Why is incident response important in case of cyber attack

incident response in cybersecurity

What is incident response and why is it important?

While the range of cyber attacks is expanding worldwide, producing disruptive and harmful effects for any sort of business with a lack of proper security measures, it appears clear that cyber security is one of the most important functions to enforce across digital transformation. Thus, the best option for companies is the creation of strategies to handle incidents that can seriously compromise the integrity and availability of IT systems, and of course of private data and information which are stored and processed, and to deal with security risks and prevent damages in terms of trust ad reputation.

To provide a definition of incident response (IR), it is possible to consider that as the endeavor to rapidly recognize an attack, mitigate its negative consequences to keep damage under control and address the cause to reduce the odds that similar incidents may occur in future. Arranging a good incident response plan is the key to tackle cyber security threats to computer systems through a strategic approach built on a well-defined structure enabling to check which areas are more fragile and exposed to attacks and foresee the best countermeasures to apply for defense.

Firms that adopt good incident response strategies can successfully and effectively limit the duration of attacks and the damage they could produce, with significant benefits for what concerns security but also finance. In fact, the importance of a proper incident response policy cannot be underestimated, as IBM’s Cost of a Data Breach 2023 report states that organizations with regularly tested incident response plans and strategies can save $4,45 million for the recovery of harms originated by data breaches and other categories of attacks. Moreover, IBM highlights the effectiveness of AI-based cyber security solutions helping companies save $1,76 million and that half of firms are willing to increase their investments in cyber security, especially for the making of incident response plans and the professional education of workers.

Incident response or incident management?

Incident Response and Incident Management are terms which are often used interchangeably, because they both aim to ensure business security and tackle consequences of cyber attacks, such as data breaches. As a matter of fact, incident response is a subset of incident management:

  • Incident management refers to the entire incident lifecycle, from detection to resolution, and involves different actors including the executive team, the legal staff and of course IT departments;
  • Incident response, instead, is only a specific part of the process and refers to the technical assessments for what concerns cyber security and resilience.

The main types of security incidents

In the development of an incident response plan, to guarantee the effectiveness of the strategy it is important to understand what connects three main factors:

  • Vulnerability, which refers to a weakness in the corporate IT environment;
  • Threats, represented by an entity – not only external hackers, but even a company employee – who exploits vulnerabilities to get unauthorized access to resources;
  • Incidents, thus the attacks that can compromise systems and generate serious harms, like privacy breach, personal data loss and corporate resources leaks.

Knowing the main types of security incidents can help to better understand how companies are exposed to risks and plan efficient response. They are:

  • Attempts to gain unauthorized access to systems or databases;
  • Insider threats;
  • Phishing and spear phishing;
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS);
  • Man-in-the-Middle;
  • Password attacks on web applications.

For the best corporate cyber security, effective incident response requires drafting, verification and testing of the incident response plan, which should clearly cover:

  • Roles and responsibilities of each team member;
  • Communication protocols;
  • Accident assessment criteria;
  • Incident response procedures;
  • Contact lists of external stakeholders;
  • Incident identification, containment, mitigation and recovery phases.

The 6 steps of the incident response plan

To build effective incident response plans, companies can take into account some consolidated frameworks that guide and enhance defensive strategies. The best-known frameworks have been developed by organizations that provide technical standards, such as NIST (National Institute of Standards and Technology), SANS Institute (SysAdmin, Audit, Networking, and Security), ISO (International Organization for Standardization) and ISACA (Information Systems Audit and Control Association).

These frameworks have some differences in their approaches, but their processes are set on quite similar phases that must be performed in sequence as each one builds on the previous one. Let’s take a look at these stages and what they refer to:

  • Preparation/Planning: development of the incident response plan and preparation of all necessary resources, implementing tools and processes to detect potential incidents and tackle them with a quick and efficient countermeasure;
  • Detection/Identification: recognition of a potential incident to proceed with the collection of information about the cause and extent of the attack;
  • Containment: unfolding of steps needed to be taken in order to stop an attack before it causes severe damage and regain control of the IT assets.
  • Eradication: cleaning of systems to remove malicious code and activity, patch vulnerabilities and completely restore compromised systems;
  • Recovery: restoration of normal operations by fixing vulnerabilities and taking actions to reduce the odds that cyber threats could leverage them again;
  • Follow up: research on the incident to understand how it occurred and identify additional measures and corrective actions to prevent the odds that similar incidents might happen in future – a key phase to improve the internal processes and strategy to respond even better to potential threats and attacks.

The importance of strong authentication for hybrid and remote working

hybrid and remote working

Hybrid and full remote working: the need for new digital workspaces

Over the last few years, the landscape of work has undergone a disruptive transformation where hybrid and full remote working quickly replaced the dominant role of traditional physical offices for all those jobs and tasks that can be easily and effectively done from everywhere, just by connecting to the Internet through IT devices. As a matter of fact, this change is pushing for the urgent need for innovative solutions to accommodate this new way of working by building new digital workspaces.

Let’s check the difference between these new trends:

  • Hybrid work is a blended solution combining in-office and remote work together, based on flexibility and work-life balance while maintaining some weekly physical interaction for specific activities to carry out at the office;
  • Full remote work, instead, makes it possible for workers to completely carry out jobs remotely from anywhere, with a deep sense of freedom and independence.

It appears clear that, at least for what concerns digital professional profiles, the conventional physical office is no longer a valuable option for an increasingly dynamic workforce. Nowadays, employees and freelance contributors require seamless access to tools, data and platforms to best cooperate: this is where new digital workspaces come into play and how they go beyond the physical boundaries of classic offices, addressing the challenges regarding the geographical workforce scattering, the diversity of connected devices and, above all, the demand for fluid collaboration anytime, anywhere. This is just one of the main areas related to the digital transformation phenomenon around businesses.

