers, giving Ovum and our clients unparalleled insight not only into business requirements but also the technology that organizations must support. Ovum is an Informa business.

Taking advantage of the human factor

Guest post from IBM Security Systems

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

No one doubts that social media is a valuable tool for business.  Unfortunately it is now a top asset for cyber-criminals too, playing a pivotal role in the way in which they reach their targets.  Initially seen as a rich source for gathering the intelligence required for more sophisticated attacks, nowadays attackers are using the psychology behind social media to gain and exploit users’ trust.

  • A single attack can influence the actions of millions of people in real-time as shown when a compromised trusted account sent out false information about explosions at the White House causing a “flash crash” of the US stock market.
  • If a Twitter account with millions of followers sends a link to an infected site the odds of some of those recipients clicking on the link are greatly increased.
  • By compromising a central site and using it to serve malware attackers are able to reach more technically savvy victims who might not be fooled by phishing attempts.

The only effective defence is awareness and education to understand the latest security risks and stay ahead of emerging threats.  Join the IBM experts at Ovum Identity & Access Management on 22nd October to find out what you can do to help keep your organization secure.

“IAM technologies are becoming threat-aware”: Executive Interview with Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems

Executive Interview with Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems who will be presenting in the keynote at Ovum Identity & Access Management Forum on 22 October.

Ravi Austin picIs the traditional use of Identity and Access Management (IAM) technology changing within an enterprise?

Yes.   With the rapid adoption of mobile, social and cloud-based services to expand the businesses and to collaborate with partners and consumers alike, the traditional use of IAM technology is changing to securely enable these transformations.  Traditionally, IAM technologies are deployed as operational management tools to help IT demonstrate compliance and support the internal risk programs.    Now, IAM technologies are viewed as key security controls, to help businesses improve assurance and strengthen the context in which access controls are determined and enforced across the enterprise.

How are IAM technologies evolving to safeguard the cloud, mobile and social interactions?

IAM technologies are becoming threat-aware. Cyber attackers target the weakest link within an enterprise – its people.  As organisations rollout new mobile apps or increase use of cloud-based services, they need to implement context and risk-based access to minimize the use of passwords to control access to business resources.   Organisations are also increasingly under pressure to not only authorise user access, but also inspect and block malicious content for affecting the business critical web applications and services.

Insider threat is on the spotlight.  What can organisations do to address the threats from insiders?

This is a challenging security issue for organisations around the world. Insiders are more than just administrators and root users with shared access. They can be employees with high risk access.  To tackle the insider threat, organisations are investing in privileged identity management that can manage and govern shared access and privileged user passwords, while auditing and recording the high risk session activities to address the growing insider breach and threats.

Continue reading


Infographic: How are you embracing innovation in spite of IT risks?

2013 INFOGRAPHIC-How-are-you-embracing-innovation-in-spite-of-IT-Risks

How can councils be effective online, and Public Sector Enterprise Insights

The Ovum events team will shortly be tuning into a live chat on the Guardian website, entitled How can councils be effective online, inspired by the Government’s Digital by Default Strategy. This ties in nicely with (a) a massive research initiative that Ovum has undertaken, and (b) an event that we’ve got coming up in March 2014, Public Sector Enterprise Insights.

The UK public sector spends c£45bn on goods and services annually, of which c£26bn is spent on IT. The UK is the most open public sector market in the world and the UK government is determined to broaden its supplier base and include SMEs.

The UK Cabinet Office has declared that it wants to bring spending on IT down to c£16bn so is looking for smarter value propositions from vendors and smarter purchasing from enterprises. Ovum has invested $1 million+ and 2,500 analyst hours in what we believe is the largest ever primary research program of 6,500 enterprise IT executives, in order to inform these smarter ways of working. With coverage of c.60 geographies, 17 industries and c.70 sub-industries its value is not just in its scale alone.

Asking the right questions is always the key and bringing together the creative input of over 20 of Ovum’s finest analysts as well as client input, we covered the crucial topics that those in Public Sector IT need to know. To give a feeling for the scope, the main areas covered include IT budget trends, technology investment priorities, decision-making criteria, vendor perception and industry-specific priorities.

The results of this research will be shared in London in March, co-located with our Transforming Health agenda. Public Sector and Enterprise IT professionals can claim a complimentary pass for the event.

Right, back to the Guardian live chat!

Safeguarding mobile, cloud and social interactions across the enterprise

Guest post from IBM Security Systems

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

The line between work and personal technology continues to merge as smartphones, tablets and other mobile devices proliferate. Although mobile employees can be more productive by working anytime and anywhere, doing so means they are accessing resources from outside the traditional network perimeter.  Traditional access and authentication controls are now no longer sufficient to safeguard the organisation. As cyber criminals become more sophisticated in their attack methods, so organisations need to be more diligent and proactive in protecting resources in a mobile environment. IBM has developed a portfolio of mobile security solutions that emphasize an adaptive approach to security that can help drive down costs, is secure and can keep up with today’s business climate.

