Tech Republic

Interactive Voice Response (IVR) is a wonderful tool that helps businesses and their customers get more done in less time. Because people share sensitive data over the system — personal information, patient information, credit card numbers, and so on — IVR compliance is a nontrivial consideration. The most impactful IVR regulations come from the Payment Card Industry Data Security Standard (PCI DSS) and the Telephone Consumer Protection Act (TCPA), but there are others. I’ll cover everything you need to know about IVR compliance in this post and provide tips for finding vendors that offer the features you need to minimize your regulatory burden and simplify compliance. 1 RingCentral RingEx Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Hosted PBX, Managed PBX, Remote User Ability, and more 2 Talkroute Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Call Management/Monitoring, Call Routing, Mobile Capabilities, and more Managing risk with IVR compliance When it comes to IVRs, several compliance risks are associated with the use of tools that automate functions for boosting revenue — such as collecting payments and scheduling callbacks with prospective or existing customers. The top risks you’ll face as an organization when accepting payments via IVR include the following: Data breaches: When your company accepts card payments and financial information, it becomes a prime target for hackers to steal credit card information. However, if the organization that suffers a data breach is PCI-DSS compliant, its penalties are significantly lowered due to that adherence. Legal action: Data breaches can result in legal action from all affected parties (including credit card companies), which can be very costly and punitive. Complaints and disputes: Improper routing and long call wait times can lead to many unsavory outcomes, especially when money is involved. This dissatisfaction can cause customers to abandon calls in frustration or even switch to competitors. Negative brand perception: One of the main intangible losses a business can face is irreversible damage to its reputation, which is what a data breach caused by lax IVR compliance can inflict. Compliance issues and penalties: Failing to adhere to PCI-DSS standards can result in hefty fines, increased transaction fees, or even the loss of the ability to process credit card payments. The major credit card companies, namely MasterCard, Visa, Discover, and AMEX, formed PCI SSC, and they are the ones who dole out fines for violations. For instance, failure to meet PCI-DSS compliance requirements for over seven months can cost up to $100,000 per month. Additionally, more specific penalties include penalties of $5,000 per month (for low-volume clients) and $10,000 per month (for high-volume clients) if the non-compliance is between 1 to 3 months. If the non-compliance is between 4 to 6 months, the penalties jump to $25,000 per month (for low-volume clients) and $50,000 per month (for high-volume clients). It is important to note that these violations aren’t the same as those imposed by government regulations. With IVR compliance, card brands will impose fines on the payment processor for violations, who, in turn, penalize the responsible merchant. Keep in mind that most risks and penalties can be managed and absorbed relatively easily by institutions like large banks, but if you are a small business, it could lead to bankruptcy. To mitigate the risks, it’s a good idea to incorporate or implement the built-in compliance features of many IVR services. Encryption and data loss prevention measures You must ensure that credit card information is never transmitted across the network in plain text. It is incumbent upon contact centers to mandate that financial data must be encrypted in use, transit, or at rest. Furthermore, point-to-point encryption (P2PE) standards, which are a comprehensive list of security requirements, must be implemented by P2PE providers. Adhere to PCI DSS and other security best practices IVR platforms must implement appropriate data retention policies that won’t jeopardize your customer information. For instance, while handling credit card payments, sensitive authentication data such as CVV/CVV codes cannot be stored after authorization. Moreover, call centers must not store any card data and therefore need to dispose of all stored credit card information. Use an IVR with built-in compliance solutions If you lack the resources or time to build a secure system infrastructure yourself, embracing an existing IVR-compliant payment platform is a viable option. You’ll most likely want to seek a PCI-compliant hosted IVR service provider that implements secure payments — because, apart from taking care of various delivery aspects, one of the advantages is that it removes the need for live agents to handle sensitive card information. In this descoped environment, you eliminate the risk of data breaches caused by mishandled sensitive information. Of course, you’ll also want your solution to be cost-effective and easy to deploy. Check out my guide to IVR pricing if you are unfamiliar with these products — divining the true cost of these systems can be a little confusing. In any case, finding the right IVR provider for you comes down to investigating the following six prospective features. SEE: Learn why you should use a hosted IVR rather than hosting your own.  Six important features for IVR compliance 1. Compliance certifications I thought about not including this on the list because it’s common sense — but this is a post about compliance, so I am not taking any chances. It’s crucial to confirm the provider holds the necessary compliance certifications to ensure secure and lawful operations. Key certifications to look for include: PCI-DSS (Payment Card Industry Data Security Standard). ISO 27001 (International Organization for Standardization – Information Security Management). SOC 2 (System and Organization Controls 2). GDPR (General Data Protection Regulation). CCPA (California Consumer Privacy Act). For healthcare-related use cases, HIPAA (Health Insurance Portability and Accountability Act) compliance is especially important. The business phone service or IVR provider must be prepared to sign a Business Associate Agreement

