Daily Tech Digest - December 15, 2017

Digital Disruption: 10 Ways To Survive & Thrive

Digital disruption: 10 ways to survive and thrive
Some CEOs are embarking on vision quests to help navigate digital disruption, which is marked by a shift in profitability from one prevailing business model to another. Puthiyamadam, who leads the PwC's digital services practice and oversees its experience center, recalls one recent conversation with a CEO client who attended a "digital bootcamp" in Europe. The CEO was told he must join Twitter and that his business would be disrupted in two years. Puthiyamadam quickly assured the CEO that the threats weren’t so imminent. Indeed, he regularly cautions clients against acting rashly because the wrong bets, from service ideation to technology choices, can set a business back years. "Don't believe you need to act frantically and in panic mode because your business is going to get completely overwhelmed," Puthiyamadam tells CIO.com.

DevOps in the public sector: Assessing the challenges and the benefits

“The public sector is often saddled with a significant burden of legacy systems which must be maintained and, where possible, modernised,” says Jason Rolles, CEO of software development monitoring software supplier BlueOptima. This means making use of open source development tools, such as Git and Jenkins, but also having the right IT environment to reap the benefits of these DevOps tools. It is inevitable that legacy systems will slow down a DevOps approach which is meant to bring an organisation both flexibility and speed. This shift away from incumbent providers and legacy infrastructure is to do with finance too. But, without the budget needed to move away from legacy technologies, recruiting DevOps personnel gets even harder, and this becomes a vicious cycle that encourages departments to remain the same.

5 tips for better NGINX security that any admin can handle

NGINX continues to rise in popularity. According to the October, 2017 Netcraft stats, it has nearly caught up with Apache—meaning more and more people are making use of this lightweight, lightning fast web server. That also means more and more NGINX deployments need to be secured. To that end, there are so many possibilities. If you're new to NGINX, you will want to make sure to deploy the server in such a way that your foundation is safe. I will walk through five ways to gain better security over NGINX that won't put your skills or resolve to too much of a test. ... It is possible to limit the rate NGINX will accept incoming requests. For example, say you want to limit the acceptance of incoming requests to the /wp-admin section. To achieve this, we are going to use the limit_req_zone directory and configure a shared memory zone named one and limit it to 30 requests per minute.

Cloud computing: Getting bigger but more complicated too

The location of the company offering a cloud service is something that has come under particular scrutiny recently. For example, the UK government's National Cyber Security Centre (NCSC) warned about the use of some cloud-based antivirus products from Russian companies, but also warned more broadly about the use of cloud services within the government supply chain. "The country of origin matters. It isn't everything, and nor is it a simple matter of flags -- there are Western companies who have non-Western contributors to their supply chain, including from hostile states. But in the national security space there are some obvious risks around foreign ownership," NCSC CEO Ciaran Martin wrote in a letter to civil service chiefs. The NCSC noted that government departments might not even be aware they are using cloud-based services: "It's easy to overlook the nature of these cloud interactions, and the security implications. 

Employers And Employees Need To Step Up On Cybersecurity

Even with the clear need for IT and network security experts, kununu found that job security ranked lowest for employees. Due to management changes or layoffs and the lack of a clear plan in place, internal organization was at an all-time low. This was leading to bad morale and disaffected employees can always be equated with company security vulnerability Within the reviews, employees even shared that their companies were not up to par in terms of the technology and were using antiquated kit, offering hackers a free pass into companies’ most sensitive data. Based in Vienna and leading the European market, kununu launched in the US last year in a joint venture with Monster and has already collected more than half a million reviews on its website. Its reviews are broken down into 18 key dimensions of workplace satisfaction to provide job seekers with workplace insights that matter in order to to make sound work-life decisions

Could blockchains rattle ECM?

Blockchains are distributed, crowd-validated ledgers which use internet-connected computers and open source software all over the world to verify transactions. One of their major benefits in financial transactions is their immunity to tampering, thanks to the built-in consensus mechanism. In theory, this could also make blockchain a secure, verifiable and permanent solution for exchanges of any kind – for managing records, for instance. Sweden’s land registry authority is currently exploring blockchains’ potential as a mechanism for recording property deals. In this context, the blockchain would confirm and save each step in the contract process between buyers and sellers, while making each deal’s information transparent to all parties such as banks and local governments. But how far could this go, and what does it mean for ECM as we know it? To assess the potential and any limitations we must consider what sets blockchains’ approach apart.

