The ever-growing amount of digital data and the increasing complexity of cyber threats have made data security more important than ever before. In 2023, companies must take steps to elevate your data security to protect both your own information and that of your customers.
One of the main risks to digital data today is the increasing sophistication of cyber attacks. Hackers are using more advanced techniques to bypass traditional security measures—such as using machine learning to evade detection and launching targeted phishing and spear-phishing attacks against specific organizations. Companies must be prepared to defend against these types of attacks by implementing advanced security measures, such as artificial intelligence-based security solutions, and regularly updating and patching your systems.
Another risk to digital data in 2023 is the growing number of connected devices and the Internet of Things (IoT). As more devices are connected to the internet, the attack surface for hackers becomes larger, making it easier for them to gain access to sensitive information. Companies must take steps to secure your IoT devices and to ensure that those devices are not used as a means to gain access to other systems.
Further, the use of cloud services and the increasing amount of data that is stored in the cloud has also increased the risk of data breaches. Companies must ensure that your cloud services are properly configured and that you are using a reputable provider with a strong track record of security. Companies also need to implement strong access controls and encryption to protect data stored in the cloud.
Protecting data against the growing risks in 2023 requires a multi-layered approach that includes regular updates and patching, securing IoT devices, properly configuring cloud services, adopting advanced security measures such as:
Blockchain technologies for tamper-proof record keeping with no single point of failure
Digital signature technologies to authenticate and authorize remote transactions
Identity-as-a-Service solutions for scalable identity and access management (IAM)
Passwordless authentication to reduce the human risk in security systems
Organizations that fail to take these steps will be at a higher risk of data breaches and will be more vulnerable to cyberattacks.
It is important to remember that data security is not only important to protect your company’s information but also to protect the personal data of your customers and employees.
To read more about the growing risks to digital data in 2023—and learn how adding blockchain, digital signature, IDaaS, and passwordless authentication technologies to your security stack can combat those risks—download our eBook today or contact us to start a discussion!
Though still an emerging technology in the healthcare industry, blockchains have the potential to transform the U.S. (and global) healthcare industry.
By providing a secure, transparent, and efficient way to store and share information (such as patient healthcare records, prescriptions, diagnostic data across providers, etc.), blockchains are making it possible to improve patient care, reduce costs, and streamline administrative processes. Let’s look at how the healthcare industry is already using blockchain technologies . . .
Blockchain Applications Today
Electronic health record (EHR) management — blockchains can be used to securely store and share patient health and medical records—where electronic medical records, or EMRs, are “a patient’s medical history that is maintained electronically by a single provider,” explains Forbes, while EHRs represent a “patient’s medical history that is maintained electronically by multiple providers.” This application of blockchains can improve patient care by making it easier for doctors and other healthcare providers to access the information they need to make informed decisions. And blockchain technologies can also help to reduce costs by eliminating the need for duplicate records.
Clinical trials — here, blockchains can be used to manage clinical trials more efficiently, as by storing clinical data on a blockchain, researchers can track patient progress and outcomes in real time. This can help to improve the efficiency of trials and speed up the development of new treatments. “Blockchain may offer a solution to more easily aggregate health data in a secure, trusted, automated, and error-free way,” notes Deloitte. “A solution which enforces rules, privacy, and regulations in a mutually agreed upon manner, resulting in a smart contract between patient and health care stakeholders can be an important enabler to clinical trials and research.”
Supply chain management — blockchains can be used to better track the movement of medical supplies and medications with the technologies immutable and transparent recordkeeping. This can help to ensure the safety and quality of these products, and it can also reduce fraud. “Currently, most medical and pharmaceutical supply chains are facing significant logistical challenges, including a lack of real-time visibility into shipment locations, uncertainty transportation disruptions, product quality tracking and verification, cross-border customs reporting across borders, and complicated invoicing and payments,” write Jayendra S. Jadhav and Jyoti Deshmukh in a ScienceDirect article. “A blockchain-based supply chain, on the other hand, could track every step for every item immutably, transparently, and efficiently.”
Payment processing — blockchains can be used to process payments for healthcare services (patient and insurers), helping to reduce costs and improve efficiency. For example, “Insurers can now work with digital transformation platforms to design and develop blockchain technologies to target specific needs instead of using a one-size-fits-all approach,” says Julien Breteau in recent The Digital Insurer article.
Healthcare research — blockchain data storage and sharing can be readily used to manage the data from healthcare research studies. This use helps to accelerate the pace of research and improve the development of new treatments. “The growing digitization of medical care has advanced the acknowledgment of issues about secure storage, accessing of patients’ medical records, ownership, and medical data from associated sources,” explains a recent National Library of Medicine article. “Blockchain is recommended as a method of addressing critical issues faced by healthcare, for instance, protected sharing of health records and adherence to data privacy laws.”
Universal Blockchain Benefits
As blockchain technologies are tailored to healthcare, the universal benefits of this distributed ledger architecture include stronger security (as data is encrypted and distributed across multiple nodes), greater transparency (as transactions recorded on public blockchains where any node can view them), greater efficiency (automating manual data entry and record keeping processes), and more opportunities for interoperability (as blockchains can connect different healthcare systems and organizations).
ZorroSign for Healthcare
And at ZorroSign, our secure, HIPAA-compliant data security platform built in blockchain supports healthcare organizations with digital records, digital signatures, and document workflows. Our platform ensures:
Legal enforceability — reducing insurance fraud with digital signatures that are legally binding, tied to the actual person (signatory attribution), and immutable with court-admissible security certificates that never expire
Digital privacy and security — a platform built on blockchain with artificial intelligence (AI) and machine learning (ML) to eliminate the errors of manual processes and transcription with full Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance
Cost-savings — through automating patient, diagnostic, insurance, payment, and recordkeeping workflows and digitizing paper applications, forms, and records
Improved patient services — digitizing your office operations to quickly execute, store, track, and retrieve:
Claims management, payments, and prior authorization
Facilities management
Human resources processes
Logistics and procurement
Patient sign-in and consent
Power of Attorney and Proxy Agreements
Prescription approval routing
Healthcare providers know the value of serving more patients with the same staff, plus saving costs with digital technologies that help meet regulatory compliance while reducing paper, printing, and storage expenses.
Blockchain technologies are helping meet those needs in healthcare and expanding the patient services healthcare providers can deliver. To learn more, visit our Healthcare industry page or contact ZorroSign today!
Cybersecurity has become increasingly important as the world becomes more interconnected and digitized. But the risks and costs of cybercrime continue to grow, as well, and the costs are staggering:
Against this threat, blockchain technology has been making waves in the world of cybersecurity for quite a few years now, and this innovative technology has the potential to revolutionize the way we approach online security—changing it for the better.
Here are some of the ways that we believe blockchain can be used to improve cybersecurity:
Immutable Records
To transact commerce (as an organization or individual) or operate government in a digital ecosystem requires legally enforceable digital signatures to prove agreement and intent.
Blockchain technology has an ability for the creation of immutable records, providing a secure, auditable trail of all transactions. All records and changes within a document are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts and ensuring peace of mind to its users. This also makes it ideal for use in financial transactions, real estate agreements and other high-value exchanges, where a record of every step is essential for ensuring the integrity of the process.
Secure Authentication
One of the main issues in cybersecurity is the vulnerability of traditional authentication methods such as passwords. Passwords can be easily hacked or stolen, leaving sensitive information vulnerable to attack. This can be a threat to businesses, especially those who store their users personal information. Blockchain technology can be used to provide secure authentication through the use of public-private key cryptography.
“The public key can help in encrypting a message before sending it to the concerned recipient,” explains 101 Blockchains. “When the recipient gets the message, they can use their private key for decrypting the message. It is essential to remember that only the recipient knows about the private key. Therefore, the applications of public key cryptography ensure that the valuable information of users is not tampered with in transit.”
Decentralization
Unliked centralized databases—which can be breached at unsecure endpoints (users and devices) or even at MSPs hosting them, giving attackers complete control once they gain central access—blockchain technology distributes data across geographically separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.
This distributed nature so defeats any attack seeking to breach a system and holistically encrypt the data files stored therein: A single endpoint node might be breached and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully attacked (presumedly compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint).
This unique recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set: With a new key and without needing to pay any ransom to the attackers for restored access.
Identity Verification
Identity verification is another area where blockchain can be used to enhance cybersecurity. It ensures that the individual claiming a particular identity is actually who they say they are. It is a very important aspect of digital security, especially as identity theft “frequency has sky-rockets in the past few years,” according to the National Council on Identity Theft Protection. “Nearly half of all U.S. citizens became a victim of some form of identity theft in 2020.”
With blockchain, users can have greater control over their personal information, allowing them to manage their digital identities more securely. This makes it more difficult for hackers to steal personal information or create fake identities.
ZorroSign’s Data Security Platform Built on Blockchain
As the world becomes more digitized and interconnected, the importance of cybersecurity will only continue to grow, and blockchain is poised to play a crucial role in ensuring that our digital world remains safe and secure.
