Eight critical use cases

As the retail industry continues recovering from the pandemic at a much more modest growth rate than in previous years, retail leaders are seeking new ways to prioritize customer experience. According to the National Retail Federation (NRF), 80% of shopping still happens in stores. But customers also demand omnichannel service and personalization to a degree not seen in previous generations. To meet these demands, retail leaders are turning to location-based marketing technology.

What is location-based marketing?

Location-based marketing (aka geospatial) technology is a set of tools for analyzing location data. Location-based technology leverages Global Positioning Systems (GPS), Geographic Information Systems (GIS), and Internet of Things (IoT) devices, such as cameras and sensors, to gain visibility into customer movements and behaviors.

This post will investigate eight use cases of location technology for retailers.

Also read: The future of retail: Securing app-driven stores

1. Location-based customer segmentation

Geographic segmentation divides customer bases by specific location demographics, i.e., country, state, county, city, or zip code. Regionally segmenting customers is helpful. However, it can overlook cultural nuances, especially in a population-dense area.

Geofencing and geotargeting take this concept down to a hyperlocal scale, zooming into a city, neighborhood, storefront, or area surrounding a storefront.

• Geofencing creates a virtual boundary around a specific area. Once inside the area, a customer may receive targeted promotions. For example, a customer who enters a geofence around a grocery store may receive a text message coupon or an in-app promotion.
• Geotargeting often incorporates geofencing but relies on additional customer data, such as behavior and interests, to further refine who receives promotions and messaging. Say a regional restaurant chain is launching a new vegetarian menu. Marketers could target customers with a city geofence and then further home in on vegetarians and healthy eaters. In other words, vegetarians within Cleveland would receive a series of promotions once they entered the city or geofenced region.

2. Foot traffic analysis and heat mapping

IoT sensors and cameras are revolutionary in generating real-time data that retailers can utilize to dive into the customer’s mindset. Additionally, retailers can draw on Wi-Fi and GPS beacon data to create heat maps (graphic representations of the most-visited versus the least-visited areas).

Retailers utilize heat maps and foot traffic analysis to:

• Plan store locations: ​​Measuring visits to a property, determining the trade area, or analyzing the audience’s demographics are some of the common uses of data to gain insights into a location’s visitors (more on this in section 3).
• Understand store traffic: Utilize geospatial data to analyze foot traffic patterns, peak visiting hours, and popular areas within stores.
• Visualize data: Identify hotspots and optimize store layouts, product placements, and promotional displays for better engagement.
• Experiment with product staging: Heat maps can help identify zones of interest and help you optimize planograms and displays to generate interest and sales.

3. Market analysis and site selection

Geospatial data provides valuable insights for businesses looking to assess market potential, understand consumer demographics, and optimize store site selection. Spatial analysis combines geographic and descriptive data from various sources and uses geographic models and visualizations to provide insights beyond traditional GIS frameworks. Companies can gain BI-based insights on individual stores, departments, and product categories by leveraging cloud computing, geospatial data, on-demand analytics, and rich reporting.

This strategy enables property managers to incorporate point-of-sale data into their selection and forecasting models and includes previously impractical data on urban storefronts, shopping centers, end caps or pads, parking, view corridors, and zoning.

4. Customer journey mapping

Mapping the customer journey from home to store or within a shopping center can help refine marketing strategies. Creating a visual representation of every customer engagement with a brand can help avoid potential issues, increase customer retention, and make informed decisions. The map can be used to train team members, present visual diagrams in company-wide meetings, include the sales team in the map assessment and review the map with the customer service team to reduce obstacles throughout the customer lifecycle.

Based on the insights from a detailed journey map, businesses can combine online and offline marketing efforts to drive foot traffic to retail stores, utilizing digital channels like social media ads, email campaigns, and local SEO to reach a wider audience. Meanwhile, traditional tactics like direct mail, print ads, and community partnerships can increase brand awareness and attract local customers. This creates a comprehensive marketing mix that maximizes reach and drives sales.

5. Proximity marketing and hyper-personalization

Utilizing geofencing and geotargeting allows retailers to trigger real-time personalized offers or notifications to customers’ mobile devices when they are in proximity to a store or specific location. Marketers combine location-based data with customer preferences to deliver highly targeted and relevant marketing messages, enhancing engagement and conversion rates.

Proximity marketing technologies include:

• Wi-Fi to collect data.
• GPS for geofencing.
• NFC for contactless communication.
• Bluetooth beacons to detect nearby devices and send location-based messages.

Proximity marketing offers tailored advertising, personalization, data collection, and app engagement. Real-time targeting delivers personalized advertising messages to the right audience at the right time based on data.

Personalization can increase revenue and conversions, improve customer lifetime value, reduce churn, and increase revenue. According to Boston Consulting Group, retailers with advanced personalization capabilities saw a consistent 25% increase in revenue, and a stunning 110% of customers are more likely to add more items to their basket if the experience is personalized.

