The power of collective intelligence is that you get to these optimal solutions fast. When we first started holding these two-day sessions, the most common comment on the evaluations was, 'I cannot believe how much work we did in so short a period of time.' That's the function of having the network in the room. Nothing is as powerful as getting the whole system in the room because, as issues come up, you can say, how will this affect you? Even if the representatives are not the leaders of the group, it doesn't matter. As long as the voice is there, it seemed to work. By having them there, we could say, 'We can't stop until these four people are all comfortable with what we're going to do because all four people are impacted.' In hierarchies, you don't realize who is impacted until sometimes you're halfway through the project.
One reason that companies are unable to benefit fully from their investments in big data is that “management practices haven’t caught up with their technology platforms,” according to Ross and Quaadgras. For example, companies that have installed digital platforms, such as enterprise resource planning (ERP) systems and customer relationship management (CRM) systems over the past 10 to 15 years, haven’t yet taken full advantage of the information they make available. A cultural change is needed within companies so that “all decision makers have performance data at their fingertips every day,” Ross and Quaadgras write.
One key aspect of creating a conducive culture within an organisation is to be overseen by a board of directors that come from a diverse background. By introducing multiple perspectives in the mix dangers like ‘group think’, where one kinds of personality or way of looking at the world comes to rule the corporate culture, can be avoided. As a result, bringing in diversity, for instance wider female participation (with two thirds of companies actively seeking to introduce more women to the board), cultural diversity and other forms of diversity like social background, are growing in importance in boardrooms. In terms of female diversity, Eastern Europe comes out on top with nearly a quarter of executives being women, followed by Latin America.
Understanding context is key to applying these ideas but such situational awareness is a rarity in corporates. The lack of this causes visible symptoms such as poor communication, misapplication of doctrine (e.g. agile everywhere or six sigma everywhere), massive cost overruns in contracts, silos, duplication, constant reinventing of the wheel and a long list of other undesirable effects. I did want to write a post on the 61 different forms of strategic play and how to manipulate an economic environment but given the responses I've received from the Wardley mapping post, it seems something more basic is required.
One action that I advocate for IT leaders is to create the technology maps that their enterprises will need to negotiate today’s marketplace. Modern executives should never be surprised by technology. They might be disappointed by technology. Frequently they should be ashamed at their ham-handed, small-minded attitudes toward the adoption and deployment of technology. Some should be flogged publicly for their bordering-on-malfeasance inability to make money with the technology cornucopia that defines modern existence. But they should never be surprised by technology. Technology futures are knowable. Technology futures and possible technology opportunities need to be mapped.
Could this be true? What about the other 19%? Feeling a bit skeptical about what I was reading, I checked the research methodology, in particular, the demographics of the respondents: 814 IT security decision makers and practitioners, all from organizations with more than 500 employees. The respondents represented seven countries in North America and Europe and 19 industries. Seems pretty comprehensive. Another study performed earlier this year by Accenture titled Business Resilience in the Face of Cyber Risk, reported that: 66% of executives experience significant attacks on their IT systems on a daily or weekly basis; yet only 9% of executives run ongoing security penetration or continuity of business/disaster recovery tests on their systems.
Andresen’s gloomy prediction stems from the fact that Bitcoin can’t process more than seven transactions a second. That’s a tiny volume compared to the tens of thousands per second that payment systems like Visa can handle—and a limit he expects to start crippling Bitcoin early in 2016. It stems from the maximum size of the “blocks” that are added to the digital ledger of Bitcoin transactions, the blockchain, by people dubbed miners who run software that confirms Bitcoin transactions and creates new Bitcoin. Andresen’s proposed solution triggered an uproar among people who use or work with Bitcoin when he introduced it two weeks ago. Rather than continuing to work with the developers who maintain Bitcoin’s code,
What happens if an AI machine commits a crime? Who is responsible for the actions taken? This may sound like science fiction, but it has already happened. A Swiss art group created an automated shopping robot with the purpose of committing random Darknet purchases. The robot managed to purchase several items, including a Hungarian passport and some Ecstasy pills, before it was “arrested” by Swiss police. The aftermath resulted in no charges against the robot nor the artists behind the robot. How should an AI machine be regulated when it is acting on its own, outside the control of humans? There have already been several regulatory problems identified for controlling and regulating artificial intelligence.
