July 31, 2016

Google teaches its car to be nice to cyclists

The autonomous car provides an ample amount of room and won’t overtake if cyclists take the center of the lane. It notices a variety of cyclist signals, such as an indication that the cyclist wants to move into another lane. Google has programmed its software to store the hand signals, which means if the cyclist moves to a new lane two minutes later the car will remember the signal. Google gave two examples of the car being extra cautious around cyclists, the first is if it notices a parallel parked car with the door open, it will slow down to let the cyclist pass without fear of a collision. The second is a video (below), shown at SXSW Interactive 2016, where the Google can instantly recognizes an oncoming cyclist and immediately slaps on the brakes.

The Cloud: What’s UNIX® Got to Do With It?

Cloud Solution/Hosting Providers look to a UNIX Cloud infrastructure to service financial institutions looking to support high transactional environments like online and mobile banking marketplace. Moreover, UNIX Cloud infrastructure provides a cost-effective, secure, and redundant environment. “Verizon serves both customers and employees with a UNIX Cloud infrastructure that implements enhanced agility, superior performance, easy maintainability, and effective cost control,” said Chris Riggin, Enterprise Architect at Verizon. HPE, IBM, and Oracle have expanded their services offerings to deliver UNIX mission-critical cloud and enterprise infrastructure, including their branded systems.

Disaster Recovery in a Virtual World

The cost of failure is expensive. IDC research shows that a medium-sized organization experiences, on average, 15–18 business hours of network, system, or application downtime per year, with each hour of downtime costing approximately $225,000. The result of going digital means businesses cannot tolerate the same levels of planned and unplanned downtime that they could before. In fact, for many businesses, “the window for downtime is close to zero.” In another survey, many organizations (39%) said they now need to restore critical workloads in minutes, not hours, and that meeting this requirement is virtually impossible with outdated data protection methods.

Here's why banks are embracing cloud technology

We’ve entered the most profound era of change for financial services companies since the 1970s brought us index mutual funds, discount brokers and ATMs. No firm is immune from the coming disruption and every company must have a strategy to harness the powerful advantages of the new fintech revolution. The battle already underway will create surprising winners and stunned losers among some of the most powerful names in the financial world: The most contentious conflicts (and partnerships) will be between startups that are completely reengineering decades-old practices, traditional power players who are furiously trying to adapt with their own innovations, and total disruption of established technology & processes

Focus on Security Paves the Way for Expanding Services

Think of it as a piece of fruit, an apple, and you pass it around identifying yourself. Tokenization, and the Stateless Tokenization technology that HPE offers in particular, is that you have an exchange process. The middleman takes your apple, turn it into a pear through a specific algorithm. The reverse process can be applied when someone gives me a pear and ask for an actual apple; the visual is coming back to you. So, every time, every piece of information that is passed along in the message exchange, they go through this process. The key term here is stateless, of course, so that we don’t have a rack of this mapping information stored somewhere, which becomes yet another vulnerability. That makes our operations a lot easier, especially in a multi data-center environment.

One Berlin startup wants to make sharing your data as easy as sharing your money

Jolocom is developing an application that will allow users to share personal information through a secure and decentralized blockchain network. A user’s personal information is tied to them through an individual Web ID generated by the app, allowing them to share information directly with other others in the network. “It’s an extension of hyperlinking,” says Lohkamp. “But instead of linking documents or webpages, you’re linking data.” Say, for example, you wanted to open a new bank account. Instead of going to the bank in person to fill out paperwork and provide different forms of identification, you could just connect to the bank through the Jolocom app. The bank would then request the necessary information, and, with your approval, the data would be automatically transferred to create your account.

Virtual Labor Will Fuel Digital Initiatives

Nevertheless, smart machines and the services they enable are a reality. Hundreds of organizations are adopting smart-machine-enabled services to achieve short- to midterm savings, new revenue sources or profitability structures. Few, however, have fully understood the depth and magnitude of the potential value of the intellectual property (IP) being created. The IP developed alongside smart-machine-enabled services has the potential to add significant revenue, as it may be patentable. Due to the need for speed, business leaders tend to partner with providers to engage them in proofs of concept without involving sourcing executives or their teams, which exposes the organization to long-standing sourcing risks (including selection of the wrong partners, negotiation mistakes and vendor management issues).

How An Agricultural Data Firm Puts The Cloud To Work

In a phone interview with InformationWeek, Sanjay Dayal, CTO and cofounder of Agralogics, said he considered a variety of enterprise integration platforms from companies like MuleSoft, Tibco, and WSO2. Those offerings, he said, would have required more configuration, coding, and maintenance than Built.io Flow. "The whole point was I didn't want to have a very heavy infrastructure," said Dayal. "This is something for which we needed lighter touchpoints." Agralogics functions as an ERP service for the food ecosystem, Dayal said, noting the food industry tends to adopt new technology slowly. Built.io Flow proved appealing because it could connect customers' antiquated systems with AWS, the infrastructure that Agralogics relies upon.

HIT Think How IoT will affect information governance

Gartner defines information governance as the specification of decision rights and an accountability framework to ensure behavior in the valuation, storage, use, archiving and deletion of information. While these are accurate and encompassing definitions, they are built on top of, and rooted in, processes that are being forever changed by IoT. Data defines how you operate your company at a foundational level. Data also impacts how you operate your organization and what you provide as services, as well as how you measure success and failure from your financial reporting. Data is vital to every process in the organization, and the discipline of information governance has become one of the most strategic areas within corporate management to understand and manage data.

Let's build a robot!

We've all seen various household and industrial/commercial robots come to the market. They are generally big budget, expensive things that are mostly out of reach financially, or so limited in their functionality as to be almost useless. Interesting, and indeed fascinating, but quite useless. At the end of May of this year (2016), Asus launched its own first stab at a household robot, and I thought - wow, that's cute, and actually, not that difficult to build... sure, what we might build at home may not be as polished or slick as the cool thing Asus sells, but it sure as heck could have similar functionality, if not more!

Quote for the day:

"Entrepreneurship is neither a science nor an art. It is a practice." -- Peter Drucker

July 30, 2016

The Evolution Of DevOps: The Perfect Storm For Instituting Secure Coding Practices

The sheer volume of software development that DevOps makes possible makes it uncannily intuitive to add secure coding practices without slowing deployments. “The move to CI/CD as part of the agile development process leverages automation in what used to be a manual process, which adds incredible speed. Integrating security tools into that pipeline is now much easier than coordinating across multiple manual steps, involving multiple engineers,” says Kail. With the extreme drought of cyber security engineers, which the industry expects to continue if not broaden, the automation that is native to DevOps is critical to increasing and enforcing secure coding practices, if the industry is going to do it at all, says Kail.

Chrome browser extensions discovered engaging in Facebook click fraud

The suspicious extension allegedly came from the viral content site Viralands.com, and was available in the Chrome store, along with nine other identical programs that collectively amassed over 132,000 users. After analyzing the extension's metadata, Kjaer determined that the age verification pop-up screen was entirely nonfunctional, merely serving as a decoy that concealed the true motives for obtaining such sweeping user permissions. However, another script within the code was more enlightening: this script was coded to download a payload from an external server and execute it. The payload, naturally, was malicious, designed to send links that direct users to a web page containing Facebook tokens, which the extension program can then grab and exfiltrate to the command-and-control server.

