Tackling security in an IoT world

Featured

eepublishersPublished by EE Publishers on 20 September 2016

The internet of things is here – and it is bigger than we could have imagined – is your business ready?

The internet of things (IoT) is undeniably one of this century’s biggest phenomena in terms of ubiquitous impact and, while the implications associated with this technological wave are varied, one of the most crucial – if not the most crucial of these – centres around security.

Type the words “IoT and…” into your Google search engine bar, and one of the first phrases that comes up in the dropdown menu is “IoT and security”, says Leon van der Merwe, head of digital at customer communications firm PBSA. Security is a huge concern for businesses when it comes to this emerging network of connected things. Even with the strides made in cultivating a secure internet, this vast entity is just not 100% secure.

By nature, he says, the internet is arguably impossible to fully secure – and is becoming considerably more complex as the human race starts connecting everyday hardware devices. “We are basically building an internet of any and everything.”

And, contrary to common belief, South Africa is not playing catch-up to such an extent that local businesses need not be concerned. The IoT may not be as mainstream in South Africa as it is in other, developed countries, but it is fast heading that way. Any business that even remotely values its security would be making a grave mistake by not heeding the red flags inherent in the IoT.

In fact, according to a recent International Data Corporation (IDC) report – The Internet of Things in Africa – the market for connected devices in the country will account for $2-billion of the global total value ($1,7-trillion) by 2020. As for the continent as a whole, the research firm says Africa is likely to house around one billion connected devices by the turn of the decade.

A 2015 survey revealed that 33% of South African enterprises are planning major and/or significant investment in IoT over the next three years.

Unprecedented power

We know the IoT is set to explode – globally and on our own doorstep – but we must also consider, when taking security measures, the immense power this thing denoting a connected future holds.

The World Economic Forum (WEF) designates the IoT part of the “Fourth Industrial Revolution” – an era of technological advancement characterised by ubiquitous, mobile supercomputing. Klaus Schwab, founder and executive chairman of the WEF, says the possibilities of billions of people connected by mobile devices, with unprecedented processing power, storage capacity, and access to knowledge, are unlimited.

These possibilities will be multiplied by emerging technology breakthroughs in fields such as artificial intelligence, robotics, the IoT, autonomous vehicles, 3D printing, nanotechnology, biotechnology, materials science, energy storage, and quantum computing.

Given the enormous impact the IoT will have on businesses’ security, Van der Merwe believes local companies need to take security far more seriously. Many of the larger, security-conscious organisations take their security very seriously, but they don’t necessarily have the right strategies in place. When it comes to the so-called midstream businesses in South Africa, these generally have very poorly managed security policies, if any.

Access management

But where does one start when it comes to tackling this giant, looming phenomenon? At ground level, at one of the very core aspects of your connected devices – accessibility.

One of the products PBSA’s software arm, pbDigital, advocates is identity and access management (IAM). IAM outsources all require security requirements to run on the latest international identity and access management on one centralised solution.

Contact Leon van der Merwe, PBSA, Tel 011 516-9459, leon@pbsa.co.za

Delta State tackles land ownership with SA tech

Featured

itologo

Published by IT-Online on 29 June 2016

 

Nigeria’s oil and agricultural producing state Delta State makes a major breakthrough in land title acquisition using new digital signature technology.

New, locally-developed, digital signature technology sits behind a major breakthrough for Nigeria’s Delta State government, which kicks off its “Fast Track 90” scheme – a new digital system for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed – thanks to a system written by pbDigital, a division of South African customer communications firm PBSA.

Delta State governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property in Delta State, Nigeria’s oil and agricultural producing state.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” says Okowa.

The solution was positioned as having significant benefits for Delta State, including much faster turnaround times, considerably reduced C-of-O fees, security surety and, ultimately, increased investment in the state

Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents.  The system is an end-to-end solution for issuing these documents.”

