Connect with us

Interviews

Q&A with Andréa Jacquemin, founder and CEO of Beamy

Published

on

Beamy is a fast-growing scale-up that focuses on pioneering a new approach to SaaS management for large companies. Founded in 2017, it has recently launched in the UK and in April it completed a €8 million Series A funding round.

 

Beamy recently held a successful Series A funding round to support international expansion and product development. Why is now the time to strike? 

“We are convinced that SaaS issues are major issues for large companies, whether French or international. With this fundraising from major investors including Agaé Ventures and ISAI, both of whom are recognised for offering cutting edge expertise in the tech sector, we are setting out to conquer the international market.”

 

How quickly is SaaS adoption growing in enterprises? 

“The adoption of SaaS platforms grew by 125 percent from 2020 to 2021. A reason for the influx of SaaS adoption is that the agile and hybrid nature of SaaS matches the hybrid style of work, which many companies adopted during the pandemic. Beyond the pandemic, the future forecasting of the industry is predicting huge growth, with the market value to reach $168.6 billon in 2024.

“While digital transformation was accelerated by the pandemic, it has taken on a life of its own. There is now a catalogue of SaaS applications available to employees, with different uses and price points. In companies with more than 1,000 employees, there are on average several hundred different SaaS solutions in use, representing several million dollars in annual costs.”

 

How is the growth of SaaS shifting workplace technology strategies? 

“The explosion of SaaS within companies has introduced a real organisational change: a true decentralisation of technology ownership and empowerment of business units, who choose and implement their solution themselves. This IT decentralisation has become inevitable and is forcing large organisations and CIOs to rethink their model to structure SaaS growth in a secure environment.

“The objective is not to block access to technology, but rather to enable the freedom of technology choice within a framework that offers more transparency and autonomy.”

 

Have you seen a link between the trends of IT decentralisation and increased hybrid working?

“It is well established that the COVID-19 pandemic forced companies to rethink their workplace operations and accelerate their digital transformation. As a result, the number of tools on the market to serve the world of remote or hybrid working have also increased.”

“Hybrid working gives employees more autonomy, allowing them to choose their preferred SaaS applications for completing tasks. There is clear evidence that today’s workforce is demanding more control over how they accomplish tasks. Having access to a wide range of tools creates a decentralised model for IT systems, in which technology needs are self-defined by employees. The democratisation of this process, while advantageous for team productivity and innovation, can also pose several risks to the infrastructure of businesses.”

“While employees are bound in hybrid work settings, CIOs have little control over how these applications are onboarded and managed. In general, when we meet a CIO of a large company, they estimate that their organisation uses 30 to 40 SaaS tools. However, when we begin working together, our technology detects several hundred active SaaS solutions, often revealing more than 75% of shadow IT.”

 

Has the Great Resignation increased the risks presented by shadow IT? 

“When an employee leaves, if the business does not know where data is being stored then any level of data loss is possible. SaaS applications have become easier to buy online through affordable subscriptions. Whether they know it or not, most companies are being digitalised from the bottom up. But this has also led to an explosion in cyber and compliance risks.”

“A high employee turnover, or using lots of freelance workers, can make the problem worse because each new employee will add in their own favourite apps for work. When an employee leaves, their old logins can be left unprotected and invisible to the IT team. That makes them the ideal target for hackers.”

 

What can organisations do to minimise these risks?  

“Now that almost all jobs are digital, it’s vital that HR and IT work together on the onboarding and offboarding processes, not simply rely on technology. This needs to include close collaboration and a proper framework to check for potential governance or compliance issues. It also means old logins can be deleted, meaning fewer ‘back doors’ for hackers to exploit. This makes it easier to identify what apps have sensitive data in them, that need to be removed. Having a central platform to track the apps being used can help with this, but ultimately it needs to be underpinned by a strong company culture of collaboration and compliance awareness.”

 

What specific technologies does Beamy use in its platform to tackle these challenges?

“Beamy has developed powerful scoring algorithms capable of detecting all of the SaaS applications actually implemented in the company. Beamy then is able to follow the evolution of each application over time, provide employees with a catalogue of all applications implemented in the company, define an autonomy matrix according to the potential risks of future applications, and navigate an app store of more than 50,000 applications on the market.”

“This enterprise App Center enables business departments to choose their own technology by feeding them the right information for selection, security and implementation over the long term.”

“Beamy thus guarantees a global approach to SaaS governance necessary to support large companies in the long term to structure their IT decentralisation and establish synergy between all stakeholders: CEOs, CIOs, IT leaders, and business teams.”