Figure 1
Enterprises that wish to deliver disruptive innovation must understand their own strategy and objectives, their current operational environment and challenges, and their external environment. They can begin by identifying opportunity areas and key markets. Once a consensus is reached, they can identify priority market segments. This may lead to redefining market segments and segmentation criteria. At this point, they should analyze the industry structure—segment clients, suppliers, potential new entrants, substitution products—and then identify what makes each player powerful, using strategic tools. For example, “The Five Competitive Forces That Shape Strategy”9 shows that suppliers boasting strong concentration, high switching costs, genuine differentiation, unique intellectual property (IP) and strong value for clients will command higher prices than industry incumbents. 

20 Ways To Rekindle Your Passion For IT

20 ways to rekindle your passion for IT
In March 2017, Zucker left the financial services firm and launched a new career providing training and advisory services in project management, agile development and leadership. "The change has been wonderful," he declares. "I'm working harder than before, but I'm passionate and enthusiastic about what I am doing." Zucker is hardly the only IT leader to watch his early enthusiasm spill into a drain of frustration, boredom and ennui. A 2016 Stress and Pride survey, sponsored by IT talent management and solutions company TEK Systems, found that a sizeable number of senior-level IT professionals are dissatisfied with their jobs. In fact, 24 percent of respondents stated that while they were proud they had chosen IT as a career, they were not proud of their current role, assignments and responsibilities. Worse yet, a discouraging 16 percent agreed that if they had to do it all over again, they wouldn't go into IT.

An Effective Cyber Hygiene Program Can Save A Business

Most small businesses have overarching cybersecurity plans that establish antivirus programs, firewalls, and other defenses to thwart cyberattacks. However, rarely do these plans consider individual behavior, which is why more than half of all cyberattacks aim for American small businesses. In addition to these cybersecurity measures, businesses need to consider cyber hygiene. Cyber hygiene, also called security hygiene, is general behavior that keeps individuals safe from cyberattack. Unlike cybersecurity, which pertains to an organization’s largescale efforts, hygiene consists of an individual’s responsibilities and actions. For example, an IT department might build and monitor firewalls and intrusion detection systems, but if individual employees fail to generate strong passwords, install software updates, or run regular malware scans, then a business remains insecure.

BlueBorne Attack Highlights Flaws in Linux, IoT Security

Researchers at IoT security firm Armis earlier this year discovered Blueborne, a new group of airborne attacks. The vulnerabilities let attackers take full control of any device running Linux, or OS derived from Linux, putting the majority of IoT devices at risk of exposure. The researchers discussed and demonstrated their latest findings at Black Hat Europe 2017, held last week in London. Vulnerabilities in the Bluetooth stack have been overlooked for the past decade, they explained. Bluetooth, often perceived as peripheral, could benefit attackers if they successfully break into a high-privilege device. As the researchers demonstrated, one compromised product can spread its attack over the air to other devices within Bluetooth range. "These attacks don't require any user interaction or any authentication," said Armis head researcher Ben Seri in their presentation.

Quote for the day:

"The most common way people give up their power is by thinking they don't have any." -- Alice Walker

Daily Tech Digest - December 14, 2017

The role of Chief Data Officer (CDO) would seem to be a godsend to answer the data monetization challenge. They should be the catalyst in helping organizations to become more effective at leveraging data and analytics to power the digital transformation. However, all is not well in the world of the CDO. Many organizations appoint a CDO with an Information Technology (IT) background – the same background and experience as the Chief Information Officer (CIO). The organization then ends up splitting the existing CIO role between the current CIO and the CDO; giving the CDO the tasks associated with data collection, governance, protection and access. Splitting the existing CIO role isn’t sufficient. Instead, the CDO needs a totally different charter than the CIO, and a key aspect of that charter must be around data monetization.

Microservices Solution Patterns

Microservices Architecture (MSA) is reshaping the enterprise IT ecosystem. It started as a mechanism to break the large monolithic applications into a set of independent, functionality focused applications which can be designed, developed, tested and deployed independently. The early adopters of MSA have used this pattern to implement their back-end systems or the business logic. Once they have implemented these so-called back-end systems, then came the idea of implementing the same pattern across the board. The idea of this article is to discuss the possible solution patterns which can be used in an MSA driven enterprise. ... On top of the back-end systems, there is the integration layer which interconnects heterogeneous back-end systems. Once these services are integrated, they need to be exposed as APIs to internal and external users as managed APIs through API management layer. Security and analytics will be used across all those 3 layers.