The latest addition to the portfolio is IBM Security Access Manager for Mobile (ISAM for Mobile)

ISAM for Mobile protects access to enterprise resources by authenticating and authorizing mobile users and their devices. Available as either a virtual or hardware based appliance, ISAM for Mobile enables organisations to safeguard access points into the corporate network and enforce context-based access policies that define who and what can access protected resources. Highly scalable and configurable, the solution is designed to deliver a quick time to value and a lower total cost of ownership (TCO).

ISAM for Mobile provides a variety of capabilities for strengthening mobile security:

  • Enables secure user access to mobile and web applications with single sign-on, session management and context-based access control.
  • Improves identity assurance with flexible authentication schemes, such as one-time passwords and RSA SecurID token support ensure single sign-on is available from all access points in the network.
  • Enforces context-aware authorization using device fingerprinting, geographic location awareness and IP reputation scores.
  • Delivers seamless user and application security through integrations with IBM® Worklight
  • Provides actionable insights for reducing risks and demonstrating compliance through integration with the IBM® QRadar® Security Intelligence Platform

For more information on ISAM for Mobile visit our web site at

To learn more about protecting the organisation in a multi-perimeter world, come and hear Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems, present on Threat-aware Identity and Access Management during the keynote at Ovum Identity & Access Management on 22nd October.

How has the PPI scandal re-shaped business processes?

The PPI mis-selling scandal has rocked the banking industry in recent years, with an estimated £1.1bn having been paid out in compensation so far, and billions more set aside for future claims. This has a massive effect on the business process of banks and financial institutions, but also has a wider effect on all B2C organisations; an increasingly litigious population, able to feed back immediately to the world via social media (see the Twitter user who recently bought a Promoted Tweet to complain about British Airways), can hold enterprises to account publically. Therefore all companies need to make sure that their business processes are watertight: attending Business Process Management Forum will help you achieve this.

The day commences with a plenary session, featuring keynote presentations from experts including Oracle, Gary Barnett, Ovum’s resident BPM expert, and end users including BP. Session titles include:

  • BPM – the saviour of the CIO?
  • Does your process drive your people, or do the people drive your process?
  • BPM: demonstrating business value
  • BPM and the customer experience

The day then splits into two tracks: BPM Art, dealing with the business practices and excellence required to roll-out business improvement in your enterprise, and BPM Engineering, looking at the technical know-how required to foment better business process.

The day concludes with panel sessions covering The Place of BPM in enterprise architecture, and Trends to Watch for BPM in 2014.

Take a look at the full agenda at a glance here.

With support from Oracle, Appian, Estafet and IBM, and registrations from many delegates in the Financial, Public, Manufacturing, Utilities, Transport and Retail sectors, now is the time to secure your participation at the event next month. End-user enterprises can claim a complimentary pass for the event – claim yours today, and start looking forward to how Ovum and its partners can inform your business processes.

Are Passwords Dead? We Need a Better System Now

Guest post from IBM Security Systems.

IBM is Gold Sponsor at Identity and Access Management, taking place in London on 22nd October. Enterprise IT professionals can claim a complimentary pass for the event, here.

IBM Security Logo

According to the Verizon 2013 Data Breach Investigation Report, roughly 76% of all data breaches were enabled by weak credentialing and user authentication. We can therefore say that most – if not all – of our traditional security measures are doing little to close credentialing vulnerabilities. If that’s the case, then we need to discuss replacing them with something that does work.

Importantly, the location of the authentication transaction affects the risks, liability, convenience and economic feasibility for the service provider and consumer differently. Consider that there are effectively only two locations the user-authentication transaction can occur; on the device, and/or in the cloud.

Authentication on the device

Authentication on the device implies just that; processing the authentication of the user on the phone.  Many phone manufacturers contemplate including fingerprint sensors on the device to authenticate the phone user – presumably the entitled privilege holder associated with the credentials stored on the phone or in some data repository elsewhere.

Authentication in the cloud

Authenticating in the service provider’s cloud implies capturing the biometric data on the phone and securely retrieving or transmitting it to the service provider’s cloud, where the authentication transaction takes place.  In this case, the service provider could reduce risk by comparing user-authentication data, captured during applicant enrolment, to data of existing customers so as to negate dual enrolments and fraud.

To learn more about Threat-aware Identity and Access Management for a multi-parameter world, hear Ravi Srinivasan, Director, Strategy and Product Management, IBM Security Systems, present during the keynote at Ovum Identity & Access Management on 22nd October.

Read the full story