If you’re hearing more about payment APIs now than in the past, it may be because you are. Apple recently announced plans to incorporate tap-to-pay functionality in the new iPhones. Big banks like Bank of America are seeing a major uptick in adopting payment API technology. And payment technologies with open APIs like Stripe continue advancing their capabilities and integrations. So, it’s no surprise that the payment API market has grown tremendously, especially over recent years. In fact, it was worth $200 million in 2023, with forecasts to hit $306.5 million by 2032. Plus, a 2024 State of the API Report shows that nearly three-quarters of businesses are “API first” compared to just 66% a year ago. Let’s discuss payment APIs in more detail and what to look out for when using them in your business. What is a payment API? A payment API, or payment application programming interface, is a technology that allows business platforms — like point-of-sale (POS) terminals, e-commerce sites, and similar — to process payments. The payment API is essentially the connection between all platforms involved in any payment transaction. For businesses, it connects your payment processor and gateway with the customer’s financial institution to carry out the transaction. SEE: Best Payment Gateways How are APIs used in payment processing? APIs connect the payment technology and the financial institutions involved in any transaction. Here’s a hypothetical example to walk us through the process. Let’s say I want to purchase a sandwich from a restaurant. The sandwich costs $15, and I want to pay for it with my credit card. The restaurant initiates the transaction and presents me with its POS terminal. This is the first time the payment API has been used to initiate the transaction, identify the amount, and determine where it should be transferred. I tap my credit card on the terminal. The payment API works again, taking the information from the restaurant’s POS and sending it to my card issuer. My card issuer looks at the transaction and determines if it’s approved, usually depending on whether I have sufficient funds or if the transaction appears to be fraudulent. When the payment is approved, the payment API goes to work again, sending this information to all parties involved — my card issuer, the restaurant’s POS, and even the restaurant’s financial institution once the funds are transferred from my card and the restaurant’s POS system. However, this data first goes through a payment gateway, where it’s encrypted for security. Basically, payment APIs are used at every step of payment processing. They communicate between all entities, share relevant information, and allow the payment to be processed. Mistakes to avoid when integrating a payment API When integrating a payment API for small businesses, there are several common mistakes to avoid to ensure smooth transactions, security, and a good user experience. Here are some key mistakes to watch out for. Not having the proper technical expertise Integrating payment APIs can be complex, especially for businesses without extensive technical expertise. They often require a deep understanding of API documentation, coding practices, and security protocols. Carefully review the API documentation and consider working with a developer familiar with payment gateway integrations. Many APIs also offer SDKs and libraries to simplify the integration process. Lack of security and compliance Some businesses make the mistake of neglecting proper encryption or failing to comply with PCI DSS (Payment Card Industry Data Security Standards). It’s important to make sure all transactions are securely encrypted using SSL/TLS and that you comply with PCI standards to protect sensitive data like credit card information. These measures protect both you and your customers. Likewise, you don’t want to ignore legal compliance with local or international payment regulations. Failure to abide by these standards can put your business at risk of fines — or worse. Research the payment regulations in all regions you operate in and ensure your payment integration meets those legal requirements. Not testing for all scenarios It’s easy to test for the standard situations that pop up: a card is declined, the Wi-Fi goes down, you have to manually input a card, etc. However, it’s equally easy and important to test for unlikely edge cases, such as declined payments, network timeouts, or duplicate transactions. To avoid this mistake, test your payment API integration for all kinds of scenarios, including failed transactions, duplicate submissions, partial payments, and more. Choosing the wrong payment gateway Selecting a payment gateway without considering factors like transaction fees, international support, customer support, and payout times is an easy mistake to both make and avoid. Make sure you research different payment gateways, such as Stripe, PayPal, and Square, to figure out which is best for you. Compare costs, payment API integration complexity, customer support, and currency support for your customer base. Inadequate documentation Some payment APIs have unclear or incomplete documentation, making it difficult for developers to implement the API correctly or troubleshoot issues. That same 2024 State of API report also shows as many as 39% of developers say “inconsistent docs” are their biggest challenge, and 43% actually turn to their colleagues to explain APIs. Choose payment APIs with comprehensive and clear documentation. If you’re stuck with a platform with less-than-helpful documentation and support, I recommend turning to community-driven resources like forums, Reddit, or GitHub. Another common mistake is not documenting how the payment system works or how to troubleshoot common issues. This makes it difficult to manage, integrate, or upgrade the integration from an internal perspective. Create internal documentation on the integration process, troubleshooting steps, and any customizations. That same report shows that more than half (58%) of developers use internal documentation to help navigate this mistake. This will also help when onboarding new team members or troubleshooting issues. Common challenges with APIs for payments Payment APIs are essential for businesses to handle transactions efficiently, but integrating and maintaining them can present challenges. Here are some common challenges when working with payment APIs. Managing the technology It seems there are

A VoIP speed test measures the performance of an internet connection to see if it can handle internet-based communications. These tests simulate data transmissions of a VoIP call from your network, typically measuring latency, jitter, upload speed, and download speed. When tested together, these results can give you a strong sense of what calls will be like for your team. Whether you’re interested in installing a VoIP system, making network changes, or troubleshooting an issue, a speed test takes less than 30 seconds. 1 RingCentral RingEx Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Hosted PBX, Managed PBX, Remote User Ability, and more 2 Talkroute Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Call Management/Monitoring, Call Routing, Mobile Capabilities, and more Three free VoIP speed test options There are dozens of free speed tests out there. These three are some of the best because they come from reputable business phone services. I encourage you to try all three — you can explore other free options as well. 1. RingCentral’s free VoIP speed test RingCentral is one of the best business communication solutions on the market. Trusted by over 400,000+ organizations worldwide, its VoIP technology powers everything from small business phone systems to contact centers, all-in-one communications suites, and everything in between. More on RingCentral: RingCentral review | RingCentral vs Dialpad. RingCentral’s VoIP test provides advanced settings and highly accurate results. Image: Ringcentral.com Its free VoIP speed test is one of the most advanced options you’ll find. While the test takes slightly longer to run, you’ll get a lot of details others don’t provide. Prior to starting, set the number of simultaneous calls that could be run on your network. I recommend conservatively estimating higher than you’ll need, as this ensures your network can handle even the worst case scenario. You’ll