September 21, 2014

What to Expect With Windows 9
That's what we know for sure. Everything else is conjecture, but it's backed by a string of revelations based on build 9834 of the Windows Technical Preview, which appears to have fallen into the hands of the folks at the German-language site WinFuture is dribbling out screenshots and videos, turning a buck by pasting Netflix, Hornbach, and Peugeot ads on the front of their leaked videos. Somebody in Redmond must be fuming. Here's a recap of what's been revealed, starting with the features I described last week:

To Integrate or Not to Integrate – That is the Question.
If all the data exists in centralised data warehouse, then developing the integrated view is about modelling and pre-building the relationships. If the data is distributed, integrating is about modelling and pre-building the relationships. You read correctly, logically there is no difference for there is no silver bullet to integrated data, you must still do the analysis to uncover the relationships between the data entities and the expose the pathways. When data exists on multiple platforms, the key is to understand the business driver for integration; often this is to achieve a holistic view of customer, citizen, employee, service provider, program, etc.

Why Are Organizations Still Struggling with Their Data?
Best practices exist for organizations to follow to achieve a strong information management framework and tie data to business processes enabling decision makers the ability to take actions on the insights they’ve gleaned. A variety of solutions exist in the market place providing BI access to any type of user and that are geared towards a strong IT infrastructure or small business with little to no internal IT support. Additionally, organizations understand the value their data brings to the table.

Enterprise Architecture: A Practitioner View
This article highlights our framework of Enterprise Architecture and its roadmap for the development and management of various components. It depicts how these components work together, what are the various measures of business units, enterprise and their outcome. The framework includes putting in place the proper organizational structure and hybrid business/IT roles, consolidating and standardizing information and data stores, and integrating applications and infrastructure to support the right business processes across the enterprise. The key Components of Enterprise Architecture are depicted below.

A New Era for Enterprise Architecture?
“Stop trying to explain what enterprise architecture is. Don’t talk about it. Forget IT. What you need to do, is talk to people about the problems and challenges that keep them up at night. What programs or projects need to be fixed now. As the enterprise architect, it is your job to make the connection as to how to align the technology to the mission, not theirs,” said Burke. Wang agreed. “You have to put all the focus on the mission and the outcomes. Effectively, it doesn’t matter to anyone but you how you get results. You need to ask the stakeholders, ‘What do you need?’ That’s how you get enterprise architecture to matter at agencies, you have to reframe the conversation.”

Choosing API Security Options and Fostering API Ecosystems
Rather than rely on a static random string known by both the client, authorization server, and resource server, the MAC token profile does not directly pass the access token to the resource server. The profile relies on client-side code to sign the resource request with a shared session key, and the resource server checks the signature. The client uses the signature algorithm, access token and the MAC key to calculate the request token passed to the resource server. The OAuth authorization server will issue a MAC key along with the signature algorithm, session key, nonce and an access token. The access token can be used as an identifier for the MAC key.

Security Visibility in the Enterprise
Many security tools or services promise to provide protection, deliver insight, achieve compliance, and many other things. And many projects run using vendor “best practices” leave the customer feeling either unsatisfied or overwhelmed. This program took a large corporation from basic logging for compliance using an external managed monitoring service on a journey to bringing monitoring and analysis into the core of the organization. More than a “how to” on deploying a SIEM, this paper describes common pitfalls and at least one way to avoid them. While by no means the only way to improved security visibility, the results show that success is within reach.

Critical Security Controls: How to Apply the Lessons Learned
So, why don’t we take what others have learned from previous incidents and apply it to our own security practices? The good news is that we are heading in the right direction. A new SANS analyst survey recently reported that now 90 percent of participating organizations have implemented or are planning to implement the Critical Security Controls (CSCs), including a greater increase in adoption from entities in the financial and government sectors. With the survey respondents ranging across all industries, job roles and workforce size, the results show greater overall security awareness and support of the benefits brought by implementing the CSCs.

Data, Data Everywhere, With Governance Around the Corner
Data quality issues are common in the industry, but they are less common among carriers with formal data governance initiatives in place. The top challenge carriers face when it comes to data is collecting and analyzing data quickly enough. A fragmented data environment follows, with poor data quality the third top issue. These problems build on each other; a fragmented data environment makes it difficult to collect the data quickly, and poor data quality makes it difficult to analyze and use the data to make better decisions.

Factoring Security Into Data Governance
The European Union's Cybersecurity Strategy and the European Commission's Directive on Network and Information Security, now in place, was a long-shot for passage a year ago, Crisp notes. There is a social element to data, namely the possibility that hackers can use social engineering to gather information on data users and deceive them through social familiarity to gain access, Crisp says. Along with the EU directive, regulators in European nations want firms to demonstrate what systems and organization they have in place, for data protection.

Quote for the day:

"A healthy attitude is contagious but don't wait to catch it from others. Be a carrier." -- Tom Stoppard