Daily Tech Digest - August 22, 2017

How Google is speeding up the Internet

BBR is not the first effort to speed up TCP. Researchers at North Carolina State University are credited with developing one of the most popular loss-based congestion control algorithms used in TCP today, named binary increase congestion control (BIC) and subsequently, CUBIC. At a high level, these also record measurements to estimate the optimal speed at which to send data when congestion is detected. Another congestion control algorithm that has become popular is named Reno. These all use packet loss to determine congestion, though Jacobson, the Google engineer who developed BBR, says that to his knowledge BBR is the only TCP algorithm that actually estimates the speed of traffic to determine the best way to send it, regardless of whether packets have been lost.

Artificial intelligence will let us outsource tedious tasks to our phones

This week marks the debut of Essential’s first gadget. The Essential Phone is an anomaly: a sleek, premium smartphone not designed by Apple, Samsung or a discount Chinese brand. It has a mirrored ceramic back, titanium edges, a display that covers most the phone’s front and a magnetic connector for a new world of accessories and hardware upgrades that he says will let people hang onto their phones longer. Rubin recognizes that Essential confronts formidable competition, especially from Apple and Samsung. But while he applauds the former’s brand power and the latter’s vertical integration, he said “every saturated market needs a disruption. When there’s a duopoly, that’s the time to do it.”

Doing things right: Cloud and SecOps adoption

The goal of SecOps is to help companies deliver software more efficiently and more securely, while reducing risk for the organization over time. The reality is that due to the new operating model in cloud environments security and operations teams must work together as the security team identifies risks and then works with operations to remediate them. “No matter what resources you do or do not have at hand, including personnel, budget, or tools, SecOps is both critical and achievable,” he believes. But one thing crucial to its implementation is leadership buy-in – the people in charge must realize that security is on equal footing with availability and performance. “If the e-retail boom taught suppliers that they must invest in site availability like they would to ensure their brick-and-mortar has its lights on, they must also invest in security like they would to ensure that the alarms work and doors lock.”

New York University Abu Dhabi researchers develop 'unhackable' computer chip

The chip has a secret key that makes it virtually impossible to access and would only function for authorised users. “Without the secret key, the chips cannot be made functional,” he said.  “The functionality of chip - what it does, how it does it - can only be known if the secret key is known.” A patent application has been filed at the US Patent Office. The researchers are creating a web-based platform to make information about the chip available to the public.  An extensive research paper by NYUAD’s Design for Excellence team will be presented in November at the ACM Conference on Computer and Communications Security in the US. “These are all theoretically proven points and we will present this at a top cyber security conference, but we need to test our claims practically as well," said Mr Sinanoglu.

Calls for UK boards to be better educated on cyber threats

One of the most worrying aspects is the lack of understanding of the serious nature that ignorance brings, said Simmonds. This ignorance has led to a lack of basic cyber hygiene, with companies typically lacking basic security controls and processes, and failing to train employees at all levels from the board down on how to deal with cyber threats. “This has been a consistent theme of Verizon’s annual Data breach investigations report over the past 10 years,” said Laurance Dine, managing principal of investigative response at Verizon. “We’ve seen that the majority of data breaches could so easily have been prevented if basic measures and protocols had been in place. For example, we often see that around two-thirds of breaches are traced back to weak, stolen or lost passwords, which could easily be prevented using two-factor authentication.

How To Choose The Right Enterprise Mobility Management Tool

A key to choosing the best EMM solution is aligning the features and capabilities of the platform to your organization’s requirements. This includes such factors as what types of business apps users typically work with, what security and regulatory compliance requirements the company has, what sort of network and service management features it needs, which mobile operating systems are in use, what level of reporting capabilities is needed, and so on. Selecting the right platform isn’t just a matter of getting the most features, but acquiring the features that best meet the organization's requirements. “Organizational needs relating to mobility differ considerably, as do the infrastructure environments into which mobility solutions will be implemented,” Holtby says.

Are you ready for state-sponsored zombie malware attacks?

Zombie malware combines the most deadly aspects of malware and zombie computers into one horrible mess. Typically malware gets into a compute device via phishing or email attachment which limits the scale of the attack. In contrast, zombie malware autonomously hunts for vulnerable systems across LAN, WiFi and VPN connections. Once zombie malware finds a system to infect, it utilizes the new host to scan for other systems which can be anywhere on the globe. Another key aspect of zombie malware is the lack of a control channel to manage its destructive path (unlike zombie computers used in DDoS attack). Subsequently zombie malware just destroys anything it can connect to. For example, the NotPetya started on Ukraine government systems but then quickly spread around the globe.