be able to set the test the call duration, ranging from one to five minutes. The longer you run the test, the greater the chance of detecting potential problems. Two minutes is usually sufficient. It also gives you the option to try it with different VoIP codecs. If you’re not sure what that means, you can leave it on the default selection. The test measures jitter and packet loss. Your audit summary will be color-coded (green, yellow, and red) for all metrics so you can quickly see where you passed or failed. That’s all based on RingCentral’s recommendation of less than 30 ms of jitter and packet loss below 1%. However, the best part is the MOS (Mean Opinion Score). It’s a simple 1-5 ranking scale, with 5 being the best possible score. If you want a quick answer, you can ignore everything else and just look at this number—if it’s a 4 or 5 you’re safe to proceed. The main limitation of this test is that it only lets you test up to 50 concurrent calls. While that’s plenty for most businesses, other free tests support up to 200. Aside from that, you’ll also have to install a plugin to run it. It’s entirely safe to do so and you can remove it when you’re done. 2. Nextiva network quality speed test tool Nextiva is another industry leader in the world of VoIP phone systems and business communications. It’s a great choice for startups, scaling teams, and enterprise organizations that want to prioritize customer engagement. More on Nextiva: Nextiva review | Nextiva vs RingCentral.  All you have to do is choose your location and desired number of simultaneous calls to get started. Image: Nextiva.com Nextiva’s VoIP speed test is also entirely free, but takes less time than RingCentral’s. Like with RingCentral, you’ll need to install a plugin to run it. It’s completely safe and takes a matter of seconds to install. One of the more unique aspects of this test is the ability to choose call origins. This can be helpful if you have customers or offices across the country. It can improve the accuracy of your results, and you can run the test multiple times from different locations to simulate calls coming in from all over the country. You may be surprised how location and distance impacts your results. I also like that Nextiva lets you test up to 200 simultaneous calls (compared to just 50 with RingCentral). Nextiva’s test shows latency, download speed, upload speed, your IP address, packet loss, and jitter. According to Nextiva’s guidelines, packet loss should be at 0%. Jitter and ping (or network latency) should both be below 70 ms. 3. Ooma free VoIP speed test Ooma is a great alternative for traditional office spaces that need physical desk phones. Its plug and play hardware makes it easy for even the smallest of teams to get started in less than an hour. More on Ooma: Ooma review | Ooma vs RingCentral.  Ooma’s VoIP speed test is the simplest and fastest. Image: Ooma.com Its free VoIP speed test is the simplest of the three. It takes less than 30 seconds to run and doesn’t require downloading any plugins. Despite its simplicity, you’ll get all the essential information you need to determine whether or not your network can handle VoIP calls. The test measures ping, jitter, download speed, and upload speed. You can also change the host location and run multiple tests to see how your results vary based on location. But this tool’s simplicity has a few drawbacks. For one, it doesn’t actually tell you how to read the results — you can find it elsewhere on Ooma’s site, though. Here’s the answer so you don’t have to go on a scavenger hunt: jitter should be less than 30 ms and latency (ping) should be less than 150 ms. For two, Ooma doesn’t let you run tests for concurrent calls. You’ll have to do some math to figure out if your

Credit card payments have outnumbered cash payments for several years now, and this trend isn’t likely to stop anytime soon. Credit cards officially overtook cash in 2020. And a growing number of transactions are paid for by card each year. So, if you don’t accept credit card payments already, what are you waiting for? Let’s break it down. Why pay using credit cards? From a consumer’s perspective, there are a few reasons why paying with a credit card is advantageous: Easier to track spending. Credit card statements make it easier to see where the money goes. Potential to earn rewards. Nearly 15% of cardholders increase spending to get rewards and cash back. Additional security and safety (e.g., chargebacks). Most credit card companies offer protections, such as fraud detection and chargebacks. Build credit history. According to one survey, 70% of adults 18 to 34 years old use credit cards to boost their credit scores. Purchase protection. Some credit cards offer benefits that protect purchases, sort of like an additional warranty. Ability to spend more. You can buy more than the cash you have on hand with a credit card. About a third of cardholders in the US increased their reliance on credit cards in 2023—and 43% of those negatively impacted by the rise in cost of living have turned to credit cards to make ends meet. Accepting different types of credit card payments There are three main channels for accepting credit card payments: Online In-person Over the phone How to accept credit card payments online​ Nearly one-third of consumers use credit cards for e-commerce payments. Here’s how to set yourself up for those buyers: Step 1: Choose a payment processing platform that’s compatible with your existing tech stack. Step 2: Set up your account with your chosen payment processor. Connect your e-commerce site with the payment processor. The specific steps will vary depending on your e-commerce platform and payment processor. Note: You don’t actually need an e-commerce site to accept credit card payments online. You can find a credit card payment processor that will do so without an e-commerce site. Many will offer this, including PayPal, Stripe, etc. Step 3: Connect your bank account to your payment processor. Step 4: Share the payment link with your customer, who can then input their payment information. Step 5: The payment processor will take care of the rest! How to accept credit card payments in person For in-person credit card payments, the steps are similar: Step 1: Choose a payment processing platform that’s compatible with your card reader, POS system, and whatever else you use to manage in-person transactions. Step 2: Set up your account with your chosen payment processor. Connect your card reader, POS, and other relevant technology with the payment processor. The specific steps will vary depending on your chosen platforms and payment processor. Step 3: Connect your bank account to your payment processor. Step 4: Accept in-person credit card payments on your card reader or POS. Step 5: The payment processor will take care of the rest! How to accept credit card payments via phone For accepting credit card payments over the phone, the steps are also similar: Step 1: Choose a payment processing platform that’s compatible with your existing technologies. Step 2: Set up your account with your chosen payment processor and connect your other relevant technology with it. The specific steps will vary depending on your chosen platforms and payment processor. Step 3: Connect your bank account to your payment processor. Step 