ZorroSign’s data security platform was built on blockchain, delivering digital signatures, identity-as-a-service (IDaaS), patented fraud detection, user authentication, document validation, and document management all based on blockchain technologies.
ZorroSign is a strong addition to any organization’s security stack and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.
To learn more, visit our platform page or contact us to start a free 14 day trial. When the security of your digital data and documents is on the line, block it down!
While information and data have always been valuable commodities, they have never been as available and distributed as they are in our digital world today. With digital information being so readily generated and shared, data security rises in importance. Learning about data security and how it may impact your business, government, and personal life is a necessity. So let’s dive in to what data security means and its importance in today’s technologically driven world!
What is Data Security
“Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access,” defines Fortinet, a computer, data, and network security company. “It covers everything—hardware, software, storage devices, and user devices; access and administrative controls; and organizations’ policies and procedures.”
“When properly implemented, robust data security strategies will protect an organization’s information assets against cybercriminal activities, but they also guard against insider threats and human error, which remains among the leading causes of data breaches today,” adds IBM. “Data security involves deploying tools and technologies that enhance the organization’s visibility into where its critical data resides and how it is used. Ideally, these tools should be able to apply protections like encryption, data masking, and redaction of sensitive files, and should automate reporting to streamline audits and adhering to regulatory requirements.”
The Importance of Data Security
In today’s digital world, protecting proprietary information—including client data, financial transactions, knowledge archives, infrastructure and databases—must be a top priority for companies and organizations. If they fail via data breaches, hacking, or theft, companies may lose customers and lose trust.
“All businesses have data that’s valuable and that has to be protected,” said Candy Alexander, international president at Information Systems Security Association, a nonprofit organization for information security professionals and practitioners.
Individuals and organizations rely on the companies they do business with to safeguard their data. If a trusted company fails at this task, the company will have more than just the legal fallout to contend with.
According to UpGuard, the combined cost of global data breaches in 2021—including customer repayments, auditing services, legal fees, and fines, among other costs—was approximately $6 trillion. But a failure to protect private information negatively impacts more than just a business’s bottom line, it endangers their reputation and future success. As such, companies employ skilled professionals to prevent or mitigate such risks.
“The cloud, mobility, and the powerful devices most of us have in our pockets enable a culture of convenience, and the ability to collaborate and be more productive. While this convenience arguably makes our lives easier, it also makes it easier for cybercriminals to gain access to our sensitive personal information wherever it lives or wherever it is traveling across the network,” explains SimpliLearn. “New security threats pop up all the time, and IT security professionals need to stay up to date with the latest tactics hackers are employing in the field.” Data security teams must include strategists, communicators, and lifelong learners to ensure IT security is consistently a top priority.
ZorroSign is a Data Security Platform Build on Blockchain
Advancing data security is critical for any technology managing data, and ZorroSign delivers data security in several ways.
The first way ZorroSign supports data security is by using distributed ledger technologies—originally built on Hyperledger Fabric, now expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.
Blockchains provide structural layers of protection from cybercrime like ransomware, malware, or phishing attacks by decentralizing the data set itself (preventing any one breach to access the entire data set), and then by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed. Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set. This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
ZorroSign has further elevated our data security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
Apply a digital equivalent of a wet-ink signature to the document (legal intent)
Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)
Plus ZorroSign supports computer security with passwordless authentication capabilities, leveraging the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans. Such biometric login facilitates user authentication at the device-level without passwords (which can be hacked or stolen) for elevated security of digital signatures and your digital documents.
Contact us to learn more about data security and put us to the test: Start your free trial of ZorroSign’s data security platform built on blockchain today!
Every November 30th, the United States observes National Computer Security Day. This year, we’d like to share some details on the history of this security awareness, how ZorroSign’s data security platform built on blockchain contributes to computer security, and how you can observe National Computer Security Day to improve your hardware and data security.
“It seems like every day we hear about breaches in cyber security. Keeping people and companies safe online is a top priority all over the world. It’s something that stays uppermost in our minds on National Computer Security Day. The story of National Computer Security Day is an interesting one.
“On November 2, 1988, Cornell University researchers uncovered an unknown virus lurking in their computer systems. Within four hours of discovery, the Morris worm virus invaded several other university systems as well as the ARPANET, an early version of today’s internet.
“Six days later, two computer experts with the U.S. Defense Advanced Research Projects Agency (DARPA) recommended assembling a National Computer Infection Action Team (NCAT) to respond 24/7, 365 to these kinds of attacks. On November 14, the Software Engineering Institute (SEI), a research center connected with Carnegie Mellon University, set up the Computer Emergency Response Team (CERT).
“In 1988, the National Computer Security Day sprang out of the Washington, D.C., chapter of the Association for Computing Machinery’s (ACM) Special Interest Group on Security, Audit, and Control as a way to raise awareness about cybercrimes and viruses. According to a 2004 Networld article, ‘November 30 was chosen for CSD so that attention on computer security would remain high during the holiday season – when people are typically more focused on the busy shopping season than thwarting security threats.’ By 2003, CERT and the U.S. Department of Homeland Security joined forces to create the National Cyber Awareness System.
“Whether we’re talking about National Computer Security Day or National Cybersecurity Awareness Month also in October, the goals are essentially the same. Each person must be proactive to protect their online security. Use this month to find out all you can about common-sense ways to stay safe in cyberspace.”
HOW ZORROSIGN’S PLATFORM SUPPORTS COMPUTER SECURITY
ZorroSign is the first company that offers a multi-blockchain data security platform to secure, track, and manage your digital signatures, transactions, and documentation.
By using distributed ledger technologies—originally built on Hyperledger Fabric and now expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.
Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed. Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set. This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
Apply a digital equivalent of a wet-ink signature to the document (legal intent)
Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)
Plus ZorroSign supports computer security with passwordless authentication capabilities, leveraging the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans. Such biometric login facilitates user authentication at the device-level without passwords (which can be hacked or stolen) for elevated security of digital signatures and your digital documents.
“Create a strong password In computer security, length matters. Passwords that are six characters are easier to hack, especially if they’re only made up of lowercase letters. To beef up your password, weave a nine-character combination of uppercase letters, symbols and numbers. Lastly, avoid using the same password for every account.
“Update spyware and malware protection software First, check to see if your operating system is up-to-date. If that’s set, update your protection software. Run a scan and don’t forget to invite your other devices to the party. Phones and tablets are also major security risks, so be diligent.
“Encrypt and backup your data Encrypt your data to create the brainiest of all brainteasers. But keep this in mind: even the best brain teaser can be cracked. That’s why it’s still important to back up your info on either the cloud or an external hard drive. (Just make sure that everything stays encrypted.)”
Use ZorroSign’s data security platform built on blockchain Tap the cybersecurity of blockchain with ZorroSign’s platform uniting digital signatures (Z-Sign), automated compliance (Z-Flow), intelligent forms (Z-Fill), document storage (Z-Vault), patented fraud prevention (Z-Forensics), user authentication and document verification (Z-Verify), identity-as-a-service (IDaaS), and so much more. Plus elevate computer security with our passwordless login capabilities, and patented Z-Forensics token for fraud detection. When the risk is personal and everything is on the line, Block It Down!
Contact us to learn more or put us to the test: Start your free trial of ZorroSign’s data security platform built on blockchain today!
At ZorroSign we recently made a major change to our platform architecture!
We have always been built on blockchain—and have always delivered the most private, most secure digital signatures—but we wanted to scale our platform much more aggressively, and that vison required a big change in how we develop and deploy our technology. Specifically, we moved from a centralized, monolithic approach to using microservices and containers.
Let me explain why we choose this new engineering approach and how your company might benefit from a similar move.
What Are Microservices? What Are Containers?
“A microservices architecture splits your application into multiple services that perform fine-grained functions and are part of your application as a whole,” explains IBM. “Each of your microservices will have a different logical function for your application.”
Explained another way, “a microservices framework creates a massively scalable and distributed system, which avoids the bottlenecks of a central database,” says Avi Networks (now part of VMware). “Microservices break an application into independent, loosely-coupled, individually deployable services… allowing for each service to scale or update using the deployment of service proxies without disrupting other services in the application and enabling the rapid, frequent and reliable delivery of large, complex applications.”
There are two types of microservices: Stateless (which do not save data, so any data is lost when the microservice’s container restarts), and Stateful (which do save data and so write to a database).
And where do you put those microservices? In containers.
“Containers are packages of your software that include everything that it needs to run, including code, dependencies, libraries, binaries, and more,” continues IBM. “Docker and Kubernetes are the most popular frameworks to orchestrate multiple containers in enterprise environments”
“Containers are a lightweight alternative to VMs for providing isolated operating environments for your workloads,” says Edward Kisller for JFrog. “Containers avoid the infrastructure overhead of a full-blown OS and provide only those resources (i.e., installations, dependencies, and code) that your applications actually need.” In other words, containers do not use all the CPU or RAM but instead share the operating system kernel for faster boots and less memory consumption.
