Category: Croyten’s Blog

Spain Breaks Global Money Laundering Ring

By Amine Mekkaoui,

Spanish authorities have arrested twenty people suspected of having facilitated an international money laundering operation through the sale of drugs. The investigation was initially launched in May 2008, when Police became suspicious over several substantial transfers of money to Colombia. Police reports suggest that the group was responsible for transferring in excess of 3 million euros during 2007 and 2008, which was sent from Spain to bank accounts in China, Panama, Venezuela and the United States and were eventually collated at a fake dentistry foundation in Colombia. The Police statement went on to say that the suspected ringleader of the Colombian network was detained by US police in Miami, whilst the remaining suspects were detained by Spanish police in raids carried out across Spain. At the same time, the Police confiscated 5 vehicles; 32 mobile telephones; a quantity of cocaine; 6 fake passports and other documentation.

Holding Your Files Hostage

By Amine Mekkaoui,

With just one click your files, credit cards, medical records and other personal information could be hacked with ransomware malware. Earlier this month, a cyberattack on Hollywood Presbyterian Medical Center took the hospital’s medical records hostage, demanding ransom in the form of Bitcoins.

Bitcoin is a virtual currency. Transactions are made anonymously without bank involvement. Since Bitcoins aren’t tied to any country or subject to any regulations, international payments are easy and cheap. Every user has a Wallet ID, but the names of the buyers and sellers are never revealed. This level of anonymity provides the perfect breeding ground for transactions such as ransomware.

It would be nice if there was a list of things to look for to help prevent these attacks, but ransomware is evolving. Hackers are finding new ways to completely lock your computer systems and block access to all of your files and encrypt them. Emails that look like they are coming from utility companies, credit card companies, and even banks contain files that once they are clicked will overtake your system.

While Hollywood Presbyterian Medical Center chose to pay the ransom via Bitcoin citing the need to get back patient medial records and the hospital back up and running as soon as possible, paying ransom isn’t the way to go.

First, even if you pay whatever is being asked there is no guarantee you’ll get the encryption code to access your files, and since nearly all of these ransom requests are made through anonymous payment methods – like Bitcoin – there’s no tracing where the money went, therefore no way to go after the attacker.

Second, if you pay the ransom the hackers may see you as an easy target and come back for more.

Third, by paying ransom you are feeding into the criminality of the entire operation. Providing money to these hackers will allow them to up their game with new malware and build out the ransomware malware network.

If anything looks suspicious in your email don’t click it, and if you think you’ve been infected by malware shut down your computer and disconnect it from any server in order to minimize the risk of infecting the entire network.

There are five fundamental thinks you should always remember to do when working on your computer while connected the Internet:

  • Count to ten and think before you click: Do not click on any URL embedded in an email, even from someone you know, unless you confirm that email came from the sender.
  • Update everything: Keep your operating system updated otherwise you might be dismissing an important security update.
  • Backup your files: If you fail to do anything else, this is the most important task you must do on a daily basis. There are many external trusted sites you can use to backup your computer
  • Secure you wireless network: Make sure you use a strong password when setting up your Wi-Fi router
  • Use strong password: Avoid using your cat and dog names. Instead include at least one number, a capital letter, symbols such as # or $, and make your password is at least six characters.

Big Data, Big Decisions

By Amine Mekkaoui,

Big data. It’s a pretty broad term, but it’s used to describe data sets that are so big or complex that in order to get the most value out of them companies need to use enhanced data applications; and more importantly know how to manage all of the information.

When it comes to big data, it’s not so much about how much you have, but more about what you can do with it. Managing this data means creating a structure that can store, process, and organize large volumes of structured and unstructured data.

For example, a typical bank offers its customers multiple products; a mortgage, car loan, checking account, saving account, credit line, etc.  In today’s economy customers also conduct transactions online and via mobile devices, and provide feedback on services via social media. Should all that data be stored in different places? No, but banks and other firms are starting to recognize that having all that relevant data stored in one place can provide a wealth of insights about their customers, which is critical to better serving their customers and offering them customized products that makes sense. Having that data in one place will enable efficient data management control and a single-client view.

Regardless of the size of your company or the data being brought in, big data can provide a whole new way of approaching big decisions.

A consumer-oriented company can use big data to listen to, learn from, and leverage consumer feedback to produce targeted B-to-C campaigns. All of the feedback collected from social media and surveys allows a company to build and update consumer profiles and then execute personalized marketing and advertising campaigns.