 

What is your top piece of advice for CIOs facing shadow IT challenges? 

“The top-down vision of IT is over. We are witnessing a true decentralisation of technological ownership and empowerment of business units, which are selecting and implementing their own solution. This is a story of balance – if we put too many constraints on employees’ ability to choose their applications and implement lengthy processes, they will still use the applications but won’t go through the proper channels with IT in the implementation.”

“Without a solid structure of decentralisation, the risks will be considerably increased and the budgets won’t be optimised. In any situation, you have to find the proper balance in terms of autonomy that works for your workforce, but keeping the status quo on this subject is the worst solution.”

 

Thanks for your time, Andréa. 

Interviews

How MFA can protect the financial sector from the unprotectable

Published

on

By

The financial sector has long been a primary target for threat actors. However, the unique infrastructure of core financial systems means these critical resources often fall outside the scope of standard security solutions.

Multifactor authentication (MFA) is one such solution. We ask Yiftach Keshet, Director of Product Marketing at Silverfort, what are the limitations of traditional MFA to the finance industry, and what can be done to start protecting these unprotectable core systems.

 

Q: What are the security challenges with traditional MFA?

Multifactor authentication (MFA) has become something of a default secondary line of defence against credential theft. Requiring users to input two or more verification factors in addition to their username/password combination makes it much more difficult for threat actors to simply access the network with credentials stolen through phishing or a previous breach.

However, the system is far from perfect and presents several challenges. One issue is that MFA is rarely fully supported by legacy banking infrastructure or command-line access to servers and workstations.

Kerberos and NTLM, two of the most common authentication protocols in on-premises environments, don’t support MFA. As such, an attacker that has infiltrated the network and managed to obtain user credantials will be able to access critical servers without going through the MFA process.

Yiftach Keshet

Alongside this, traditional MFA is usually deployed at the resource level. In a high-scale environment it practically means that full coverage of all resources with agents or proxies will never take place. Additionally,  as businesses continue to grow their digital footprints, the resources required to deploy, configure and maintain MFA quickly increases. This can quickly become unmanageable, particularly in the financial sector where digital transformation has been a leading priority for the last few years.

As a result of these issues, core banking resources are often excluded from MFA protection. This greatly increases the organisation’s risk exposure, as threat actors that make it inside the network may potentially gain full access to critical systems with few effective checks or barriers.

Financial organisations need to change their approach to MFA if they are to close this critical gap in their defences.

 

Q: How can these challenges be overcome?  

The shortcomings of traditional MFA can be overcome with a new model known as Unified Threat Protection. Rather than being applied individually at a resource level, this is an agentless, proxyless approach that natively integrates with the organisation’s Active Directory and Identity and Access Management (IAM) solutions. This means it can be uniformly applied to continuously monitor, analyse and enforce MFA policies across the entire environment.

Because all authentication requests are handled through the organisation’s IAM solution, directly integrating MFA at this point solves the coverage problem. Not only is it far easier to scale MFA as the organisation’s IT footprint expands, but an MFA layer can now also be applied to core banking infrastructure that was previously unprotected.

 

Q: What are the use cases for using MFA to improve safety practices for banking?

There are multiple financial use cases that stand to benefit from the Unified Threat Protection approach to MFA.

The first and foremost of these, is the access to the banking applications that don’t natively support MFA today. This new approach enables them for the first time to obtain the same level of secure access that modern SaaS applications have.

Remote access tools, for example, have become extremely important in the new world of remote and hybrid workforces. However, because standard MFA typically needs to be deployed individually to each endpoint, it is common to find many machines in the environment are not protected, creating a critical attack path for threat actors. The new agentless MFA model can be directly integrated with Active Directory, ensuring that all machines are equally protected, regardless of location.

In another example, admins at financial institutions typically use command-line tools such as PsExec, Remote PowerShell, and WMI for configuring, managing and troubleshooting machines in their environments. However, these same toolsets are exploited by threat actors to spread ransomware and achieve lateral movement. If the authentication protocol of command-line tools is not protected by MFA, attackers can use these tools to access and manipulate the system.

Again, the agentless and proxyless nature of the Unified Threat Protection model closes this gap as all core systems will require MFA, significantly slowing or even completely stopping any threat actor within the network.

 

 

Q: How a bank can bolster their cyber resiliency against ransomware with MFA?

Ransomware has begun to dominate the threat landscape in recent years. Financial organisations have a lot to lose, because a ransomware outbreak rampaging through their core systems could cripple the enterprise and cost millions in lost business and recovery efforts – even before factoring in legal and regulatory impact if customer data is compromised. File shares are a common method for accessing systems and propagating ransomware to increase its impact.