“A container is a useful resource allocation and sharing technology. It’s something dev-ops people get excited about,” writes Ev Kontsevoy for Teleport. “A microservice is a software design pattern. It’s something developers get excited about.”
Why Develop with Microservices? What Are the Benefits?
“Microservices architectures make applications easier to scale and faster to develop,” notes Amazon Web Services. “Enabling innovation and accelerating time-to-market for new features.”
Such were ZorroSign’s high-level goals: To improve scalability, resilience, and productivity.
“Moving to microservices enabled a polyglot tech stack,” said Priyal Walpita, chief technology officer at ZorroSign. “Which means our engineers could contribute to our development efforts using the technology stacks that they know best, plus we boosted performance and facilitated a continuous delivery pipeline for easier and faster deployments.”
“Applications were traditionally built as monolithic pieces of software,” continues Avi Networks. “Monolithic applications have long life cycles, are updated infrequently and changes usually affect the entire application. Adding new features requires reconfiguring and updating the entire stack — from communications to security. This costly and cumbersome process delays time-to-market and updates in application development.”
In contrast to monolithic apps, microservices/container architectures bring benefits such as greater:
Agility — Microservices foster the organization of small, independent teams that take ownership of their services. “Best examples of microservices agility are sites like Amazon, eBay, Uber and Netflix, which are active 24×7,” notes AnAr Solutions. “The performance of these sites is a benchmark for other sites and applications. The response time, ability to handle multiple requests and process in minimum time is commendable.”
Productivity — “The microservice architecture tackles the speed issue of applications and its productivity by dividing it into small parts. In this way, these applications are developed and maintained at a very fast speed,” writes Terralogic. “Different teams work independently without waiting for the other team to finish their chunks of work. In this way, separate microservices are easier to locate and modify. Quality assurance of this microservice architecture is very fast as the programs which are developed early are tested instead of waiting for all the programs to be completed.”
Resilience — With microservices, an application will still function if part of it goes down because microservices allow for spinning up a replacement, granting the entire system higher resilience. “Three well-known microservices resiliency techniques improve fault tolerance and allow applications to smoothly handle failures,” explains Dr. Alan F. Castillo for Cloud Computing Technologies: Retry patterns, circuit breaker patterns, and timeout design patterns. “Employing these patterns is a very effective resiliency strategy for microservices applications. It doesn’t matter how you apply these patterns; what matters is that you have systems that can properly deal with failures.”
Continuous integration/continuous delivery (CI/CD) — Microservice facilitate CI/CD for applications and modernize the technology stack. “There are some goals of a strong CI/CD progression to serve in the microservices design, for example, every team of coders independently develop and install their changes or edits owned by them individualistically so that it did not affect or disrupt the work of other teams,” reports DevOps Enabler. “CI/CD best practices include the goal of automating the building process, testing the products, and then releasing the software. Developers must be able to track the performance metrics of DevOps throughout the software delivery lifecycle and warn people so that they can quickly recover if something goes wrong during deployment or release cycle.”
Scalability — Meeting demand is easier when microservices only have to scale the necessary components, which requires fewer resources. “Since an application is composed of multiple micro services which share no external dependencies, scaling a particular micro service instance in the flow is greatly simplified,” writes Atul Saini for Fiorano Software. “If a particular microservice in a flow becomes a bottleneck due to slow execution, that microservice can be run on more powerful hardware for increased performance if required, or one can run multiple instances of the microservice on different machines to process data elements in parallel.”
Security — “Migrating to microservices creates an opportunity for a much better security model,” explains Kontsevo. “As every microservice is a specialized process, it is a good idea to only allow it to access resources it needs. This way a vulnerability in just one microservice will not expose the rest of your system to an attacker.”
Not everything is easier with microservices, of course. Three commonly acknowledged challenges of deploying microservices typically include: First, the “complexity from managing microservices written in different languages,” as we’ve done at ZorroSign. Second, the “cost implications of network resource usage from remote calls across multiple services” and third, “investigating root causes or auditing systems becomes challenging when dealing with log management across distributed services, as log aggregators would be required,” suggests BMC.
But complexity, costs, and support all increase when any application grows, so facing those challenges with a microservices architecture is little different than facing the complexity, costs, and support challenges of a larger monolithic app.
Why ZorroSign Choose Microservices—and Why You Should, Too
Our CTO and I have been assessing microservices for several years, and committed to an overhaul of our DevOps a year ago. We spent the first half of 2022 building the next iteration of ZorroSign’s blockchain platform with microservices and containers.
“Beyond the development advantages, microservices allow us to more easily manage complex ZorroSign back-end services and improve our entire system’s resiliency,” said Walpita. “It’s far easier finding and fixing bugs, allowing our development team to focus on single, isolated functionality, and then deploying asynchronously to other development efforts, whenever new functionality is tested and ready.”
From my perspective, I was intrigued to learn how microservices improved our defense-in-depth capabilities, as security can be configured much more granularly and configured at each microservice level. With ZorroSign’s commitment to privacy and security, microservices were another important upgrade to keep our platform ahead of the competition.
“Our team develops in C#, Go, Java, and Python,” adds Walpita. “Being able to deploy all those program languages in a single application, united across AWS cloud tools, Docker, and Kubernetes, gives ZorroSign the flexibility our engineers desire and the scalability our customers demand.”
Finally, I asked Priyal what advice he might give other organizations thinking of deploying microservices. He said: “Make sure your product and development team are mature enough to adopt the complexity of a microservice architecture. At some point, a growing app’s need for scalability, higher resilience, and improved performance may make microservices the best path forward. But ensuring your DevOps are ready to integrate and manage all the pieces of a polyglot tech stack is the key to success.”
I encourage you to consider microservices for your apps, and welcome the chance to talk more about this exciting architecture for new technologies!
Blockchain-based digital signatures for greater privacy and security
With more and more businesses, governments, and individuals employing blockchain technology for commerce and operations, ZorroSign stands as key addition to your technology stack.
Whether you’re decentralizing data with web3, securing cloud or software-as-a-service (SaaS) architectures, committing to digital transformation, or elevating sustainability, our multi-chain blockchain solution is the perfect addition to your IT offerings—learn how!
If You’re Decentralizing with Web3
The idea of escaping a centralized authority managing protocols, transactions, and access was built into the World Wide Web from its earliest days.
Web 1.0 was the initial iteration of the World Wide Web in the late 1980’s and early 1990’s. “Web 1.0 is the term used for the earliest version of the Internet as it emerged from its origins with Defense Advanced Research Projects Agency (DARPA),” writes Kuntal Chakraborty for Techopedia. “Experts refer to it as the ‘read-only’ web—a web that was not interactive in any significant sense.”
From those early static web pages, a platform model of computing soon evolved that would become Web 2.0 or the ‘social web.’ Here, interaction with growing web applications and platforms drove e-commerce and the expansion of the Internet, allowing large providers to aggregate and control much of the shared data. This is the Internet we know today.
The dream of Web 3.0, however, is to break the centralization of information and democratize the Internet more to the vision of its earliest founders. “Web3, ” claims Chris Dixon from Andreesen Horowitz in a recent article in The Economist, “combines the decentralized, community-governed ethos of web1 with the advanced, modern functionality of web2.”
“The rise of technologies such as distributed ledgers and storage on blockchain will allow for data decentralization and create a transparent and secure environment, overtaking Web 2.0’s centralization, surveillance and exploitative advertising,” writes Charles Silver in a recent Forbes article. “Indeed, one of the most significant implications of decentralization and blockchain technology is in the area of data ownership and compensation… Web 3.0 will bring us a fairer internet by enabling the individual to be a sovereign.”
Blockchains are distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-peer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator. They can run publicly (open) or privately (permissioned).
Perhaps most importantly, blockchains can support smart contracts—where terms, conditions, and permissions written into the digital code that require an exact sequence of events to take place to trigger the agreement of the terms mentioned in the blockchain contract. This hardwiring of contract details greatly increases speed (via automation), trust (where accuracy and backup are built into the transaction), and autonomy (as no third parties are required to mediate or control the exchange) of transactions.
As such, centralized solutions such as blockchains have immense potential to transform business contracts, real estate deals, digital rights, supply chain security and provenance, estate planning, and many other legal transactions.
And here is where ZorroSign shines!
We have built our digital platform from the ground up using blockchain technology. Launched with Hyperledger Fabric, our multi-chain platform now supports the public Provenance Blockchain as well, giving our users an entirely new world of decentralized digital transactions.
Our web3 technology platform also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token plus fraud prevention, user authentication, and document verification. Web3 features such as artificial intelligence (AI) and machine learning (ML) allow us to automate form completion for digital documents, and can improve regulatory compliance across global standards for legally enforceable digital signatures.
Paired with Provenance Blockchain—which reduces the need for third-party intermediation, drastically reducing costs and freeing up capital in financial transactions—ZorroSign’s platform promotes greater transparency and liquidity for organizations, and allows for new kinds of financial engineering and business opportunities.