The main features of digital workspaces for hybrid and remote working

Building such effective, efficient, secure and trusted hybrid and remote workspaces needs a comprehensive approach that considers technology, policies and education. Here’s a blueprint including the main features for building digital workspaces:

  • Unified, shared and intuitive access to applications and data through a single entry point with a simplified user experience combined with user-friendly interfaces, especially without the need for multiple logins;
  • User authentication management to centralize authentications and accesses on workspace platforms and keep an overview of access authorization to resources;
  • Multi-factor authentication (MFA) implementing strong methods that ask users multiple verification factors for a trusted and safe access, especially for the first-time connection from new devices;
  • Mobile device management (MDM) to enforce remote work security policies on mobile devices and make possible to implement remote mobile access controls;
  • Integration of tools and applications improving the unfolding of processes and enabling effortless and remote real-time cooperation for all workers;
  • Secure data management and privacy policies considering measures to ensure protection for sensitive information and providing secure networks where share, store and access data, also ensuring that remote workers privacy gets respected while still enabling effective monitoring and security measures;
  • Secure network infrastructure to establish encrypted and safe connections of remote devices with corporate networks, including endpoint security solutions for all the devices connected remotely, safeguarding data transmission and preventing cyber threats and unauthorized access to resources;
  • Regular security audits, review and hardware/software updates to effectively identify and address vulnerabilities, checking the effectiveness of security measures – which must adapt to the fast evolution of cyber risks and threats – and keeping devices and applications updated with the latest system and security patches;
  • Development of an incident response plan [LINK Why is incident response important in case of cyber attack] to prepare a quick and strong resistance strategy outlining steps to take in case of cyber attacks to mitigate damages and downtime and effectively spot the threat and counter eventual future attempts;
  • Workers training about the most relevant digital workspace functions and especially regarding cyber security best practices, such as recognizing phishing attempts, using secure networks and wisely use their devices remotely;

Security in hybrid and remote working: strong authentication is the way

Cyber security has always been a key point to safeguard within organizational workspaces and, of course, it is now even more concerning the evolving landscape of hybrid and remote work. The safety and integrity of sensitive private information and business data is what everybody look for when enjoying the freedom of connecting and working anywhere in the world over the Internet; but, despite the enthusiasm for the innovation that’s changing people working habits worldwide, the traditional security measures are no longer sufficient to tackle the threats that could affect decentralized work environments. Thus, strong authentication might represents the right way to ensure security in hybrid and remote working and fix the weaknesses that hackers know how to exploit, like unsecured home networks where malwares could spread or all risks related to personal data breach through lost or stolen devices.

Strong authentication is based on multi-factor verification and leverage on introducing additional layers of security beyond the conventional username and password combination. In fact, in order to successfully authenticate to a platform users need to pass multiple forms of validation, including:

  • Username and passwords combination;
  • Biometric markers like fingerprints (learn about pros and cons);
  • Passkey authentication;
  • QR codes to scan via mobile applications;
  • One time passwords (OTP) sent via SMS.

As firms worldwide continue to explore the hybrid and remote work landscape, they realize how strong authentication becomes a must to leverage on cyber security and improve the productiveness, making it possible for workers to quickly and safely authenticate on work platforms while companies can maintain the control of what’s happening in the digital space, who’s accessing, how, when and where. By embracing strong identity verification solutions including multi-factor authentication, a market expected to be valued around $20 billion by 2025, organizations strengthen their digital infrastructures, enabling seamless and secure work experiences. Indeed, strong authentication represents not just a measure of security, more likely a wise investment for the longevity and resilience required by the new digital workplaces.

The benefits of strong authentication in hybrid and remote working

As we’ve seen, strong authentication emerges as a crucial pillar for cyber security in hybrid and remote working models as this powerful method to verify users identity provides several benefits for digital dynamic work environments ensuring data protection, maintaining operational continuity and guarantee the safety of work ecosystem. Let’s take a look at the most relevant benefits of the use of strong authentication:

  • Complies to data protection regulatory frameworks such as GDPR, proving the organization’s commitment about privacy, sensitive data and information and enhancing brand reputation among stakeholders;
  • Mitigates remote risks safeguarding users devices against unauthorized access, ensuring that only legitimate users can enter;
  • Prevents and defends against cyber attacks adding multiple layers of protection and making it significantly difficult for hackers to breach systems and compromise data – it especially includes attacks like spear phishing;
  • Prevents identity theft drastically reducing the odds that unauthorized individuals could impersonate another person through emails or other digital form of communication, like employees, contributors or even managers, thus safeguarding both personal and corporate identities;
  • Guarantees user-friendly experiences combining the need for online security with user convenience and simplicity, as methods like biometric authentication and the use of mobile apps procedures provide seamless and secure identification while maintaining a high level of security;
  • Improves remote collaboration security with a secure and quick access to shared documents and communication platforms only for authorized personnel;
  • Keeps insider threats under control dissuading potential hackers within the organization itself to actualize malicious intentions and reducing the likelihood of unauthorized access to important systems and resources – improving corporate cybersecurity;
  • Allows business continuity as strong authentication guarantees employees to get secure access to resources and maintain productivity anytime, anywhere, even by using personal devices when the ones provided by companies were damaged, compromised or stolen.

To get a wider knowledge on this topic and learn more about it from another point of view, check out Microsoft’s blog post.

How dark patterns impact on GDPR

pc security concept

What are dark patterns?

On 9 December 2022, the European Commissioner for Justice and Consumer Protection, Didier Reynders, declared that in 2023 the European Commission would concentrate its efforts on the regulation of dark patterns and how they relate to the GDPR, as well as transparency in the online advertising market.

Dark patterns, according to the definition provided by the Personal Data Protection Authority (GPDP), are “deceptive design patterns” that can negatively influence people’s behavior and hinder their ability to keep their online privacy safe.

Specifically, dark patterns are interfaces and navigation paths designed to push users to take unaware or unwanted actions, potentially dangerous for what concerns individual privacy but very useful for the interest of the platform itself or the service provider. In other words, they are UX design strategies adopted by businesses to persuade people to unfold specific activities that otherwise they wouldn’t have considered.

In February 2023, European Data Protection Board (EDPB) published guidelines explaining how to recognize and avoid dark patterns. The document offers convenient advice to providers, managers, social media designers and users regarding how to behave with these interfaces that violate the GDPR privacy.