Blockchain Can Bring the Unbanked into the Global Economy

Despite the significant headway in recent years made by providers in reaching areas previously untouched by banking services, more than two billion potential financial services customers remain stranded. In an industry characterized by geographic fragmentation, mobile money providers have yet to find a clear path to achieving significant scale required to realize network effect for long-term viability. Among many other uses, the blockchain could bolster these efforts by becoming the backbone to open the closed-loop mobile money services. Right now, certain payments services only work between two parties if they both have accounts. Similarly, mobile money services, often developed by the mobile operators themselves, often didn't allow for consumers to easily pay each other on separate mobile networks.

Ethereum's Two Ethereums Explained

One point Bitcoin Core developers continued to argue during the long-standing debate was that contentious hard forks are dangerous and can have unexpected consequences, such as splitting a blockchain into two competing blockchains. Many in the community, for example BitPay Co-Founder and CEO Stephen Pair, think that ethereum classic’s sudden popularity shows that these were valid concerns. Adding to the debate is that ethereum’s hard fork was immediately branded as a success by many Ethereum developers and others in the bitcoin industry. For example, Coinbase CEO Brian Armstrong tweeted that they’re "not something to be feared that results in multiple coins". But this analysis might have been premature, and he indicated as much in a new blog post.

Sonus’ Kevin Riley Discusses Cloud-Based Communications

Adoption of a microservices architecture will become increasingly important as well. Service providers should be able to monetize their cloud investment by rapidly creating and seamlessly scaling out new services. Microservices serve as the mechanism to get more granular in this scalability by separating network services into functional components. For our SBC SWe, this means signaling, media processing and transcoding can be scaled independently. It also means that technology decisions can be made independently. For example, introducing the use of graphics processing units (GPUs) for media transcoding instead of using CPUs which are not optimized for compute-intensive processing.

Blockchain will eliminate frauds and malpractices in trade finance

In today’s digital world where we can read our newspaper online, we have not been able to digitise documents such as invoices and bill of lading. There has been simply too much inertia and room for fraud with the availability of photo editing software such as Photoshop. If real money can be forged, there is no reason that a bill of lading cannot be forged. However, the availability of Blockchain means that there can only be one accepted bill of lading and other documents from the seller. There can be no fraud or double spending of the bill of trading once the payment has been made. An extension of Blockchain technology is a smart contract. This means that the buyer is forced to pay the seller once he/she has received all the proper documents that include evidence that the goods had been received by the buyer.

Successful cloud migration isn’t about strategy or technology

Where companies are making progress in moving legacy to the cloud, they establish small, cross-functional teams (eight to 15 people) that are equipped and empowered to make changes, whether it’s architecture design or ecosystems. The teams must have cross-functional capabilities, and they should be rewarded on getting to a destination, not uncovering problems in getting there. It’s not that they won’t deal with those problems; they will. But they must have the attitude and capability to resolve them. As a CIO driving change, you must get people to want to change and see their job as finding how to change and getting over or around the hurdles, not pointing out the risks of change. Then you’ll make fast progress.

African bootcamps look to develop next generation coders

“We just don’t take anyone. They have to prove that they are a good fit for the programme,” Cynthia Mumbo the Marketing Lead at Moringa School told IDG Connect. Moringa accepts students once they pass an evaluation stage to determine that they are suited for the programme. She said that the aim of the school was to bridge the long standing gap for quality software in Africa. “There is a really big gap [in terms of tech talent] but also I don’t want to take away from Universities. Skills gained depend on which university you go to,” Mumbo said. ... “Somebody with a degree might not be able to do it [software development]. They would say I studied it but I do not have experience in it,” she said. “Bootcamps are project based so you get in there and your head in knocked around creating solutions.”

In Security, Know That You Know Nothing

There seems to be a false assumption in security that we know what to look for and how to go about it when scanning for threats. But this is not the case. Traditional signature-based security controls just aren’t good enough. Further, threats are constantly evolving and hackers have grown savvy to what organizations are looking for. Ransomware for example, has proven to be a blunt wake up call for enterprises relying solely on static signature based controls. Even when an organization does know what to look for, there are encroaching factors that make this methodology less than optimal. SSL encryption makes knowing signatures pointless. Mobility means that traffic is not always within the scope of an organization’s control. And cloud-based services have created another space organizations don’t always have access to.

Working with Multiple Databases in Spring

When developing enterprise applications we are frequently confronted with the challenge of accessing multiple databases. Perhaps our application must archive data into some data warehouse, or maybe it must propagate data to some third party database. With Spring it is easy enough to define a common data source, but once we introduce multiple data sources it gets a bit tricky. In this article we will demo a technique for accessing multiple databases in Spring Boot applications easily and with minimum configuration, by developing a SpringMVC application using Spring Boot

Quote for the day:

"A good programmer is someone who always looks both ways before crossing a one-way street." - Doug Linder

July 29, 2016

Fixing the perception that enterprise IT is irrelevant

“The business has more choices than ever before when it comes to sourcing its technology needs, and enterprise IT isn’t necessarily their first choice,” the report says. Executives are getting used to the idea of on-demand, so IT needs to be aware of that and act in more of an entrepreneurial “service-first mindset,” providing legacy IT or as-a-service—whatever is appropriate. Not doing that is manifesting itself in business executives “working around IT,” Accenture explains. That needs to be stopped. It’s a bad idea mainly because it increases risk, although it is now a reality. Strategies for these transformations include self-testing the IT organization by looking at problem resolution response times and taking a “greenfield” approach. Starting afresh, in other words.

In a broader sense, businesses are making it a priority to achieve more value from outsourcing. They’re seeing cost savings, but they’re increasingly looking for benefits such as process consistency across business units and better data that can drive operational improvement and customer insight. Getting better data is also [the] key to more sustainable outsourcing relationships. Clients recognize that the overall strength of a partnership depends on trust, but that trust requires having fact-based information around the various functions and processes covered by each area of vendor management. Without that solid foundation of good information, organizations tend to be guided by emotions and end up focused on day-to-day firefighting.

Remove IT Systems from All Branch Offices to Harden Your Security Posture

Consolidating infrastructure at the edge is the critical first step. But it’s just the first step. Again, simply mashing together disparate pieces of hardware into one appliance will not solve short- or long-term performance, data security and management issues. You also need to make the edges “stateless.” If you’re a storage professional, you know “state” means facing daily operational challenges to manage and protect data at the ROBO that’s vulnerable to loss and theft. A lost storage piece at the ROBO will require hours, days, (or in some cases longer) of effort to bring it back online. And there’s no guarantee of success, particularly when resorting to older backups. Decoupling storage and compute, by moving data storage from the edges to the central data center creates stateless data stores, and in ideal scenarios, this can be done without compromising user experience.

