Daily Tech Digest - April 24, 2017

Why Your HR Department Should Embrace Design Thinking

Design succeeds when it finds ideal solutions based on the real needs of real people. In a recent Harvard Business Review article on the evolution of design thinking, Jon Kolko noted, "People need their interactions with technologies and other complex systems to be simple, intuitive, and pleasurable. Design is empathic, and thus implicitly drives a more thoughtful, human approach to business." When done well, human centered design enhances the user experience at every touch point, and fuels the creation of products and services that deeply resonate with customers. Human centered design is foundational to the success of companies like SAP, Warby Parker, and AirBnB. ... To delight employees, Cisco has identified "moments that matter" -- such as joining the organization, changing jobs, and managing family emergencies -- and redesigned its employee services around these moments.


Healthcare Records For Sale On Dark Web

In addition, the majority of software developers and system administrators are not accustomed to working in an environment containing federally regulated information such as ePHI, Copolitco wrote. Security controls may chafe developers as they have to adjust how they do things. “All companies who have a compliance obligation must remember that the point of HIPAA compliance is to impose a certain level of security, said Reed. “Security is the ultimate goal, not necessarily compliance. Compliance comes as a result of having a good security program. Being compliant does not mean you are secure; it merely means you have 'checked the boxes.'” An HHS Office for Civil Rights official stated at the recent HIMSS and Healthcare IT News Privacy & Security Forum in Boston that the organization will be conducting on-site audits of hospitals in 2017 and that OCR is engaged in over 200 audits at the moment.


Coffee With a Data Scientist: Avkash Chauhan

No matter what I have done throughout my career "data" has always played a very important part. Over the years, I've recognized how data has transformed the business and engineering part of development. Machine learning is no longer limited to large enterprises, and smaller companies are ready to get involved and take advantage of its benefits. Also, with the proven results from deep neural networks in various fields, it is clear that this is the time when machine learning and deep neural networks will play a very important role in technology going forward. I suppose my interests in data science are very well timed for the rise of machine learning. It is certain that technology changes everything time and time again, and for every programmer, self-transformation is an important step to keep relevant and competent in an ever-changing field.


The Hardest Thing About Doing a Startup

I have found the ‘N+1 Syndrome’ to be the most common reason, especially among accomplished professionals who are doing well in their current gig. The thinking goes like this: You are earning well, you have a good name at work, your families are comfortable, and most importantly, you get that nice paycheck at the end of the month! Yes, you have this exciting idea, the thought of not reporting to a stupid boss is enticing, the lure of hitting that IPO jackpot, becoming famous, and retiring by the time you are 40 is tantalizing! You are going to do it, yes! No-one is better qualified! You will just get this one little thing out of the way, and then you are set! Most even have excellent ideas for the new business, but somehow they keep moving the start date forward by a year, then another year, and another.


Google Says Machine Learning Chips Make AI Faster and More Efficient

For context, CPUs, or central processing units, are the processors that have been at the heart of most computers since the 1960s. But they are not well-suited to the incredibly high computational requirements of modern machine learning approaches, in particular deep learning. In the late 2000s, researchers discovered that graphics cards were better suited for the highly parallel nature of these tasks, and GPUs, or graphics processing units, became the de facto technology for implementing neural networks. But as Google’s use of machine learning continued to expand, they wanted something custom built for their needs. “The need for TPUs really emerged about six years ago, when we started using computationally expensive deep learning models in more and more places throughout our products.


Why There Is No API Security

To understand why APIs inherently lack security, you must understand that API exploits attempt to compromise the application in one of two ways. The first is through application programming errors that attempt to reveal data or impair the operation of the application. These exploits manifest themselves through malicious inputs like SQL injection, cross-site scripting, and other such attempts at exposing data. Generally, applications can be secured against programming errors. This is often an iterative approach that can take months to years of use, testing, patching and retesting, but it can be done. The second avenue is through attempts to exploit the business logic of the application to create unauthorized access or fraudulent transactions. The harder portion to identify and stop are the exploits of business logic. Applications are being designed to deliver micro-services which expose a large number of interfaces to the Internet.


An untold cost of ransomware: It will change how you operate

Even if the backup looks promising, there is no easy button. The people creating ransomware know that backups can stand between them and their payday. There are a lot of cases where Microsoft Volume Shadow Copies have been destroyed by ransomware. If you leave your backups online so you can have quick recovery, you may find that ransomware can actually delete or corrupt your backups. This is not uncommon; ead the user groups from various backup companies and you’ll see the sad tales of woes. If you are not concerned enough, there are other potential dangers to your backups. They need to be airlocked from systems your users have access to. Before you bring your backups online, make sure the affected computers are off of the network. You need to be absolutely certain that those systems can’t access the backup.


Researchers build a microprocessor from flexible materials

TMDs are compounds composed of a transition metal such as molybdenum or tungsten and a chalcogen (typically sulfur, selenium or tellurium, although oxygen is also a chalcogen). Like graphene, they form into layers. But unlike graphene, which conducts electricity like a metal, they are semiconductors, which is great news for flexible chip designers. Stefan Wachter, Dmitry Polyushkin and Thomas Mueller of the Institute of Photonics, working with Ole Bethge of the Institute of Solid State Electronics in Vienna, decided to use molybdenum disulfide to build their microprocessor. They deposited two molecule-thick layers of it on a silicon substrate, etched with their circuit design and separated by a layer of aluminium oxide. "The substrate fulfills no other function than acting as a carrier medium and could thus be replaced by glass or any other material, including flexible substrates," they wrote.


CIO Jury: 50% of tech leaders are implementing DevOps

DevOps implementations also vary from company to company. At business law firm Benesch, Friedlander, Coplan & Aronoff LLP, "I think the real focus is on agile communication and client outcomes, versus delivery," said CIO Jerry Justice. "[It's about] creating a solid feedback loop so you can adjust targets and timings." However, not all companies are ready to fully jump on board the new workflow. While Simon Johns, IT director at Sheppard Robson Architects LLP, said the firm has yet to implement DevOps, he also said that "there are elements of the 'philosophy' I would like to introduce into our workflows—build fast, fail fast type of situations." David Wilson, director of IT services at VectorCSP, said he doesn't plan to implement the workflow. "After nearly 30 years of IT experience, I doubt any of those large software companies are really investing in this," Wilson said.


Securing Risky Newok Ports

While some network ports make good entry points for attackers, others make good escape routes. TCP/UDP port 53 for DNS offers an exit strategy. Once criminal hackers inside the network have their prize, all they need to do to get it out the door is use readily available software that turns data into DNS traffic. “DNS is rarely monitored and even more rarely filtered,” says Norby. Once the attackers safely escort the data beyond the enterprise, they simply send it through their DNS server, which they have uniquely designed to translate it back into its original form. The more commonly used a port is, the easier it can be to sneak attacks in with all the other packets. TCP port 80 for HTTP supports the web traffic that web browsers receive. According to Norby, attacks on web clients that travel over port 80 include SQL injections, cross-site request forgeries, cross-site scripting, and buffer overruns.



