Connect with us

Security

Big bad Libra: Do we really need (or want) Facebook to reinvent money?

Published

on

How to build trust in cryptocurrency
Bill Barhydte, founder and CEO of ABRA, tells Tonya Hall why it’s important to build trust in cryptocurrency in order to improve access to global financial markets with cryptocurrency.

Are you kidding me? Facebook, the company that thinks privacy is a challenge to be overcome rather than an essential right to be protected, is launching its own currency. Good lemmings that we are, we’re all supposed to transfer our hard-earned dollars or euros or rupees or yen into Zuckerbucks?

Okay. Okay. Let’s back up a second. What exactly is Facebook doing? Let’s break it down.

Facebook has announced it will be launching a new cryptocurrency called Libra sometime next year. The company is going to integrate payment and currency transfer capabilities right into Facebook’s mobile app, Messenger, and WhatsApp. Presumably, we’ll see it show up in the Facebook-owned Instagram app sometime later.

Libra, according to Facebook, is like Bitcoin in that it’s a blockchain-based currency. But it’s not like Bitcoin because Facebook claims it’s put a structure in place to stabilize the value of Libra.

Also: Facebook debuts Libra cryptocurrency: a Bitcoin killer?

Libra is also not like Bitcoin because you can’t mine Libra. Although cryptocurrency mining rigs are hugely expensive these days, you can still mine Bitcoin. But you have to buy Libra. In that way, getting Libra is a lot more like buying in-game currency in World of Warcraft by spending real money than it is like Bitcoin, where you at least have the option to apply prodigious computing power and get cryptocoin in return.

Look, I’m going to say “Facebook claims” a lot. Normally, when we say Company X claims, it means we’re not entirely sure we can fully trust what the company is saying. Whenever we say Company X claims, it’s kind of code for a mix of we-can’t-verify-it with it-smells-like-BS. But in this case, when we say “Facebook claims,” um, yeah, that’s what we mean. It’s got that used car that lived through Hurricane Katrina smell to it.

Also: Key takeaways from damning UK report on Facebook’s world of “digital gangsters”

In any case, Facebook claims that Libra will be separate from Facebook, so you don’t have to worry about Facebook sucking down all your financial information along with everything else it’s already gathered up. The foundation for this claim is that Facebook has created a subsidiary company called Calibra which will manage the transactions.

Facebook also claims that it’s not in control of Libra, because there’s an independent, not-for-profit association running the “reserve” and Facebook only has one vote in that association.

Stay with me. This gets confusing fast, but I’ll try to unwrap it as we go.

The Libra Association

The Libra Association is made up of member organizations who have each bought into it by forking over $10 million. In megalomaniac terms, ten million is chump change. The roster of organizations looks impressive, but when you really think about it the motivation of most of the members is obvious.

Members include VISA, Mastercard, PayPal, and Stripe. These organizations would pay ten mil simply to keep an eye on what Facebook is doing with payments. Their buy-in gets them a vote, and potentially some income if Libra winds up screwing with their national currency-based business models. eBay is part of it because eBay owns PayPal and hey, making it easy for someone in another country to buy Cabbage Patch Kids is right on mission for the company.

Next you’ve got Uber and Lyft, who are spending so much, another few million doesn’t matter. Plus, they’re all about mobile payments since they’re pretty much mobile incarnate. In-car-nate. Get it? Fine. That’s my Dad Joke for the day. No more. I promise.

There are a bunch of blockchain startups participating, because of course they are. The same with the lineup of venture capitalists, who really, really want to make cryptocurrency a financial boom as big as social networking was.

Finally, to lend a taste of credibility, there are a few non-profits who are members of the Libra Association. This is part of the spin that Libra is good for the world, because it will enable the billion or so smartphone owners who don’t have bank accounts to spend and store money in their phones. It’s “empowering” – unless, of course, these financially challenged folk lose their phones or they get stolen.

The Libra Reserve

That chump change $10 million buy-in to the Libra Association isn’t just about doing good or keeping your enemy closer. There’s potentially big money to be made by the Association shareholders. That’s because of the Libra Reserve.

When you transfer real national currency into Libra in return for digital fake money, the real money has to go somewhere. That’s the Libra Reserve. On one hand, it’s there to back up the value of the Libra, in much the same way that the gold reserves at Fort Knox are there to back up the value of our paper money. The value of the Libra will be based, claims Facebook, on the value of real currency like the dollar, yen, and euro.