Today, cybercrime costs companies more than $300 billion worldwide, and nearly all of it’s due to someone trying to steal credit cards, identity information, trade secrets, etc. Today’s hackers are all grown up and take the form of transnational organized crime rings, terrorist cells, hacking co-ops and groups and even nation-states and foreign intelligence services. According to Marc Goodman in Future Crimes, “The defender must build a perfect wall to keep out all intruders, while the offense need find only one chink in the armor through which to attack.” Make no mistake, these people are serious, they’re in it for the money, they’re organized and well-funded, they’re highly skilled, and they will find you.
The socialization of cyber threats among all levels of a company’s workforce reinforces the concept that cyber security is a shared endeavor. For example, social engineering and spearphishing e-mails that target one class of worker may not target another; yet it is imperative that everyone be cognizant of what they entail, how suspicious e-mails can be checked, and what should be done if they are received. This instills the knowledge that each employee has a vested interest in safeguarding the organization by ensuring its sensitive information and accesses are preserved and maintained. It’s imperative that accountability and responsibility must not be viewed projected as burdens that punish employees or risk the impeding business operations for the sake of compliance.
Quote for the day: “Ultimately, the only thing that matters is what we do for other people.” -- Daniel Vasella
ISOs provide a simple and elegant solution: a single point of contact for all of a 21st century company’s IT infrastructure requirements. These organizations operate globally, which means that companies that partner with ISOs will experience a consistent quality of service no matter where they are operating, or what kind of technology they are employing. In fact, by consolidating service contracts and streamlining IT maintenance processes, ISOs not only provide companies with reliable IT infrastructure sustainment, but also help their partners to enhance their own efficiency. Any global organization that requires hardware maintenance across a broad range of equipment makes and models will benefit from working with an ISO.
The IoT automotive industry is moving rapidly with many exciting growth opportunities available. We’ve written about some of the risks and benefits as well as some of the players involved. One thing for certain as that the auto industry is starting to take notice and we can expect the implementation of a number of new IoT technologies over the next several years. One of the largest and most critical investment strategies will be in IoT security ... For anyone looking for more information on the innovative uses on how the Cloud, Big data, IoT can scale and connect can get a better idea of the potential below. IBM has produced an excellent infographic centered around the opportunities.
Understanding the potential value of data consumes a lot of analysts’ time. For instance, an analyst for an auto manufacturer seeking to streamline its manufacturing processes would likely endure many false starts when exploring the mass of information related to the engine building process, from poorly scheduled lunch breaks to disconnect between suppliers. Utilizing big data discovery solutions can sort information potential, with the most interesting attributes appearing first. In addition, analysts can easily experiment with different combinations of data to understand correlations, so they can rapidly determine whether the data set is worthy of more attention.
A big part of a hybrid cloud is the ability to replicate and distribute data. First of all, it’s important to understand what you’re replicating and to where. Many organizations deploy hybrid cloud platforms to help get applications and data closer to their user. Others use a hybrid cloud to control bursts and branch locations. Regardless, it’s important to know how data is being moved, backed up, and how it’s being optimized. Data replication can be a tedious process if not done properly. That said, it’s important to take security into consideration as well. Your data is a critical asset and it must be secured at the source, through the route, and at the destination. Fortunately, virtual security appliances and services can help make this process a bit easier.
"If you want to create a workforce ... you want to create a talent pipeline, you cannot simply ignore half the population," said Memon. Beyond the U.S., other countries are leaving fewer women behind when it comes to computer science and engineering. In both Malaysia and Indonesia, women earn roughly half of the computer science and engineering degrees, while only one-fifth of those same degrees are earned by women in the U.S. Not only can women fill the estimated nearly 210,000 vacant cybersecurity positions in the United States, they can also bring new perspectives. "When you have a balanced team of both men and women, the teams are able to look at things a little bit differently and make sure that you're really looking at all causes, all effects and really get to the heart of the problem," said IBM Security's Westman.