6 categories of dark patterns according to EDPB

The EDPB guidelines highlights that dark patterns can be divided into six categories:

  • Overloading: occurs when users receive a large amount of requests, information, options or possibilities that, one way or another, push them to share more data or to consent to the processing of personal data against user’s will and expectations;
  • Skipping: occurs when the whole interface is designed to confuse the user navigation journey who eventually forgets or doesn’t think about key aspects of data protection;
  • Stirring: affects the choice users would probably make by appealing to their emotions and using visual prompts;
  • Obstructing: happens when users are hindered or even blocked for what concerns process the provision of clear information on the use and management of their data;
  • Fickle: occurs when users consent to the processing of their data without clearly understanding the purposes, due to an inconsistent or unclear interface;
  • Left in the dark: happens when interfaces get designed to hide information or data protection control tools, hence users navigate in uncertainty and don’t know how anything about the processing of their data, the purposes and if and what kind of control they can still hold over it.

As a matter of fact, the interfaces and information submitted to users should always faithfully reflect the consequences of the action taken. A similar situation occurs when it comes to web cookies, a topic that easily triggers users while surfing websites and apps: you can learn more here. So, it’s key that the design approach never questions person’s decision and misleads choices to maintain a less protective environment in terms of data security. Instead, users should be warned that a specific choice could compromise the safety of their data and privacy.

How does GDPR regulate Dark Patterns?

As reported in the EDPB guidelines, GDPR’s Article 5 sets out the applicable principles regarding the data protection compliance of user interfaces. The principle of fair treatment set out in Article 5 (1a) serves as a starting point for assessing whether a design pattern actually works as a “misleading design pattern“. Other principles playing a role in this assessment are the transparency, the data minimization and the accountability, as stated in Article 5 (1a), (1c) and (2), as well as the purpose limitation according to Article 5 (1b). In some cases, the assessment is also based on the conditions of consent according to Article 4 and Article 7 or other specific obligations, such as Article 12 claims. As for the rights of data subjects, GDPR’s Third Chapter must also be taken into account. Mostly important, Article 25 plays a key role as establishes data protection design requirements to be applied before building an interface to avoid dark patterns.

Dark Patterns example: a social media account life cycle

The European Data Protection Board’s paper makes it clear that the GDPR’s regulations apply to the whole course of processing personal data in relation to the operation of social media platforms, or to the entire life cycle of a user account. Furthermore, the EDPB offers several real cases about misleading design patterns throughout the lifecycle of a social media account, from signup to account closure. In order to enable the efficient implementation of the General Data Protection Regulation, each use case provides interface designers with an in-depth explanation of which GDPR’s requirements are pertinent to it.

The most used AI tools

artificial intelligence

What are AI tools?

Artificial Intelligence is one of the most relevant and disruptive technologies that are leaving a huge mark in this crucial technological transition era, better known and addressed as digital transformation.

What is AI exactly? Nowadays, when people talk about Artificial Intelligence usually make some confusion about its definition, thus most times it makes it difficult to actually focus correctly on this topic. To give an effective definition of AI, it’s simply about the development of computer systems that can carry out tasks that usually would require human intelligence skills and that would apply to many sectors and purposes.

Hence, accordingly with this definition of Artificial Intelligence, AI tools are applications developed on specific AI algorithms to perform given tasks, respond to user’s inputs and solve problems by guaranteeing high quality standards, output effectiveness, decisive support into processes (e.g. unfolding technical tasks or making data-driven decisions) and constant improvement due to machine learning: in short, profitability.

Why should people use AI tools?

People use AI tools for a variety of reasons related to the numerous benefits they give in terms of effectiveness and efficiency, especially while unfolding everyday activities at work when technical and complex tasks have to get done, above all in decision-making. Here are some compelling reasons why people should consider using AI tools to best drive digital transformation and improve their performances:

  • Accessibility to make technology usable to people with disabilities by enabling voice commands, text-to-speech and other digital assistive features;
  • Automation of repetitive tasks, saving time, reducing human effort and so allowing individuals and businesses to focus on more strategic and creative aspects of work;
  • Creativity to generate new ideas or concepts for what concerns art, music and any other creative content, inspiring new forms of expression and entertainment;
  • Cost Savings to cut down labor costs and streamline processes and to better allocate resources when it’s needed;
  • Customer Service to provide quick and accurate responses to clients queries and improve customer support and onboarding;
  • Data Analysis to process and analyze large volumes of data much faster and accurately than humans, helping to make data-driven decisions;
  • Innovation to enable new products and services development across industries;
  • Personalization to enable customized experiences based on user behavior and preferences, thus serving as recommendation systems for products or content;
  • Predictive Analytics to foresee business trends and outcomes based on historical data, so to anticipate demand, optimize inventory and plan future actions to take;
  • Research to help scientists process vast amounts of data from laboratory tests and previous studies, thus providing support to lead to new discoveries;
  • Security to monitor IT systems and detect potential cyber risks, such as fraudulent activities in financial transactions or privacy breaches to personal or company data;
  • Translation to cut down language barriers and foster global communication and collaboration, very helpful especially for remote international work environments.

Despite these key benefits, which may look extremely good at first sight, it’s still important to use AI tools responsibly and ethically. This means to take into account potential biases, privacy concerns and the possible negative impact on some categories of jobs. Thus, the decision to use AI tools should be taken accordingly with specific needs and goals, keeping in mind both the advantages and potential challenges. To learn more about AI and its ethic role in digitalisation, please check out this article.

10 most used and must-try AI tools

What are the most used and must-try AI tools out there? This question comes natural considering how much Artificial Intelligence is becoming popular, especially for what concerns generative AI, the most interesting aspect of this technology. To learn more about generative AI, check out this interesting Google’s blog post.

