August 31, 2014

Defining Web 3.0 and Developing the Fastest Enterprise Mobility Apps
There is also a definite demand for skills in the market in next generational frameworks and I call out Angular and Backbone as leading the way commercially, with Ember and Meteor also highly respected frameworks. This is created by a demand to build a higher quality of Web Applications and the learnings of the last projects of what went wrong when anyone tried to maintain the last attempt. The job specification is no longer “Web Developer” but instead it is “JavaScript Architect”. I interview a lot of people and the majority of web developers with 5 – 10 years of experience still do not know the following seven vital things:

How an Enterprise Architect Used Change Management Tools to Diagnose Business Problems
Desire is a difficult stage of change to get through. How do you create desire in the face of resistance to change? Keeping people informed helps overcome initial reactions against change. More desire is gained by clearly showing solutions that people will find useful. But in most engagements, we should be building buy-in with ongoing participation of stakeholders and those who will be affected by the changes. Influencing desire begins early in the planning process. Invest in stakeholder engagement early. During this phase, it can be very useful to make a vocal champion out of someone who was antagonistic at the beginning, but who has since become a supporter of the changes.

Perspectives of Business Reference Model
We are all witnessing the steady progress of the Enterprise Architecture(EA) discipline and it is now well understood that the EA is not just about IT infrastructure and the Business Architecture(BA) forms an integral part of EA. Unlike in the past, when Business Architecture was used for the purpose of eliciting the requirements for the IT systems, BA is used to develop and describe the targe business model and work on a road map that will get the business towards the target. The Open Group, as part of its "World Class EA" series, has published a White Paper on the Buiness Reference with an objective of providing the need help to organizations in developing BA assets and plan for the future.

eBook. The practice of Enterprise Architecture
This book does not propose a new framework, theory, or approach to Enterprise Architecture. Instead, we share the experience and lessons learned of many projects that we have conducted around the world over the last few years. There are three parts (1) a high-level introduction to Enterprise Architecture using TOGAF and ArchiMate, (2) an overview of good practices to get started with EA and (3) an overview of advanced topics and techniques.  When you are interested after reading the first two chapters, we recommend you to contact our salesdepartment at: They can help you to purchase this book.

Visualizing and Measuring Enterprise Architecture: An Exploratory BioPharma Case
The focus of this paper is to test if it can also uncover new facts about the components and their relationships in an enterprise architecture, i.e., if the method can reveal the hidden external structure between architectural components. Our test uses data from a biopharmaceutical company. In total, we analyzed 407 components and 1,157 dependencies. Results show that the enterprise structure can be classified as a core-periphery architecture with a propagation cost of 23%, core size of 32%, and architecture flow through of 67%.

How Can Enterprise Architects Drive Business Value the Agile Way?
As an Enterprise Architect, chances are you are responsible for achieving business outcomes. You do this by driving business transformation. The way you achieve business transformation is through driving capability change including business, people, and technical capabilities. That’s a tall order. And you need a way to chunk this up and make it meaningful to all the parties involved. ... An Enterprise scenario is simply a chunk of organizational change, typically about 3-5 business capabilities, 3-5 people capabilities, and 3-5 technical capabilities.

Guide to OpenIG
This guide is written for access management designers and administrators who develop, build, deploy, and maintain OpenIG deployments for their organizations. This guide covers the tasks you might perform once or repeat throughout the life cycle of an OpenIG release. You do not need to be an expert to learn something from this guide, though a background in HTTP, access management web applications can help. You do need some background in managing services on your operating systems and in your application servers. You can nevertheless get started with this guide, and then learn more as you go along.

Service Bus Authentication and Authorization with the Access Control Service
Service Bus and ACS have a special relationship in that each Service Bus service namespace can be paired with a matching ACS service namespace of the same name, suffixed with “–sb”. The reason for this special relationship is in the way that Service Bus and ACS manage their mutual trust relationship and the associated cryptographic secrets. Inside the “-sb” ACS service namespace, which you can explore from the Azure Portal by selecting the Service Bus service namespace and then clicking the ACS icon on the ribbon, is a “ServiceBus” relying party definition following the ‘Relying Party Applications’ navigation.

8 Open Source Web Application Security Testing Tools
Web application security testing might seems intimidating and esoteric to many web administrator, especially to the new ones. Have you ever asked yourself why so many IT professionals ignore the security aspects of the applications? We seem to have a tendency to ignore things that is unperceivable. ... Good news for those who are new to web security is that once you have the basic understanding of the most common web app vulnerabilities, you will find it much easier to protect your application from various types of well-known web attacks.

Nigel Dalton at Agile Australia on System Thinking, Social Experiments and 20 by 2020
Probably one of the biggest breakthroughs for us last year was getting a really crisp statement of purpose for the company and it is “empowering people by making the property process, simple, efficient and stress free”. Everyone who has worked for us has had a complex, inefficient and stressful property experience - whether it was renting an apartment, a share flat, or whether it was buying, or going to an auction, or otherwise. It is thus pretty easy to get a few hundred people aligned around that as a purpose.

Quote for the day:

"Products are made in the factory, but brands are created in the mind." -- Walter Landor

August 30, 2014

The long game: How hackers spent months pulling bank data from JPMorgan
Because of the multiple layers of the attack and the use of custom “zero-day” code in each of them, Bloomberg’s sources said that JPMorgan’s security team believed it was the target of “something more than ordinary cybercrime.” But such sophisticated attacks have already become the hallmark of Eastern European electronic crime rings, which frequently use custom code developed specifically to stay under the radar of target companies for long periods. The recent attacks on Neiman-Marcus,Target, and other retailers are examples of such long-game hacks that infiltrated corporate networks with malware designed specifically for their systems

CFOs’ Quest for the Golden Source of Data
“CFOs are frustrated with the situation right now,” says BearingPoint’s director Ingmar Röhrig, who led the survey of 65 finance officers at companies ranging from multinationals to midsize businesses. More often than not, it takes manual work to calculate how profitable a product is. Data is stored in multiple systems, so finding the answers you need at the press of a button is virtually impossible. Mergers and acquisitions add to the complexity. - See more at:

Tesla recruits hackers to boost vehicle security
Tesla's cars are among the most digitally connected vehicles in the industry with the battery, transmission, engine systems, climate control, door locks and entertainment systems remotely accessible via the Internet. So the company has a lot at stake in ensuring that the connectivity that allows its vehicles to be remotely managed doesn't also provide a gateway for malicious hackers. Security researchers have already shown how malicious attackers can break into a car's electronic control unit and take control of vital functions including navigation, braking and acceleration.

Management vs Leadership: the Divide
A sense of leadership is a quality that all managers strive for – an ability to effectively motivate and guide their employees to success. But where many employers fail to hit the mark is in understanding exactly what separates a manager from a leader. Admittedly, leadership is a somewhat abstract concept, and as much a state of mind as a skill or talent – but for employers to flourish within their roles, it’s essential to know how they can transition from management to leadership. So we know that managers aren’t, by nature, leaders – but how can they be?

Vulnerabilities on the decline, but risk assessment is often flawed, study says says
“It is difficult to point to any one factor that has contributed to the decline in the number of vulnerability disclosures in 2014,” the X-Force researchers said. “However, it is interesting to note that the total number of vendors disclosing vulnerabilities has decreased year over year (1,602 vendors in 2013, compared to 926 vendors in 2014).” Security experts have argued in the past that overall number of vulnerabilities is not as relevant for as their impact. However, despite attempts to standardize methods of assessing the severity of vulnerabilities, like the Common Vulnerability Scoring System (CVSS), there are many cases where the true risk posed by certain flaws is not represented accurately.