Outlook 2018 – Key Trends In The Indian Information Management Domain

Outlook 2018 – Key trends in the Indian Information Management domain
Paperwork is an integral part of doing business, but physical paper is not. In fact, reliance on paper documents results in costs, which could be eliminated or at least radically reduced by going paperless. As physical paperwork piles up, so do issues such as: a) Slower time to complete routine tasks that rely on paper as an input b) Increased risk of a security breach through lost or stolen documents c) Potential for data entry errors from manually keying information into systems d) Costs for office or offsite space to store paper documents.  ... Flexibility has become a business imperative with the upsurge of new technologies, BYOD and more employees working remotely. Keeping this in mind, CIOs will focus on compatibility - the ability to scale and transcend devices and platforms (i.e. the open network) for enhanced collaboration. Integration capabilities will be a basic requirement for any technological implementation.

Has Deep Learning Made Traditional Machine Learning Irrelevant?

It is true that many of the competitions you see on Kaggle these days contain unstructured data that lends itself to Deep Learning algorithms like CNNs and RNNs. Anthony Goldbloom, the founder and CEO of Kaggle observed that winning techniques have been divided by whether the data was structured or unstructured.  Regarding structured data competitions, Anthony says “It used to be random forest that was the big winner, but over the last six months a new algorithm called XGboost has cropped up, and it’s winning practically every competition in the structured data category.” More recently however, Anthony says the structured category has come to be dominated by what he describes as ‘hand crafted’ solutions heavy on domain knowledge and stochastic hypothesis testing. When the data is unstructured, it’s definitely CNNs and RNNs that are carrying the day.

Will 2018 be the big year for machine learning?

"We have reached the tipping point where adoption of machine learning in the enterprise is poised to accelerate, and will drive improved business operations, better decision making and provide enhanced or entirely new products and services," said Paul Sallomi, vice chairman of Deloitte. ML, a core element of artificial intelligence, will progress "at a phenomenal pace," according to the study. "As impressive as it is today, in 50 years' time the ML abilities of 2018 will be considered baby steps in the history of this technology," the report said. The report highlights areas that Deloitte thinks will unlock more intensive use of ML in the enterprise by making it easier, cheaper and faster. The most important key area is the growth in new semiconductor chips that will increase the use of ML, enabling applications to use less power, and at the same time become more responsive, flexible and capable.

Understanding the role of Information Rights Management

Naturally, the bigger the scale of the enterprise, the harder it’s going to be to keep IRM consistent. Many software packages and internal procedures are easy to maintain when you only have a few dozen people to worry about. The more people you add to a system, the more points of vulnerability you’ll contend with, and the less secure and less consistent your practices will become. If you want your company’s information to be safe, you need to take IRM more seriously. You should consider establishing a partnership with an IRM organization, or relying on products that give you more control over your own internal IRM. Your documents, messages, and files are the lifeblood of your organization, and all it takes is one breach to compromise your work. Don’t let it happen on your watch; invest in the right infrastructure for IRM, and don’t let it become a secondary priority.

10 data scientist interview questions job seekers can expect

"To assess if a candidate can be successful as a data scientist, I'm looking for a few things: baseline knowledge of the fundamentals, a capacity to think creatively and scientifically about real-world problems, exceptional communication about highly technical topics, and constant curiosity," said Kevin Safford, senior director of engineering at Umbel. Demonstrating that you have a strong understanding of the business at hand and how data can be used to reach business goals will also set you apart. "In addition to many technical questions—knowing your algorithms, knowing your math—a great data scientist must know the business and be able to bring strong ideas to the table," said Rick Saporta, head of data science at Vydia. "When hiring, I would rather have one creative data scientist who has a strong understanding of our business, than a whole team of machine learning experts who will be in a constant 'R&D' mode."

An Introduction to Anti-Patterns - Preventing Software Design Anomalies

The common symptoms of islands of implementation are an incorrect use of technology standards, usability and interoperability issues, excessive cost and time escalations due to changing business needs. The root cause for this is typically around not having enterprise level standards, organizational structures leading to poor communications, inappropriate trained resources deployed in projects. But these can also occur during corporate mergers, acquisitions or due to vendor-lock ins. ... The root causes can be due to lack of architectural vision, technological disruptions, tight coupling, insufficient use of metadata, lack of abstraction layer etc. Use of component architectures that provides flexible substitutions of software modules due to fast-changing business/technology landscapes can solve this issue.

Is a Good Offense the Best Defense Against Hackers?

