The Arizona Technology Council and Phoenix Business RadioX are proud to host monthly podcasts on technology events, forecasts, issues, and trends. For the July 27th podcast, hosts Karen Nowicki and Steven Zylstra invited experts from DocSolid, OnStream Software, and ZorroSign to discuss how digital transformation can reimagine customer interactions.
Steve Irons of DocSolid, Tiffany Ma of OneStream Software, and Kristen Harder of ZorroSign spoke on the importance of digital transformation for businesses, issues and obstacles businesses often encounter when moving to digital, how DocSolid, OneStream, and ZorroSign help companies transition from paper-based operations to digital, business benefits beyond faster digital processes, future trends, and predictions for the next ten years of digital transformation.
Validated Claim Support, LLC is an emerging leader in cosmetic and skin care clinical research. They came to ZorroSign needing a workflow management, digital signature, and document management solution for three business drivers:
To collect clinical study informed consent documentation and study protocol information
To collect secure, legally binding and authenticated signatures from inter party legal agreements between Validated Claim Support, sponsor clients and vendors
To complete general office documentation like employment agreements and organization policy acknowledgment
Another concern for Validated Claim Support was ensuring security and privacy when managing clinical study information. The organization must make certain that its processes are efficient without compromising data or privacy, are always compliant with FDA guidelines, and minimizing (or eliminating) potential errors.
“As a clinical research organization, ZorroSign provides us with an extremely traceable and secure method for capturing signature authorizations from our test subjects.”
Validated Claim Support chose ZorroSign as its digital signature vendor because ZorroSign exceeded their privacy and security requirements, and because ZorroSign’s comprehensive workflow automation was the perfect complement to the clinical researchers’ technology initiatives.
ZorroSign’s solution further provides VCS with a systematic archiving of documents with the platform’s built-in document management system. As an FDA registered and inspected laboratory, Validated Claim Support needs efficiency, security and accuracy when adopting any new technology, and ZorroSign’s digital signature solution uniquely fulfilled those requirements.
Validated Claim Support experienced a cost savings of roughly $10,000 per year from reduced personnel expenses by increasing productivity. The company also saved money by not needing test subjects to revisit their lab for signatures on documentation, changes and corrections.
“ZorroSign provides a significant cost savings due to time related efficiencies. With our staff less focused on menial signature chasing, we can prioritize internal workflows and customer service. This helps us to save time and also provides additional added value behind the scenes.”
The educational event provided an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters via panel discussions, keynote speakers—Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona, and John Davis (Major General, US Army, Retired), VP Public Sector at Palo Alto Networks—sponsors and other cybersecurity presentations.
Key Themes of the Summit
The merger of cyber and physical worlds, requiring consolidated security approaches
Building cybersecurity plans not just focused on prevention but also focused on quickly recovering from successful attacks
Blockchain Architecture For Elevated Security
ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.
By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.
How does this blockchain architecture contribute to cybersecurity?
Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.
Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.
This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
ZorroSign is a strong addition to any organization’s security stack, and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.
ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
Apply a digital equivalent of a wet-ink signature to the document (legal intent)
Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)
Unlike any other digital signature solution, ZorroSign seals all our clients’ documents with the Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.
Allyson and Kristen also attended a panel showcasing the importance of digital security, with a focus on encrypted data and how easily information can be obtained from unwanted parties if you’re not keeping up with the latest security and technology. They were grateful to the enthusiastic crowd of Phoenix area business leaders who were ready to learn about ZorroSign and the other businesses exhibiting.
“It was so refreshing to attend an in-person event,” said Allyson. “The ZorroSign team looks forward to attending many more events here in Arizona in the future.”
“It was also great to meet and connect with some amazing business leaders around the valley,” added Kristen.
We thank the Phoenix Metro Chamber for hosting this fun event, and especially Jack DuChene and Phil Guinouard for their help in promoting ZorroSign to the Phoenix community!
ZorroSign’s multi-chain blockchain platform is a mobile-first solution with Android and Apple apps designed to run on any mobile device such as smart phones and tablets.
Our technologies help governments, organizations, businesses, and individuals sign digital documents and execute transactions securely from anywhere, at any time, including:
Create an immutable audit trail and complete chain-of-custody validation from any mobile device with ZorroSign’s patented 4n6 (forensics) token.
