Great! Thanks to the rapid move to #WorkFromHome, your organisation embraced #DX. But wait. At what security costs?#

As we recently shared, the recent move to work remotely came with a drastic increase in organisations' security threats. And our interviews with CISOs gave us better idea how it feels to be on the front line.

Expectations of velocity v/s tested security.#

The rapid transition to work from home (#WFH) has fast paced the ongoing digital transformation (DX) of organisations of all sizes. The apparent results may give the impression that radical changes toward digital practices can be taken in a very short time. CEOs now expect the same velocity as the "new normal" for digital transformation settles. However, a transformation that is healthy and secure in the long term requires time and patience to assess security, user behaviors and changes in security measures on the long run.

Of course the CISO’s role is not only to tell the bad news.#

CISOs acknowledge that their role inside organisations is often associated with telling about cyber threats, data breaches, missing security hygiene, and so on. This ‘bad cop’ figure makes it harder for CISOs to fulfill an important part of their job Indeed, the role of CISOs lies beyond requirement design for security technologies and protocols; it encompasses acting as a leader to onboard the workforce onto a collective digital security journey.

Digital tools (and practices) integration is pivotal, yet never achieved.#

It has become extremely demanding to find ways to integrate digital tools and practices across the organisation, at the office, on the field or at home, and beyond with the network of suppliers or partners. This task is a never ending task, dealing with the inherent multiplicity of each users' situations while reducing risks of mis-integration of the system.

All in all, the digital transformation is a long on-going organisation project, transforming human factor threats into human factor liabilities.#

It requires leadership and coherence all the way long, to integrate technological solutions along with human (individual and collective) behaviours. The scope of CISO is set to expand.

One of most pressing issue CISOs face is still the use case of emails hacking. The distributed system requires [ message encryption ] + [ file exchange security ], regardless of the network used by users.

Consento provides 'human-centric MFA' + proper data encryption (ZeroTrust) + Security-as-a-network (collective security hygiene).#

How it would work in your organisation#

Distribute keys (digitally) easily across your organisation, in person or over a video chat.

• make sure who receives the key
• integrate easily across the organisation
• own the system (no reliance on third parties)

Make security your way by encrypting data and editing security conditions for consent.

• create custom MFA
• rely on password-less, SIM-less technologies
• include biometric, location or other contextual identifiers

Your collaborators encrypt data locally, share the encrypted archive, and always keep the key.

• create strong encryption easily
• distribute the encrypted archive (regardless of the network) & always keep control of who can access
• add/revoke who can request access to archive

Your collaborators maintain a high security together.

• get guidance on how to keep security high
• reward collaborators (and suppliers) for their security hygiene
• nudge (or get nudged by) others in your network to nurture collective security hygiene
• keep security policies up-to-date, by notifying any event in the network affecting the collective security.

Consento provides a human-centric MFA solution to ensure the proper encryption of confidential email and file exchanges.#

The Consento app is designed to:#

• onboard all types of users as soon as they have at least one device ;
• enable them to handle MFA, SIM-free, multi-device, biometric approval ;
• onboard users across organisation(s) ;
• and nudge them to maintain a long-lasting digital security hygiene as a collective.

To wrap up, with Consento now you can:#

• delineate clear liabilities of all participants: Consento splits the encryption keys into unique partial keys.
• rely on mobile devices, SIM-free: distributed on the selected devices of the setup.
• customise your MFA with biometric authentication, geolocation or other custom parameters: Consento recomposes the secret through a Human-Factor Authentication.
• benefit from a cost-effective integration: Consento is made simple to integrate with your technical infrastructure and workforce practices.

Interested to know more about what our solution can do for your organisation? Let's get in touch.#

When it comes to cyber security, employees tend to think that “tech people” who know everything will take care of it with a magic wand, and it will be all well. But, is it really true?#

In an organisation, usually CISO (Chief Information Security Officer) is the role responsible for ensuring the adequate security measures for the company to protect the data assets.

Through a dozen of interviews with CISOs, we found out there are 3 common problems and challenges they think of in today’s cyber security and in their role.

1. The CISO’s role is not only to tell the bad news#

CISOs acknowledge that their role inside the organisation is often associated with telling about cyber threats, data breaches, missing security hygiene and so on. This ‘bad cop’ figure makes it difficult for CISOs to fulfill an important part of their job, which lies beyond requirement design for security technologies and protocols. Indeed, the value CISOs bring acting as a leader to onboard the workforce onto a collective digital security journey.

A hidden fact about CISO’s role is that they need to execute the emotional intelligence to educate employees about the value of data, and the way to protect their assets = organisation’s assets.

2. Expectations of velocity vs tested security#

The rapid transition to work from home (WFH) has fast paced the ongoing digital transformation of organisations. One of the CISOs we interviewed says "Making sure that we are doing the right things from a digital transformation standpoint is pretty big. A lot of businesses have done months or years worth of transformation in weeks.The biggest thing impacting right now is keeping up with digital transformation."

The apparent results may give the impression that radical changes toward digital practices can be taken collectively and in a short time. The new normal is that CEOs now expect the same velocity for digital transformation projects. However, CISOs know that healthy and secure transformation in the long term requires time to assess security and changes in security measures in the long run.