Quote for the day:


Leadership: "If you are not building for the long term you are doing the wrong thing." --@Bill_George


Daily Tech Digest - April 23, 2017

Delaware Law Amendments Would Facilitate Blockchain Maintenance of Corporate Records

According to Vice Chancellor J. Travis Laster, the blockchain could help to remove the middleman when it comes to how shares are held and voted, as at present they are operating on an outdated system that is too complex to determine who owns a share and how it’s used in decision making. Delaware is just one state in the U.S. that is showing an increased interest in the distributed ledger. Only recently, the Senate in the state of New Hampshire considered a blockchain bill that would deregulate digital currency transactions such as bitcoin from money transmitter regulations in the state. By doing so, the bill is designed to protect consumers when using digital currencies such as bitcoin instead of making them register with money transmitter regulators.


Do Collaboration Tools Create Security Risks For Your Business?

The business world is abuzz with the benefits of collaboration tools: less reliance on email, more organic collaboration on projects and better communication and relationships between teams. Collaboration tools encompass many solutions, including video conferencing, VoIP, document sharing and instant messaging. However, it is also important to think about the security risks that are inherent in tools such as document collaboration platforms, presentation software, remote support tools and virtual events. Each of these can create potential security threats, and evaluating vulnerabilities – and viable solutions – should be a sustainable part of your tool-selection process.


What’s To Do Before Ethereum Enters Its Third 'Metropolis' Stage?

One tricky part is making changes to all ethereum clients, no matter what programming language they're written in, in lockstep. Ethereum Foundation's Khokhlov has been writing tests using a tool called Hive to ensure not only that the clients implement the changes correctly, but that all clients agree on consensus-level changes. That's because if all clients don’t follow the same rules, there could be an accidental split into different networks (as happened briefly in November). Just like former phase changes Frontier and Homestead, the shift to Metropolis requires a 'hard fork' – meaning nodes or miners that fail to upgrade to the new blockchain will be left behind. Because of the possibility of an inadvertent split, hard forks are controversial and taken very seriously.


How IoT and Big Data are tackling Africa’s problems

“All solar systems are monitored in real time through the cloud,” Fruhen announced at a recent tech event in Nairobi. “Five years [ago] when we were founded nobody was thinking about IoT or Big Data but now we collect over 30 million payment notifications every year.” He added that they have more than one million device readings every day. This is from the batteries to temperature of the devices and sensors. Additionally, they have geographical data on where the devices are located. They also have 450,000 rooftop sunshine readings every day. They have calculated that they have saved their users US$338 million since they started, five years ago. “Cloud is the enabler for all these,” he reiterated. “We have 680 terabits of data on our platform.” The company has used its data to provide upgrade devices to users who have finished their solar loan.


5 Ways Cloud Vendors are Dealing with Data Privacy Concerns

Today, cloud vendors are designing managed cloud services from the ground up to meet the most advanced data security requirements, giving current and prospective customers the peace of mind that their data is private and secure. They should also deliver across-the-board support for every aspect of cloud security including physical security, network security, data protection, monitoring, and access controls. Data encryption for data in flight and at rest along with tokenisation of sensitive data items are strategies that can help improve Data Security and help to meet the most stringent of data privacy requirements. Cloud vendors understand that any successful cloud security solution requires close collaboration between you and your cloud service provider, knowing that it’s critical that your organisation has a programme that covers everything from data governance and compliance to cloud user access.


9 Essential #EdTech Ideas to Share With Your Team

To deny that tech will be important to students' futures seems unthinkable. But it's not enough to recognize students will need tech to be successful. Your students also need to see you as a willing learner of technology. They need to see you as a learner period. And it's a shame if you aren't leveraging your skills as a teacher because you aren't willing to learn technology. All of your teacher skills are priceless, but they can be even more relevant and powerful if you know how to effectively use technology for learning, too. ... Lots of kids like to use technology. But using tech because it is engaging isn't as important as using it because your students are engaged. If your students are curious and motivated learners, they will have questions that need answers. They will want to create and share new knowledge.


Learning to Think Like a Computer

Computational thinking is not new. Seymour Papert, a pioneer in artificial intelligence and an M.I.T. professor, used the term in 1980 to envision how children could use computers to learn. But Jeannette M. Wing, in charge of basic research at Microsoft and former professor at Carnegie Mellon, gets credit for making it fashionable. In 2006, on the heels of the dot-com bust and plunging computer science enrollments, Dr. Wing wrote a trade journal piece, “Computational Thinking.” It was intended as a salve for a struggling field. “Things were so bad that some universities were thinking of closing down computer science departments,” she recalled. Some now consider her article a manifesto for embracing a computing mind-set. Like any big idea, there is disagreement about computational thinking — its broad usefulness as well as what fits in the circle.


Regression - Professional analyst should be able to answer these three questions.

To produce a regression analysis of inference that can be justified or trustworthy in the sense that helpful. The term in the statistical methods that generate a linear the best estimator is not bias (best linear unbiased estimator) abbreviated BLUE. Then there are some other things that are also important to note, in which the data to be processed, must meet certain requirements. In terms of statistical methods some terms or conditions of the so-called classical assumption test. Because they meet the assumptions of classical statistical coefficient will be obtained which actually became estimator of parameters that can be justified or accurate ... With adjustments being an attempt to fulfill certain requirements (classical assumption) in the regression analysis as a form of simplification in the application of modern economics, which is a form of empirical science.


Google’s New Chip Is a Stepping Stone to Quantum Computing Supremacy

The six-qubit chip is also a test of a manufacturing method in which the qubits and the conventional wiring that controls them are made on separate chips later “bump bonded” together. That approach, a major focus of Google’s team since it was established just over two years ago, is intended to eliminate the extra control lines needed in a larger chip, which can interfere with how qubits function. “That process is all working,” says Martinis. “Now we’re ready to kind of move fast.” Designs for devices with 30 to 50 qubits are already in progress, he says. He briefly flashed up images of the six-qubit chip at the recent IEEE TechIgnite conference in San Bruno, California, but his group has yet to formally disclose technical details.


Data Transformation is the New Digital Transformation

What is data worth? In my 2010 predictions I expected to see “datasets increasingly recognized as a serious, balance sheet-worthy asset”. I was a bit early there. Data is clearly still not a well understood or significant investment category – brand “goodwill” is better accounted for, but there is no doubt that markets value companies perceived to be data rich with higher evaluations than other companies. Data is a moat. IBM acquired the Weather Company for around $2bn according to the Financial Times, and promptly put CEO David Kenny in charge of a swathe of its Watson and Cloud units. Uber now has a business selling data to companies including Starwood, and is leveraging data to make deals the public sector organisations such as the city of Boston. But taking advantage of data is hard – requiring entirely new skill sets. Valuing it is hard. Cleaning it is hard. Querying it is hard. Managing and maintaining it is hard.