Mobile Supported by Public/Private/Hybrid Cloud Deployments
ZorroSign’s mobile solutions can be deployed in various configurations to meet your organization’s data security requirements. For example . . .
Public Cloud Software-as-a-Service (SaaS)
Our standard deployment is on Amazon Web Services (AWS) public cloud computing network. This configuration benefits from AWS data centers and a network architected to protect your information, identities, applications, and devices. Built with the highest standards for privacy and data security, AWS is designed to help ZorroSign deliver secure, high-performing, resilient, and efficient infrastructure for our applications.
Private Cloud SaaS
In ZorroSign’s private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization. This fully managed service is ideal for financial services institutions or any organization requiring that your data resides only in servers where you have full control.
Hybrid (Public/Private) Cloud SaaS
Sitting between fully-public and fully-private cloud deployments is the option for a hybrid cloud configuration. Here, storing your data on our private, permissioned blockchain can occur on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations. We collaborate with your organization to configure the right mix of public self-service, scalability, and elasticity with private control and customization available with dedicated hardware.
Finally, for those customers who require both the ZorroSign platform and their data reside behind their own firewall or demilitarized zone (DMZ)—where a physical or logical sub network contains and exposes your organization’s external-facing services such as ZorroSign digital signatures, workflow management, and identity-as-a-service (IDaaS) applications—we support on-premise deployments.
Or sign up for your Free Trial of ZorroSign’s multi-chain blockchain solution for digital signatures, documents, and transactions—no credit card or payment required!
What is an Application Programming Interface?
An application programming interface, or API, is software that opens up an application’s data and functionally to external third-party developers, business partners, or internal departments within an organization.
APIs allow different applications to communicate with each other and leverage each other’s data and functionality through a documented interface. In other words, an API allows two different applications to talk to each other, access data, and acts as a go between that takes requests, translates, and returns responses.
The first are Open APIs, also known as public or external APIs, and they are available to use by any developer. This leads to open APIs having relatively low authentication and authorization measures but the assets they share are often restricted.
Partner APIs are shared externally, but only with those who have a business relation with the company that is providing the API. Access is limited to only those that have been authorized or have official licenses. These limitations make partner APIs more secure than public APIs.
Internal APIs, also called private APIs, are not intended to be used by third parties. They are used internally within companies for the transfer of data between teams and systems.
Composite APIs are a combination of multiple APIs, this allows developers to group different elements of the APIs for a unified response from different servers. These APIs work as an automatic chain of calls and responses that do not require intervention.
Without knowing it, you are likely using API’s every single day! One prime example is Google maps, which is used virtually by any website that wants to provide convenient directions to their location.
1. Client application initiates an API call to retrieve information—also known as a request. This request is processed from an application to the web server via the API’s Uniform Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
2. After receiving a valid request, the API makes a call to the external program or web server.
3. The server sends a response to the API with the requested information.
4. The API transfers the data to the initial requesting application.
Benefits of APIs
In today’s workplace, workflows, processes, and transaction management are constantly changing. APIs help to ensure that the connectivity and collaboration continue to remain strong even as workflows and processes change.
Innovation: APIs provide flexibility, this allows for seamless connections with new business opportunities, new service options to existing consumers, and for the opportunity to enter into new markets that support digital transformation.
ZorroSign’s understands the importance of APIs and that is why our seamless API integration process allows your users to remain on your existing platform’s user interface, while integrating our multi-chain blockchain platform for your transactions!
With ZorroSign, developers and product managers can tap the power of our six technologies features, as your organization benefits from our support with flexible pricing.
You may have heard about Web 3.0 (or web3) recently and wondered, what is Web 3.0 and how is it different from Web 1.0 and Web 2.0?
A broad definition of Web 1.0 is simply the initial iteration of the World Wide Web in the late 1980’s and early 1990’s. “Web 1.0 is the term used for the earliest version of the Internet as it emerged from its origins with Defense Advanced Research Projects Agency (DARPA),” writes Kuntal Chakraborty for Techopedia. “Experts refer to it as the ‘read-only’ web—a web that was not interactive in any significant sense.”
