September 28, 2016

Data Governance: From Insight Comes Action

On average, a knowledge worker spends 36 percent of their time looking for information. If content creators can’t keep up with the amount of data across apps, how could we expect IT to protect it? This is the paradox of shadow IT: corporate intellectual property stored in many repositories must be secured and protected by IT professionals not consulted by users as they select the apps to work and collaborate on this content. The conversation needs to shift from blocking unsanctioned productivity apps manipulating this content, to intelligently protecting the content at the source (i.e. repository) itself so users who should be able to leverage their favorite apps – even when not approved by IT - but only for the content they are allowed to access to. Information governance is the industry term for having clear processes for users and IT on the secure handling of content.

The Role of Data in Digital Transformation

Disparate data sources are often a barrier to organizations looking to make use of their digital content to gain greater business insights. Only a third of those surveyed see themselves as extremely effective in managing and utilizing digital content and channels, and less than a third reported being “extremely confident” in their ability to integrate all data sources and applications. Many organizations have taken to storing data in data lakes, which, put simply, are archives that store a tremendous amount of raw data in its native format (whether structured, unstructured, or semi-structured) for as long as it needs to be held for analysis purposes. However, as the business ingests new types of poly-structured data, it can become increasingly difficult to make sense of it without accessing all of the data stored in the various sources.

73% of companies using vulnerable end-of-life networking devices

Old equipment that is no longer supported by the vendors who made it are vulnerable because newly-discovered vulnerabilities and other problems are not being patched. That puts those companies at higher risk of security breaches, network outages and higher future replacement costs. "If its an older device, there are vulnerabilities against it," he said. But companies often keep the older equipment around because it still works. "If something isn't having an issue, we tend to forget about it," Vigna said. "If there isn't pain, there isn't a reason to change a lot at companies." In addition, the companies might not even be aware that some of their equipment is past its due date.

In The “Second Wave” Of Cloud Computing, Hybrid Cloud Is The Innovator’s Choice

Hybrid is the palette they’re painting with, best expressed by the analysts at Frost and Sullivan. “At their core, successful hybrid cloud strategies support the delivery of high-value applications and services to the business, while at the same time driving cost and inefficiency out of the IT infrastructure,” the study said. Fine, but how does adopting a hybrid cloud strategy support business success, particularly as we enter the era of cognitive computing? Successful organizations provide the answer. They aren’t adopting cloud technology for its own sake. Instead, they’re pursuing a business strategy that’s equally about transformation and industry disruption.

Improve application rollout planning with advanced options

One drawback of canary deployment to consider during application rollout planning is the time it takes to complete an update, as the new version is tested and phased gradually into production. This means the application owners must manage more than one version simultaneously, and it demands careful change and version management on the part of IT operations staff. The incremental increase in usage allows ample opportunity to gather load metrics, however, allowing production IT capacity planners to see how load demands change with the updated code. And the canary process provides a relatively safe and rapid rollback process if unintended consequences occur.

BTCPoint Creates 10,000 Bitcoin-Enabled ATMs Using Spanish Bank Network

To access the service, BTCPoint users enter the amount of money they'd like to withdraw from an ATM using the application and send bitcoin to a company address. Next, users receive an SMS and a PIN code, input the PIN code into an ATM on the network and withdraw their funds. The service today is one-directional, with users only being able to withdraw cash from units, though Lopera said BTCPoint is working on solutions that diversify its service. "We are focusing on changing bitcoin into cash, and we’re also talking with different credit card processors, who could enable the buy option so you can buy at a very low fee," he said. Lopera suggested BTCPoint is in talks with US and Latin American banks as a means to expand its service.

Enabling a digital future requires smart capital strategy.