The software system features four main fully integrated platforms:

* Certificate Creator – a platform to import the variable data of the citizen that appears on the certificate.

* PDF and QR Code Creator – a platform that produces the digital certificates, each with its own unique QR code for printing.

* Digital Signature Workflow – a platform that allows the certificates to go through a digital approval and sign-off process.

* Certificate Manager – a platform that gives management full visibility throughout the certificate creation, sign-off and post certificate management processes.

Certificate verification

The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Although developed for Delta State’s new C-of-O scheme, pbDigital’s digital certificate software can be used in any process involving the issuance of printed documents in need of future verification. “The software speeds up business processes, digitises workflow – creating a full audit trail – and completely eradicates fraud,” Van der Merwe adds.

SA tech underpins Delta State’s ‘Fast Track 90’ system

Featured

itweb africa logo

Published by ITWeb Africa on 29 June 2016

 

Nigeria’s Delta State has launched the ‘Fast Track 90’ digital system designed for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed, claims pbDigital, a division of South African customer communications firm PBSA, and the company that developed the technology behind the digital system.

Delta State Governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” said Okowa.

Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents. The system is an end-to-end solution for issuing these documents.”

Certificate verification

The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Nigeria: Delta State tackles land ownership bane with SA tech

Featured

ITNewsAfrica_logo

Published by IT News Africa on 28 June 2016

 

New, South African developed digital signature technology sits behind a major breakthrough for Nigeria’s Delta State government, which kicks off its “Fast Track 90” scheme – a new digital system for the acquisition of legal titles for landed property.

Historically an onerous process fraught with bottlenecks, bureaucracy and prone to fraud, the issuance of Certificate-of-Occupancy (C-of-O) to property owners in Delta State will, going forward, be fast tracked to 90 days and fraud-proofed – thanks to a system written by pbDigital, a division of South African customer communications firm PBSA.

Delta State Governor, Senator Ifeanyi Okowa, unveiled the Fast Track 90 scheme at the end of March, saying one of the biggest hindrances to investors was the high cost and delays associated with acquiring the legal titles to landed property in Delta State, Nigeria’s oil and agricultural producing state.

“Fast Track 90, an innovative policy of this administration designed to enhance ease of business in the state, has been initiated to overcome the bottlenecks that have become a recurring decimal in obtaining C-of-Os, it will take a maximum of ninety days for land owners to obtain their C-of-Os from the Ministry of Lands and Surveys and the new system is fast, transparent and in line with global best practices,” said Okowa.

The solution was positioned as having significant benefits for Delta State, including much faster turnaround times, considerably reduced C-of-O fees, security surety and, ultimately, increased investment in the state.

The tech behind Fast Track 90
Fast Track 90 relies on a software platform – recently developed specifically for the project – which connects to PBSA’s High Security Module Cloud Server infrastructure in South Africa. The solution is a hybrid, digital certificate issuing and verification solution for certificates that also need to be printed on paper.

Leon van der Merwe, head of pbDigital, explains: “Smatforms, a channel partner of PBSA in Nigeria, approached PBSA for a solution to digitise the paper-based issuing process for Delta State C-of-O documents. The solution-platform is built on pbDigital’s cloud technology that uses state-of-the-art cryptography to embed digital signatures in PDF documents.  The system is an end-to-end solution for issuing these documents.”

The software system features four main fully integrated platforms:

  1. Certificate Creator – a platform to import the variable data of the citizen that appears on the certificate.
  2. PDF and QR Code Creator – a platform that produces the digital certificates, each with its own unique QR code for printing.
  3. Digital Signature Workflow – a platform that allows the certificates to go through a digital approval and sign-off process.
  4. Certificate Manager – a platform that gives management full visibility throughout the certificate creation, sign-off and post certificate management processes.