From those early static web pages, a platform model of computing soon evolved that would become Web 2.0 or the ‘social web.’ Here, interaction with growing web applications and platforms drove e-commerce and the expansion of the Internet, allowing large providers to aggregate and control much of the shared data. This is the Internet we know today.
“Web 2.0’s business model relies on user participation to create fresh content and profile data to be sold to third parties for marketing purposes,” writes Charles Silver in a recent Forbes article. “Indeed, the internet has become a massive app store, dominated by centralized apps from Google, Facebook and Amazon, where everyone is trying to build an audience, collect data and monetize that data through targeted advertising. In my opinion, the centralization and exploitation of data, and the use of it without users’ meaningful consent, is built into Web 2.0’s business model.”
The dream of Web 3.0, however, is to break the centralization of information and democratize the Internet more to the vision of its earliest founders. “Web3, ” claims Chris Dixon from Andreesen Horowitz in a recent article in The Economist, “combines the decentralized, community-governed ethos of web1 with the advanced, modern functionality of web2.”
The Web 3.0 “will be based on the convergence of emerging technologies like blockchain, artificial intelligence (AI), machine learning and augmented reality,” note Neeti Aggarwal and Dandreb Salangsang in The Asian Banker. “It will be characterized by decentralized data, a more transparent and secure environment, machine cognitive intelligence and three-dimensional design.”
“The rise of technologies such as distributed ledgers and storage on blockchain will allow for data decentralization and create a transparent and secure environment, overtaking Web 2.0’s centralization, surveillance and exploitative advertising,” continues Silver. “Indeed, one of the most significant implications of decentralization and blockchain technology is in the area of data ownership and compensation… Web 3.0 will bring us a fairer internet by enabling the individual to be a sovereign.”
Web 3.0 isn’t just championed by iconoclasts and trustbusters—Alphabet CEO, Sundar Pichai, recently shared on a quarterly earnings call, “On Web3, we are definitely looking at blockchain, and such an interesting and powerful technology with broad applications so much broader again than any one application. So as a company, we are looking at how we might contribute to the ecosystem and add value.”
As such, even the biggest players in Web 2.0 are looking to adopt Web 3.0 technologies and strategies as they continue their evolution.
Financial Services on Web 3.0
“Think about all the financial instruments we use today—currency, loans, insurance, bonds, credit cards, stocks, futures, options, interest bearing accounts—being converted to a new model,” asks Thomson Reuters. “One that doesn’t require a traditional banking institution.”
For financial service organizations, adopting emerging technologies has historically been a slow, prove-it-before-you-move-it endeavor. With the boom in fintech the past ten years, however, financial service organizations from accounting firms, to banks, credit unions, and credit-card companies, to finance companies and managers, insurance companies, investment funds, notaries, payment providers, stock brokerages, and conglomerates have all moved faster to adopt new technologies and gain a competitive advantage in serving customers.
“Fintech refers to the latest software developments in the financial services sector,” explains a recent Finextra article. “Using technologies such as artificial intelligence, biometrics, payments, crypto and others, banks are increasingly able to offer their customers more convenient, streamlined services.”
Already, “a few banks are using blockchain to power real-time transactions,” writes Emily McCormick for Bank Director. Meanwhile, “Fintechs competing with banks are also taking advantage of the disintermediation trends promised by a Web3 economy.”
Today, cryptocurrencies and decentralized finance (DeFi) platforms challenge traditional banking for services and control of consumer monetary systems. But while cryptocurrencies provide an exciting alternative to the constraints of fractional-reserve banking, financial services providers need not abandon central bank currencies to adopt Web 3.0 strategies. The distributed ledger technology of blockchains can also support financial service applications above-and-beyond cryptocurrencies.
Future Technologies for Financial Services
As most financial service providers engage Web 2.0 technologies, the opportunity for early adopters to leap ahead to Web 3.0 becomes clear.
“Over the next decade, we believe blockchain will become the dominant operating infrastructure of the financial system and look forward to helping our network of regulated banks, brokers and fintechs develop the competency and dexterity to be early adopters of this transformational technology,” said Ryan Zacharia, general partner at JAM Special Opportunity Ventures (JSOV), an affiliate of Jacobs Asset Management (JAM) and FINTOP Capital.
