Go-Jek will integrate SCB’s various offerings such as payments, digital lending and insurance in the coming months

Indonesian ride-hailing app Go-Jek, which has just received an investment from Thailand-based Siam Commercial Bank (SCB), is set to expand its financial services and food delivery businesses, a Reuters report said, citing a top executive.

In the coming months, Go-Jek will integrate SCB’s various services such as payments, digital lending and insurance, the Indonesian company’s Head of International Andrew Lee told the news agency.

“We have more than 20 services, in Indonesia…we will pick and choose the best playbook for Thailand and carefully curate that,” Lee said.

Go-Jek was officially launched in Thailand in February under the brand ‘Get’. On Thursday, the startup announced that it received an investment from SCB as part of its ongoing Series F round. The partnership enables ‘Get’ drivers to open an SCB bank account at the Get Driver Training Center as well as provide them with access to essential financial services such as loans and insurance.

Also Read: The importance of failure: 7 reasons why it makes us better entrepreneurs

SCB and Get will work together to improve financial literacy among drivers, supporting them with savings plans and knowledge of basic financial products. The partnership will also see the development of solutions for both Get merchants and SCB merchant customers to help them grow their businesses online.

Get users will benefit from the partnership through convenient top ups of their Get Pay credits, the company’s e-wallet service that has been launched in Thailand in beta, via SCB’s digital banking app.

“SCB shares our ethos of using technology to improve the lives of consumers, drivers, and merchants and we are excited to have them on board as an investor,” Lee said in a press statement.

Apiphan Charoenanusorn, President of SCB, said: “Apart from the investment in Go-Jek, SCB is forming a partnership with Get to create a ‘digital lifestyle ecosystem’ in Thailand to benefit Get’s drivers, users and merchants. The partnership will promote financial inclusion for drivers with financial solutions tailored to suit their needs, such as digital lending or personal and individual loans, life- accident-health insurance as well as financial literacy programs. Additionally, SCB will link Get with our customers and alliances such as retailers, businesses and universities to achieve the ‘digital lifestyle’ goal.”

The post Go-Jek to expand financial services, food delivery in Thailand following SCB investment appeared first on e27.

igloohome’s portable locking device Smart Padlock can be used to secure trucks, gates and assets

Singapore-headquartered smart access solutions provider igloohome has announced a new US$15 million fund-raise, co-led by Insignia Ventures Partners, Wavemaker Partners and SEEDS Capital.

New investors such as Kickstart Ventures, TH Capital, Pine Venture Partners, On Asset Management, and InnoVen Capital, in addition to existing backers Singtel Innov8 and Great Noble International, also co-invested.

With this round, igloohome has also announced the official launch of iglooworks, a suite of smart access solutions for enterprise customers, primarily in the real estate and infrastructure sectors. iglooworks’s solutions are managed via a dashboard, designed to manage and monitor large numbers of access points for different levels of users, with features to sort, filter and export data.

The fresh investment will be used for research and development of new products and software for both igloohome and iglooworks, and to support new and existing distribution partners globally, especially in Europe, the US and Asia Pacific.

Also Read: As compared to a few years ago, we don’t have to answer ‘why SEA?’ as much: Wavemaker’s Paul Santos

The company has also inducted PropertyGuru’s Co-founder and former CEO Steve Melhuish to its Board.

igloohome creates smart access solutions that help users manage their properties and assets. With igloohome’s smart locks, users can grant access to their property remotely via a mobile app. Its products work offline, with no internet connection required. igloohome is a partner of Airbnb, HomeAway and Booking.com.

As part of the iglooworks suite, it offers Smart Padlock, a portable locking device that can be used to secure trucks, gates, and assets. iglooworks can be used across a myriad of industries across logistics, facilities management and asset tracking. With igloohome’s AlgoPIN technology, one-time or duration PIN codes can be sent to contractors, truckers, or operators, and access logs tracked by the padlock provides visibility of access.

iglooworks incorporates new communication protocols such as NB-IoT, Cat-M, LTE, and Z-wave. These protocols allow for added online features of access solutions, including multi-factor authentication and real-time access information, while ensuring that battery consumption of the devices remain low.

The startup claims it currently has over 100 distribution partners, more than 100 integration partners and is working with leading property developers such as Sansiri (Thailand), Mitsubishi (Japan) and Capitaland (Vietnam).

