May 26, 2015

How to Better Guard Against a Security Breach
Despite their investments in SIEM and the notable progress in developing strategy and policy, barely half (51%) of survey respondents that utilize security and event log data have strong confidence in their ability to detect or mitigate breaches. That may reflect the continuing focus on perimeter protection and firewall technologies—the top priority for coming investments, according to 56% of survey respondents. Interestingly, that’s despite the growing industry-wide recognition that building higher fences is no longer a viable security strategy in the face of sophisticated cyber assaults. Many enterprises “are investing, typically, in the same things they invested in last year and the year before,” says Schou.


Q&A on the Book More Fearless Change
The primary purpose of a pattern is to document a common, recurring problem with ​the solution that has been validated. This is why they are called "patterns"​ -- because the problem and solution have been seen in more than one instance. So, each of the Fearless Change patterns is not simply the idea of one person-- rather, each one has been used by different types of change leaders in different environments. Therefore, others can use the patterns ​knowing that they have been shown to work. In addition, each pattern documents the benefits and challenges of using ​ it​. Therefore, leaders of change can not only feel confident in the solution, but will also know the consequences. And, when each individual pattern is combined with other patterns (in the form of a pattern language), the organization now has a collection of powerful strategies for addressing complex problems.


Identity Management in the Cloud Goes Beyond Security
IAM (identity and access management) is clearly the best security model and best practice for the cloud. That’s why some cloud providers, such as AWS, provide IAM as a service out of the box. Others require you to select and deploy third-party IAM systems, such as Ping Identity and Okta. But you should be thinking of identity management not only as a security technology, but also as a business driver. Thus, when you deploy IAM, you need to focus on the core business processes and on the details around security. This is a shift from the recent thinking in which the business drivers were largely out of IT’s consideration. Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more important, become significantly more agile in supporting new business initiatives.


Agile security lessons from Aetna and the state of Texas
Moving to an agile model can make some traditional security professionals nervous, he said, especially those with a command-and-control view of the process. "There's a perception among security people that developers don't care about security," he said. But agile offers security employees the opportunity to become resources early on in the development process, instead of coming in afterwards and looking for mistakes. "Which is still an important thing to do. but you don't want your development team to have all the interactions with the security team be negative," he said. "That creates a pretty toxic environment."


Entertain, inform, and connect with the AT&T ZTE Spro 2 Smart Projector
While the device works fine without a connected power source, you are limited to low and medium (100 lumen) brightness. In order to experience the full 200 lumen output, you need to connect the external power source. With dimensions of 5.3 x 5.2 x 1.2 inches and 19.4 ounces, the ZTE Spro 2 is quite portable. ZTE also includes a carrying case that holds the device, charger, and HDMI cable. The device is powered by a Snapdragon 801 quad-core 2.0 GHz processor, Adreno 330 GPU, 2GB RAM, 16GB integrated storage, WiFi, and Bluetooth. ... It performed flawlessly, projecting onto blank walls with good brightness and even included audio. I connected external speakers through the audio out port and also tested Bluetooth audio output, both of which were much better than the small internal speaker.


How a change in thinking can stop 59% of security incidents
So, how do you approach this problem with employees? ISO 27001, the leading information security standard, offers a less attractive, yet much more effective approach to this problem: (1) strictly defining the security processes, and (2) investing in security training & awareness. The security experts who developed this standard long ago realized that the technology itself cannot resolve the organizational and the people issues: technology is only a tool; it is only a part of the wider picture. Or, to view this issue from the management theory point of view, the organization is basically a mixture of three essential elements: people, processes, and technology.


NoSQL Databases: comparing MongoDB, HDInsight, and DocumentDB
Availability is not a problem with both MongoDB and DocumentDB. MongoDB ensures there is high availability through the configuration of a secondary server to act as the primary server when the primary server goes down. DocumentDB uses the Azure feature to manage server availability. DocumentDB is designed specifically for web applications and mobile devices. This means you will not get the best from it if you are not using web applications or mobile devices. ... For consistency, both DocumentDB and MongoDB are good options because they use ACID properties (at the document level) to ensure safe updating of documents. If there is error, the operation rolls back. With MongoDB, developers can specify the write concerns.


Hybris-as-a-Service: A Microservices Architecture in Action
Micro Services are a new paradigm for software architecture: small services in separated processes take the place of large applications. This way monolithic architecture can be avoided, and systems are easily scalable and changeable. The microXchg conference looks at a variety of aspects of Micro Services. ... Andrea Stubbe explains how to create cloud applications with microservices using Hybris’ platform and API. Andrea Stubbe is Product Lead of the core part of the as-a-service product at Hybris. Having been a software developer for most of her career, she loves working on an architecture that addresses many of the problems and challenges she has observed in earlier projects. She also finds this a perfect fit for lean and agile development principles.


5 Critical Ways to Take a More Collaborative Approach to IT Security
First, it seems that most organizations‘ approach to security is inward-focused. Call it the “outrunning the bear“ response: the IT team at your organization doesn‘t have to be faster than the cybercriminals, only faster than the other organizations trying to outrun them. While about 75 percent of IT security staffers say they have plenty of opportunity to collaborate with peers within their organization, 60 percent say they have little to no opportunity to collaborate with peers at other companies. ... Second, IT security staffers get most of their information about security trends, threats, vulnerabilities, warnings, and technologies not from their peers, but from online forums and cybersecurity news sites.


Mobile Internet To Be Worth More Than Apple By 2018
Despite huge scale and growth, mobile is still evolving. M-commerce remains the primary engine of growth, which is why VCs bet more than half of $41 billion invested in mobile in the last 12 months into m-commerce-related sectors. Mobile advertising is set to leapfrog in-app purchases to move from third to second place in the revenue hierarchy by 2018, as app developers rebalance their business models to capture new opportunities. Enterprise mobility growth continues, although not as fast as the consumer market. Finally, the Apple Watch is helping the wearables sector to gain deeper penetration and revenue.



Quote for the day:

"A leader has the vision and conviction that a dream can be achieved.He inspires the power and energy to get it done." -- Ralph Nader