“Unlike the cryptocurrency market, for example—which is built on a digitally native system—Vikram Pandit, CEO of The Orogen Group and former Citigroup Inc. CEO, said that innovations in the traditional banking sector are based on applying new technology to improve old architecture, citing the use of distributed ledger technology in cross-border payments as an example,” notes a recent S&P Global Market Intelligence report.
Payments are another area ready for Web 3.0 transformation. “In the past, when you transferred money to someone online, you needed a trusted service like PayPal or a bank to make the transfer,” cites an Algorand post. “With blockchain networks, you can now transfer money directly to anyone with an Internet connection on a peer-to-peer basis.”
Further, securing digital transactions and the digital chain-of-custody are critical for financial organizations. Even as some financial assets move to the metaverse—NFTs are an early example—a technology that immutably tracks and reports the provenance of assets is necessary to ensure ownership and enforce agreements across transactions and holdings.
“Issues of trust, transparency, privacy, and user control lie at the heart of Web 3.0,” writes MakerDAO, and “on the back of the blockchain promises to shift the balance of power back in favor of the user.”
Blockchain, built for zero-trust environments, is the ideal architecture for tracking and storing digital transactions and documentation, and another way Web 3.0 technologies support evolving financial services.
ZorroSign and Web 3.0
And here is where ZorroSign shines! We have built our digital platform from the ground up using blockchain technology. Launched with Hyperledger Fabric, our multi-chain platform now supports the public Provenance Blockchain as well, giving our users an entirely new world of decentralized digital transactions.
At ZorroSign, we deliver digital signature solutions built on blockchain for greater privacy and security.
Our Web 3.0 technology platform also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token plus fraud prevention, user authentication, and document verification. Web 3.0 features such as artificial intelligence (AI) and machine learning (ML) allow us to automate form completion for digital documents, and can improve regulatory compliance across global standards for legally enforceable digital signatures.
Paired with Provenance Blockchain—which reduces the need for third-party intermediation, drastically reducing costs and freeing up capital in financial transactions—ZorroSign’s platform promotes greater transparency and liquidity for financial service organizations, and allows for new kinds of financial engineering and business opportunities.
To learn more about Web 3.0 and how ZorroSign can help your financial service organization meet the future needs of your customers, contact us today!
The digitization of information has its roots in the 1950’s and the progression of both technology and society has been blurringly fast the past 70 years.
Individuals, businesses, organizations, and even governments are moving to digital operations at an incredible pace.
Today, faster and faster chips . . .
Run on smaller and smaller devices . . .
Coupled with faster and faster networks . . .
Able to deliver greater amounts of data (even VR and AR) . . .
To a greater number of devices!
The digitization of the real world has even inspired plans for entirely digital worlds such as the metaverse!
Moving to digital operations is not only cost-effective for private and public-sector organizations, but has become a necessity in response to the COVID-19 pandemic.
“Digital transformation is no longer an option, but an imperative. Recent research from Accenture has found that in the three years prior to 2018, firms who led their industry in enterprise technology adoption grew two times faster than laggards. Today, they are growing five times faster. The risk is no longer merely getting left behind, but being eliminated altogether.”
This need is serviced by a huge range of new technologies for digitization: Cloud providers like Amazon Web Services, Google Cloud, and Microsoft Azure; communication tools like Monday, Slack, and Zoom; databases like Microsoft and Oracle or blockchain; office tools like Google Docs and Microsoft 360; plus cybersecurity, MSSPs, wireless providers, and all the accompanying hardware and software that produces, stores, and moves digital information.
Securing Transactions with Digital Signatures
To transact business, commerce, government, or individual trade in such a digital ecosystem also requires legally enforceable digital signatures to prove agreement and intent. There are exciting new technologies supporting digital signatures, but how can such solutions provide legal enforceability?
They must ensure WHO is signing the legal documents via user authentication,
They must ensure WHAT was signed (agreed upon) via immutable document control with full audit trail of changes for document verification, and
They must ensure WHERE, WHEN, and HOW digital signatures were executed in signing ceremonies via metadata captured on digital devices and digital network.
On June 30, 2000, then President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act (E-Sign Act), establishing that electronic signatures have the same legality as traditional signatures on paper, and defined the criteria for legality. The legislation opened the door for digital transactions and digital commerce boomed in its wake.