6. Competitive analysis and benchmarking

Retailers utilize location-based marketing technology to analyze competitors’ locations and foot traffic patterns to gain insights into consumer behavior, helping refine strategies and stay competitive. They can also create performance benchmarks that compare store performance and consumer engagement metrics against competitors in specific geographic areas to identify areas for improvement.

7. Predictive analytics and forecasting

Retail predictive analytics is the practice of using historical data to anticipate customer behavior and make informed decisions. Use geospatial data in predictive analytics models to forecast future consumer behavior, enabling proactive decision-making and resource allocation.  Demand Forecasting predicts demand patterns based on geographic trends and consumer behavior to optimize inventory and supply chain management.

It’s essential to remember that the accuracy of retail analytics output directly depends on the quality of data used to generate it. Hence, it’s crucial to carefully evaluate the data sources before utilizing them for analysis.

8. Compliance and ethical data use

A majority of states in the U.S. have some data privacy laws in place with approximately a dozen states with comprehensive compliance regulations in place. Privacy regulations apply to all retailers, and strategies aim to protect customer data integrity, physical privacy of payment cards, deletion rights, unauthorized access, and customer information sharing. Policymakers must adjust their approach according to their business model and vulnerabilities.

Working with the right technology partner can ensure compliance with data privacy regulations when collecting and utilizing geospatial data, prioritizing customer privacy and consent in location-based analytics.

Additionally, retailers must maintain transparency with customers about data collection practices, ensuring they understand the value proposition and benefits of sharing location information. Implementing modern physical and digital security measures can improve customer trust and loyalty. A secure database is vital for retailers to maximize customer relationship management and identify business development opportunities.

Watch: Tech Talk: Building the “storefront of the future”

Putting it all together

In today’s retail industry, keeping up with the latest technology trends is crucial to stay competitive. However, for those not directly involved in the IT side, such updates can be disruptive to the day-to-day functioning of the store. Therefore, you must partner with an experienced technology provider who can help your team plan and implement location-based marketing tools and then seamlessly transition into a support or managed services role. By implementing cutting-edge technology, retailers can stay up and running smoothly, generating new avenues of revenue for the business.

At CBTS, we have years of experience working with all types of retail establishments. Contact us today to learn how we can help you improve your customer experiences and boost revenue with location-based technology solutions.

Today, networks are critical to successful retail operations. In modern retail, “everything is a computer connected to the Internet.” POS systems, scanners, Internet of Things (IoT) cameras and sensors, employee and customer mobile devices, and laptops connect to the Internet in modern retail storefronts. Retailers rely on these disparate systems to manage inventory and staff effectively, market to customers, and even monitor metrics such as foot traffic and shop time via IoT cameras. However, as network functionality in supporting retail technology and devices has improved, the attack surface has also increased. Each device represents a potential vulnerability.

In this post, we’ll review retail technology trends and highlight the key points from this recent tech talk focusing on the importance of retail infrastructure, specifically around the reliability and security necessary to modernize storefronts and propel them into the future.

Why is network security so crucial at the store level?

Trends in retail technology are heading towards integrated storefronts, or “smart” stores. In other words, almost every system relies on the network: self-checkout kiosks, POS systems, intelligent planograms, security, and even HVAC. That technology stack becomes necessary for whatever a company adopts.

Fortunately, over time, networking has moved away from slower and costly MPLS networking systems to virtualized SD-WAN that boosts network speed and reliability by relying on multiple transport channels. For example, a retail outlet may depend on numerous forms of broadband and 5G to ensure the system stays up and fast.

Networking has become much easier for retailers to administer. However, its importance and the impact of not performing at its peak are far more significant. That’s why retailers need access to the latest security tools. A bad actor can wreak havoc in an improperly secured network, and retailers bleed cash as they lose access to vital systems.

Additionally, scalability is a concern. Retailers need the ability to quickly, reliably, and securely onboard (or shut down) new store locations.

What considerations do retailers make when it comes to networking technology?

On the podcast, Justin and I worked through common thought processes when deciding on their technology strategies.

In Justin’s words, “If I need a flexible consumption model. I need a provider to have capital and operating expense versions of whatever I buy from a networking perspective. But even more than that is reliability—always-on networking, just like your power and water. It needs to be always on.”

Retailers must consider the “three P’s” when planning what technology to adopt next. People, Process, and Progress: The right people following the right process means your company will progress. Justin stresses that accounting for your goals in these areas is essential. Create a tech implementation strategy that will support those goals.

Another important consideration for retailers is the technology refresh life cycle. No technology investments will last ten years. Some years, the focus is on making infrastructure upgrades with capital expenditures, while others may take on an operational focus. However, any new infrastructure updates will take boots on the ground in the stores to install servers, sensors, and edge devices.