Certificate verification
The printed certificate that is issued to the citizen contains an embedded QR code, explains Van der Merwe. “When the QR code is scanned with any generic, free QR code scanner using an online smart device, the original electronic document is opened from a secure cloud location. The electronic version of the document and the printed paper copy presented by the citizen can be compared and must have exactly the same content.

“The authenticity of the electronic document can also be verified by using a free version of Adobe PDF Reader to verify the signatures.

“The digital signatures on the document that were applied by the official authorities when the document was produced, carry X.509 personal cryptographic properties. During the verification process, these signature properties will have the verified personal information and Adobe AATL (Adobe Approved Trust List) certificate information embedded in each digital signature.”

Although developed for Delta State’s new C-of-O scheme, pbDigital’s digital certificate software can be used in any process involving the issuance of printed documents in need of future verification. “The software speeds up business processes, digitises workflow – creating a full audit trail – and completely eradicates fraud,” concludes Van der Merwe.

Making sense of a digital web of data

Featured

eepublishersPosted by EE Publishers on 23 February 2016

There is a myriad of digital data being generated on a daily basis, with bring your own device (BYOD), social media and the internet of things (IoT) becoming increasingly prolific as internet users progress in what is referred to by local research firm World Wide Worx as the “digital participation curve”.

For companies, making sense of it can be a headache, not to mention a major drain on resources. What follows are some of the challenges – and possible solutions – around security issues that should be top of mind in today’s business environment.

It has been a constant battle for the past two decades to ensure a secure internet and, although massive advancements have been made, the internet is still not 100% secure. As we start connecting hardware devices that control things like domestic and business security systems, smart devices, personal fitness devices, tracking devices and electrical appliances – to name a few – the situation will only become more complex.

The hardware appliance is the weakest link – no matter what it is – so the hardware device needs to be built to accommodate security features like encryption, multi-factor authentication and password strength validation.

BYOD boom

While BYOD indisputably brings with it a number of benefits for companies, it also comes with its fair share of security concerns. Organisations that permit BYOD can benefit from a reduced investment in hardware and enable employees to be more mobile and have 24/7 access to network resources.

On the flip side, the possibility of jeopardising company data is a reality that cannot be overlooked. This can be caused by lost or stolen devices, insecure applications, unauthorised access by non-employees and the fact that devices can connect to company networks over insecure wireless networks.

Interlinked with BYOD is IoT – a relatively new phenomenon bringing with it similar challenges. Although IoT is not a mainstream reality in South Africa as yet, it is said to be rapidly heading that way. IoT will become a reality in South Africa without doubt. Every time our devices become smarter and faster, we move forward towards a fully connected IoT.

While growth offers a lot of opportunities, IoT, in essence, is still not mature, or secure. Adding millions of new devices, billions of lines of code, along with more network infrastructure to cope with the load, will create a new set of challenges, probably far exceeding those of the past two decades.

Despite this, it is believed that local businesses do not take security seriously enough. Even though larger, more security-conscious organisations like banks take security very seriously, they do not necessarily align their security strategies to accommodate for future demands or what the impact of their security strategy has on customer experience. So-called midstream businesses in South Africa generally have very poorly managed security policies, if any.

IAM solution

In both instances of BYOD and IoT, security is key, but this does not mean that businesses need to have specialised security needs.

One of the products in PBSA’s software division, pbDigital, advocates is identity and access management (IAM). IAM outsources all required security requirements to run on the latest international identity and access management on one centralised solution.

IAM is a customer-centric identity and access management solution that empowers users to manage their own identities, enabling the organisation to reduce customer care costs by automating the identity processes.

IAM improves customer convenience with verified social identities and provides strong, multi-factor authentication for business-critical transactions. In other words, IAM takes care of centrally managing the identities of online users, eliminating the need for organisations to spend time and recourses on manually managing user access to their networks.

This is one of the means that companies can use to address the security challenges they face amid the burgeoning of data-intensive phenomena like BYOD and IoT. IAM is designed to centrally manage hundreds of thousands – even millions – of identities, devices and their associated access to multiple networks, which is simply not doable with physical customer service or manually managed security.