Quote for the day:


"A problem is only a problem when viewed as a problem." -- Robin Sharma


Daily Tech Digest - April 22, 2017

How Indonesia is preparing its fintech ecosystem

“Trust in online payments and consistent education to accept new ways to pay are the two major challenges that we are currently facing,” explains Doku chief operating officer, Nabilah Alsagoff. “Most Indonesians are still comfortable and pretty much rely on bank transfer and COD as their preferred method of payments.” One of Doku’s main aims is to make e-commerce systems easier to navigate for both customers and merchants, she says. The ultimate goal is to be a part of Indonesians’ daily payment habits via e-money, especially for the unbanked in a country of over 250 million where only 65 million are bank account holders. But not only is access to customers a barrier, so too are laws and regulations. Most fintech players feel that the regulation in Indonesia is still in [a] grey area.


Indian techies, IT firms fret as Donald Trump orders US visa review

More broadly, uncertainty over the review announced this week has unsettled Grishma and many others like her. She will have to wait until at least around August to learn her fate, but having accepted the US job offer she is not in a position to apply for positions elsewhere, including in Europe. "It's pretty debilitating," Grishma told Reuters. "I'd like to start work to mitigate the financial damage." Trump's decision was not a huge surprise, given his election campaign pledge to put American jobs first. But the executive order he signed, though vague in many areas, has prompted thousands of foreign workers already in the United States or applying for visas to work there to re-think their plans. Companies who send them also face huge uncertainty.


How one company uses big data to maximize yields and minimize impact

The systems Vegis and her team have built are hosted on Bluemix, IBM's data storage, processing, and analytics cloud. "IBM's tools have enabled us to save both time and money on programming and development," Vegis said. With the initial hurdle of developing machine learning systems and processing data already accomplished, Foris.io has been able to actually gather data instead of just planning for it. According to Vegis, cognitive computing platforms like Watson allow them to "take concept to prototype in a shorter period of time, which we know will improve our chances of securing funding." That doesn't just apply to her and Foris.io—it's a huge benefit for all tech innovators. With a probe installed, data gathering begins. The devices, capable of transmitting data several kilometers, measure moisture, pH level, salinity, temperature, and other factors


25 Predictions About The Future Of Big Data

A flexible structure is just as important today as business needs are changing at an accelerating pace and it allows IT to be responsive in meeting new business requirements, hence the need for an information architecture for ingestion, storage, and consumption of data sources. One of the challenges facing enterprises today is that they have an ERP (like SAP, Oracle, etc.), internal data sources, external data sources and what ends up happening is that “spread-marts” (commonly referred to as Excel Spreadsheets) start proliferating data. Different resources download data from differing (and sometimes the same) sources creating dissimilar answers to the same question. This proliferation of data within the enterprise utilizes precious storage that is already overflowing - causing duplication and wasted resources without standardized or common business rules.


Introducing ‘Operator 4.0,’ a tech-augmented human worker

Human work will become more versatile and creative. Robots and people will work more closely together than ever before. People will use their unique abilities to innovate, collaborate and adapt to new situations. They will handle challenging tasks with knowledge-based reasoning. Machines enabled by the technologies that are now becoming commonplace – virtual assistants like Siri and Alexa, wearable sensors like FitBits and smart watches – will take care of tedious work details. People will still be essential on the factory floors, even as robots become more common. Future operators will have technical support and be super-strong, super-informed, super-safe and constantly connected. We call this new generation of tech-augmented human workers, both on factory floors and in offices, “Operator 4.0.”


Fintech CEO Talks Cross-Border Pain Point Removal

Looking at payments through a global (rather that U.S.-based) lens, 2017 is not going to be a year of leap-frog innovations, but rather a year of incremental improvements focused on country-by-country wins. As mobile infrastructure continues to expand and the Internet reaches an additional two billion people in markets where access was previously nonexistent, we’re bound to see a spike in demand for online and mobile purchases. At the same time, the payment methods landscape will only become more fragmented, requiring payment platforms to optimize between multiple payment options, acquirers and processors, handle currency conversions cost-effectively and transparently, and account for numerous legislative nuances across multiple markets. Decades-old payments systems won’t cut here.


People Re-engineering How-to’s: Mentoring As A Service

The mess comes in what the older cohort in the business see in the self-organizing abilities and discipline in the personalities of the newcomers. I personally disagree with this 'mess theory' and see it as a normal difference in perspectives between generations that were professionally made in different ecosystems, with sharp differences in tempo and culture. Actually it’s our role (as veterans in the craft) to stretch a good hand to get the newcomers professionally in shape seamlessly and gracefully. So what’s the problem, then? Well, that becomes an issue when resources to coach these hordes of not-yet-matured practitioners are not enough. Especially when we remember the sometimes insane pressures on teams and leaders to meet their schedules, leaving very little space for helping juniors outside what’s barely needed to get them 'technically productive'.


Legal impact of data protection and management in the digital age

Regardless of the cause, the threat of data breaches is imminent and can have severe repercussions for organizations, especially if they are found guilty of failing to take sufficient measures to secure their data. Singapore's data protection law has one of the highest fines in Asia with each breach subject to a potential fine of S$1 million. Similarly, breaching Europe’s new General Data Protection Regulation can result in a fine of the larger of either 20 million Euro or 4 per cent of the organization’s global annual turnover. Beyond financial penalties, a data breach can cause irreversible damage to a company’s reputation as well as potentially significant damages payable in civil liability to third parties, not to mention possible personal criminal liability for senior management. Organizations should be well aware of the prevailing legal regulations that govern ever growing popular technology solutions such as cloud storage, collection, analysis, and offshore storage of customer data.


Huawei’s CEO Eric Xu talks wearables, Cloud, AI, and more

AI will be everywhere in our products, in our technologies, and in our operations. And I believe AI can bring value in each and every one of those aspects. In the Telco markets, we've been talking about the technology of AI to build what we call a network brain. The whole notion of this network brain is to help telecom operators to be more intelligent as they build, run, and manage their network. Also, we have tried to bring artificial intelligence into smartphones. Last year we launched Huawei Magic; a concept phone with AI capabilities built into it. The idea was to show how the phones would evolve from smartphones to intelligent phones.  And then our network and cloud service - no matter whether it's Public Cloud or Private Cloud - we also inject the capabilities of AI into the Cloud platform to better enable enterprises.


Why You Must Build Cybersecurity Into Your Applications

“Companies face a terrible choice: either they turn their business into software and they accept the fact that they’re going to have rampant vulnerabilities and breaches or they let their competition win the innovation race. And everyone chooses software,” said Williams. “But as a result, we’re going to have 111 billion new lines of code in 2017. And the problem is that these legacy tools, dynamic analysis tools, static analysis tools and web application firewalls, were invented in the early 2000s. They’re absolutely incapable of scaling to the level of modern software.” This requires an approach that uses automation. Every business that has been around for more than five years will have legacy software integration challenges, which requires developing new code. Companies are constantly integrating new software platforms with older systems and a cybersecurity platform has to be able to protect all of these assets.