4: Take credit card payments over the phone and input them into your payment processor. Step 5: The payment processor will take care of the rest! What do you need to accept credit card payments? The only things you really need to accept credit card payments are a payment processor, a payment gateway, a bank account, and a device to access and manage your payment processor. For online payments, you may also need a payment link or website. For in-person payments, you’ll also need a card reader, POS, or mobile phone at the very least. For phone payments, you’ll need a phone and a device to access your payment processor. You’ll also need a credit card payment policy outlining the terms and conditions customers agree to when they make a credit card payment. If you save customers’ payment information to make future purchases faster and easier, include the Credit Card on File (CCOF) policy. What does it cost to accept credit card payments? Unfortunately, it’s not free to accept credit card payments. Accepting credit card payments comes with three fees for businesses. Interchange fee The customer’s issuing financial institution charges an interchange fee, usually the largest of all three fees. It varies depending on the card used and the type of transaction. Assessment fee Each card network—Visa, Mastercard, American Express, Discover, etc.—charges its own fees, mostly percentage-based. American Express is known for having high fees compared to many other networks. Payment processing fee The payment processor also charges a fee. Fee structures for payment processing can be subscription-based, percentages, tiered, or flat fees. Typically, you can expect to pay between 1% and 3% for credit card payments, though the rate can be outside that range depending on the context. Pros of accepting credit card payments There are plenty of benefits for businesses that accept credit card payments: Boost sales. Accommodating more consumer preferences means you have the potential to convert more customers. Plus, consumers are moving away from cash and towards payment methods like credit cards. Speed up the checkout. Cash payments can take longer than quick credit card payments. This is especially impactful, considering 41% of POS payments are by credit card. Offer convenience. Faster checkouts and other features, like saved card information, can create a more convenient checkout experience for customers. Over half (63%) of adults 55 years and above use credit cards primarily for convenience. Drive loyalty. Accommodating customers’ preferences and offering a fast and easy checkout experience will encourage repeat purchases. Eliminate

Software Spotlight: CrowdStrike CrowdStrike Falcon® Next-Gen SIEM is a cloud-native platform that combines first- and third-party security and IT data, threat intelligence, AI, and automation to help organizations detect, investigate, and respond to threats with unprecedented speed and efficiency. Unified Insights: Integrates endpoint, identity, and cloud telemetry with third-party data for comprehensive visibility. Efficient Scalability: Manages petabyte-scale data with an index-free architecture for seamless storage and retrieval. Unmatched Search Speed: Delivers search performance up to 150x faster than legacy SIEMs, enabling rapid investigations and response. Security information and event management (SIEM) is a device and environmental analysis strategy intended to help secure and protect company operations, data, and personnel. By providing a comprehensive analysis of security-related details and related recommendations, SIEM tools assist in ensuring compliance and remediating potential or active threats. A recent report published by the IMARC Group found that the global SIEM market reached almost $5.8 billion in 2023. The same report says the market is expected to climb to around $14 billion, especially with more companies investing more resources in protecting against potential threats and resolving vulnerabilities. With that in mind, we take a look at the best SIEM tools and SIEM software solutions available today. ManageEngine Log360 Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more Graylog Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features Activity Monitoring, Dashboard, Notifications Top SIEM software comparison Those wishing to adopt SIEM or planning to upgrade a legacy SIEM tool to a modern platform should carefully evaluate the available tools. Features such as cloud and on-prem functionality, remediation capabilities, and the platforms supported should be among the top areas to be considered. Cloud Hosted on-prem Remediation Platforms Pricing SolarWinds SEM Yes Yes Includes some automated remediation features. Windows, Linux, and Mac. Starts at $2,992 CrowdStrike Falcon Next-Gen SIEM Yes No Full range of remediation capabilities. Windows, Linux, Mac, and Chrome. Contact for quote Splunk Enterprise Security Yes No Some remediation capabilities. Windows, Linux, and Mac. Reportedly $173 per month up to $1,800 per GB Datadog Security Monitoring Yes No Limited remediation capabilities. Windows, Linux, and Mac. Starts at $15 per host, per month LogRhythm SIEM Yes Yes Limited remediation capabilities. Windows, Linux, and Mac. Contact for quote RSA NetWitness SIEM Yes Yes Limited remediation capabilities. Windows, Linux, and Mac. Contact for quote ManageEngine Log360 Yes Yes Limited remediation capabilities Windows, Linux, and Mac. Personalized quote via online form IBM Security QRadar SIEM Yes Yes Full remediation capabilities. Windows, Linux, and Mac. Personalized quote via online price estimator Trellix Enterprise Security Manager Yes Yes Remediation capabilities only available with purchase of additional Trellix modules. Windows, Linux, and Mac. Contact for quote AT&T USM Anywhere Yes No Remediation included Windows, Linux, and Mac. Starts at $1,075 per month SolarWinds: Best for log aggregation Image: Solarwinds SolarWinds Security Event Manager (SEM) is focused on log aggregation and threat detection. It can easily process and forward raw event log data to external applications for further analysis using syslog protocols, which is an area where it stands out from the competition. Why I picked SolarWinds I picked SolarWinds for its extensive log aggregation and log analysis functionality. This allows businesses to know the exact state of their devices, find the root-cause of each log, and consequently implement strategies to improve the same. SolarWinds’ ability to share massive amounts of log data with other applications is a significant plus as well. Pricing SolarWinds annual SEM subscriptions start at $2,992. Perpetual licensing is available for around $6,168. Features Automation to remediate some incidents. Export log data and share it with other teams or vendors. Dashboards indicate the state of security, and reports address compliance requirements. Pre-built connectors pull data from numerous sources. A file integrity checker tracks access and changes made to files and folders to detect unauthorized or malicious activity. Solarwinds SIEM dashboard. Image: SolarWinds Integrations Amazon Web Services. Azure. Heroku. Apache. Oracle. SolarWinds pros and cons Pros Cons Good for network-related events and analyzing per-host activities, such as logons, privilege usage, and registry alterations. Dashboards