Traditional MFA has proven to be ineffective against the threat of ransomware, as it cannot be applied to file shares managed by a CIFS (Common Internet File System) authentication protocol. However, a Unified Identity Protection MFA can cover this gap as it can apply coverage through Active Directory, regardless of which protocols are being used.

Continue Reading

Interviews

Finance Derivative Interview with James Burton senior director of product management at LexisNexis Risk Solution, Insurance, U.K. and Ireland

Published

on

By

  • What led you to move from the financial services sector to insurance?

I worked as a market analyst and global derivatives trader for three years then moved into banking for close to five years before a brief stint at a data and technology company. The switch to insurance came about for several reasons.

Firstly, the banking sector is relatively mature in its use of data and I could see how transformative data and technology could be for the insurance sector – I wanted to play a part in that.

Secondly, LexisNexis Risk Solutions was still a relatively new brand in the UK insurance market when I joined, although the business had a 40 year plus history in the U.S. The position of head of data analytics was a fantastic chance to work for a business with a clear vision to deliver innovative data and technology solutions to help insurance providers better understand risk.

Thirdly, I could see the massive potential of contributory data solutions in insurance so that the whole market has an opportunity to benefit. Obviously the more contributors you have on board, the more powerful the database becomes. Close to 100% of the motor insurance market is now contributing to our Motor Policy History Database and benefiting from digitised No Claims Discount proof.  We intend to repeat this success with our claims database for home, motor and commercial.

 

  • Are there parallels to be drawn between customer verification processes in banking and those now being used in Insurance?

James Burton

Yes, while insurance providers aren’t subject to all the same Anti Money Laundering and Know Your Customer regulations as lenders, the sector is experiencing high levels of fraud and this has driven innovations in data solutions to validate the applicant, customer or claimant is who they say they are, at speed, at each part of the customer journey.  Solutions such as email address-based fraud risk scores and our unique customer identifier stem from identity solutions that have been used with success in the banking sector.

 

  • How much have the new pricing rules in insurance changed the way insurance providers use data enrichment services?

Insurance providers must now ensure the consumer’s risk is assessed as accurately as possible and in-turn priced fairly, using the same processes and data the insurance provider would use at new business.  As a consequence we are now seeing an increased demand for data enrichment at renewal.  Crucially, insurance providers can now use one point of access to data enrichment rather than calling out to multiple data sources, to allow risk assessment at individual, asset, household and postcode level with intelligence delivered on all individuals associated with the quote in a single transaction.

 

  • What do you believe have been the most exciting innovations in the insurance market in the past year?

The insurance market is constantly innovating in response to the changing needs of customers. The emergence of short-term insurance solutions is a good example and an area we are watching closely.

Clearly the more accurate and actionable data at your fingertips the better you can price a quote – whether for a day’s cover or a year – help customers mitigate risk or settle a claim.

The availability of Advanced Driver Assistance Systems data at quote has also been a big change for the motor insurance market.  Having this data at a Vehicle Identification Number level gives insurance providers a much clearer indication of the risks associated with a specific vehicle.  The availability of this data at the VIN level is a true industry first and one that only grows in importance and value as more cars come fitted with ADAS as standard.

 

  • Fraud is being highlighted as a rising challenge for all parts of the financial services market – how do you think this will play out in insurance specifically and what are the possible solutions?

The pressure on household finances this year has been well documented and insurance providers are all too keenly aware of the environment this can create for fraud at application and claim. Aviva confirmed recently that it had identified fraud on more than 20,000 motor policy applications. Of these, ghost broking accounted for 15% of all the application fraud detected[i]. One of the tactics used by ghost brokers is to buy a cheap policy using fake details with the victim buying the policy listed as a ‘named driver’.

This scheme underlines the importance of validating the identity of named drivers to the same level as main proposers, exploiting the latest advances in swift, front-end fraud detection to flag any links to past fraud and highlight if the information provided for a quote may have been manipulated for a cheaper premium.

At claim, soon insurance providers will have access to a whole raft of data enrichment solutions to better understand risk, including highly granular claim history data gathered from across the market.  This is set to provide a real step-change in understanding the risk of fraud at first notification of loss (FNOL).

 

  • Affordability of insurance is going to be a key concern for the insurance market given the cost-of-living crisis – how can data help insurance providers in this regard?

The insurance sector will be looking at how it can offer greater flexibility and convenience to customers where payment options are concerned, particularly in the case of mandatory insurance. By bringing in insight on premium affordability based on credit data, as part of the quote process, insurance providers can help ensure customers get the correct insurance protection with the option to pay the premium in a way they can afford.