Quote for the day:


"Sometimes the questions are complicated and the answers are simple." -- Dr. Seuss


Daily Tech Digest - April 21, 2017

A Vigilante Hacker May Have Built A Computer Worm To Protect The IoT

Symantec has found some possible proof. The company noticed that the computer worm has been leaving a message over infected devices since at least March, Grange said. That message has been digitally signed and fetched in a way that leaves little doubt it comes from Hajime's developer. The short message doesn't reveal anything about the Hajime developer's identity. But the vigilante hacker is aware the security community has been studying the Hajime worm. One clue: The mysterious developer refers to himself or herself as the "Hajime author" in the message the worm has been leaving behind. However, it was actually security researchers at Rapidity Networks that came up with the name Hajime, which is Japanese for the term "beginning."


Australia's bold plan for cybersecurity growth

The SCP is intended to "identify the challenges Australian organisations face when competing in local and international cyber security markets". "The SCP provides a roadmap to strengthen Australia's cyber security industry and pave the way for a vibrant and innovative ecosystem. It articulates the steps and actions required to help Australia become a global leader in cyber security solutions, with the aim of generating increased investment and jobs for the Australian economy," it says. The SCP was launched by Senator Arthur Sinodinos, Minister for Minister for Industry, Innovation and Science. "The aspiration, and it's set out here in this plan so clearly, is to be a global leader in this space," Sinodinos said.


Even small firms can tap into value through data wrangling

Chances are, small businesses already have a fairly large amount of data collected, particularly if they have been in business for at least a year. Even if the business is older and had not begun in the digital age, and does not have many electronic records, the paper records still contain data. Sales slips, time cards, order forms, all of these have data worth analyzing. Perhaps the records are a mix of paper and electronic records. Maybe more recent inventory records are recorded in a spreadsheet, while the older information is kept in a hand-written ledger. It would be worth the business owner’s while to digitize the paper records. This will require an initial output of resources, but the time spent scanning images or entering data into a database program will be paid back in the time saved by the staff not having to dig through paper files looking for information in addition to gaining the ability to query these records.


Microsoft launches 'IoT-as-a-service' offering for enterprises

The Microsoft spokesperson added that the new offering will help IoT product manufacturers "that value time to market with technical stack prescribed and managed for them". "It is designed to enable the rapid innovation, design, configuration, and integration of smart products with enterprise-grade systems and applications to reduce product manufacturers' go-to-market cycle and increase the speed at which they can innovate so they can stay ahead of their competition and deliver smart products that delight their customers," the spokesperson told ZDNet. IoT Central is vertically and horizontally agnostic, though the spokesperson said its early adopters happen to operate in the manufacturing and engineering industries such as ThyssenKrupp Elevator, Sandvik Coromant, and Rolls-Royce.


Artificial intelligence: fulfilling the failed promise of big data

According to Forrester’s Business Technographics survey of over 3,000 global technology and business decision makers from last year, 41percent of global firms are already investing in AI and another 20 percent are planning to invest in the next year. Most large enterprises’ first foray into AI is with chatbots for customer service, what we call “conversational service solutions.” These run the gamut from hard coded rules-based chatbots which aren’t artificially intelligent to very sophisticated engines using a combination of NLP, NLG, and deep learning. From a customer insights perspective, many companies are starting to uses some of the “sensory” components of AI such as image and video analytics and speech analytics to unlock insights from unstructured data.


How the Internet of Things Puts SCADA Systems at Risk

Since OT is technology that was built pre-Internet and is goal-oriented, its security is not always a top priority, Brown said. Others agreed. "I think it's still sort of a nascent field which is ironic because industrial systems, operational systems are from a past era," said Alex Eisen, a security researcher for ForeScout. Eisen later continued, "Think about trains, iron, mechanical engineering, electrical engineering and now we find ourselves in this modern world, information age, where a lot of these hard skills and experience is sort of tucked away." The panel discussed risks to assuming OT and IT systems are not connected. Brown went on to describe multiple attacks that have happened because of unknown entanglement between the two systems. The panelists — which included representatives from SMUD, the Sacramento Regional County Sanitation District, security companies, and others — discussed how OT systems can be protected:


How To Run Your Small Business With Free Open Source Software

Even if you want to stick with a closed source operating system (or, the case of macOS, partially closed source), your business can still take advantage of a vast amount of open source software. The most attractive benefit of doing so: It's generally available to download and run for nothing. While support usually isn't available for such free software, it's frequently offered at an additional cost by the author or a third party. It may be included in a low-cost commercially licensed version as well. Is it possible, then, to run a business entirely on software that can be downloaded for free? There certainly are many options that make it possible — and many more that aren't included in this guide.


Five emerging technologies for rapid digital transformation

To get a sense of what pressures IT leaders were under and how they were dealing with them, I recently sampled just over 50 of the top practitioners in the space with a focus on what I regarded were leading organizations in their industry -- mostly large enterprise CIOs, as well as a few CTOs, CDOs, and EVPs of IT who I knew were pushing the envelope -- to better understand the IT initiatives they are focusing on to becoming more agile. By picking cutting-edge leaders at top organizations, the intent was that the data will show what they're facing and how they're dealing with it this year, in a way that gives more typical organizations time to prepare for what they'll likely face next year and beyond. Unsurprisingly, the data clearly that top IT leaders are feeling much more pressure for their team to move quicker than they ever have in the past.


Surveys show high hopes, deep concerns about IoT

While many have high hopes for IoT, few are on their way to full deployment. The survey found 41 percent of respondents expect IoT to have a big impact on their industries within three years, affecting things like efficiency and differentiated products and services. But only 7 percent said they have a clear vision with implementation well under way. Most companies don't have everything they need to succeed in IoT, with many saying they'll need new technical skills, data integration and analytics capabilities, or even a rethinking of their business model. Thirty-one percent of the executives said their organizations face a "major skills gap" in industrial IoT. The annual developer survey co-sponsored by the open-source Eclipse IoT Working Group, IEEE IoT, Agile IoT and the IoT Council, also found growing adoption along with continuing concerns.


The Value of Exploratory Data Analysis

EDA is valuable to the data scientist to make certain that the results they produce are valid, correctly interpreted, and applicable to the desired business contexts. Outside of ensuring the delivery of technically sound results, EDA also benefits business stakeholders by confirming they are asking the right questions and not biasing the investigation with their assumptions, as well as by providing the context around the problem to make sure the potential value of the data scientist’s output can be maximized. As a bonus, EDA often leads to insights that the business stakeholder or data scientist wouldn’t even think to investigate but that can be hugely informative about the business. In this post, we will give a high level overview of what EDA typically entails and then describe three of the major ways EDA is critical to successfully model and interpret its results.



Quote for the day:


"Our leadership style is defined by who we are and what we do, not by what we say." -- Gordon Tredgold


Daily Tech Digest - April 20, 2017

The three ‘B's’ of cybersecurity for small businesses

Large-scale cyberattacks with eye-watering statistics, like the breach of a billion Yahoo accounts in 2016, grab most of the headlines. But what often gets lost in the noise is how often small and medium-sized organizations find themselves under attack. In the last year, half of American small businesses have been breached by hackers. That includes Meridian Health in Muncie, Indiana, where 1,200 workers’ W-2 forms were stolen when an employee was duped by an email purporting to come from a top company executive. Many small companies are just one fraudulent wire transfer away from going out of business. There’s lots of advice available about how to fight cybercrime, but it’s hard to tell what’s best. I am a scholar of how businesses can more effectively mitigate cyber risk, and my advice is to know the three “B’s” of cybersecurity: Be aware, be organized and be proactive.