Insight-driven organizations (IDO) need data to drive decisions. A lot of the time, though, there is so much data these organizations don’t even know where to start. It can be a very long journey to take big data and turn it into insight-driven material. As an IDO you need to figure out what insights will be most impactful with your clients. Then you need to know if you have the right data and analytics to create these insights, and if not, how do you go about getting that information? Once those insights are available how do you create a strategy to implement them in day-to-day decisions making?

Regardless of who is using big data or how it’s being used, there are always concerns about security. Most companies don’t have the infrastructure to store big data on their own IT networks, which means they are either going to be using the Cloud or a third party storage. Transferring data out doesn’t mean to companies transfer their liability. With data coming in from all avenues; social media, emails, files, etc., there are more entry points that need to be protected as along with external access points where the data is being housed.

Finding the most accurate and secure way to use big data will lead to better decision making – which will result in more efficient operations, reducing costs, and reducing risks.

Get Your Head In The Cloud

By Amine Mekkaoui,

Cloud-based solutions are no longer the wave of the future they are a necessary driver for most Enterprise businesses. The “cloud” which is really just a very large, remotely-connected server to store and access data isn’t a new phenomenon, but there are still the same old concerns about how secure data really is out there in Cyber Space.

The truth is you can control the safety of your data. Your overall cloud strategy and your use of the technology play a large part in the security process. It can range from choosing what you put on the cloud; to different models of service delivery like IaaS, PaaS, or SaaS; to what cloud-based server you use.

There are some very big, well-known companies with pretty good track records, like Rackspace, Microsoft, Amazon, and Google that have teams of people working around the clock on security and monitoring and can immediately identify, assess and remedy potential risks or threats. That’s something that most locally housed IT infrastructures can’t match. By storing data in the cloud businesses free up local IT infrastructure and are able to cut costs, but with any investment you must weigh the risk versus the reward.

So what are some of the things you need to consider before putting certain information in the cloud?

Data Breach: One of the major concerns when using the cloud is a data breach. The cloud presents greater challenges since you’re dealing with hypervisors and other external shared networked infrastructure. Data breaches can release personal information such as a person’s social security number or access to their credit or debit cards. Over the past couple of years, companies such as TargetExperian and Anthem BlueCross Blue Shield have been hit with major data breaches exposing personal information of millions of customers.

Data Loss and Recovery: While the data breach is considered a malicious of intrusive action, a data loss maybe a result of sever or storage malfunction. If your provider goes off-line and your data is lost, can it be recovered? Data sent to the cloud is encrypted as one of the many steps to ensure privacy. The downside is that encrypted data is harder to recover, especially if the encryption key is lost too.

Data Access: What information are you putting out there and who is going to have access to it? Sensitive, classified, or confidential information may not warrant storage on the cloud. You want to be able to monitor who has access to your data and their activities. Are these people authorized to access the data, and if not they need to be shut out of the network. You may also want to limit access to certain levels of individuals to mitigate any potential misuse of your data.

Data Availability: Storing data externally means you don’t have complete control of it anymore. Your cloud storage could go offline and someone else is now responsible for getting it back up. You want to make sure that whatever provider you chose has a proven record of highly available data and a quick turnaround for getting the system back on-line should it go down. All this needs to be spelled out in a Service Level Agreement (SLA).

Cloud-based solutions offer benefits for companies large and small, local and worldwide. What works best for a large company may not for a smaller one, but there are many options available that can make storing, sharing and accessing data more efficient and cost-effective no matter what business you are in.

What Can You Do with All This Data?

By Amine Mekkaoui,

Today’s market is all about data. Consumers want to capture information relevant to their user experience; marketers want to capture that information to customize offerings for the consumer; enterprises want to turn data into business intelligence so as to secure a core competitive advantage; and data center vendors want to push virtualization so as to support the massive amounts of data to be captured, stored, mined and managed.

From an enterprise standpoint, there are a number of opportunities to capture data. In fact, companies throughout the world are capturing data at every touch point and market feed, hoping to extract the information they need to improve their product offerings and their market positioning. Without a clear strategy in place to direct the capture, organization and management of that data, however, it does nothing more than consume space on the server.