Robotic Process Automation Slashes IT Costs, Alleviates Complexity

To the extent software robots take on activities employees have traditionally carried out, CIOs can significantly reduce—and potentially eliminate—the portion of their budgets they allocate to making usability enhancements to systems, thereby freeing up cash for innovation or other value-producing opportunities. Large RPA deployments aimed at reducing labor costs also offer a compelling ROI. A company that deploys 500 bots at a fully loaded cost of $20 million (including software licenses, planning, process reengineering, programming, testing, and implementation) could potentially realize $100 million in savings, assuming the bots replace 1,000 employees. Given the costs and benefits of RPA, some routine back-office functions that companies outsource, such as claims processing and certain data center operations, may now be more cost-effectively performed in-house with bots.

The Digital CEO (Part II of our interview with Alex Clyne)

What will cause problems for some will be a lack of intellectual horsepower – and also simple lack of knowledge. That’s why I stressed the importance of CEOs really getting to grips with digital. Generally, those who reach the top of big companies are not short on grey matter, but they can’t assume that they will always stay ahead of the curve. The fact that the railway and shipping companies once dominated the transport industry didn’t stop the air industry becoming the major player in long distance travel. The people who ran the railways thought they were in the railway business: they didn’t realise they were in the transport business. Wrong decisions have been/will be made for the right reasons because they are being made with ‘bad’ knowledge.

Go Leads Strong Big Data Showing in IEEE Programming Language Ranking

The open source code repository GitHub is one source of metrics, and Diakopoulos said GitHub activity is the main reason for Go's ascendance, along with activity on the Reddit news and information site, which features a programming category. Google's open source Go language (sometimes referred to as Golang) also featured prominently in a ranking published in May by PayScale Inc. and Millennial Branding, which said "Scala and Go are the emerging skills with the biggest pay boosts." Along with Go, other languages such as Julia, R, Scala and Python "are riding the number-crunching wave," Diakopoulos said about Tuesday's IEEE report. ...  "Julia was added to the list of languages we track in 2015, and in the past year it's moved from rank 40 to 33, still a marginal player but clearly possessing some momentum in its growth."

Five tips for accelerating your continuous delivery journey

Teams need to be able to mask production data and subset it to use it for testing needs to avoid letting personally-identifiable information (PII) into your testing practices. You need to shift testing left by starting API and back-end system request and response testing prior to the development of UIs and simulate environments and start testing much earlier in the process against those simulations. Steps like these will help you make testing agile enough to meet the speed of development as well as help development improve the testing of their code. ... Look to partner with a continuous delivery vendor that can help you leverage your current investments and tools of choice while enabling you to move your continuous delivery journey forward.

Attack attribution does little to improve enterprise security

When laws are broken in the physical world, there’s irrefutable evidence that links the guilty party to the crime. Maybe it’s fingerprints or a strand of hair or surveillance footage from a security camera. Whatever the evidence, it’s tangible and hard to manipulate. In the cyber world, however, evidence can be easily altered, making the task of figuring out who pulled off an attack much more difficult and sometimes impossible. To understand why attribution does not work, think like the people who are behind the operation. They have invested significant time and resources masking their identity prior to the operation’s start. They employ basic precautions like making sure their tools never communicate with a server based in the country where the attack originated. Instead, they’ll make the communication appear to originate from another nation and buy domain names in different countries.

IBM's Cloud CTO: 'We're in this game to win'

What IBM calls "cognitive" computing and its Watson artificial-intelligence services are another of Rometty's pillars, Comfort said. The third is a razor-sharp focus on industries. "What you've seen so far is our evolution and morphing into a cloud company," he said. "Now you're going to see that emerge more and more strongly through an industry lens." That industry focus is one of the key factors IBM is betting will set it apart from cloud competitors including Google, Microsoft and Amazon Web Services as cloud hype diminishes and attention shifts to innovation and industry transformation. In financial services, IBM is using its Bluemix Garages to bring developers together to work on blockchain-related technologies including new mobile banking and wealth management apps.

Benefits and Challenges of Data Mining in E-Commerce

The only way to get the most out of this data is to mine it to increase decision making or to enable business intelligence. In e-commerce data mining there are three important processes that data must pass before turning into knowledge or application. The first and easier process of data mining is data pre-processing and it is actually a step before the data mining, whereby, the data is cleaned by removing the unwanted data that has no relation with the required analysis. Hence, the process will boost the performance of the entire data mining process and the accuracy of the data will also be high and the time needed for the actual mining will be minimize reasonably.

Quote for the day:

"The greatest value of a picture is when it forces us to notice what we never expected to see." -- John Tukey

July 28, 2016

CISO challenges: Addressing cybersecurity blind spots

"We had one of our clients tell us 'A layer in our SAP system was not being taken care of that included managing roles, profiles, authorizations and permissions tied to business functions'," said Juan Perez-Etchegoyen, CTO at Onapsis, a cybersecurity firm based in Boston that focuses on SAP software. "SAP is so complex that the landscape is hard to control. The security of business-critical apps tends to be outdated and misconfigured. It often takes 18 months for SAP to fix the vulnerabilities uncovered in the market." Members of the CISO panel at RSA Conference also recommended that when it comes to application security, make sure interactions are taking place from within the apps and not through a service behind the scenes.

How predictive analytics discovers a data breach before it happens

The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack. These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats. While signature-based solutions will continue to remain a prevalent form of protection, they do not suffice to deal with the advanced and increasingly sophisticated cybercriminals who threaten organizations. “In the past decade or so, the landscape of cyber security threats has changed dramatically,” explains Amir Orad, CEO of analytics company Sisense.

Millennials & Fintech: A Different Kind of Trust

Fraud and identity theft are more likely to occur when people overshare information or are not diligent about securing personal details that can be used to determine passwords and answer security questions. Younger people are also more apt to use new applications before a reputation and a basis of trust can be formed. Because of Know Your Customer (KYC) regulations, financial applications must ask for information such as social security numbers, birthdates, and credit card numbers, and there is always a risk this information will be used for purposes other than what they were intended for. As millennials look for new and innovative technical solutions to manage their investment portfolios, they need to always be wary about the security of their information and their money.

Information Security - Reducing Complexity

he complexity makes the detection of a compromise difficult. Having to handle and correlating large volume of logs from different devices and that too different vendors will always be a challenge and this makes timely and accurate detection a remote possibility. A successful counter measure require accurate detection in the pre-infection or at least in the infection stage. The later it is detected, it is complex to counter the same. ... Complexity is certainly bad and reducing complexity will beneficial both in terms of cost and otherwise. However, simplification by any means should not result in compromising the needed detection and protection abilities. A balanced approach is necessary so that the risk, cost and complexity are well balanced and beneficial to the organization.

The Power of Big Data in Strategic Planning

As with any new business tool, adopting big data necessitates change throughout an organization. After all, with so many new processes, and so much more information to take into account, employees and leaders have to revamp their current strategies to take advantage of the benefits that big data has to offer. Those businesses that have been the most successful with their big data deployments are those that have embraced these changes, transforming their organizations so that the insights gained through big data analysis can actually make a difference by becoming actionable. However, such a transformation can only take place when all stakeholders in the company are committed to data-driven decision-making.

