August 14, 2015

Federal CIOs embrace IT reform, but struggle to move forward

"Federal agency IT execs are neck deep in compliance requirements and mandates," O'Keeffe says. "The history of federal IT is littered with empty, unfunded mandates that failed to deliver value." A common refrain heard in federal IT circles is the admonishment against trying to "boil the ocean." That amounts to an appeal to take large, sweeping calls for reform like FITARA and break them down into smaller, more manageable pieces, and act on them iteratively. In a statement, Rep. Gerry Connolly (D-Va.), one of the authors of FITARA, praises the administration's "efforts to kick-start implementation," but says the low levels of awareness among agency executives about OMB's guidance are a cause for concern.


Rent-A-Botnet Free Cloud-Based Servers May Encourage Cyber Warfare

Cyber warfare extends beyond the virtual and can have a real-life impact on the lives of real people. It's not impractical to assume that within the next 10 years, a widespread attack will be launched against a nation and its people. This attack can result in widespread harm that results in a loss of life or property with a financial impact of billions of dollars. Consider a cyber attack where a nation's transportation system is controlled by an external group of hackers, and you can begin to see how a scenario could unfold that is scarier than the prospect of nuclear detonations. Free servers can be used to heist intellectual property, infiltrate infrastructures and jeopardize high profile individuals email accounts and personal data.


How to hack a Corvette with a text message

This isn't the end of connected car security problems this year. On Tuesday, researchers from the University of California demonstrated at the USENIX security conference how to tap into cellular networks in order to gain wireless access to vehicle driving functions. A dongle, available commercially, is often used by corporations and insurance firms to monitor where and how a car is being driven by employees. Cheap and convenient, nevertheless, security vulnerabilities could place these fleets and their drivers at risk. The control unit is plugged into a vehicle's onboard diagnostic (OBD-II) port, allowing the device to monitor speed, distance and braking -- before sending this data to insurance companies.


Cloud Native Application Platforms – Structured and Unstructured

With so many choices in the market, it’s critical to have alignment between business goals and technology-decision-makers. Instead of measuring the Cloud Native platform based on traditional IT metrics (e.g. cost-reduction), technology teams need to think in terms of business metrics (e.g. time-to-market, market-penetration, customer-satisfaction). Platform vendors, whether they deliver Structured or Unstructured architectures, must be able to clearly show how their technology enables those critical business metrics. ... For many CIOs, creating a PaaS platform strategy will be a top priority in 2015 and 2016. This strategy is an opportunity to reshape how IT is viewed within the business, and an opportunity to redefine processes that are not aligned to quality and throughput of application delivery.


Value disciplines and the operational excellence model for BPM

In this webcast presentation, Ken Lewis, ITIL consultant at PA Consulting, advises businesses to figure out how they're creating value for their customers and to focus on a "value discipline" -- first described by Michael Treacy and Fred Wiersema in a February 1993 Harvard Business Review article -- where customer engagement and experience is key. Here he explains Treacy's and Wiersema's three value disciplines -- operational excellence, product/service leadership and customer intimacy -- and delves into goals for a company that prioritizes the operational excellence model.


Data And Analytics Strategies: What Investors Think

The report indicates that data and analytics strategies are affecting organizations across industries. While the data-driven maturity of companies varies from industry to industry and business to business, momentum is building. Failing to have a data and analytics strategy, or executing one poorly, can negatively impact a company's ability to compete -- and therefore its value. "Data strategies are here to stay across a number of different areas [where] we're going to continue to invest, and it will be a bigger part of our investing thesis as far as where we put our time and energy in the portfolio," said Ron Heinz, managing director at venture capital firm Signal Peak Ventures. Data and analytics strategies need three key elements to succeed: The technology, the ability to execute, and a culture that embraces data-driven decision-making.


Buffer Overflow

In the classic exploit, the person attacking the program or system sends information to the targeted application that is stored in an undersized buffer. The information on the call stack will be overwritten to include the return pointer of the function or method. The information that the attacker sent will set the return point’s value to transfer control to the computer malware or other malicious code stored in the attacking information. At the program architecture level, a buffer overflow vulnerability normally occurs when an attacker successfully finds a violation of the programming assumptions that error checking did not catch or when there is faulty memory manipulation.


US Commerce Department proposes multistakeholder control of ICANN

The most recent development is the July 2015 Proposal to Transition the Stewardship of the IANA Functions from the U.S. Commerce Department's NTIA to the Global Multistakeholder Community (PDF), a 199-page document by the IANA Stewardship Transition Coordination Group (ICG) offering suggestions of how to fulfill the Commerce Department's 1998 Statement of Policy regarding ICANN. The ICG is soliciting public comment about having a multistakeholder group oversee IANA functions. The last date for commenting is September 8, 2015. As to what multistakeholder means, Claburn quizzed Mueller about it. "Multistakeholder is a code word for self-governance by the Internet community," said Mueller. "That's new [as a governing structure] and that's why we're kind of groping along here."


Android, you have serious security problems

"The rash of vulnerabilities being reported in Android and the difficulty in getting them installed on end-user devices is taking its toll on the mobile OS. Fortunately, there are no current indications that such vulnerabilities are being actively exploited in the wild. Still, Android users -- this reporter included -- have reason to be concerned and to remain wary," Goodin wrote. ... Device manufacturers that were slow to issue patches, and telcos that were even slower -- if they even bothered at all. Even though Samsung and HTC had announced that they'd be moving to a monthly patching cycle -- welcome to the best practices of 2003, guys -- Android end-user security would still be at the mercy of the telcos.


Agile Coaching - Lessons from the Trenches

Agile Coach is not a role mentioned in Scrum, Kanban, XP or any other agile framework or practice. It’s grown organically as larger organizations have realized the benefits of agility and appetite has increased for long-lasting change. Coaching can reap amazing rewards if done skillfully. What does a skillful coach look like? Companies that rely on external agile consultants want to know if they are acquiring good coaches with a proven track record and broad industry experience. Companies that prefer raising their own coaches want to identify the people with coaching aptitude. Individuals that pursue the career of an agile coach wonder if they have what it takes to become a coach.



Quote for the day:

“Leadership Principle: As hunger increases, excuses decrease.” -- Orrin Woodward