Read more: Cloud for retailers: Leveraging technology to increase sales revenue

SASE in the SD-WAN landscape

When considering the evolution of retail technology trends, bandwidth is an essential frame of reference. In the previous generation of networks, MPLS systems connected elementary functions and devices. MPLS was a private connection that had to backhaul traffic through retail headquarters and the company firewall.

Now, bandwidth has expanded to accommodate the complex functions of modern storefronts–self-checkout, customer wayfinding on personal devices, intelligent shelf plans, IoT devices, and AR-enabled functions like digital wardrobes. SD-WAN boosts bandwidth and creates higher reliability for these systems. However, security is crucial in this distributed environment. And that’s where SASE comes in. Secure access service edge (SASE) is the next step in the evolution of store networking. As CBTS defines it, SASE combines SD-WAN networks with Secure service edge (SSE) cloud-based security tools. One thing that SASE accomplishes is it moves the firewall to the Cloud.

The local area network in retail

Security is a crucial technology trend for retail local area networks (LAN). Handheld devices often aren’t password locked. Additionally, the high turnover and shift changes inherent to retail mean that devices and consoles have many users. I recommend securing retail scanners and devices using the following technologies and best practices:

• Zero-trust security.
• Network segmentation.
• Single sign-on.
• Identity access management and governance.

Sensors, including IoT devices, are the next security concern—all things currently deployed that require low latency or better coverage. 5G connectivity, private 5G CBRS (citizen band radio services), is taking over those handheld scanners. By using private 5G and low latency, networks need to build a mini data center in each store to handle all computing transactions. Therefore, retailers must focus their network on the edge compute stack now and into the near future.

Read more: LAN infrastructure from CBTS gives a boost to retail growth

Patch management

Because today’s stores are more connected than ever, patch management is urgent for securing emerging vulnerabilities and sensitive data, such as credit card information. However, neglecting patches across devices is an enormous vulnerability in the retail sector. The more locations a retailer has, the more attack points there are.

CBTS offers Patch Management as a Service, which offloads the tedious and challenging prospect of patch management from retailers. CBTS provides a service level agreement (SLA) of a guaranteed 95% success patch success rate for your devices. We typically see a 40–50% successful patch rate in retail. However, CBTS offers a 95% SLA, and our success rate averages closer to 97.1% as of last year. It’s a huge impact and gets patching off your plate.

Future-proofing your retail network

In today’s retail industry, it’s common knowledge that storefronts must keep up with the latest technology trends to stay competitive. However, for those not directly involved in IT, such updates can be disruptive to the day-to-day functioning of the store. It’s essential to have a future-proof network infrastructure that can help monitor and troubleshoot the store remotely without interrupting the daily operations.

Future-proof technology ensures that the store stays up and running smoothly and generates revenue for the business. Therefore, it’s crucial to work with a partner who can provide cutting-edge technology solutions while also being mindful of the store’s need for uninterrupted functioning.

CBTS is deeply experienced in working with every type of retail establishment. Get in touch to learn how to secure your storefront’s critical network.

Why we should all care and take notice

Over the last three to five years, there has been a steady increase in the number of legislative and regulatory rules in the cybersecurity and data privacy domains. These range from presidential executive orders and memoranda to new legislation at the federal and state level as well as new rules and guidance from governing bodies such as the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC).

The goal of this blog is to alert our readers to these legislative changes and their possible impacts on corporations and organizations. Over the coming weeks, we will supplement this information with specific reviews of key pieces of new legislation.

Why are we getting all these legislative actions?

Simply put, this uptick in “regulation” is a direct result of the rising tide of cybersecurity-related events and the impact on the U.S. people and economy. As the President stated in Executive Order 14028, “The cybersecurity threats… are among the most significant and growing issues confronting our Nation…[and] could cause significant harm to the national and economic security of the United States.” In other words, there is a real and present danger in the areas of cybersecurity and data privacy that could affect the economic health of the country.

These threats to cybersecurity and data privacy have touched all of us in some way. Bad actors have targeted or randomly taken down critical infrastructure systems such as the Colonial Pipeline and numerous hospitals and schools. The scientific evidence is very clear: the vast majority of these incidents would not have occurred if the impacted entities had basic and functional information security management programs in place. Effective IT hygiene—like regular, systematic patching of computer systems—can mitigate the risk significantly. The current legislative agenda clearly recognizes the fact that voluntary implementation of leading security practices has not been sufficient, and these new rules are starting to address that shortfall.

Read more: Essential security practices to protect your business

While much of the cybersecurity legislative activity is focused on protecting critical national infrastructure, these new regulations concern the energy sector; financial, food, telecommunications, and agricultural services; critical manufacturing; government facilities; the defense industrial base; and commercial facilities, including shopping, entertainment, and lodging. In our experience, few businesses are not part of the critical national infrastructure in some form or another. Likewise, few businesses are not concerned about cybersecurity and data privacy.