Understanding and Analyzing the Hidden Structures of a Unstructured Data Set
To do this you need to fetch out information from the free transactions text available on Barcllays transaction data. For instance, a transaction with free text “Payment made to Messy” should be tagged as transaction made to the retail store “Messy”. Once we have the tags of retail store and the frequency of transactions at these stores for Metrro high value customers, you can analyze the reason of this customer outflow by comparing services between Metrro and the other retail store.

Developers, Academia Team Up on Manual for Secure Software Design
Thirteen software companies and universities have banded together to create a group focused on educating developers about how to design secure software, releasing a report offering the 10 best practices to avoid common software flaws. Called the IEEE Computer Society Center for Secure Design, the group includes participants from Google, Twitter, RSA, McAfee, Harvard University and the University of Washington. The group, which has formed under the auspices of the Institute of Electrical and Electronics Engineers (IEEE), met in April at a workshop to compare examples of the design problems encountered by their development teams.

Why in-air gestures failed, and why they'll soon win
Leap Motion also released a demo video that I think you should see. It shows what's displayed in Oculus Rift, with two screens that (when you're wearing the Oculus Rift goggles) provide the illusion of 3D. It shows how Leap Motion's extreme accuracy in the real-time location of arms, hands and fingers translates into the ability to have total control in augmented reality and virtual reality programs. ... Extremely accurate motion control like what Leap Motion offers is not only a winning application for in-the-air-gestures, it's a perfectly necessary and inevitable one.

The Good, The Bad and The Ugly Of Enterprise BI
Our research often uncovers that — here's where the bad part comes in — enterprise BI environments are complex, inflexible, and slow to react and, therefore, are largely ineffective in the age of the customer. More specifically, our clients cite that the their enterprise BI applications do not have all of the data they need, do not have the right data models to support all of the latest use cases, take too long, and are too complex to use. These are just some of the reasons Forrester's latest survey indicated that approximately 63% of business decision-makers are using an equal amount or more of homegrown versus enterprise BI applications.

What We Do and Don't Know about Software Development Effort Estimation
An apparent lack of improvement in estimation accuracy doesn’t mean that we don’t know more about effort estimation than before. In this article, I try to summarize some of the knowledge I believe we’ve gained. Some of this knowledge has the potential of improving estimation accuracy, some is about what most likely will not lead to improvements, and some is about what we know we don’t know about effort estimation. The full set of empirical evidence I use to document the claims I make in this summary appear elsewhere

Quote for the day:

"I don't understand why people are frightened of new ideas. I'm frightened of the old ones." -- John Cage

August 29, 2014

From Sensors to Big Data: Chicago Is Becoming a Smart City
Chicago is the first major city in the USA that is building a permanent infrastructure to collect Big Data. They are installing hundreds of environmental sensors that will measure temperature, humidity, light, sound and cellphone signals. All this data will enable Chicago to become a safer and cleaner city. The sensors will be placed on top of lampposts along Chicago’s Michigan Avenue. ... They are true data generators, where all sensors placed within a city gathers vast amounts of data. Chicago will open source all this data to the public, so that anyone can access the data and make use of it.

Poor data quality hindering government open data programme
A source working on the open data programme at the Cabinet Office said public data releases had been dirty and inconsistent. "I would agree the evidence is there to support that," said the source. "They talked about armchair auditors – there hasn't been a lot of that. You can look around and not find them. Some busybody can read through the PDFs, but to make some sense of the aggregated mass is almost impossible with the raw data you've got.”

One small step for IT security: a beginner's guide to threat intelligence
Armed with this knowledge, the organisation can procure the right threat intelligence feed that focuses on the relevant threat actors and provides signatures to help detect attacks before they impact. The board can be briefed about the general overall threat and how activities in the business could heighten the likelihood of attack. Technical teams can be briefed on attacker tools, techniques and procedures so that protective monitoring and software patching can be performed more strategically to identify or mitigate malware. And finally, staff can be made aware of attacks to reduce the risk of compromises.

Architectural Security aspects of BGP/MPLS
There are a number of precautionary measures outlined above that a service provider can use to tighten security of the core, but the security of the BGP/MPLS IP VPN architecture depends on the security of the service provider. If the service provider is not trusted, the only way to fully secure a VPN against attacks from the "inside" of the VPN service is to run IPsec on top, from the CE devices or beyond. This document discussed many aspects of BGP/MPLS IP VPN security. It has to be noted that the overall security of this architecture depends on all components and is determined by the security of the weakest part of the solution.

Three security practices that IoT will disrupt
The early days of cloud services provided a direct challenge to central management, but this challenge has largely been beaten back by cloud services that support “external authentication” (such as Active Directory agents or SAML). The BYOD movement also challenged this tenet, but is being defeated through integrations that require common credentials to access email, IM and file servers. Now a similar challenge to centralized credential management is being mounted by the onslaught of IoT devices -- most of which only allow local user management -- and associated IoT management systems, which frequently also only allow local user management.

Hidden Obstacles for Google’s Self-Driving Cars
Among other unsolved problems, Google has yet to drive in snow, and Urmson says safety concerns preclude testing during heavy rains. Nor has it tackled big, open parking lots or multilevel garages. The car’s video cameras detect the color of a traffic light; Urmson said his team is still working to prevent them from being blinded when the sun is directly behind a light. Despite progress handling road crews, “I could construct a construction zone that could befuddle the car,” Urmson says. Pedestrians are detected simply as moving, column-shaped blurs of pixels—meaning, Urmson agrees, that the car wouldn’t be able to spot a police officer at the side of the road frantically waving for traffic to stop.

Unravelling the anatomy of Archimate
To anyone working in enterprise-architectures, Archimate ought to be the first point we turn to when starting to model any aspect of the enterprise. Unlike Zachman, for example, it places just as much attention to the ‘lines’, the connections between the ‘boxes’ (the ‘things’) of the architecture ... But to me, and to many others, it just… I don’t know… just doesn’t seem to work? Something doesn’t quite gel… something like that, anyway. It gives the sense that it ought to be right, that itought to work – but somehow it just… doesn’t. And that sense of it not-quite-working gets more and more extreme the more we try to move outward from anything but the most IT-centric of architecture views. Odd. Very odd.

Cyber attacks on US banks fuel financial sector concerns
“These capabilities are in the realm of nation-state capabilities,” said Philip Lieberman, chief executive of security firm Lieberman Software. “JP Morgan and similar entities employ sufficient technology to protect themselves from criminals, but typically fail to invest enough in technology and processes to shield themselves from nation states’ ability to access their systems at will,” he said. According to Lieberman, most financial services providers have little to no protection from nation-state attacks and are not willing to spend the money to protect themselves.

Debugging multithreaded code in real time!
We all love Visual Studio, using its breakpoints and single stepping through code to find out why a program behaves differently than expected. Alas, setting a break point or single stepping will completely change the behaviour of a multithreaded application, where it matters which thread executes which instruction in which sequence, measured in microseconds or less. Stop or delay anything in the multithreaded system and it behaves completely differently. So obviously, we cannot stop a single thread when debugging. Which means we should use tracing, looking something like this

CEO praises Juniper team and anticipates success in the cloud
Looking forward Kheradpir highlighted his plans for success saying he wants to focus on cloud builders and high-IQ networks; “Why cloud builders? Because in this current, “everything-as-a-service” application-driven economy, the cloud is our customers’ new delivery engine of innovation to their customers. As enterprises and service providers adapt to this new business model, the network experience is critical to their business. Juniper understands how to unleash the power of the cloud through High-IQ Networks.”

Quote for the day:

"Success isn't magic or hocus-pocus - it's simply learning how to focus." -- Jack Canfield

August 28, 2014

Managing Risk With Big Data & Analytics
However, scale continues to be an issue. Recent mega-breaches are often precursors to large-scale attacks that are identified by network monitors, systems, or individuals responsible for managing risk. But because there is such a high volume of attacks against major corporations, important clues may be missed, and the most critical threat information may not reach the team or executive responsible for protecting the organization in a timely fashion. To combat this problem many institutions have brought information security professionals into the boardroom.

