June 01, 2014

The Culture of Cloud in an Information Security World
No matter what your current culture, cultures can change over time, and I believe there is a logical transition that can occur to safely migrate to a culture of cloud acceptance. Just as CEOs can strive to change corporate culture within their organization to meet specific goals, CISOs and CIOs can evolve IT culture to help meet business goals as well. However, this should not be a forced migration because security issues as well as operational issues can occur. Both IT and Information Security capabilities need time to evolve and mature. As cloud culture evolves and matures within an organization, start with smaller initiatives and grow from there.

Understand the "Heartbleed" bug
In this white paper, Bipin Chandra examines the OpenSSL code in detail and explains how the bounds-checking error in the OpenSSL code created the "Heartbleed" memory leak. After reading Chandra's explanation, you'll understand the seriousness of the "Heartbleed" bug, and you will understand how to prevent similar bugs in your applications. Chandra also documents publicly known information about which devices, operating systems, and servers are susceptible to the bug, the availability of fixes, and tools to assess websites for the vulnerability.

Why haven't robots yet changed the world?
"I think we have accomplished less than we might, less than we had imagined," Matt Mason, director of the Robotics Institute at Carnegie Mellon University, told Computerworld. However, Mason added, "Robots do surgery. Robots have driven down the price of consumer goods. The reason that you have a computer in your pocket is because of robotics in manufacturing. If you go through a semiconductor fab, you 'll find dozens or hundreds of robots working." To appreciate those accomplishments, Mason said we need to change our image of future robots. "Domestic service is always something that we're thinking about, but that's very challenging," he added.

Hey, IT, want to innovate? Become a network
f course, everybody wants to be the hub of that network, and it takes more than exposing a bunch of APIs to successfully execute a classic tech-industry “platform” strategy. Creating product networks is subtler, and not everyone can be the top carnivore in an ecosystem’s food chain. Compare “app constellations.” That’s a Fred Wilson coinage describing both mobile app promotion and how tech companies like Facebook and Foursquare are atomizing monolithic services into single-function apps. Back in pre-mobile days of yore, we called them “portals,” but who doesn’t love a new buzzphrase? An app constellation is an example of a visible network. In media, Disney is a visible network while Viacom is invisible.

Quantifying Privacy: A Week of Location Data May Be an “Unreasonable Search”
The main technology for making these inferences is machine learning, a branch of artificial intelligence. In the paper, the authors write that their goal was “to identify the threshold at which enough is enough — the point at which long-term government surveillance becomes objectively unreasonable.” In the interview, Mr. Bellovin observed, “We put it at a week, based on our research.” One reason the technology works so well, Mr. Bellovin said, is that people help, by following patterns of movement that are quite predictable. When combined with other data, the result is something close to a movement fingerprint — that is, surprisingly distinctive and identifying.

Data Science @ Activision
Hemann described what his department does by providing a couple of vignettes. “Vignette 1: Algorithm Detection of Assholes.” Some players found a shortcut to raising their rank in Call of Duty known as “boosting.” Two players enter a game on opposite teams and take turns killing each other. This quickly improves their rank. At first, most of the “boosting” detection had to be done manually with Activision players surveying random games. However, the team now uses algorithms and data patterns to determine how quickly the player jumped in rank, the number of times they killed the same player, the number of games with the same player, the player positions on the map, etc.

From Data Ownership to Data Usage: How Consumers Will Monetize Their Personal Data
We will move from data ownership, where organisations that have developed applications assume to own the data, to a situation where these organisations are allowed to use the data of the customers. And potentially they will have to pay for that data usage to gain additional insights. This is already happening at small scale: Google’s Screenwise Trends panel gives up to $ 8 cash to anyone willing to share their browsing behaviour with Google and its partners. Another example is Raptr, an application with almost 26 million users that provides users with real rewards such as free games, hardware or discounts in return for their video gaming habits.

Decision Science as a Service and Data Science curriculum
For the data scientist, I encourage courses in statistics, machine learning, applied math (including linear algebra), databases and data structures, data and information visualization, scientific modeling and simulation, programming (Python, R, or Matlab, at a minimum), and even some Physics (to learn and sharpen problem-solving skills). For the big data analytics profession, focus more on the algorithms (data mining, statistics, and machine learning), programming skills, and computing technologies (such as Hadoop). For the business or marketing analytics profession, include some of the above things while also learning the key concepts of business, marketing, finance, organizational management, social and behavioral science, leadership, entrepreneurship.

Is the Internet of Things strategic to the enterprise?
Unfortunately, all of this thinking leaves out a few important concepts. Most importantly, is the idea of network effect. The more connected something is, especially if by being connected it provides additional value to those on the network, the more valuable it becomes. The value grows expontentially according to connectedness. That's the basic truism of Internet business, and the reason why growth is always the primary and first order of business for Internet startups. You can do anything, create any business model, find new and better ways to monetize, if only you are deeply connected. If you aren't, the most innovative digital business models just have no meaning.

Taking Back Agile
A lot of people found that the agile methods really humanized the work, and opened the door to more lean and more continual development techniques. In the heyday of agile, people pushed the limit on how simple, how safe, how lean, and how human a software team could become. It's fair that people would be suspicious: Are we trying to take ownership of the brand? Are we trying to set up an alternate, competing certification program? Are we trying to cast doubt on our competitors? It might be good for folks to know that "Let's take back agile" has an "us" that includes everyone. We don't need a brand. We don't need yet another certification scheme, and it doesn't matter what we call it.

Quote for the day:

"Become the kind of leader that people would follow voluntarily; even if you had no title or position." -- Brian Tracy