Executives recognize that digital transformation is impacting all aspects of their business — from the front - end to the back. They also know that the competitive landscape is changing rapidly as barriers to entry are eroded. Digital is a continuous form of disruption to existing (or new) business models, products, services or experiences, enabled by data and technology across the enterprise. The key challenge for many companies will be a lack of sufficient capital to meet their digital ambition. Enabling a digital future requires smart capital allocation. Selecting the right strategic investments — organic or inorganic — offers routes to growth. The key question is can companies build the capabilities required to succeed in the brave new world — or do they need to buy?

Why London will remain a global tech hub post-Brexit

London’s corporate tech base is impressive and should also help maintain its position. The presence of big global tech companies, such as Google, Amazon, Facebook, Microsoft and Yammer, provide a solid foundation for the tech sector, while fast-growing smaller companies, such as Skyscanner, Badoo, Hailo and Mind Candy, provide that drive for innovation for which London’s tech sector is renowned. Accelerator programmes to help the Capital’s tech start-ups expand and succeed are another factor why the doomsayers over London’s tech future are wrong. Currently there are around 4,000 start-ups in the Capital and about 40 accelerator programmes, such as Seedcamp, TechStars, Wayra and Oxygen, help foster these young firms and buoy their growth.

3 Big Trends in Business Intelligence and Analytics

Lack of good, consistent quality data is cited as the number one challenge organizations face to realizing the full potential from analytics (A.T. Kearney’s “2015 LEAP Study - Leadership Excellence in Analytic Practice”). Excessive time and resources are needed to manipulate and “roll-up” data before business analysts can start to use it for reports, analytics and insights. Often these challenges are compounded when analysts create work-arounds that drive “shadow” data bases and ad hoc data management processes that undermine confidence in the data. Strong business intelligence can become the data syndication traffic cop and data clearing house for enterprises that need to make better, faster decisions using good quality data and insightful analytics.

Traffic Data Monitoring Using IoT, Kafka and Spark Streaming

In order to process the data generated by IoT connected vehicles, data is streamed to big data processors located in the cloud or the data centres. An IoT connected vehicle provides real time information of the vehicle like speed, fuel level, route name, latitude and longitude of vehicle etc. This information can be analysed and data can be extracted and transformed to the final result which can be sent back to the vehicle or to a monitoring dashboard. For example, using the information collected for different vehicles we can analyse and monitor the traffic on a particular route. In this article, we’ll use Apache Spark to analyse and process IoT connected vehicle’s data and send the processed data to a real time traffic monitoring dashboard.

Quote for the day:

"Any sufficiently advanced technology is indistinguishable from magic." -- Arthur Clarke

September 27, 2016

Why Hire a Corporate Lawyer When a Robot Will Do?

Well-tuned search engines could save people a lot of time and suffering. Luminance promises to increase the efficiency of contract review by at least 50 percent. Kira Systems claims a time reduction of as much as 90 percent. If Bayer’s legal team had included robot lawyers, maybe they could have completed due diligence for the Monsanto deal in days. So will the associate attorney, among the least satisfying jobs in the U.S., become a thing of the past? Not necessarily. Even though automated-review tools are great for organizing documents into actionable information, intelligent humans are required to step in when the computer encounters ambiguous language or unexpected cases. It’s like how self-driving cars still have human supervisors in the vehicle to deal with rogue squirrels or trolley problems.

One Fantastic Keyboard For Your Compiter, Phone And Tablet

This full-size, six row keyboard features a complete set of function keys and a number pad. Certain keys—such as Alt and Ctrl—will automatically change functions depending on which operating system you’re working in. Running the length of the keyboard is a rubberized tray that holds your mobile devices at the correct viewing angle. You can link up to three devices at a time to the K780 via Bluetooth. Those without Bluetooth can connect via Logitech’s Unifying USB dongle. At the top left of the keyboard are three white buttons used to pair your devices. Switching between paired gadgets is as simple as tapping the corresponding button.

