March 17, 2015

Facebook Makes Open Source Networking a Reality
The Six Pack is not currently running in Facebook data centers at scale. The new switches are being tested in production in several parts of the infrastructure, Ahmad said. The Facebook network switch that is already running at scale is the top-of-rack switch called Wedge, which the company announced in June of last year. At this month’s summit in San Jose, Facebook said it would contribute the Wedge spec to OCP as well. Not only will the spec be available, but there’s also already a vendor that will sell Wedge switches. They will be available from the Taiwanese network equipment maker Accton Technology and its channel partners.


Analysis Paralysis: How “Big Data” May Finally Spell the End of Make-Believe Numbers
Financial modelling certainly has added value to many businesses and does appear to provide a degree of vigor to the process of making business decisions. However, I would argue that there is something amiss in our unquestioning faith in financial models. There is something foul in our Fourier transforms; something putrid in our pivot tables; something decrepit in our depreciation schedules. For all of our reliance upon financial modeling in business, the vast majority of the “facts” that we use in feeding these beasts are absolute rubbish. Our estimates are complete fabrications, our assumptions are myths, our calculations are artifacts of our innate need to categorise and comprehend things that may be neither categorical nor comprehensible.


US firms caught in Chinese censorship crossfire
While cloud services provided by US companies can cloak banned website access -- such as Facebook, Twitter, Gmail and news publications -- it holds risk for the firms themselves. These companies are being forced to walk a fine line as the censorship row escalates, and the unauthorized use of tunnels, VPNs and signing up for free accounts in order to link to blocked websites could land them in hot water as activists are breaking local laws. Generally, the circumvention takes place without the consent of cloud providers. However, to stop this practice, Chinese authorities would need to block full servers -- which would disrupt countless businesses, including thousands of Chinese SMBs, activists say.


Prepare for The Cyber Threat : What Executives Need to Know to Manage Risk
The history of cyber incidents has made this observation very clear: at some point adversaries will get in. And after you mitigate the last attack at some point they will get in again. CEOs asking this question should take this as an opportunity to evaluate and develop the incident response plan that their organization has developed. A comprehensive incident response plan should outline the steps to take if a data breach is suspected or occurs. Having a detailed and tested plan in place prior to a breach occurring will save time and money, and minimize reputational damage when the inevitable happens.


IT Service Management is not Dead – ITSM in an Outsourced World
The commoditization of IT services in the form of multiple ‘as-a-service’ offerings began over a decade ago and will continue to expand with a new ‘aaS’ acronym seeming to appear almost daily at times. As this trend began ITSM specialists globally wondered what this was going to mean for their profession. Would service management move to being something only practiced by cloud vendors? Would the in-house IT department and service desk become a dinosaur and just a distant memory. These fears have not been realized and ITSM is just as relevant as ever, if not more so, but the way we practice it has changed and will continue to do so as the way our IT services are delivered to the business continues to develop and move to a more commodity-based model.


Beyond Join-Move-Leave with IGA Identity Life Cycles
Identity life cycle is so foundational to identity governance and administration that one would expect, after all these years, that IGA solutions would provide good support for real-world business scenarios. Shockingly, that is not what we found during our critical capabilities research. Many IGA vendors still seem to assume that most organizations have a single authoritative source for identity data and that only a single identity life cycle is required. If that is the case for your organization, then you are lucky. In reality, most organizations have multiple identity life cycles and gaps (and even overlaps) in authoritative sources. Some identity life cycle requirements, such as contractor management, are so pervasive that it seems almost capricious that IGA products provide so little direct support.


Security Breaches, Data Loss, Outages: The Bad Side of Cloud
For now, cloud computing has really done a good job staying out of the spotlight when it comes to major security issues. Yes, Dropbox might accidentally delete a few of your files, or some source code becomes exposed. But the reality is that a public cloud environment hasn’t really ever experience amassive data breach. Ask yourself this question, what would happen if AWS lost 80 million records like in the very recent Anthem breach? The conversation around public cloud security would certainly shift quickly. But the reality is that they haven’t. Maybe this gives us more hope that the cloud architecture is being designed in such a way that data is properly segregated, networks are well designed, and the proper boarder security technologies are in place.


Not all data breaches are created equal – do you know the difference?
Personally Identifiable Information, also known as PII, is a more serious form of data breach, as those affected are impacted far beyond the scope of a replaceable credit card. PII is information that identifies an individual, such as name, address, date of birth, driver’s license number, or Social Security number, and is exactly what cyber criminals need to commit identity theft. Lines of credit can be opened, tax refunds redirected, Social Security claims filed – essentially, the possibilities of criminal activities are endless, much like the headache of the one whose information has been breached. Unlike credit cards, which can be deactivated and the customer reimbursed, one’s identity cannot be changed or begun anew.


Cyberdefense in the Era of Advanced Persistent Threats
Security best practices dictate that end users not run as administrators or even be given administrative rights on their own machines.4 Malware often gets on end-user machines by exploiting the end user through well-thought-out socialengineering tactics. Common ploys include asking the end user to click on a link, open a document, or directly install a program. Nothing can totally prevent end users from falling for these tactics. This ultimately means that, for computers and networks to stay malware free, every new piece of code that needs to run on a machine must be trusted or examined by someone who can determine its legitimacy. This idea tends to frighten most people in the industry, but it’s the most effective way to keep malware out of networks.


Why Bankers Are Leaving Finance for No-Salary Tech Jobs
Technological advances are poised to have the greatest impact on banking, 86 percent of the bank chief executive officers surveyed by PricewaterhouseCoopers LLP last year said. More than 30 percent of revenues at European banks will be driven by digital transformation in the future, according to McKinsey. That may involve replacing some people with computers. “If a process is measurable or mechanical, it can be automated,” said Anthony Lim, a Singapore-based cybersecurity consultant who has advised the industry group, the International Information System Security Certification Consortium Inc., or (ISC)2, and the Singapore government. “Any area in investment banking that can be automated will be.”



Quote for the day:

"Lead and inspire people. Don't try to manage and manipulate people. Inventories can be managed but people must be lead." — -- Ross Perot