March 27, 2015

Ayasdi Raises $55M to Blend AI and Machine Learning
“Traditional analytics have hit the wall,” said Ayasdi Chief Marketing Officer Patrick Rogers. “It starts with an analyst asking questions, and then applying them against data that may or may not find insight. You must then go back and reformulate until you find something impactful. There are a lot of tools, but it’s still fundamentally a human-driven process. That model is not going to scale—the number of possible questions grows exponentially with data sets.” Rather than the hypothesis/test approach, Ayasdi takes a very machine-driven one to address complex data. At the heart of Ayasdi’s machine intelligence is topological math, which is building a more automated discovery process and eliminating manual processes.

The dark side of commercial open source
This brings us to one critical problem with commercial open-source companies: they can be bought. And sold. And when they are, the community can be shafted. Completely. Not that this must necessarily happen. Most companies that have acquired open-source companies have done so to benefit from and grow their associated communities. Not surprisingly, open-source leader Red Hat has acquired a range of companies, from JBoss to InkTank (Ceph), and has worked hard to grow their communities. But even proprietary software companies -- like VMware, which acquired SpringSource, and Oracle, which acquired MySQL -- have gone to great lengths to continue development of the open-source code they've acquired.

Agility Is Within Reach
The sweet spot lies somewhere in between. The appropriate level of agility won’t be the same for everyone, but for all companies in all industries, we’ve found that being agile depends on developing two key attributes: strategic responsiveness and organizational flexibility. These two qualities are mutually reinforcing but are developed in different ways, and it is easy for a company to possess one without the other. But until you explicitly develop proficiency in both, you won’t have the agility you need. It’s an absence that will become all the more glaring. In PwC’s latest CEO study, more than half of CEOs surveyed said they believe they will be competing in new sectors in the next three years, and 60 percent said they see more business opportunities now than they did three years ago.

Cloud Native Application Maturity Model
Cloud native applications are built to run optimally on cloud infrastructure. Cloud native application architectures are very different than traditional tiered applications which are designed for a data center. In this post I will discuss maturity model, from the Open Data Center Alliance (ODCA), for assessing the cloud nativeness of an application. ... The Cloud Application Maturity Model from the Open Data Center Alliance provides a way to assess the cloud nativeness of an application, understand best practices, and plan improvements. Although, I would have used slightly different level names and terms, the differences are minor. Keep in mind that this model only assess the maturity of an application. To be successful, you will also need to build a DevOps culture. Perhaps we need a DevOps maturity model as well?

An SDN vulnerability forced OpenDaylight to focus on security
Security will be an integral component of SDN, since a flaw could have devastating consequences. By compromising an SDN controller -- a critical component that tells switches how data packets should be forwarded -- an attacker would have control over the entire network, Jorm said. "It's a really high value target to go after," Jorm said. The Netdump flaw kicked OpenDaylight into action, and now there is a security team in place from a range of vendors who represent different projects within OpenDaylight, Jorm said. OpenDaylight's technical steering committee also recently approved a detailed security response process modeled on one used by the OpenStack Foundation, Jorm said.

7 exceptional Windows hybrids ready for Windows 10
Hybrids, or 2-in-1s, offer decent mobility as laptops and tablets, and are reasonable candidates to take advantage of the features in Windows 10. They are good options for those wanting very portable notebook computers that can operate as tablets when that best fits the situation. Some hybrids use a display that rotates under the keyboard to form the tablet, while others have a detachable screen that operates independently from the laptop dock. The eight hybrids in this collection come in various shapes and sizes. There are devices at the top of the price range, and others more budget-friendly. Most in the hunt for a good hybrid that should run Windows 10 well should find one that fits their needs.

Rethink How Your Business Consumes Technology
Using a consumption-based IT management approach, you collect all pertinent data across the hybrid IT environment -- both internal operations and external sources, including public cloud, private cloud, virtual resources, traditional resources, network and applications. This usage data is enriched with business intelligence, allowing views of usage by department, geography, technology, and application. When the data is married with unit costs, a financial control plane is created, allowing IT to understand the cost of all IT resources in aggregate. By having the most up-to-date view of usage by user and costs, your reports and analytics show both the historical perspective across a variety of views that enhances forecasting.

New cybersecurity models driven by tsunami of data, devices
"If something happens that looks odd, it's not an immediate stop, it's just more that the security officer or someone will have a conversation and say, ‘I see you are trying to access this application that you don't normally access, is there a reason? Can you tell me why? Or are we seeing abnormal patterns?'" he said. "I think that is what we need to get into, which is almost like the machine is helping to tip and cue what looks odd. There may be a valid reason, or it may be a hardware or software issue, but there's just so much going on in an organization that if we are reliant solely on human eyes paying attention to it, we will miss things. We need the machines that can actually say, ‘I'm not exactly sure what's going here, but someone needs to take a look at it.'"