IAM involves linking the correct person (device owner) to the device. The second application is managing the access rights the device has to one or more networks, and the third is encrypting the channels of communication between the device and the various networks. All of these instances are centrally managed by IAM.

IAM is one of a range of solutions companies can employ to protect their digital empire, says Van der Merwe, and security can not be ignored by companies operating in today’s digital world.

Weak security when it comes to BYOD and IoT in the workplace will affect the confidence of consumers and organisations. This, in turn, will slow the process down until strong security is adapted and users and organisations can enjoy the benefits of IoT confidently and securely.

Contact Leon van der Merwe, PBSA: leon@pbsa.co.za / Tel: 011 516 9459

PBSA unveils new digital signature technology

Featured

itologoPosted by IT Online on 17 February 2016

Up to 80% paper resources reduction, an 80% decrease in power consumption, up to 90% time savings and a largely reduced usage of petroleum and diesel are all reasons PBSA (formerly Pitney Bowes SA) has launched digital signing and electronic workflow solution SignFlow.

This is according to PBSA business development manager and SignFlow co-founder Leon van der Merwe, who notes the software product – “a first in South Africa” – has now officially launched, following its BETA release in October.

This comes three years after PBSA introduced digital signatures into South Africa with its CoSign digital signature solutions. Van der Merwe says the advantage of the solution was immediately evident. “We saw the potential to drastically cut down on costs associated with printing.” He adds that about 80% of businesses’ printing is as a direct result of the need to archive and wet-ink sign documents.

But while the CoSign solution solved the problem of businesses having to print, sign, scan and email documents for signing, it did not solve the problem of documents having to be signed by multiple parties, notes Van der Merwe.

He says this is where SignFlow plugs the gap. “SignFlow was designed, using the latest X.509 cryptographic digital signature technology, to workflow documents to multiple parties that all need to sign or action a document.

“[This means] the document originator/owner can, by using SignFlow, automatically and sequentially distribute any document to multiple parties to legally sign a document through an intelligent workflow system or from any popular document management platform like Microsoft SharePoint Online or Office 365.

“By signing documents electronically with SignFlow, the electronic version of the document becomes the original,” explains Van der Merwe. “This has a huge impact on archiving of documents as it is not required at any stage to print these documents for long term archiving.

Extensive application

“The amount of money and time that businesses spend on getting documents approved and signed is staggering. Signflow bridges this gap by offering a secure digital signature workflow solution so powerful, it eliminates all the inefficient, costly processes relying on print, scan, fax, email and courier completely.”

PBSA’s SignFlow product is designed to benefit any business that signs documents or has others sign documents, contracts, mandates, agreements, etc, with the main verticals to have benefitted thus far being the financial, auditing, engineering, legal and government sectors.

While the solution has seen interest and “extremely positive” feedback primarily from the corporate world, consumers stand to benefit just as much, says Van der Merwe. “Every consumer in South Africa that has ever been asked to sign a document will benefit,” he says, citing the end of brick and mortar banks and the need to print, scan and email or fax documents as obvious advantages. He adds that there is no cost to the consumer to sign documents using SignFlow.

Ultimately, he says, PBSA would like to see every individual consumer, as well as business and government department in South Africa having access to this technology.

All-round impact

Should this goal be realised, Van der Merwe says, the implications would be immense.

According to The Paperless Project – a grassroots coalition of companies focused on transforming the way organisations work with paper and electronic content – the world produces over 300 million tons of paper each year.

“This will eradicate the need for anyone to print documents for signing ever again. [As far as the environment is concerned], this would mean paper usage in a business being cut down by up to 80%, while power consumption [will be reduced] by 80% on the devices (printers, copiers, scanning machines, etc.) that are being used to produce paper documents.”