If You’re Securing SaaS or Cloud Solutions
More than 90% of all cyber attacks begin with phishing but blockchain architecture, originally built for zero-trust environments, can deliver a compelling alternative to centralized databases and a strong protection against cyber attacks. How?
In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
In cyber attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Recovery is quicker with blockchain, too. With blockchain, each endpoint node has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This speedy recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.
ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities—for example, PC and mobile device fingerprint scans, iris scans, and face recognition to ensure users are who they claim to be.
And ZorroSign multi-factor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based upon your transaction security needs: What you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token, our unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).
Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.
And like your SaaS solutions, ZorroSign’s SaaS model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform as a public, private, hybrid, or on-premise cloud:
Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes
If You’re Committed to Digital Transformation
For years, organizations have steadily moved more and more of their operations to digital data and delivery. Such advances save time and effort, automate key processes, and drive greater efficiency and effectiveness. With digital transformation, customers or constituents can receive services faster and gain self-service options, and employees get more time to work on the most important projects.
“Digital transformation is no longer an option, but an imperative,” notes the Harvard Business Review. “Recent research from Accenture has found that in the three years prior to 2018, firms who led their industry in enterprise technology adoption grew two times faster than laggards. Today, they are growing five times faster. The risk is no longer merely getting left behind, but being eliminated altogether.”
For organizations leveraging digital data, apps and SaaS, IoT, or any of the multitude of other digital solutions, adding ZorroSign can be an important consideration.
To transact business, commerce, government, or individual trade in such a digital ecosystem also requires legally enforceable digital signatures to prove agreement and intent. Our multi-chain blockchain platform delivers such digital signatures and ensures the digital chain-of-custody necessary to successfully defend digital signatures in a court of law.
And by digitizing paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity across digital operations . . . a massive benefit for any organization committed to digital transformation!
If You’re Focused on Sustainable Business
Digital operations also eliminate paper so “going green” with paperless operations may readily align to your IT organization’s corporate social responsibility goals or vision.
At ZorroSign, we help IT organizations deliver paperless operations. We all understand that switching from doing business using paper to digital records is not only a smart business decision, but it is also good for the environment. Each time you use ZorroSign to digitally transact agreements, contracts, and other documents—instead of printing, faxing, scanning, shipping documents overnight to collect signatures—you save trees and water, plus reduce carbon emissions.
Further, ZorroSign is dedicated to advancing sustainability while advancing new technologies, promoting a paperless life and leading sustainability programs that support environmental conservation. The company’s Save-a-Tree, Plant-a-Tree program, for example, plants a tree on behalf of customers every time they save 8,000 pages of copy paper. As one tree produces roughly 8,000 pages of copy paper, this amounts to a double incentive: Reducing the destruction of trees via reduced paper use, plus increasing the number of trees as a reward for reducing paper use.
For all these reasons and more, if you are using blockchain technologies—or planning to in 2023—consider ZorroSign as a strong complement to your technology stack! You can start with a free 14-day trial to see what we can deliver or contact us to learn more!
ZorroSign Brings the Elevated Security and Compliance Standards that Your Real Estate Business Needs
Many in the real estate industry have made the jump into digital operations and this has allowed them to conduct business on the go while elevating their client’s security and compliance needs.
Only ZorroSign pairs a web3 transaction platform with mobile technology—delivering 21st century security to the age-old ceremony of signing and storing purchase agreements, and giving your customers peace of mind needed when conducting real estate transactions digitally and remotely.
Here are three reasons that you need to make the switch to digital operations with ZorroSign . . .
Give Your Client Peace of Mind
By using ZorroSign, all the parties involved in a real estate transaction can Z-Sign documents anywhere, anytime and from their preferred device. That’s a win for everyone—especially the client! You no longer have to patiently wait through the frustratingly slow process that is paper operations. And they can keep up with their busy schedule and buy that house all while saving time and money. ZorroSign relieves you from being tied to the office or one particular place and lets you and your clients sign, send, and track documents while on-the-go.
Ensure Elevated Security
ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.
By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your real estate digital transactions, while preventing fraud and ensuring regulatory compliance.
How does this blockchain architecture contribute to ZorroSign being the best platform for your real estate needs?
Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.
Unlike centralized databases which can be breached at unsecure endpoints (users and devices)—or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.
This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
ZorroSign intentionally used blockchain as the framework of our business to ensure that our customers were able to experience elevated security and peace of mind.
Stay Compliant
With ZorroSign, you can easily complete and sign multiple mandatory documents and ensure compliance at every stage—we are proud to make the security and privacy of our customers’ data our top focus!
Our unique combination of security architecture and data privacy functionality grants ZorroSign compliance across international standards for privacy and security, including but not limited to:
Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada: The Uniform Electronic Commerce Act (UECA)
EU: Data Protection Regulation (GDPR) for data privacy and security
EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
India: The Information Technology Act 2000 (IT Act of India)
International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
International Organization for Standardization (ISO) 27001 certified
PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
USA: California Consumer Privacy Act (CCPA)
USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
USA: The Digital Millennium Copyright Act (DMCA)
USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
USA: The Health Insurance Portability and Accountability Act (HIPAA)
USA: The Uniform Electronic Transactions Act (UETA)
We are proud of our multi-chain blockchain platform at ZorroSign—delivering digital signatures paired with identity-as-a-service (IDaaS) technologies, a patented fraud prevention solution, AI/ML-driven form completion, and customizable workflows to ensure the highest privacy, security, and compliance for your digital transactions!
But while we live-and-breathe digital signatures, you might still be learning how digital signatures work and what benefits they might bring to your organization. We can help!
Below find some common questions we hear about digital signatures and short answers to get you started . . .
1. Are digital signatures legally accepted/enforceable like paper-based signatures?
Yes! Back in 2000, the U.S. passed the Electronic Signatures in Global and National Commerce (ESIGN) Act along with the Uniform Electronic Transactions Act (UETA) granting electronic signatures the full strength and legality of paper-based “wet” signatures. As such, digital signatures are valid in all 50 U.S. states, plus most countries around the world.
Beyond the United States, Australia’s Electronic Transactions Act, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), China’s 2004 Electronic Signature Law, the European Union’s Directive 199/93/EC, India’s Information Technology (IT) Act 2000, Japan’s Law Concerning Electronic Signatures and Certification Services, New Zealand’s Electronic Transactions Act, the UAE’s Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce, the United Kingdom’s Electronic Communications Act and subsequent Electronic Signatures Regulation 2002, all regulate and support the legal enforceability of digital signatures around the world.
2. Why do companies, governments, or other organizations typically switch from paper-based to digital signatures?
Public and private organizations move to digital signatures for many different reasons, for example:
Some switch to save the costs of paper-based document printing, copying, couriering, and storage
Some switch to speed transaction workflows, document signing ceremonies, and execution of legal agreements
Some seek to improve regulatory/quality compliance with the digital management of transaction and personal information
Some want to improve the privacy and security of documents and transactions through digital encryption and security protocols
Some aspire to improve customer/constituent experiences with digital and mobile operations
Some are looking for the competitive advantage digital operations bring with all these benefits
Why are you considering the move to digital signatures?
3. With digital signatures, how do we know the person signing is really who they say/are supposed to be?
While some digital signature platforms grant access via simple username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins.
With ZorroSign, we’ve integrated identity-as-a-service (IDaaS) technologies to verify users, for example:
ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.
ZorroSign is the first to adopt password-less login amongst our digital signature competitors.
ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs, such as:
What you know (i.e., your ZorroSign login password),
What you have (e.g., your laptop or mobile device),
Who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature—provided by LexisNexis—which requires the knowledge of confidential information of the individual to prove that the person providing identity information is the actual person.
These technologies secure the endpoints of our private, permissioned Hyperledger Fabric blockchain architecture where only approved nodes (endpoints) are allowed to access our distributed ledger system.
4. How Does ZorroSign Use Blockchain and Web3 Technologies for Digital Signatures?
ZorroSign is the first company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation!
Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—or DLT, such as blockchain—is used for digital signatures, signers gain the unique advantages of:
Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
Security — all records are individually encrypted and distributed for better protection from phishing and ransomware attacks
ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain.
Assuming contracts are critical to your business or organization, then a secure, reliable solution for contract lifecycle management (CLM) is imperative and blockchain supports CLM in amazing ways.
Strong CLM solutions must include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.
With our blockchain architecture, ZorroSign’s platform unites and uniquely delivers:
Digital signatures via Z-Sign to quickly execute legally binding contracts
Patented Z-Forensics token to prevent fraud and tampering
Z-Flow workflow automation to quickly build templates and approval chains
Z-Verify to know exactly who signed what and when, with full validation of every document’s authenticity and immutability
Z-Vault to securely store contract and transaction records immutably on blockchain
ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our Z-Vault, contracts reside on an immutable document management system (DMS) where they can be saved, searched for, and managed easily from a single, intuitive user interface.