Making Agile Deliver Good Software
The key thing is to do it, to have the information exchange. The reason this is often a meeting of some form is because people don't do it unless they're made to. People go to meetings when they're told to. Well, mostly. But if you cajole people to do the information share it can work in other ways. Note that it's not just writing the information share that's important. You also have to READ it. Just as when you have a meeting it's not just giving your status update that's important but listening to everyone else's. That's why the meeting (when you have one) needs to be short. Remember that a standup is not just the tech team. It's the product owner from the business. The test people. Any support people. Anyone involved in what you're doing. You've got to find a way to keep all those people involved in what you're doing, preferably everyday.

IT Security Lessons from the World’s Biggest Data Breaches
Hackers see small business as easy targets. Often with less IT security measures and lots of valuable data to be had – small businesses across the country are at risk for data breaches. Don’t believe me? According to a survey by the National Small Business Association, 44% of small businesses have been hacked, with associated costs averaging $8,700. According to a study by the Ponemon Institute, that number is even bigger with 55% of respondents reporting a data breach. With risks and vulnerabilities only increasing as hackers continue to target small business, it’s important to explore takeaways from some of the world’s biggest data breaches and apply them to your organization’s IT security.

Quote for the day:

"The very essence of leadership is that you have to have vision. You can't blow an uncertain trumpet." -- Theodore M. Hesburgh

March 26, 2015

If you want to succeed you must fail first, says the man who dreamt up the IoT
The point if the story is that anyone can make an important creative contribution. That's because creating is innate, and instinctive, and, as a result, we see it in all children. The same is true of trying to understand technology. All children have an instinct to explore technology, just as they have an instinct to explore nature. That's why you see them playing telephone about the same time as you see them getting excited when they see dogs or birds. The role of education should be to enable and enhance that innate, instinctive ability, and otherwise get the hell out of the way of its development. Instead, sadly, we have an education system that prioritizes control, compliance, and conformity, frankly for its own convenience.

8 CIO Leadership Lessons for Enterprise Success
Lillie shares that the secret sauce of Equinix, besides having highly reliable state-of-the-art data centers, is that they have an interconnection fabric with close to 150,000 interconnections which are cross connects, either physical or virtual, where their customers connect to each other to move forward digital commerce. As an enterprise CIO for the past seven years, Lillie is focused on helping Equinix grow, scale and be efficient and successful as a company by connecting with customers in a more meaningful way. And that's not just through technology; it's also through communicating best practices. Building on the four pillars of excellence (operational, transformational, innovational and organizational) Lillie gives advice to CIOs to ensure not only their success, but the success of their company as well.

Government Surveillance Dilemmas Present Challenges for Data Centers
One challenge with some data requests made by law enforcement is a provision which includes a “gag order” on the infrastructure provider. “Google and larger companies have an agreement with the Attorney General,” he noted, “that allows them to reveal the number of requests for data that they have responded to, in ‘bands.’ For example, a band is 0-100, in number of requests. Most companies are a lot smaller than Google or Yahoo!. When the bands are larger rather than smaller, customers assume the worst, so if a band is 0 to 100, they assume 100 requests. It would be better to have narrower bands.”

Smart Big Data: The All-Important 90/10 Rule
The 90% structured time should be used putting the steps outlined in the SMART Data framework into operation. Making a logical progression through an ordered set of steps with a defined beginning (a problem you need to solve), middle (a process) and an ending (answers or results). This is after all why we call it Data Science. Business data projects are very much like scientific experiments, where we run simulations testing the validity of theories and hypothesis, to produce quantifiable results. The other 10% of your time can be spent freely playing with your data – mining for patterns and insights which, while they may be valuable in other ways, are not an integral part of your SMART Data strategy.

Five steps to maintaining PCI compliance
Maintaining a vigilant policy compliance program using automated management processes enables companies to reduce risk and continuously provide proof of compliance. Additionally, a policy compliance program helps identify and assess key security settings in your systems, which indirectly helps improve PCI compliance. The requirements of PCI DSS are clear, but take work to accomplish across an organization. The above are a sampling of some best practices, but it’s also important to look for a solution that provides your business with an easy, cost effective and highly automated way to achieve compliance with PCI DSS. Keeping up-to-date with the requirements will benefit your business in the long term.