Want to Know What’s in a GC Pause? Go Look at the GC Log!

The evidence presented here suggests that the garbage threads were not active for the vast majority of the pause. If the pause was due to background I/O then the GC threads, captured by the OS, should have accumulated an inordinate amount of kernel time, but they didn't. This all suggests that the GC threads were swapped out, and incredibly, not rescheduled for more than 22 seconds! If our app wasn't paused by the garbage collector then the only possibility is that the JVM was paused by the operating system, even if that doesn't seem to make any sense. Fact is, operating systems sometimes do need to perform maintenance, and when this happens, just as is the case with GC, the OS may need to pause everything else. Just like GC pauses coming from a well tuned collector, OS pauses are designed to occur infrequently and be very brief to the point of hardly being noticed.


Machine Learning Paving The Way For Enhanced Marketing

The key thing to remember is that as you supply machine learning software with more data, it keeps on learning and adapting. Other areas in which a machine learning application can help marketers include: Customer segmentation – Machine learning customer segmentation models are very effective at extracting small, homogeneous groups of customers with similar behaviors and preferences. Customer churn prediction – By discovering patterns in the data generated by many customers who churned in the past, churn prediction machine learning forecasting can accurately predict which current customers are at a high risk of churning. This allows proactive churn prevention, an important way to increase revenues. Customer lifetime value forecasting – CRM machine learning systems are an excellent way to predict the customer lifetime value (LTV) of existing customers, both new and veteran.


Cyber security is a ‘people problem’

While people have long been seen as the weakest link in IT security through lack of risk awareness and good security practice, the people problem also includes the skills shortage at a technical level as well as the risk from senior business stakeholders making poor critical decisions around strategy and budgets. Interestingly, the increase in reported skills shortages contrasts with a decrease in those reporting a lack of experience being a market factor. This suggests that as the industry matures the shortage of experienced, senior managerial professionals will reduce and the problem will be felt most acutely in the hands-on technical disciplines. “The survey highlights the continued need for industry, government, academia and professional organisations like the IISP to continue to work hard to attract new entrants and younger people into the industry,” said Piers Wilson, author of the report and director at the IISP.


Inside Story of Building a Global Security Operations Center for Cyber Defense

In this market, what a lot of our customers see is that their biggest challenge is people. There are a lot of people when it comes to setting up MSSPs. The investment that you made is the big differentiator, because it’s not just the technology, it’s the people and process. When I look at the market and the need in this market, there is a lack of talented people. How did you build your process and the people? What did you have to do yourself to build the strength of your bench? Later on we can talk a little bit more about Zayo and how HPE can help put all of this together. ... But within the SOC, our customers require things like customized reporting and even customized instant-response plans that are tailored to meet their unique audits or industry regulations. It’s people, process and tools or technology, as they say. I mean, that is the lifeline of your SOC.


Cutting through the Noise: Is It AI or Pattern Matching?

At any recent security conference lately, you probably have heard hundreds of vendors repeating the words "We have the best artificial intelligence (AI) and machine learning." If you happened to be in one of those conversations and asked "What does that mean?," you probably got a blank stare. Many security consumers are frustrated when marketing pitches don't clearly articulate what AI does in a product to help protect an environment better. There are several dilemmas facing security companies that keep them from being more up-front about how they use AI and machine learning. For some, the concepts are a marketing statement only, and what they call AI and machine learning is actually pattern matching. Also, machine learning relies on a tremendous volume of data to be effective, and there are very few vendors that possess enough of it to be successful in its implementation.


Blockchain: Overhyped buzzword or real-deal enterprise solution?

While the technology has grown in popularity, mainly because it's the basis for the wildly hyped cryptocurrency and payment platform Bitcoin, many experts are still not sure exactly how it works. Even the founder of Bitcoin, Satoshi Nakamoto, is a shadowy figure and no one appears to know with certainty who he is or if the name is a pseudonym for a group of developers. Nakamoto, however, holds one million bitcoins, or the equivalent to $1.1 billion. Angus Champion de Crespigny, blockchain leader at Ernst & Young, called the technology "overhyped" and said many business applications touted as beneficiaries of its use have regulatory or operational issues that can be difficult to solve via one technology alone. "We're seeing interest in using it to propagate security policies and identity access management, but it's early days.


Microsoft Open Sources React Native-Based Cross-Platform Library

"ReactXP is designed with cross-platform development in mind," its site says, though it promises it will only let developers "share most of your code" among platforms. "With React and React Native, your Web app can share most its logic with your iOS and Android apps, but the view layer needs to be implemented separately for each platform. We have taken this a step further and developed a thin cross-platform layer we call ReactXP." Developer Eric Traut provided more information in a blog post. "It builds upon React JS and React Native, allowing you to create apps that span both Web and native with a single code base," he said. Although it's built on both implementations, an FAQ indicates it borrows more heavily from React Native. ... ReactXP is described as a thin abstraction layer built upon and bridging React JS and React Native.


Are We Ready To Bid The SIEM Farewell?

"A lot of the vulnerability is bad configurations which stem from poor consultancy. These things weren't meant for a huge company," Grigg said. He's hardly pointing the finger at anyone to lay blame, as Grigg said that in his earlier years he had likely provided some bad consultancy. "I started to notice buddies of mine who were really good consultants, and watching them do their work, I thought, 'I probably shouldn't be allowed to touch this stuff'. Unfortunately, It's the norm to have bad consultants," Grigg said. Many companies hire a third party to come in as the 'fix it' people. Those that specialized in SIEM platforms, as Grigg eventually did, found themselves "Fixing what was super messed up," he said.  Because so much of the SIEM industry is legacy software that was the same tool just redesigned and rebranded, Grigg said, "Those back doors still exist on there today."


Q&A on The Rise and Fall of Software Recipes

The simplest way to increase value is to implement a policy that ensures that bugs are reproduced in a test case before any attempt to their resolution, so that they can’t happen again without being detected by running the test suite. Not only is the software better by having the bug removed, but the expected behaviour is now formally documented by an executable test case. But there is no such thing as a single best way to debug software. Each software developer has his/her own preferred tool or process to do so. ... When dealing with a buggy piece of software, I add assertions (available in some form in virtually all languages today) that check for the conditions that represent the expected behaviour of the system. I iteratively reduce the scope of my bug (things are all right when entering it, and faulty when exiting it) by adding more and more precise assertions, until I find the source of the problem, and fix it.