The hunt for your strategic blind spots: Assign data scientists to the case
To understand what's in your blind spot, look for places where your competition will leave a digital trail. First, look to the obvious: your competition's direct communication channels. Sometimes a company will signal what they intend to do by their marketing messages. You should have your data scientists comb through the information on competitors' pages on Twitter, Facebook, and other social media platforms to see if they can pick up on something you may be missing. Even a simple sentiment analysis may uncover a shift in market preferences that you missed.

NASA launches massive cloud migration
The space agency will continue to move apps to the cloud and build apps in the cloud. Its goal is to move or build another 20 to 30 apps by the end of the year. "I want to give people the ability to collaborate," Kadakia said. "I want to give them a repository on the cloud where we can be doing code sharing and code reuse within NASA. And we're looking at disaster recovery as a service." NASA didn't just inch its way into Amazon's cloud offering. The agency has about 60 apps, such as its public-facing websites, on Amazon's public cloud, and 40 more, including NASA's workflow and privacy-impact applications, on Amazon's virtual private cloud, which offers a certain amount of isolation in the public cloud.

CIOs: Stop hugging your servers, start hugging the business people
You can blame the cloud or the rise of the niche vendors but few in IT management would doubt that running an IT department is a much more complex task than it once was. Vendor management is increasingly important skill according to analysts because new ways of delivering IT services introduce a high degree of risk that requires tight control. Analyst Gartner has put together a four-step strategy which it says can help:

Thinking Open Source with Phil Haack
Carl and Richard talk to GitHub denizen and former Microsoftie Phil Haack about what it means to build open source software. The conversation starts off with a reminder that back in Phil's Microsoft days, he was a huge advocate of taking various Microsoft products open source - and today it's actually happening! Phil may have moved on to GitHub, but the spirit of open source has permeated the web team at Microsoft, the ultimate manifestation being ASP.NET vNext! So what about your projects? What does it takes to make them open source, and what benefits can you expect?

Revolution in Progress: The Networked Economy
In fact, the revolution is already under way. “Over the last few decades, we’ve grown beyond the industrial economy to the IT economy and the Internet economy, each of which led to significant inflection points in growth and prosperity,” says Vivek Bapat, SAP’s global vice president for portfolio and strategic marketing. “Now we’re looking at the Networked Economy.” This new economy, resulting from a convergence of the economies that came before it and catalyzed by a new era of hyperconnectivity, is creating spectacular new opportunities for innovation. And, like any revolution, the Networked Economy is going to be big. Very big.

Listen, learn and lead: Key communication skills for IT pros
Tom Catalini is a CIO by profession, accomplished blogger and writer. He said he decided to write his new eBook as a way of paying forward the great advice he had been given throughout his career. He also noted the important role that strong communication skills play in the success of IT professionals, especially if they wish to move up the technical and managerial ranks. I asked Tom what career advice he would like to give to those reading my column. He said that people should enhance their ability to listen, because it expands their ability to learn, which enhances their ability to lead.

4 Outsourcing Mistakes Companies Still Make
There's still no script for the Great American IT outsourcing project. But today's most common outsourcing pitfalls have less to do with technology and everything to do with relationships and communication. Or lack thereof. "Both companies have to rise to the occasion to make it work," says Romi Mahajan, president of marketing consulting firm, the KKM Group, which outsources some of its IT operations. Nevertheless, communication breakdowns and finger pointing frequently derail even the best-laid outsourcing plans. Here are four missteps to avoid.

Location Data Could Become Key to Fighting Bank Fraud
BillGuard said it has been testing the location-monitoring service with a limited beta group of 7,000 cardholders. The location monitoring methods are supposed to be battery life friendly. In an online FAQ, BillGuard said it may only sample a person's geolocation two to three times a day and can often do so without activating the phone's GPS, which is a battery hog. BillGuard did not immediately provide more detail on how it tracks the location data. Some companies gather location data through wireless triangulation, which works by collecting data from cell towers. The firm's efforts are applauded by industry observers who perceive a growing appetite among consumers to let them choose stronger card controls

Apache CouchDB: The Definitive Introduction
The most notable implementations of The Couch Replication Protocol are PouchDB, Couchbase Lite (née TouchDB), and Cloudant Sync for Mobile. PouchDB is implemented in JavaScript and is designed to run in a modern web browser (including mobile browsers). Couchbase Lite and Cloudant Sync come in two flavours: one for iOS written in Objective-C and one for Android written in Java and both are meant to be embedded in native mobile applications. They are all Open Source projects separate from Apache CouchDB, but they share the same replication capabilities, although some implementation details that we explain for Apache CouchDB below differ in the various other projects.

Quote for the day:

"If you want to reach a goal, you must "see the reaching" in your own mind before you actually arrive at your goal." -- Zig Ziglar

August 27, 2014

Clinical Intelligence and Analytics: The Future of Healthcare Delivery
Our opportunity is now to enable the processes that deliver the right information, in the right context, to the right person at the right time. Our opportunity is now to keep patients as healthy as possible while minimizing admissions and care cost. Our opportunity is now to deliver better, more efficient, more valuable healthcare. And while our opportunity may be ripe now, our future—the future of the healthcare industry and the impact we can have on our communities—is only just beginning. The question is whether or not we will turn opportunity into reality fast enough, or if we will continue to lag behind as an industry.

Mobile Health Apps Have Role In Ebola Crisis
A handful of applications already exist that allow users, aid workers, and other medical practitioners to test and share results for illnesses such as HIV, malaria, and flu using only a smartphone. Why are such technologies not being used to test and track Ebola? Geo-referenced, real-time maps of infected patients could be key to tracking and controlling the spread of the virus. In a potential global crisis such as this, the World Health Organization has already called on governments to use exceptional measures, and the US FDA has bypassed its normally rigorous approval processes to fast-track military technology for civilian use.

Big Data scientists get 100 recruiter emails a day
Offering salaries of $200,000 to $300,000 for data scientists with just a couple years of experience, tech recruiters are also going after academics with experience in areas like genome mapping and breast cancer research, dangling the big bucks to get them to help figure out what search terms people use and the impact of tiny changes in online ads. ... The Insight Data Science Fellows Program, in Silicon Valley and New York City, claims to be “your bridge to a career in data science,” offering an “intensive six-week post-doctoral training fellowship bridging the gap between academia and data science.” The programs’ website claims a 100% placement rate (duh) and notes fellows with doctoral backgrounds in astrophysics, biology, statistics, and so on.

Infographic: Four Actions to Help Employees ‘Live’ Quality
A strong quality culture not only reduces the risk for customer-facing errors, but also helps companies find new sources of value in the form of improved customer experience and employee productivity. Unfortunately, 60% of employees say they work in an environment with a weak culture of quality. Our latest infographic outlines what it means to have a “culture of quality” and the four actions quality leaders should take to build and sustain it. For more culture of quality insights, join our September 10th webinar that shows how to get business partners to act on planned quality initiatives.

Disaster Recovery and Business Continuity: Putting Your Plan in Place
Many organizations are looking increasingly to third party solutions to perform a Business Impact Analysis (BIA) and handle DR and BC/BCM initiatives. For small to medium sized businesses however, many large scale DR systems can be cost-prohibitive. Before you throw a whole lot of cash at the problem, there are four key areas you need to consider ... Take the time to calculate how much you could lose with just one to two days of downtime, and then compare this to the cost of aggressively managing your DR plan. Take the time to discuss what your current plan is, train your employees – and then test it out. If it works, you will sleep well knowing that your data is protected!

Regulatory compliance challenges mount in recession’s wake
U.S. companies, particularly those in the financial services industry, continue to wrestle with compliance regulations: Recent headlines show that the current regulatory environment remains a top issue for CEOs and that many companies have difficulty measuring the effectiveness of compliance training programs. Meanwhile, in recent weeks, PricewaterhouseCoopers was fined for watering down a bank report, and a complaint filed with the Federal Communications Commission (FCC) alleges that 30-some U.S. tech giants are violating Safe Harbor agreements.