But it’s also there to make money for the Libra Association members, in the form of interest. They’re planning on investing that money and each – according to the amount they put into the Libra Association – gets a share of the interest.

There will also be transaction fees for money going in and out of Libra, along with every Libra transaction. Those fees also go into the reserve.

Here’s the elevator pitch. Facebook has more users and reach than any single organization has had since the beginning of time. If this works, the majority of those users will put their money into Libra. You, if you sign up, can get interest on that money. Ooh. Shiny.

Notice that Google, Apple, Amazon, and Microsoft are not part of this Libra cabal. Neither are any banks.

Don’t worry. That slightly nauseous feeling is normal. It’s just a side effect of the rational response to yet something else in our world beginning to go terribly, terribly wrong.

What could possibly go wrong?

Facebook has claimed that it will be separate from Calibra, and the data gathered by Calibra won’t be used by Facebook. So, yeah, your privacy is golden. Riiiiight.

Facebook hasn’t said anything about Calibra not using your financial data, so there’s that nerve-wracking omission.

Facebook has also claimed that there will be the equivalent of an opt-in to allow some level of data sharing. Users won’t be opted in by default. But Facebook and its partners are going to bang the drum really, really hard to get you to convert your cash to Libra, so they’re going to offer tasty incentives.

Wanna bet giving up some of your privacy rights will be buried in the terms and conditions for accepting those incentives? I’ll take that bet.

Then there’s the whole decentralized blockchain so no one can get to it all thing. The idea of the blockchain came from Bitcoin and it’s a way to store encrypted unique information in a decentralized form.

Except Facebook expects Libra to be so big that it would take too much time to do decentralized transactions. There will be some centralized management of all that Libra currency. If you don’t think that’s already a target for hackers, you’re not paying attention.

Speaking of rotten smelling eggs, Facebook intends to allow Libra to be baked into apps other than those owned by Facebook. It’s going to start promoting an API so anyone with access to a good pizza delivery service and a tendency to stay up all night can incorporate Libra transactions into their apps.

Do you think there might be some spammy, scammy apps out there? Sure you do.

Then there’s the government. Which government? Any government. Libra is specifically designed (like Bitcoin) to be government agnostic. But since each government likes to govern how money flows through its economy (and its sticky tax-collecting hands), many governments are likely to weigh in on Libra. The odds are they’re not going to like what they see.

The good news, from the point of view of Facebook and the Libra Association, is that it doesn’t take a lot of money to influence a senator or congresscritter.

According to the New York Daily News, it now costs about $10.5 million dollars (total!) to win a senate seat. Does that number look familiar? Yep, it costs $10 million to buy into the Libra Association. Now, I’m not going to say that any of these companies are buying votes. That’s illegal. But it’s not illegal to hire lobbyists and fund them reaaal well.

Oh, and for the company who wants to influence policy on a budget, it costs about $1.7 million for a seat in Congress. Let’s put this in big business perspective. It cost $5 million for a 30 second TV spot in Super Bowl 2018. The cost of a single Super Bowl ad is enough to fund the campaigns for almost three members of congress.

Also: Facebook asked by lawmakers to pause Libra cryptocurrency project

Again, I’m not saying our elected officials will do anything illegal. I’m just saying that you shouldn’t expect them to be the bulwark against Facebook’s new currency scheme.

Is it really that bad?

Put in a historical perspective, not really. Our society has reinvented money a bunch of times in just the last century. Paper checks, electronic fund transfers, credit cards, services like PayPal were all fundamental rethinks on how money is transferred.

Libra is just another take on smoothing the movement of money between hands. Think of it this way: Amazon wouldn’t work if we didn’t have credit cards.

Rethinking money transfer opens up new doors of possibility. But it also has chilling effects. From my perspective as a very busy consumer, Amazon is wonderful. But from the perspective of the many businesses that Amazon has put out of business, it’s is the grim reaper.

Most of our modern technological powerhouses are really double-edged swords. They provide some real value, but they do so at a cost. Sometimes that cost is obvious and shows up in monthly subscription fees. Other times, that cost is insidious and just sucks away at us behind the scenes, to the detriment of us all.

Facebook is clearly in that second category. The Libra will undoubtedly generate value and a following. But do we need it?