If you're anything like me, you have mixed feelings whenever interns enter the equation. Who couldn't use more people to get things done, right? That said, how much disruption comes along with this brilliant idea? Well, that depends, but it's definitely not zero. Up until recently, data science teams have been reserved for the veterans — the brave, seasoned programmer/mathematicians who valiantly volunteered for the perilous role. However, the universities have quickly caught on, and they're rapidly minting fresh new data scientists who are eager to explore their new profession. That's where you come in to show them the ropes. Your boss thinks it's a good idea, and she's the only one that matters. It's up to you to make the most of the experience. Here are four key strategies for getting the most from your data science interns.
This idea of security through obscurity is worse in the hardware world and we’ve seen this with the Xbox for instance. So, the Xbox got hacked, the security keys on it got hacked and then everybody had open access to the Xbox. So I don’t believe that a security by obscurity will work in this case, but at the same time I am not yet convinced that the community is mature enough to act as a community. So in the software world we’ve had open source for 15 years, we have a lot of people who contribute best practice to open source. In hardware opens source is a pretty new concept and I think a lot of the people who are manufacturing devices and building IoT systems are not there yet in terms of sharing their best practice and working as a community in the same way the software world is.
The first technology that will be transfered by EY is called PathScan, which detects abnormal activity on networks that indicates the presence of hackers. Uncovering hackers on networks has been a struggle for many companies. On average, attackers operate inside a victim’s network for more than 200 days before being detected, according to FireEye Inc., a network security company. PathScan is being tested at five companies and already proving valuable, according to EY. The firm believes the relationship with the lab will be successful because technology being transferred has market value and will be combined with its other services and expertise, MacDermott said.
Most systems administrators tell Donnie Berkholz, a development, DevOps and IT operations analyst at 451 Research, that there is no such thing as a single pane of glass that works for everyone. "The idea should be to provide a single pane for a specific [person] in a specific situation," he said. For example, there is one view that IT pros may want during normal operations versus a project to troubleshoot and look for a root cause. "There is absolutely a desire to have a unified view integrating multiple data sources, given those constraints," he said. It's a different view of the single pane of glass that takes the uses into account.
With the release of Android 5.0, also known as Lollipop, Google introduced its new material design style. Material Design is a huge step forward for Android apps, bringing with it a total overhaul of theming, as well as a bunch of new UI components you can use in your apps. To make things even better, Google also released the Android Design Support Library, which allows you to take advantage of material design in versions of Android going all the way back to Android 2.1. ... Android has had the DrawerLayout component for some time now, which allows you to easily create "hamburger"-style menus in your apps. Hamburger-style menus have become ubiquitous in both Android and iOS in recent years.
“A lot of effort is put into setting up the initial relationship, but organisations typically select a supplier that is low-risk to begin with and there is no provision for monitoring how or if that changes,” he said. Wilkinson said organisations need to recognise a lot can change after a supplier is first selected, which means low-risk suppliers can become high-risk over time. “This is not a back-office operation that can be set once and work well for the next five years – you have to continually re-evaluate and re-assess as things change,” he said. According to a Booz Allen Hamilton report, the majority of third-party risk incidents at an organisation are likely to occur in an existing relationship.
Quote for the day: "Daring ideas are like chessmen moved forward; they may be beaten, but they may start a winning game." -- Goethe
What sets apart the CIOs who don't fit this pattern? Langer described 23 characteristics in his recent webinar, Strategic IT: The Transition Taking Place in the CIO Role. The material was based on research and interviews that he and his colleague Lyle Yorks conducted for their similarly named book. What the authors discovered is that the most successful CIOs have developedstrategy advocacy, or "a process through which technology leaders in organizations build on functional expertise." In other words, success in the CIO position has less to do with building their technology prowess and more to do with the ability to master other areas of expertise important to running a business.
"... a real-time system is one that behaves deterministically, responding predictably to inputs or changes in the environment. Typically these are cyber-physical systems, used to manage a physical process. "Observers often confuse real-time computing with high-speed computing, such as financial trading or sports betting," adds Barnett. "The difference between high-speed computing and real-time computing is that with high-speed computing you are talking about averages -- you can say on average an operation takes a millisecond. But one time in a thousand it takes much longer. With real-time computing you are confident the operation took place within the deadline, or you know it didn't happen."
