May 12, 2015

Microsoft bids for security edge with new browser
Microsoft Edge is designed to run only 64-bit processes on 64-bit machines. According to Microsoft, 64-bit processes get significant security advantages by making Windows address space layout randomisation (ASLR) stronger. Microsoft SmartScreen, originally introduced in IE8, is supported in Microsoft Edge and by the Windows 10 Shell. SmartScreen defends users against phishing sites by performing a reputation check on sites the browser visits, blocking those thought to be phishing sites “Similarly, SmartScreen in both the browser and the Windows Shell defends users against socially engineered downloads of malicious software to users being tricked into installing malicious software,” said Cowan. Finally, developers say the Microsoft EdgeHTML rendering engine in Microsoft Edge helps in defending against “con man” attacks using new security features in HTML5.

2020 Technology Landscape
Each year, the Citrix Technology Office updates the industry on the latest technology trends with our Technology Landscape. Citrix makes sense of the changes driving these trends, correlating surveys and data from industry sources in addition to adding in Citrix perspectives and data. This year’s landscape is themed “Creating Your Future” and focuses on the many facets of innovation from lean startup, design thinking, and agile development to the outliers of innovation being developed by tech influencers around the globe. We’ve distilled the predictions we think you’ll find most interesting and highlighted them below.

Quantum computing is about to overturn cybersecurity’s balance of power
As do all advancing technologies, they will also create new nightmares. The most worrisome development will be in cryptography. Developing new standards for protecting data won’t be easy. The RSA standards that are in common use each took five years to develop. Ralph Merkle, a pioneer of public-key cryptography, points out that the technology of public-key systems, because it is less well-known, will take longer to update than these — optimistically, ten years. And then there is a matter of implementation so that computer systems worldwide are protected. Without a particular sense of urgency or shortcuts, Merkle says, it could easily be 20 years before we’ve replaced all of the Internet’s present security-critical infrastructure. It is past time we began preparing for the spooky technology future we are rapidly heading into.

Why virtual reality could finally mend its broken promise
There's a graveyard of virtual reality projects that have fizzled, failed, and flopped at various stages of existence. Some never made it off the patent page, like Heilig's 1960 Telesphere Mask. Others got further — if you're of a certain age, you might have owned a Nintendo Virtual Boy for the brief time it was projecting its red and black display onto young retinas. Then, of course, there's Sega VR, which never made it to market. ... "To me, virtual reality represents an evolution of the ways in which we can display, present, and interact with computer generated data and real world environments with augmented reality," Jacobson said. And if you're thinking that's one way to hint at brain implants, then you'd be right. "I think that's the next step after after eyewear, glasses, contacts—a direct brain interface where we think our reality," Papagiannis said.

Key steps to reducing the shadow cloud threat
Shadow cloud can easily lead to wasted time, energy and investments in traditional IT. If employees use non-approved technology, wasted efforts can include training on approved technologies, security technology policies that don't touch shadow cloud, audits and investigations that provide less accurate or effective results, incidents and response efforts due to unapproved technology, help desk and support needed, and bypasses of technology/security controls altogether. ... CISOs must explain risk-based granular security policies and enforcement for cloud implementations to business managers. In turn, business managers need to get the security team to understand how business processes should and shouldn't work when they want to use cloud services. Addressing allowed and disallowed use of cloud services in a policy is the first step to controlling shadow cloud.

What hybrid cloud? It's hybrid IT
"In reality, hybrid cloud has very little to do with datacenter location or data sovereignty. It is where processes increasingly require functionality that spans multiple cloud services," he explained. "Everything we do in business is unlikely to be fully available from just one cloud or even just one cloud provider." He noted that operating a modern business is complex, and supporting all functions necessary in a process typically means deploying several clouds from multiple providers across different geographic locations. These would then have to be brokered, integrated, and orchestrated, he said, giving rise to concerns about how this should be managed. ... "Many IT services firms see their future as a new form of intermediary to provide that single point of accountability, while they deal with the back end of multiple cloud services," Hayward explained.

Shaping Big Data Through Constraints Analysis
The trick is to establish the size and heft of the data, and then focus on how it flows. Computers really do only two things: read data in and write data out. Performance is a function of how much data must move, and where, to accomplish a task. That’s not a facile slogan; it’s a consequence of the fundamental theorem of computing. Every computer is equivalent to a Turing Machine, and all a Turing Machine does is move symbols around a tape. Its throughput is bounded by how fast it can move symbols. This consequence holds true from the micron-sized guts of the CPU on up to world-spanning distributed databases. Luckily, the math is straightforward.

Global banking IT group completes standardised IT architecture
The standard will support banks in using application programming interfaces so different pieces of software can interact. It moves away from an approach that has seen core banking IT built in silos. “Bian members have worked tirelessly to develop this global banking IT standard that will support banks to overcome legacy IT issues and drastically cut the cost of technology integration. To have finalised the model ready for implementation into banks around the globe is a momentous occasion," said Bian executive director Hans Tesselaar. "By implementing this on a worldwide scale, banks will be able to develop and on-board innovative technology offerings without battling through ageing or tangled enterprise architecture, and at lower integration costs.”

Financial technology will make banks more vulnerable and less profitable“Silicon Valley is coming,” warned Jamie Dimon, JPMorgan Chase’s boss, in a recent letter to shareholders. “There are hundreds of startups with a lot of brains and money working on various alternatives to traditional banking.” Banks’ cost bases—IT systems, smart headquarters, staff, branches and so on—require income from a wide range of services. If even some of those services get “unbundled”, in the parlance of fintechers, the economic models that have sustained banks for decades will be under threat. So the incumbents pay lip-service to the newcomers, and some even have in-house teams scouting for innovators to stop them from eating their lunch. Several factors have made the banks more vulnerable. New technologies such as smartphones and cheap data processing have lowered barriers to entry. However, “technology is necessary but not sufficient” to change attitudes towards finance, says Mike Cagney of SoFi

What the Cowardly Lion and data scientists have in common
Courage is one of those unexpected ingredients of data science that usually becomes an unpleasant aha moment for leaders in the middle of strategy implementation. Courage is the fuel for experimentation and, without experimentation, there is no data science. But it's more than experimentation in the scientific sense. To succeed, programmers need to take risks with code; mathematicians need to reinvent math; and data artists need to color outside of the lines. Intellectually, data scientists know this, but their personality doesn't generally support taking risks, so they don't. ...  They have the unique ability to calculate the risk of taking any route, and they're smart enough to know when something probably won't work. Data scientists also hate it when something they try doesn't work, so they don't attempt to answer the question.

Quote for the day:

The most valuable thing you can make is a mistake. You can't learn anything from being perfect. -- Adam Osborne