How to get Android 8.0 Oreo on your Pixel or Nexus right now

While Google's own Pixel and Nexus devices are almost always first in line for a fresh Android rollout, this year's dessert-themed delight isn't actually quite ready to be served to everyone just yet. Google says it's in the midst of "carrier testing" with the Pixel, Nexus 5X and Nexus 6P Oreo builds and expects to start sending updates out to those devices soon. ... Realistically, the wait for Pixel and Nexus owners to get Oreo as an official over-the-air update likely won't be long. But we tech enthusiasts are a notoriously impatient bunch, and when something new is available, gosh darn it, we must have it. Well, not to fear, my fellow shiny-new-software fanatics: If you own a Pixel, Nexus 5X or Nexus 6P, you can actually get Android 8.0 Oreo on your phone this very minute — with the help of a handy little hack.

The cloud could drive open source out of the enterprise

First of all, open source’s no-cost attribute means less in the cloud. Public cloud providers will charge you for the time you use their cloud to access open source software—or any software. Thus, it doesn’t really matter if you AWS Linux, Red Hat Linux, or closed-source platforms from Microsoft, because they are all “free” yet cost the same in cloud time charges for access. The same is true with the databases; there’s not much different in your monthly cloud bill if you use open source databases versus closed source, or those that are native to a specific cloud such AWS Red Shift. If there is not a dramatic cost advantage, most enterprises won’t care about the platforms that they use in the long run, and that takes away one of open source’s historic strengths.

How to set up an all open-source IT infrastructure from scratch

Not choosing Microsoft Windows is the first obvious decision here. The cost is to high (both in terms of up-front monetary investment and recurring costs associated with securing a closed platform). MacOS is, for the same reason, off the table.  What specific platform I chose, at that point, comes down to what my specific needs are within the organization. Chance are I would select a Linux-based platform (either a free Linux distribution – Debian, openSUSE, Fedora, etc. – or a similar system with paid support). Support is the main reason to consider a paid, closed system anyway, so might as well get all the benefits with none of the drawbacks of a system like Windows. Save money, increase security. No brainer.  For applications, I’d also standardize around LibreOffice for the office suite and one of the several open-source web browsers (such as Firefox).

Quote for the day:

"Knowledge Management is the art of creating value from intangible assets." -- Karl-Erik Sveiby

Daily Tech Digest - August 21, 2017

Industry 4.0: How the Internet of Things is Revolutionizing Manufacturing

"Unlike traditional relationships where feedback on products and services takes time to gather, the automated closed-feedback loop is an inherent component of Industry 4.0," Ramaswami said. "The seamless record-keeping enabled by digital systems will speed traceability, while limiting liabilities, warranty costs and recalls." Despite these advantages, the shift is still in the early stage. According to research from Capgemini, only 6 percent of manufacturers are considered "digital masters," or those that have reached an advanced stage in digitizing the production process. That means competitive advantage is still up for grabs, rather than implementation becoming an imperative to merely remain competitive. Still, the movement is real; Capgemini estimates that 76 percent of manufacturers already have a smart factory initiative in the works or currently under formulation.

The importance of building ethics into artificial intelligence

Companies deal with team changes regularly. Issues arise tied to trust, accountability and personnel behavior that goes against the values of a company – or society, in general. In the tech industry alone, sexism, racial bias and other serious, but eradicable trends persist from the C-suite down to the entry-level.  Consequently, the industry should focus on efforts to develop and grow a diverse talent pool that can build AI technologies to enhance business operations and address specific sets of workplace issues, while ensuring that it is accountable.  Employers need to recruit people who understand the importance of applying strict human resources guidelines to AI performing tasks alongside human employees across industries and geographies. AI, for its part, needs to learn how to conduct itself in a work environment and be rewarded for expected behavior to reinforce good habits.