How To Attract A Board-Level Cyber Security Expert

It’s no surprise that “board candidates are getting quite picky,” says Mike Dickstein, a consultant in the technology practice at Spencer Stuart. ... “They know that joining a board as ‘the cybersecurity expert’ puts them in a unique position at least for reputational risk if something were to happen at that company from a cybersecurity standpoint,” Dickstein says. “They want to make sure that they’re not being set up as the fall guy, that the company has a true commitment by the board and the management team toward managing security, that leadership has a clear and consistent understanding of the risk relative to that business, and that cybersecurity is going to be appropriately funded and resourced. If they don’t see those things in place,” they may not want to risk their reputation on the company, he says.

Intel slated to show off its version of the HoloLens next month

The smart glasses give a fascinating clue into Intel’s AR strategy. Augmented reality blends real and virtual worlds, and can be used to build 3D objects, chat on Skype, or even play 3D games with the real world as a background. Intel’s Remote EyeSight could enable interactive remote communication on smart glasses, kind of like having Skype on a wearable. That could promote freedom of movement and communication, and blend in real and virtual world scenes into video chats. In the enterprise, it could be used in areas like repair, medicine, and education. Bulky headsets like Microsoft HoloLens restrict movement, a problem Intel’s smart glasses could alleviate if they are the right size. But like Google Glass, they may not be welcome in areas like bars and restaurants, so they could be limited to use in specific areas.

New US cybersecurity plan makes it easier for businesses to get help after an attack

In terms of specific efforts involved, the directive listed three lines of effort that must happen concurrently: threat response, asset response, and intelligence support and related activities. If the victim if a federal agency, an additional line of effort will be enacted to keep operations running smoothly. To coordinate efforts against significant cyber incidents, a Cyber Unified Coordination Group (UCG) will be formed to facilitate the responses among federal agencies. Threat response for significant cyber incidents will be handled by "the Department of Justice, acting through the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force." Asset response will be handled by the "Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center,"

Innovating Bnk Compliance: The Real Benefits Of Artificial Intelligence

AI can solve this problem by creating domain-centric models that replicate the “real world” of banking and regulatory compliance. The advantage of AI systems is that they are able to perform tasks that normally require human intelligence, such as pattern recognition and even lower-level decision-making.  Importantly, AI enables the creation of “learning systems” that can become more expert with each subsequent investigation. AI does not replace human intelligence, but it can perform lower-level knowledge functions efficiently, enabling team members to save their time and effort for higher-level decision-making.  While this example has focused on AML compliance, AI systems have applications for other compliance areas, such as KYC, insider trading monitoring and Basel III liquidity solutions.

Growing Agile… Not Scaling!

I like to use the term growing agility, rather than “scaling” because connects better with the fact that developing agility within an organization has more to do with an organic system, rather than with a mechanical one. If culture eats strategy for breakfast, then we have to recognize that the way towards agility, requires addressing culture and mindset as first class citizens. Over the past years, I have came to particularly appreciate the impact of culture on the effectiveness with which human systems operate. So growing agile, means both focusing on culture, and on co-evolution of practices and tools. In every high performing environment I had the pleasure to work, people were having control of values, principles, practices and tools

Quote for the day:

"When data lacks high quality, it is useless regardless of the supporting ERP system in place." -- Marianne Bradford

July 26, 2016

In Rejecting Bitcoin as Money, Florida Court Sets Likely Precedent

"Nothing in our frame of reference allows us to accurately define or describe bitcoin," she wrote. She goes on to write that the digital currency "may have some attributes in common with what we commonly refer to as money" before going on to highlight its distributed nature, price volatility and adoption by merchants as characteristics that differentiate it from other kinds of currency. "This court is not an expert in economics, however, it is very clear, even to someone with limited knowledge in the area, that bitcoin has a long way to go before it is the equivalent of money," she wrote. Pooler noted in her ruling that the state could move, via legislative action, to craft a specific legal definition for bitcoin – a move she indicated could prevent further cases like this from potentially impacting otherwise innocent people.

How To Keep IT Moving At The Speed Of Business

To meet business-leader expectations for speed, CIOs must move beyond these approaches and equip their teams to be adaptive. In adaptive IT organizations, the entire team collaborates, flexes, and applies judgment based on context. The result is faster clock speed -- the end-to-end pace at which IT understands business needs, decides how to support those needs, and responds by delivering capabilities that create value. Our IT Clock Speed Survey revealed that 17 of the top 20 opportunities to accelerate IT speed occur in the early stages of a project, before any development activities. The opportunities include activities such as approving project plans, negotiating with vendors, and estimating the project costs and effort. Taking advantage of the top 20 acceleration opportunities (by employing the tactics suggested in the article) can cut up to five weeks from a six-month project.

If Financial Systems Were Hacked - Joker In The Pack

Financial institutions have endless virtual doors that could be used to trespass, but one of the easiest to force is still the front door. By getting someone who works at an FMI or a partner company to click on a corrupt link through a “phishing” attack (an attempt to get hold of sensitive information by masquerading as someone trustworthy), or stealing their credentials when they use public Wi-Fi, hackers can impersonate them and install malware to watch over employees’ shoulders and see how the institution’s system functions. This happened in the Carbanak case: hackers installed a “RAT” (remote-access tool) to make videos of employees’ computers.

Russia is on the verge of a ‘major breakthrough’ in artificial intelligence

In the last half-century, since the notion of AI was officially coined, the term has created some buzz but has not fulfilled the hype, according to Samsonovich. “A major breakthrough was expected to happen from year to year, but it did not,” he told Digital Trends. “As a result, the idea was discredited. There are reasons to think that now we are really close to the breakthrough, as never before. And as an indirect evidence, the last few years showed rapid exponential progress in AI research, in terms of the number of publications as well as the money invested by governments and companies.” ... “Today’s obstacles are mainly limited to psychological barriers,” he said. “We already have the necessary hardware and most of the necessary theoretical foundations. Still, people tend to think within the limits of popular paradigms, or not to think at all

So you want to be a security researcher?

Security research isn’t only fun, it provides a way to potentially discover new things, or even help put misconceptions to rest, help improve the security of a software application or device, and raise security awareness. But, as Hay made clear during his talk, there’s more to consider and lot more work to be done than running a fuzzer against an app, and that there are important choices to be made before diving in. Hay laid out everything anyone who would be interested in trying their hand at security research would need to know before they get started. Hay would know, recently he and his partner saw the release of the high tech Hello Barbie Doll as a catalyst for research

Analyzing an Organization’s Vulnerability Footprint from an Adversary’s Perspective

By changing the perspective, increasing the volume of data and applying advanced analytics, an organization can have a clearer view of true risk, exposure and malicious activity. This vantage point provides potential weaknesses, vulnerabilities and threat vectors that may highlight risks involving anomalous activities. “Defending against sophisticated and evolving threats is an analytics problem squarely at the crossroads of big data and supercomputing,” said Barry Bolding, chief strategy officer at Cray. “This combination of Cray’s analytics platform and Deloitte Advisory’s threat risk management service is a formidable solution in the war on cyber-threats. Additionally, for the first time, customers can now utilize the power and capabilities of a Cray solution as-a-service.”