Here’s a selection of 10 most used and must-try AI tools playing a game-changing role in unfolding your daily activities, both for personal and business purposes:

  • AI Tool No.1: ChatGPT, one of the most famous chatbots based on natural language processing to engage human-like conversations with users responding to questions or to detailed instructions through prompts; this amazing tool rapidly caught the attention of technology experts and enthusiasts for serving as an extraordinary companion for problem solving, brainstorming or even writing tasks;
  • AI Tool No.2: MidJourney, an impressive application able to convert natural language prompts instructed by users into detailed and extremely fine pictures;
  • AI Tool No.3: Fireflies, a disruptive application for web meetings which allows to take notes, summarize information, transcribe and translate speeches live-time;
  • AI Tool No.4: Notion, a digital assistant which some users address to as a “second brain” which helps to brainstorm, take notes, write, edit and summarize ideas; in other words, it’s your partner helping you to think bigger and work faster;
  • AI Tool No.5: SlidesAI, an application capable of generating professional and engaging slides in few steps starting from texts and/or prompts given by users;
  • AI Tool No.6: QuillBot, a smart writing companion which helps to rephrase, translate and edit texts by checking and correcting grammar, detecting potential plagiarism and suggesting ways to make writing more clear and authentic;
  • AI Tool No.7: Flick, a perfect smart application to run amazing social media marketing strategies helping to generate and store creative ideas for contents, based on trends and followers/users behavior, and providing all that it takes to turn simple concepts into real posts ready to go online;
  • AI Tool No.8: Replit, an amazing coding application that make it easy and convenient to build softwares and IT codes, a perfect companion for developers;
  • AI Tool No.9: Tome, an extremely interesting application helping users enhancing great storytelling by generating and shaping ideas based on basic texts and prompts; it works for everything which needs to be told, like business presentations, school projects or even your next novel’s plot;
  • AI Tool No.10: Superhuman, a brilliant application that revolutionizes email business communication providing marketing teams with a solid companion to write (and edit) stunning email content accordingly with specific key details, like the tone of voice, the target audience, the text length and the communication’s purpose.

Did you ever use any of these AI tools? Don’t miss your chance to drive innovation and digital transition trends by leveraging on these new disruptive technological supports for your work! If you’re looking for more AI tools to try, check out Forbes’s suggestions and the best AI tools for marketing.

What is Data Fabric for corporate Data Management?

digital data

What is Data Management and why is it important?

Data has become one of the fundamental elements for organizations, as the ability to efficiently and securely manage massive data flows is key to lead to the correct valorization of information assets. Here it comes the need for a strategic corporate data management approach, considered as the collection, archiving and use of information within the limits of policies and regulations, aiming to guarantee their integrity, reliability and accessibility. To adopt effective data management strategies is crucial for the implementation of IT systems that run business applications and provide valuable information to support business decision-making processes.

Data Management is part of Data Architecture, thus the set of logics, processes and technologies necessary to collect, transform and distribute data at all levels within the organization that contributes to the definition of the Data Strategy, a detailed plan defining company’s priorities and goals regarding business data and information.

The main purposes of Data Management are:

  • Business Centrality, allowing organizations to define data governance that supports the strategic unfolding of activities;
  • Integrity, ensuring the quality, accuracy and reliability of company data, providing error control and prevention mechanisms;
  • Accessibility and Security, guaranteeing access to data and ensuring secure distribution, minimizing the risk of privacy violation, loss or theft through the adoption of suitable security measures;
  • Elasticity, ensuring scalability and flexibility capabilities that enable quick response to changing business needs;
  • Collaboration, enabling more efficient cooperation between teams and workgroups with different business roles.

Data Management is a sector that’s proving to be increasingly important for companies that want to leverage data to create value, no wonder that new innovative architectures and approaches are being developed, such as the Data Fabric.

What is Data Fabric?

Every data-centric business needs an approach that overcomes the obstacles regarding time, space, different types of software and data locations. Data must be accessible to the users who need it, without being fragmented into several repositories or managed by different teams. The solution is called Data Fabric, a method to manage data specifically designed to address these challenges and help businesses thrive.

Data Fabric allows users to connect and manage all company data in real time and across different applications and systems. This factor is important, as it means having a single source of reliable information available to safely consult when needed, thus automating data management processes.

The American company Techtarget provides a definition of Data Fabric which refers to “an architecture and software offering a unified collection of data assets, databases and database architectures within an enterprise, that can be confined to an application, used to collect distributed data and extend to all enterprise data, serving as the implementation of general data virtualization principles”.

Data Fabric is therefore a solution that facilitates end-to-end data integration, several data pipelines and cloud-based data management environments through the use of intelligent and automated systems to ensure a unified and consistent user experience that supports collaboration between teams and helps companies in the strategic unfolding of any activity. Over the last few years, the development of Artificial Intelligence (AI), Internet of Things (IoT), Hybrid Cloud and Supercomputing caused a large growth of big data and generated an ever-increasing demand for data-based technologies. This made urgent for businesses of all sizes to unify data environments and foster Data Fabric as an essential and powerful data management solution.

Data Fabric vs. Data Mesh: what’s the difference?

Data Fabric and Data Mesh are two different architectural approaches for the management of data, even if both aim to improve their integration in environments in which multiple systems and applications coexist.

Data Mesh is a centralized data architecture that organizes data according to specific business functions – such as marketing, customer service, etc. – and conceives them as a product (Data as a Product, DaaP) with certain features, like availability, accessibility, reliability, interoperability and security. Instead, Data Fabric is a combination of software solutions that aim to create a centralized source of reliable data available to users in need of it.

Data Fabric is based on three key elements:

  • Data Virtualization, that allows company to access data with considerable savings in time and costs;
  • Distributed Data Architecture, that is adaptive, flexible and secure and unifies the different data sources dynamically accordingly with changing business needs;
  • Automation, that allows companies to minimize costs and improve the quality of the management of available data with Artificial Intelligence and Machine Learning.

What are the advantages of Data Fabric?

As we have seen, Data Fabric architecture overcomes the limits of traditional enterprise data management offering many advantages to companies looking for better performances when it comes to effectively handle data for strategic purposes.