First there’s the issue of "attribution." How do you correctly identify your attacker? It’s not as easy as it sounds. What if an attack comes from a botnet? Not one computer, but thousands or millions spread over the globe. Owners of botnet computers may not know they’re contributing to an attack. If your attacker is somewhere in the cloud, good luck finding her. Are you going to strike back against your cloud provider? They’re potentially innocent middlemen. Second, ACDC wouldn’t allow striking back against distributed denial-of-service (DDoS) attacks, for example, a common attack. DDoS attacks don’t involve unauthorized access. And who are you going to blame? Typical DDoS attacks come from devices that are part of the Internet of Things (IoT). Say Grandma’s digital picture frame routed requests in a DDoS attack. Are you going to hack back against Grandma?

What Should Software Engineers Know about GDPR?

GDPR is only interested in personally identifiable information (PII). GDPR does not apply to data that is not attached to a person, such as product or accounting information. You might still classify it as sensitive and might still want to protect it, but GDPR considers it non-PII data and ignores those situations. GDPR identifies two classes of PII data. There is data that can be used to uniquely identify a person like social-security number, e-mail address, or anything directly connected to these identifiers such as purchase history. Then there is extra-sensitive data such as medical/health information, religion, sexual orientation, or any information on/collected from a minor. Do note that according to GDPR, combinations of information that may not be unique in isolation can potentially identify an Individual. So PII also includes identities that may be deduced from values like postcode, travel, or multiple locations such as places of purchase.

Quote for the day:

"Learn from the mistakes of others. You can never live long enough to make them all yourself." ― Groucho Marx

Daily Tech Digest - December 13, 2017

Cyber security skills shortage can be addressed, says (ISC)2

McCumber, who has been working in information security in military, national security and civilian roles for the past 30 years, argues that in the light of the fact that there are jobs for people coming out of trade schools, there is no reason that aspects of cyber security cannot be turned into trades. “By treating cyber security as a trade, it will enable school leavers to get some basic skills without having to do a four-year course and to provide valuable services in well-paid jobs in the cyber security field,” he said. “There are a lot of productive jobs in the cyber security field that do not need a four-year degree.” ... “We work with industry to ensure we are training people to meet industry’s needs, and government that wants to drive down unemployment rates, and provide transportable certifications that are recognised by government, industry and academia,” he said.

HP Spectre 13 review: This stylish ultrabook conceals real power

HP Spectre Laptop 13 af0xx
Whether open or closed, the Spectre 13’s elegance shines through. It’s a beautifully architected notebook PC, with metallic accents that complement the understated white of the chassis. (Normally, the Spectre 13 ships in black; the Ceramic White option our test machine included is an extra $10—and worth it.) Would I have chosen a series of circular holes to replace the hexagonal slits of the fan grille? Maybe. A narrow power button to one side also feels a bit out of place. But these are just nitpicks. ... At 2.4 pounds, the Spectre 13 is light, yet solidly constructed. Many aspects reminded me, though of a tablet: its weight; the power-efficient, 1080p display; and the pair of silver hinges that conceal the I/O and electric connections, slightly lifting the display above the keyboard. HP also includes a pleather laptop sleeve to protect the Spectre Laptop from nicks and scratches while in your bag.

Programmers and developers more important to companies than IT managers

"IT is really going to have to shift to more of a partner to the business, and making sure they are in lockstep with what the business goals are," Hayman said. ... Decentralization makes it challenging for IT and the business to align, Hayman said. For successful digital transformation projects, both parties need to be at the table for important conversations about how technology can help realize goals, rather than IT waiting for direction from the business. "Digital transformation is going to give organizations this unique opportunity to use technology as that strategic asset for the whole enterprise," Hayman said. "Those capable IT teams that can support it are really going to help separate and differentiate organizations from the rest of their competition. That's going to mean identifying areas to increase efficiency, and add greater value to the technology."

Cyber attack surface facts, figures and statistics for 2017 to 2022

Cyber attack surface grows immensely, raises security concerns
The far corners of the Deep Web — known as the Dark Web — is intentionally hidden and used to conceal and promote heinous criminal activities. Some estimates put the size of the Deep Web (which is not indexed or accessible by search engines) at as much as 5,000 times larger than the surface web and growing at a rate that defies quantification, according to one report. ABI has forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020 — and Spanish telecom provider Telefonica states by 2020, 90 percent of cars will be online, compared with just 2 percent in 2012. Hundreds of thousands — and possibly millions — of people can be haced now via their wirelessly connected and digitally monitored implantable medical devices (IMDs) — which include cardioverter defibrillators (ICD), pacemakers, deep brain neurostimulators, insulin pumps, ear tubes and more.