3. Digital tools (and practices) integration is pivotal, yet never achieved.#

It has become extremely demanding to find ways to integrate digital tools and practices across the organisation, at the office, on the field or at home, and beyond with the network of suppliers or partners. This task is a never ending task, dealing with the inherent multiplicity of situations while reducing risks of mis-integration.

“The area of concern for me is how to make it easy for everyone to have dual factor, but harder for the attacker to exploit which are 2 different polarizing situations.” -- Flavio Aggio, CISO at WHO

One of the factors which makes tool integration difficult is communication across organizations. Every company has different security measures and uses different tools. Upon sharing the data, we must ensure that the other party uses the tool that is compatible for both parties. The problem all comes down to how to share data securely across organizations.

Flavio Aggio, CISO at WHO says, “The area of concern for me is how to make it easy for everyone to have dual factor, but harder for the attacker to exploit which are 2 different polarizing situations.”

An organization like the World Health Organization,they have to deploy people globally in places where the supply chain is difficult. He says “sending physical MFA tokens to the right people is a major challenge where wars are going on, and really doesn’t work, so we shifted to virtual tokens in smartphones. The cost of smartphone production has been reduced, and everybody by default may have a smartphone but not a computer.”

How to turn your smartphone a secure key#

Given those 3 problems, here is the solution we have developed.

1. Intuitive, collaborative and Human-centric solution#

CISO as a role responsible for assessing the right security measures and also getting employees onboard for the security practice, collaborative security practice makes it easier for people to be a part of the game.

With Consento, the app split the keys partially to your trusted people which you can add as “trustees”. Upon opening a data vault, the app sends the notification to your trustees. If 3 out of your 5 trustees agreed, you can access the data with having your master key.

2. We say 3 No! No Password, No Server, No single point of failure#

Consento is backed by decentralized ledger technology which is called “Hyper Core”, and this enables the strong encryption upon devices instantly. Our P2P protocol doesn’t require servers, and there’s no single point of failure. It’s an Open Source Project that ensures full transparency. We don’t hide anything, but are very good at hiding your valuable data.

3. Easy implementation, but hard for hackers to attack#

As we know tool integration is one of the challenges CISOs often mention, we make it simple. All you need is just a smartphone, and you can add trustees with a quick QR code scanning. The implementation is super easy. In addition to that, the more you add trustees, the more it becomes secure as well. We make humans as a factor to enhance the security by our collaborative access control .

what's next#

If you are a CISO, do you resonate with any of these 3 problems? If you are not a security expert, what would you expect security experts do for you?

Please let us know! And if you want a demo of Consento technologies, get in touch with us.

As a simple metric, the FBI has seen a fourfold increase in cybersecurity complaints. At the same time, the global losses from cybercrime exceeded $1 trillion in 2020.

The world post-2020 isn't quite the same. While the digital transformation is accelerating, executives still need to figure out ways to secure their digital assets and teams.

Personal medical information are the cornerstone of relevant eHealth, and yet remain unmanaged. Who gets to host - and provide remote access to - patients medical data? Each and every medical expert and organisation holds dear to the patient data they host. And they have to. But each part of the patient data portfolio remains to be enriched with the rest of the information. With services increasingly requiring access to patient's medical data, the responsibility over medical data custody is scattered.

Following up in the Next Generation Internet (NGI) series, the Consento team is delighted to be invited at the TETRA Bootcamp 'Scale Up'. NGI is dedicated to the emergence of a more resilient, trustworthy and sustainable Internet.

GDPR is a regulation set in Europe, mainly to protect personal data by setting out the rules on how to deal with/transfer data. However, the tricky part is that this regulation goes beyond the border if you deal with personal data linked to users residing within EEA.

Remote workers bear a great stress in collectively handling the privacy of company data. For many of us, remote working is here to stay.

Beyond the inconveniency of mixing up personal and professional spheres 24/7, remote working brings along another source of stress for remote workers, and to those in charge of maintaining the company data privacy. Now that devices are connected and used outside the company network, the risk of mishandling passwords or using unsecure networks has become higher than ever.

Being the custodian for contractors' CV or identities adds to the burden of coordinating agencies. Having to hold the custody of other's digital identities is timely, if not costly in human error.

Most of companies relie on a netwrok of external contractors and suppliers, for translation work, transcription, accounting, legal work, etc. Building a trustworthy partnership often starts with verified credentials, or asking for referals, in order to discard fraudulent candidates. Eventually, these verified CVs and confidential data about contractors become too valuable to be losely shared over emails or cloud services. The agency's reputation depends on it.

You are a crypto-millionaire! If only you hadn't lost your crypto wallet key...

Have you heard how many bitcoin users would have become millionaires, only if they hadn't lost theit password? Bitcoins and distributed ledgers technologies opened amazing opportunities to secure transactions online. Although their technicality makes most end-users a bit chill. Moreover, they transform the end-user into the "single point of failure".

Consento will compete at the SxSW 2021 Startup Contest. Let's meet there!

The technology behind Consento has a bit of a magic. So we made a video to share that.

Thank you for watching.