How to succeed with hybrid cloud application integration

The biggest mistake you can make in hybrid cloud integration is overspecializing. You should establish a common network connection model across your entire hybrid cloud and then work to define a standardized hosting model to deploy applications/components. The connection model issue can only be addressed by creating a virtual private network that can host all of the applications and components. Enterprises are increasingly looking to adopt software-defined or virtual networks as their connectivity core, and if the proper software-defined network or software-defined wide area network model is adopted, it can connect everything, whether in the cloud or the data center. There's no substitute for open uniform connectivity, so it's critical to get this right, and enterprises are recognizing that the basic cloud networking tools are best used to supplement this enterprise virtual network, not create it.

Government lawyers don’t understand the Internet. That’s a problem.

Today, cyber, data and privacy questions lie at the core of numerous corporate and government cases, and there aren’t anywhere near enough practicing lawyers who can adequately understand the complex issues involved, let alone who can sufficiently explain them in court or advise investigators on how to build a successful case. “This is a problem that pervades all of the national security apparatus,” says Alvaro Bedoya, who previously worked as the chief counsel to the Senate Judiciary Committee’s subcommittee on privacy, technology and the law, and now leads Georgetown Law’s Center on Privacy & Technology. “You don’t have a pipeline of lawyers right now who can read code.”

Your users have porous passwords? Blame yourself, IT.

Maybe IT needs to tone down its security awareness efforts. New research by psychologists into password strength delivered the non-intuitive conclusion that users who are well briefed on the severity of security threats will not, as IT had hoped, create stronger passwords to better protect themselves. They actually tend to create much weaker passwords because the briefings make them feel helpless, as if any efforts to defend against these threats are pointless. The research, from a Montclair State University study — detailed here in a story from The Atlantic — suggests that IT staffers need to make sure that they emphasize how powerful a defense passwords, PINs and secure phrases can be in defending against threats, at least until we are able to deploy better authenticators.

Psychology Is the Key to Detecting Internal Cyberthreats

The key to identifying and addressing at-risk employees before a breach or incident occurs is to focus as much on understanding and anticipating human behavior as on shoring up technological defenses. The best way to do this systematically is by analyzing employees’ language continuously and in real time, in a way that still respects privacy. And, the data is readily available to do so because email, chat, and texts are now one the most common methods of communication in business. ... The opportunity for using psychological content analysis in the corporate workplace is vast. Not only can leaders utilize this to intervene before a security breach, but leaders can also use insights to support other efforts to build a healthier culture and develop the organization’s talent.

Mood of the Boardroom: Hacking a serious business

The fact that cybersecurity now ranks alongside what have long been seen as the world's greatest challenges is telling. A real estate director said, "Both terrorism and cybersecurity are always cause for concern of the highest level, as we do not know when and where it will next hit." In light of the increasing acknowledgement of the risk, there are opportunities for the businesses that help address it. Kordia acquired Aura Information Security, a leading cybersecurity company, for just over $10m in late 2015. Bartlett sees addressing cybersecurity threats as a potential selling point for New Zealand. "We are small enough to make our little country a stand-out example of how to get it right," he said. "If we can, our cyber-safe brand will be as important as, and more credible than, 100 per cent Pure New Zealand."

Companies say IoT matters but vary on how to secure it

Overall, their biggest challenges in deploying IoT revolved around security and privacy. But most are taking an “ad hoc” approach to security, doing things like securing individual devices using firewalls. However, 23 percent said they are integrating security processes into their IoT workflow. No single approach has won out yet, MacGillivray said. Finding people with the right job skills is another thing that makes IoT difficult, respondents said. That's a pain point especially in terms of crunching all the data that flows in from the new systems. Also, most enterprises haven’t taken advantage of edge computing, which may be one of the most important parts of IoT, according to IDC. A majority of organizations that have deployed IoT devices just use them to collect data and send it to the cloud or a data center for processing.