Eight steps for comprehensive BYOD governance
A comprehensive BYOD governance roadmap must therefore include goals, objectives, value statements, operating principles, policies, procedures, standards and guidelines that address the scope of required cultural and operating model changes. The roadmap should carefully balance strategies for device management and used with a focus on good user experience. Let's look at some good practices for establishing and maintaining safe and effective mobile BYOD practices. The good practices described below are adapted from "BYOD in the Enterprise – a Holistic Approach", ISACA Journal, Volume 1, 2013, S. Ravindran, R. Sadana and D. Baranwal.

Surge pricing is the next wave of digital ordering
Airlines and hotels have been surge pricing for years. But other than a “market price” for fresh fish or other rare commodities, the restaurant industry has largely stayed away. All this could soon change as mobile ordering gains momentum. Uber raises pricing on the fly based on real-time data gathered via mobile devices, the primary source for ride requests. Digital ordering for restaurants allows a similar opportunity by enabling fluid pricing. If, for example, a concert lets out at Madison Square Garden, Uber might charge higher rates to encourage drivers to come to the area.

Intel reveals world’s smallest wireless modem for the Internet of things
The entire XMM 6255 chip board with modem and other features is 300 millimeters square. It includes a SMARTi UE2p transceiver component, which operates on a tiny amount of electrical power. It has transmit and receive functionality, power management, and integrated power amplifier — all on a single chip. The smaller the chip and its components, the less electrical power they need and the less heat they dissipate. That helps them survive in conditions where Internet of things sensors are deployed. A farmer, for instance, may deploy a bunch of sensors to detect ground moisture in fields. Those sensors can send data over 3G modems to a computer, which can produce a report for the farmer on where and when he or she should water the field.

Tips for addressing cybersecurity with the board
"As hackers get better at their exploits, corporate security is failing to keep up, resulting in the main thing keeping directors up at night." ... To help those executives sleep a bit better, BitSight co-founder and CTO Stephen Boyer has shared advice with FierceCIO targeted to both board members and IT security executives on how they can "clear up the confusion and start moving the conversation forward" on cyber-security. Boyer's advice follows. Tips for board members:

Quote for the day:

"Courage is what it takes to stand up and speak; courage is also what it takes to sit down and listen." --Winston Churchill

August 26, 2014

Data Erasure Technology: Ensuring Security, Savings and Compliance
Erasing data from failed drives is critical, as up to 80 percent of them are still operational and vulnerable to data breach. Many industry standards and regulations like healthcare (HIPAA, HITECH), finance (GLBA, SOX, FACTA) and retail (PCI DSS) require data sanitization and proof of erasure for each drive in the form of auditable reports. Non-compliance may result in large fines, civil liability and costly damage to brand image. Hardware appliances that sanitize drives in-house using advanced data erasure ensure data integrity and regulatory compliance with audit-ready reports, and enable data centers to safely return failed disks to OEMs within RMA timeframes.

When transaction management becomes a business (technical) issue
Benefits of Crittercism’s mobile optimized transaction management solution include proactive visibility into the business and revenue impact of key mobile transaction performance; an ability to define and monitor true mobile transactions that span across multiple views, user interactions and service calls; and an ability to automatically track all mobile-specific dynamic states such as network connectivity changes, application backgrounding/foregrounding and user view transitions that provide complete user flow visibility.

Seven Things the CIO should consider when adopting a holistic cloud strategy
In order to successfully leverage a cloud-based solution, several things need to change that may contradict current norms. Today, cloud is leveraged in many ways from Software as a Service (SaaS) to Infrastructure as a Service (IaaS). However, it is most often a very fractured and disjointed approach to leveraging cloud. Yet, the very applications and services in play require that organizations consider a holistic approach in order to work most effectively. When considering a holistic cloud strategy, there are a number of things the CIO needs to consider including these six:

5 Ways Federal CIOs Plan to Improve Security Monitoring
"Though the CIO and [CISO] have sort a perch seat to look at the security happening in the department, the actual circumstances are that security is often performed by decentralized teams," Streufert says. "Our first recommendation on people and processes is to identify and establish your agency's continuous diagnostics and mitigation team." Streufert, speaking at a government IT forum on Wednesday, also offered several additional tips for agencies to consider when implementing their own CDM programs to secure the buy-in of both security and business workers and to evaluate the success of the initiative.

Building Information Technology Liquidity
IT organizations desperately need to embrace the concept of “liquidity”—not by having extra cash lying around, but creating agile and flexible infrastructures that can take advantage of unplanned demand. This is especially hard when an estimated 75% of the IT budget is already spent on maintaining legacy infrastructure. Even worse, IT capacity planning efforts are often based on simple linear regression models or other quick and dirty heuristics that don’t account for huge spikes in demand such as a major corporate merger or “one-hit wonder” product.

Nginx and Android: A great on-the-go web dev tool
There are times when you just need to develop on the go. When this happens, you might not want to carry around that bulky laptop -- or maybe your only option is a tablet or smartphone. If that's the case, and you have an Android device handy, you're in luck! The Nginx (pronounced engine-x) web server is great way to have a portable web server for testing, developing, and even serving up web pages. NAMP (nginx android web server) is a 10-day trial app (after the trial, the cost of a license is $0.99 until Sept 1st, 2014, after which the price will raise to $4.99). Here are some of the app features:

GCHQ produces BYOD guidelines for organisations
“With the rapid increase in the use of mobile devices - and the growth of remote and flexible working - staff now expect to use their own laptops, phones and tablets to conduct business,” said the document. The guidance has been produced for both public and private organisations. Due to the involvement of the CPNI, the guidelines will be also aimed at companies involved in the UK’s critical national infrastructure, such as energy, transport and banking firms. But the document also encourages public sector organisations working at the lowest security standard (official) to seek further guidance from CESG before implementing BYOD.

Shadow cloud services pose a growing risk to enterprises
"There is a new form of shadow IT and it is likely more pervasive across the company" than many might imagine, given the easy access to cloud services, Beston said. "It is harder to find, because it is being procured at small cost and is no longer operating within the bounds of the company." ... "Shadow cloud is happening under the radar" at many organizations, Beston said. Without governance, such cloud services present significant data security risks and the potential for technology and service redundancies. Risks include inadvertent exposure of regulated data, improper access and control over protected and confidential data and intellectual property and breaching of rules pertaining to how some data should be handled.

5 Ways to Steal Your Innovations
It is the dream of most small manufacturers to invent a new product and sell it to a larger company to handle all of the manufacturing and marketing. The dream includes getting a big upfront payment and then relaxing as the royalty or other payments come in. Very seldom will the inventor company get all of his money up front, which means they have to negotiate some kind of agreement. These agreements are very problematic, so it is a good idea to understand the various strategies used to steal your invention, or not pay you in full. Here are five of the most common strategies used:

Analysts Say Mobile App Development Requires New Strategy, Techniques
If enterprises don't change their tune on mobile development and instead stick with traditional desktop app development techniques, their efforts will fail, said Gartner analyst Van Baker last week. "Enterprise application development teams use traditional practices to define and develop desktop applications; however, most don't work with mobile app development, due to device diversity, network connectivity and other mobile-specific considerations," said Baker during a presentation to IT leaders in China. "Instead, [application development] managers should use functional, performance, load and UX testing, as well as agile development practices."