Here are the most important advantages of Data Fabric:

  • It is based on centralized, automated and simplified data management process;
  • It possesses a single, secure and efficient source of reliable information;
  • It provides fast insights, real-time information and quick access to data;
  • It is based on high scalability to better adapt resources to changing needs;
  • It makes easy to access data providing security and mobile operability;
  • It improves team collaboration by unifying all company data in one single place;
  • It guides decision-making efficiency and accelerates digital transformation.

EU Identity Wallet: the new political agreement

EU digital

Europe goes digital: the new EU Identity Wallet agreement

“Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data is used and how.” (source: EU Commission’s websiteUrsula von der Leyen, September 2020).

In the end of June 2023 the European Commission welcomed a provisional political agreement, involving the European Parliament and the European Council, regarding the proposal for a new legal framework for an EU Digital Identity system.

As a matter of fact, this new political agreement on EU Digital Identity Wallet builds on the existing cross-border legal framework for trusted digital identities over the European territory, known as eIDAS Regulation, officially adopted back in 2014 and still currently in office. For further information about eIDAS Regulation, please click here.

The most important innovative factor proposed for the development of this new European digital ID framework concerns the creation of personal digital wallets in the form of a secure and convenient mobile app, allowing all EU citizens, residents and companies to have trustworthy access to public and private online services all over Europe. If you want to learn more about the new EU Digital Identity Wallet mobile app, please click here. 

EU Digital Identity Wallet agreement: how’s the work unfolding?

The EU Digital Identity Wallet is going to positively impact on digital identification habits by giving Europeans the best control over their personal data through a simple and convenient mobile app to access online public and private services.

The EU Commission is already shaping Europe’s digital future by investing €46 million in four large-scale pilot projects to test the EU Digital Identity Wallet in everyday use-cases that will contribute to enhance the wallet’s technical specifications. The four projects, unfolding due to Europe’s Digital Decade programme funds, are:

  • POTENTIAL: mainly coordinated by Germany and France with the involvement of over 50 public administrations and 80 private entities regarding use-cases like access to government services, opening of a new bank account, registration for a SIM card, eSignatures and ePrescriptions;
  • EWC:  mainly coordinated by Sweden with the involvement of over 15 public administrations and 40 private entities regarding use-cases like the storage of digital travel credentials and the organisation of digital wallets and payments;
  • NOBID: mainly coordinated by Norway with the involvement of over 5 public administrations and 15 private entities regarding the use of the EUDI wallet for the authorization of payments for products and services by the wallet users;
  • DC4EU: mainly coordinated by Spain with the involvement of over 35 public administrations and 40 private entities regarding the use of the EUDI wallet in the educational sector and the social security domain.

The Commission is also working on the development of a technical Toolbox to build the prototype of the European Digital Identity Wallet app and ensure that all Member States will be ready to provide it correctly by the deadline set in the Regulation. The first version of the Toolbox was published in February 2023 and will be updated in order to complete the legal text in line with the provisional political agreement on EU Identity wallet: afterwards, it will only be needed to finalize the work through the formal approval by the European Parliament and Council.

For further detailed information, please visit the EU Digital Identity Wallet’s Q&A page.

Next steps for digitalisation after the new EU Identity Wallet agreement

“The EU Digital Identity Wallet will offer a convenient and safe way to manage personal digital documents and access public and private online services on a daily basis. We will all have control over our personal data and the convenience to share them, if we want to, from an app. Security, privacy and convenience are Europe’s way to the Digital Decade.” (source: EU Commission’s websiteMargrethe Vestager, June 2023).

European Union bodies strongly believe that the new European Identity Wallet will revolutionize the way people and businesses will experience and engage with a wide range of public and private online services, effectively integrating convenience, safety and privacy in the form of a mobile app.

Especially considering the ever more digitalized world we’re actually living in, it appears clear that Europe must take big steps further for what concerns the digitilisation of the whole European community and territory to accelerate this process. This factor highlights how digitilisation will be one of the most important keywords for European policy-makers within the next years, thus how it’s going to be crucial to prepare a proper and solid technology-friendly background enabling the digital transformation in every place where an effective ID recognition can be a game-changing element for users: this includes public offices, companies, hospitals, universities and schools, banks, transport and travel agencies, and even more.

Moving towards a new and innovative framework to regulate how EU Digital Identity Wallet shall work also means approaching to a new era for Europe, where will be key to level all the technological differences and gaps among Member States and make sure to bring to a brand new user experience for all European citizens, residents and businesses applying and accessing online services all over the continent, guaranteeing quality, transparency and efficiency.

The top Soft Skills in the AI era

AI soft skills

What are soft skills and why they are needed in the AI era?

Nowadays the impact of the Artificial Intelligence (AI) on our way of working is undeniable, but mastering new technologies is not enough anymore to best respond to the new challenges that companies and professionals must tackle, especially in the setting of an ever-changing market. It’s needed to listen, empathize, collaborate and think critically to leverage new tools and opportunities issued by AI.

Thus, in the AI era it becomes essential to form working teams including people who possess the right soft skills to make the difference in terms of creativity, thinking and innovation, considering how automation of routine activities had increased over the last few years and the implementation of smart systems capable of collecting, analyzing and interpreting data more efficiently is menacing the stability of the role played by several professional categories.

Soft skills are cross-skills applicable to all professions and to all working sectors. Indeed, this term refers to all those skills that characterize a person’s mindset concerning key aspects like social relationships, critical thinking, problem solving, public speaking, teamwork, digital literacy, leadership, work ethic and intercultural fluency. In the workplace, especially in this disruptive and game-changing AI era, HR managers consider soft skills as a very important integration to hard skills to build the best professional knowledge and know-how possible and enhance the overall value to the organization’s team. To learn more about how digital transformation is changing recruiting processes, click here.

In the digital onboarding process, recruiters look for candidates who have the necessary hard skills to carry out specific tasks and, in addition, are able to collaborate with others, listen to different points of view and quickly adapt to the dynamics of a company.