Some would say that the disadvantaged without access to banks do, and that’s true. But Facebook? Facebook???

Also: Quitting the five tech giants: Could you really flee Facebook?

What do you think? You probably already trust Facebook with knowledge of your preferences, locations, interests, friends, and political opinions. Are you going to trust Facebook with your money, too? Let us know in the comments below.


You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Security

Five Top Tips for Radar Briefings

Published

on

Inspired by Harley Manning’s excellent advice on vendor briefings for evaluations, I thought I would document some of my recent experiences. Let’s be realistic: GigaOm is not the gorilla in the analyst market. Plus, we have some curious differences from other analyst firms — not least that we major in practitioner-led evaluation, bringing in an expert rather than (as Chris Mellor points out) “a team of consultants”. Nothing wrong with either approach, as I have said before, they’re just different. 

So, what would be my top tips for vendors looking to brief us for a Radar report? 

1. Make it technical

At GigaOm we care less about market share or ‘positioning’, and more about what the product or solution actually does. Our process involves considerable up-front effort pulling together, and peer reviewing a research proposal, following which (every time) we produce a Key Criteria report — for subscribers, this offers a how-to guide for writing an RFP.

By the time we’re onto the Radar, we’re mainly thinking, “Does it do the thing, and how well?” If we can get our technical experts in a virtual room with your technical experts, we can all get out of the way. See also: provide a demo. 

2. Understand the scoring

Behind GigaOm’s model is a principle that technology commoditizes over time: this year’s differentiating product feature may be next year’s baseline. For this reason, we score against a general level, with two plusses given if a vendor delivers on a feature or quality. A vendor doing better than the rest will gain points (and we say why), and the converse is true. If we’re saying something, we need to be able to defend it — in this case, in the strengths and weaknesses in the report. 

3. Make it defensible

Speaking of which, a vendor can make our lives simpler by telling us why a particular feature is better than everyone else’s. Sorry, we’re not looking for an easy ride, but to say what makes something special gives us something to talk about (as opposed to “but everyone thinks so,” etc). Note that customer proof points carry much more weight than general statements — if a customer says it to us directly, we’re far more likely to take it on board. 

4. Tell us scenarios

At GigaOm, we’re scenario-led — which means we’re looking at how technology categories address particular problems. Many vendors solve specific problems particularly well (note, I don’t believe there’s such a thing as a top-right shortlist of vendors to suit all needs). Often in briefings, I ask ‘magic’ questions like, “Why do your customers love you?” which cut through generalist website hype and focus on where the solution is particularly strong. 

5. Focus on the goal 

A Radar briefing shouldn’t be perceived as a massive overhead — we want to know what your product does, not how well your media-trained speakers can present. Once done, our experts will be able to complete their work, then run the resulting one-pager back past you for a fact check. For sure, we’d love as much information as you can provide, and we have an extensive set of questionnaires for that purpose.

I’ve just flicked back through Harley’s ten points, and there’s a lot in there about being respectful, aiming to hit dates, not arguing over every judgment, and so on. Wise words, which we get just as often, I wager. I also recognize that even as we have published schedules, methodologies, planned improvements, and so on, you also have your own challenges and priorities. 

All of which means that together, our primary goals should be effectiveness, such that we are presenting you, the vendor, correctly with respect to the category, and efficiency, in that a small amount of effort in the right places can benefit all of us. Which probably means, let’s talk. 

The post Five Top Tips for Radar Briefings appeared first on GigaOm.

Continue Reading

Security

Achieve more with GigaOm

Published

on

As we have grown substantially over the past two years. We are often asked who (even) is GigaOm, what the company does, how it differentiates, and so on. These are fair questions—many people still remember what we can call GigaOm 1.0, that fine media company born of the blogging wave.

We’ve been through the GigaOm 2.0 “boutique analyst firm” phase, before deciding we wanted to achieve more. That decision put us on a journey to where we are today, ten times the size in terms of headcount and still growing, and covering as many technology categories as the biggest analyst firms. 

Fuelling our growth has been a series of interconnected decisions. First, we asked technology decision-makers —CIOs, CTOs, VPs of Engineering and Operations, and so on—what they needed, and what was missing: unanimously, they said they needed strategic technical information based on practical experience, that is, not just theory. Industry analysts, it has been said, can be like music critics who have never played in an orchestra. Sure, there’s a place for that, but it leaves a gap for practitioner-led insights. 