What are the various legislative and regulatory changes for 2023?

Executive Order 1428

In May of 2021, the President signed Executive Order 1428, Improving the Nation’s Cybersecurity, and it is noteworthy in that it requires specific actions from federal agencies. The most striking include the insertion of specific clauses in federal acquisition regulations that require the inclusion of cyber event reporting, and the provision of a software bill of materials (SBOMs) to reduce the risk of a compromise through the software supply chain. The order also requires the Cybersecurity and Infrastructure Security Agency (CISA) to define a zero trust architecture for use by federal agencies and sub-contractors. These measures are significant, as they will establish a new baseline minimum bar for cybersecurity and data privacy, which we expect to permeate outwards from federal business to general industry and other entities.

Cybersecurity Maturity Model Certification 2.0

The Department of Defense released its Cybersecurity Maturity Model Certification 2.0 (CMMC) in November 2021 as part of its DFARS 252.204-7019 and NIST SP800-171 rev2 requirements. The goal with CMMC 2.0 is to regulate data security practices through an assessment-based mechanism for the defense industry that processes or handles controlled unclassified information (CUI).

TSA Pipeline Security Guidelines

In July 2022, the TSA Pipeline Security Guidelines came into force. These require a risk-based security program for corporate information technology (IT) and operational technology (OT) networks—including supervisory control and data acquisition (SCADA) systems—that sets minimum standards for segregation of IT and OT systems as well as the ability to restore from backups or snapshots.

FTC Safeguards Rules

In 2021, the FTC finalized a new set of Safeguards Rules required under the Gramm-Leach-Bliley Act (GLBA). These rules outline steps that organizations in the financial sector must take to reduce cyber security risk and come into effect in June 2023. They will require the appointment to the board of a qualified individual who has cybersecurity experience, the implementation of an information security management program, and, at a minimum, an annual presentation of risk and issues to the board. The range of enterprises providing financial services is larger than first apparent and includes car dealers offering financing and higher education establishments participating in federal student loans programs.

SEC proposed rules

In March 2022, the SEC proposed new cybersecurity rules that will apply to all publicly traded companies. These rules, which are still under consultation, could become binding by as soon as May 2023 and will require reporting material cybersecurity incidents, an annual description of cybersecurity risk management strategy, policies, systems, and known cybersecurity risks. Notably, it could require disclosure of cybersecurity expertise on the corporate board, which would drive the appointment of cybersecurity expertise to all boards, similar to how Sarbanes-Oxley required all corporate boards to have financial expertise. In addition to these proposed rules, the SEC also released rules to govern all private and publicly traded investment and advisory companies to reduce market risk relating to cyber events within financial institutions.

Other privacy acts are coming online

In the area data of privacy legislation, the California Privacy Rights Act (CPRA) became effective this January. Soon to come are the Virginia Consumer Data Privacy Act in June, and Colorado’s and Connecticut’s Privacy Acts in July. Even as these data and privacy legislations become effective, work continues on Senate Bill 3600, which aims to create new data privacy law at the federal level. Many more states, including Ohio, have legislative work in flight in this area.

Where can I get more information about regulations affecting cybersecurity and data privacy?

In the coming months we will analyze key legislative changes in the cybersecurity and data privacy legislation space and provide a more detailed view on what they contain, and what actions you should consider taking as a result of the legislative actions. 

Alternatively, we would be happy to discuss these actions with you in person, either informally or as part of a tailored security assessment and roadmap generation. Contact us today.

This blog offers a personal opinion and is not intended as legal advice.

Recently, CBTS earned a Sustainability Specialization with Cisco. The specialization is a training program for Cisco’s partners in sustainable business practices such as the circular economy, achieving sustainability goals, and meeting government environmental mandates. The timing is vital. According to experts, the circular economy will reach a market value of $4.5 trillion by 2030. This also comes as governments and markets shift strategies to address environmental concerns on an unprecedented scale.

Download the Environmental Sustainability Specialization and Takeback Incentive Ebook now.

As a part of the Sustainability Specialization, CBTS signed onto Cisco’s Sustainability Pledge. The goals outlined in this pledge include:

• Achieving net zero across Scope 1, 2, and 3 emissions by 2040.
• Ensuring 100% of its products and packaging incorporate Circular Design Principles by FY2025.
• Accomplishing 100% return on end-of-use hardware.

“We are proud to earn this specialization, which supports our sustainability leadership and helps our clients reduce their environmental footprint by ensuring the technology they consume is reused or recycled,” said Jeff Lackey, President of CBTS.

This blog will examine details of the sustainable business practices that the Sustainability Specialization emphasizes. Additionally, we will explore the business opportunities unlocked for CBTS and their partners by participating.