5. How Do Digital Signatures Meet International Privacy and Security Compliance?
At ZorroSign, we are proud to make the security and privacy of our customers’ data our top focus.
Our unique combination of security architecture and data privacy functionality grants ZorroSign compliance across international standards for privacy and security, including but not limited to:
Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada: The Uniform Electronic Commerce Act (UECA)
EU: Data Protection Regulation (GDPR) for data privacy and security
EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
India: The Information Technology Act 2000 (IT Act of India)
International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
International Organization for Standardization (ISO) 27001 certified
PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
USA: California Consumer Privacy Act (CCPA)
USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
USA: The Digital Millennium Copyright Act (DMCA)
USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
USA: The Health Insurance Portability and Accountability Act (HIPAA)
USA: The Uniform Electronic Transactions Act (UETA)
6. How much does it cost to try digital signature software and learn if it’s right for me?
ZorroSign offers a free 14-day trial license to test out our features, securely sign digital documents, build templates and approval workflows, and store your transaction data on blockchain.
No credit card required, visit our Free Trial page to get started!
In today’s global economy, there are lots of bad actors and threats to your digital information. Whether you work for a government agency, a business, an IT department, a law firm, a financial service provider, or just about any other organization generating and storing digital data, your information—and your customers’ or constituents’ information—must be protected.
ZorroSign’s U.S. headquarters in Phoenix, Arizona brings blockchain technology to U.S. companies, organizations, and individuals signing digital documents and executing transactions digitally.
“If you’re looking for a secure way to transact with third parties or multi-parties,” says Robert Vera from GCU‘s Canyon Ventures Center for Innovation and Entrepreneurship, “ZorroSign is that technology that you need to have confidence that your transactions are secure in today’s environment.”
If you’re ready to try ZorroSign’s multi-chain blockchain platform for yourself—for superior privacy and security for all your digital signatures and transactions—start a Free Trial today!
Our CEO and co-founder, Shamsh Hadi, was recently interviewed by two technology news outlets—Tech Channel News and TahawulTech.com.
Tech Channel News helps C-level executives in India and Gulf identify technologies and strategies to empower and streamline business processes. Their portal at techchannel.news informs leaders of what’s new in tech and why it matters.
TahawulTech.com, published by CPI Media Group, is the definitive platform in the Middle East for IT content. Covering stories across enterprise technology, cybersecurity and the region’s IT channel industry, TahawulTech.com brings business leaders and technology decision makers together to share their stories of transformation.
Here are short summaries of those interviews and links to read the original pieces!
ZorroSign Making Waves in Digital Signature Space Using Blockchain Technology
In April 2022, Tech Channel News’ Naushad K. Cherrayil interviewed Mr. Hadi on how ZorroSign safeguards the privacy and security of digital documents, and provides an immutable chain of custody for digital transactions, for governments and organizations in the Gulf Co-operation Council (GCC) countries.
The article notes that there are “huge players in the digital signature space, but none of them have figured out how to cost-effectively map their legacy software in technologies and evolve it into Web 3.0 and blockchain solutions today.”
“We have solved all these problems,” said Hadi. “Successfully bringing blockchain to digital signatures—unlike other competitors, big and small, who simply tried to add blockchain onto their legacy software.”
The article explores ZorroSign’s roots in Dubai with development in Sri Lanka, moving the company’s global headquarters to Phoenix, and standing out from the crowd in a competitive eSignature space.
“Our platform was invented to move documentation, digital transactions from a relationship built on trust to a relationship built on truth, providing customers the ability to positively impact the environment with sustainable practices and securely transform their paper-based workloads to digital in a bid to remove errors and increase productivity,” Hadi added.
Tech Channel News uncovers how ZorroSign leverages blockchain’s zero-trust environment to support governments in the Gulf who are looking specifically for blockchain solutions, noting “two countries that are pushing forward are the UAE and Saudi Arabia.”
In May 2022, TahawulTech.com’s Anita Joseph interviewed Mr. Hadi on how ZorroSign not only provides digital signatures built on a blockchain architecture, but also integrates identity-as-a-service (IDaaS), biometrics, KBAs, and patented Z-Forensics token to prevent fraud and address identity theft risks.
Ms. Joseph also starts with ZorroSign’s founding in Dubai and how HH Sheikh Mohammed bin Rashid Al Maktoum’s Digital City Vision for Smart Dubai has been a guiding principle for ZorroSign—including his goal of a paperless life in the UAE by 2030.
The article then talks of identity theft and how ZorroSign technologies confront the issue: “Not only does our web3 platform leverage the cryptographic security capabilities of blockchain,” said Hadi. “But it also integrates Identity-as-a-Service technologies into our solution set to combat fraud, identity theft, and cyber-attacks.”
Security trends, cybercrime, and various cyber-attacks are discussed, as well as how distributed ledger technologies such as blockchain can help defend and/or recover from such attack vectors. The article ends with ZorroSign’s plans for 2022 and early verticals benefitting from blockchain-based digital signatures.
Learn more about how ZorroSign helps governments, companies, and individuals around the world with digital signatures and maintaining privacy and security with their digital transactions: Contact us today or start your Free Trial.
The educational event provided an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters via panel discussions, keynote speakers—Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona, and John Davis (Major General, US Army, Retired), VP Public Sector at Palo Alto Networks—sponsors and other cybersecurity presentations.
Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona
Key Themes of the Summit
The merger of cyber and physical worlds, requiring consolidated security approaches
Building cybersecurity plans not just focused on prevention but also focused on quickly recovering from successful attacks
CISO Panelists
Blockchain Architecture For Elevated Security
ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.
By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.
How does this blockchain architecture contribute to cybersecurity?
Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.
Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.
This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
ZorroSign is a strong addition to any organization’s security stack, and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.
Z-Forensics Token
ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
Apply a digital equivalent of a wet-ink signature to the document (legal intent)
Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)
Unlike any other digital signature solution, ZorroSign seals all our clients’ documents with the Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.
Since 2013, the security world recognizes the first Thursday of May as World Password Day—promoting better password habits such as changing passwords, moving to more complex passwords, and turning on multi-factor authentication (MFA) to improve digital security.
In advance of this year’s World Password Day, ZorroSign is proud to remind our users that ZorroSign’s platform not only accommodates complex passwords and MFA, but also supports “password-less” logins!
How?
First, ZorroSign leverages the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans. Such biometric login facilitates password-less user authentication at the device-level for subsequent ZorroSign digital signatures and document management.
Further, our multi-chain blockchain platform can validate multiple dimensions of authentication based on the transaction security needs:
What you know — your ZorroSign login password or knowledge-based authentication
What you have — your PC or mobile device
Who you are — biometrics such as finger prints, eye iris on the device securing who can access it
ZorroSign’s dynamic knowledge-based authentication (KBA) feature—provided by LexisNexis—requires the knowledge of private information of the individual to prove that the person providing their identity information is the actual person.
With ZorroSign’s user authentication options, it is almost impossible for an imposter to sign a document on the ZorroSign platform, ensuring:
Legal Enforceability — Using digital signatures with real digital information
Signature Attribution — Incorporating high-level security provisions and multifactor authentication (including biometrics) to ensure signatory attribution to a specific user
To learn more about our password-less login capabilities and how ZorroSign provides superior privacy and data security with our blockchain platform, contact us today or sign up for a Free 14-Day Trial to see for yourself!
Block it down! Now, you can count on regulatory compliance and the immutability of your signed documents within your stored data and workflow records on ZorroSign’s blockchain.
Z-Vault enables ZorroSign platform users to store, structure, organize and search documents in folders and subfolders natively, with the peace of mind that comes from superior privacy and security.
Digital Signatures on Blockchain
Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—or DLT, such as blockchain—is used for digital signatures, signers gain the unique advantages of:
Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
Security — all records are individually encrypted and distributed for better protection from phishing and ransomware attacks
ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain. And we recently announced a partnership with Provence Blockchain to add their DLT to our architecture as well, effectively becoming a multi-chain blockchain platform.
Z-Vault for Better Contract Lifecycle Management
Contract lifecycle management, or CLM, spans the entire process of generating contracts, the workflows of approving and negotiating changes to contracts, the signing (or executing) of the contracts, storing and archiving the executed contracts, plus tracking and audit trails to retrieve contracts and review their lifecycle of approvals, iterations, and signatures.
If contracts are critical to your business or organization, then a secure, reliable solution for managing the contract life cycle is imperative.
Key functionality to look for when assessing CLM solutions include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.
ZorroSign’s platform unites and uniquely delivers:
Digital signatures via Z-Sign to quickly execute legally binding contracts
Patented Z-Forensics token to prevent fraud and tampering
Z-Flow workflow automation to quickly build templates and approval chains
Z-Verify to know exactly who signed what and when, with full validation of every document’s authenticity and immutability
Z-Vault to securely store contract and transaction records immutably on blockchain
ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our Z-Vault, contracts reside on an immutable DMS where they can be saved, searched for, and managed easily from a single, intuitive user interface.