Android Wear smartwatches: The benefits for professionals
"They're well-equipped to fill a lot of needs in the enterprise where employees need quick updates on timely information, but also can't afford the distraction of being fully immersed in whatever the system is," Martin said. The glanceable nature of most smartwatches does indeed make them a great way to quickly access notifications, but Android Wear devices do offer other tools and services that can positively impact the daily life of corporate users. Here are four ways professionals can benefit from using an Android Wear smartwatch.

Agile coding in enterprise IT: Code small and local
In MSA, you want simple parts with clean, messaging-style interfaces; the less elaborate the better. And you don’t want elaborate middleware, service buses, or other orchestration brokers, but rather simpler messaging systems such as Apache Kafka. MSA proponents tend to code in web-oriented languages such as Node.js that favor small components with direct interfaces, and in functional languages like Scala or the Clojure Lisp library that favor “immutable” approaches to data and functions, says Richard Rodger, a Node.js expert and founder of nearForm, a development consultancy. This fine-grained approach lets you update, add, replace, or remove services—in short, to integrate code changes— from your application easily, with minimal effect on anything else.

How web services became cloud magic, then turned real again
Conceptualising the business as a set of APIs has potential benefits: Faster systems implementation times, reduced costs, more agile business structures, and a business focused on what makes it unique. But it also brings new risks. "Clearly, there are security aspects. An ill-designed API can give access to internal systems, or be open to malware," Dawson said. "There are valid reasons you do need to worry." It seems like we've come full circle. A decade or two ago, before we started calling it "the cloud", it was just "the internet". Discussions about live data linkages between businesses were all about data standards, interoperability, reliability, and security. Then we started calling it "the cloud", and the cloud would apparently solve everything with sparkly unicorn magic.

Security best practices for users is your first line of defense
Users can be your weakest link, sure, but they can also be your greatest asset, says Dr. Guy Bunker, Senior Vice President, Products, security solution provider Clearswift. "Users are both the greatest asset and the weakest link when it comes to security. Users ‘know’ what is really happening in terms of processes and policies that are followed and those that are ignored – they can be a great barometer for gauging the effectiveness of security measures," says Bunker. "This is particularly true for processes which are not secure, or not as secure as they could be. However, users have to be educated. They need to understand that for instance, with many types of malware there is an application installed – and for that to happen there will be some further interaction requested.

UK attacks on crypto keys and digital certificates endemic
But that is no surprise, he said, with leading researchers from FireEye, Intel, Kaspersky, Mandiant and many others consistently identifying the misuse of key and certificates as an important part of advanced persistent threats (APTs) and cyber criminal operations. Bocek said that trust in online security is difficult to achieve, with the report showing that 63% of UK organisations do not know where all keys and certificates are located or how they are being used. The research uncovered that attacks are becoming more widespread as the number of keys and certificates deployed on infrastructure such as web servers, network appliances and cloud services has grown by 40% to almost 24,000 per enterprise in the past two years.

Quote for the day:

"It's hard to lead a cavalry charge if you think you look funny on a horse." -- Adlai E. Stevenson II

March 25, 2015

Questions I’m Asking Myself About SD-WAN Solutions
If I was evaluating SD-WAN, I’d be asking these questions and more in the exploration phase. Then if I moved into a trial phase, I’d make a long list of specific business goals to meet and application behaviors to expect when implementing the solution. And then I’d get medieval, breaking it any way that I could think of to see how the system recovers, up to and including blasting the SD-WAN endpoints with both too much volume and too many unique flows. What happens when you try to kill the tunnel endpoints? All useful stuff to find out before you commit to a vendor providing you with technology you’ll likely come to rely on heavily once it’s in place and working.

Can Predictive Analytics Help Decrease Discrimination in the Workplace?
When you are part of a human system, it is very difficult not to make decisions based in your own experiences in life. On a basic level, people tend to hire those like themselves regardless of gender or race. Add in our instincts, relationships, work experiences, generational traits, and deeply ingrained cultural belief systems and what do you get? A lot of unconscious forces that can interfere with our ability to hire and promote in a truly unbiased way. Turning to a more data-driven approach will mitigate those factors, and potentially move the United States' workforce into one that reflects its rich cultural diversity, no longer leaving the talent of women and minorities untapped.