The takeback incentive

Cisco’s Takeback Incentive is a program that offers discounts of up to 7% on newly registered products. The products return to Cisco at the end of use, and the discount is applied to replacement products.

The Takeback Incentive illustrates a dedication to the circular economy. Keeping hardware out of landfills through remanufacturing or recycling is a powerful way to generate cost-effective, sustainable business practices and pass those savings onto partners.

The Takeback Incentive also protects against hardware ending up on the gray market. Illegal hardware sales are estimated to be $2.5-3B yearly. The Takeback Incentive closes that loop and stamps down on bootleg competition.

Learn about CBTS social impact initiatives.

How sustainable business practices generate new opportunities

The Sustainability Specialization creates opportunities for CBTS and its partners to stand out from the competition in many ways, including:

Meet government requirements

Governments across the globe are creating new stimuli designed to encourage growth in green business and sustainability. Companies can access these funds by participating in programs like Cisco’s Takeback Initiative.

Enter new lines of business

Companies actively seek new ways to transform business practices through environmental and social good programs (ESG). Engaging in the circular economy and sustainable business practices is socially responsible and can be an icebreaker when reaching out to new business prospects. If nothing else, the Cisco Sustainability Specialization is a conversation starter for sales teams.

Expand service offerings

Customers often don’t know what to do with old hardware. Takeback programs are a great way to boost service levels and add value to existing customer relationships. Advising customers on ways to reuse, recycle, or refurbish obsolete technology are other ways to leverage the Sustainability Specialization.

Support partners’ efforts to reduce carbon emissions

Reducing emissions is vital for the world—and businesses in particular. CBTS is pleased to be able to advise its clients and partners with the expertise gained through this Specialization.

Win more proposals

A growing trend among businesses is to only source from sustainable and socially responsible companies. Certifications like this one from Cisco build credibility and meet customer expectations.

Also read: How Cisco Meraki + CBTS NaaS team up to deliver cost-efficient modernization for your network

Working towards a circular economy

Across the globe, companies of all shapes and sizes are stepping up to meet the threat posed by climate change. However, the time is fast approaching when companies who are not rapidly evolving to embrace sustainable business practices will be left in the dust.

According to an internal survey at Cisco, 41% of its partners were already engaged in some form of takeback or recycling services, and 45% expected to generate significant revenue from sustainability offerings.

CBTS is proud to offer a range of technology services for clients looking to advance their application modernization journey, including consulting, cloud, security, communications, and infrastructure solutions. A team of CBTS experts manages all services. The Sustainability Specialization from Cisco is only the latest in a long and fruitful partnership with Cisco. Additionally, CBTS has dozens of strategic partnerships with industry leaders, including Microsoft, Dell, Amazon, and many more.

Get in touch to see how CBTS can advise you on adopting sustainable technology business practices or providing other tech solutions.

Over the weekend another major crypto ransomware attack occurred, this time through an enterprise software vendor called Kaseya.

For many CEOs or business owners, that name might not be familiar, since many of the companies that use this software are Managed Service Providers (or MSPs). The MSP uses the Kaseya software to manage their client’s computers.  This kind of attack allows the cyber criminals to maximize the damage by attacking not just one or two victims, but instead attacking one company that has connections to hundreds of other companies.

The technical details of the attack can be found here in this Threatpost article, Kaseya Patches Imminent After Zero-Day Exploits | Threatpost. If you have been impacted, you can track updates from Kaseya here on their website update link: Important Notice July 7th, 2021 – Kaseya

So what should you do if you have been impacted by this criminal attack? I’ve had similar considerations in my time as a security leader—here’s my take.

First, if you have cybersecurity insurance, hopefully you have called your insurance provider and you are working with them to obtain the necessary resources to get back up and running.

Second, once you have a minute to stop and think, review what other vendors you depend on to function as a company.

Do you have a payroll provider? If so, you will want to assess the maturity of their security program— perhaps by examining the results of an independent audit, such as a SOC Type II report, to see how they are protecting your data. 

Do you have vendor partners who have access to your company network? If so, you want to review how they protect their networks from cybercriminals so that if they are attacked, you don’t become a victim as well.

Do you use an MSP to help you manage your computers? If so, you also want to understand the measures they take to protect you from cybercriminals. Do they require multi-factor authentication (MFA) to access your network? Do they regularly update their computers and network to prevent attacks by cybercriminals using known vulnerabilities? Are they doing the same types of risk reviews you are with their own third-party service providers and vendors? There’s a lot to consider when assessing the security of your supply chain. If you have questions about cybersecurity insurance, what a “SOC Type 2 audit” is and how to interpret the report, or how to know if your MSP is protecting your data, contact the CBTS Security practice.

Read more: Software bill of materials (SBOMs): what is it good for?