Anthony Chow, CEO of igloohome, said: “In the past three years, we have developed a range of smart locks that are creating great value for vacation rental hosts and home owners around the world. With iglooworks, we have developed a solution that not only can save businesses and governments up to millions of dollars per year, but also improve security and surveillance. Our vision is to create smart access ecosystems for smart cities, increasing efficiency and reducing costs.”

In April 2018, igloohome raised a US$4 million Series A funding round led by Insignia Ventures Partners.

The post igloohome raises US$15M afresh to expand its smart access solutions to real estate appeared first on e27.

Eliminating risk is impossible, risk must be managed

Risk management begins with understanding your assets—where and how valuable they are. A vulnerability in an access database used by 20 employees is not as important as a vulnerability found in your publicly exposed API.

Any risk found goes through a cost/benefit analysis. The possible exposure is compared to the cost to mitigate the risk. If a realised risk will cost you $10,000 but it’ll cost $50,000 to fix, then it is a low priority. It simply doesn’t make sense to fix it right away.

Risk ratings are a necessary part of any risk management strategy.

Simple rating systems help the relationship between security and development teams. Developers need to understand what needs to be fixed, and what doesn’t. Introducing intermediary levels, such as Medium or scales from one to ten can make it harder for developers to plan upcoming work. Medium risks are the ones most likely to sit in limbo because no one knows how important they are.

Be clear on your priorities to avoid confusion. Any risks rated highly should undergo root cause analysis. Find out what led to such a critical risk and how to prevent the same thing from happening again. Over time, the emergency, “hair on fire” vulnerabilities should begin to disappear.

Patch management

Dependencies are inevitable when building complex software systems. Your business operations likely depend on a mixture of in-house applications, open source components, and third-party vendor applications. All require good patch management to stay secure.

The code you write depends on open source libraries and frameworks. When vulnerabilities are found within these frameworks, all applications that use them are also vulnerable. It’s essential to update libraries and frameworks quickly so your applications aren’t getting exploited. The code you write might be bug-free, but what about the code your code depends on?

Third-party vendor products undergo the same testing as yours. This testing could find vulnerabilities that put your users at risk. Patch management processes ensure that patches released by third-party vendors don’t sit for months before being applied to your environment.

Once a vulnerability is announced to the public, attackers will try to exploit it. The longer you wait to patch your systems, the longer attackers have to find your application and take advantage of your sloth.

Patch management processes can be difficult to create, but they don’t have to be complicated. Whenever possible, work within the confines of your developers’ daily workflow.

For example, if an open source library needs to be patched, create a pull request within the repo of the application so all developers will see it. Explain in the pull request what you’re updating and that all they have to do is merge and their job is done. You’ll not only help your application stay secure, but you’ll also generate plenty of goodwill with development teams.

Security assessments 

Security assessments are a necessary part of every security leader’s job.  However, it is important to understand which assessment to use when.

1. Black-box and White-box 

Security assessments can either be white-box or black-box assessments.

White-box testing refers to allowing the tester to see into the inner workings of an application. The tester can see code or system diagrams, allowing them to find problems in the implementation of an application.

Also Read: Despite security risks, IoT offers practical benefits for the business and at home

Black-box testing refers to testing an application with no knowledge of how it works. These tests simulate the vantage point of an attacker who has to learn by exercising the system. This type of testing better illustrates what an attacker would have to accomplish to successfully attack a system.

2. Vulnerability assessments 

Vulnerability assessments are white-box tests designed to reveal as many vulnerabilities as possible within an environment, along with guidance on remediation and priority.

Vulnerability assessments are not the same as penetration tests. They are a comprehensive look at all of your systems with access to the inner workings via code or diagrams.

Vulnerability assessments are the best choice if your organization has a low to medium security maturity. The goal is to find as many vulnerabilities within your environment as possible so you can secure the most critical pieces quickly. Once your environment has been hardened by several of these assessments, you can better take advantage of other assessment types.

3. Penetration tests 

Penetrations tests and vulnerability assessments are sometimes confused, but they are not the same. Vulnerability assessments are white-box examinations of all vulnerabilities within a system. The point is to fix as many problems as possible within a short period of time.

