The challenge in today’s world with data is that people are on two ends of the spectrum, there will be some products/ companies that say I don’t have data for my use case. In my previous start-up, we were in that bucket, how do we get data for the application that I want to build?
There are a bunch of people on the other end who have lots of data. Having data is not the challenge, making sense of the data is the bigger challenge. For example, there are CCTV cameras today that are generating a lot of data, a humongous amount of data that we cant process. I think that was the genesis of the data platform – can we centralize it, make sense of the data, make it easy to process and extract value out of it.
I think we were not the ones who started that trend, US companies like Facebook showed that there has to be a data platform and we were the first to adopt it in India. Flipkart very quickly realized that data would become a differentiator. It is not because Flipkart has been around for a long time that it will win but it is because Flipkart has understood what these users want, what works, what doesn’t work and how we create a better experience for the users day in and day out. We started that, in today’s time I will be surprised if any startup says that they don’t have a data platform, data is the key.
We are discussing hybrid cloud vs single cloud, so yes this is a question that is on the top of the mind for a lot of CTOs and CIOs, I hear a lot about this question in other forums too. We are at a stage in the evolution of technology, cloud came in and we realised that we can focus on what matters to the company and build our application, our functionality and offload availability, scale and reliability to a cloud provider. I still remember in 2012 we had a massive catalogue in Flipkart which powered our website, we were storing it in MySQL. There was no relational database service or cloud providers who did that. So, there was a large dedicated team that ensured we could run the data at that scale and keep it up. There were investments in specialized hardware to store this data. It is a deep, highly specialized, skill-oriented work, hard to get people who do this. You need to be on it day in and day out.
Now cloud comes in, so startups on day one can go to RDS, you start small but you can quickly scale to 1000 requests in a minute, it can support that with all the data coming in. So, the way cloud started off, people were really overjoyed with it solving their problems, businesses could focus on what they needed. Generally, clouds are reliable, they have a concept of SLAs – what percentage of time can one say the cloud will be up and available. We measure them in nine’s – 4 nines, 5 nines and so on. These tell you, in a month what is the maximum downtime that can happen, we are looking at most 10 minutes of downtime in a month.
What this did was now most of the companies are on cloud today and sorts of applications are coming on cloud and this is where this question comes – now that you are on the cloud, are there any challenges or downsides to being here? I believe the biggest thing you end up seeing eventually for a company which grows massively like udaan has a huge footprint on the cloud. Even at Flipkart, we had a huge footprint on our own data centres. You begin to realise that if things go wrong you have very limited control because someone else is doing it. They are not expected to go down, if they do go down something really bad has happened and anything can go wrong. For instance, if a company’s data centre is in a country that is prone to flooding, it would be just water, which is out of your control. If things go wrong, it is usually bad, most of us face that challenge – we have to figure out a way to mitigate the downside or impact on the end customers.
There can be instances where it is very little you can do, the provider is fixing the issue. This is one kind of challenge you see, second challenge is that there are multiple cloud providers, some are good at something, others at something else. As the dependency on cloud platform services starts increasing, you realize some platforms are much better than others on some of these services. The third challenge is you see that the cost starts becoming material over time. Like everything in life what is good eventually ends up showing the challenges on the bad side.
What is working to your advantage on the cloud, for example, is to empower my engineering team. You need to build a new service and scale it out and it is just a command or a click on the UI. What it also means is that at scale you need the right governance otherwise your cost will just blow it up. So, that’s the third thing that hits companies. We’ve seen that at scale most companies have gone to their own cloud strategies, however, there have been exceptions. All the large players like Facebook, Google and others started depending on cloud providers. However, Google eventually externalised it like GCP is available as a platform to others. And then there are companies like Netflix who decided that they will not have their own cloud, it continued to depend on AWS. But they have very deep connections, so there is a lot of custom work happening for them to solve these three challenges – cost, availability of features, capabilities and uptimes just to make sure they have the least number of challenges.