The virtues of redesigning procurement for strategic business agility

Whether financial services companies realize it or not, there’s a lot of agility built into that. There are some firms, some third parties, that a financial services firm will use to get those shareholder reports out. They send them the monthly reports, and the companies have very high volume, very excellent quality controls. Post offices are on-site. They don’t even truck it to the post office; the post office is sitting right there, and the mailings go out. When you need to do something, for example a special mailing on a particular fund or shareholder meetings that might only be held once every couple of years, you find yourself in a situation where those kinds of networks don’t serve you very well, and you have to kind of assemble and disassemble temporary networks.

Technology-adoption, Wardley-maps and Bimodal-IT

In most cases, the big-consultancies' business-model depends on having a few highly-experienced consultants visit the client, and then doing the rest with cookie-cutter work done by large numbers of relative newbies billed at 'consultant' rates. Yet the Settlers' role is different in every case: so in effect the expanded bridge would tie up all of the experienced consultants, and still be too context-specific to build cookie-cutter models that would actually work well enough for newbies to be let loose with them. The result is that Bimodal-IT (or bimodal-whatever-they're-selling-now) becomes 'a bridge too far', in which a much-needed bridge either doesn't even exist at all - because it's too difficult and/or expensive for either party - or at best ends up floating in the middle of nowhere, drifting uncomfortably somewhere between Unorder and Order

Ransomware 2.0 is around the corner and it's a massive threat to the enterprise

The next step in the evolution of malware will be ransomware 2.0, which Brvenik said "will start replicating on its own and demand higher ransoms. You'll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted. That's really a nightmare scenario." Ransomware campaigns started out primarily through email and malicious advertising, but now some attackers are using network and server-side vulnerabilities as well. Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company's network, Brvenik said. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.

Securing Data Provides Canadian Online Bank Rapid Path to New Credit Card Business

We in the banking business are in the business of trust. In everything that we do, trust has to be number one. We have to be ready for any kind of questions from our client base on how we handle the information. There's no doubt that transparency will help, and over time, with transparency, our clients learn that we're up-front in how we're using information. And it's not just transparency, but also putting the information in a way that's easily understandable up-front.  If you look at our registration process, one of the first thing that we tell people is "Here is our not-so-fine print." It's in big, bold fonts and that’s very important, because especially in a digital bank, a lion's share of the interactions are through non-face-to-face kind of interactions.

Quote for the day:

"Great achievers are driven, not so much by the pursuit of success, but by the fear of failure." -- Larry Ellison

July 25, 2016

More Than Half The World Is Still Offline

While more than four out of five people in developed countries use the internet, just over 40 percent of those in developing countries have access. In the ITU’s “least developed countries” -- places like Haiti, Yemen, Myanmar and Ethiopia -- just 15.2 percent of the people are online. ... Also, fewer women than men are on the internet, and that difference is getting worse. The worldwide difference between internet user penetration for males and females is 12.2 percent, up from 11.0 percent in 2013, the ITU says. It’s shrunk significantly in developed countries, from 5.8 percent to just 2.8 percent, but grown in poorer places. Cost makes it harder to get online in some countries. The ITU says entry-level internet access has become affordable in many developing countries since 2011 but remains unaffordable in most of the poorest countries.

Short-term programs, not four-year degrees, are the future of tech education

It takes more than just technical skills to succeed in a coding career. A big part of a career in the programming field is troubleshooting and responding to problems that arise day-to-day. In order to do this successfully, it is vital to be an inquisitive, intelligent learner who likes working through challenges. Additionally, while some may think of programming as solo work, it is quite often done in a team environment. Being able to communicate clearly and work together cannot be underestimated in these roles ... A three-month program like those offered at our schools offers a different type of learning environment. We are able to focus on the key coursework that will help students get in-demand jobs, and our student outcomes back this up.

Ransomware Predictions | Past, Present, Future

A criminal may not need to target an entire enterprise’s set of hosts for maximum return potential. Targeting a few critical assets and preventing restoration ahead of time may be all that is needed to extract a higher ransom amount from some organizations. Think of print servers sitting in a massive warehouse distribution operation. Many of these print servers are still running Windows XP – oftentimes because they are so critical to the operation that they literally cannot be replaced or upgraded. How much money would such an operation pay to get those servers back online? Answer: $1 less than the hundreds of thousands of dollars per day in operations they support. And if it’s a perishable food distribution operation, even more.

EY Report : Blockchain Technology to Reach Critical Mass in the next 3 to 5 Years

A considerable progress has already been made in the embedded health and digital rights management segments. There are already few platforms offering these services. The success of these platforms combined with further development of blockchain-based applications will pave the way for large-scale adoption. The real estate sector is also increasing exploring the use of digital currency technology for managing property records and also as a pooled investments platform where a large number of people can make small investments into projects. According to the EY report, the large scale implementation of blockchain technology will take at least 3 to 5 years. Those who are prepared to invest, experiment and adapt to the technology by that time are expected to benefit when the shift happens.

The world turned upside down: Conventional IT is rapidly becoming shadow IT

The answer is pretty thin gruel. One of IT's remaining tasks is to architect and manage the company’s networks. This is a strategic responsibility but one that’s largely taken for granted. Another task that still falls to IT is the management of the company’s data center. If the data center is used to host revenue-generating systems, this is also a strategic responsibility, but if it’s just housing internal systems then it’s not that big of a deal. A third responsibility that IT continues to handle at many companies is maintainence of internal email systems. This is a highly visible role, but one that is likely to wane in importance as most email systems migrate to the cloud.

7 Common Data Science Mistakes and How to Avoid Them

Some data scientists feel that, to have built a successful machine learning model, is having achieved the maximum level of success. Having built a right model is just half the battle won and it is necessary to ensure that the predictive power of the model is maintained. Many data scientists often forget or tend to ignore the fact that it is necessary to re-validating their models at set intervals. A common mistake that some data scientists often make – is thinking that the predictive model is just ideal since it fits the observational data. Predictive power of the built model can disappear instantaneously based on how often the modelled relationships keep changing. To avoid this, the best practice for any data scientist is to ensure that they score their data models with new data every hour, every day or every month based on how fast the relationships in the model change.

Mobile Payments: Risks Versus Opportunities

One noteworthy example of this phenomenon right now involves mobile payments. Specifically, we know that many technology professionals are extremely leery of mobile payments. ISACA’s 2015 Mobile Payment Security Study found only 23 percent of IT and security professionals believe mobile payments will keep information safe—which, let’s face it, is not exactly a vote of confidence.  It bears asking, though, how that compares to the alternative. Meaning, are there risks to mobile payment scenarios? Sure. Show me a technology without some risk and I’ll show you a technology that’s completely valueless. But even if there is risk, what is the opportunity cost? What do we miss out on by waiting for some future scenario that is even more locked down?