Most of us have heard about Conway’s law. It claims relatedness of organizational structure (with its related processes) and produced system architecture - they go hand in hand. And that’s of course not a surprise. Consider a company with highly strict functional departments and lack of interdepartmental collaboration. Which kind of system would it produce? It would likely end up designing a set of isolated components, each exposing a unique and complicated interface. That’s an example of a causal connection between organizational structure and system architecture. What is actually interesting here is that this connection can be reversed! Meaning: you can influence changes in the organizational structures by reshaping your system architecture.
There has also been an evolution of the CISO, cyber gurus, and security management teams who feel they only need to understand the basic-fundamentals of what cybersecurity is, leaving the day-to-day interpretation for operational security to those lesser mortals who at times do their level best in the absence of any training, or real time investment. In fact, don’t take my word for it; look at some of those respectable organizations who have hit the press post some very successful compromises. Moreover, there are those who have suffered unauthorized incursions with the devil’s-luck of not being discovered, or suffering name and shame. On that subject, I have been unfortunate enough to follow some renowned CISOs in the industry into their departed organizations, only to find to my surprise fragile fabric of a security structure
The sensitivity analysis is an important step to evaluate the stability and hence the quality of our optimal solution. It also provides guidance on which area we need to invest effort to make the estimation more accurate. Mathematical Programming allows you to specify your optimization problem in a very declarative manner and also output an optimal solution if it exist. It should be the first-to-go solution. The downside of Mathematical programming is that it requires linear constraints and linear (or quadratic) objectives. And it also has limits in terms of number of decision variables and constraints that it can store (and this limitation varies among different implementations). Although there are non-linear solvers, the number of variables it can take is even smaller.
“There’s potential but the practical applications are still a little immature,” says Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “You can tune something to look for an attack that you know about, but what’s hard is to tune it to something you don’t know about. I can look at access patterns on repositories and how much people download and whether they save documents locally. But there’s always creative ways to work around that. A really dedicated, sophisticated adversary will quickly decipher where you’re not looking – and that’s the problem.” Or they will carry out a “low-and-slow” theft by regularly moving data to a repository over time, he adds.
"When you put applications in more than one place, you have to synchronize data," said Phil Shelley, president of Newton Park Partners, a Chicago-area consulting firm. Getting that synchronization right isn't easy, he said. And the closer it gets to happening in real time, the more complex the challenge can become. The challenges of a hybrid environment arise around several key areas: data, timing and networking needs, as well as resource provisioning -- that is, getting the time, money and personnel needed to do the integration work. ... "It is a more complicated world when you start moving components of your IT stack outside. There are obviously benefits to that, but it is a more complicated world. It gets harder when one side isn't in your company," Doug Shoupp said. Sometimes, an API may be all that's needed, Shoupp said, but that is rare.
Lack of trust destroys your team. That we all know, but Wayde shares how that phenomenon affected one team he worked with, and some antidotes to that process. In this episode we also mention a book dedicated to highly functioning teams: Patrick Lencioni’s The Advantage, and share 2 games you can play with your team to grow trust. Wayde is an Agile coach with TeamFirstDevelopment.com. He is interested in helping teams improve using the same techniques that Improv theater teams use to develop Great Team Players.
Clearly, businesses need to step up their assessments of third parties and supply chain partners. It is also essential that they stipulate the right to assess a supply chain partner’s security capabilities in contracts. Experience shows that organizations that do not legally plan for due diligence when executing contracts may not be allowed to perform adequate assessments when necessary. Also consider that as much as 20 percent of security spending is estimated to occur outside of the information technology (IT) function on services like cloud computing. Contracts executed outside of IT may not allow for due diligence and, in fact, they may require important information security and privacy safeguards.
It also means cyber professionals are hopping from one job to another, leaving gaps in how their systems are protected, also increasing the likelihood of attacks. Finally, businesses are forced to train or hire unqualified employees to fulfill their cybersecurity needs. It’s no wonder 86 percent of organizations believe there’s a shortage of skilled cybersecurity professionals and just 38 percent believe their organization is prepared for a cyberattack, according to a January survey from ISACA, an international professional association focused on IT governance. The fear crosses over to government agencies as well, as we’ve seen with several high-level cyberattacks. For this reason, President Obama has been quietly recruiting top tech talent from companies such as Google and Facebook to increase the number of qualified cyber talent in Washington.
Quote for the day: “Never follow anybody who hasn't asked "why" -- Aniekee Tochukwu