Ultimately, doing the right thing for customers comes down to ensuring you understand their needs as fully as possible at the point of quote and claim.  In this way you can turn what is essentially a mandatory purpose into something individuals really value.  Supporting insurance providers in this regard through data and technology is what we do all day every day.

 

[i] https://www.aviva.com/newsroom/news-releases/2022/05/insurance-claims-fraud-up-by-13percent-in-2021/

Continue Reading

Magazine

Trending

Finance8 hours ago

Hey, Gen Y and Gen Z do you think you can retire comfortably?

By Penelope Gregoriou, technical investment specialist at Alexforbes   Millions of South Africans rely on the money saved in their...

Uncategorized9 hours ago

GDPR: data security four years on

Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed...

Banking9 hours ago

The importance of Customer Experience (CX) for retail banks today

By James Isaacs, President, Cyara   Today’s retail banks face considerable challenges. Open banking initiatives –  that make it easier...

Finance9 hours ago

Getting ready for VAT digitisation: automation is key

Christiaan Van Der Valk, Vice President for Strategy and Regulatory at Sovos, says technology will power real strategic success for...

Banking9 hours ago

Challenging the challenger: Why the digital transformation of traditional banking is key for competing with challenger banks

By Sam Schofield, Senior Vice President: Global Enterprise at Udacity   Monzo and Revolut are only seven years old. Starling,...

Wealth Management10 hours ago

Green with Envy – an Environmentally Conscious Data Center

Mark Fenton, Product Manager, Future Facilities   Environmental considerations are at the top of every business leader’s agenda and an...

Technology10 hours ago

How Digital Adoption Platforms can enhance digital transformation and customer experience in the insurance industry

By Vara Kumar, CPTO & Co-founder, Whatfix   Like many industries, the insurance sector was prematurely hastened towards digitalisation due...

Business18 hours ago

Why do Traders Need a Managed Service Partner?

Jeff Mezger, Vice President of Product Management, Financial Markets, TNS   Does your financial institution have the understanding, resources, talent...

Business19 hours ago

The FCA will take immediate action on customer vulnerability; here’s how firms can prepare.

Author: Jonathan Barrett, CEO and Co-Founder at Comentis   Identifying and supporting vulnerable clients has become a priority for financial...

The Green Revolution In Investing - Sustainable Investing The Green Revolution In Investing - Sustainable Investing
Business1 day ago

How fintech is key to empowering climate action

Attributed to: Rory Spurway, CEO & Founder of CarbonPay   As human activity continues to have a significant impact on...

News2 days ago

Fractional NFTs- A Positive Impact on the Market

Non-Fungible Tokens (NFTs) have been making headlines for quite some time now. The phenomenon is getting a lot of attention...

Technology2 days ago

Are cyber insurance and incident response budgets the same thing?

Dominic Trott, head of strategy – UK, Orange Cyberdefense   Cyberattacks on businesses increased by 13% in 2021 compared to...

Business2 days ago

Ticketing modernization: the key success factors for an outstanding deployment

Arnaud Depaigne, Product Manager, Smart mobility, Fime   Technology has transformed the way we pay, and transport ticketing has been...

Finance2 days ago

How to increase the growth of crypto apps in a challenging market environment

By Alexandre Pham, Vice President, EMEA at Adjust   Crypto and digital assets became one of the hottest tech topics...

Business3 days ago

Businesses must adapt to meet customers’ evolving payment needs

Nathan Shinn, Founder and Chief Strategy Officer, BillingPlatform   From the lingering impact of the COVID-19 pandemic, through to the...

Banking4 days ago

Carbon Neutral and Net Zero: The New Disrupter-in-Chief

Authored by Jason Matteson, Director of Product Strategy, Iceotope   When we think of market disruptors we typically think of...

Business4 days ago

Balancing risk management with a seamless customer experience

By Andrew Davies, VP, Global Market Strategy, Financial Crime Risk Management, Fiserv   For quite some time, measures to mitigate...

Business4 days ago

The need for blockchain to be interoperable and why it matters

By Kai Waehner, Field CTO and Global Technology Advisor at Confluent   In mid-2022, it would be fair to say that...

Interviews4 days ago

How MFA can protect the financial sector from the unprotectable

The financial sector has long been a primary target for threat actors. However, the unique infrastructure of core financial systems...

Business5 days ago

Why a three-step framework can help financial advisers support their most vulnerable customers.

Author: Tim Farmer, Co-founder and Clinical Director at Comentis   We are witnessing a vulnerability epidemic. With the Financial Conduct...

Trending