Quote for the day:

"How things look on the outside of us depends on how things are on the inside of us." -- Parks Cousins

August 25, 2014

Payment cards with chips aren't perfect, so encrypt everything, experts say
The EMV specification as it exists today is vastly complex, and vendors have made additions on top of it, which means that it's easy to make mistakes when implementing it, Anderson said. Depending on how much attention you pay, you can design a secure system using EMV or an awful one, he said. Lucas Zaichkowsky, an enterprise defense architect at AccessData whose previous jobs involved investigating credit card breaches and assessing compliance with payment card security standards, agreed with Anderson. "People think that if we switch to EMV, these breaches will go away, but that's not true," said Zaichkowsky, who also held a presentation about POS system architecture and security at Black Hat.

A gift that keeps giving, software-defined storage now showing IT architecture-wide benefits
Software-defined storage advocates a new model, where applications and VMs are provisioned at the time that the user needs them. The storage resources that they need are provisioned on-demand, exactly for what the application and the user needs -- nothing more or less.  The idea is that you do this in a way that is really intuitive to the end-user, in a way that reflects the abstractions that user understands -- applications, the data containers that the applications need, and the characteristics of the application workloads.

Is the private cloud really a viable option for most enterprises?
Of course, private and public cloud architectures are not that pure. There are hybrid clouds, or, mixtures of private and public clouds, typically without direct portability between the private and public cloud server instances. Also, there are virtual private clouds (VPCs), which are private clouds hosted by public cloud providers, such as AWS. Moreover, there are hosted private clouds that are physical servers that may exist within a managed services provider or co-lo. The models get more cloudy as cloud technology providers come up with new ways to approach private clouds.

At Multiverse Impasse, a New Theory of Scale
The scale symmetry approach traces back to 1995, when William Bardeen, a theoretical physicist at Fermi National Accelerator Laboratory in Batavia, Ill., showed that the mass of the Higgs boson and the other Standard Model particles could be calculated as consequences of spontaneous scale-symmetry breaking. But at the time, Bardeen’s approach failed to catch on. The delicate balance of his calculations seemed easy to spoil when researchers attempted to incorporate new, undiscovered particles, like those that have been posited to explain the mysteries of dark matter and gravity.

8 Tips to Be a Better Career Negotiator
There are many places you can go to learn about a company's culture, and what past employees think of them, at places like and But don't neglect sources like press and product releases, Google News and trade sites and magazines. "Business savvy IT pros tend to conduct more research on market trends and utilize that information to negotiate offers more actively. These hires are likely to have a deeper understanding of the value of their skillsets and use that to initiate a negotiation conversation," says John Reed, Senior Executive Director with Robert Half Technology.

5 Tips to Consider When Designing Supply Chain Key Performance Indicators
You can’t predict anything with 100% certainty, and your predictive power wanes the farther out you gaze. The study of KPIs over time is all about finding patterns and signals, then applying intelligence in order to make better decisions and gain wisdom. In a previous post I focused on the pitfalls associated with supply chain KPI and metrics development. In this post, I’ll cover how businesses can improve their supply chain measurement processes by avoiding the common pitfalls by keeping in mind a few simple hints.

US warns 'significant number' of major businesses hit by Backoff malware
"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the "Backoff" malware," the alert said. "Seven PoS system providers/vendors have confirmed that they have had multiple clients affected." The malware is thought to be responsible for the recent data breaches at Target, SuperValu supermarkets and UPS stores, and the Secret Service is still learning of new infections. DHS first warned of Backoff in late July, when it noted the malware was not detectable my most antivirus software. That made it particularly difficult to stop, because much of the fight against computer viruses and malware rests on antivirus applications.

Cybersecurity's hiring crisis: A troubling trajectory
Solving this crisis turns out to be as complex as defining what constitutes a "qualified hacker" -- in a business where having a pedigree can actually have you considered to be less qualified, and being unhirable by traditional standards is… almost desirable. Chris Hoff is the Vice President, Strategy and Technical Marketing Engineering – Security, Switching, and Solutions BU at Juniper Networks. Hoff told ZDNet that vendors are experiencing difficulty finding suitable candidates "in a highly competitive job market that have the required experience in a number of emerging disciplines such as advanced malware detection/mitigation, reverse engineering, forensics, crypto, virtualization and cloud."

Improve collaboration with enterprise video
In this webinar, Irwin Lazar, vice president and service director at Nemertes Research, explains how enterprise video can alleviate these issues to improve collaboration and engagement among employees. According to Lazar, the past two years have seen a push for enterprise video adoption, largely due to lower video costs, tight travel budgets and wider availability of HD video conferencing systems. Enterprises that adopt video to improve collaboration see benefits that range from better non-verbal communication to increased productivity.

Henri Eliot: Where cybersecurity and the boardroom intersect
A comprehensive cyber security plan requires the appropriate culture and tone at the top, which includes an awareness of the importance of security that extends from the C-suite to the professionals in each function, since breaches can occur at any level and in any department. The CEO should make it clear that cyber security is a major corporate priority, and should communicate that he or she is fully on board with enforcing compliance with policies and supports efforts to strengthen infrastructure and combat threats.

Quote for the day:

"Humility is a great quality of leadership which derives respect and not just fear or hatred." -- Yousef Munayyer

August 24, 2014

Managing Agile Teams with Project Managers
Adopting agile in organizations usually impacts the role and activities of project managers. Scrum offers the possibility for project managers to become Scrum masters or product owners. Project managers can also adopt their way of working and the things they do to work together with Scrum masters and agile teams. Jim Bird wrote the blog post agile - what’s a manager to do? in which he discusses how agile projects can be managed and the role of project management when working with agile teams. He explains the view of Scrum on project management and managers:

A Startup Hopes to Teach Computers to Spot Tumors in Medical Scans
Use of machine learning has exploded in recent years as high-powered computers have grown more advanced and algorithms have gotten better at teaching computers to recognize patterns. Most recently, some machine learning efforts have sought to mimic the physical workings of the human brain, either in software or in hardware (see “Thinking in Silicon”)—an approach often referred to as “deep learning.” Show a computer enough images of a yellow taxi driving down the street, for instance, and it’s possible for it to start to recognize yellow taxis whether they’re on a street or somewhere else. That is the strategy Enlitic is employing.

5 Tips for Agile Enterprise Architecture Innovation
More and more, IT is focused on reliability while the business side is pushing for tech innovation and new tech adoption. Enterprise architects and tech execs are right to be cautious about latching on to the next-big-thing, but there’s also little good done by ignoring this unprecedented wave of business interest and “shadow” adoption. Forrester Research analyst Brian Hopkins recently highlighted a handful of areas enterprise architects can stay grounded in their needs while reaching for innovation and agility. Here are five tips for fostering innovation and agility in EA development as adopted from Hopkins and Forrester’s “Emerging Technology playbook.”

Approach to Building an Enterprise Architecture
The Enterprise Architecture brings together Governance, Services, and Emerging Technology, identifying where these core entities sit and how they fit in and link to the Enterprise Architecture – including the business, systems components, technical and data reference models. Enterprise Architecture requires an iterative project approach, which provides for early deliverables that are progressively refined in subsequent milestones. In addition to evaluation of currently proposed Information Technology projects, current Information Technology environment must be evaluated at high level to provide understanding of Enterprise Architecture implications.

Seven tips on how to forecast future architecture needs
If predicting the future is so difficult, then the role of the Enterprise Architect in defining future architectures is a high risk task! And yet, this is a key part of what enterprise architects do on an almost daily basis. There is an ever-emerging continuum – from the past through the present to the future – and as a history graduate I am well aware of our need to position future architecture needs as an evolution from the past and the present. ... One of the unique characteristics of enterprise architecture is its aim to provide a coherent sense of direction across the multitude of investments that are made in separate projects and change programs.

A Better Way to Streamline the Applications Portfolio
Most CIOs are painfully aware that legacy applications are expensive to maintain. To free up IT budgets to develop new capabilities and innovative technologies, CIOs periodically launch projects to rationalize their applications portfolios. Their goal is to reduce redundant capabilities while retaining applications that deliver the greatest business value at the lowest cost. These projects typically follow a “big bang” approach in which the company develops a rationalization plan that entails retiring, replacing, consolidating, or launching many applications within a short time period. But such all-encompassing efforts have significant drawbacks.