A lot of other companies like Alibaba in china ended up building a cloud for themselves. Flipkart built its own cloud, we had a cloud team. My take on this is a multi-cloud or a hybrid cloud strategy, that is one of the ways to mitigate it. You create infrastructure which allows you to take the best of what is available to you or certain services. For example, you depend on cloud API to do OCRs or to do accurate facial recognition and one of the players has a much better performance at this time. Why wouldn’t you do what is best for your business? So the availability to go to multiple clouds – I would say the availability to have something of your own which allows you to do deeper integrations with your data. For example, if you are storing sensitive data like Adhaar card for KYC, you require native support like hashing and encryption, ensuring the data is more secure. You don’t want to put this data on the cloud, keeping these options is the thing to do. But these require investments and do not come for free. One of the biggest costs of the cloud is to take the data out. If you are on two providers, you’ll have to figure out how to bring the data out.
Money is elusive, and so is the financial peddle. In the words of celebrated investor and banker, Sir John Templeton, the four most crucial expressions of investing are: “This time it’s different.” In all likelihood, deep regulation of financial services stems from this belief. Over the past few years, Financial Institutions (FIs) have coordinated with FinTechs on the varied facets of the business. As the financial industry is built with intricacy and uncertainty, regulations play a key role in driving changes and influencing their pace. Technology once more takes part in easing the bags of risk and compliance officers, by automating the repetitive work they used to do in Excel sheets and legacy systems. Speaking of RegTech, many believe it to be just perhaps a subset of FinTech. But how true is that? Let’s take a deeper look.
An In-Depth Look at RegTech
Regulatory Technology, widely known as RegTech, is the pertinence of the soaring technology to enhance the way businesses govern regulatory compliance. RegTech as a concept brings in three significant elements, namely; People, Data, and Regulations — intended to enable firms in achieving a compliance culture. On a broader note, RegTech powers the amalgamation of these elements to authorize and uplift businesses and their regulations.
The Categories of RegTech
Let’s understand the Regtech landscape with various solutions aligned with the four existing processes;
Regulatory Monitoring: Tools that deliver Regulatory content are in the form of a content library, feed, or resource center. Regulatory content is combined into one platform by content tools, increasing the efficiency of the research and horizon scanning.
Regulatory Obligations: Technology that facilitates regulatory knowledge represents a quantum leap beyond content. In this category, the raw text is transformed into actionable knowledge, including the specific obligations that a company must comply with.
Compliance Management: Regulatory containers include technologies such as GRC (governance, risk, and compliance) platforms and other workflow systems, which contain all of an organization’s regulatory obligations, controls, procedures, and policies. Users can use workflow to track and manage compliance efforts.
Execution of Compliance: Having consolidated the regulatory information into a preferred container, firms can implement additional point solutions either execute a task according to regulations or measure compliance with regulations.
Tech evolution and outpouring of digital products and services has shot-up data breaches, cyber-attacks, tax evasion, and other forged activities. In the light of dealing with these competencies effectively, RegTech solutions have become a requisite. The perfect example of Regtech’s inevitable use is the electronic Know Your Customer (eKYC) process which helps banks verify the identities of the people who open new accounts digitally. KYC is the critical part of the banking regulations process now obsoleting the manual process of checks. With the Regtech, this verification is now digitized, automated, and can be concluded in less than 3 minutes.
Regulation and privacy are talking points for regulators, making RegTech a niche segment within the FinTech ecosystem. Several interesting use cases may be explored by FI-FinTech partnerships in the coming years. Chainalysis is a leading blockchain-based Regtech company mainly concentrating on investigation, compliance, and risk management tools with the foresight to stamp out money laundering, fraud, and compliance violations in the sector of cryptocurrency. It has backed considerable digital payment companies like Gemini, Nets, etc to certify bitcoin transactions and comply with federal regulations. California-based Hummingbird offers an anti-money laundering platform to banks, fintech, lending, and credit companies. Sift is another RegTech using AI, ML, and Big Data to assist organizations to identify fraud, detecting money laundering, and striking out fake accounts.
Mushrooming technologies such as cloud, big data, and machine learning, when harnessed under the umbrella of RegTech, reduce the risk of money laundering through the compliance department.
RegTech tools are designed to monitor transactions, that appear online in real-time and potentially identify issues and irregularities that take place in the digital payment space. It is immediately communicated to the financial entity if any type of anomaly is detected to determine if fraud is occurring. When companies identify financial threats at the onset, they can reduce risks and associated shortcomings, such as data breaches and lost funds. To achieve this, RegTech companies work in collaboration with financial institutions and regulatory bodies to leverage the power of cloud computing and big data to share information.