Digital Signatures on Blockchain
Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—such as blockchain—is used for digital signatures, signers gain the unique advantages of:
Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain. We recently announced a partnership with Provence Blockchain to add that technology to our architecture as well, effectively becoming a multi-chain blockchain platform.
Further, solutions that incorporate Identity-as-a-Service (IDaaS) can authenticate users across multiple dimensions, such as what you know (your login password), what you have (your laptop or mobile device), and who you are (biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
Leveraging the biometric capabilities of hardware endpoints to verify user identities
Adopting password-less logins
Using dynamic knowledge-based authentication (KBA) features, requiring the knowledge of private information of the individual to prove that the person providing identity information is the actual person
Blockchain and the Digital Chain of Custody
Together, digital signature technologies and blockchain technologies can uniquely ensure the chain-of-custody for digital transactions.
To learn more about how ZorroSign helps governments, organizations, businesses, and individuals move to digital operations—with superior privacy and security—contact us today!
Digital Signatures and Transaction Management for IT Companies that Love Blockchain and Web 3.0
That’s the essence of Web 3.0 (or Web3), and if your IT organization aspires to something similar, then ZorroSign’s multi-chain blockchain platform was built for you!
If You Embrace Decentralized Solutions…
The idea of escaping a centralized authority managing protocols, transactions, and access was built into the World Wide Web from its earliest days. And while blockchain technologies get a lot of press today, they were conceptualized in 2008.
Blockchains are distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-peer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator. They can run publicly (open) or privately (permissioned).
Public blockchains can readily be used as cryptocurrencies—creating and using a coin which serves as digital money. For example, Ether is the coin of Ethereum, Hash is the coin of Provenance Blockchain, Lumen is the coin of Stellar, etc.
Private blockchains are commonly used as business apps. Here, an organization (or consortium of organizations) controls access to the blockchain—limiting its distribution but also elevating its security. While cryptocurrencies are often in the news for major purchases, market fluctuations, and hacks, blockchain business apps are often in the news highlighting how blockchain can shape business, government, healthcare, and many other industries including legal services.
Perhaps most importantly, blockchains can support smart contracts—where terms, conditions, and permissions written into the digital code that require an exact sequence of events to take place to trigger the agreement of the terms mentioned in the blockchain contract. This hardwiring of contract details greatly increases speed (via automation), trust (where accuracy and backup are built into the transaction), and autonomy (as no third parties are required to mediate or control the exchange) of transactions.
As such, centralized solutions such as blockchains have immense potential to transform business contracts, real estate deals, digital rights, supply chain security and provenance, estate planning, and many other legal transactions.
In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
In cyber attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Recovery is quicker with blockchain, too. With blockchain, each endpoint node has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This speedy recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.
If You Digitize Operations and Customer Experiences…
For your employees and customers, your IT company’s digital efficiency is vital: Saving time and effort, automating processes, and digitizing operations can result in real dividends in efficiency and effectiveness, resulting in employees with more time to work on the most important projects, and more customers served and satisfied.
It’s likely that you deliver your solutions via the cloud or digital endpoints, and decentralized solutions speed the efficiency of such systems. We’ve already discussed how blockchain decentralizes data while elevating privacy and security, but it can also drive digital operations and help support digital customer experiences.
Again, the smart contract capabilities of blockchain might augment your customer experience with increased automation for self-service, speeding trust, and facilitating autonomy in a technology ecosystem that does not require a central authority to manage or approve transactions.
Finally, digital operations eliminate paper so “going green” with paperless operations may readily align to your IT organization’s corporate social responsibility goals or vision.
…ZorroSign Delivers the Latest Technology, with Privacy and Security, for Digital Operations
ZorroSign was built from the ground up on blockchain technology!
We deliver a multi-chain blockchain platform for digital signatures that also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token, plus fraud prevention, user authentication, and document verification. Artificial intelligence (AI) and machine learning (ML) features allow automated form completion for your digital documents, and can improve your regulatory compliance across global standards for legally enforceable digital signatures.
ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities—for example, PC and mobile device fingerprint scans, iris scans, and face recognition to ensure users are who they claim to be. ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors. ZorroSign multi-factor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based upon your transaction security needs: What you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.
For IT companies, governments, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.