What UX is and isn't?
User experience runs deep, is way more than the UI, and starts in the abstract with the strategy. What are the business, creative, or other internal goals? What does the user want to accomplish and what are their goals? At this level, UX is involving the team in user research, interviews, observations and the like. From there, we can start to discuss the scope needed to obtain the company, customer and user goals. Getting a little more concrete, we can then look at the structure needed to support the scope. UX will be working with the team on the flow of user tasks, interactions and how the information will be put together for easiest consumption.

The 3 Pillars of Data Quality
The cost of handling a CRM record can be massive. A Sirius Decisions study showed that it costs a company $1 to prevent one bad record from entering a CRM system, $10 to correct that bad record after it is entered into your CRM, and even worse, it costs $100 if nothing is done, as the ramifications of the bad data are felt over and over again. To stop this downward spiral, use the three pillars of data quality.

Information Governance Can Be a Key to Drive Efficiency
Compliance is a key reason for organisations to invest in better IT and management solutions, many of which tend to focus on one area alone - password management. In fact, good IT systems and information security policies should ensure that users no longer have to wait for accounts to be created and that NHS Trusts no longer have users sharing passwords, using generic accounts or staff enjoy having access rights that are no longer relevant to their role. ... The latest report labels current information governance arrangements as having become worse - less stringent - and it has led to confusion as a result of the volume of reconfigurations and staff changes across the NHS.

10 Steps to Organize and Facilitate a Successful Requirements Gathering Meeting
Some of the most important tasks a Business Analyst (BA) performs include eliciting, documenting, and analyzing requirements for a project. The technique that I use most when I am playing the role of a BA on a project and need to gather requirements from the stakeholders is to organize and facilitate a successful requirements gathering meeting. Below I have documented 10 steps that I recommend you follow as a guideline to help you organize and facilitate a successful requirements gathering meeting.

Quote for the day:

"If we could sell our experiences for what they cost us ... we would all be millionaires. " -- Abigail Van Buren

August 23, 2014

C++14 Is Here: New Features
C++14, the new C++ standard succeeding C++11, has been finally approved and is heading to ISO for publication this year. While improvements in C++14 are "deliberately tiny" compared to C++11, says C++ creator Bjarne Stroustrup, they still "add significant convenience for users" and are a step on the route to make C++ "more novice friendly." Within the C++ timeline, C++14 was planned as a minor release to complete the work that produced the C++11 standard, with the aim of becoming a cleaner, simpler, and faster language. New language features are left for the coming C++17 standard.

Five Levels of Big Data Maturity in an Organisation
Once the IT department is capable of working with Big Data technologies and the business understands what Big Data can do for the organisation, an organisation enters level 3 of the Big Data maturity index. Business adoption will result in more in-depth analysis of structured and unstructured data available within the company, resulting in more insights and better decision-making. Level 4 is the adoption of Big Data across the enterprise and results in integrated predictive insights into business operations and where Big Data analytics has become an integral part of the company’s culture. This level is the last level before a completely data-driven organisation that operates as a “data service provider”.

Improving Query Performance Using Partitioning in Apache Hive
Generally, Hive users know about the domain of the data that they deal with. ... In non-partitioned tables, Hive would have to read all the files in a table’s data directory and subsequently apply filters on it. This is slow and expensive—especially in cases of large tables. The concept of partitioning is not new for folks who are familiar with relational databases. Partitions are essentially horizontal slices of data which allow larger sets of data to be separated into more manageable chunks. In Hive, partitioning is supported for both managed and external tables in the table definition as seen below.

PCI DSS 3.0 Compliance Deadline Approaches. Will it Make Any Difference?
“There is more of a move to continuous compliance, but really that’s not something most organizations are ready for,” he said. “It will be interesting to see if anything changes.” If things do change, it may be at least in part because of increased awareness of the damage that a high-profile breach can cause. “Data security has become a board-level topic of discussion,” Borenstein said. “Executives recognize that the impact of a serious card loss breach can have a significant impact on customer perception, stock price, and more.”

The Value of Culture: Would you offer a new hire $1000 to quit?
Culture is not a singular element, but is made up of two mutually reinforcing elements—values and practices—which are easy to confuse. Mistaking practices for values is why success so often breeds failure. Xerox, for example, had a culture devoted to technical excellence and produced the world’s best performing copiers. It built up a great sales and service organization so that its customers could get the most out of their products. Yet that all came to naught when Canon and Ricoh started selling simpler, cheaper copiers that needed less maintenance.

Will Microsoft's Satya Nadella dump Windows Phone and the Xbox?
As for the the divisions that sell the Xbox, Surface, and Windows Phone devices, they practically contribute nothing. Computing and Gaming (C&G) Hardware, which makes the Xbox and the Surface, had a gross margin of 1% for the quarter. Phone Hardware had a gross margin of 3%. And even those dismal numbers overstate how little those divisions add to Microsoft's bottom line. Keizer says that C&G Hardware contributed only 0.1% of the company's gross margin, and Phone contributed only 0.3%. Under a strategy devised by former CEO Steve Ballmer, Microsoft was a devices and services company. Clearly, Microsoft couldn't get rid of hardware if half of its mission was to sell devices.

Renee Troughton on Agile Australia, Pragmatic Scaling and Non-violent Communication
Dealing with scaling up teams and scaling product at the same time is very rarely talked about, but interestingly Scrum of Scrums was originally around eight people and at our last count we now have twenty people at our Scrum of Scrums. ... we are getting the questions answered and the risks raised that we need to get handled, at the end of the day it’s still a very functional Scrum, everyone that is there needs to know the information that is coming out of it, so sometimes it is about knowing when you can effectively brake the rules at scale. It’s not an ideal situation to have twenty people around one board, but it works.

Multi-Tenancy Design Consideration
Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, code portability, maintainability and platform agnostic support? The answer is doubtful. A multi-tenant application is a software where a shared code base installed on a single instance/pool serves 1…N client / tenants Architecting or designing a Multi-tenant application really needs a huge effort for handling all complexities from data security to UI display.

Half of UK IT unfamiliar with software-defined datacentres, shows study
“Through the use of software as opposed to hardware, an SDDC can offer businesses a fast, incredibly flexible way to not only virtualise their IT, but increase levels of flexibility, agility and control from the application layer down. It can remove barriers and enable business transformation," according to Linsell. Joe Baguley, VMware’s Europe CTO, previously predicted that software-defined everythingis changing the design, function and price points of datacentres. “Datacentres of tomorrow will not be populated with name-brand products,” he said.

US agencies to release cyberthreat info faster to healthcare industry
Information sharing has come a long way, she said, but still can be improved. Vetting information takes time, but DHS is looking at ways to speed up the process, she said. While Rosanova talking about healthcare providers sometimes needing security clearances to get threat information, those clearance aren't the "secret sauce," Castro said. Instead, participating in a collaborative environment, such as HITRUST's monthly threat briefing, will help drive forward more information sharing, she said. "The more collaboration you do like this, the better off you will be," he said.