RegTech a Distinct Subset in FinTech
As a subcategory of FinTech, RegTech should be viewed as a separate phenomenon. RegTechs and Fintechs are changing the face of financial institutions and banks; however, it’s important to understand that RegTech has a much broader application and encompasses an even wider range of industry verticals. Money and numerous regulatory requirements are part of every business. As a result, RegTech goes beyond financial services and banking.
Benefits of RegTech
For financial services, Regtech offers enormous benefits:
Effective growth: Advancement of regulations aids technology and compliance authorities to operate placidly and thus uplifts effectiveness and productivity at a far-fetched pace.
Adequate accountability and comprehensiveness: Manual depository processes may forge certain limitations in compliance operations, resulting in human errors and long exposure. Thereby, adopting appropriate technology can mitigate these gaps and streamline compliance.
Substantial internal alignment: Advanced technologies reinforce business by authorizing greater transparency and accountability and hence connecting siloed processes and people. This leads to catering useful insights amongst vast business products and developing a strong thread of compliance.
Enhanced risk management: Through monitoring systems and informing personnel about suspicious activities, Regtech tools could mitigate many types of risks such as market abuse, cyber-attacks, fraud, unseen events, regulatory and legal risks, etc.
Typically, FinTech looks at innovative solutions to bridge the gap between financial service organizations, the largest banks, and the bigger insurance businesses. While RegTech is scrutinizing varied aspects, there are some similar technologies, but the solution differs. According to ResearchAndMarkets.com, the global RegTech market reached a value of US$ 8.7 Billion in 2021. Looking forward, the market is expected to reach US$ 29.2 Billion by 2027. With an increase in the regulatory activity and compliance costs, stakeholders such as investors and venture capital firms are relying on RegTech. By leveraging Regtech, businesses, banks, and insurers can comply with regulations more efficiently and effectively.
Increasing Need for RegTech
Recent years have seen numerous changes and advancements within the financial sector. The changes have resulted in increased partnerships of several financial institutions with fintech companies. Owing to growing pressure from regulators to ensure data compliance and governance, financial companies now pay equal attention to backend aspects, too. A lot of financial services sectors are advancing a transition towards the technology front. A growing number of financial companies today are transforming open API-based technology architectures, which are useful for integrating RegTech. In response to the increase in regulatory activity and compliance costs, investors and venture capital firms are turning to regulatory technology or RegTech. According to experts, the reason for RegTech’s increasing popularity is the fact that financial services are looking forward to leveraging technology innovation.
Due to volatility in the money market, Regtech solutions that are robust and effective are inevitable. Faced with the ever-increasing complexity of regulations, RegTech certainly holds a lot of promise. RegTech solutions are essential to assist FI in complying with regulatory requirements more easily and in a more cost-effective manner due to the complexity of the financial industry and strict legal and regulatory requirements.
Another thing that Atlassian does well which has helped us in this aspect is, that we won’t hire like three engineers and sort of leave them on their own to get something done right. We will hire a full triad of a manager like an engineering manager, product manager, and designer, and will give them some level of ownership on the roadmap so that you are excited about what you’re doing and you can see the impact of your work. We don’t have a hub and spoke model, where all decisions happen in one location, we operate like it’s a pretty global company. Every office has its own set of areas that they are driving, which has helped a lot as well so we have multiple leaders in India for example who globally lead teams, whether it is product, design, engineering and I think all that makes a huge difference, I think that has helped us huge to attract talent. So we do follow the triad model, basically, the triad is Engineering, Product management design, and then you have the triad at many levels so like my triad has a few triads under us so it’s like a pyramid.
They all sound very perfect it’s funny I kind of joke sometimes my triad does not work, the triad is great because it’s not always easy you know sometimes you have a level mismatch but having said that we do lean on triad a lot, and when is a lot of trust between the triad members, it makes a huge difference as I have seen like how I am such an engineer sometimes I go and talk to my design counterpart just to balance out my company because I feel like design comes with a very and definitely my triad partners both in the marketplace and here, they have helped me think very differently from how I would normally approach a problem, so from that point of view as well it really helps when you have the diversity of thinking and perspective, of course, you know that the trial like the success and failure is all tied to the triad so it becomes easier to save your team, the team is going to make this happen I think that has helped us quite a bit as well. I think my Urban ladder experience helped me a lot because I got exposure to you know working with customers service, operation, and marketing like I got to work with the head of the department where are you learn so much of their craft which I don’t think earlier and had exposure and I definitely cherish that.