Quote for the day:


"A bird isn't afraid of the branch breaking because it's trust is not on the branch, but on it's wings." -- Unknown


Daily Tech Digest - April 19, 2017

AI will create many new jobs — here’s how you can prepare

For humans to be the most productive in their collaboration with machines, they need advanced technology skills that probably exceed their current capabilities. The skills gap must be closed for workers at various levels of competencies and who possess a variety of experiences. Filling such widely disparate skills gaps, bridging the college-to-work gap, and retooling millions of workers into completely new jobs are daunting tasks. Traditional approaches to education have come under pressure due to the costs (student debt in the U.S. is estimated at $1.3 trillion) and questionable efficacy (a late-2016 study showed that nearly half of new college graduates are underemployed). Given the magnitude of the problem, a new approach is necessary. Though not yet widely adopted, adaptive learning is a low-cost, proven, and highly efficient way to equip people from factory workers to physicians with skills — not just in technology, but in other realms as well.


StorageOS goes to market with persistent Docker container storage

StorageOS also optimises storage, tracking where containers are running and ensuring storage remains as local as possible to keep latency down. It aims to tackle the key weakness of storage for container environments – that container storage is not persistent. That means that when containers cease running, whether for planned or unplanned reasons, storage is lost and not resumed when containers are restarted. Containers are gaining popularity because of their ability to be deployed and scaled rapidly. Organisations can deploy a given number of containers to support a campaign launch, for example, then, if demand spikes, more containers can be added, effectively increasing the parallelised operation of the application. These can also be in different locations, so some containers could be run in-house while additional capacity is run from a public cloud.


The benefits and pitfalls of implementing threat intelligence

The industry should aim to achieve a level of interactive integration and cooperation between analysts and their tools, so that they seamlessly play off of each other’s strengths to be better than their sum. The current place where analyst and automation meet are at the SIEM and the threat intelligence platform. The SIEM is the centre of events. The threat intelligence platform (TIP) is where intelligence is managed by the analyst. Your SIEM and TIP should work well enough together that any events that already correlate to threat intelligence can be viewed in the SIEM while the TIP can still be used to research any probable future threats. The experienced analyst is central to the process for the steps that require their intuition, given all of the possible information, to make a decision. Once they make or review decisions they can quickly deploy any changes to the appropriate systems or channels.


Spanner, the Google Database That Mastered Time, Is Now Open to Everyone

To be sure, a few others could build a similar service, namely Amazon and Microsoft. But they haven’t yet. With help from TrueTime, Spanner has provided Google with a competitive advantage in so many different markets. It underpins not only AdWords and Gmail but more than 2,000 other Google services, including Google Photos and the Google Play store. Google gained the ability to juggle online transactions at an unprecedented scale, and thanks to Spanner’s extreme form of data replication, it was able to keep its services up and running with unprecedented consistency. Now Google wants a different kind of competitive advantage in the cloud computing market. It hopes to convince customers that Spanner provides an easier way of running a global business, a easier way of replicating their data across multiple regions and, thus, guard against outages.


Mobile device strategies catch on among hospitals

In developing mobile policies, hospitals must address the security of patient information and the need to comply with the privacy and security regulations of the Health Insurance Portability and Accountability Act (HIPAA), notes the Spok report. Some organizations that responded to the survey, in fact, “viewed mobile strategies as primarily a security project concerning HIPAA compliance,” the report points out. However, hospitals’ mobility strategies must extend beyond security to help them reach their organizational goals, Edds says. Kuhnen, similarly, says that hospitals must go beyond mobile security if they don’t want to fall behind. “They need to look at the productive uses of mobile technology—how the technology can make their workflows more efficient and improve user satisfaction.”


Four Data Science Imperatives for Customer Success Executives

To decrease customer churn, you can use predictive modeling to identify the variables that are predictive of customer churn. While you can find drivers of churn manually when the data set is small, you will need to rely on the power of machine learning when you integrate all your data sources. Because integrated data sets can contain many variables, data analysts/scientists are simply unable to quickly sift through the sheer volume of data manually. Instead, to create predictive models of customer churn, businesses can now rely on the power of machine learning. Machine learning is a set of techniques that allow computers to make dynamic, data-driven decisions without explicit human input. In the context of CSM, machine learning helps computers “learn” the differences between users who stay and those who leave.


New Verizon Smartwatch Doesn't Need A Smartphone

Wearables may soon not rely on a smartphone, as more than one network-connected smartwatch hit the market. One such smartwatch launching next month was developed by a major network to function as an independent device. Verizon’s new Wear24 smartwatch can connect to Verizon’s 4G LTE network without requiring a smartphone. The smartwatch automatically operates using the user’s existing phone number when sending texts and making calls, according to Verizon. The smartwatch is equipped with an eSIM (Embedded Subscriber Identity Module), which enables the network connectivity. This functions similarly to the SIM card in a smartphone, but is not removable. Integrating eSIMs into IoT devices enables networks to remotely configure device connectivity settings and allow or deny access based on the status of a device owner’s subscription.


Addressing the Cybersecurity Skills Gap

The talent shortage is real, and it might get worse before it gets better. As the amount of accessible data grows, data crime is becoming more pervasive. Ransomware, sophisticated extended-duration attacks, phishing and whaling attacks are all targeting large enterprises, government organizations, mom and pop shops and everyone in between. It doesn't help that the rapid growth of data crimes is a relatively new trend, making it hard to find people who are deeply experienced in fighting data crime and who can be thrown into the fire immediately. This gap can have the biggest effect on small business leaders, who often can’t compete with larger companies when it comes to offering the salary and benefits that attract today’s top IT talent. At this point, qualified newly hired professionals command average salaries of roughly $150,000, and that number most likely has room to grow.


Cyber threats are growing more serious, and artificial intelligence could be the key to security

"This is the real scare, to not just a particular industry of a particular size, but to everybody. It is a matter of existence," said Aurora. That's where Darktrace's artificial intelligence system comes in, with the latest technology offering called Antigena. Once a threat is identified, Antigena automatically responds by taking proportionate actions to neutralize it and buy security teams enough time to catch up. In essence, it acts like a digital antibody that can slow down or stop compromised connections or devices within a network without disrupting normal business operations. "Human beings are still going to be fundamental, but right now, the kind of attacks — you find it very difficult to figure out and they're so quick that if you look at traditional means, by the time human beings get to respond, it's too late," Aurora explained.


Demystifying Network Analytics

A common request from network operations: “I don’t want to wait for users to phone us about problems, nor do I have time to sift through mounds of data. Tell us who’s having a problem and how to fix it.”  True analytics needs to automatically surface insights and recommend useful actions that IT can take to proactively improve user experience. What’s more, the tools should be able to suggest what actions to take to deliver the biggest bang for the buck relative to improving the users’ network experience. ...  But what comes out of the machine learning algorithm must be translated back into a plain English recommendation, such as: “By removing the rogue access points interfering with the 5GHz radio of a certain access point you can effectively mitigate 400 client hours of poor client Wi-Fi performance.”