To truly make the most of the data capture, the enterprise needs to understand the source and why it’s selected, the type of data they want to capture and what they hope to do with that data once they have it in hand. Let’s examine a few possibilities:

  • The mobile consumer – this individual is in a position to share an immense amount of information with the enterprise, including location, purchase history, preferred communication channel and even the information they want to receive via email, text and social media channels. When captured, this information should not only be stored with the contact information, it also can be categorized according to the consumer profile, compiling the likes, dislikes, habits and preferences of a specific target customer.
  • The point of sale – whether in person or through the contact center, the point of sale is one of the best places to capture valuable data. Customers will share a wealth of information about their lives, their preferences, their plans for the future and so much more during this interaction. When that information is captured in the right format, offers can be generated that match their preferences perfectly, creating an opportunity for a cross-sell or upsell conversion. That information should also be stored in the customer account and associated with the profile so as to develop broader-reaching solutions in the future
  • The free offer – individuals who respond to the free offer or complete a form for more information provide a goldmine of consumer data. The first data capture must be short to ensure completion, but the follow-up call is the perfect opportunity to ask all the right questions to qualify the person as a lead, promote them to another buying opportunity or simply move them to a non-sale opportunity. Regardless of the classification, the point is to classify the individual and their information so the company can turn that information into intelligent data and potential opportunities.

The sheer volume of data being produced by consumers and the enterprise is putting significant pressure on today’s businesses to capture that data and turn into a business opportunity. Companies must pay attention to how they capture, the speed in which they capture, how they organize and then use that data. The core strategy needs to focus on each of these elements with a clear direction on how captured data will be used to promote the core competencies of the business. It also needs to ensure data capture is immediate as sometimes two minutes is too late. With valid channels to capture the information in real-time, the enterprise is well on its way to turning big data into business intelligence.

Mobility is the trend of the new generation. Increased access to tablets, smartphones, robust data networks and even Wi-Fi everywhere has extended the capabilities of the professional in the field. When the BlackBerry first emerged on the market, the enterprise acquired, provisioned and controlled the mobile device for the workforce, enabling access to key applications and information, while also monitoring activity.

The demand for increased mobility has spurred a new phenomenon – BYOD. Employees are opting for the Bring Your Own Device to work strategy, balancing personal and professional conversations and information on the same device. The BlackBerry is no longer the smartphone of choice as the iPhone and Android dominate the market. BYOD has proven to be an effective strategy with the right policy in place, but how can it truly support the initiatives of the enterprise?

There are a few realities that accompany the adoption of BYOD:

Employees select the brand and type of device – while employees enjoy the freedom of selecting their own preferred brand and operating system, enterprise IT recognize the different challenges working in varied environments. It may be more effective for the corporate policy to allow BYOD to only include selected, approved brands, models and operating systems.

Employees control the level of personal information contained on the device – this is an important point if there is no separation between personal and corporate information. For example, if baby pictures are mixed with corporate or customers proprietary information, that’s a problem. Employees should be allowed to load their own information on their own device, but it’s up to IT to provide the technology and information to keep personal and professional information separated on the device with the application of mobile applications.

Employees access websites, applications and file sharing services not normally permitted by the enterprise – this is a critical threat for any network. Users may be accessing a vulnerable hotspot, uploading information to a file share site lacking the appropriate protections or downloading applications with malicious software. The enterprise BYOD policy should include guidelines to acceptable practices and mobile device management applications can be installed that prevent risky activities. The key to the successful application is to inform employees as to these rules and the consequences if those rules were to be broken.

Employees may allow other people to use their device – this reality is difficult to address from the corporate side. Employees may be educated on the risks involved with allowing other users to access their device, but complete control in this area is difficult. Monitoring and management applications can help control what the individual may do while using the device, however, which is an important step towards protection.

Employees may not demonstrate diligence in keeping track of their device – regardless of how much the employee uses his or her mobile device, it can still be lost or stolen. If that happens, the finder will have access to a wide range of network applications, proprietary information, authentication information and so much more. This is where keeping personal and private information separate is crucial as IT management can remotely wipe the device clean of any information that puts the enterprise at risk. Likewise, the employee can opt to wipe everything if personal information lost will also put them at risk.

While this list just scratches the surface in terms of the realities that can affect BYOD and the enterprise, they are important points to ensure success in this new environment. Any corporation can resist the trend and instead purchase mobile devices for all employees, but that may not always be the optimal choice. By understanding the realities that exist in a BYOD environment, the enterprise is more likely to benefit. 

In 2011, Saugatuck completed a survey of 200 enterprise IT users and business leaders and roughly 30 vendors that found cloud-based business intelligence and analytics would be among the fast growing of the cloud-based business management solutions in the market over the next two years. This growth represents an 84 percent compounded annual  rate, but did the prediction ring true?

