Daily Tech Digest - December 01, 2016

‘Cybersecurity has become a full-time job’ in healthcare

“Cybersecurity has become a full-time job,” Karl West, CISO of Intermountain Healthcare in Utah, said at AEHIX, an adjunct conference to the College of Healthcare Information Management Executives (CHIME) Fall CIO Summit this month in Phoenix. “There is a call for all of us to do better,” West said. He said that healthcare may only be at 30 percent to 50 percent of compliance with the required security regulations. Healthcare trails other industries in this area because it has spent so much money on transforming care with IT, while cybersecurity has ended up taking a back seat. At the annual U.S. News and World Report Healthcare of Tomorrow summit held earlier this month in Washington, D.C., Dr. Brian Jacobs, CMIO of Children’s National Medical Center, said that the hospital now dedicates 19 percent of its IT budget to security, Politico reported.


Destructive Hacks Strike Saudi Arabia, Posing Challenge to Trump

The ferocity of the attacks appear to have caught Saudi officials by surprise. Thousands of computers were destroyed at the headquarters of Saudi’s General Authority of Civil Aviation, erasing critical data and bringing operations there to a halt for several days, according to the people familiar with the investigation. There have been no reports of widespread transportation interruptions at the King Khalid International Airport in Riyadh or the other major airports. A spokesman for the aviation authority in Riyadh didn’t immediately respond to phone calls and e-mails requesting comment. The people familiar with the probe didn’t identify the other targets but one said they were all inside Saudi Arabia and included other government ministries in the kingdom, a country where information is highly controlled.


Most Organizations Not Adequately Prepared for Cyber Attacks: Marsh Cyber Handbook

While cyber breaches are one of the most likely and expensive threats to corporations, few companies can quantify how great their cyber risk exposure is, which prevents them from protecting themselves,” according to an article in the handbook titled, “Can You Put a Dollar Amount on Your Company’s Cyber Risk?” “Most managers rely on qualitative guidance from ‘heat maps’ that describe their vulnerability as ‘low’ or ‘high’ based on vague estimates that lump together frequent small losses and rare large losses,” adds the article.... The challenge is “to build a smart, well-designed, cyber risk model that’s able to analyze potential direct revenue, liability, and brand loss scenarios.


IoT to Get Security, Gateway Benchmarks

The working group for the gateway benchmark aims to deliver system-level benchmarks measuring overall throughput, latency and energy consumption for node-to-cloud communications. It will probably start with an industrial profile but has not yet specified what parameters it will measure. The group currently includes members from ARM, Dell, Flex and Intel and hopes to deliver a complete spec by next fall. It will use workloads generated across multiple physical ports to test multiple system components including the processor, physical and wireless interfaces and the operating system. “Today, without a standardized methodology, IoT gateway benchmarking is not realistic,” said Paul Teich, a principal analyst at Tirias Research and technical advisor to EEMBC.


MongoDB-as-a-Service on Pivotal Cloud Foundry

Mallika Iyer and Sam Weaver cover a brief overview of Pivotal Cloud Foundry and deep dive into running MongoDB as a managed service on this platform. The MongoDB service for Pivotal Cloud Foundry leverages the capabilities of Bosh 2.0 for on-demand-dynamic provisioning for services while maintaining an integration with MongoDB's Cloud Ops Manager, to provide the best of both: PCF and MongoDB. Mallika Iyer is a Principal Software Engineer at Pivotal, and spends a lot of time building Bosh-managed services on that run on Pivotal Cloud Foundry. She is a cloud architect and has an extensive background in NoSQL and Large-Scale Search. Sam Weaver is the Product Manager for Developer Experience at MongoDB, based in New York.


Data Breach Preparation and Response: Breaches are Certain, Impact is Not

It is a good practice to map out what you believe to be the Breach Breakdown in some sort of visual manner so that you can more clearly define your working hypothesis. You should also include a timeline of events that represents the chronological progression of the attack. This will be of particular interest to executives and general counsel as they prepare statements regarding what happened and when. In addition, you should also maintain a partner list of the impacted systems represented in the diagram. This list should include additional system details such as IP address, hostname, OS, system function (ie, webserver, database, workstation), and method of compromise.


The real effect Google's Pixel phone is having on Android

Features unique to the Pixel, such as the Google Assistant, the Pixel camera, and Daydream ... plus the smartphone's deeper app integration [and] increased prominence of Android Pay ... will ultimately lead to users spending more money on Android, according to the research note. Morgan Stanley's analysts also predict that these features could see the Pixel driving higher mobile search monetization for Google as advertisers will spend more to reach the consumers who spend the most on their mobiles. And there you have it. The Pixel is ultimately a vessel for Google to bring its own mobile vision directly to mainstream users. That benefits Google as a company, and it benefits us as consumers who carry Android phones.


Disaster recovery testing: A vital part of the DR plan

The cost of implementing disaster recovery is directly affected by the level of recovery required so, to contain costs, applications have to be prioritised against a set of metrics that determine recovery requirements. Recovery time objective (RTO) describes the amount of time a business application can tolerate being unavailable, usually measured in hours, minutes or seconds. We can imagine applications that deliver core banking for financial organisations have an RTO=0, whereas some back-end reporting functions may have an RTO of up to 4 hours. Recovery point objective (RPO) describes the previous point in time from which an application should be recovered. To use our banking example again, an RPO of zero will be expected for most applications – we don’t want to accept any lost transactions.


How is runtime as a service different from PaaS or IaaS?

RaaS differs from platform as a service (PaaS) because the environment is long-running in many PaaS systems, but they automatically scale the application up or down like RaaS does. Additionally, a traditional PaaS deployment limits developers to a specific application framework. With many RaaS concepts, developers essentially deploy code in a container that starts on-demand. The major thing to focus on when building an application using RaaS is minimal bootstrapping, so the runtime can start up, execute and close down quickly. Infrastructure as a service (IaaS) is a traditional cloud computing service where companies pay by the hour for compute environments, whether they're actively used or idle. While it's the least efficient form of cloud computing, IaaS is still the go-to for most companies, primarily because it's the most similar to traditional programming


The Hardest Part About Microservices

The journey to microservices is just that: a journey. It will be different for each company. There are no hard and fast rules, only tradeoffs. Copying what works for one company just because it appears to work at this one instant is an attempt to skip the process and journey and will not work. And the point to make here is that your enterprise is not Netflix. In fact, I’d argue that for however complex the domain is at Netflix, it’s not as complicated as it is at your legacy enterprise. Searching for and showing movies, posting tweets, updating a LinkedIn profile, etc., are all a lot simpler than your insurance claims processing systems. These internet companies went to microservices because of speed to market, sheer volume, and scale



Quote for the day:


"I think we ought to read only the kind of books that wound and stab us. If the book we are reading doesn't wake us up with a blow on the head, what are we reading it for?" -- Franz Kafka,