Second, and building on this, we went through a test-and-learn phase to try various report models. Enrico Signoretti, now our VP of Product, spearheaded the creation of the Key Criteria and Radar document pair, based on his experience in evaluating solutions for enterprise clients. As we developed this product set in collaboration with end-user strategists, we doubled down on the Key Criteria report as a how-to guide for writing a Request For Proposals. 

Doing this led to the third strand, expanding this thinking to the enterprise decision-making cycle. Technology decision-makers don’t wake up one morning and say, “I think I need some Object Storage.”

Rather, they will be faced with a challenge, a situation, or some other scenario – perhaps existing storage products are not scaling sufficiently, applications are being rationalized, or a solution has reached the end of life. These scenarios dictate a nhttps://gigaom.com/end-user-products/btis/eed: often, the decision maker will not only need to define a response but will also then have to justify the spending. 

This reality dictates the first product in the GigaOm portfolio, the GigaBrief, which is (essentially) a how-to guide for writing a business case. Once the decision maker has confirmed the budget, they can get on with writing an RFP (cf the Key Criteria and Radar), and then consider running a proof of concept (PoC).

We have a how-to guide for these as well, based on our Benchmarks, field tests, and Business Technology Impact (BTI) reports. We know that, alongside thought leadership, decision-makers need hard numbers for costs and benefits, so we double down on these. 

For end-user organizations, our primary audience, we have therefore created a set of tools to make decisions and unblock deployments: our subscribers come to us for clarity and practitioner-led advice, which helps them work both faster and smarter and achieve their goals more effectively. Our research is high-impact by design, which is why we have an expanding set of partner organizations using it to enable their clients. 

Specifically, learning companies such as Pluralsight and A Cloud Guru use GigaOm reports helping subscribers set direction and lock down the solutions they need to deliver. By its nature, our how-to approach to report writing has created a set of strategic training tools, which directly feed more specific technical training. 

Meanwhile, channel companies such as Ingram Micro and Transformation Continuum use our research to help their clients lock down the solutions they need, together with a practitioner-led starting point for supporting frameworks, architectures, and structures. And we work together with media partners like The Register and The Channel Company to support their audiences with research and insights. 

Technology vendors, too, benefit from end-user decision makers that are better equipped to make decisions. Rather than generic market making or long-listing potential vendors, our scenario-led materials directly impact buying decisions, taking procurement from a shortlist to a conclusion. Sales teams at systems, service, and software companies tell us how they use our reports when discussing options with prospects, not to evangelize but to explore practicalities and help reach a conclusion.

All these reasons and more enable us to say with confidence how end-user businesses, learning, channel and media companies, and indeed technology vendors are achieving more with GigaOm research. In a complex and constantly evolving landscape, our practitioner- and scenario-led approach brings specificity and clarity, helping organizations reach further, work faster and deliver more. 

Our driving force is the value we bring; at the same time, we maintain a connection with our media heritage, which enables us to scale beyond traditional analyst models. We also continue to learn, reflect, and change — our open and transparent model welcomes feedback from all stakeholders so that we can drive improvements in our products, our approach, and our outreach.

This is to say, if you have any thoughts, questions, raves, or rants, don’t hesitate to get in touch with me directly. My virtual door, and my calendar, are always open. 

The post Achieve more with GigaOm appeared first on GigaOm.

Continue Reading

Security

Pragmatic view of Zero Trust

Published

on

Traditionally we have taken the approach that we trust everything in the network, everything in the enterprise, and put our security at the edge of that boundary. Pass all of our checks and you are in the “trusted” group. That worked well when the opposition was not sophisticated, most end user workstations were desktops, the number of remote users was very small, and we had all our servers in a series of data centers that we controlled completely, or in part. We were comfortable with our place in the world, and the things we built. Of course, we were also asked to do more with less and this security posture was simple and less costly than the alternative.

Starting around the time of Stuxnet this started to change. Security went from a poorly understood, accepted cost, and back room discussion to one being discussed with interest in board rooms and at shareholder meetings. Overnight the executive level went from being able to be ignorant of cybersecurity to having to be knowledgable of the company’s disposition on cyber. Attacks increased, and the major news organizations started reporting on cyber incidents. Legislation changed to reflect this new world, and more is coming. How do we handle this new world and all of its requirements?