For sure Artificial Intelligence has profoundly changed the way businesses run their activities and workers get their job done, but it’s key to keep in mind that people are still the ones who should be able to master the driving force in the digital transformation: AI can process large amounts of data, solve problems, even perform some basic creative tasks by now, but cannot replace the human factor for everything directly regarding soft skills.

Soft skills: examples to understand their relevance in the AI era

Soft skills include the personal attributes, personality traits and communication skills that can influence relationships and interaction with others and the efficiency and effectiveness at work. Here are some examples of soft skills to understand how they’re relevant in the AI era, considered essential in the current job market:

  • Adaptability to new situations, technologies or environments;
  • Communication in effective and clear way, by using different means;
  • Compromise to negotiate and find common ground between two or more parties;
  • Conflict resolution to recognize and resolve disagreements constructively;
  • Creative thinking to propose innovative solutions, strategies and ideas;
  • Critical thinking to think beyond, analyze events and factors and solve problems;
  • Empathy to understand what others are feeling and to act accordingly;
  • Leadership to guide and motivate the team towards the fulfillment of projects;
  • Listening to understand and consider the ideas made by coworkers;
  • Motivation to stand strong and inspired even in the most difficult situations;
  • Negotiation to discuss agreements and come to mutually beneficial solutions;
  • Reliability to accurately meet deadlines and keep promises;
  • Teamwork to build strong collaborations with colleagues and achieve mutual goals;
  • Time management to effectively manage the perfect timing to achieve goals;
  • Work ethic to take responsibility, commitment and dedication to work.

9 top AI soft skills that workers should learn and train

According to digital transformation expert Bernard Marr, who advises many of the world’s best-known organizations (e.g. Forbes), there are nine soft skills workers should learn and train to stay ahead in the age of Artificial Intelligence. According to Marr, these key AI soft skills are:

  • Creativity, as machines can perfectly do many technical things, but they still can’t compete at the same level with humans when it comes to create, imagine, invent or just dream; workplaces of the future will require new and open ways of thinking, making creativity an important asset to value;
  • Analytical and Critical Thinking, as the ability to think analytically will be increasingly valuable to come up with innovative ideas or solve complex problems, all by using logic and reasoning rather than relying on instinct or emotion;
  • Emotional Intelligence, so the one’s ability to be aware of, control, and express their own emotions and be aware of those of others, which is something that even the most sophisticated machines nowadays can’t replicate; so, this factor will surely be key for future workers to stay competitive in the AI era’s world of work;
  • Interpersonal Communication Skills, so the crucial ability to successfully exchange information with people and interact clearly;
  • Active Learning with a Growth Mindset, as workers who possess such individual factors understand that their skills can be developed leading to higher results, but it needs to take on new challenges, learn from mistakes and actively seek to expand their knowledge; these skills will be in high demand especially for those positions that will directly require to handle with Artificial Intelligence systems;
  • Judgment and Decision-Making, as humans are still the ones who ultimately make the decisions, and consider all the possible implications and outcomes, while computers are simply very useful tools to make this process convenient, accurate and efficient; therefore, human-based decision-making skills will remain very important for companies, but there’s no doubt that AI is going to be essential for all those who will take responsibility to manage and lead organizations;
  • Leadership Skills, as future workplaces and organizational structures will be flexible, thus they will both require skilled and expert leader to guide and manage teams of people able to cooperate well together and leverage the great potential of machines to get things done at best;
  • Diversity and Cultural Intelligence, as workplaces nowadays are diverse and open, and will keep changing in future, so workers will need to be able to respect, understand and adapt each other and deal with different ways of being, thinking and perceiving the world; this is a very important human factor to nurture, as AI machines still struggle a lot with everything regarding the recognition of diversity and potential discrimination risks, for example concerning racism or sexism;
  • Embracing Change, as last but not least people will always need to be agile, embrace and even celebrate change, finally seen as an exciting opportunity to grow and take the path towards the future rather than as a burden to hinder.

The role of AI in digital transformation

AI technology

AI in digital transformation: it’s not about automation

Artificial Intelligence (AI) refers to the development of computer systems able to perform tasks that typically require human intelligence skills. It is possible thanks to techniques, methodologies and algorithms enabling intelligent machines to learn human-like skills, regarding factors like natural language processing, problem solving, pattern recognition, decision making, data analysis, machine learning and even autonomous output generation. AI can be categorized into two different models:

  • Weak Artificial Intelligence (Weak AI), designed and developed to perform specific tasks or set of tasks and respond to specific commands or queries within designated or limited expertise areas – Weak AI is easily compared to automation;
  • Strong Artificial Intelligence (Strong AI), designed and developed to simulate human-like intelligence, so to understand natural language, learn, reason, concretely apply knowledge in carrying out tasks and potentially perform even creativity, consciousness and self-awareness, just like humans.

So, the biggest issue to deal with revolves around what makes AI different from automation and why digital transition needs the first of these two options. Automation and AI are often used as synonyms, but they’re two different things:

  • Automation concerns technology able to run tasks autonomously without human action, as it works by following a designated set of patterns, and can improve its performances by including features like machine learning (AI automation);
  • Artificial Intelligence concerns technology able to simulate humans skills and behaviour and autonomously learn from experience, including direct human interactions, to evolve to higher levels of intelligence.

Although automation is very useful and important for carrying out several daily activities, the digital transformation era needs stronger and smarter AI to achieve several key benefits that simple automation can’t afford. Let’s check them out hereafter.

The main benefits of AI in digital transformation

AI significantly contributes to digital transformation providing key benefits for users, especially for companies and structured organisations.