How To Mitigate Hackers Who Farm Their Victims

The farming is more sophisticated now with advanced Command and Control (C&C) servers that they use to make system changes remotely, multiple backdoors in multiple systems, bogus accounts they create to sell or reuse, and sensors they leave behind to identify and harvest specific data, says Inskeep. Command and control servers work by receiving communications from malware-infected systems that call out to the internet via outbound network traffic. This works because most network security is geared to defend against what is coming in, not what is going out. Hackers can spread large numbers of Trojans into different kinds of systems because they can pair these backdoors with many different kinds and pieces of legitimate software from OS and application updates to games.

Is the internet of things the new DDoS attack weapon?

It’s been posited that attackers are leveraging internet of things (IoT) devices to grow their botnet capacity to this new level, which in itself is troublesome, but first, the backstory. Krebs is one of the most prolific cybersecurity-focused investigative journalists and has broken a number of high-profile stories and been responsible for numerous arrests over the years. As a result of his intrepid work, Krebs has come into direct contact with plenty of criminal gangs and met the perpetrators of many of the world’s most notorious cybercrime fraternities face to face. Speculation that this is why his site was attacked has stemmed from his recent coverage of an Israeli online DDoS attack service called vDOS – still available to read via Google’s webcache.

Quote for the day:

"Optimism is the faith that leads to achievement. Nothing can be done without hope or confidence." -- Helen Keller

September 26, 2016

Why CIOs are embracing SaaS ID management

Shelving several legacy ID management products with one single sign-on tool is a common business case for Okta, as well as rival solutions from Centrify, OneLogIn and Ping Identity, says Gartner analyst Gregg Kreizman. Such solutions also compensate for companies' inability to retain skilled IT workers schooled in traditional ID management.  In 2016, Experian CTO Joe Manna began testing Okta for a mobile app that enables consumers to access their credit reports. Manna told Libenson both the software and company were great to work with so Libenson instructed his staff to use Okta to manage Experian identities worldwide across cloud, on-premises and mobile applications, including authentication into its core Oracle ERP system.

IT operations automation requires code-wielding sys admins

Once, IT delays were caused by waiting for deliveries and hardware installation; today, an administrator who is taking too much time to deploy VMs is the problem. Using a graphical user interface (GUI) for IT tasks simply takes too much time. Administrators are asked to manage hundreds to thousands of VMs thanks to the explosive growth in virtualization and the VM sprawl that accompanied it. This has led to growth in automation to help admins cope with these tasks and duties. While some level of IT automation has existed for years, it was often smaller scripts and batch jobs that took care of a few stand-alone tasks. Today, automation has become a critical part of data center operations as our applications scale out while staffing stays the same.

Blockchain-Based Smart Identity Will Free World of Paper ID’s

An interesting facet of the Deloitte project is that Smart Identity as a protocol is portable on different Blockchains while the current version of the prototype has been using Ethereum Blockchain. We also asked Deloitte about who is going to hold the actual data and we were told that there is a number of trusted data repositories available but there is also scope for using a hybrid model with a network of trusted custodian services as well as distributed data services in the future. ... In order to migrate from the current system of paper based identity that we have today, there will invariably be the need for all parties involved like governments, corporations and individuals to work in tandem. Cointelegraph asked Shelkovnikov about the issue of provenance of identification and how it would all work.

The Emergency Alert System: Failure IS an option

While many reported a complete failure of the EAS, the FCC issued a report showing that the failure rate was close to 18 percent. Certainly not perfect, but when coupled with social media and other forms of communication that would likely have been deployed on an individual basis, I believe it's safe to assume the word would have gotten out in a timely fashion. The biggest problem I saw with the test was significant technology inconsistencies with what people heard and saw. Some stations showed the textual message but no audio and no alert tones, certainly a problem for someone who was blind, while other stations broadcast the audio for the emergency messages but did not show the text for those messages, leaving a person who is deaf or hard of hearing completely unaware of the situation at hand.