John is a veteran technologist, CTO and CISO. He has nearly 30 years of experience building and running enterprise IT and shepherding information security programs towards maturity, based on industry standards like ISO27K and NIST CSF, as well as regulatory compliance requirements from PCI-DSS, HIPAA, FERPA, A133 and GDPR.

John has several GIAC certifications (GSEC, GCIH and GCWN) and has been active in the local information security community, through groups like Infragard and the Higher Education Security Council for EDUCAUSE. He holds BS and MA degrees from Xavier University and has served as an adjunct professor at Xavier and the University of Cincinnati.

Seems like nowadays, everybody’s got an opinion on how to protect your data and assets from threats like ransomware, supply chain attacks, and good old exploitation of vulnerable Internet-facing services.

That’s not really a bad thing, to be honest. At the heart of any responsible, mature security program is a set of fundamental principles—least privilege access, defense in depth, etc.—as well as basic practices like vulnerability management and security monitoring. The more voices we have urging organizations to adopt them, the better.

One significant voice in the last few months has been the White House. In May, we saw the President issue an executive order directing new security requirements for federal agencies as well as their suppliers. Key among these requirements:

• Service providers will have to share information about threats they’ve observed and breaches they’ve experienced, and to store logs and telemetry for use in breach investigations.
• Suppliers of software to the federal government will have to adhere to new requirements around secure software development. They will need to use administratively-separate build environments, audit trust relationships, and implement risk-based multifactor authentication (MFA).  Additionally, they will need to document and minimize software dependencies in the build process, use encryption, and monitor the environment for threats.
• Federal agencies themselves will have to migrate to a zero trust network architecture, roll out endpoint detection and response (EDR) tools, and implement MFA and stronger encryption on data at rest and in transit. Furthermore, they will have to adopt a new framework to share threat and incident information with each other.

The technologies listed here—MFA, EDR, and zero trust—are more than just fancy new industry buzzwords (although they sure are used that way). They represent some of the most effective modern security controls available. It’s encouraging to see the White House push their use.

Read more about Zero Trust Networks (ZTN): What are they and how do I implement one?

The Biden administration has been vocal about the recent spate of high-profile ransomware attacks, too. In response, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, published a memo to business leaders—not just federal contractors, but any business operating a computer network—urging them to invest in some of these same technologies.

The guidance lays out a set of valuable practices that can help address ransomware as well as many other potential threats:

• Implement MFA, to protect against stolen credentials.
• Implement EDR, to identify suspicious activity in your environment and respond quickly.
• Encrypt your data (note that while ransomware attackers also encrypt data, this control prevents them from publishing stolen data, a more common tactic observed by these attackers).
• Patch your operating systems and applications.
• Back up your systems, test the backups, and use offline backups.
• Run tabletop exercises to test your incident response plan.
• Use a third-party penetration testing firm to determine if your defenses will withstand an actual attack.
• Segment your networks to limit internal access to critical systems and data.

While we agree with this guidance, and the effectiveness of these technologies and practices—indeed, our security team can help with solution selection, design, implementation, testing, and tabletop exercises—we feel they are best accomplished not as a set of standalone projects, but as the effort of what Neuberger calls a “skilled, empowered security team” that is the core of your business’ information security program.

We talk a lot about security programs around here, and we’d love to talk to you about how to build yours!

Read more: Car parts and cybersecurity: what is Google dorking?

While the last few years have seen most of our customers move their enterprise messaging from a local Exchange cluster to Microsoft 365, plenty still have some on-premises Exchange infrastructure. If this describes your organization, hopefully you have already heard about the critical updates that were released to address vulnerabilities in Exchange 2010, 2013, 2016, and 2019.

It is absolutely essential that these updates are applied to your servers immediately. Bring them down in the middle of the day if need be—whatever it takes to get them applied. Why is this so serious? Because the vulnerability is currently being widely exploited by attackers, many of whom are believed to be nation-state actors. The exploit allows the attackers to gain access to the Exchange server, its data, and can also provide a launchpad for further attacks against the victim’s computing environment.

If you’ve patched already, great—but understand that this  does not protect you if you were compromised before the patch was installed. Microsoft has released guidance on what to look for on your Exchange servers to ensure no attacker successfully gained a presence on them. This guidance, and links to the updates, are all available at https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/, which is being regularly updated with new information. Get patching!

Continue Reading: Top 5 cybersecurity actions to take right now

During this time of uncertainty many healthcare professionals are appropriately focused on an endless list of things we have to do before our healthcare systems are hit with the full force of COVID-19. While we can and throughout the entire pandemic, I encourage everyone to take time to focus on things that are going well and can be leveraged in the future. 

Having spent 15 years in healthcare IT operational / strategic roles and now time with healthcare executive customers, I’ve had the opportunity to reflect on how healthcare organizations across the country respond to natural disasters and, in this case, a global pandemic. One question that keeps coming to mind is “Why is it always a fire drill, when healthcare organizations decide to send non-clinical employees home to work?”