Quote for the day:


"Any powerful idea is absolutely fascinating and absolutely useless until we choose to use it." -- Richard Bach


Daily Tech Digest - April 18, 2017

Five Pitfalls To Avoid When Migrating To The Cloud

"This is part of the learning curve," said Deepak Mohan, an analyst with IDC. "The negatives are attributed to the cloud and not to these mistakes that need to be corrected... If a company does not realize the cost savings and they fail to see the results they thought they'd get, the result is that there is a drop in faith and a lowering of confidence in your cloud strategy. And that will cause a slowdown in adoption." Part of the issue is that the cloud is really a different beast for a lot of IT shops. ... "What we learned is that while it's easy to get started, cloud is completely different from IT," said Temujin Baker, senior manager of engineering and architecture for King County, Wash. "How you run your business in the cloud is different than how you run it" on premises. "There are changes in how you do your work, the skills that are needed, the process."


Software preservationists look ahead to enterprise focus

Software archiving is nothing new, from organizations such as Archive.org, Bitsavers.org, the federal government's National Software Reference Laboratory, and many smaller players who've all been working for years to post applications online for public download or at least for browser-based emulation. It never was easy, and now it's becoming more difficult. Preservationists are joining resources because they realize that programs are going cloud-native, upgrades are increasingly transparent to users, and how do you take snapshots of a program that's reliant on constantly changing infrastructure? "The Software Preservation Network (SPN), we make no claims that we're the first people," noted SPN's Jessica Meyerson, a digital archivist at the University of Texas at Austin. "Many archivists, information professionals, and just individuals... have become the caretakers and maintainers of legacy software just because they see the value in doing so. "


Why strong cybersecurity means giving ex-employees the cold shoulder

A cybersecurity best practice is to always avoid becoming the low-hanging fruit, and by making hackers work just a little bit harder your property could avoid a potential digital break-in. While Rodriguez likely had insider knowledge of Marriott’s internal systems and processes, it’s possible that following proper security protocol could have prevented, or deterred, his actions. At the recent Serviced Apartment Summit Americas event, hosted April 11 at the New York Marriott Downtown, Matthew Baker, senior associate at Katten Law, said data breaches in hotels are increasing in number and sophistication. Baker said one of the biggest threats to hotel security is vulnerabilities found in third-party contractors, and called for better and more thorough vetting before entering into digital partnerships.


Can AI and ML slay the healthcare ransomware dragon?

“Attackers can simply move to different techniques – for example non-malware attacks that do not use binaries but scripts or macros – which are much harder to train/learn from an AI/ML perspective. Any preventative technology that relies on the classification of good or bad is always susceptible to the arms race,” he said. Reza Chapman, managing director of cybersecurity in Accenture’s health practice, said maintaining the effectiveness of AI/ML can require significant maintenance. “Detection thresholds need to be adjusted to reach a balance between false alarm rate and missed detection rate,” he said. “Further, constant tuning is often necessary within the specific operation environment. Overall, this is not a reason to steer away from these technologies. Instead, consider AI and ML as complementary to the personnel in your security program.”


Tips for Disinfecting Your Data Center

Perhaps the most important thing to realize is that technology alone will never solve the problem. Perfect email filters will cause the bad guys to use the phone. Perfect phone filters lead them to target peoples’ personal social media accounts. Close one door and they will find another—it’s not unlike those movies where the thief always gets the loot or the painting, no matter how many layers of security are employed. But there is something you can do about it. “Training and education has to be is part of the solution to make people aware of these attacks, how they can detect, stop and report them,” wrote Sjouwerman. End-user Internet Security Awareness Training is all about teaching users not to do silly things like clicking on suspect URLs in emails, or opening attachments that let in the bad hats. Sjouwerman recommended putting all staff through such training.


New Breed of DDoS Attack On the Rise

"CLDAP reflection works in the same way as any other UDP-based reflection attack," Arteaga says. "[But] the amplification of the response is impressive compared to most other vectors," he says. On average, Akamai observed CLDAP-enabled DDoS attacks achieving amplifications of over 56%. The largest attack using CLDAP as the sole vector that Akamai has mitigated so far had a peak bandwidth of 24 Gigabits per second, or about two million packets per second. "These attacks are averaging around 3 gigabits per second—a pretty impressive number considering the limited number of available reflectors," ... CLDAP uses the User Datagram Protocol (UDP) instead of the Transmission Control Protocol (TCP) for communication. UDP does not validate source IP addresses, thereby making application-layer protocols that rely on it—such as CLDAP—good vectors for launching DDoS attacks.


IOT Meets Augmented Reality

A lot of time people will use ThingWorx in the factory, collecting information from sensors and controllers and various other pieces of hardware. ThingWorx is a great tool for aggregating that information. But it can also bring in data from other digital resources, such as CAD and PLM and even ERP.  Really what all of this is about is allowing you to create a digital twin of what’s happening out there in the physical world. You’ve got some smart, connected product in the world, you want to be able to have a digital equivalent of it so you can understand how it’s being operated, predict when it’s going to fail, make sure it’s operating most efficiently. The digital twin is getting more and more airplay. What goes into the digital twin? Ideally it’s everything you would ever want to know about that thing. In practical use cases, what do you care about? A digital twin could be a set of properties and their current attributes. It could be rich 3D information.


Samsung Galaxy S8 makes every other phone feel like a cinder block

For years, Apple has touted "thinner and lighter" as the hallmarks of each new release of the iPhone. With the Galaxy S8, Samsung has beat Apple to the punch in a big way. The S8+ makes the iPhone 7 Plus and the Google Pixel XL feel like cinder blocks by comparison. With an almost bezel-less screen that covers 83% of the front of the phone, the S8+ has a 6.2-inch screen that offers extra functional real estate at the same time. Again, it makes the iPhone 7 Plus and the Pixel XL look outdated by comparison. ... Going into testing the Galaxy S8 Plus, my biggest concern was battery life since the S8 Plus actually has a slightly smaller battery than last year's Galaxy S7 Edge (and that phone sometimes struggles to get through a full day). However, because of the S8's new 10nm processor and some nice power management features in the software, the S8 has ridiculously good battery life.


Risky Business – The Valuation of Data Breaches

How can you calculate the value of a data breach in your organisation and implement an effective mitigation strategy? This is the question that Todd Forgie answers in his fascinating presentation, originally delivered at CLOUDSEC Singapore. You can either read the summary below, which includes Forgie's key recommendations, or watch the video at the end of the article. Forgie is the Vice President of IT and Managed Services at MEDHOST, a healthcare IT company in the US that services about 25% of hospitals in the US and Puerto Rico. He explains that due to the huge growth in the estimated number of successful cyber-attacks and ransomware, it's now critical for organisations to operate with the assumption of a breach. ... But in order to make this happen, his organisation had to accurately model the level of risk being faced and the value attributed to that risk.


A blueprint for the modern government security operations center

Moderate- to high-risk actions should not be automated. Start by examining what could go wrong if an automated action is taken incorrectly. Generate as many scenarios as possible to try to discover circumstances in which the action could cause damage. From my experience, remediation steps like blocking IPs or disconnecting users should not be automated. Scale must also be considered when deciding which processes are appropriate for automation. For example, running a tool against a single system to gather some information can be automated when performed on a small scale, but if the same action is run on thousands of hosts, it can have a detrimental effect on the network stability. For these types of actions, set thresholds for type, amount and time frame of automated activities to protect the network.