Zero Trust is that change in security. Zero Trust is a fundamental change in cybersecurity strategy. Whereas before we focused on boundary control and built all our security around the idea of inside and outside, now we need to focus on every component and every person potentially being a Trojan Horse. It may look legitimate enough to get through the boundary, but in reality it could be hosting a threat actor waiting to attack. Even better, your applications and infrastructure could be a time bomb waiting to blow, where the code used in those tools is exploited in a “Supply Chain” attack. Where through no fault of the organization they are vulnerable to attack. Zero Trust says – “You are trusted only to take one action, one time, in one place, and the moment that changes you are no longer trusted and must be validated again, regardless of your location, application, userID, etc”. Zero Trust is exactly what it says, “I do not trust anything, so I validate all the things”.

That is a neat theory, but what does that mean in practice? We need to restrict users to the absolute minimum required access to networks that have a tight series of ACL’s, to applications that can only communicate to those things they must communicate with, to devices segmented to the point they think they are alone on private networks, while being dynamic enough to have their sphere of trust changed as the organization evolves, and still enable management of those devices. The overall goal is to reduce the “blast radius” any compromise would allow in the organization, since it is not a question of “if” but “when” for a cyber attack.

So if my philosophy changes from “I know that and trust it” to “I cannot believe that is what it says it is” then what can I do? Especially when I consider I did not get 5x budget to deal with 5x more complexity. I look to the market. Good news! Every single security vendor is now telling me how they solve Zero Trust with their tool, platform, service, new shiny thing. So I ask questions. It seems to me they only really solve it according to marketing. Why? Because Zero Trust is hard. It is very hard. Complex, it requires change across the organization, not just tools, but the full trifecta of people, process, and technology, and not restricted to my technology team, but the entire organization, not one region, but globally. It is a lot.

All is not lost though, because Zero Trust isn’t a fixed outcome, it is a philosophy. It is not a tool, or an audit, or a process. I cannot buy it, nor can I certify it (no matter what people selling things will say). So that shows hope. Additionally, I always remember the truism; “Perfection is the enemy of Progress”, and I realize I can move the needle.

So I take a pragmatic view of security, through the lens of Zero Trust. I don’t aim to do everything all at once. Instead I look at what I am able to do and where I have existing skills. How is my organization designed, am I a hub and spoke where I have a core organization with shared services and largely independent business units? Maybe I have a mesh where the BU’s are distributed to where we organically integrated and staffed as we went through years of M&A, maybe we are fully integrated as an organization with one standard for everything. Maybe it is none of those.

I start by considering my capabilities and mapping my current state. Where is my organization on the NIST security framework model? Where do I think I could get with my current staff? Who do I have in my partner organization that can help me? Once I know where I am I then fork my focus.

One fork is on low hanging fruit that can be resolved in the short term.  Can I add some firewall rules to better restrict VLAN’s that do not need to communicate? Can I audit user accounts and make sure we are following best practices for organization and permission assignment? Does MFA exist, and can I expand it’s use, or implement it for some critical systems?

My second fork is to develop an ecosystem of talent, organized around a security focused operating model, otherwise known as my long term plan. DevOps becomes SecDevOps, where security is integrated and first. My partners become more integrated and I look for, and acquire relationships with, new partners that fill my gaps. My teams are reorganized to support security by design AND practice. And I develop a training plan that includes the same focus on what we can do today (partner lunch and learns) with long term strategy (which may be up skilling my people with certifications).

This is the phase where we begin looking at a tools rationalization project. What do my existing tools not perform as needed in the new Zero Trust world, these will likely need to be replaced in the near term. What tools do I have that work well enough, but will need to be replaced at termination of the contract. What tools do I have that we will retain.

Finally where do we see the big, hard rocks being placed in our way?  It is a given that our networks will need some redesign, and will need to be designed with automation in mind, because the rules, ACL’s, and VLAN’s will be far more complex than before, and changes will happen at a far faster pace than before. Automation is the only way this will work. The best part is modern automation is self documenting.

The wonderful thing about being pragmatic is we get to make positive change, have a long term goal in mind that we can all align on, focus on what we can change, while developing for the future. All wrapped in a communications layer for executive leadership, and an evolving strategy for the board. Eating the elephant one bite at a time.

The post Pragmatic view of Zero Trust appeared first on GigaOm.

Continue Reading

Trending