Overall, profitability stands for the main keyword describing the role that AI plays in digital transformation. Specifically, Artificial Intelligence systems help businesses to:

  • Handle complex data processing and analysis, enabling organisations to process large volumes of data and make reasonable data-driven decisions through advanced analytics capabilities, leveraging techniques like machine learning, natural language processing and data visualization;
  • Enhance efficiency to streamline productive processes, workflows and tasks through algorithms and models to optimize operations and efficiently support several business functions, such as supply chain management, customer care and onboarding, data entry, inventory management and even recruiting;
  • Customize experiences to provide users and clients a tailored journey to match preferences and needs on platforms and generate personalised recommendations, content and services, thus increasing satisfaction and loyalty;
  • Facilitate predictive analytics based on historical data to identify possible future market trends and customer behavior and optimize strategies accordingly;
  • Improve risk management and cyber security to mitigate risks, detect anomalies, identify potential threats and proactively defend from breaches and attacks;
  • Drive innovation and competitive advantages as organisations can leverage such technology to unlock their full potential in the development of advanced products, services, and new business models;
  • Support interconnection with emerging technologies like Internet of Things (IoT), Augmented Reality (AR), Virtual Reality (VR) and Blockchain.

Interesting data about AI in digital transformation

Forbes issues some interesting data about AI in digital transformation:

  • AI market size is expected to reach $407 billion by 2027 and its annual growth rate is expected to increase by 3% from 2023 to 2030;
  • AI will create 97 million jobs, but 77% of people are concerned that it will cause job loss in the next years as 400 million workers could be displaced because of AI;
  • Over 60% of businesses expect AI to increase productivity and customer relationships with the adoption of new disruptive AI tools, but nearly a quarter of business owners are concerned about AI-driven digital performances related to website traffic, online advertising and automated customer care;
  • 65% of consumers say they’ll still trust businesses who use AI, nevertheless over 75% of consumers are concerned about AI’s misinformation risks.

Is AI playing an ethic role in digital transformation?

Private and public organisations adopting AI solutions should carefully ponder about the ethics regarding AI: does AI play an ethic role in digital transformation?

Artificial Intelligence ethics includes ethical considerations about the development, deployment and use of AI systems. As AI potential grows, it becomes key to address the ethics related to its use. Here are some key aspects of AI ethics:

  • AI should be designed to ensure fairness and avoid all kinds of biases to prevent discrimination based on factors such as race, gender, religion or any other sensitive data, accordingly with ethical values, clear guidelines and regulations;
  • AI should be transparent and clear, providing explanations to understand the reasoning behind AI-driven decisions and actions, especially for what concerns use cases like healthcare, finance or justice;
  • AI must handle data responsibly and ensure personal privacy protection through proper data governance practices and strong security measures;
  • AI users should be accountable for AI-driven actions and related consequences and mitigate impacts on victims for errors, biases and harmful outcomes;
  • AI should be developed and used simply to improve and support human capabilities rather than replace human decision-making at all, indeed the ethical use of AI should ensure that humans retain control and understand AI decisions, with no influence or manipulation;
  • AI developers should reduce potential social and economic impacts that might be caused by AI technologies, such as job displacement or income inequality;

Addressing AI ethics requires cooperation involving developers, policymakers, researchers and all the stakeholders. The goal is to actively work together on the definition of clear ethical frameworks for AI, making such technologies precious partners for the whole human society and not a tremendous enemy to fear.

The advantages of Cloud Computing

Cloud computing technology online data storage concept

What is hybrid cloud computing?

Everybody know that cloud computing represents one of the most important tools fostering digitalization, especially within companies and structured organisations. But it gives its best when it comes to hybridization: hybrid cloud computing is a mixed computing model based on a combination of public and private cloud services and on-premise infrastructures.

Hybrid cloud computing works by interconnecting separate cloud environments, on which company’s data and applications are located. This allows to easily migrate workloads, if needed. The interconnection between different cloud environments takes place through specific ways, such as LAN/WAN (Local/Wide Area Network), VPN (Virtual Private Network) and API (Application Programming Interface).

The hybrid cloud computing system manages to offer key qualities like flexibility, versatility and efficiency, meeting the most important needs of every company. This model also guarantees to cut management and maintenance costs of connected systems. Hybrid cloud computing supports and accelerates business digital transformation strategies, also providing companies with solid guarantees in terms of cyber security, regardless of where data and applications are located. Indeed, building hybrid cloud environments allows users to maintain control over sensitive data while increasing the availability and effectiveness of specific services and applications.

What’s the difference between private cloud and public cloud?

A private cloud is a cloud computing environment in which the hardware and software are both owned by a single company, in full control and responsibility for the infrastructure. This type of cloud provides high levels of security, control and flexibility and is ideal for organisations whose data and applications require the best of privacy. A private cloud can be physically located in the company’s local data center, otherwise it can be hosted by a third-party provider but with limited access to authorized users only. Private cloud systems have higher costs and limited scalability.

A public cloud is a cloud computing environment where hardware, software, storage and other key services are provided by a remote third-party provider. This kind of infrastructure serves multiple customers. Some of the best known public clouds are Microsoft Azure, Amazon Web Services and SalesForce, as well as most of the e-mail servers. The main advantage of public cloud systems is the lower cost compared to private cloud solutions, but they usually lack efficiency in terms of security and reliability.

5 key advantages of hybrid cloud computing

Once clarified the differences between private cloud and public cloud environments, it is easier to move on and understand the main advantages of hybrid cloud computing.

There are five fundamental principles:

  1. Flexibility and scalability, as hybrid cloud computing allows businesses to scale up or down their resources as needed. This agility gives users proper flexibility to respond quickly to company’s and customers’ needs. Hybrid cloud infrastructures make possible using public cloud resources for handling non-sensitive workloads, while sensitive data and critical applications can be kept in the private cloud;
  2. Cost optimization, as hybridization allows to use cloud services according to the actual need of balancing workloads, resources and storage and maximizing efficiency. Hybrid cloud computing helps organizations optimize costs, providing the most convenient cost-effective infrastructure where public cloud resources are adopted for cost efficiency, whereas private cloud resources provide better security.
  3. Security, as hybrid clouds give organizations more control over data and services, as they can use switch from public to private clouds and other way round, enabling to keep control over sensitive data and applications. This ensures compliance with industry-specific regulations and data governance policies, for example GDPR;
  4. Data recovery and backup, as hybrid cloud computing facilitates efficient data saving, endurance and recovery and minimizes downtime for threats and attacks;
  5. Resource management, as hybrid cloud systems enable organizations to monitor and manage workloads seamlessly across the hybrid cloud environment through a centralized view over both public and private cloud platforms. This allows to manage hybrid infrastructures more efficiently, optimizing resource allocation and improving overall performance. 