Running on the Hyperledger Fabric private blockchain or the public Provenance Blockchain, ZorroSign can ensure privacy is always maintained as only approved endpoint users can write to ZorroSign’s blockchain database. As a result, ZorroSign’s architecture has even tighter privacy and security measures than centralized databases.
Finally, at ZorroSign, we help IT companies to achieve a paperless life. We all understand that switching from doing business using paper to digital records is not only a smart business decision, but it is also good for the environment. Each time you use ZorroSign to digitally transact agreements, contracts, and other documents—instead of printing, faxing, scanning, shipping documents overnight to collect signatures—you save trees and water, plus reduce carbon emissions.
Insurance companies of all sizes—from individual agents to huge corporations—need to provide superior customer service to win new customers and sign new policies.
ZorroSign supports that superior customer service by allowing your new customers to sign documents, access those documents, and enjoy faster (remote) services with our blockchain-based digital signature and transaction platform.
Speed Signing and Form-Filling
With our patented, legally binding, fully automated digital signature technology, ZorroSign’s Z-Sign feature enables you to skip the print/sign/scan process, stop chasing paper signatures, and sign digital documents from anywhere—all the while monitoring a policy document’s current status from the ZorroSign dashboard.
Our digital signatures leverage mobile device biometrics for verification and authentication of users, signatures and documents, then stores all digital documents (and metadata on signing) to our blockchain for immutable records and audit trails.
ZorroSign can even accept handwritten or computer-generated signatures for specific purposes, and track them immutably on our blockchain for fraud-prevention and E&O audits.
Elevate Privacy and Security
ZorroSign is built entirely on a blockchain architecture that protects identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through its lifetime. Specifically, ZorroSign’s platform was built from the ground-up on private, permissioned Hyperledger Fabric blockchain technology.
For insurance companies that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.
Further, ZorroSign’s patented Z-Forensics token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the insurance transaction including time stamps, user authentication, document, and attachments.
Our Z-Forensics token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the Z-Forensics token:
Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents
Reduce Errors and Omissions (E&O)
Make your critical insurance form-fill completion process smarter, faster and more accurate using ZorroSign’s automated engine, Z-Fill.
Built with artificial intelligence (AI) and machine learning (ML) to speed form completion and increase accuracy, ZorroSign’s Z-Fill feature helps your customers fill forms with ease by anticipating entries, reduces errors by matching profile information to form-fill options, and learns from historical form-fills to anticipate more and more entries over time.
Plus all of your insurance documents can be stored on ZorroSign’s Z-Vault for regulatory compliance and the immutability of signed documents, metadata, and workflow records. Z-Vault enables you to store, structure, organize and search documents in folders and subfolders natively, with the peace of mind that comes from superior blockchain privacy and security.
Improve Customer Service
All ZorroSign’s benefits for your insurance business map right back to customers as well:
Digital signatures allow customers to sign at their convenience, wherever and whenever they prefer
Elevated privacy and security for all insurance documents and transactions
Form-fill automation to reduce errors and omissions (and improve regulatory compliance)
Plus a secure document management system for immutable records that can readily be audited for details or history
ZorroSign helps bring your insurance business into the digital age: Speeding customer processes and service, helping your organization “go green” with paperless operations, and allowing you to serve customers from anywhere, anytime!
“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”
Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.
In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”
“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”
This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.
“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”
“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” addsCrowdstrike.
Blockchain Cybersecurity Against Phishing
“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.
Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.
In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates. With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.
It seems we cannot escape the continued headlines: A huge company hacked, a critical utility crippled by ransomware, a government agency’s data breached. The frequency and scale of cyber attacks is growing and so are the damages to commerce, identity, privacy, even national security.
While there are many attack vectors—brute-force attacks, code injection, cross-site scripting (XSS), phishing, and distributed denial of service (DDoS) are notable threats—the ability of attackers to install malware and either shut down systems, control systems, or hold systems ransom are among the most damaging.
Ransomware Attacks “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable,” claims the Cybersecurity and Infrastructure Security Agency (CISA) “Malicious actors then demand ransom in exchange for decryption.”
Historic detect-and-respond approaches to ransomware leave organizations far too exposed to outages, theft, and long recovery times. “Even if there is no evidence that confidential information has been leaked, organizations can still suffer significant damage,” writes the National Law Review in a recent article. “The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.”