5 ways to be a leader who gets it
To some, being a leader is just a job. But to others, it’s a choice, a calling even, to inspire others to engage, perform, and achieve. The women and men who make this choice are skilled in a number of areas that bring out the best in everyone and everything. They’re leaders who get it. Their secret sauce?  ... what social scientists call motivated blindness, a “systemic failure to notice unethical behavior in others when it’s not in our interest to do so.” Leaders who get it don’t sacrifice people and principles for profits

Quote for the day:

"Follow effective action with quiet reflection. From the quiet reflection will come even more effective action." -- Peter Drucker

August 22, 2014

How Big Data Is Changing Insurance Forever
Progressive say they have already collected a trillion seconds of driving data, by monitoring 1.6 million of their customers, and that this data is being used to build a picture of how people drive in general – which individual driving behaviour can be compared against. ... And it isn’t just our cars that insurance companies want to attach sensors to – health insurers are increasingly looking at ways they can monitor our lifestyle and activity levels to determine how likely we are, or will be in the future, to make expensive medical claims. Oscar is a health insurer currently only available to New York residents which claims to be built on big data from the ground up

BYOD: California Ruling A Wakeup Call
The key word in that disposition is "required," and isn't that really the opposite of the spirit of BYOD? When I look at BYOD, it is an optional benefit, not a requirement for employees. BYOD gives employees the choice to use their own devices if they so choose, but is not a requirement of their job. This is where your BYOD policy becomes crucial in determining how and whether employees will have access to data and a right to reimbursement for usage, if any.

Big data could bring 'second Age of Enlightenment', says PwC partner
“The next Data Protection Act will give consumers the right to be forgotten by companies,” said Tod. “A directive is working its way through Europe now. When this becomes law it will become more difficult to track visitors. There will be more protocols. “We may well now be in a golden age of big data. The regulators and consumer behaviour will catch up.” Tod, who will address Abta’s Travel Convention in Ljubljana, Slovenia, next month on ‘the power of data’, said: “We have more data and more analytical ability and there is no excuse for not participating. The costs have fallen to $1,000 a year using something like Amazon Web Services. Google Analytics is free.”

IBM SoftLayer: Data center as a service (DCaaS)
However, for many large enterprise clients, having an IaaS does not help solve their data center needs. Many of these clients have performance, management and security requirements which prevent them from moving into a “black box” environment where they have no insight or control over how such attributes are managed. In my opinion (and as many experts have mentioned in other blog posts on SoftLayer topics), the primary differentiator of SoftLayer is its ability to support bare metal servers. With the combination of networking infrastructure provided by SoftLayer and bare metal server offerings, any enterprise can now move away from its existing data center into a SoftLayer data center.

Lessons Learned From UPS Store Breach
Security experts praised the UPS Store for its quick response. "This probably stopped it (the infection) from getting much worse," Chris Wysopal, chief technology officer for Veracode, said. Because hackers are looking for network credentials, retailers need to make a list of the employees and vendors with remote access and restrict their privileges to those resources that are absolutely necessary. Also, passwords should be changed at least every six months and when vendors are dropped or employees leave, their credentials should be revoked immediately.

Contextual Intelligence
Context matters. This is not news to social scientists, or indeed to my colleagues who study leadership, but we have paid it insufficient attention in the field of management. There is nothing wrong with the analytic tools we have at our disposal, but their application requires careful thought. It requires contextual intelligence: the ability to understand the limits of our knowledge and to adapt that knowledge to an environment different from the one in which it was developed. Until we acquire and apply this kind of intelligence, the failure rate for cross-border businesses will remain high, our ability to learn from experiments unfolding across the globe will remain limited, and the promise of healthy growth worldwide will remain unfulfilled.

Largest HIPAA Breach: Hackers Steal Data on 4.5 Million Patients
A hacking group known as “APT 18” is suspected of stealing names, Social Security numbers, addresses, birthdays and telephone numbers from 4.5 million patients of Community Health Systems, a network of 206 hospitals across 29 states (see map at right). Credit card numbers and medical records were not accessed. It’s the largest attack involving patient information since the HHS started tracking HIPAA breaches in 2009, passing a Montana Department of Public Health breach that affected roughly 1 million people.

Quantitative Methodologies Assisting Performance Testing
A common misconception that performance testing activities under this testing arena is to basically use a load-testing tool to script the business scenario, execute the test and submit the results, but many are not aware the importance of basics (Quantitative Analysis / Methodologies) related to performance testing that are usually missed out or probably under the illusion that these are not required or might not come under their respective domain of work or nature of work activity. This gets very much misquoted when not properly communicated to the testing teams.

Michael Daniel's Path to the White House
In discussing his role, Daniel says understanding the economics and psychology of cybersecurity is a big challenge. "At a very fundamental level, cybersecurity isn't just about the technology but it's also about the economics of cybersecurity," he says. "Intruders get in through those holes that we know about that we could fix," he says. "The question is, 'Why don't we do that?' That clearly leads me to the conclusion that we really don't understand all of those economics and psychology [situations] well enough." In the interview, which was interrupted when he was called to the West Wing, Daniel discusses:

Developing Talent for Large IT Projects
Large IT programs are sometimes highly stressful; they can entail considerable overtime, they’re met with little appreciation from the broader organization because of the disruption the programs might cause, and they depend on the work quality of others. Having the right culture to overcome these challenges is essential. According to a McKinsey study of organizational archetypes and characteristics of winning organizations, the culture of a large IT program should be built on three pillars. One is clear direction that inspires employees. Large technology investments have the ability to dramatically improve business performance, but too often the focus on business value is lost in the day-to-day efforts of the project. Frequent town-hall meetings can help to remind teams of the impact of their work.

Quote for the day:

"To handle yourself, use your head; to handle others, use your heart." -- Eleanor Roosevelt

August 21, 2014

Google fills the gap between IaaS and PaaS
"We don't think there's platform as a service and infrastructure as a service," said Dan Belcher, a Google product manager, at a recent roadshow in Cambridge, Mass. "We really think about a continuum of the level of control and management that you want us to handle and that you'll handle yourself." Developers choosing between infrastructure and platform services face too many tradeoffs, so there is still plenty of room to improve the ability to run workloads in the cloud and eliminate the either-or scenario, Belcher said.

Chief Compliance Officers: Five Steps to Hiring the Right Team
“It’s no longer about being reactive, but proactive,” says Kate Quinn, executive vice president with search firm DHR International in New York, specializing in capital markets and asset management. “Nobody wants a regulator calling to discuss a short-coming. It’s far better to catch things early on than to fix a problem later. Compliance is about following the rules and taking the preventative steps to ensure the fund or entity is following the rules, while still making money.” Granted, CCOs have always had to keep abreast of regulations, establish internal policies and procedures to meet them, document their work and ensure that everyone follows the rules.

Should the Entire Internet Be Encrypted?
What ties all these headlines together? Your online presence is being tracked, monitored, intercepted, evaluated, and compromised. With something like Heartbleed, you would pretty much be helpless if the online assets of a company that you were working with were compromised. You can mitigate your online footprint slightly by using features like “Incognito” mode in Google Chrome, or a “Private” tab in Opera web browsers, but these options really only eliminate local tracks. This is where the IceBrowser comes in. One of the best ways to cover your tracks and secure your Internet usage is through a VPN

Data Quality – Who’s Responsible
Data quality management is an important job and Everybody is sure that Somebody will do it. Anybody can do it, but Nobody does. Somebody got angry about that because it was Everybody’s job. Everybody thinks that Anybody can do it, but Nobody realises that Everybody won’t do it. In the end, Everybody blames Somebody when Nobody does what Anybody could do. Accurate data is undoubtedly the cornerstone of industry, but a lack of standardised data prevents efficient information exchange between departments and subsidiaries and impedes decision-making and understanding of business problems.

PaaS Debate Heats Up At Interop
With microservices, each service in an application runs in its own virtual machine or Linux container. Part of developers' excitement about the Docker container system is that it provides a detailed format for doing this, allowing services to be linked and nested in relation to each other and moved around as necessary. The microservice approach also makes them more maintainable. When a master copy of a service is modified and proven by testing, the order can be given for all containers running the service to get an automated upgrade.

The Internet of Things Brings Legal Gotchas to CIOs
“Many of the legal issues are not well understood even by sophisticated privacy practitioners,” says Christopher Wolf, a partner at the law firm Hogan Lovells. “In the world of sensors rather than computer screens, the legal issues are challenging.” The Federal Trade Commission last September took its first action against an Internet of Things manufacturer. TRENDnet, which marketed its Internet-connected cameras for home security and other uses, settled with the FTC over faulty software that left its cameras vulnerable to online viewing and listening.

