July 24, 2016

Tech giants silent on new Russian surveillance law

"The companies for whom this is a real problem are the Russian telecom providers," she added, who face huge data retention mandates quite separate from the encryption requirements. "They have said [the law] will cost them trillions of roubles." One foreign company, Panama-based NordVPN, is "doubling down" on it's commitment to privacy and anonymity in Russia, according to Jodi Myers, the company's head of public relations and marketing. "Our aim is to make this simple, for the less technical user," she said. But she added the firm was taking steps to "double encrypt" traffic from its Russian users. "We do not have the key [to unlock their users' encrypted internet traffic] and we do not store any customer data on our servers — not in Russia, not anywhere."


The Insider Threat: Are You at Risk?

Shadow IT happens when someone in a line of business pulls out a credit card and signs up for an app without going through the IT department. If you don’t know an app exists, you can’t make sure the right people have access to it or that appropriate access controls are put in place to protect the information stored there. You also can’t guarantee that the disgruntled employee you just fired had access revoked. Shadow IT is hard to spot because you don’t know what you don’t know. However, if things are tense with the lines of business you support, chances are good they are resorting to shadow IT. When the IT department is forced to say no to line-of-business requests for easier access, well-meaning employees, who just want to get their work done, find their own solutions.


What is a Modern Business Intelligence Platform?

Modern Business Intelligence platforms offer end-to-end capabilities, enabling users to take advantage of self-service to answer questions. Gartner defined modern BI in their most recent Magic Quadrant report, saying: “The evolution and sophistication of the self-service data preparation and data discovery capabilities available in the market has shifted the focus of buyers in the BI and analytics platform market — toward easy-to-use tools that support a full range of analytic workflow capabilities and do not require significant involvement from IT to predefine data models upfront as a prerequisite to analysis.” Datameer’s CEO builds upon these ideas in this video for Big Data & Brews, explaining that forward-thinking enterprises are moving past IT-led BI and analytics solutions for offerings that can be managed autonomously by the end-user.


Best practices for managing the security of BYOD smartphones and tablets

Attempts to foist strict controls on how employees use devices can backfire, causing staff to use workarounds that expose the company to even more risk. When setting security policies for BYOD phones and tablets, consult those employees who will be subject to them. Gartner gives the example of forcing users to input a complex passcode every time they want to use the device. "Once users experience this, they quickly become annoyed with IT, due to the extreme inconvenience of making it difficult to text/email while on the move," the report states. A good compromise in this example would be a simple four-digit numeric passcode to unlock the device, with a more complex passcode for accessing corporate data, suggests Gartner.


Container Best Practices

Container technology is a popular packaging method for developers and system administrators to build, ship and run distributed applications. Production use of image-based container technology requires a disciplined approach to development. This document provides guidance and recommendations for creating and managing images to control application lifecycle. ... As you begin to contemplate the containerization of your application, there are number of factors that should be considered prior to authoring a Dockerfile. You will want to plan out everything from how to start the application, to network considerations, to making sure your image is architected in a way that can run in multiple environments like Atomic Host or OpenShift.


Auto Industry Publishes Its First Set Of Cybersecurity Best Practices

The Auto-ISAC provides a mechanism for its members to share vulnerability information, conduct analysis and develop solutions that are beneficial to both the industry and its customers. Approximately a third of the vehicles on the road today in the U.S. include some connectivity that has the potential to provide a pathway into vehicle control systems. So far none of the publicly demonstrated remote takeovers on systems like Chrysler’s UConnect or GM’s OnStar have been easy to implement and only one vehicle at a time can be attacked. By the mid-2020s, virtually all new vehicles will have data connections. As we add more driver assist and automation features, the potential for a bad actor to target the transportation system and either steal data, strand vehicles or send them crashing into each other will be vastly larger.


4 security best practices to learn from the FDIC's data breaches

Apparently, departing employees accidentally grabbed financial information from FDIC loan applicants while transferring their personal data to USB keys. Davidson quotes Representative Don Beyer, ranking Democrat on the House Science, Space and Technology oversight subcommittee, talking to Lawrence Gross, FDIC's chief information and chief privacy officer: "I have a hard time understanding how you can inadvertently download ten thousand customer records." Davidson continues, "Ten thousand was the low end. One case involved forty-nine thousand records. Gross's contention that the former employees 'were not computer proficient' only made matters worse."


How to Deal with COTS Products in a DevOps World

The primary objective of DevOps is to increase the speed of delivery at reliable quality. To achieve this, good configuration management is crucial as the level of control at higher speed of delivery becomes more and more important (while riding a bike you might take your hands off the handle bar once in a while, but a formula one driver is practically glued to the steering wheel). Yet commercial-off-the-shelf (COTS) products often don’t provide any obvious ways to manage them like you manage your custom software. This is a real challenge for large organisations who deal with a mixed technology landscape. In this article I will explore ways to apply modern DevOps practices when dealing with COTS products.


Facial biometric authentication on your connected devices

The purpose of this post is to clarify the understanding of facial recognition as well as trying to guide you to understand how to build these programming frameworks and host them that can be used to deliver the same feature across your devices. Now you can of course build the system on one of your hardware device or one of the mobile phone but what if you have to connected multiple devices and perform the same actions on all of those devices? In such cases, adding a simple program to each one of them an then maintaining them won't be a good idea. That is why, in this guide I will show you how to build a server too. The server would be able to handle the requests, process the data being sent and generate the responses.


Digital Disruption for Enterprise Architecture

Jeanne says one thing is becoming increasingly clear–enterprises will not be successful if they are not architected to execute their firm’s business strategies. At the very same time, she has found with the companies (existing successful enterprises) that she talks to believe their success is not guaranteed in the digital economy. ... Digital strategies were forcing companies around a rallying point but surprisingly there was not much distinction behind the rallying point more than, “I want to be the Amazon or Uber of my industry”. But Jeanne claims this is okay because competitive advantage is not going to be about strategy but instead about execution. And being the best at execution is going to eventually take you in a different direction than other market participants.



Quote for the day:


"There is no decision that we can make that doesn't come with some sort of balance or sacrifice." --@SimonSinek