“The average total cost of recovery from a ransomware attack has more than doubled in a year,” notes Sophos, a cybersecurity company in findings from a global survey. “Increasing from $761,106 in 2020 to $1.85 million in 2021… The average ransom paid was $170,404.”
Worse, CISA warns that “ransomware incidents have become more destructive and impactful in nature and scope. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small.”
More than 90% of all cyber attacks begin with phishing and ransomware is often brought into a network from remote or mobile devices. However, “ransomware gangs have been shifting their focus to managed service providers (MSPs), a platform that serves many clients at once,” says Varonis. “This means that if a hacker gains access to one MSP, it could also reach the clients it’s serving as well. Most of the time, MSPs are hacked due to remote access tools that are poorly secured.”
While securing endpoints is critical to defending against phishing and ransomware attacks, the vulnerability of MSPs means any centrally managed database could be compromised if its hosting MSP is hacked.
Once breached, ransomware typically “displays an on-screen alert advising the victim that their device is lock or their files are encrypted,” notes the U.S. Secret Service Cybercrimes Investigations unit. Yet “paying the ransom does not guarantee regaining access. In some cases, a decryption key was not provided in return to a paid ransom. In other cases additional ransom was demanded.”
Blockchain Cybersecurity Against Ransomware Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against ransomware attacks.
Blockchain’s distributed ledger technology (DLT) provides two means of preventing and/or ameliorating the threat of ransomware attacks: First, by decentralizing the data set itself; and second, by giving endpoints a quick path to recovery, even if they are themselves breached and access ransomed.
Unliked centralized databases—which can be breached at unsecure endpoints (users and devices) or even at MSPs hosting them, giving attackers complete control once they gain central access—blockchain technology distributes data across geographically separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.
This distributed nature so defeats any attack seeking to breach a system and holistically encrypt the data files stored therein: A single endpoint node might be breached and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully attacked (presumedly compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint).
This unique recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set: With a new key and without needing to pay any ransom to the attackers for restored access.
NOTE: CISA strongly advises victims of ransomware to report such attacks to federal law enforcement via IC3 or a Secret Service Field Office. Victims can request technical assistance or provide information to help others by contacting CISA. If your organization becomes a victim of ransomware attacks, visit CISA’s reporting links at https://www.cisa.gov/stopransomware/report-ransomware-0
ZorroSign is proud to launch consumption-based pricing for our software subscriptions!
As software-as-a-service (SaaS) evolves and specializes, we are seeing the unsophisticated per-seat pricing model wane as users demand more control over their usage and corresponding costs. SaaS-providers who meet that need are better aligned with their customers and can deliver both stronger performance and instill greater loyalty by only charging for those services and resources their customers use.
“A consumption-based pricing model is a service provision and payment scheme in which the customer pays according to the resources used,” notes a recent TechTarget article. “This model is essentially the same as the utility computing payment structure and those of other utilities, such as water and electricity.”
Consumption-based pricing for SaaS solutions means escaping from rigid per user/per month pricing schemes and offering customers a more tailored experience with their software subscriptions.
“Your customers shouldn’t feel forced to pay month-to-month for services they’re not actually using on a regular basis,” notes Brent Barnhart in a usage-based pricing article. “Usage-based pricing is often presented as a sort of win-win for customers and companies alike. That is, your users enjoy some much-needed flexibility in terms of their budgets while also holding themselves accountable for how much they end up using your product.”
With ZorroSign, for example, Individual subscriptions can be priced by set numbers of documents or unlimited document sets, while Business subscriptions are custom priced by number of needed users, signers, and document sets. And our Enterprise subscriptions are priced granularly by users and documents used so users are not paying for unused licenses or consumption.
Other digital signature platforms still cling to per user/per month pricing which leaves many of their customers unsatisfied with paying higher subscription fees than they actually need. ZorroSign is offering an alterative approach that brings clear benefits to customer finances and scalability.
“Customer satisfaction. When customers can self-serve, they’re more likely to feel they’re receiving value for the price.
“Go-to-market agility. Flexible combinations of recurrent and consumption pricing allow companies to experiment, testing in-market and readjusting quickly.
“Reduced revenue leakage. Efficient pricing models mean there’s less money left on the table as you optimize product usage—and revenue generated—from each customer.”