Penetration tests are tightly focused, black-box tests aimed at specific functionality within a system. Penetration tests should be done after you’ve cleaned up the vulnerabilities found and have a reasonable level of confidence in your application. Penetration tests have a specific goal in mind, such as exfiltrating data or gaining admin rights to a server.

For instance, you may perform a vulnerability assessment (or multiple assessments) against your shopping cart functionality to find common configuration and coding errors. Once all of the findings from that first assessment are fixed, you run a penetration test against the shopping cart system to make sure it’s been sufficiently protected. This order of testing ensures that penetration tests are used effectively—finding difficult to detect errors that code scanners won’t find.

4. Red team services 

A red team is a permanent team used to improve the information security posture of a company.
Red teams are not a one-time assessment but are continually testing applications to find vulnerabilities.

Red teams focus on using real-world tactics to attack an organization’s assets. They are made up of highly trained and experienced professionals who think like attackers.

5. Audit 

An audit is not a true security assessment. It measures how well your systems match up to a chosen standard. Even if some vulnerabilities are found during an audit, that isn’t the main purpose.

You can be compliant with a standard and be insecure at the same time. Audits don’t verify security but verify conformance with an interpretation of what security should be. This is an important distinction.

Also Read: The concerns, risks and success factors of any startup

Organisations with good security practices are very likely to be compliant. But compliance, while necessary, should never be confused with security. Juggling various security assessments and audits is no easy feat—you can do it when you understand the purpose behind each assessment and when to use it.

Securing the shifting sands 

The ever-changing risk landscape exposes your company to new and dangerous risks every day. Here are some general principles that’ll help you keep ahead of these risks.

Third parties and vendors 

Third parties have practically become a requirement in today’s connected world. Using third parties, however, brings risks to your business. There are three ways risk increases when using third parties:

• The risk of data being misused by a third party
• The risk of poor security practices leaking your data without your knowledge
• The increased attack surface if the third party application contains vulnerabilities
  

In today’s environment, you’re only as secure as your weakest vendor. Vet your vendors carefully and make sure you’re comfortable with their security policies before signing a contract with them. Once you hand over your data, it’s too late to worry about security.

Your Attack Surface Changes 

Companies are adopting DevOps practices more as time moves on. These practices encourage dev teams to put code out and get fast feedback wherever possible.

Don’t sacrifice security in exchange for “better, faster, cheaper.” Fast-moving development environments increase the risk of services and applications being deployed without the security team’s knowledge. This is especially true of cloud environments, where developers could create virtual machines and deploy code to them at any time.

Strong policies are needed so admins know what they are allowed to do. Policies preventing the abuse of cloud resources are a good idea, but you have to enforce them. AWS, Azure, and Google Cloud aren’t going to police your admins and developers for you.

Automation can be used to help enforce policies. For example, AWS Lambda can be used to scan file uploads to S3 buckets in AWS. Policies can prevent developers from creating new virtual machines using their accounts. A good rule of thumb is to use a build pipeline to build any infrastructure your applications need, preventing humans from deciding how to build VMs and deploy them.

Also Read: How to bulletproof your business against lawsuits

The security team should be made aware of any new assets and what their purpose is. This can be daunting in a micro-service environment but is absolutely necessary. Know when new services are created and released. Understand what cloud service accounts exist and have a clear process on how to create new ones so they can be monitored. You must proactively look at what is currently running in your environment and respond to anything weird.

The key to keeping up with the security of your systems is to reduce the element of surprise. Build processes that enable security teams to stay up-to-date with new assets. These assets must be tested and deployed according to well-enforced policies. Hold your vendors to the same standards you’d hold yourself. Don’t trust your data with just anyone.

—

By Miju Han, Director of Product Management at HackerOne

Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.

Join our e27 Telegram group here, or our e27 contributor Facebook page here.

Image Credit : everythingpossible

The post Don’t eliminate risk, manage it appeared first on e27.

Cashaa also facilitates micro-lending services on its platform, wherein a user will be able to provide/receive loans to/from other users on the platform

(Editor’s note: Here is an article from our archives which we think are still relevant)

The entrepreneurship bug bit Kumar Gaurav while working as an Engineer for luxury car brand Ferrari in Italy. Having sensed an opportunity in the insurance industry in the country, he started DarWinsurance, Italy’s first P2P insurance platform, which was funded by AIG and ERV, and later acquired by Esedra.

