April 10, 2016

U.S. Senate Bill Seeks to Ban Effective Encryption, Making Security Illegal

This bill essentially says you can not have any conversation or data exchange that the government can not access if it wants to. It is the legal culmination of what the FBI has been lobbying Congress for years. If Feinstein-Burr becomes law, it will be illegal to deploy strong encryption without key escrow maintained by each company. Cryptographers and computer scientists near-unanimously assert key backup systems are insecure at scale. The first read of the bill is chilling. Strong cryptography within the United States would effectively be banned, preventing U.S. companies from building secure software. These companies would be mandated to provide real technical assistance. Unlike the best effort of today, they would be required to give plain-text data in its original format or risk penalties for violating the law.


Security and employee privacy biggest barriers to BYOD

The biggest inhibitors to BYOD adoption, according to respondents, are, unsurprisingly, security (39 per cent) and employee privacy (12 per cent). In contrast, management opposition (3 per cent), employees’ unwillingness to take on additional expenses (6 per cent), and user experience concerns (4 per cent) were not considered significant barriers to BYOD adoption. When it comes to security, data leakage/loss was cited as the top BYOD security concern by 72 per cent of respondents. Meanwhile, 56 per cent are worried about unauthorized access to company data and systems, and 54 per cent are concerned that users will download unsafe apps or content. One in five organizations have suffered a mobile security breach, primarily driven by malware and malicious WiFi, with security threats to BYOD imposing heavy burdens on organizations’ IT resources (35 per cent) and help desk workloads (27 per cent).


Phishing email that knows your address

"The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address. "My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat." She quickly realised it was a scam and did not click on the link. "Then, a couple of minutes later, You and Yours producer Jon Douglas piped up as he'd received one and then another colleague said he'd received one too, but to his home email address," she added. The You and Yours team decided to contact the companies that were listed in the emails as being owed money. A spokesman for British Millerain Co Ltd, a waxed cotton fabric manufacturer, told the programme that the firm "had more than 150 calls from people who don't owe us money".


Cryptocurrency from the Dark Web to the Mainstream

Bitcoin has the added benefit of greater speed and efficiency in facilitating payments and transfers. The blockchain technology also serves as a powerful and detailed ledger that can monitor all transactions in the network. However, these benefits don’t detract from bitcoin’s indisputable flaws, which were on display in 2013 when Tokyo-based Mt Gox collapsed, wiping out hundreds of millions of dollars in client funds. Claims of bitcoin’s potential also don’t ignore the cryptocurrency’s role in facilitating online criminal behaviour, money laundering, tax evasion and fraud. ... In reality, bitcoin is just one version of the digital currency revolution. While it may be the largest, it isn’t necessarily the best. However, what these and other critics seem to forget is that the virtual currency paradigm does not live and die with bitcoin.


How to Transition Industry Toward Software-Based Infrastructure & Hybrid Clouds

A very important area of focus is network security. As we move toward a software-defined world, security is lagging behind. ONUG’s Software-Defined Security Services Working Group focuses on how to secure the software infrastructure to ensure users have access to the same level of security or better as they move from the physical to the software world. This working group is organizing a framework for software-defined security services that defines what security means in a software-defined world, both from an exploit mitigation point of view and from a compliance point of view. The group will present the framework at the ONUG Spring Conference.


Do IT groups really need to move to a software-defined environment?

Increasingly, the main motivations for moving to a software-defined world are the benefits of speed, agility, quality and cost. It enables bringing on applications quickly. With agility comes scalability to quickly grow services and infrastructure to the business needs – or shrink them. This increased speed and agility paradoxically do not come at the expense of quality. In fact, where we have been able to study software-defined environments, we find them operating at much higher quality levels. ... Finally, software-defined environments are far cheaper to operate and maintain. It is easy to understand that fewer people equals less cost, and less rework due to higher quality saves money. However, this is just the start.


Economics of Software Resiliency

Obviously, the resilience comes with a cost and the economies of benefit should be seen before deciding on what level of resilience is required. There is a need to balance the cost and effectiveness of the recovery or resilience capabilities against the events that cause disruption or downtime. These costs may be reduced or rather optimized if the expectation of failure or compromise is lowered through preventative measures, deterrence, or avoidance. There is a trade-off between protective measures and investments in survivability, i.e., the cost of preventing the event versus recovering from the event. Another key factor that influences this decision is that cost of such event if it occurs.


Duties, Skills, & Knowledge of a Software Architect

The knowledge requirement is so staggering and extensive that there are very few persons capable of performing in an above average capacity. I cannot envision how one could possibly through strictly academic coursework, acquire this knowledge without perilous and untiring pursuit. ... Appreciate the value of the contributions they can make , especially not in the short run, but over time. Build a recognition that architecture is vital to the life cycle of the information, does not exist solely to serve the application, and may well surpass several generations of application development. Recognize that like building a solid bridge, the value is not in how quickly and cheaply it can be built, but how ultimately useful, flexible, and durable it is over it's expected life.



Managing Operational Resilience

Operational resilience management draws from several complex and evolving disciplines, including risk management, business continuity, disaster recovery, information security, incident and emergency management, information technology (IT), service delivery, workforce management, and supply-chain management, each with its own terminology, principles, and solutions. The practices described here reflect the convergence of these distinct, often siloed disciplines. As resilience management becomes an increasingly relevant and critical attribute of their missions, organizations should strive for a deeper coordination and integration of its constituent activities.


Creating an Enterprise Architecture to Engage with “Things”

“Economic agents are more than just people and businesses — imagine an economic agent in the role of a customer that is actually an Internet-connected thing,” said Don Scheibenreif, vice president and distinguished analyst at Gartner. “Whether it’s a refrigerator ordering a replacement water filter, a car scheduling a service appointment or an industrial machine requesting maintenance, the idea is that as the number and capability of Internet-connected things increases, they will develop the capacity to buy, sell, and negotiate for products and services, with organizations having to adapt to this new reality.”



Quote for the day:


"The old mantra of ‘be everywhere’ will quickly be replaced with ‘be where it matters to our business'." -- Mike Stelzner