Z-Vault Benefits
Superior privacy and security to PKI-based solutions using a centralized database
The latest privacy and security technologies, delivering powerful encryption safeguards
Ability to share and review eSign and architectural drawings, adding your own comments
Time savings with access to specific folders and documents in seconds, no loss of records
ZorroSign Privacy & Security Compliance
Our combination of security architecture and data privacy functionality ensure your compliance across many international standards for privacy and security, including:
Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada: The Uniform Electronic Commerce Act (UECA)
EU: Data Protection Regulation (GDPR) for data privacy and security
EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
India: The Information Technology Act 2000 (IT Act of India)
International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
International Organization for Standardization (ISO) 27001 certified
PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
USA: California Consumer Privacy Act (CCPA)
USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
USA: The Digital Millennium Copyright Act (DMCA)
USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
USA: The Health Insurance Portability and Accountability Act (HIPAA)
USA: The Uniform Electronic Transactions Act (UETA)
To learn more about Z-Vault and how ZorroSign can help you securely store contracts, data, and documents on blockchain, contact us today or start your 14-day Free Trial subscription!
It is no secret that cybercrime has skyrocketed within the last few years, in fact, cybercrime in the U.S. jumped by 55%. This increased risk drives a greater need for privacy and security, especially within IT companies and departments responsible for digital data and cybersecurity.
ZorroSign can help your IT company or department combat the elevated security risks with our digital transaction platform, built on blockchain architecture, and calibrate your company and customers for success!
Blockchain Architecture For Elevated Security
ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.
By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your company’s and customers’ digital transactions, while preventing fraud and ensuring regulatory compliance.
How does this blockchain architecture contribute to ZorroSign being the best platform for IT companies?
Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.
Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.
This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
ZorroSign is a strong addition to your security stack, and brings the cybersecurity capabilities of blockchain to your company’s and customers’ digital signatures and transactional documentation.
Z-Forensics Token
ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token.
This unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).
Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.
Your IT company or department gains peace of mind when you Z-Sign!
Cloud Configuration
On top of providing the security that your company and customers need, ZorroSign’s software-as-a-service (SaaS) model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform.
Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes
Your IT company or department can scale and deliver data privacy and security aligned to your existing deployment architecture—as public, private, or hybrid as it may be!
To learn more about how ZorroSign helps IT companies and departments elevate your data privacy and security, please contact us or start your 14-day Free Trial today!
In a digital environment, transactions take place between people and organizations who may not know each other, and likely cannot verify each other’s identities using traditional, physical means.
Yet as the world moves more and more to digital transactions—exchanging real-world assets such as automobiles, financial instruments, goods and services, even real estate, to exchanging digital assets such as cryptocurrencies, in-game purchases, metaverse assets, NFTs, and even more in the years ahead—it becomes critical to verify exactly who signed what and when, with full validation of every transactional document’s authenticity and immutability, to prevent forgery, fraud, or tampering.
CNBC reports that “Sales of real estate in the metaverse topped $500 million last year and could double this year, according to investors and analytics firms.” And transactions in the metaverse were expected to cross $6 billion in 2021, according to India’s Business Standard.
To facilitate commerce in digital realms, ZorroSign is pleased to include the Z-Verify feature in our multichain blockchain platform to protect privacy, secure transactions, and prevent fraud.
Digital Signatures for Digital Transactions
To transact business, commerce, government operations, or individual trade in a digital environment requires legally enforceable digital signatures to prove agreement and intent. There are several technologies supporting digital signatures, but how do such solutions provide legal enforceability?
They must ensure WHO is signing the legal documents via user authentication; plus,
They must ensure WHAT was signed (agreed upon) via immutable document control with full audit trail of changes for document verification; and
They must ensure WHERE, WHEN, and HOW digital signatures were executed in signing ceremonies via metadata captured on digital devices and digital network.
On June 30, 2000, then President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act (E-Sign Act), establishing that electronic signatures have the same legality as traditional signatures on paper, and defined the criteria for legality. The legislation opened the door for digital transactions and digital commerce has boomed in its wake.
Digital Signatures on Blockchain
Since 2000, many technologies have come to market to deliver digital signatures, but when a distributed ledger technology—such as blockchain—is used for digital signatures, transaction parties gain the unique advantages of:
Privacy — with a private, permissioned blockchain such as Hyperledger Fabric, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
Immutability — all blockchain records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
Perhaps most importantly, digital signature platforms that incorporate Identity-as-a-Service (IDaaS) can authenticate users across multiple dimensions, such as what you know (your login password), what you have (your laptop or mobile device), and who you are (biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
Digital Signatures with Z-Verify
ZorroSign’s Z-Verify unites multi-factor authentication, the biometric capabilities of your hardware devices, the opportunity for password-less logins, and even knowledge-based authentication (KBA) features—requiring the knowledge of private information of the individual to prove that the person providing identity information is the actual person—to ensure each party to the digital transaction is who they claim to be.
Further, Z-Verify features allow ZorroSign users to maintain and review a chronological, immutable, real-time record of transactions: Ensuring the security and privacy of users’ information and that of the data itself!
Z-Verify Benefits:
Immutable attribution of the signatory of any document secured in ZorroSign
Globally accepted security certificates that never expire – unlike any competitive solution certificates
Secured by private, permission-based blockchain technology built on Hyperledger Fabric
Authentication, verification and validation of digital and paper versions of documents using our patented Z-Forensics token
Verification applies to internal (registered) and external (not registered) users alike!
To learn more about Z-Verify and how ZorroSign can ensure you know exactly who signs your digital documents, when they signed, how they signed, and what they signed has not changed—contact us today or start your Free 14-Day Trial subscription to test us yourself!
The way that the legal industry conducts business has changed drastically over the last few years, foremost due to the shift during the COVID-19 pandemic to a remote lifestyle. A recent survey by the American Bar Association shows that more than half of all attorneys are now working from home almost exclusively. This switch to remote work has caused the legal industry to look towards technology to move the bulk of their processes and workflows online.
With that industry shift in mind, here are three ways that ZorroSign helps to law firms, legal departments, and attorneys worldwide to thrive in an online environment!
Automation
Lawyers are often swamped with paperwork and the hassle of printing, signing, and scanning documents. While much of this work is important to the successful operation of legal services, future-thinking law firms and legal departments are identifying repetitive, manual processes and incorporating automation to drastically improve their workflows. This allows attorneys to spend more time on client development and for staff to become more productive.
Incorporating technology into your legal service workflows can expedite operations, accelerate growth, and increase the value of the services delivered to clients. When used strategically, technology can also free up your teams from mundane tasks and enable them to apply their expertise to higher-value work. As a result, law firms and legal departments become more efficient, innovative, competitive, and profitable.
ZorroSign’s blockchain platform allows firms to build and automate templates and approval workflows, ensuring compliance with business regulations while streamlining processes from a single dashboard. Our contract lifecycle management (CLM) capabilities support automation and help move attorneys to digital record-keeping, digital communications, and digital chains-of-custody.
Expanding Privacy Regulations
Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. It is also expected that more state legislatures will enact privacy laws similar to the California Consumer Privacy Act (CCPA) which gives consumers more control over the personal information that businesses collect about them. Eventually the United States can expect a law that mirrors the EU’s General Data Protection Regulation (GDPR)—one of the toughest privacy and security laws in the world.
The increased demand for privacy has been driven by individuals’ demands for improved protection of their personally identifying information (PII), healthcare records, autonomy, and digital data privacy. Expanding regulations have pushed organizations to take the necessary steps to support data sharing, while preserving the privacy of those that they are working with and who are within their organization. All in all, organizations that choose to prioritize privacy have an opportunity to win greater loyalty and more business from their customers.
So how can ZorroSign help?
ZorroSign was created with the privacy of users in mind. Built from the ground up on blockchain technology for a zero-trust digital ecosystem, we deliver top notch security that has evolved to meet the legal enforceability needed in a court of law. ZorroSign is already compliant with CCPA and the EU’s GDPR policy—plus many Canadian, Indian, UAE, and United States data protection and privacy standards, ISO 27001 certification, American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit, and International Standard on Assurance Engagements (ISAE) No. 3402 Type II audited.
For the growing list of ZorroSign privacy and security standards, visit our recent blog on global compliance.
Transfer to the Cloud
While storing information on a hosted cloud server is not a new concept, the legal industry has been slow to migrate its data because of the security concerns that this presented. Telecommute work, however, has pushed legal organizations towards cloud solutions to better connect remote workers. The cloud’s cost-effective delivery of near-unlimited storage, paired with technology like blockchains, bridges the gap between the risk of remote connections and the need for elevated data security.
Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
On-premise deployments require your law firm or department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes
Since the invention of microchips and semiconductor transistors in the 1950’s, the world has moved steadily to more and more digital information. Computers for government, then computers for business, then home computers brought vast amounts of data into digital formats, and with the birth of the World Wide Web digital information has exploded in volume.