While in Italy, Gaurav faced a lot of problems when dealing with banks; his bank would charge him exorbitant fees for remittance service, and at times, it would harass him just for using his own money.

“It was unacceptable for me and I wanted to do something about it. This was when blockchain was taking shape globally. I wanted to leverage this technology to help reduce people’s heavy dependency on banks for their various day-t0-day services,” Gaurav narrates his story to e27.

Upon doing some research in blockchain, he in 2014 launched a startup, now known as Auxesis Group, which provides private blockchain solutions such as cryptocurrency exchanges and wallet, in addition to blockchain infrastructure services to enterprises.

As blockchain grew further and gained currency, he decided to leverage it for the benefits of the unbanked and underbanked population around the world — by providing micro-loans and making international money transfer easy.

Thus, Cashaa was born in 2016.

Also Read: Blockchain investment 2018: A who’s who of blockchain investors and startups in China

“Cashaa is a forex platform that offers innovative exchange and transfer services between fiat currencies and cryptocurrencies. Cashaa has an in-built money exchange, where traders can trade cryptocurrencies across the globe without going through the hassles of traditional money transfer processes, for a nominal fee,” says Gaurav. “We have already beta-tested this exchange and had traders from 141 countries in 97 different currencies registered.”

Traditionally, international money transfer services are a complicated process; they are cumbersome and costly. Intermediaries charge higher exchange rates and there is weak counter-party risk checking. To top it all, they are highly regulated and require extensive paperwork.

“Imagine you want to transfer US$2,000 from Singapore to someone in Delhi. You need to pay up to 20 per cent in commission to the service provider to send your money. Casha seeks to make it easy for the people to transfer money internationally and in real time. On Cashaa, the sender and the receiver can complete transactions in the local currency, with minimal awareness of cryptocurrencies or blockchain. The trader receives local fiat currency in exchange for selling and buying cryptocurrency,” he explains.

In addition to the forex services, Cashaa also facilitate micro-lending services on its platform. A P2P service, a user will be able to provide/receive loans to/from other users on Cashaa. “Nearly 3.5 billion people are unbanked or underbanked with limited or no opportunities to participate in the global economy, while the other half has its problems with existing financial services. We are here to change this,” he adds.

The firm is currently woking on Cashaa Card, using which individuals will be able to pay at shopping malls and purchase things online.

Cashaa, which is registered in Estonia with offices in London and Mumbai, also offers CAS tokens, which enables users to access premium services like higher forex transfer limits, ATM withdrawals, unlimited money transfer and exchange. It can also be used as an alternative credit score for individuals and small businesses, who are unable to obtain a credit score in the traditional way.

“Micro-financing and credit scores will be based on our CAS token. Token holders will be able to access instant loans at low-interest rates compared to non-token holders, and will also be able to give loans. Through earning or buying CAS tokens, users improve their creditworthiness. They can also sell or donate their CAS tokens to other users directly, thereby improving the receiver’s credit score and losing their own. The more CAS the borrower owns, the better the loan conditions,” he shares.

Besides blockchain, Cashaa also leverages Artificial Intelligence to make its services more efficient. It has partnered with Agrello Foundation, which will enable Cashaa to include legally-binding self-aware contracts based on blockchain. Together with Agrello’s identity and digital signature, Cashaa enables fast and secure contract conclusion. This will lead to efficiency gains in decentralised trading and micro-financing, where the cost of engaging in a business relationship and writing agreements is high compared to the transaction value.

“Our vision is to develop the payments and banking infrastructure for the future on a robust AI-driven blockchain infrastructure, which can make the legacy system obsolete, thus creating value for the world,” he says.

Also Read: 3 startups are using blockchain tech to improve the lives of millions

The blockchain startup, with an employee strength of 32 people, is working on a commercial launch of its services in the UK, India, Nigeria, and Indonesia after the success of its beta test. The multi-currency crypto exchange will be launched in India in this quarter, and the Cashaa Cards will be rolled out in the third quarter. The firm will also establish local payout points in India, the Philippines, Indonesia, South Africa and Nigeria to serve cash-based societies and reach secluded areas.