Regulatory pressure accompanies changing IT landscape
Monitoring multiple devices for every employee at an organization is a challenge. The virtualized enterprise is not just about technology, though. Whether you are working at a firm in New York City or on an island, the expectation is that you will be working quickly and with more agility. You have to be able to do work on a range of mobile of devices. Everyone expects a high level of manageability and efficiency. And no one wants to pay extra money for these capabilities.

New attacks secretly use smartphone cameras, speakers and microphones
Have you ever stopped to think of the front-facing camera on your phone as a keylogger? How far away do you hold your smartphone from your face/eyes? The researchers demonstrated how an “attacker can use reflections in the user’s face to perform keylogging with a smartphone’s front camera.” This attack works even on phones with wretched megapixel cameras; phone “cameras with only 2MP are already sufficient for corneal keylogging if the phone is held in not more than 30 centimeters (11.8 inches) distance. Cameras of 32MP even allow for keylogging operations if the phone is held at 60 cm (23.6 inches) distance.”

Beefed-up Couchbase Server 3.0 beta targets developers and admins
"In addition to foundational changes, like the advanced stream-based protocol and tunable memory, which improve performance and enable Couchbase to support many new use cases, we have dramatically improved the developer experience making it easier to build and extend applications built on Couchbase," Couchbase VP products and engineering Ravi Mayuram said in a statement. The stream-based DCP improves speeds by removing bottlenecks, and helps the way increased memory and network capabilities are used, according to Couchbase. Among other benefits, it lists better view performance and the immediate streaming and rapid indexing of changes made to documents to enable data queries at near real-time speeds.

SOA and API Schism and Unification
When creating a unified architecture strategy embracing SOA and REST, a logical next question is when to create a service or an API. From a messaging perspective, services and APIs have similar attributes. They are both network accessible endpoints delivering data or triggering a transaction. From an architecture perspective, both services and APIs provide an opportunity to create loosely coupled solutions exhibiting separation of concerns. Many architects and developers desire to extend their Service Oriented Architecture (SOA) with APIs, but are not clear on when to create a service or create an API.

Quote for the day:

"The most important thing in communication is hearing what isn't said" -- Peter Drucker

August 20, 2014

Software-Defined Networking: Beyond the Hype
New and groundbreaking technologies tend to focus on innovation rather than practicality, so security is typically the last feature added to any new revolutionary piece of software. In other words, even though security is becoming increasingly important, it’s often prioritized later in the game. But with SDN making 75 percent of network and security configurations, the business risk for data breaches increases greatly without sufficient oversight. To curb this, you will have to be just as proactive and cautious about security as the admins working on legacy infrastructure.

5 Ways To Beat The Digital Disruption Curse
Rather than just focusing on collaboration efforts across IT (a la DevOps), look for opportunities to unify digital teams across lines-of-business. One manufacturer I know did this by forming a cross-business DevOps style team tasked with integrating proprietary plant equipment with ERP for more seamless stock replenishment. In this case, IT teams provided expertise in security and standards, while engineers guided app development and analytics -- a perfect digital business combo.

Google SSL Decision: IT's Chance To Be A Hero
Unlike past algorithm tweaks that focused on keyword relevance and metadata optimization, this change requires IT to get the business ahead of the game or at least keep it playing. In the interim between now and when the full effects of the new algorithm begin to have an impact on organizations your business has an opportunity to gain a competitive advantage by ensuring it's SSL-enabled -- before the competition. Google's post gives seven specific steps to take. This change puts the ball squarely in IT's court. It is only within the bowels of IT that SSL can be enabled, whether implicitly on every application server that might deliver an app that will be affected, or explicitly via an SSL-enabled reverse proxy architecture.

IDG Survey – State of IT Cyber Defense Maturity
Download this IDG global survey report based on responses from over 1500 IT security professionals that sheds light on the state of cyber defense maturity. In addition to affording new incident and violation trends across industry and region, the results yield insights into IT security management capabilities, deficiencies and planned investments. Read it and see where your organization fits on the IT cyber defense maturity spectrum compared to your peers. The report delivers insights on: Network Complexity, Exposure; Diversity and Issue Velocity; and Challenging Security Management

The Next Battleground In The War Against Quantum Hacking
So in the cat and mouse game of information security, physicists have been fighting back by designing equipment that is more secure. Today, Nitin Jain at the Max Planck Institute for the Science of Light in Erlangen, Germany, and a few pals show how the changes still leave the equipment open to attack but at the same time reveal how the next generation of quantum cryptography could be made better. In quantum key distribution, Alice sends information to Bob encoded in the polarisation of single photons. So she might send a sequence of 0s and 1s as a series of photons polarised horizontally and vertically. Bob can then use this information as the key to a one-time pad for sending information with perfect security. Hence the name quantum key distribution.

Moving to the Cloud: 3 Data Integration Facts That Every Enterprise Should Understand
Overall, there seems to be two types of enterprises: First are the enterprises that get the value of data integration. They leverage the value of cloud-based systems, and do not create additional data silos. Second are the enterprises that build cloud-based data silos without a sound data integration strategy, and thus take a few steps backward, in terms of effectively leveraging enterprise data. There are facts about data integration that most in enterprise IT don’t yet understand, and the use of cloud-based resources actually makes things worse. The shame of it all is that, with a bit of work and some investment, the value should come back to the enterprises 10 to 20 times over.

Integrating R with production systems using an HTTP API
Today, two problems — one technical, and one organizational — create friction when trying to integrate R code into existing software applications. First, while R is a great language for analytical code, most enterprise software systems are written in more general purpose languages, such as Java, PHP, C#, C++, or even data pipeline tools such as Informatica or Microsoft’s SSIS. Invoking R code from these languages requires some non-trivial technical work, or translation to another language. This leads to the second problem: in most companies, software engineering teams are separate from analytics teams, so when analysts need engineering help, they are forced to compete against other priorities, or they must do their own engineering.

Data Governance: The Silent Hero to Achieving MDM Triumph
As the challenge to manage critical organizational data grows, businesses are increasingly embracing data governance strategies to protect the integrity of their valuable enterprise assets and to get the most from their master data management initiatives. Andrew White of Gartner recently blogged about the data governance challenge, saying, “In 2012 and 2013, a notable number of end users were struggling to embed the work of governance and stewardship in normal, day to day work of business users. Many firms are continuing to struggle with this. It is perhaps one of the major challenges of MDM and ANY information governance effort in this decade.” Designed to give control processes for data stewards and data custodians, data governance is more of a methodology than a tool.

3D Printing will Transform the Corporate IT Environment
The rise of 3D printing is likely to lead to the re-invention of many old products, as well as the introduction of extraordinary new innovations. Since these processes can print virtually anything that can be designed on a computer—thus eliminating the limitations posed by machine tools, stamping and moulding— engineers and designers will no longer be limited in their designs because of previous manufacturing technologies. In fact, the use of the technology has evolved beyond initial imagination with 3D printing technology being studied by biotechnology firms and academia for possible use in tissue engineering applications – in which organs and body parts are built using inkjet techniques.

PUE - the benevolent culprit in the datacentre
By some estimates, many datacentres are actually only using 10-15% of their electricity to power servers that are actually computing something. Companies should minimize costs and energy use, but nobody invests in a company solely based on how efficiently they move electricity. Datacentres are built and maintained for their computing capacity, and for the business work that can be done thereupon. I recommend correlating computing and power efficiency metrics with the amount of useful work and with customer or end user satisfaction metrics. When these factors are optimised in a continuous fashion, true optimization can be realised.

Quote for the day:

“True leaders bring out your personal best. They ignite your human potential”. -- John Paul Warren