can become cluttered and hard to understand when processing large amounts of data. Security features include data encryption, single sign-on, and smart card authorization. Can struggle with the complexity of very large enterprise environments. Ability to restrict access from IPs, block applications, and deny access to removable media. Automated does not provide a full range of remediation capabilities. Features Collect logs at petabyte scale. Rapidly access live data with sub-second latency. Fast search, real-time alerting, and customizable dashboards. Retain data as long as you need for compliance, threat hunting, and historical investigations. Next-Gen SIEM in CrowdStrike Falcon platform. Image: CrowdStrike Integrations AWS. Google Cloud. Azure. Red Hat. Other CrowStrike products. CrowdStrike pros and cons Pros Cons Index-free architecture and compression technology minimize the computing and storage resources required to ingest and manage data. Evolved from the XDR side, so is more of a log management tool with SIEM-like features than a full-featured SIEM suite. Said to cut log management costs by up to 80% compared to alternative solutions. Strong remediation capabilities, courtesy of integration with the CrowdStrike Falcon platform. Splunk Enterprise Security: Best for cloud-native environment Image: Splunk Splunk Enterprise Security offers cloud-based security-related event notifications and log monitoring. It can identify resource bottlenecks, failing hardware, capacity issues, and other potential issues. As it evolved in the era of the cloud, it is particularly well suited to cloud-native environments. Why I picked Splunk Enterprise Security Splunk Enterprise Security got on this list for being specially equipped to protect cloud environments. It enables cloud-native organizations to easily establish security monitoring and unified visibility in the cloud. Its comprehensive visibility capabilities are coupled with 1,500+ detections, thousands of integrations,

Google is taking another swing at the smart glasses market, determined to leave the missteps of Google Glass in the past. On Dec. 12, the company unveiled Android XR, a new, cutting-edge operating system for headsets and smart glasses. With the competition heating up from the Meta Quest series and Apple Vision Pro leading the market, Google is banking on its Gemini generative AI to set its offering apart. Among the first devices slated to leverage Android XR is a pair of Samsung glasses, codenamed Project Moohan, expected to hit store shelves in 2025. The tech giant says the future headsets and smart glasses will “transform how you watch, work, and explore.” While Google has yet to announce a timeline for additional hardware or software built on Android XR, the operating system is already available in preview for developers and select partners. What makes Android XR different? Android XR glasses can provide hands-free navigation. Image: Google Combining Android XR, Google Gemini, and the glasses hardware means the devices can: Answer natural-language questions about your surroundings using Gemini. Search the internet or create an AI-guided to-do list with natural language. Play YouTube and Google TV. Display Google Photos in a virtual reality gallery. Use Circle to Search to get more information about an object in the real world or an item online. Google intends for Android XR to power various types of smart glasses. “We want there to be lots of choices of stylish, comfortable glasses you’ll love to wear every day and that work seamlessly with your other Android devices,” Shahram Izadi, Google’s VP and general manager of Extended Reality, wrote in a blog post. The tech giant plans to start privately testing Android XR on new hardware soon. Expect new devices from Google’s Qualcomm partners, particularly Sony, Lynx, and XREAL. SEE: Google’s newest AI model, Gemini 2.0 Flash, is an incremental move toward ‘agentic’ AI. More Google news & tips Developers can try the Android XR software development kit now Developers can experiment with the Android XR software development kit today by visiting developer.android.com/develop/xr. Google is accepting applications for an Android XR Developer Bootcamp, which will provide early access to hardware in exchange for collaboration with the internal XR team. Android XR is compatible with ARCore, Android Studio, Jetpack Compose, Unity, and OpenXR. Since Android XR includes the Android Play Store, developers with apps already in the Play Store can automatically make those apps available on extended reality devices. To translate conventional apps to extended reality, Android recommends using its automatic tools for spatializing Material Design (M3) components and Compose for adaptive layouts. source

Just about every business I’ve started has involved hiring freelancers. They’re more affordable and flexible, plus it’s easier to scale up or down as needed. One or two is easy, but things can get messy when you’re dealing with any more than that. I’ve since built my own custom freelancer management system, I started with freelancer management templates. Here’s a curated list of my favorites. monday.com: A powerful and flexible freelancer management template Trusted by over 225,000+ businesses, monday.com is one of the most popular project management platforms out there. It’s perfect if you need an organized and flexible way to manage work for your in-house team, freelancers, agencies, and even other departments. monday.com has a free plan for up to two users. It’s limited, but it is a good place to start if you want to try it out before paying. More on monday.com: monday.com Review | monday.com vs Jira | monday.com vs. Notion. monday.com makes it easy to manage work for your entire pool of resources in one place. Image: monday.com To start, you’ll need to add all of your resources, including freelancers and in-house team members if you’re managing their work here too. From there, you can invite as many guest users as you need to at no extra cost. Once they’re onboarded, you can start assigning tasks. They will be able to track their time, monitor deadlines, upload files, leave comments, and more. The best part about this template is how it brings all of your outsourced tasks together. You’ll easily be able to keep track of everything happening outside the company in one place. Each task can have its own status, allocated amount of time, due date, owner, and assignee. It’s simple, yet effective. You can also add additional columns if you need to. monday.com makes it easy to control access and editing capabilities so you don’t have to worry about freelancers being able to see things you don’t want them to. ClickUp: A Kanban-style freelancer management template ClickUp is another powerful option if you want a complete project management solution. Its generous free plan includes collaborative document sharing, whiteboard features, sprint management, calendar views, and Kanban boards. It’s more than enough to get started and many smaller businesses can stay on the free plan for quite some time. You’ll be able to invite as many free users as you’d like, just keep in mind that you won’t have granular access controls unless you upgrade. More on ClickUp: ClickUp Review | ClickUp vs Asana | ClickUp vs. Notion. ClickUp’s freelancer management