GDPR and the human element of personal data protection

Finding the precise location of data defined as ‘personal’ under GDPR from among the thousands of tables and columns (or fields) in complex and customized packaged systems, represents a significant challenge. Traditional tools and methods, such as searching for documentation, using templates and reference models or employing external consultants, do not address the challenge in an effective and timely fashion. Safyr offers an interesting approach - it interfaces with all the most popular ERP and CRM solutions in order to speed up that discovery process. Speed and accuracy here are vital for several reasons - obviously ‘bad’ data discovery initially means that risk assessments will be skewed, and even worse it may cause a loss of focus, so that less critical issues are fixed first, rather than the real high risk issues. These issues are the major benefit of using a discovery tool, rather than attempting hand cranked scripted procedures.

A robotic path lined with cybersecurity bumps

The robot controller is a complex device composed of multiple interconnected subsystems and computer systems. A controller can work in automatic mode – typically for regular operation of the robot; and in manual mode, in which the robot performs movements according to specific inputs fed by the operator.  Under this attack, the cybercriminal changes the setting of the control system so the robot moves unexpectedly or inaccurately. This type of attack could lead to production of defective or modified products, subsequently resulting in massive recalls. The first time a robot is connected to a controller, the sensing equipment must be calibrated. The controller uses the calibration data to compensate for known measurement errors. Manipulation on the calibration parameters can cause the servo motor to move erratically or unexpectedly. If an attack is launched when a robot is moving, the controller can detect it and engage stopping procedures.

A Pragmatic Assessment Of Disruptive Potential In Financial Services

Fintechs have seized the initiative – defining the direction, shape and pace of innovation across almost every subsector of financial services – and have succeeded as both stand‐alone businesses and crucial parts of financial value chains Fintechs have reshaped customer expectations, setting new and higher bars for user experience. Through innovations like rapid loan adjudication fintechs have shown that the customer experience bar set by large technology firms, such as Apple and Google, can be met in financial services Customer willingness to switch away from incumbents has been overestimated. Customer switching costs are high, and new innovations are often not sufficiently material to warrant the shift to a new provider, especially as incumbents adapt* Fintechs have struggled to create new infrastructure and establish new financial services ecosystems, such as alternative payment rails or alternative capital markets.

AIG launches new cyber threat analysis to gauge companies' risks

AIG’s underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors, said Tracie Grella, AIG’s global head of Cyber Risk Insurance, in an interview. The analysis scores companies on the degree to which a cyber attack may affect their businesses and the potential costs of various cyber incidents, among other issues, according to a sample report seen by Reuters. Cyber coverage is a mounting concern worldwide as hackers increasingly target companies’ technology systems. Insurers are also struggling to estimate their potential exposure as cyber risks and interest in coverage increase.

Cloud-to-cloud backup: What it is and why you need it

In small-scale scenarios, users can copy files from, for example, Office 365 and G Suite to a local volume, or if security rules permit, an external drive. But this is a manual process that might not be reliable, and will struggle to scale. For larger files and larger applications, this is rarely practical. Enterprises using infrastructure-as-a-service (IaaS) or SaaS applications can use application programming interfaces (APIs) or third-party software to back up to local servers, network-attached storage (NAS) equipment or their own datacentre. But backing up cloud services to local storage is a step backwards. Instead of taking advantage of the cloud, it forces companies to retain on-site infrastructure, increases costs and limits flexibility. Enterprises that back up software-as-a-service applications will have the reassurance that they have copies of their data, but they will not be able to replicate or run the SaaS environment in-house.

Top 5 open source tools for MySQL administrators

Top 5 open source tools for MySQL administrators
For database administrators (DBAs), keeping databases running at peak performance can be a little like spinning plates: It takes agility, concentration, quick reactions, a cool head, and an occasional call out from a helpful onlooker. Databases are central to the successful operation of almost every application. As DBAs are responsible for an organization’s data, finding dependable tools that help them to streamline the database management process and ease day-to-day maintenance tasks is essential. DBAs need good tools to keep their systems spinning smoothly. So what are the tried and trusted tools for MySQL administrators? Here I share my top five open source tools for MySQL administrators and discuss their value in the support of day-to-day MySQL administration tasks. For each of them, I’ve provided a link to the GitHub repository and listed the number of GitHub stars at the time of writing.

Quote for the day:

"Failure defeats losers, failure inspires winners.” -- Robert T. Kiyosaki