Why Amazon can't possibly be the only cloud winner

Enterprises have many workloads. Some workloads run best on one specific public cloud or another. For example, we've found that Google has far and away the best internal network performance. So, a network-intensive workload should probably run there. Microsoft has GPUs available in Azure for video rendering and HPC workloads. Amazon does a very good job at storing files and objects and distributing them globally for fast access. Enterprises also have troves of legacy data and applications. The reality of IT is that 90% or more of the budget goes to maintenance. That leaves very little for new development. Enterprises choose between migrating legacy applications to the cloud and writing new applications.

Robotic process automation technology gets to work

RPA, or robotic process automation, has a sexy ring to it these days, especially in the C-suite and company boardrooms. And why not? There's a lot about this emerging technology to pique a boss' interest. Robotic process automation technology -- defined in simple terms as software that automates other software -- promises to improve efficiency, boost productivity and save money by helping with or entirely replacing the manual, routine and often error-prone digital processing jobs still done with human labor at many companies. ... The software robots of RPA ilk -- virtual workers, if you please -- interact with computer systems the way most employees do, at the presentation layer through the user interface, requiring minimal code-based programming or deep back-end systems integration.

802.11ad is the fastest Wi-Fi that you might not ever use

“To date, the Wi-Gig products that are shipping in the market have been largely confined to peer-to-peer applications. Once infrastructure mode is widely available on Wi-Gig capable clients, enterprise radio vendors will rapidly follow,” he said. And while Qualcomm’s Grodzinsky hinted at major product releases coming within the next couple of weeks, nobody is particularly clear on the timeframe for widespread 802.11ad adoption, whether as a traditional Wi-Fi technology or, as Forrester’s Kindness suggests, as a wireless backhaul carrier. For the enterprise IT department, Kindness argues, it’ll be three years before decision-makers really need to get their arms around 802.11ad. “It takes about a year to two years to become mainstream, because it doesn’t have product support, you have to understand where you’re going to use it,” he said.

Biometric Skimmers Pose Emerging Threat To ATMs

The devices apparently act just like regular skimmers do in stealing payment card data. They are designed to connect physically to a target ATM and to steal fingerprint data that users may be required to input while authenticating their identity with the device. The stolen data can then be used to authorize other fraudulent transactions, the researchers say. Available evidence suggests that the first wave of biometric skimmer machines, which surfaced last September, were buggy and had to contend with multiple issues during initial tests in the European Union. The biggest hurdle apparently was the fact the GSM modules that the underground sellers used in their skimmers for transferring stolen biometric data, and were too slow to handle large data loads.

Data Interchange Flexibility

JSON and XML are two complementary standards, each suited to different situations. JSON’s popularity is in no small part owing to the fact that it is built into JavaScript. That is JavaScript can read JSON directly without any additional parsing. This is a huge convenience for JavaScript developers. Given that it is also less verbose than XML, it is the often logical choice for sending transient data between the client and server layers within many web applications. Whilst being more verbose, XML offers many other advantages. For example, XML schemas allow one to describe, extend, communicate and validate XML datasets. XSLT allows for easy transformation of XML from one format into another, and XPath/XFormat engines allow for deep querying of native XML files.

The Internet of Things is broken. We need better security to fix it

Even if individual devices are designed with device-level security, an interconnected architecture may still expose vulnerabilities. Electronic devices in general have accessible interfaces such as JTAG ports and MAC addresses that provide an increased 'attack surface' and make devices vulnerable to invasive attacks that reverse engineer security. Also, devices invariably share components and firmware across product lines, allowing a vulnerability detected in one system to be exploited in another one using the same chipset. Most IoT systems also have field sensors that can be subject to physical security issues: critical sensors can malfunction if subjected to higher operating temperatures or voltage ranges. They can simply be vandalised, or even replaced with rogue devices connected to a cybercriminal’s Bot network.

Quote for the day:

"Give your past a Teflon coating. Be honest with yourself and others making sure you’ve fully let go of the past." -- Karen Keller