Adapting your board to the digital age

To serve as effective thought partners, boards must move beyond an arms-length relationship with digital issues (exhibit). Board members need better knowledge about the technology environment, its potential impact on different parts of the company and its value chain, and thus about how digital can undermine existing strategies and stimulate the need for new ones. They also need faster, more effective ways to engage the organization and operate as a governing body and, critically, new means of attracting digital talent. Indeed, some CEOs and board members we know argue that the far-reaching nature of today’s digital disruptions—which can necessitate long-term business-model changes with large, short-term costs—means boards must view themselves as the ultimate catalysts for digital transformation efforts.

Ransomware protection -- what you may be missing

As the saying goes, sometimes you can't see the forest for the trees. We are so used to seeing the top 10 prevention techniques, we sometimes miss the lesser discussed approaches. These are important, because the purveyors of ransomware read the same articles with the common approaches, and can use these as a road map to improve their techniques. One of my customers is a large healthcare institution, and one of my major focuses with them has been to take a deep look at approaches to ransomware prevention and recovery. In the process, I have found many things that organizations can do that are not often discussed in the trade press. Since we in the business world need all the help we can get at this point, these can be very important. Consider a few of these

The Technical Skills You Need to Have as a Software Developer

Many beginning programmers try to hedge their bets by learning several programming languages at once or before they try to take on their first job as a software developer. While I think that you should eventually learn more than one programming language, I would advise against doing it upfront because it will just lead to confusion, and it will divert your energies from many of the other technical skills you are going to need to learn. Instead, I’d advise you to go deep and focus on learning the ins and outs of a single programming language, so you can feel really confident in your ability to write code in that language. Remember how we talked about being as specific as possible when deciding what kind of software developer you were going to become?

Quote for the day:

"Leadership consists of nothing but taking responsibility for everything that goes wrong and giving your subordinates credit for everything that goes well." -- Dwight D. Eisenhower

July 24, 2016

Tech giants silent on new Russian surveillance law

"The companies for whom this is a real problem are the Russian telecom providers," she added, who face huge data retention mandates quite separate from the encryption requirements. "They have said [the law] will cost them trillions of roubles." One foreign company, Panama-based NordVPN, is "doubling down" on it's commitment to privacy and anonymity in Russia, according to Jodi Myers, the company's head of public relations and marketing. "Our aim is to make this simple, for the less technical user," she said. But she added the firm was taking steps to "double encrypt" traffic from its Russian users. "We do not have the key [to unlock their users' encrypted internet traffic] and we do not store any customer data on our servers — not in Russia, not anywhere."

The Insider Threat: Are You at Risk?

Shadow IT happens when someone in a line of business pulls out a credit card and signs up for an app without going through the IT department. If you don’t know an app exists, you can’t make sure the right people have access to it or that appropriate access controls are put in place to protect the information stored there. You also can’t guarantee that the disgruntled employee you just fired had access revoked. Shadow IT is hard to spot because you don’t know what you don’t know. However, if things are tense with the lines of business you support, chances are good they are resorting to shadow IT. When the IT department is forced to say no to line-of-business requests for easier access, well-meaning employees, who just want to get their work done, find their own solutions.

What is a Modern Business Intelligence Platform?

Modern Business Intelligence platforms offer end-to-end capabilities, enabling users to take advantage of self-service to answer questions. Gartner defined modern BI in their most recent Magic Quadrant report, saying: “The evolution and sophistication of the self-service data preparation and data discovery capabilities available in the market has shifted the focus of buyers in the BI and analytics platform market — toward easy-to-use tools that support a full range of analytic workflow capabilities and do not require significant involvement from IT to predefine data models upfront as a prerequisite to analysis.” Datameer’s CEO builds upon these ideas in this video for Big Data & Brews, explaining that forward-thinking enterprises are moving past IT-led BI and analytics solutions for offerings that can be managed autonomously by the end-user.

Best practices for managing the security of BYOD smartphones and tablets

Attempts to foist strict controls on how employees use devices can backfire, causing staff to use workarounds that expose the company to even more risk. When setting security policies for BYOD phones and tablets, consult those employees who will be subject to them. Gartner gives the example of forcing users to input a complex passcode every time they want to use the device. "Once users experience this, they quickly become annoyed with IT, due to the extreme inconvenience of making it difficult to text/email while on the move," the report states. A good compromise in this example would be a simple four-digit numeric passcode to unlock the device, with a more complex passcode for accessing corporate data, suggests Gartner.

Container Best Practices

Container technology is a popular packaging method for developers and system administrators to build, ship and run distributed applications. Production use of image-based container technology requires a disciplined approach to development. This document provides guidance and recommendations for creating and managing images to control application lifecycle. ... As you begin to contemplate the containerization of your application, there are number of factors that should be considered prior to authoring a Dockerfile. You will want to plan out everything from how to start the application, to network considerations, to making sure your image is architected in a way that can run in multiple environments like Atomic Host or OpenShift.

Auto Industry Publishes Its First Set Of Cybersecurity Best Practices

The Auto-ISAC provides a mechanism for its members to share vulnerability information, conduct analysis and develop solutions that are beneficial to both the industry and its customers. Approximately a third of the vehicles on the road today in the U.S. include some connectivity that has the potential to provide a pathway into vehicle control systems. So far none of the publicly demonstrated remote takeovers on systems like Chrysler’s UConnect or GM’s OnStar have been easy to implement and only one vehicle at a time can be attacked. By the mid-2020s, virtually all new vehicles will have data connections. As we add more driver assist and automation features, the potential for a bad actor to target the transportation system and either steal data, strand vehicles or send them crashing into each other will be vastly larger.

4 security best practices to learn from the FDIC's data breaches

Apparently, departing employees accidentally grabbed financial information from FDIC loan applicants while transferring their personal data to USB keys. Davidson quotes Representative Don Beyer, ranking Democrat on the House Science, Space and Technology oversight subcommittee, talking to Lawrence Gross, FDIC's chief information and chief privacy officer: "I have a hard time understanding how you can inadvertently download ten thousand customer records." Davidson continues, "Ten thousand was the low end. One case involved forty-nine thousand records. Gross's contention that the former employees 'were not computer proficient' only made matters worse."

How to Deal with COTS Products in a DevOps World

The primary objective of DevOps is to increase the speed of delivery at reliable quality. To achieve this, good configuration management is crucial as the level of control at higher speed of delivery becomes more and more important (while riding a bike you might take your hands off the handle bar once in a while, but a formula one driver is practically glued to the steering wheel). Yet commercial-off-the-shelf (COTS) products often don’t provide any obvious ways to manage them like you manage your custom software. This is a real challenge for large organisations who deal with a mixed technology landscape. In this article I will explore ways to apply modern DevOps practices when dealing with COTS products.

Facial biometric authentication on your connected devices

The purpose of this post is to clarify the understanding of facial recognition as well as trying to guide you to understand how to build these programming frameworks and host them that can be used to deliver the same feature across your devices. Now you can of course build the system on one of your hardware device or one of the mobile phone but what if you have to connected multiple devices and perform the same actions on all of those devices? In such cases, adding a simple program to each one of them an then maintaining them won't be a good idea. That is why, in this guide I will show you how to build a server too. The server would be able to handle the requests, process the data being sent and generate the responses.