Among companies that are currently using business intelligence tools and have been since 2007, the adoption of business intelligence has remained flat. The 2012 Successful BI Survey shows that approximately 25 percent of the employee base relies on business intelligence tools, a figure that has not changed in the last five years. Given the adoption of new technologies and integration into mobile capabilities, this result may come as a surprise to most.

For others, however, the result of this survey simply demonstrates that the wrong element is being measured to truly understand what is happening in business intelligence in 2013. The tools for gathering the data don’t matter nearly as much as what platform companies are using to access the data and what they are doing with it once it’s in the data center. It is the challenge of enterprise in this next generation, and one that is easily overcome with data analytics and the strategic use of the cloud.

The stagnant adoption of business intelligence tools in the enterprise and the small business is not due to a lack of understanding of the value it presents, but instead the result of significant investments in legacy systems that demanded a focused approach to every network and data center deployment and integration. The process was often cumbersome and expensive, which limited access for a number of potential users. Now, as more companies are embracing the cloud, the playing field is about to change.

The cloud is expanding business intelligence and analytics to include multiple users throughout the organization, simplifying access and making business intelligence and the use of analytics more ubiquitous. The cloud provides one level for managing the complexities of business intelligence, including the gathering of analytics components, networking and storage. As big data continues to play a dominate role in a company’s ability to effectively compete, it’s no longer enough to simply manage information.

All companies are examining the best way to manage the exponential growth in unstructured data, forcing key decision-makers to determine the best way to analyze this data in real-time to support the effective use of this information. While Gartner is predicting the growth of the business intelligence market to hit 9.7 percent this year, business analytics in the cloud is expected to grow three times faster.

Businesses of all sizes are flocking to the cloud for business intelligence and analytics as it provides vast computing and storage resources without significant investment. Plus, the ability to gather and act on granular information is a key competitive advantage and one that is difficult and costly to achieve without business intelligence analytics in the cloud. As the data bubble continues to expand, those able to embrace the cloud will enjoy greater capacity and capability when turning that data into actionable intelligence. 

Threats Associated with BYOD

By Amine Mekkaoui,

The use of mobile devices among the global workforce is not a new concept, but the introduction of user ownership is a trend that has just gained momentum in the last few years. Professionals in a wide range of industries are relying on their own mobile devices to support the balance between work and home, introducing a whole new set of risks for the corporate network when the proper policies and controls are not in place.

While BYOD (Bring Your Own Device) offers plenty of benefits for the enterprise and the employee, a strategic approach is necessary to mitigate the risks associated with users accessing the network and supported applications from outside of the corporate firewall. Let’s take a look at some of the threats that exist with BYOD and what you need to do to protect your network, your users and your proprietary information.

  1. Lacking a Robust Policy – Now that users are accustomed to relying on their own devices to access the network and their personal email, they also need to know what is acceptable use, who has access to their device(s), and what will happen if the device or the information contained within the device is compromised. An effective policy outlines expectations and outcomes, while also providing for the proper sharing of information so all employees are informed.

  2. Weak Authentication Methods – It’s a given that employees will need unique user names and passwords to access the corporate network, but it’s also a given that such information is easily captured by hackers. It’s critical that IT management implements and enforces strong authentication methods and limits access to applications. Strong authentication methods demand constant monitoring and regular updates to ensure any breach is immediately identified and mitigated.

  3. No Visibility or Control over Devices – Employees often prefer BYOD as a concept as it suggests they have complete control over their mobile device. While the physical control may remain, IT management establishes its own control over the device with mobile device management or other applications that provide remote access and complete visibility. Access to such technology ensures IT always knows what devices are accessing the network and can immediately locate, lock and wipe clean any compromised or lost device.

  4. Applications – While a number of applications exist to promote the activities of the professional in the field, a larger number exist to waste time or access proprietary information with malicious intent. Any applications downloaded by the user without IT approval are a risk to the corporate network. The simple scan of a QR code could quickly launch malware on the device, with reach into any network to which it is connected. The corporate policy must define what constitutes an approved application and how to avoid downloading malicious software.

While this list merely scratches the surface of the threats that exist with BYOD, it still provides clear insight into what you need to consider within your own environment. Whether yours is a large enterprise, small- to medium-sized business or sole proprietorship, any mobile device used to access your network, server or other IT assets presents a threat to your operation. Before allowing BYOD to flourish, put the right strategy in place to support only the safe use of all mobile devices.

Many companies make one huge mistake when implementing their data governance plan.  They assume that once they develop related policies and implement the needed technology solutions to support the strategy, the rest will take care of itself.

