May 12, 2016

Popular messaging apps present real enterprise threat

Messaging apps including Line and WhatsApp are commonly used in enterprise, but that doesn't mean all consumer apps are well-suited for business use, according to Raul Castanon-Martinez, a senior analyst at 451 Research. "Consumer apps will have an advantage given that users might already be familiar with the [user interface] but otherwise will be in the same position as other enterprise messaging apps," he says. "I don't believe consumer apps transitioning into the enterprise have a significant advantage over enterprise apps like Slack or HipChat."  Corporate workers can use a tool such as Slack to interact with colleagues and business applications just as easily as they can transition from using Facebook Messenger for talking to friends to using it for work, Castanon says.

Ways to craft a better enterprise IT security roadmap

The first step is to identify and classify your resources. Most people have done half of that, not all of that. In other words, they may do a pretty good job classifying and identifying physical resources, things like laptops and [hardware] servers, but they tend not to have a good system for classifying resources, for example, virtualized resources like workloads, and also things like licenses and intangible assets. One of the things you really want to do is [ask], "What is it that we need to protect?" That can be anything from intellectual property (i.e., blueprints of the next-generation airplane that you're designing) to licensing information, to information about your customers that's above and beyond PCI information. Information itself becomes an asset that you want to protect.

Why a Marriage Between the Cloud and Internet of Things Is Inevitable

In moving to agile, cloud-based infrastructure, companies must master a few basic steps – data capture, integration and analytics, and a modern day dev-ops approach. This last step is critical because it helps to make sure that resources and tools are available to engineers in an agile way so they may rapidly deploy small- and large-scale applications to the market. They are likely to take advantage of new, open-source platforms such as Hadoop, incorporate concepts such as data lakes, and engineer architectures that are oriented to micro-services. This will effectively enable software engineers and data scientists to quickly standup applications that can quickly be adapted to feedback in an agile way via rapid iterations.

Busting the 7 myths of cyber security

For most organisations, the basic implementation of the five controls identified by CESG as Cyber Essentials basics would prevent the vast majority of all straightforward attacks. They will not deal with the very sophisticated or prolonged, targeted attacks but most organisations (particularly smaller ones) are not facing these types of threats. These five controls implemented effectively, then regularly monitored and updated, are the ones everyone should be doing, and Cyber Essentials should be a basic starting point for all security. Businesses have to accept that simply trying to keep the bad guys out is no longer good enough – although still very important. They need to work towards a much more proactive defence whereby unauthorised activity within a network is quickly identified and appropriate actions taken to deal with it.

Will blockchain drive the fourth Industrial Revolution?

Tomorrow’s machines will produce the informational equivalent of several Libraries of Congress every day. Imagine reading every book in the Library of Congress, only to be told you must summarize what you learned in 10 pages and instantly communicate your findings to thousands of others. The task isn’t just monumental — it’s ludicrous. I remember at Yahoo!, we couldn’t physically rack machines fast enough to keep up with the data coming off our website, and that was back in 2004, pulling data from hundreds of millions of users, let alone hundreds of billions of machines. The true wonder of the fourth industrial revolution won’t be the data produced; it will be intelligent machines’ capacity to analyze those data and communicate their findings within a network of similarly intelligent machines. Then, each connected machine will act, altering its processes to be more efficient and communicating those changes back to its network.

Yahoo Mail and Google App Engine banned over malware concerns

The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises the questions: are House workers using Yahoo Mail for official business, and, if they're not, are they allowed to check their private email accounts on work devices? If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House's network, they could just as easily become infected there, where the ban is not in effect. "The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders," the House's Technology Service Desk said. "The primary focus appears to be through Yahoo Mail at this time."

Korea Exchange Talks Top-Down Approach to Blockchain Innovation

"KRX is aiming at providing services in the private market positioning in between K-OTC and K-OTCBB," Lee said, referring to South Korea’s platform for unlisted stocks and the computer system that provides price quotes for these assets. Lee explained that the Korea Financial Investment Association, a regional self-regulatory organization, now operates both K-OTC and its bulletin board service (K-OTCBB), but that bids and offers are executed on the systems differently. "In K-OTC Market, orders are executed automatically by trading systems, but K-OTCBB only provides bulletin board service, where bids and offers are manually executed," he explained. KRX has indicated it believes this will ease the ability of market participants to find partners while cutting costs. The decision comes after the exchange similarly moved into clearing OTC derivatives trades in 2014.

6 Ways Data is Taking Over Retail

Retailers now swim in more data than they know what to do with. And they’re working overtime to digest that data — collected from e-commerce transactions and via merchandising, CRM and POS systems — to glean useful insights. Many are turning to predictive analytics in an effort to use cutting-edge data science to forecast trends and personalize messaging. Data even plays a role in brick-and-mortar stores, where new metrics allow retailers to study in-store behavior at a level of detail never before possible, says Andy Wong, a partner at digital retail consultancy Kurt Salmon Digital. “As we build up more behavioral data on both customers and associates in-store, we’ll continue to find new ways to dynamically optimize the in-store experience and new levers for engagement and conversion,” he says.

Traditional security is dead -- why cognitive-based security will matter

Maximizing enterprise data security requires a series of actions, increasingly difficult but increasingly necessary. Detection is the process that has been around the longest and which most organizations concentrate on by deploying anti-virus and similar on-client apps. But it’s really just a first step and should not be an end by itself. Investigating the internal workings of the threat is next, leading to an understanding of the workings of the threat necessary to cope with the danger. This offers an improvement in overall security, but it’s not enough to stop here. It’s important that we continuously learn about the intricacies of the threat and any changes it may undergo in the real world, as well as the goals of its implementer. This is not easy but security companies are concentrating on this task.

IBM Watson Brings AI Wonders to Cybersecurity

Watson is also designed to ingest research papers, blog posts, news stories, media reports, alerts, textbooks, social media posts, and more to build up knowledge about all the latest cyber threats. Students at the partnering schools will help input and annotate this so-called unstructured data (meaning data that’s not easily machine readable) to train the system. IBM believes there is a business opportunity in helping computer security pros make sense of the universe of literature and data surrounding cybersecurity. The company is banking on Watson being able to reduce the rate of false positives that turn up in corporate security operations centers, and being able to help address a shortage of talent in the industry.

Quote for the day:

"To be able to lead others, a man must be willing to go forward alone." — -- Harry Truman