Last year, Cashaa raised US$33 million via token sale. However, it rejected nearly US$14 million of this money due to its strict internal anti-money laundering and know-your-customer policies. Gaurav says that the amount it has accepted will be enough to launch its next generation banking wallet and card and expand it worldwide.

For Gaurav, blockchain is just a tool and he believes people should not get excited about the technology. “What matters instead is the fact that it is solving real problems. People should, therefore, focus on the problems they want to solve, whether it needs a blockchain or not, instead of thinking the other way round and trying to find something where they can use a blockchain,” he concludes.

The post Blockchain startup Cashaa enables instant P2P international transfer between fiat and cryptocurrency appeared first on e27.

In case you missed it, here are some lessons shared and learnt at e27 Academy

Earlier this week, I gave a talk at e27 Academy in Batam, Indonesia, about how we can unlock the visionary within and consistently build world changing products. Radical Product Thinking means devising improvable systems (“products”) to achieve your desired impact on the world.

The change you are working to bring to the world isn’t necessarily through a high tech product. It could be through the work of your non-profit, the research you’re conducting, through freelance services you’re offering, or even by remodelling the kitchen for your family.

Anything could be your product if it’s your mechanism to bring change.

Consequently, you can apply product tools (Vision, Strategy, Roadmap, Execution and Measurement) to any product you’re building, to create change more effectively.
e27 Academy brought together a diverse group of over 150 entrepreneurs and innovators representing more than 16 countries, and a range of verticals, from social enterprise to tax software, from modular furniture to supply chain logistics. This diverse group of people had one thing in common: They are all working to bring a change to the world by solving a problem that inspires them.

Here are some of the questions that came up at e27 Academy that have also been asked on other occasions by entrepreneurs I’ve met around the world:

1. We’re fundraising — how do we demonstrate traction for our product?

The startup world teaches us that “traction” means showing growth in popular metrics such as registered users, ARR (Annual Recurring Revenue) and LTV (Lifetime Value) of a customer. Pirate metrics might be exactly the right kind of metrics for you to track, but they come packaged with certain assumptions about your business which may or may not be accurate.

The activity of “growth hacking”, a term coined in 2010, means making growth your “true north” and scrutinizing everything “by its potential impact on scalable growth”. But growth alone is not the right metric for success. Your product should be measured by whether it’s helping you create the change you desire in this world.

Trying to simply improve on metrics, whether or not they align with your vision and strategy, leads to a product disease we call “hypermetricemia”. The biggest symptom? Making many small changes to the product and iterating to optimize metrics, but not necessarily getting any closer to your vision. A data-driven approach to building your product is great — but only if you’re measuring the right things. “Data-driven” is often taken to mean that the business and product are driven by the metrics.

Instead, derive the right metrics to measure traction for your business by starting with a clear Vision, building a Strategy based on that vision, a Roadmap based on the Strategy and then a hypothesis-driven Execution and Measurement plan. Here’s a link that explains how you can arrive at the right metrics for your business.

Educate your team and investors. Don’t fall prey to setting your measurement strategy based on how investors or popular metrics might define “traction”.

Think of measurement as burning down each of the risks in your business so you can prove to yourself that there is a market and that your approach at addressing this market is working. Educate your team and investors on why the metrics you selected are the best indicators of traction for your company.

Also read: We need to tap more into culture in determining our product strategy

2. Working on my new product will help me reach my end goal. But what if I have a cash-cow today that I need to maintain and support if I want to survive? What do I prioritize?

As a startup, your resources are limited and you have to make decisions on how to spend these resources in reaching your vision while balancing day-to-day needs. It helps to visualize your prioritization. This approach for prioritization requires defining two concepts for your team:

1. Vision: What’s the end-goal for the team? You can define the “source-code” for your vision using this approach that will then be “compiled” into a more polished form for specific media and audiences.
2. Sustainability. What’s the biggest existential threat to your product? Typically, for startups, running out of money is the biggest threat, but this may not be the biggest threat for your startup — use this approach to evaluate yours.

With those defined, you can use the following rubric to evaluate opportunities and features on how they contribute towards achieving the vision vs. helping the product survive. Here is an example on how an organization, The Avenue Concept, used this approach for prioritization.