template is simple and straightforward yet powerful enough to manage dozens of contractors. Image: Clickup.com Kanban boards are simple, familiar, and highly visual — they’re great for managing projects and tasks, especially those you’re outsourcing to a contractor. They likely won’t have to learn a new system or wonder how it works. All you have to do is create a backlog of tasks, assign them, set due dates, and invite them to collaborate with you on ClickUp. They’ll be able to manage their work, mark tasks as complete, leave comments, ask questions, collaborate on documents, chat with you, and more. It takes just a few minutes to configure everything if you’re using this template as is. Otherwise, it may take up to an hour to customize it to match your needs. You can adjust the columns, fields that show on each card, what it looks like when you open a card, and just about every other element. You can even turn off features you aren’t going to use. This ensures nobody uses them by accident. Knack: Manage projects, resumes, and invoices in one place Knack is a no-code development platform that’s great for companies who want to create their own custom apps. You can use it to build web portals, databases, project trackers, and even a directory to manage all of your freelancers. There’s no free plan, but there is a 14-day free trial if you want to try it before you invest. Plans start at $59 per month. It’s a bit pricey, but it’s worth it if you need the level of customization it provides. Create a full freelance management system with Knack. Image: Knack.com This template is great if you need a full system to manage freelancer projects and tasks, invoices, service agreements, and resumes. It allows you to create a complete directory of every freelancer you’ve ever worked with. This can be useful if you want to have an approved list of contractors or a large pool of freelancers you can pick from at any time. It’s also invaluable if you do a lot of recruiting or cycling through. You’ll be able to categorize your directory based on their skills, experience level, type of agreement, or any other custom attribute you’d like. This makes it easy to find exactly what you need when you need it. Contractors will be able to send invoices and even add a portfolio of their work directly within the platform. They have full access to their profiles and can update them any time. The downside of this template is how much upfront work is required. You’ll likely have to do a bit of customizing, training, and tweaking before you start using it. Building a custom no-code app is always more challenging than you think it’ll be. But it definitely pays off if you need it. Airtable: A comprehensive freelancer management database As a powerful relational database builder, Airtable makes it easy for non-developers to build systems, including a freelancer management database. On top of that, you can utilize automations to streamline notifications, task assignments, and more. Airtable’s free plan supports up to 1,000 records per base, which is more than enough to start. More on Airtable: Airtable Review | Airtable vs Asana | Airtable vs Trello. Manage freelancers and their work with Airtable’s powerful relational database platform. Image: Airtable.com This template comes with prebuilt tables for contractors, assignments, projects, and your internal team. Although it’s

If PowerShell’s learning curve has kept you from embracing it, “cool” might not be a word you’d associate with it. But PowerShell is here to stay. It’s a core part of Microsoft 365, Azure, and Windows Server 2022 and has immense power. In this article, TechRepublic will offer a few tricks that could come in handy. Besides, it is always cooler when you amaze someone with the solution from the command line. Having someone watch you right-click and fix something doesn’t have the same appeal. Note: Be careful, very careful Yes, this is a tool worthy of the name. PowerShell can easily cause massive configuration changes, positive or negative — so protect yourself and establish a test environment for your learning experiences. Also, consider using the -confirm parameter to test configurations before execution for certain commands. 1. Report all of the USB devices installed PowerShell is Windows Management Instrumentation aware. From PowerShell, you can make a WMI call to retrieve the USB devices installed in a local or remote system: gwmi Win32_USBControllerDevice -computername SERVER1 |fl Antecedent,Dependent This filter will bring back the antecedent and dependent fields from the SERVER1 computer. Should you want the full export, you can omit the pipe, | , and filter statement to comprehensively export the USB devices on a system. This could be useful for maintaining a report for servers with a USB license device installed to maintain connectivity from the device’s perspective. 2. Perform your favorite Command Prompt tasks All tasks performed in the Command Prompt can also be done within PowerShell. This could help you become more familiar with the interface. Launch PowerShell in the Run dialog box with the command powershell. You can also assign a shortcut key to PowerShell so Ctrl + Shift + P launches it directly. 3. Kill a process in PowerShell instead of Task Manager When you have a Windows service running that will not respond to stop commands, you can use PowerShell to perform the equivalent actions of ending the task within Task Manager. For instance, you’d do the following for BadThread.exe: get-process BadTh* The results will be similar to this: Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName ——- —— —– —– —– —— — ———– 28 4 -210844 -201128 -163 25.67 2792 BadThread Once the Process ID has been identified, you can kill the errant process by entering: stop-process -id 2792 At that point, the BadThread example will be hard stopped and you can resume your attempt to start the service. You can do that right here in PowerShell as well. But, if the process doesn’t terminate gracefully, you can use the -Force parameter: stop-process -id 2792 -Force Be cautious when using it, as it could result in data loss or corruption if the process is in the middle of a task. 4. Use PSDrive to view more than just drives The PSDrive command lets you view objects of the Windows environment beyond traditional network, local, or removable drives. One popular view is the HKLM PSDrive, which allows you to view the HKEY_LOCAL_MACHINE top-level hive of the registry. To get into the registry, enter the following command: PS C:> cd HKLM: PS HKLM:/> You are then transported into the registry hive and can view and even delete items, should you wish. 5. Export NTFS folder permissions — recursive or not Managing NTFS permissions is a separate matter, but with PowerShell, you can export the permissions to audit access or take a quick look at access control lists for the security configuration. This can be a great accountability mechanism to run in a scripted format periodically — or you can run it on demand to diagnose a particular issue. For example, take the following iteration: PS E:>Get-Acl N:Data This will give you a quick report of your security rights to the specified path (note that it won’t give the shared access). That alone is nothing too exciting, as it will report only the single specified path. But if you want to include recursion for the entire path, you can use other strategies. For the same N:Data path, you’d use the Get-ChildItem command within PowerShell, combined with the Get-Acl command. Consider the following example: PS E:>Get-ChildItem N:Data -recurse | Get-Acl This will span the entire N:Data path and display the ACLs for the contents of the path. What happens here is that the Get-ChildItem provides an inventory of the file system objects, and that collection is passed to Get-Acl to provide the results for each item. If you want to archive this to a comma-separated variable (CSV) document, you pass | export-csv c:filename.csv at the end of the command. You can also pass the normal > C:filename.txt to the end of the command to get it exported to a text file. Note that when you use the -recurse option, it does just that and will traverse the entire path you specify. So be careful when doing it across a large volume or over the network. 