Today, we rely on digital documents for our business operations, our finances, our government, our healthcare, our legal system, and vast amounts of news and information—both personal and public. Trusting such digital documents is critical to ascertaining truth and accurately conveying facts.
“Documents comprise evidence, and are generally assumed to amount to evidence upon which the parties and the court can rely,” explains Helen Brander for Counsel magazine. “For every point that is made, one hopes there is a document to support that point.”
The Risk of Fraud
Throughout history, there have been various techniques to authenticate documents. In the pre-industrial age, it was common in Europe for someone to sign a document in ink and to then press a wax seal on the document to indicate the authenticity of that document. It was always possible, of course, that someone could tamper with the document and forge signatures, information, or the wax seal itself.
In the modern age, the United States has notary publics who can witness a person signing a document and endeavor to authenticate the signer’s identity by inspecting a driver’s license, passport, or other form of identification for that person. Again, the risk remains that it is possible to forge such identity materials, or alter the actual documents or signatures after signing.
More recently, with the popularity of electronic or digital documents, the digitization of business processes is taking place. In other words, from the creation of documents, to the signing of documents, to the storage and subsequent retrieval of documents, one or more steps may be conducted digitally.
For example, a document may be created on a computer and subsequently printed, signed with wet ink or electronically, then faxed, delivered via courier, or scanned into the computer and finally shared electronically via email or by using other file transfer mechanisms. Despite the technology advances, such documents can still be tampered with and signatures can be forged within this process as well.
“Detecting fraud within documents that have been digitally altered with graphics editors or ‘print-manipulate-scan’ evasion techniques requires more sophistication,” notes Martin Rehak in a Help Net Security article. “Often undetectable to human fraud specialists, building an automated solution requires specialist knowledge of the metadata and digital footprints left by scanning and printing devices.”
As such, modern digital documents require a level of security as evolved and nuanced as the technologies producing, storing, and sharing the digital documents themselves.
The Security of ZorroSign
Facing this historical need, ZorroSign has developed a unique digital solution that can:
Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).
ZorroSign’s patented Z-Forensics token is a tamper and fraud-detection seal for your digital documents, creating an unprecedented, immutable audit trail and complete chain-of-custody validation.
This revolutionary security system allows a validated user to create an electronic document, then allow one or more other users to complete and sign that document in a particular sequence—”the workflow”—all the while capturing the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.
Unlike any other digital signature solution, ZorroSign seals all documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.
Only the Z-Forensics token:
Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts
Our Z-Forensics feature enables ZorroSign users to create a virtual seal for every uploaded document: initiating a verifiable trail, tracking every step of a document’s journey through users, so that any attempts at tampering, fraud, revision or other alterations are immediately captured.
To learn more about Z-Forensics and how ZorroSign can help you prevent fraud with digital documents, contact us today!
“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”
Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.
Phishing Attacks
In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”
“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”
This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.
“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”
“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” addsCrowdstrike.
Blockchain Cybersecurity Against Phishing
“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.
Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.
In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates. With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.
Banks, credit unions, investment groups, lenders, and other financial service providers use ZorroSign’s digital platform to lower operating costs while protecting privacy and data security. Only ZorroSign pairs digital signatures with blockchain technology—delivering 21st century security to the age-old ceremony of signing agreements.
FINANCIAL SERVICES INDUSTRY NEEDS
Anyone managing technology for a financial services provider feels the stress of managing data, networks, and endpoint devices in a world where cyber attacks, regulatory compliance, and customer needs are changing quickly.
To ensure their financial organizations are secure, compliant, and delivering easy to use customer-facing solutions, IT departments need the latest technologies but also proven solutions. ZorroSign is proud to protect financial services data—for customers, for regulators, and for the institutions themselves.
TRANSFORM YOUR FINANCIAL SERVICES WITH SUPERIOR SECURITY
Whether you’re a financial advisor or lender, a bank, credit union, or other services provider, you need fully compliant, automated, blockchain-level security and digital transactions you can trust. ZorroSign delivers:
Unbeatable user authentication, validation and privacy, with superior data and document security
A secure, paperless digital signature solution that’s easy to use, so you can “sign it and forget it”
Workflow automation that saves times and eliminates paper—streamlining approvals, signatures, and workflows
Error-free forms filled out and processed faster via artificial intelligence and machine learning
Financial institutions need privacy and security, but also need to know their technology solutions meet regulatory compliance. ZorroSign’s platform is compliant with the Digital Millennium Copyright Act, UETA, the ESIGN Act, GDPR, plus ISAE 3402 Type II certified, SOC II Type 1 certified, and ISO 27001 certified while supporting HIPAA, ADA, WCAG 2.1, CCPA, New York SHIELD Act, and other standards varying country by country.
For banks, credit unions, and other financial service providers that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.
As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.
ADD IDENTITY-AS-A-SERVICES (IDAAS) TO KNOW-YOUR-CUSTOMERS (KYC)
Beyond digital signatures, ZorroSign delivers identity-as-a-service (IDaaS) to verify financial services users and support know-your-customer (KYC) requirements:
ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities
ZorroSign is the first to adopt password-less login amongst our digital signature competitors
ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.
Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.
Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.
We invite you to request a copy of our ZorroSign Security Brief to learn how our private blockchain architecture, document storage and protection, and platform security measures can support your financial service clients today!
Identity-as-a-Service (IDaaS) is a relatively new—and somewhat nebulous—concept in today’s market. Gartner, a global research and advisory firm, has a category defined as “identity management as a service” but most Software-as-a-Service (SaaS) companies providing identity and identity management functionality tend to define IDaaS to their own strengths and capabilities, so it is hard to find a consistent definition.
Yet the world of digital data we engage today requires digital identities for access and operations. Using digital identities we can trust is at the heart of modern cybersecurity—and hacking, phishing, or stealing identity credentials is one of the most common attack vectors for cybercriminals seeking to penetrate digital systems. As such, IDaaS has a very well-defined need, if not yet a well-defined category.
What is IDaaS?
At a basic level, all IDaaS platforms are created to enhance online user experiences, secure access to critical enterprise applications, and reduce IT resource-related expenses with efficient identity and access management (IAM) and privileged access management (PAM).
“There’s no way around it: sound identity management is essential,” writes Mark Diodati at Gartner. “Without good IAM, you are at real risk for data breaches and denial of service attacks. And IAM is hard to get right.”
The overarching goal of IDaaS solutions is to ensure users are who they claim to be—and to give users access to applications, data, systems, or other digital resources as authorized by their organizations.
Why Organizations Need IDaaS?
Foremost, IDaaS solutions can improve data security and cybersecurity. Knowing with confidence who your digital users are can elevate privacy and security across all digital systems. With an estimated 81% of hacking-related breaches leveraging either stolen and/or weak passwords, effective IDaaS solutions can eliminate one of the most glaring gaps in cybersecurity.
For government agencies and public-sector organizations, IDaaS is quickly becoming a critical need. “Cyber attackers always target government agencies to gain access to confidential government data,” explains Markets and Markets™, the world’s largest revenue impact company, headquartered in Pune, India.
Another key advantage of IDaaS is operational cost savings. Provisioning IAM with onsite solutions can be expensive: IT teams have to manage servers and software—purchasing, installing, upgrading, and managing backup data. Plus, onsite teams must shoulder the burden of monitoring network security and endpoint device management.
With IDaaS, however, costs can be minimized to subscription fees and administration. In one-ready example, secure single sign-on to applications can significantly reduce IT help desk costs related to password resets.
Besides security and savings, the ROI for IDaaS solutions can include improved user experiences with saved time via faster logins and fewer password resets. “Whether a user is signing in from open WiFi at an airport or from a desk in the office, the process is seamless and secure,” notes Fabrice Berté, director at Weborama.“The improved security can keep companies from facing a hack or breach that might topple their business.”
Today, Gartner defines key market drivers for IDaaS as access to SaaS applications, provisioning, managing, vertical communities, ensuring strong authentication, and gaining SaaS efficiency. And trends in IDaaS that Gartner reports include information breach concerns, the broader use of consumer authentication, and reverse-proxy WAMs.
“We’ve been talking about this for a very long time,” said Diodati in a CSO Magazine article. “But didn’t have the big data/analytics capabilities and the mobile platform architectures until recently.”
How ZorroSign Delivers IDaaS to Verify Users
While it used to be acceptable to grant access via username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins. Here are ways ZorroSign delivers IDaaS to verify users:
* ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.
* ZorroSign is the first to adopt password-less login amongst our digital signature competitors.
* ZorroSign multifactor authentication (MFA) provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.
Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.
These technologies secure the endpoints of our private, permissioned blockchain architecture where only approved nodes (endpoints) are allowed to access our Hyperledger Fabric distributed ledger. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.
For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. And built on a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.
Moving forward, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.
Patented Z-Forensics Token
Finally, ZorroSign’s patented Z-Forensics (“4n6”) token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.