To summarize the quadrants in the rubric:

• Ideal: Opportunities in the top right quadrant are those that most closely match your vision and reduce existential risk — if there are features that are genuinely needed on the cash-cow and your new product, they fall in this quadrant.
• Vision Investment: Items in the top left corner are a good vision fit, but might raise your risk exposure in the near term. These can be worthwhile to pursue, but not if you’re already in a precarious situation. Take on as many of these as your situation allows.
• Vision Debt: Items in the bottom right corner are ones that reduce your risk exposure, but are a poor fit for your vision; pursuing them results in “vision debt”. Incurring vision debt can help keep you alive during tough times, but ultimately will derail your efforts if too much is allowed to accumulate. Use vision debt wisely to fund investing in the vision.
• Avoid it: Items in the bottom left are both a poor vision fit and expose you to additional risk.

The approach is simple but powerful and has proven immensely useful to companies when I’ve introduced this in workshops — these companies use it at all levels, from product teams to boardrooms. You’ll find that this approach helps you get more buy-in from your team because it communicates not just the priorities but also the rationale for priorities. Further, it gives your team the tools to evaluate opportunities so that they can make decisions aligned with your collective goals, even when you’re not present.

Also read: Craft your mission-vision not just for yourself, but also your detractors and competitors

3.1 My product addresses the needs of 2 different customer segments. Am I Strategically Swelling (or bloating) my product if it serves more than 1 customer segment?

When you are addressing 2 different customer segments, you are most likely creating two different products (or bloating one). It may look like they have the same needs, but as you start building your product, the differences start to emerge. For example, if you’re building robotics for the beverage industry and for general merchandise, at a high level the problem might sound the same. These robots have to pack cases on top of each other. But as you delve into testing your product you discover that the weight of these products has implications — in the beverage industry you can stack cases of Pepsi on top of one another, but in general merchandise the robots would destroy stock if they were to stack heavy goods like canned beans on top of aluminium foil.

This is also true for B2C. When I founded my startup, Likelii, to build Netflix for wine, we could have targeted amateur wine drinkers or the experts — after all, both customer segments were looking for wine recommendations. But the needs of the two groups are very different: Wine is subjective, and the wine expert would always have a strong opinion on the accuracy of a recommendation. But an amateur wine drinker finds wine intimidating and is open to suggestions rather than scrutinizing them. So our focus was on the amateur wine drinker.

As a startup it’s very difficult to target 2 customer segments and to sustain parallel development efforts. This is why the Vision worksheet only gives you one slot for identifying your target customer segment. Choosing the right customer segment for your business is a hard but rewarding endeavour. Here’s a post about how you can start to identify Real Pain Points for your customers. By having only one product vision for your product and thinking strategically about your target segment, you can avoid Strategic Swelling.

3.2 My product is a marketplace — I have 2 customer segments, buyers and sellers. Shouldn’t I have 2 visions for my product?

Even if you have this marketplace problem, your product vision must be to serve a specific customer segment. But to serve that customer segment, you may need to also make other groups happy. For example, let’s say that buyers are your chosen customer segment. In a marketplace buyers won’t be happy if there are no merchants selling on that platform. So you’ll need to also do enough to encourage merchants to be there. By keeping your primary focus on one, you can establish trust with that group. Amazon has buyers and sellers on its site, but it’s very clear that their vision focuses on the consumer.

You may occasionally need to trade-off which of the two sides of the marketplace you need to please — use the Vision vs. Sustainability approach to make these trade-offs when needed.

In the interest of keeping this post short (relatively), in our next post we’ll cover more questions we hear from entrepreneurs globally. In the meanwhile, share your questions and feedback below!

—-

A shoutout to the e27 team for putting together an impeccable event at e27 Academy and bringing these inspiring founders and innovators together: special thanks to Mohan Belani, Jiaway Koh, Shernice Lum, Jared Meng and Ash Philomin.

Product is a way of thinking. Radical Product is a movement that’s applying the best insights and techniques of product thinking throughout life and work. You can use the free and open source Radical Product Toolkit if you’d like a step-by-step guide to help you start applying Radical Product thinking today.

—-

This article originally appeared on Medium and was first republished on e27 on December 6, 2018

Editor’s note: e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.

Join our e27 Telegram group here, or our e27 contributor Facebook page here.

The post Top questions asked by entrepreneurs around the world, part 1 appeared first on e27.