Data and expectations about hybrid cloud computing

Hybrid cloud computing is going to be a growing phenomenon across the digital transition era, thus companies should learn how to best leverage such environments.

According to the analysis conducted by Gartner:

  • 60% of Infrastructure & Operations heads will implement at least one hybrid cloud use case by 2025 (a figure tripled from 20% in 2022);
  • 65% of application workloads will be optimal or ready for cloud delivery by 2027 (up from 45% in 2022);
  • 15% of on-premises production workloads will run in containers by 2026 (up from less than 5% in 2022);
  • 35% of data center infrastructure will be managed from a cloud-based control plane by 2027 (from less than 10% in 2022);
  • 60% of data center infrastructure teams will have relevant automation and cloud skills by 2027 (up from 30% in 2022).

For what concerns the future expectations about hybrid cloud computing, the most exciting prospects refer to possibility to enable wide supercomputing activities in cloud and, above all, the development of Gaia-X, Europe’s digital cloud ecosystem characterized by data and information transparency, portability and interoperability.

New EU agreement: the Digital Identity Wallet structure is an app

European Union flag binary code

The European Commission welcomes provisional political deal of the European Parliament and European Council on EU Digital Identity Wallet. This represents an important step towards the introduction of a solid framework for Europe’s first trusted, secure and convenient digital identity app. It marks a Europe’s Digital Decade programme key goal, as will allow all citizens, residents and businesses to have trustworthy access to public and private cross-border online services all over Europe.

The background behind EU Digital Identity Wallet app agreement

As stated by Erik Slottner, Swedish minister for public administration: “More and more people are using their identity and credentials in everyday contacts with public and private entities. A European digital identity wallet is therefore indispensable. At least 80% of EU citizens should be able to use a digital ID solution to access key public services by 2030”.

This quote makes clear that living through digital transformation era directly means pondering about new rules, models and solutions to foster the digitilisation. It represents a crucial aspect regarding people’s everyday personal and work life.

The first steps for the new EU agreement on Digital Identity Wallet were moved in June 2021, when the Commission proposed a new framework for an European digital identity system enabling citizens, residents and companies all over Europe to simplify the experience concerning access to online public and private services.

The EU Digital Identity Wallet concept builds on the existing cross-border legal framework for trusted digital identities, known as eIDAS Regulation and officially adopted back in 2014 (if you want to learn more about this topic, click here). The new framework aims to improve its effectiveness and extend the benefits of digital identities through an empowered technical architecture, especially for what concerns mobile use. No wonder that EU Digital Identity Wallet will be a mobile app.

What is EU Digital Identity Wallet?

The EU Digital Identity Wallet is an initiative by the European Commission to provide a secure, trusted and interoperable digital identity solution for citizens, residents and businesses. This digital identification and authentication system gives individuals more control over their personal data and simplifies access to public and private online services, enabling cross-border interoperability and overcoming any barriers for people living, travelling and working across the European Union.

The EU Digital Identity Wallet is designed to securely and privately store all users digital identity documents in a single place: the EU Digital Identity Wallet mobile app. It will serve as a unique point of entry for individuals to access a wide range of online public and private services, including:

  • E-Government services;
  • Banking and financial services;
  • Healthcare, education and professional services;
  • Internet services, like e-commerce.

EU Digital Identity Wallet’s key principles are privacy, security, and user control. In fact, users can control how personal data are shared, with whom and for which purpose, therefore they can also choose to share only essential information for specific operations. Nevertheless, the EU Digital Identity Wallet ensures the protection of personal data enabling strong security measures, including multiple authentication protocols.

The European Commission is working closely to develop technical frameworks that will ensure compatibility and trustworthiness of the EU Digital Identity Wallet, in compliance with security and privacy standards and also leveraging the latest emerging technologies such as artificial intelligence and blockchain.

EU Digital Identity Wallet: things to know about the mobile app

The EU Digital Identity Wallet will be implemented as a mobile app. This factor isn’t a surprise at all, as nowadays smartphones have become fundamental devices for people in order to carry out everyday activities. Indeed, at least 86% of European population subscribed to mobile services, usually provided through smartphones apps, and this percentage is expected to keep growing in future.

The work for the development of the EU Digital Identity Wallet mobile app (or EUDI Wallet) began in February 2023, specifically with the publication of the first version of a shared EU technical toolbox serving as the essential basis to engineer app’s prototypes.

The European Commission is supporting four large-scale pan-European pilot projects with a massive investment of almost €50 million related to the EU digitilisation programme. The pilots kicked off in April 2023 and will run for at least two years.

The development phase involves more than 250 public and private organisations across EU Member States and non-EU countries, like Norway and Ukraine, and focuses on testing everyday priority use-cases like:

  • Authenticating for online and offline services (e.g. for healthcare or education);
  • Displaying mobile driving licenses;
  • Authorizing payments;
  • Signing documents electronically.

Therefore, the main features regarding the EUDI Wallet will be:

  • A very high trust level, providing users with an all-inclusive solution for secure authentications, authorizations and e-signatures;
  • A harmonized alignment with current ruling concerning cyber security in order to prevent cyber crimes against the personal identities;
  • A synergic matching related to the electronic attestation of attributes by qualified providers and pan-European recognition of such personal ID credentials.

Expectations about the new EU Digital Identity Wallet app

The EU Digital Identity Wallet mobile app, as a key goal of Europe’s Digital Decade programme, will be developed, provided and made operative within 2030, including further updates and features implement.

European Union bodies believe that the EUDI Wallet will change the way people and businesses all over Europe engage with online services by seamlessly integrating convenience, safety and privacy. It will ensure all users to have full control on personal data and the best of operative convenience, by providing a transparent and secure framework. The EU Digital Identity Wallet will empower European citizens and companies, thus will strengthen Europe’s technological sovereignty in the landscape of the digital era.