March 13, 2016

IT's Shift From Service Provider to Business Partner

IT is a business enabler, providing secure and highly available technology solutions that enhance the efficiency and effectiveness of TRS and our members. As such, it's my job to ensure IT is seen by our individual business areas as a true business partner, not just simply a service provider. IT needs to truly understand the business of TRS and be proactive in helping solve business problems and recommend innovations that move our business forward. ... The one thing that is certain in IT is it's going to change. Many times these technology changes have a significant impact on the rest of the business and/or provide an opportunity for improving efficiency. As such, the CIO often finds himself or herself in the position of change agent, promoting and leading enterprise projects that bring about significant shifts in the organization.


Amazon India planning to launch digital wallet

"Building own wallet helps it restrict access to customer data in the company's ecosystem and monetise customer insights," said another person familiar with Amazon India's plans. Amazon did not comment specifically on whether it plans to launch a digital wallet, only saying that it was "always exploring" acquisitions. "Payments are key to the e-commerce ecosystem," said Srinivas Rao, director at Amazon Payments India, in an emailed statement. "Developing a trusted, frictionless and ubiquitous payments ecosystem is critical to our customer-centric philosophy and we will invest in building the capabilities to drive our strategy." Currently, Amazon India uses its gift cards as pre-paid instruments for buying on its online marketplace, offering customers the option to top up these cards for up to Rs 10,000, which is the limit applicable to digital wallets under Indian regulations.


So You Think You Can Agile?

The interesting thing here is that everyone in the market—customers, communities, consultants, vendors and partners—wants the same outcome. Improving the way organisations work to ultimately enhance our way of life as a society: eliminating waste and responding to change quickly and confidently (well, at least that’s what my team and I want).So, one can only live hoping that’s why we're all here—to continue toward autonomy, mastery and purpose and in turn help enterprises do the same. We all want to embrace, educate and coach great outcomes for the people who work in these enterprises. Who doesn’t want to get up and be excited about the day of work ahead and help people improve their capabilities to ultimately create a better society?


Demand for security skills is ballooning: So can former hacker hotbed Romania help?

"Although companies are actively searching for security experts, many of these jobs aren't listed on the web," she says. HR professionals prefer to hire based on referrals. Many engineers are self-taught, building on top of the computer-science knowledge they acquired in school. Developer Gabriel Cirlig says cybersecurity was a hobby he had during high school. ... Cybrary co-founder Ryan Corey says Romanian users have a grasp of the basics but come to training providers to hone more advanced, niche security skills. "While US and UK users tend to take more beginner-level, general-interest courses such as Network+, CCNA and Linux+, Romanian users tend to take higher-level, more advanced security offerings like Malware Analysis and Advanced Penetration Testing," he says.


The Hidden Security Risks of Our IoT Devices

As IoT devices gather more and more data about us and our lives, we as consumers should be extremely concerned about these vulnerabilities. We may not think about it very much, but these IoT devices have collected a lot of information about our private lives. The refrigerator that orders your milk must have some sort of payment method set up with the grocer. Your thermostat knows when you are likely to be at home – and also when you are not. And your smart watch or wearable fitness tracker may have private information about your health and habits that you wouldn’t want anyone but your doctor to know. Last year, the Federal Trade Commission (FTC) released a report urging IoT manufacturers to put security first with these new technologies.


Why Are We Fighting the Crypto Wars Again?

Is it any wonder that the government is rebooting the crypto wars? For the first time, it’s really struggling with the results of the first war, as more information is now encrypted, increasingly in a manner the government finds really hard (or impossible) to decode. Apple has been impressively aggressive in its refusal to comply with that order, even though this test case involves possible information from a murderous terrorist. The company’s court filings outline with withering precision how complying with the government order — to essentially rewrite part of its operating system, an action it regards as an act of “compelled speech” — violates its rights and compromises the rights of its customers. With John Oliver-strength sarcasm, it refers to the software the FBI has ordered it to produce as “GovtOS.”


One API, Many Facades?

When developing an API that is going to be used by others, it’s important not to break that contract. Often, frameworks and tools allow you to generate an API definition from the codebase — for example, with an annotation-driven approach where you label your endpoints, query parameters, etc. with annotations. But sometimes, even if your own test cases still pass, the smallest code refactoring could very well break the contract. Your codebase might be fine, but the refactoring might have broken the code of your API consumers. To collaborate more effectively, consider going with an API-contract-first approach and make sure your implementation still conforms with the shared agreement: the API definition. There are different API definition languages available and popular these days, like Swagger, RAML, or API Blueprint. Pick one you’re comfortable with.


Big Data: Why You Must Consider Open Source

“There are multiple – and at this point in history, thoroughly validated – business benefits to using open source software.” Among those reasons, he says, are the lack of fees allowing customers to evaluate and test products and technologies at no expense, the enthusiasm of the global development community, the appeal of working in an open source environment to developers, and the freedom from “lock in”. This last one has one caveat, though, Kestelyn explains – “Be careful, though, of open source software that leaves you on an architectural island, with commercial support only available from a single vendor. This can make the principle moot.” The literal meaning of open source is that the raw source code behind the project is available for anyone to inspect, scrutinize and improve.


Web Application Firewall: a Must-Have Security Control or an Outdated Technology?

Gartner predicts that by 2020, more than 60 percent of public web applications will be protected by a WAF. However, in 2015 Gartner had only one vendor listed in its WAF MQ as a Leader (Imperva), and only two vendors listed as Visionaries. All other vendors are either Niche Players or Challengers. Many more WAF vendors were simply not present in the MQ for not meeting the inclusion criteria. Last year, security researcher Mazin Ahmed published a White Paper to demonstrate that XSS protection from almost all popular WAF vendors can be bypassed. XSSPosed prior to announcing its private and open Bug Bounty programs, published new XSS vulnerabilities on the largest websites almost every day and was effectively an insightful resource for observing just how security researchers bypassed almost every WAF mentioned in the Magic Quadrant.


Data Is a Toxic Asset

Our Internet search data reveals what's important to us, including our hopes, fears, desires and secrets. Communications data reveals who our intimates are, and what we talk about with them. I could go on. Our reading habits, or purchasing data, or data from sensors as diverse as cameras and fitness trackers: All of it can be intimate. Saving it is dangerous because many people want it. Of course companies want it; that's why they collect it in the first place. But governments want it, too. In the United States, the National Security Agency and FBI use secret deals, coercion, threats and legal compulsion to get at the data. ... When a company with personal data goes bankrupt, it's one of the assets that gets sold. Saving it is dangerous because it's hard for companies to secure. For a lot of reasons, computer and network security is very difficult. Attackers have an inherent advantage over defenders, and a sufficiently skilled, funded and motivated attacker will always get in.



Quote for the day:


"Informed intuition, rather than analytical reason, is the most trustworthy decision-making tool to use." -- G. Moore