Microsoft: Office will be free for devices under 10 inches
Kirk Koenigsbauer, the corporate vice president for the Office 365 Client Apps and Services team, revealed in a blog post that Microsoft believes that 10.1 inches is the dividing line between a “personal” and “professional” experience. Pros need the reliability and security of paid apps, while “personal” users are more interested in free. “Currently, we are also using screen size to delineate between professional and personal use,” Koenigsbauer wrote. “Based on our research, we are classifying anything with a screen size of 10.1 inches or less as a true mobile device: You’re probably using it on the go, when it’s not practical to use a larger computing device such as a PC or a Mac. You probably aren’t using a mouse or a keyboard, instead navigating via touch interface. It’s probably not a “pro” category tablet that is used for design or presentations.”

Amazon Simplifies Global Business With Cross-Region Data Replication
It’s theoretically possible to run an application from a single data center, as every point on the network eventually connects to every other. Build something in Virginia, and customers in Washington and New York and Tokyo and Sydney and London can all get to it. For a surprisingly large number of use cases, any delays (latency) in the network connection will not cause anyone undue concern. And yet we persist in building ever-more data centers in ever-more places. Sometimes we put them in frankly stupid places, like London or Tokyo or New York. We stretch power grids to breaking point, and pay exorbitant prices for scarce land and power, to shave a millisecond or so off that latency.

Snowden Urges Cloud Providers to Take Action Against Mass Surveillance
Snowden said that the amount of encrypted traffic has more than doubled since 2013, and a lot of work on encryption is happening in academics and technology companies. The type of security actions a person or organization might take “ultimately depends on what security specialists call a threat model,” Snowden said. “You need to think what the likely vectors are for attack.” When Harrison mentioned that more journalists were clearing their browser histories, Snowden said that “as a basic practice, clearing your browser history is great…however that’s not really how surveillance works.”

How to scale online services for millions of users without losing vital data
Erlang's technical prowess at handling these kinds of tasks is why Facebook's WhatsApp uses Erlang to handle the tens of billions of messages sent by the service each day. "Erlang is a very small language with reliability and scalability built into it as a core foundation. "We've found we can run things much more in parallel, use more of the CPU in the box and, because the concurrency semantics are via message passing, it vastly simplifies the software we're writing." The compact, modular code enabled by Erlang has resulted in a "massive reduction" in the size of Erlang applications compared to Java, which in turn has allowed bet365 to "massively reduce testing".

Storage: The Next Generation
It's not a trivial manner to create an enterprise-grade storage system/file system, and they don't come around very often. Over the last two decades, I've seen very few show up; ZFS was introduced in 2004, the Isilon OneFS in 2003, Lustre in 2001 and WAFL in 1992. So when the new Qumulo storage system was released, I naturally jumped at the chance to work with it to see what benefits it could bring to the datacenter. Brett Goodwin, VP of Marketing at Qumulo, invited me up to Seattle to work with the company's new product. I wanted the full experience, so we agreed that I would first do an install and then work a bit with the product.

ITSM or ITIL? That Isn’t the Question
IT organizations that make use of ITIL decide for themselves which aspects to adopt. Many IT organizations choose to adopt only the operational processes, such as incident management and change management. On their own, these do provide some value, of course, but they are only a small part of the whole ITIL framework. However, you’ll get the best value from ITIL by taking a lifecycle approach to ITSM. This covers everything from your overall IT strategy through the design, transition, and operation of services; and it incorporates continual improvement into everything you do.

The Problem With Configurations
CM tools have no way to identify what parameters changed in your configuration file and whether a reload is sufficient to activate the changes. As a result, we are forced to always use the nuclear option – restart. ... Like most operational aspects of programs, configuration issues can and should be resolved by grassroots engineering work rather then after-the-fact makeshift solutions. A good example of an attempt to tackle this at the core is Netflix Archaius project and many others have followed suite. There are several simple design principles that can help make the configuration of your program much easier to work with. To some degree, you can even apply these principle to 3rd party programs using CM tools

Intro to .NET Unit & Integration Testing with SpecsFor
Hopefully the first question you’re asking is, “What exactly is SpecsFor?” It’s a testing framework designed to abstract away all the annoying testing concerns out of your way so that you can write clean tests quickly. It is both flexible and extensible.... At its core, SpecsFor sits on top of NUnit, meaning any test runner or build server that supports NUnit will also work just fine with SpecsFor, no need for separate plug-ins or setup. Next, SpecsFor provides Should, a library of extension methods for common test assertions. Instead of writing awkward to read assertions, like “Assert.AreEqual(x, 15),” you can write readable assertions like “x.ShouldEqual(15).” It’s a subtle change, but it makes a big impact!

Quote for the day:

"Leadership is the art of getting someone else to do something you want done because he wants to do it." -- Dwight D. Eisenhower