Digital Disruption for Enterprise Architecture

Jeanne says one thing is becoming increasingly clear–enterprises will not be successful if they are not architected to execute their firm’s business strategies. At the very same time, she has found with the companies (existing successful enterprises) that she talks to believe their success is not guaranteed in the digital economy. ... Digital strategies were forcing companies around a rallying point but surprisingly there was not much distinction behind the rallying point more than, “I want to be the Amazon or Uber of my industry”. But Jeanne claims this is okay because competitive advantage is not going to be about strategy but instead about execution. And being the best at execution is going to eventually take you in a different direction than other market participants.

Quote for the day:

"There is no decision that we can make that doesn't come with some sort of balance or sacrifice." --@SimonSinek

July 23, 2016

Training, Awareness Keys to Battling Social Engineering

Social engineering is especially dangerous for employees who may have special access to valuable assets that other employees may not, such as the ability to wire funds. A good example of this occurred last year when Ubiquiti Networks Inc., a US-based manufacturer of high-performance networking technology for service providers and enterprises, was taken for US $39 million. An employee of a Ubiquiti subsidiary was the victim of a CEO scam, which hijacks or impersonates the email of a senior executive within an organization. In this case the victim, who had authority to initiate wire transfers, transferred large amounts of money from company accounts to the criminal’s accounts. Adversaries are cognizant of the basic human tendency to trust people on face value, and accordingly, they abuse that trust to perform social engineering attacks. 

User experience and the IoT: tech should be all about humans

Historically, IoT solutions have not considered human beings in their equations and strategy roll out; which has proven to be a challenge, mainly because their solutions never came into contact with people, except through data dashboard and notification systems. Today, however, we are seeing products in the hands of people that are IoT dependent, but the consumer does not even understand the IoT is being used. In most cases, the consumer has no idea who or what IoT is. A great example is that people see Uber as a mobile app that calls a taxi — they are not running around talking about a great IoT app that they just downloaded. What Uber correctly achieved was to design a service that uses IoT concepts to provide a valuable service to people. Today, those people know Uber, not IoT. Without IoT though, Uber would not be possible.

Digital disruptor: now keywords in enterprise architects' job descriptions

A digital enterprise is one that takes advantage of a constellation of technology platforms and strategies -- including cloud, mobile, social, data analytics and Internet of Things. ...  the famous startups that are creating so much pain within established markets -- you know, the Ubers and Airbnbs -- do one thing really well. More established enterprises are capable of doing multiple things well. The key is doing all those things well, in an integrated fashion -- something only established companies are in a position to do. "Competitive advantage will come from taking capabilities that others may or may not have and integrating them in ways that make something extraordinarily powerful," Ross is quoted as saying. "Integrating business capabilities provides a whole value proposition that is hard for others to copy."

How to Improve Machine Learning: Tricks and Tips for Feature Engineering

Predictive modeling is a formula that transforms a list of input fields or variables into some output of interest. Feature engineering is simply a thoughtful creation of new input fields from existing input fields, either in an automated fashion or manually, with valuable inputs from domain expertise, logical reasoning, or intuition. The new input fields could result in better inferences and insights from data and exponentially increase the performance of predictive models. Feature engineering is one of the most important parts of the data preparation process, where deriving new and meaningful variables takes place. Feature engineering enhances and enriches the ingredients needed for creating a robust model. Many times, it is the key differentiator between an average and a good model.

Snowden Designs a Device to Warn if Your iPhone’s Radios Are Snitching

Huang’s and Snowden’s solution to that radio-snitching problem is to build a modification for the iPhone 6 that they describe as an “introspection engine.” Their add-on would appear to be little more than an external battery case with a small mono-color screen. But it would function as a kind of miniature, form-fitting oscilloscope: Tiny probe wires from that external device would snake into the iPhone’s innards through its SIM-card slot to attach to test points on the phone’s circuit board. (The SIM card itself would be moved to the case to offer that entry point.) Those wires would read the electrical signals to the two antennas in the phone that are used by its radios, including GPS, Bluetooth, Wi-Fi and cellular modem.

IBM Announces Blockchain Cloud Services on LinuxOne Server

A new cloud environment for business-to-business networks announced by IBM last week will allow companies to test performance, privacy, and interoperability of their blockchain ecosystems within a secure environment, the company said. Based on IBM’s LinuxONE, a Linux-only server designed for high-security projects, the new cloud environment will let enterprises test and run blockchain projects that handle private data for their customers. The service is still in limited beta, so IBM clients will not be able to get their hands on it just yet. Once it launches, however, the company said clients will be able to run blockchain in production environments that let them quickly and easily access secure, partitioned blockchain networks.

Bad UX kills

Great experiences don’t have to be complex: One of the greatest innovations in transit user experience in the past 50 years is not the autonomous car or the hyperloop, but rather a sign on a train that says “Quiet Car.” This simple piece of vinyl has an immense ROI, having made a positive impact on hundreds of thousands of commuters, allowing them to catch up on precious sleep or focus intently, fundamentally altering commutes from lost time into productive hours. The Pentagram-designed “LOOK!” warnings painted on the street at crossings is another lightweight, ingenious improvement. Its eyes prompt you to look the way they are pointing, and have likely saved countless cell phone zombies and tourists from getting run over by a taxi or bus, not to mention clearing the way for city emergency response resources.

Intro to knysa: Async-Await Style PhantomJS Scripting

PhantomJS is a modern headless (no GUI) browser scriptable with a JavaScript API. It’s perfect for page automation and testing. The JavaScript API is brilliant, offering many advantages but it also suffers from the same “callback hell” problem with JavaScript, i.e. deep nested callbacks.  There are many libraries and frameworks to help deal with this problem. For PhantomJS, CasperJS is one such solution that is very popular, but it only mitigates the problem and does not solve it. knysa, on the other hand, solves the problem elegantly. Like CasperJS, it allows you to put steps in sequence. Unlike CasperJS, it does not add a lot of boilerplate code (e.g. casper.then(), etc.).

Optimizing Dashboard Design to Drive Action

When a dashboard is working well, it focuses each recipient on how they can specifically impact organizational core metrics, or Key Performance Indicators (KPIs) such as retention, conversion and lifetime value. Before you build your first chart, understand the context in which your initiative operates. What are the core metrics your company cares about? What are the existing dashboards your executives look at every day? Make sure your data includes a semi-live feed of these core metrics so you can display them in your dashboard. This information is vital to an effective dashboard. Analyze your data to identify the correlations that will answer the “why” for action. Include customer sentiment data so you can identify the path from your organization’s activities, through customer sentiment and behavior, to resulting KPIs.

Facebook's giant solar-powered drone takes flight to deliver internet to remote areas

According to a blog post by Jay Parikh, global head of engineering and infrastructure at Facebook, this was the first time the team had been able to fly the full-sized aircraft. The low-altitude flight lasted longer than 90 minutes, which was three times longer than had originally been planned for. The flight took place in Yuma, AZ. "When complete, Aquila will be able to circle a region up to 60 miles in diameter, beaming connectivity down from an altitude of more than 60,000 feet using laser communications and millimeter wave systems. Aquila is designed to be hyper efficient, so it can fly for up to three months at a time," Parikh wrote. While some refer to Aquila as a drone, being that it is unmanned, Facebook refers to it as "a high-altitude, long-endurance, unmanned solar-powered airplane."