“We not only want to deliver the highest technology standards for privacy, security, and compliance,” says Shamsh Hadi, CEO and co-founder of ZorroSign. “We also want to deliver unmatched value to our customers—and that starts with a pricing model aligned to their needs for digital signatures, IDaaS, and digital document workflows.”
ZorroSign is proud to stand alone in a crowded field of digital signature solutions. Only ZorroSign’s document management platform was built from the ground up on Hyperledger Fabric—the worlds most trusted blockchain technology. This private, permissioned blockchain architecture provides ZorroSign users with the highest levels of data privacy and security available for digital signatures.
Further, we have created and patented Z-Forensics: A 4n6 (“forensics”) token to uniquely verify users and authenticate the immutability of both digital and paper documents. Let us explain this innovative new method for document security…
A HISTORICAL NEED TO PROTECT DOCUMENTS
Throughout history, there have been various techniques to authenticate documents. In the pre-industrial age, it was common in Europe for someone to sign a document in ink and to then press a wax seal on the document to indicate the authenticity of that document. It was always possible, of course, that someone could tamper with the document and forge signatures, information, or the wax seal itself.
In the modern age, the United States has notary publics who can witness a person signing a document and endeavor to authenticate the signer’s identity by inspecting a driver’s license, passport, or other form of identification for that person. Again, the risk remains that it is possible to forge such identity materials, or alter the actual documents or signatures after signing.
More recently, with the popularity of electronic or digital documents, the digitization of business processes is taking place. In other words, from the creation of documents, to the signing of documents, to the storage and subsequent retrieval of documents, one or more steps may be conducted digitally. For example, a document may be created on a computer and subsequently printed, signed with wet ink or electronically, then faxed, delivered via courier, or scanned into the computer and finally shared electronically via email or by using other file transfer mechanisms. Despite the technology advances, such documents can still be tampered with and signatures can be forged within this process as well.
Today, electronically signed or mixed-signed documents are shared with parties who are all part of a specific workflow. Because electronic or digital documents can be readily altered, a technical problem exists whereby the digital version of an electronically signed document can be shared with anyone, but the recipients of the “digitally modified” document cannot be certain of—or otherwise prove—the validation of the user and authenticity of the document, its content, and the signatures on it. The signatures applied to these documents are only images captured on electronic devices, signature pads, mouse pads, or other capturing devices and not an equivalent of a wet signature when signed with a pen.
THE PATENTED Z-FORENSICS TOKEN
Facing this historical need, ZorroSign has developed a unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).
We have patented this technology solution which we call the Z-Forensics token.
This revolutionary security system allows a validated user to create an electronic document, then allow one or more other users to complete and sign that document in a particular sequence—”the workflow”—all the while capturing the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place. For example:
ZorroSign’s platform can authenticate system users with biometrics (leveraging the multi-factor authentication of hardware devices such as iris scans, fingerprints, or face-recognition technology), knowledge-based authentication (KBAs) from third-party providers such as LexisNexis®, or passwords.
Users create or import a document comprising of fields to be completed by one or more users and any attachment required to be part of the workflow. All users—those who can act on the document or those who have view-only access—are considered to be “in the workflow.”
Users in the workflow (except view-only users) can edit, add, or enter values or signatures in those fields. The sequence is pre-defined for execution—whether that is sign, date, initial, check box, or fill out fields in various forms. Users can upload supporting attachments as necessary.
When the document is complete—i.e., all users have completed their acts on the document and attachments—the ZorroSign platform adds an encrypted visualization element (the Z-Forensics token) to the document that uniquely identifies and secures the document.
Thereafter, a copy of the original document, all attachments, authentication, security and validation information, and all other relevant information about the document and users will be available to view in the chain of custody and audit trail by the authorized users by scanning the token visualization element within the platform (web or mobile app).
Of critical importance, users may also share a completed document with individuals external to workflow (for example, a commissions, judge, or audit panel) to verify the immutability and authenticity of the signed documents.
WHY YOUR ORGANIZATION NEEDS Z-FORENSICS
Unlike any other digital signature solution, ZorroSign seals all documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.
Only the Z-Forensics token:
Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts
To learn more about blockchain security, digital signatures, and how ZorroSign can help you Block it Down, contact us today!