6. Background a time-consuming task If you have a command, or cmdlet, that will take some time to run, you can use PowerShell to send it to the background to complete. In this way, you can send a series of commands to execute at once and let them complete on their schedule. The command to launch a background job leads with the start-psjob parameter. You can query PowerShell on the status of any of the jobs with the following command: PS C:>get-psjob You’ll see a table of results showing the status of your jobs, with a unique session identifier for each one. You can remove any failed jobs by running the following command: PS C:>remove-psjob 9 7. Insert timestamps into PowerShell outputs For your PowerShell tasks, you can have a timestamp entered in series to determine how long a single step occurs or use it as a logging mechanism for your scripts. To insert a timestamp, enter one of the following commands as a single line within your .ps1 file: Date

Software Spotlight: CrowdStrike CrowdStrike Falcon® Cloud Security is a unified cloud security platform that protects infrastructure, applications, data, AI, and SaaS across hybrid and multi-cloud environments. It enables organizations to consolidate tools, reduce complexity, and stop breaches. Code-to-Cloud Protection: Streamlines security with a single agent and agentless architecture that unifies cloud point products and eliminates security gaps. Built to Stop Breaches: Delivers advanced runtime protection, managed threat hunting, and native Cloud Detection and Response (CDR) to stop breaches in real time. Hybrid Cloud Security: Provides unified visibility and security across cloud and on-premises environments for seamless protection in hybrid architectures. Cloud security posture management, or CSPM tools, are automated security solutions designed to continuously monitor and assess cloud infrastructures, services, and applications for misconfigurations and compliance issues. These tools are more important than ever as more organizations now leverage the multicloud approach to cloud adoption, a practice that comes with configuration and security compliance complexities. According to a Fortinet-sponsored report conducted by cybersecurity experts, many organizations are now increasingly wary of AI-based threats, prompting them to have heightened concern about cloud security. To address this challenge, many cloud-first organizations now deploy CSPM tools to help them monitor, identify, alert, and remediate compliance risks and misconfigurations in their cloud environments. To determine which CSPM tool is best suited for your organization, I’ve compiled a list of the top CSPM solutions for 2024. Semperis Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more ManageEngine Log360 Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise Features Activity Monitoring, Blacklisting, Dashboard, and more What is cloud security posture management? CSPM tools can help users maintain a secure cloud posture by recommending best practices and enforcing security policies across all cloud accounts and services. These policies can include access controls, encryption settings, network configurations, and more. By automating the enforcement process, CSPM software minimizes the risk of misconfigurations and helps defend against threats or outside attacks. SEE: Brute Force and Dictionary Attacks: A Guide for IT Leaders (TechRepublic Premium) Best cloud security posture management software comparison The table below provides a comparison of key features available in each CSPM option. Best cloud security posture management software Here is a rundown of the seven best CSPM software choices in 2024, highlighting their features, pricing plans, pros, and cons. Orca Security: Best for cloud workloads Image: Orca Orca presents users with a CSPM tool that scans their workloads and maps the results into a centralized platform. It can analyze risks and identify situations where seemingly unrelated issues could lead to harmful attack paths. With these insights, Orca prioritizes risks, minimizing the burden of excessive alerts for users. SEE: Everything You Need to Know about the Malvertising Cybersecurity Threat (TechRepublic Premium) Orca also facilitates continuous monitoring for cloud attacks. It features a visual graph to give insight into an organization’s potential attack surface and the attacker’s end target within a cloud environment. Regarding compliance, Orca provides compliance features that enable cloud resources to adhere to regulatory frameworks and industry benchmarks, including data privacy requirements. The platform unifies compliance monitoring for cloud infrastructure workloads, containers, identities, data, and more, all within a single dashboard. Why I chose Orca Security I have Orca Security on this list because it’s a quality solution for organizations that primarily work on the cloud. Its risk analysis and identification of cloud workloads make it a useful tool to combat unnoticed threats. In my view, its extensive reporting and insights functionality, covering an organization’s attack surface, is another feature inclusion that makes it a top choice for those looking to address vulnerabilities or prevent future attacks. Pricing Orca offers a 30-day free trial. Contact Orca to get a quote. Features Cloud compliance. Unified Data Model. Continuous monitoring. Orca Security Score. Attack path analysis. PII detection. Malware detection. The Orca misconfiguration alert dashboard. Image: Orca Orca Security pros and cons Pros Cons Users can create personalized views of Orca’s Risk Dashboard. No pricing information is available on its website. This solution offers a 30-day free trial. It helps organizations meet compliance with PCI-DSS, GDPR, HIPAA, and CCPA. Users can generate comprehensive cloud security reports and share them across various channels. Users can write their own alert queries or use over 1,300 prebuilt system queries. Prisma Cloud: Best for multicloud environments Image: Prisma Prisma Cloud by Palo Alto Networks offers comprehensive visibility and control over the security posture of deployed resources in multicloud environments. The solution can help users implement instant configurations with over 700 pre-defined policies from more than 120 cloud services. That feature can aid organizations in correcting typical multicloud misconfigurations, preventing