These organizations are, unfortunately, in for a rude awakening.  What they don’t realize is that existing business cultures will have a profound impact on how those initiatives are carried out.  In other words, a company’s “personality” and working environment may have as much to do with data governance success as any other factor in the plan.  For example, the willingness – or lack thereof – of both IT and business stakeholders to embrace new initiatives can make or break the strategy.  Or, pre-existing tension between departments and business units can halt the collaboration needed to get the project off the ground in the first place.  

What are some business culture “problems” that can have the greatest impact on a data governance strategy?

Lack of Communication
Many businesses suffer from poor communication across various levels and departments.  And, others are so eager to get their critical projects into play, they often dive right in without properly informing and educating their employees about the plan.  When it comes to data governance, this approach can create major problems.  For example, if stakeholders don’t understand why data governance is important, don’t know how it works, or don’t see how it applies to them, they are likely to be lax when it comes to complying with related policies and procedures.   

Too Many “Cooks Stirring the Pot”

While contribution and consensus among all departments that will be affected by data governance is critical, companies who are prone to forming “mega-committees” to spearhead important projects may see their data governance efforts fail.  Action and execution will end up taking a back seat to meetings, bureaucracy, and debate, and these businesses will likely never get past the policy-making phase.  

Failure to Synchronize and Coordinate
Employees get used to working a certain way, and asking them to significantly alter how they perform their day-to-day activities is likely to be met with some resistance.  Yet, many companies simply demand that employees follow certain data governance processes – no matter how different from current workflows they may be – without any consideration as to whether or not those staff members are capable of carrying those procedures out, and how other responsibilities will be affected.  What these organizations are forgetting is that governance processes are not separate and distinct.  They must be seamlessly integrated into any related IT and business activity they will impact.  

Out of Sight, Out of Mind
Countless companies make the mistake of introducing a major strategy with much noise and fanfare, then executing on that plan quietly, without keeping employees informed of new developments, results, etc.  When it comes to data governance, this is a surefire way for employees to lose interest, because they’ll associate the lack of “hoopla” with a lack of importance.  Conducting ongoing training on new data governance techniques, or setting milestones that track and measure the benefits a data governance strategy is delivering can help keep the initiative at the forefront of employees’ minds, and maintain focus on their goals and responsibilities in carrying out that plan.   

To learn more about governing your data, or for tips to help optimize your data governance strategy, visit our Web site at   

Passive vs. Active Data Governance

By Amine Mekkaoui,

There are countless ways to oversee and manage your corporate data.  But, the approach you take will likely determine the success or failure of your data governance initiative.

Some companies will take a “passive” approach, giving users the ability to freely interact with information in back-end systems, then monitoring the results of those interactions – after the fact – using various reporting and data assessment tools. Others will be more proactive, monitoring the way data is created, modified, and handled in real-time as these tasks are performed, so problems can be detected and corrected before “bad” data is introduced into the operating system environment.   

In this post, we will discuss the many problems that may arise when companies take a passive approach to data governance, and highlight the reasons why active data governance is the more effective route to take. 

The key issue with passive data governance is the fact that, once invalid or incorrect information enters a database, it’s potential to create problems immediately begins.  In the time between when a user adds the bad data, and a tool identifies its existence and “cleanses” it, an incorrect bill may be sent to a customer, an inaccurate work order may be transmitted to a field service technician, or even worse, an invalid report may be sent to a regulatory body.  Therefore, catching corrupt information beforehand is critical, particularly in heavily regulated sectors such as financial services and healthcare. 

Bad data within a corporate environment can also lead to interruptions in core business processes.  Downtime can be particularly significant if the poor quality information in question triggers or is consumed by automated workflows.  These disruptions not only drain worker productivity, they can negatively affect revenue generation. 

And, most importantly, the validation and correction of bad data after the fact will require more resources than the proactive monitoring of data activities.  The amount of time and cost associated with scanning a massive database for integrity issues, then cleansing or deleting corrupt information, far surpasses the resources needed to flag suspicious data interactions as they occur, and validate them on the fly. 

While passive data governance can serve as a highly effective secondary measure, catching the one or two errors or inconsistencies that may mistakenly bypass more active monitoring measures, the truth is that active data governance is the only true way to promote optimum information accuracy, timeliness, and completeness across an entire business. 

The value of data is simply immeasurable to today’s corporations, and the speed at which information flows throughout and beyond an organization leaves little room for error.  Even the slightest problem with data integrity, even if for a short period of time, could be detrimental to operational efficiency, profitability, and regulatory compliance. 

To learn more about governing your data, or for tips to help optimize your data governance strategy, visit our Web site at