ZorroSign’s Z-Forensics token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the Z-Forensics token:
* Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document
* Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
* Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents
Together, this dynamic and integrated set of technologies allows ZorroSign to provide unmatched privacy and security for our users. Our IDaaS capabilities augment our blockchain architecture to ensure users/signers are who they say they are and deliver trusted connections in a zero-trust environment.
ZorroSign’s primary focus is the security and privacy of our customers’ data.
Our technology platform was built for the highest levels of security and compliance—from our blockchain architecture to our patented 4n6 token, to our multi-factor authentication—all ensuring our platform is compliant with dozens of international privacy and security standards.
BLOCKCHAIN ARCHITECTURE
ZorroSign has implemented its own secure instance of Hyperledger Fabric—the world’s most trusted blockchain technology, created by the Linux Foundation—using proprietary technology. This blockchain architecture is permissions-based and requires users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the ledger.
As a private blockchain, ZorroSign can ensure privacy is always maintained, as only approved nodes (endpoint users) can write to ZorroSign’s blockchain—as opposed to public blockchains (like Bitcoin and Ethereum) where anyone can be an endpoint and write to the blocks. As a result, ZorroSign’s architecture has even tighter privacy and security than other blockchains. If users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead, the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.
Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity-focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.
PATENTED Z-FORENSICS TOKEN
The ZorroSign patented Z-Forensics token is a digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.
The key benefits of ZorroSign’s blockchain and Z-Forensics token technology include immutability of chronological records, permissions-based private blockchain security and privacy of the users’ information (i.e., PII or PHI), fraud prevention, and lifetime escrow (as ZorroSign issues its own certificates that never expire).
MULTI-FACTOR AUTHENTICATION (MFA)
With the growing number of data breaches affecting user authentication, protecting one’s account credentials has become a top priority. Many solutions are now moving towards a Zero Trust model where the user must prove their identity. While it used to be acceptable to rely on a username and password, the current industry standard is two-factor authentication which is rapidly evolving to MFA with password-less logins.
ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors—validating what you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), and who you are (e.g., biometrics such as fingerprints or eye iris on the device, securing who can access it).
GLOBAL PRIVACY & SECURITY COMPLIANCE
This unique combination of security architecture and data privacy functionality grants ZorroSign compliance across many international standards for privacy and security, including but not limited to:
Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
Canada: The Uniform Electronic Commerce Act (UECA)
EU: Data Protection Regulation (GDPR) for data privacy and security
EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
India: The Information Technology Act 2000 (IT Act of India)
International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
International Organization for Standardization (ISO) 27001 certified
PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
USA: California Consumer Privacy Act (CCPA)
USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
USA: The Digital Millennium Copyright Act (DMCA)
USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
USA: The Health Insurance Portability and Accountability Act (HIPAA)
USA: The Uniform Electronic Transactions Act (UETA)
We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures today!
U.S. law enforcement agencies such as police departments, sheriffs, probation offices, prisons, prosecutors, and district attorneys are relying more and more on digital records. In serving the public, LE agencies need to ensure data privacy and security no matter if their records are paper or digital.
ZorroSign offers a technology platform built on blockchain to support law enforcement, including digital signatures, documents, workflows and archives to enhance the privacy, security, and efficiency of any LE administrative process.
“Law enforcement increasingly needs to have access to data residing in remote data centers, and investigators frequently face multiple barriers in this process. As more data routinely collected by investigators have come to reside in remote locations, these barriers have become a growing challenge for stakeholders.”
~Michael J. D. Vermeer, Dulani Woods, Brian A. Jackson Identifying Law Enforcement Needs for Access to Digital Evidence in
Remote Data Centers (Rand Corporation white paper)
ZorroSign can help LE agencies with:
Digital signatures across personnel records, payroll, budgeting, contracts, and finances
Digital documents related to court commitments, jurisdictional and warrant transfers, and supporting depositions
Expediting the collection of Uniform Crime Reporting (UCR) statistics—providing officers in the field with an easy-to-use tool to scan licenses and automatically populate a digital ledger with all required UCR data
An immutable audit trail for all LE, administrative, and legal documents in digital formats
Chain of Custody
Perhaps ZorroSign’s greatest value to law enforcement is protecting the chain-of-custody.
According to a 2020 white paper issued by the National Center for Biotechnology Information (NCBI), “Maintaining the chain of custody should be considered a professional and ethical responsibility by those in charge of the evidence. It is imperative to create appropriate awareness regarding the importance and correct procedures of maintaining the chain of custody of evidence among the people dealing with such cases… it must remain in mind that it is the most critical procedure which ultimately decides the admissibility of evidence in the court of law.”
ZorroSign’s platform can place all aspects of evidence documentation—audit trail, chain of custody, documents and attachments, user authentication information, and digital signatures) on a private permissions-based blockchain to create an immutable and legally-binding record. This ensures the highest levels of security are observed, all evidence is legally defensible, and gives LE agencies a high level of confidence in every step of the evidence documentation process.
Further, ZorroSign’s technology can easily be integrated into a law enforcement organization’s existing document management system—augmenting their ability to protect and secure all sensitive data, while delivering operational efficiencies that can lower costs and raise administrative productivity.
The Security of Blockchain Plus the Privacy of Hyperledger Fabric
Blockchains are a distributed ledger technology (DLT) using digital cryptography to secure information records (blocks) distributed across users (nodes) on peer-to-peer (P2P) networks. They can be run publicly (open to anyone becoming a node, used for cryptocurrencies like Bitcoin) or privately (permissioned to limit who can become a node, used for business applications like Hyperledger Fabric).
ZorroSign’s platform is built entirely on a private, permissioned Hyperledger Fabric to protect identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through that data’s lifetime.
For LE agencies that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (users) can write to ZorroSign’s blockchain.
Uniquely, ZorroSign also uses a patented 4n6 (“forensics”) token—a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is digitally encrypted and contains all the details about the transaction including timestamps, user authentication, document, and attachments. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.
Committed to the Men & Women in Blue
ZorroSign strongly supports the men and women in law enforcement who put their lives on the line every day to defend our communities and protect our freedoms. ZorroSign has partnered with the National Law Enforcement Officers Memorial Fund (NLEOMF) and committed to 10% of ZorroSign’s sales to law enforcement be donated to the Memorial Fund.
We believe our digital signatures and document management solutions to be the most private, most secure available and we are eager to prove it for law enforcement. Contact us today to learn more!
ZorroSign’s digital signature and document management platform not only brings the privacy and security of a private, permissioned blockchain technology, but our software-as-a-service (SaaS) model can be deployed in various configurations to meet your organization’s data security requirements.
Public Cloud SaaS
Our standard deployment is on Amazon Web Services (AWS) public cloud computing network. This configuration benefits from AWS data centers and a network architected to protect your information, identities, applications, and devices.Built with the highest standards for privacy and data security, AWS is designed to help ZorroSign deliver secure, high-performing, resilient, and efficient infrastructure for our applications.
Two big advantages of ZorroSign’s public SaaS configuration are our simple pricing model and the ability for new customers to quickly sign-up, login, and start uploading and sending documents for signatures. Pairing superior security with user-friendly operations, ZorroSign’s public cloud configuration is our most popular deployment.
Private Cloud SaaS
In ZorroSign’s private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization. This fully managed service is ideal for financial services institutions or any organization requiring that your data resides only in servers where you have full control.
The benefits of private cloud deployments include unlimited API usage, complete control over privacy and security measures, a system configuration much easier to manage and maintain than on-premise deployments, plus the ability to implement custom ZorroSign features and functionality. Private cloud deployments require that customers have IT and security staff trained to manage cloud networks, but ZorroSign works closely with such customers to ensure successful and secure configurations.
Hybrid (Public/Private) Cloud SaaS
Sitting between fully-public and fully-private cloud deployments is the option for a hybrid cloud configuration. Here, storing your data on our private, permissioned blockchain can occur on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations. We collaborate with your organization to configure the right mix of public self-service, scalability, and elasticity with private control and customization available with dedicated hardware.
Like a private cloud, hybrid cloud benefits include unlimited API usage and a system configuration much easier to manage and maintain than on-premise deployments. Hybrid cloud deployments can be a strong option for financial services institutions, and ideal for healthcare organizations, law firms, legal departments, real estate firms, and other industries where data security is highly regulated.
On-Premise Configurations
Finally, for those customers who require both the ZorroSign platformand their data reside behind their own firewall or demilitarized zone (DMZ)—where a physical or logical sub network contains and exposes your organization’s external-facing services such as ZorroSign digital signatures, workflow management, and identity-as-a-service applications—we support on-premise deployments.
On-premise deployments require your organization to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes. On-premise deployments of the ZorroSign blockchain platform can be ideal for government agencies and departments, critical infrastructure organizations, large financial institutions, and other organizations that prefer to fully manage their own IT infrastructure.
Whichever configuration your organization requires, ZorroSign has the staff, the architecture, and the deployment experience to ensure your data privacy and security needs are met. To learn more about ZorroSign’s cloud configurations for various SaaS deployments, and how we deliver greater privacy and security for digital signatures and documents, contact us today!