Microsoft for example, when I got in it was 60,000 people and today Atlassian maybe 7000 I think even that scale makes a massive difference in how you operate and of course, every company evolves and there are pros and cons. It is very hard to say this vs that, how you operate still at 7000 is significantly different as well at Atlassian what i have seen is you know we do try to ensure that like you want every decision to be made with the information is present and take it at the lowest level by your maximum information and that definitely helped; that goes back to you know to empower your team, unleashing a potential. How do you unleash the potential of a team that empowers people, are empowered to ensure that they are able to make those decisions.
So we do like there are certain practices we follow, definitely that lean into Agile a lot. There is definitely a fair amount of autonomy within the team. In fact, how zebra operates is very different from how the team might operate. I think that autonomy is critical you know because that specific problem you solving right and what you need to like that judgment and I think that is how, where tech is different right. You value somebody’s ability to judge, to make the right judgment calls and i need to lean into this looks interesting and this is the area where we should focus more right. At this scale i see we still manage to do that relatively well, there is a big because we follow the triad model, you know design especially plays a very key role in bringing in like User experience and User experience research that we have a pretty big team that does use experiences research as well and they bring a lot of insights around that having said all that you know I think as engineers especially it is i mean the onus is on all of us.
The word “Trust” may have a lot of implications in our day-to-day lives and depends on the context. When it comes to Crypto, the Root of Trust (RoT) is a source that can always be trusted within a cryptographic system. For encrypting and decrypting data and generating digital signatures and verifying signatures, RoT schemes have a hardened hardware component. A principal example is the hardware security module (HSM) which generates and protects keys and performs cryptographic functions within its secure environment. Elementarily let’s delve into the Cryptographic Root of Trust, securing information and communication which involves the use of Secret Key Encryption.
Recurring Cases of Data Breaches
In the digital era, along with ensuring trustworthy relationships in an organization, there is a strong need for a cryptographic layer of trust to combat the data breaches we have witnessed lately. With most Indians moving to the digital bubble, data is a valuable asset of the knowledge age. In 2020, all the data breaches in India witnessed an increase of 37% in comparison to the first quarter of 2019. A study from IBM reported that the cost of the leaks in India has reached a value of Rs. 14 crores in 2020 – a statistic that puts India as one of the top countries in cybercrime. According to a digital information firm, 15 billion credentials are up for sale with the close of the pandemic spawned lockdown.
The e-grocery BigBasket data leak is guarded to be the biggest haul in Indian Cyberspace. Another six major breaches that bewildered users include Haldiram Snacks Pvt Ltd, PM Modi’s personal website – narendramodi.in, Bharat Matrimony and Indian Railways online ticketing portal, IRCTC. Dr. Reddy’s Laboratories and Paytm Mall also encountered cyber-attacks later in the year 2020. Air India, Domino’s, Facebook, Mobikwik, and Upstox faced major data breaches in India in 2021. A recent data breach in April 2022 was discovered by safety detectives and affected the users of CashMama, a money lending app. For any platform or product, there is a need to ensure the data storing entities are well protected with the exact cryptographic building blocks to authorize a cryptographic trust layer. This layer of trust will reassure the customer to submit data on that platform.
Cryptographic Authentication Process
Cryptographic authentication mechanisms are more reliable than people in a cryptographic context. Trust is derived from the authentication process which validates that the entity/person claims to be who they claim to be. Take a look at some of the properties cryptography allows us to achieve and how they are linked to the concept of trust.
Confidentiality is one of the core components of cyber security. Simply put, the Confidentiality or Secrecy of information ensures that the data cannot be accessed by an unauthorized entity.
In this context, Alice is trusting the channel/platform she uses to communicate with Bob is ethical and free of intruders. Such a channel can be a messaging app for example and confidentiality is typically established by means of end-to-end encryption.
