August 25, 2014

Payment cards with chips aren't perfect, so encrypt everything, experts say
The EMV specification as it exists today is vastly complex, and vendors have made additions on top of it, which means that it's easy to make mistakes when implementing it, Anderson said. Depending on how much attention you pay, you can design a secure system using EMV or an awful one, he said. Lucas Zaichkowsky, an enterprise defense architect at AccessData whose previous jobs involved investigating credit card breaches and assessing compliance with payment card security standards, agreed with Anderson. "People think that if we switch to EMV, these breaches will go away, but that's not true," said Zaichkowsky, who also held a presentation about POS system architecture and security at Black Hat.

A gift that keeps giving, software-defined storage now showing IT architecture-wide benefits
Software-defined storage advocates a new model, where applications and VMs are provisioned at the time that the user needs them. The storage resources that they need are provisioned on-demand, exactly for what the application and the user needs -- nothing more or less.  The idea is that you do this in a way that is really intuitive to the end-user, in a way that reflects the abstractions that user understands -- applications, the data containers that the applications need, and the characteristics of the application workloads.

Is the private cloud really a viable option for most enterprises?
Of course, private and public cloud architectures are not that pure. There are hybrid clouds, or, mixtures of private and public clouds, typically without direct portability between the private and public cloud server instances. Also, there are virtual private clouds (VPCs), which are private clouds hosted by public cloud providers, such as AWS. Moreover, there are hosted private clouds that are physical servers that may exist within a managed services provider or co-lo. The models get more cloudy as cloud technology providers come up with new ways to approach private clouds.

At Multiverse Impasse, a New Theory of Scale
The scale symmetry approach traces back to 1995, when William Bardeen, a theoretical physicist at Fermi National Accelerator Laboratory in Batavia, Ill., showed that the mass of the Higgs boson and the other Standard Model particles could be calculated as consequences of spontaneous scale-symmetry breaking. But at the time, Bardeen’s approach failed to catch on. The delicate balance of his calculations seemed easy to spoil when researchers attempted to incorporate new, undiscovered particles, like those that have been posited to explain the mysteries of dark matter and gravity.

8 Tips to Be a Better Career Negotiator
There are many places you can go to learn about a company's culture, and what past employees think of them, at places like and But don't neglect sources like press and product releases, Google News and trade sites and magazines. "Business savvy IT pros tend to conduct more research on market trends and utilize that information to negotiate offers more actively. These hires are likely to have a deeper understanding of the value of their skillsets and use that to initiate a negotiation conversation," says John Reed, Senior Executive Director with Robert Half Technology.

5 Tips to Consider When Designing Supply Chain Key Performance Indicators
You can’t predict anything with 100% certainty, and your predictive power wanes the farther out you gaze. The study of KPIs over time is all about finding patterns and signals, then applying intelligence in order to make better decisions and gain wisdom. In a previous post I focused on the pitfalls associated with supply chain KPI and metrics development. In this post, I’ll cover how businesses can improve their supply chain measurement processes by avoiding the common pitfalls by keeping in mind a few simple hints.

US warns 'significant number' of major businesses hit by Backoff malware
"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the "Backoff" malware," the alert said. "Seven PoS system providers/vendors have confirmed that they have had multiple clients affected." The malware is thought to be responsible for the recent data breaches at Target, SuperValu supermarkets and UPS stores, and the Secret Service is still learning of new infections. DHS first warned of Backoff in late July, when it noted the malware was not detectable my most antivirus software. That made it particularly difficult to stop, because much of the fight against computer viruses and malware rests on antivirus applications.

Cybersecurity's hiring crisis: A troubling trajectory
Solving this crisis turns out to be as complex as defining what constitutes a "qualified hacker" -- in a business where having a pedigree can actually have you considered to be less qualified, and being unhirable by traditional standards is… almost desirable. Chris Hoff is the Vice President, Strategy and Technical Marketing Engineering – Security, Switching, and Solutions BU at Juniper Networks. Hoff told ZDNet that vendors are experiencing difficulty finding suitable candidates "in a highly competitive job market that have the required experience in a number of emerging disciplines such as advanced malware detection/mitigation, reverse engineering, forensics, crypto, virtualization and cloud."

Improve collaboration with enterprise video
In this webinar, Irwin Lazar, vice president and service director at Nemertes Research, explains how enterprise video can alleviate these issues to improve collaboration and engagement among employees. According to Lazar, the past two years have seen a push for enterprise video adoption, largely due to lower video costs, tight travel budgets and wider availability of HD video conferencing systems. Enterprises that adopt video to improve collaboration see benefits that range from better non-verbal communication to increased productivity.

Henri Eliot: Where cybersecurity and the boardroom intersect
A comprehensive cyber security plan requires the appropriate culture and tone at the top, which includes an awareness of the importance of security that extends from the C-suite to the professionals in each function, since breaches can occur at any level and in any department. The CEO should make it clear that cyber security is a major corporate priority, and should communicate that he or she is fully on board with enforcing compliance with policies and supports efforts to strengthen infrastructure and combat threats.

Quote for the day:

"Humility is a great quality of leadership which derives respect and not just fear or hatred." -- Yousef Munayyer