potential security breaches, and developing custom security policies. With Prisma Cloud, users can also benefit from continuous compliance posture monitoring and one-click reporting, offering coverage for various regulations and standards, including CIS, GDPR, HIPAA, ISO-27001, NIST-800, PCI-DSS, and SOC 2. The solution also provides custom reporting. SEE: What is Cloud Security? Fundamental Guide (TechRepublic) Prisma Cloud offers network threat detection and user entity behavior analytics features, allowing customers to identify unusual network activities, DNS-based threats, and insider threats by monitoring billions of flow logs received every week. Why I chose Prisma Cloud I selected Prisma Cloud due to it being a high quality option for organizations already employing multicloud environments. With more and more companies adopting multicloud, I particularly appreciate Prima Cloud’s pre-defined policies and built-in network threat detection. These can help catch holes or risk areas across multiple cloud providers. This is especially crucial with multicloud environments, as different

The Chinese government is investigating U.S. chipmaker NVIDIA for allegedly violating its anti-monopoly law by acquiring interconnect provider Mellanox. On Monday, the State Administration for Market Regulation made a statement via China Central Television announcing the investigation, but it does not discuss the specifics of NVIDIA’s suspected violations. The authority approved NVIDIA’s $6.9 billion acquisition of Mellanox, an Israeli company, in 2020 with certain conditions. These aimed to prevent the tech giant from restricting competition in the markets of GPU acceleration, private internetworking devices, and high-speed Ethernet adapters. SEE: EU Investigates NVIDIA Deal With Run:ai Mellanox was required to provide information about new products to Chinese rivals within 90 days of making them available to NVIDIA and give them a chance to ensure their own products are compatible, according to Bloomberg. Conditions also included prohibitions on product bundling, discrimination against customers who buy products separately, and unreasonable trading terms. A NVIDIA spokesperson told TechRepublic: “NVIDIA wins on merit, as reflected in our benchmark results and value to customers, and customers can choose whatever solution is best for them. “We work hard to provide the best products we can in every region and honor our commitments everywhere we do business. We are happy to answer any questions regulators may have about our business.” More must-read AI coverage Latest shot fired in the U.S.-China chip war The investigation represents just the latest move in the years-long tussle for dominance in the lucrative semiconductor market between the U.S. and China. NVIDIA is the leading provider of artificial intelligence and gaming chips, announcing record revenues of $30 billion (£24.7 billion) in the second quarter of 2024. The U.S. is keen to maintain its current sovereignty by blocking China from access to NVIDIA’s state-of-the-art hardware, which is crucial for running advanced AI models. In addition to financial motivations, the U.S. has also raised concerns about China developing AI for military purposes. In 2022, the U.S. applied its first set of chip-related export controls on the sale of semiconductors to Beijing and separately banned NVIDIA from selling its most advanced chips to Chinese companies. In response, NVIDIA developed the China-specific A800 and H100 chips that were compliant with the new controls, enabling it to maintain customers in the country. That same year, the U.S. passed the CHIPS Act, which provided needed semiconductor research investments and manufacturing incentives and reinforced America’s economy, national security, and supply. It also launched a blueprint for an AI Bill of Rights to help regulate AI domestically. Intel, TSMC, Texas Instruments, and Samsung — the world’s largest memory chipmaker — have all announced plans to build fabs in the U.S. SEE: Global Chip Shortage: Everything You Need to Know Then, in August 2023, China’s Ministry of Commerce enforced export controls on gallium and germanium-related items “to safeguard national security and interests.” These rare metals are essential in chip production, and China produces 98% and 54% of the world’s supply of gallium and germanium, respectively. According to data from the Financial Times, the cost of the minerals has almost doubled in the year since. In October last year, the U.S. imposed a second set of export restrictions on semiconductors, closing some of the loopholes NVIDIA exploited with A800 and H100. Since then, the chips giant has been preparing to release new iterations that bypass the updated rules. Nevertheless, the restrictions have greatly impacted NVIDIA’s earnings in China. The country accounted for just 16.9% of its revenue in 2023, 9.5% less than in 2021, according to its latest financial results. Just last week, the Biden administration announced its third set of restrictions on semiconductor exports to China, expanding the list of banned technologies. Beijing responded with a statement, declaring it a “typical act of economic coercion and non-market practice.” “The US says one thing and does another, constantly generalizing the concept of national security, abusing export control measures, and implementing unilateral bullying,” the Ministry of Commerce spokesperson said. “China firmly opposes this.” In response China swiftly banned the sale of germanium and gallium to the U.S., closing loopholes from its 2023 export controls, and added a number of U.S. defense tech startups that cannot do business in China. Quests for AI sovereignty surging worldwide It’s not just the U.S. and China that want to reduce their reliance on other countries regarding AI chips. Both Japan and the Netherlands have struck deals with the White House to restrict the sale of chipmaking kits to China. The U.K. blocked most license applications for companies seeking to export semiconductor technology to China in 2023. That same year, the U.K. government announced that it would devote £100 million ($126 million) to fostering AI hardware development and shoring up possible computer chip shortages. Amazon Web Services also announced plans to invest £8 billion in data centres in the country over the next five years. SEE: UK Government Announces £32m for AI Projects After Scrapping Funding for Supercomputers The European Union offered €43 billion ($46 billion) in subsidies to boost its semiconductor sector with its European Chips Act, which was adopted in July 2023. The bloc also has the lofty goal of producing 20% of the world’s semiconductors by 2030. Global antitrust investigations into NVIDIA NVIDIA is having trouble mediating the U.S.-China chip wars. In addition to the Beijing investigation, the U.S. Justice Department is investigating whether the company violated its antitrust laws by punishing customers who also buy from its competitors and making it difficult to switch suppliers, according to Bloomberg. SEE: AI Surge Could Trigger Global Chip Shortage by 2026 Benoît Cœuré, the president of the French competition authority, has also said that NVIDIA may face antitrust charges in the country “one day” at a July press conference, Bloomberg has reported. source