On a macro scale, he adds, documents would be able to be electronically distributed anywhere in the world, so there would be no need for courier services – which in turn would mean reduced usage of petroleum and diesel.

On the IT infrastructure side, universal adoption of the technology would mean a significant reduction of file replication. “At present, a document in need of four signatures is typically printed and scanned four times, but it is also emailed eight times, which means there are eight different versions of the document. With SignFlow there is always just one instance of the document.

“In addition, not having to print, scan and courier documents would result in an estimated time reduction of up to 90%, noticeably increased business efficiency and an easy means of tracking progress.”

According to a survey by UK-based research company YouGov, the UK’s SMEs waste over £42,2-million per day in revenues just looking for documents.

Local tech

SignFlow comprises two core technologies, both of local origin. The cryptographic public key infrastructure was launched by PBSA in South Africa in 2014 and forms the core X.509 cryptographic infrastructure that allows users to sign digitally in SignFlow.

Secondly, the SignFlow platform itself was 100% developed in South Africa by South African developers in partnership with Jena Solutions using the latest Microsoft .Net technologies.

Speaking about the challenges of launching a new technology, Van der Merwe says – as with any new technology – the market takes time to get to understand the technology. “The technology has an impact on legal, infrastructure, security and business departments within a corporate environment, so all these departments need to be involved in the decision to implement the solution, which is something that takes time.

“We are a pinnacle point in South Africa, where the realisation of the benefits have become the new driving force, rather than just seeking latest tech.”

PBSA unveils digital signature tech

Featured

itweb_logo_smlPosted by ITWeb on 16 February 2016

PBSA, a provider of customer communication solutions, has introduced a digital signing and electronic workflow solution, in an effort to boost paperless offices.

SignFlow is cloud-based software that reduces the need to print documents to obtain signatures, says PBSA (formerly Pitney Bowes SA). It utilises cryptographic technology to apply verifiable, personal digital signatures to documents, it says.

This comes three years after PBSA introduced digital signatures into South Africa with its CoSign digital signature solution.

But while the CoSign solution solved the problem of businesses having to print, scan and e-mail documents for signing, it did not solve the problem of documents having to be signed by multiple parties, says Leon van der Merwe, PBSA business development manager and SignFlow co- founder.

He says this is where SignFlow plugs the gap. It was designed for workflow documents that need multiple parties to sign or action a document.

According to Van der Merwe, the software product has now officially launched, following its beta release in October.

He says the solution is focused towards a paperless SA and solves one last important and complicated part of digitisation of documents – the signature.

He says the drive to go paperless in most businesses is hampered by the need to obtain a signature on the document.

“This, up to now, had far-reaching consequences as it is not so much just the cost of the paper, but rather the far-reaching costs and environmental impact of processing the paper.”

Van der Merwe points out the amount of money and time businesses spend on getting documents approved and signed is staggering.

“Signflow bridges this gap by offering a secure digital signature workflow solution. It eliminates all the inefficient, costly processes relying on print, scan, fax, e-mail and courier completely.”

According to The Paperless Project – a grassroots coalition of companies focused on transforming the way organisations work with paper and electronic content – the world produces over 300 million tons of paper each year.

BMI-TechKnowledge says printing on paper is costing the taxpayer around R2.3 billion per annum, says Van der Merwe.

This is largely due to paper-based processes or digital processes that still break out into paper at some point, he adds.

He believes SignFlow, together with a good culture to drive paperless initiatives in organisations, can reduce this cost with as much as 80%.

SA definitely seems to be taking longer to adapt to a truly paperless environment, says Van der Merwe. “Our culture to want to touch what we read is definitely still very much a part of doing everyday business – this needs to change.”

Van der Merwe points out turning a paper-based process into a digital one requires commitment and buy-in from all stakeholders.

“It’s truly only a change in culture that is the hardest challenge. We are so used to handling paper, it has become ingrained in our ways and we don’t think about the consequences of using it.”