Authentication as the name implies is building the authenticity of the entities involved. For example, an entity James would claim to be an investment banker. The process which validates the authenticity of James and signifies trust that he is an investment banker is called authentication. Typically in cryptographic terminology, such authentication can occur as a means of authentication protocol.
An entity is said to be of integrity if it has not been tampered with, as the term implies. A message, for instance, is described as having integrity when it is delivered to the recipient and is trusted to remain that way. Integrity can usually be established by means of authentication codes attached to the entity in question.
In particular, non-repudiation provides us with assurances of a message’s authenticity, ensuring that the entity cannot retract or deny a message’s contents. In the cryptographic sense, this is typically achieved through the use of Signatures.
It goes without saying that these properties are crucial in any cryptographic layer of trust.
Key Protection is the Basic Root of Trust
When it comes to security, a ‘Root of Trust’ can be entrusted to ensure that the entire system is secure. In cryptography, the building block of ‘Root of Trust’ is that cryptographic keys remain secure and are safeguarded from theft.
Encryption, signing, authentication, and authenticated key exchange are all cryptographic operations that rely on secret keys. If the secret key is disclosed by the attacker, the attacker is bound to perform all the things the legitimate parties can do. If the key is a signing key, then it can sign on any message, transaction, or document as the legitimate signer; if the key is a decryption key, it can decrypt the totality secured by the key; and if the key is for authentication of a person or a device, then it can enact that person or device at will. Moreover, the attacker can use these secrets in much the same way as the legitimate user, so identifying the attacker is challenging.
As a result, rightly implemented cryptography can provide high levels of security and assurance. On the other hand, if the secret keys are stolen, the entire system collapses and defense goes down the drain. The secret keys must be stored and protected carefully in any cryptographic deployment. The ability to protect the system effectively is the root of trust for the entire system and is therefore indispensable.
Rising To The Challenge
The question of how to build strong roots of trust in an organization’s cryptographic infrastructure cannot be answered easily. In some cases, a combination of solutions is even needed. Although this is true, it is imperative that organizations rise to the challenge and build a cryptographic skyscraper that is firmly rooted in solid foundations. With the complexity of building a strong Root of Trust, choosing a solution is crucial to building a clear threat model. Let’s decode Hardware Security Modules, Software Root of Trust, or Choosing Third-Parties Key management as the Root of Trust solutions in the upcoming chapter of Cryptographic Trust.
The explosion of Blockchain left everyone thinking when Twitter Co-founder Jack Dorsey’s first tweet was sold as a Non-Fungible Token (NFT) for $2.9 million to a Malaysian businessman. Acclaimed digital artist Mike Winkelmann, known as Beeple, made history in March 2021 when his NFT titled ‘Every day’s: The First 5000 Days’ sold for over $69 million at an auction at Christie’s — the most expensive NFT sale. In recent years, NFTs have become the talk of the town. These digital valuables are selling for millions of dollars from games and art to watches and tacos. Everyone seems to be investing, buying, or creating NFTs.
NFT or Non-Fungible Token is impossible to create, forge, exchange, or manipulate due to its unique properties and authentic certificates, generated through Blockchain technology curbed by cryptocurrency. NFTs exist only in the digital realm – they cannot be touched but can be owned. In addition to digital files, NFTs can also include real-world items, such as artwork, articles, music, memes, in-game items, and videos. They are bought and sold online. Although they have been around since 2014, NFTs are in the spotlight now owing to the trendier ways of buying and selling digital creatives.
Asia has since emerged as the frontrunner in the global NFT craze, with Southeast Asians making up most NFT-based web traffic. Central and Southeast Asia accounted for 35% of the $22 billion in the global trade of NFTs, says research firm Chainalysis Inc. Three Southeast Asian countries — the Philippines, Thailand, and Malaysia – dominate Finder’s web traffic ranking. The most popular countries for NFT searches were China, Singapore, Hong Kong, the Philippines, and South Korea.
The Indian cryptocurrency exchange WazirX launched South Asia’s first NFT marketplace in June 2021, with 15 NFT creators from across Asia. The platform allowed creators to pay minimal gas fees – payments made by NFT creators. Abhishek Kalyanpurkar, a 37-year-old digital artist from Mumbai, one of the beneficiaries, shared to Asia Financial, “It has been life-altering; anyone who is a creator should tap into this growing market. The buyer transfers crypto to my Metamask wallet and I get the money converted through Binance Exchange.”