Most of my 15 years of healthcare IT leadership were spent working for healthcare organizations in Florida, so I’ve seen my fair share of hurricanes. While we were always clinically prepared for the hurricane, we would still struggle with what to do with essential, but non-clinical employees. I recognize there are significant differences between a global pandemic and a hurricane, but argue there are similarities in the non-clinical response from healthcare organizations. In each case, the primary focus of healthcare organizations is to provide uninterrupted care for patients, protection for our employees and to return to normal operation as quickly and safely as possible.  Shifting Patient Financial Services, HR, Finance and Accounting, Patient Registration, etc. to work from home or remote work is always considered and often selected as the solution to protecting our employees and providing continuity of operations. After the event, we begin to return to normal operations, but what if we changed the definition of “normal operations” by leaving those remote workers…remote?

There are many reasons to consider making this the new normal, but two stand out:

1. When the next natural disaster / pandemic hits, healthcare organizations will not have to figure out what to do with non-clinical employees since they will already be working from home. Instead, they will be able to immediately focus ALL of their efforts on the clinical response.
    
2. Physical space is at a premium in healthcare organizations across the globe. Leaving these employees at home would create opportunity to turn non-revenue generating space into much needed revenue generating space. Many of these offices and buildings can be converted in to Ambulatory care spaces with relative ease. In the cases where buildings are leased, the positive impact would certainly be seen on the balance sheet.

So…why haven’t we done this already?

1. It’s the way we’ve always done it. Healthcare has traditionally been a face to face workforce. The majority of care is still delivered in a face to face fashion and often this approach to work is adopted by the entire organization without thought. It just happens over time.
    
2. HIPAA / Privacy concerns are always cited and MUST be considered when employees work with patient health information (PHI) in any location. With that said, clinicians have been providing remote care for years under the same HIPAA / privacy concerns.

During the COVID-19 pandemic, healthcare organizations should take advantage of the opportunity to scrutinize what works and what doesn’t with regard to their current implementation of non-clinical work from home employees. Post COVID-19, healthcare organizations should seriously consider why those employees need to return to the office.

If HIPAA / Privacy concerns are a “perceived” roadblock, consider this fact – For years, doctors and nurses have been documenting from home, using telephones and video to treat patients remotely and, in many cases, monitoring ICU patients remotely.

Ask yourselves why clinicians have adopted remote technologies at a faster pace than their back-office counterparts and then solve for those differences. The result will be a nimble, resilient, patient focused healthcare organization!

1952 saw the first computer program that could learn as it ran. It was a game which played checkers and was created by Arthur Samuel.

Fast forward to 2019 and the usage of machine learning (ML) and artificial intelligence (AI) has accelerated to real-world use cases that can be applied to modern-day business problems.

Here are just a few of the ways that machine learning and AI improves our quality of life on a daily basis:

• Receiving a movie or song suggestion while browsing video or music streaming services like Netflix, YouTube, and Spotify.
• Using smart devices, such as the Nest thermostat, to determine your home’s optimal temperature settings when you’re home and away.
• Google provides suggestive “predictions” based on the initial keyword(s) that you type into the search bar.
• Machine learning and its subset, AI, have been deployed to assist companies with solving legacy problems related to IT systems (e-mail spam, threat detection, and mitigation) as well as physical security (theft and shrink reduction).
• Document recognition and compliance to check signatures on thousands of documents—a process that takes humans hours or days to complete.
• Image analysis using ML and AI is showing promise in the detection of cancerous tumors and is being used to diagnose and determine action to mitigate risk.
• Chatbots, or automated “Level 1” support, provides customer service support without human intervention.

What is Machine Learning and Artificial Intelligence?

AI is a broad term that refers to the doctrine or study of training systems to perform tasks in a more efficient manner than humans can execute.

Machine learning is more nuanced and is often referred to as a “subset” of AI. Machine learning speaks to the systems, processes, and specific frameworks that are required to perform a task. This enables technology to actually “learn” and potentially provide value. The goal of machine learning is to ingest data input such as logs and images with the intent of learning things from that data.

Room for opportunity, and what enterprises are doing – by the numbers

I recently came across a Forbes article that polled C-level executives on the state of AI propagation in their respective enterprises. Poll results demonstrate that these leaders want to implement some form of AI in their respective line of business.

• 47 percent of business executives have embedded at least one AI capability in their business processes.
• 21 percent say their organizations have embedded AI in several parts of the business.
• The Forbes article also cited a McKinsey study which found that 30 percent of businesses surveyed are piloting AI.
• According to a RELX Group survey, 55 percent of government officials are aware of AI but say it is not being utilized, while 37 percent of surveyed officials are utilizing AI.
• According to PricewaterhouseCoopers, only 15 percent of enterprises have appointed a single enterprise-wide AI leader while 3 percent said they were not sure who was in charge of AI, and none of the respondents said there was a single C-level executive who was in charge of AI at their firm. 24 percent said their enterprise-wide AI efforts were being led by an AI “center of excellence.”