Quote for the day:


"The greatest single human gift - the ability to chase down our dreams." -- Prof. Hobby


Daily Tech Digest - April 17, 2017

Has Retail Security Technology Gone Too Far?

The most common and highly visible form of retail security technology that shoppers will encounter is radio-frequency identification (RFID). As explained by OCS Retail Support, RFID tags and scanners work by having individual items give off unique frequencies embedded with information, and having scanners (often in the doorway) pick up this information. If an item leaves the store without being paid for, an alarm will sound, alerting shop staff to the shoplifter (or accidental shoplifter). Amazon Go have already announced that they will be using a variant of this technology to facilitate their checkout-less payments, with purchases being registered when customers leave the store. Other retailers may follow suit. Though perhaps a little intrusive by nature, this form of technology has not caused indignation amongst privacy campaigners.


Honesty is not the best privacy policy

For starters, it's probably a good idea to create fake Facebook and Twitter accounts now so they can have a history by the time you need them. Best practices around this deception haven't been fully developed by security experts, but it probably begins with using your real picture for the fake accounts and a picture of something other than your face for the real ones. When border agents demand the passwords to your social accounts, you can give them access to the fake accounts. Increasingly, people with business or other secrets may buy a second phone to carry while traveling, and leave the real one behind — or at least in checked luggage. And finally, there's the pollution solution, as demonstrated by MIT's Steven Smith. You probably won't have to roll your own. I expect to see an emerging industry of traffic-spoofing browser plug-ins and something similar for messaging apps.


How will future cars stay up-to-date? Make them open like a PC

“There’s going to be pressure to keep the software up-to-date, and not to use hardware beyond an expiration date,” Perens said. He himself has gone through at least six mobile phones over the course of owning his 2007 Toyota Prius, and wonders how future cars will keep up with rapid technological changes. “We haven’t seen much discussion about it, so we thought this might kick things off,” Determann said. Their open car idea may sound like a threat to the auto industry. But every car vendor has a vision for their future business, Determann said. And for some, it may include a degree of openness. He can imagine partnerships between automakers and software vendors to support the tech features in next-generation cars. In that way, “we might see more open and closed cars competing on the road,” he said.


Debating IoT security at MIT Connected Things

The first is to think about security systematically in those situations (typically industrial and other commercial uses) where devices are managed and the manufacturer presumably has a formal responsibility for ongoing updates and patches and maintains some sort of control. Brandon Freeman of Leidos said that there are two questions that he always asks suppliers, “What’s your lifecycle update process? When have you pen [penetration] tested the device?” The second is to acknowledge that low-cost, whether consumer or industrial, endpoint devices are going to be problematic to secure. I made this point recently and it was echoed by a number of speakers throughout the day; it’s just not viable economically to expect updates of essentially disposable devices. ... As United Technologies’ Isaac Chute put it, “Should we be doing some things differently? It comes down to having a different trust model. Things are too complex for the average person.”


Why So Many Businesses Mess Up Employee Development

Good leaders know how to listen, but strong listening skills are rare. Focus some managerial training on active listening, which is crucial to communication. Active listening is a technique that requires the listener to fully concentrate on the content being shared and to develop a strong understanding of it. This helps the listener gain insight into the employee’s perspective and provide effective input. Training management on this skill is pretty simple. The basic tips to emphasize may sound like common sense, but they need to translate into a practice they use daily. They should pay attention, acknowledge the message and look at the speaker directly. Body language such as nodding, smiling and maintaining an upright posture show they are listening and are engaged in the discussion. After the employee voices their perspective, managers should follow up by paraphrasing to reflect back their points and ask for clarification when needed.


How Accountants Can Help Clients Avoid Data Breaches

Because there are a lot of similarities in different types of data breach scenarios, Verizon has opened up the cyber case files in our second annual Data Breach Digest (DBD) so that industries can strengthen their network security processes. The DBD details 16 real-world data breach scenarios based on their prevalence and/or lethality in the field. It is important for organizations to understand how to identify signs of a data breach and important sources of evidence so they can investigate, contain and recover from a breach as fast as possible. Given today’s highly charged cybercrime environment, CPAs can play a vital role in helping their clients become aware of commonly used tactics to better protect financial assets. It’s important to understand that timing is critical when it comes to incident response. The reality is, cybercriminals can break in and steal data in a matter of minutes.


Low-Code Platforms: The Ultimate In Consumerization Of Enterprise Tech

Not only are low-code platforms easy to use, they also follow rapid application development methodologies, which helps in building a prototype quickly. Citizen developers can create a minimum viable product, ready to be used, 4-7 times faster than that created using traditional coding. Citizen developers are typically business managers who are closer to the problem and are best suited to develop a solution. So instead of creating and maintaining multiple apps for each and every department, an IT department can just train people from each department to use low-code platforms, and enable them to fulfil their own app demands. In fact, Gartner predicts that IT will evolve into bimodal IT, where the department primarily focuses on strategy with stability and efficiency in mind, while shifting the development portion to the business units that need it.


Microchip implants help employees access data

The practice, in which employees at Epicenter, a Swedish innovation house, become chip-enabled, has been widely reported on—but the headlines have been somewhat misleading. A party, like the one held in 2014, is held there about once a quarter. The employees are not quite "cyborgs," and they are not asked to implant chips against their will. The company does not pay the cost, and there is no HR policy that encourages it. Epicenter has a member base of about 2000 people from over 300 companies, and only about six of the employees at Epicenter have had chips implanted. The technology, it must be noted, is not new. These kinds of chips have been used to track pets, or deliveries. But having them implanted in humans raises concerns about privacy risks.


How self-driving cars can change your cloud strategy

Every enterprise of any size is now or soon will become a cloud-based company. The issue then is not whether to use the cloud but how to extract the best value from it. Alongside that cloud subscription comes a wave of bits from the exponential growth of devices: from cars to wall widgets returning environmental data, all that information needs to be stored and analysed if it is to add value. For manufacturers and resellers of technology such as IoT devices, this looks like an extension of existing business models, as such companies already offer services on the back of hardware and software sales. However, this may not be a familiar business model to companies not involved in the tech industry. Yet, because of today's reliance by all enterprises on technology, exploiting the data for which the company has already paid makes a lot of sense.


Cars and the IoT: The lane lines are blurring

Of course you can argue that the IoT in some form has existed for decades, but we're talking about what the progression of Moore's Law has wrought in the modern day. Moore's Law is salient because in the majority of organizations that have an IoT business practice, division, subsidiary, product or service line, etc., the origins often came from something to do with semiconductors. This is understandable since the modern era of IoT, literally from the time the term first began floating around, started with devices, a.k.a., things. That were connected to the internet. For a long while, it's been about getting things out there and connected.  In concert with the IoT showing up in non-mobile form, in environments and instances ranging from home thermostats to enormous factories, there's been a gradual introduction of connected, microprocessor-based devices that are mobile.



Quote for the day:


"Technology has become as ubiquitous as the air we breathe, so we are no longer conscious of its presence." -- Godfrey Reggio