Southeast Asia Leads in NFT Trend
Social media channels like Discord and Twitter have seen a rise in the number of Central and South Asian artists. Another growth witnessed in the space is through NFT play-to-earn games. Southeast Asia boasts some of the highest rates of NFT ownership globally; one NFT game that saw rapid growth in Asia was the Play-To-Earn “Axie Infinity” game from Vietnamese company, Sky Mavis. To encash the gaming rewards for crypto gamers, Metamask, a soft wallet with 21 million users, claimed that the Philippines is its single biggest market and Vietnam takes the third place with 32% of adults admitting to owning at least one NFT. While Thailand has 27% of its correspondents claiming ownership of an NFT. The country also recently held its first virtual property sale, which allowed users to buy actual property inside Bangkok’s downtown area and become virtual landowners in the Metaverse ecosystem.
The most populous Southeast Asian country, Indonesia, looks particularly promising. Bali, Indonesia’s top tourist destination, is an emerging crypto hub. The nation’s largest crypto exchange, Tokocrypto, recently launched T-Hub, a physical fleet for Asia’s crypto community. Bali has its own physical NFT gallery, the Superlative Gallery, which opened to visitors in January 2022. With a physical crypto zone, an NFT gallery, and friendly visa regulations, Indonesia is a sleeping giant in the NFT scene.
Over 4.5 million Filipinos lost their jobs due to the pandemic, and Axie Infinity became an alternative source of income for many. As part of the game, players are required to own an NFT minted as an avatar called “Axies.” The Axies are purchased or traded through two cryptocurrencies – Smooth Love Potions (SLP) and Axie Infinity Shards (AXS).
“Axie solves one crucial problem that is associated with NFTs – low liquidity,” said Nix Eniego, a 29-year-old Axie Scholarship manager from the Philippines. “While playing Axie, you can instantly use your Axie NFTs. This is not true for creators who sell their NFT art.”
In Asia, there was also a growing number of NFT gatherings last year, including Art Moments Jakarta, Art Fair Philippines, and CryptoArt Week Asia. Furthermore, NFTs are being used for protests. Badiuco, an Australian-based Chinese political artist, raised various sensitive geopolitical issues in his Beijing 2022 Winter Olympics NFT collection.
Phishing, bootlegging and stealing identities from NFTs
Despite the craze, the industry has its share of pitfalls. There have been numerous reports of plagiarized artwork, counterfeit products, and identity theft. Even on the world’s largest NFT marketplace, OpenSea, NFT artists complain that their requests to take down accounts copying their digital art are ignored. Geoffrey Huntley, an Australian IT professional and programmer, shares in an interview with the Business Insider, “Storing one gigabyte of data on a blockchain costs over $76,000, Many NFT artworks claiming to be stored on a blockchain are still using Google Drive or a web 2.0 host. You are spending billions of dollars on a clickable link that will lead you to an image.”
‘NFT Thefts’ is a Twitter page aimed at educating artists on how to secure their digital art from being stolen. The Digital Millennium Copyright Act, for example, provides qualified online service providers like Google a safe harbor from monetary liability for copyright infringement claims. To protect an artist’s creation, NFT marketplaces initiated verification badges for artists owning the work, it remains to be seen if this suffices to assure their creation. Despite these problems, NFTs provide platforms for Asian artists to profit from blockchain technology with their artwork. Artists like Abhishek and other game players have substantially benefited from NFTs through trading their digital collectibles.
The Changing Society
Despite the Asian market stagnation for cryptocurrencies and Bitcoin, the NFT customer base is gaining quick momentum in Asia. Southeast Asia is leading the way. With blockchain technology still evolving and utilities being discovered by the day, the NFT market is still considered in its infancy. With most countries ranking high in terms of ownership, Southeast Asia may also become the hotbed of NFTs, as well as the litmus test of public acceptance. But are NFTs worth the money or just another hype? Some experts, even artists themselves believe it’s just the bubble to pop or a passing fad. Others opine that NFTs are the future and are here to stay, which will revolutionize investing forever. While Asia continues to show healthy growth trends, NFTs are expected to explode further.