First engagements with clients concerning machine learning and AI – what we have encountered

Most of our clients are generally in the discovery phase. This is when an organization studies how machine learning and AI can help streamline business processes and provide a relevant return on investment (ROI).

Unfortunately, we’ve also learned that many clients don’t know where to start when classifying what data is relevant to implement an AI strategy that aligns with their business needs. And there are often challenges with how they utilize data with an AI/machine learning framework in mind when the identified business process is data rich.

We also see businesses trying to operationalize an AI framework from an IT perspective before clearly identifying the appropriate use cases. We have engaged with clients that want to start this conversation using the same approach they would in sizing a “traditional” IT workload.

What OEM is the market leader, from a server perspective?

What GPU should I utilize?

Can we virtualize this workload? 

What are your other clients utilizing to manage this infrastructure?

Will the new AI platform that I am evaluating integrate with my current network/storage topology?

These questions are fundamentally relevant but are not necessarily the most pertinent at the onset of the AI conversation.  The success of any ML/AI deployment heavily relies on conversations with both business and technology leaders. It is essential to understand the entire business before discussing the speeds and feeds of any technology that will eventually follow.

Personnel, the AI practice, and the ability to execute

Finally, it’s important to mention the overall importance of skillsets that are typically required to deploy a successful AI infrastructure. In most cases, these skillsets are radically different from what enterprises have traditionally needed.

“Typical” legacy application deployment relies heavily on the systems administration and application development skillset. The machine learning and AI deployment shifts that focus from a primarily infrastructure-centric discussion to a more business-centric/data science approach.

This shift requires a new set of skills for success. Machine learning and AI professionals are typically more data driven and often hold advanced degrees in mathematics and/or computer science. They are typically subject matter experts in the area of statistics, data mining, and programming.

These roles typically include:

• Data scientists, who are proficient with the knowledge of extracting data and who can interpret that data using tools and frameworks commonly found in the ML/AI stack. Data scientists spend a majority of their time collecting, preening, and massaging data to eventually drive actionable results. Data scientists are typically not primarily interested in the hardware technology, infrastructure, or day-to-day operations of a given deployment. Their primary goal is to evaluate data and provide meaningful insights.
• Data engineers typically have knowledge specific to infrastructure and data architecture. Data engineers are often involved with the methods, tools, and infrastructure required to discover, extract, convert, and move data to its respective AI platform.

These data-centric skillsets are becoming increasingly difficult to find as the adoption of AI increases in the enterprise.

CBTS and our value add with machine learning and AI

The challenges specific to AI adoption quickly become apparent as these disciplines gain traction in the enterprise.

CBTS brings multiple aspects of value to your AI deployment based on our experiences with clients in multiple industries.

Perhaps you are just beginning to examine how an AI framework can bring value to your enterprise. Maybe you require assistance with finding qualified data science and engineering resources in a very competitive workforce. And there’s always a need to understand the right approach when selecting the appropriate infrastructure to deploy and operationalize your AI effort.

You can be confident that CBTS has the expertise to assist you wherever you are in your AI and machine learning journey.

The blizzard of innovation at this year’s Hewlett Packard Enterprise Discover 2019 conference is a testament to HPE’s bold technology and business model innovation bets.

CBTS, which is an HPE Platinum partner, was among the conference participants, and Ron Nemecek, Business Alliance Manager for CBTS, participated in a panel discussion. Ron discussed a recent CBTS-HPE collaboration on behalf of a global financial services firm that needed to refresh its data center infrastructure for multiple United Kingdom locations.

CBTS and HPE partnered on a solution that features the latest technology, is sized effectively, and is structured to align the costs of the refresh and new IT infrastructure to the business usage. The solution is delivered via HPE GreenLake Flex Capacity to eliminate the extensive cost of over-provisioning.

It’s a great example of how HPE’s innovation has extended beyond tech products and services into business outcomes for customers, Ron said.

“The new innovation that HPE brings to the marketplace is business solutions and business outcomes that are really desired by our customers, because they only want to pay for what they use moving forward,” Ron said.

“Customers are telling us that CBTS and HPE have listened to what they have been asking for years — getting them out of paying for technology they are not going to use.”

Nemecek said customers are impressed with the GreenLake consumption experience.

“They can’t believe that it is true, and that a company came to them with a partnership to solve the business problem they have had for decades,” Ron said. “That is the innovation that HPE has brought to the marketplace, and they have empowered it through partners with GreenLake 3.0.”

Ron said he sees exponential growth ahead with GreenLake.

“This is what our customers are looking for, and we are going to address their needs,” he said.

Click here to learn how partnering with CBTS drives cutting-edge capabilities.