Quote for the day:

“If we wait until we’re ready, we’ll be waiting for the rest of our lives.” -- Lemony Snicket

July 22, 2016

Internet of Things: From sensing to doing

The value that IoT brings lies in the information it creates. It has powerful potential for boosting analytics efforts. Strategically deployed, analytics can help organizations translate IoT’s digital data into meaningful insights that can be used to develop new products, offerings, and business models. IoT can provide a line of sight into the world outside company walls, and help strategists and decision makers understand their customers, products, and markets more clearly. And IoT can drive so much more—including opportunities to integrate and automate business processes in ways never before possible.

Software-Defined Everything: Beyond the Cloud

Software-Defined Compute is expanding past now-traditional virtualization into containers. SDN is branching out of the Cloud providers and telco infrastructure into enterprise networking. And SDS is building upon core storage abstractions like object storage, database storage, and elastic block storage to a range of data virtualization and orchestration capabilities that support Big Data use cases as well as traditional enterprise “small” data needs.In fact, vendors like Primary Data are extending this SDS vision by essentially building a Software-Defined abstraction on top of Cloud-centric storage abstractions. With Primary Data, an enterprise doesn’t have to worry whether underlying storage is object storage or database storage, for example, simplifying Hybrid Cloud scenarios and complex tasks like Big Data processing and software upgrades.

Top 10 Considerations for Efficient IoT Deployments in Smart Cities

Citizens are core to the success of any technology implementation done in the context of a city. As they are the main consumer and the biggest beneficiary of this solution, their involvement in the solution is highly critical. Many countries have adopted the concept of “Create or Join a Project”, which aims at involving citizens at the very early stages of conceptualization and then implementation. Citizens are not just any other involvement, they are actually a major source of data that is fed back to the system during the implementation process. For example, a broken Water pipe, can be bought to the quick attention of the system if the solution provides a provision to allow the citizen to upload an image and the location of the broken water pipe. The same can be applied for a broken street light or a possible security breach.

Cloud Computing's Big, Disruptive Multiple Hundred Billion Dollar Impact

Companies that sell hardware and software to corporate customers are all threatened by this shift. In the old days, a company would sell an operating system and software for each user. In the cloud realm, operating system are parcelled out on shared servers for use on a pay by the hour basis. Public cloud deployment is seen as a godsend for small companies, which used to have to spend almost all of their initial funding on servers and software. AWS upended that model to let startups get going fast and cheap by paying pennies per hour for computing power. However, the notion that public cloud is always the cheapest option once startups get big, is still debatable. Once a company hits a certain size and has to deal with lots of data, some analysts and corporate execs say it’s time to bring IT back in-house because cloud has gotten too pricey

Cyber security basics: 4 best practices for stopping the insider threat

The insider threat, simply meaning a threat that comes from within an organisation, is a growing concern for cyber security practitioners. Unlike with external threats such as hackers or the latest malware, organisations can not simply buy a shiny new antivirus or firewall product and rest assured that they have it covered. This is because the insider threat can follow any number of patterns. There are both malicious and inadvertent insider threat actors in abundance. On the inadvertent side, 65 percent of office workers use a single password among applications, according to the 2016 Market Pulse report commissioned by SailPoint. The survey also found that a third of employees shared passwords with co-workers, while 26 percent admitted to uploading sensitive information to cloud apps with the aim of sharing it outside the company.

GOP cyber platform "detrimental to global stability"

“There is a distinct lack of clarity about rules of the road for peacetime, and the norms and laws that do and will govern offensive cyber operations in peacetime [are] still highly malleable,” explained Robert Morgus, a policy analyst with D.C.-based think tank New America. “This means that operations conducted by the U.S. and others are highly influential in shaping those rules, and pushing the red line too far — while useful for short-term strategic goals like disrupting the Iranian nuclear program — may prove detrimental to global stability in the long run,” he added.  ... “it’s important to draw a line between offensive cyber operations conducted for espionage or intelligence gathering purposes and offensive computer network operations,” he said.

Google Sprints Ahead in AI Building Blocks, Leaving Rivals Wary

"It’s the next big area, and people are worried Google’s going to own the show," said Ed Lazowska, a computer science professor at the University of Washington who has served on the technical advisory board of Microsoft Corp.’s research lab. "There is a network effect, and it’s a really excellent system." Google initially used TensorFlow internally for products like its Inbox and Photos apps. The company made it available for free in November. Technology companies like Microsoft Corp., Amazon.com Inc. and Samsung Electronics Co. rushed to give away their own versions, hoping to get the most outside developers using their standards.  The company that wins will benefit from the collective efforts of thousands of developers using, but also updating and improving, its system. That’s an advantage when it comes time to make money from the new asset.

Cloud Services Now Account For A Third Of IT Outsourcing Market

We’ve known for some time now that the as-a-service sector has been eating into the market share of traditional service providers. How else to explain that contract counts are soaring, but contract values are remaining relatively stagnant in the traditional market? We knew anecdotally that a lot of client work was moving to the public cloud infrastructure and cloud software markets, and we also knew it was time to begin an empirical measurement of that growing shift. That’s why we decided to move beyond our initial examinations of this phenomenon and officially expand the coverage of our [index]. The drivers for cloud have changed noticeably over the past three years. Initially, cloud interest and adoption was concentrated primarily on cost reduction, in line with what we traditionally have seen as a driver for outsourcing.

Trojanized Remote-Access Tool Spreads Malware

"There is no problem with detecting the malware," Vasily Berdnikov, a security expert at Kaspersky, tells Information Security Media Group. "The problem is that, in this case, the malware came packed with legitimate software. The thinking behind this strategy is simple: Criminals expect that the system administrator will simply ignore the warning from the security solution, because he will be sure that he is downloading legitimate software from the legitimate source." Attackers have long favored gaining access to remote-access tools present inside victim organizations, because they provide an easy way to remotely launch further attacks or exfiltrate data. But Berdnikov says this is the first time Kaspersky's researchers have seen a criminal group hide malware inside a legitimate remote-access tool.

Effective Third-Party Risk Assessment – A Balancing Process

The very practical need for thorough third-party assessments is the fact that third-parties are increasingly targeted by criminals, and continue to be the primary source of breach incidents. Rather than attempt to breach the systems of large and usually well protected company networks, criminals look for the weakest link in the chain, which is all too often a third-party. The growing demand for more comprehensive third-party assessments necessarily requires expanded resources, budgets and timelines for completion. These needs run contrary to very real budget and staff constraints, and the pace at which business units need to bring new (often web/cloud based) products and services to market. So, how do you satisfy the growing demand for more comprehensive assessments of third-party risk controls without substantially increasing the cost and time for conducting assessments?

Quote for the day:

"In the realm of ideas everything depends on enthusiasm. In the real world all rests on perseverance." -- Johann Wolfgang von Goethe