Top 3 Breakthroughs in Combating Financial Crime

In times of political and economic change, financial crime and corruption tend to grow fast. The shock of Brexit, terrorist attacks, the revolution in the Islamic world and other factors create an environment that is demanding for change. AI and Analytics driven solutions have been widely adopted across different industries for various purposes. However, only a handful of banks around the world are working with advanced analytics and artificial intelligence technologies to improve their risk and compliance activities. As the world enters into an era of high uncertainty, the upcoming years will see financial institutions adopt and deploy best-in-class analytics powered tools as part of their efforts to remain fully compliant and to combat financial crime. With that in mind, here are the top three trends that will power the compliance revolution

Building security into IoT devices: the new potential for security integration

IoT devices are vulnerable by virtue of their networked operation. A connected wristband monitoring a patient’s heartbeat and blood oxygen levels, for instance, might continually send sensitive private data over a wireless link to a medical application hosted by a cloud service provider. It is useful to think of the vulnerability in this type of device – and therefore the protection that is required – in terms of layers. For example, one layer is the personal area network connection, typically a Bluetooth Low Energy radio link to a smartphone or tablet with which the wristband is paired. An extension of this layer might be the Wi-Fi link provided by the smartphone or tablet to a home router or gateway. The second layer might be the cloud platform, such as Microsoft’s Azure or Amazon’s AWS; and the third is the application itself running in the cloud.

Predictive marketing: taking the guesswork out of adverts

Predictive marketing moves away from stats, stereotypes or the constraints of age and gender towards informed messaging decisions that amplify the customer journey. This is done through AI-driven propensity models based on billions of moments. These models learn about a customer’s future behaviour, based on their previous interactions, such as browsing behaviour, past purchases and interests, as well as metadata about their devices and thousands of other variants. All these aspects combined paint a holistic picture of the entire customer journey and are delivered at scale in real time. All the data in the world – even your own – is worthless it can be converted to intelligence and applied to your business, giving you better insights into your own customers and prospects than ever before.

Seven Keys to Strengthen Your Cybersecurity Culture

A lot has been written about benchmarking and following best practices in cybersecurity. One important question is whether you know where you are heading? What is the vision of what success looks like for your security and technology teams? Consider visiting your industry peers and learning from other public and private sector organizations that are doing cybersecurity culture well. Look at the National Association of State CIOs (NASCIO) award-winners, NGA best practices and state and local partners in your region. Consider a road-trip to learn from others and benchmarking progress. For example, back in 2011-2012, Stu Davis the Ohio CIO, brought a team up to Michigan to see how we built our security architectures and governance. Ohio State government used that visit and follow-on conversations to build an excellent cybersecurity program.

Your failure to apply critical cybersecurity updates is putting your company at risk

Despite the impact of WannaCry, a month later it seems that many organisations hadn't bothered to apply the correct patches, as Petya used the same exploit to spread itself across infected networks. It claimed a number of high-profile victims -- many of which are still dealing with the post-infection fallout. "Something we don't talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene," said Phil Quade, chief information security officer at Fortinet. "Cybercriminals aren't breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities." Researchers say lessons must be learned and that if security patches are released then they need to be applied.

What’s new with WebAssembly portable code

A key goal of WebAssembly is enabling code written in languages besides JavaScript to run in the browser. The technology serves as a compile target for other languages. Right now, C++ is the preferred language for use with WebAssembly. It is technically possible now to use other languages with WebAssembly, and there have been experimental implementations to work with the format. However, these languages cannot currently achieve the ideal performance, memory utilization, or DOM integration, Wagner said. As a result, WebAssembly will likely be enhanced to support languages using higher level garbage collection, such as Java, C#, and Python. “We’ve been discussing adding direct support for WebAssemby in a way that plugs into the garbage collector that’s already in the browser,” Wagner said.

Debunking the myths around agile development

By all indications, agile is helping enterprises around the world succeed. For the past five years, the top three cited benefits of agile include: manage changing priorities (cited by 87 percent), team productivity (cited by 85 percent), and project visibility (cited by 84 percent). Still, projects still have interdependent tasks and the percentage complete must still be tracked and reported to completion. A project is still a project, a deliverable is still a deliverable, and as such project management principles still apply. So myth one debunked: Agile does not mean you don’t project manage. Agile means you project manage constantly, to the very heartbeat of the development teams. Keep your basic project management practices as your guiding principles. And stop thinking that the scale or complexity is new or unique.

UCaaS vs. CPaaS: Which supports external communications better?

Any cloud communications-as-a-service system -- whether it's a UCaaS or CPaaS platform -- will usually be better than on-premises options for external communications, because the cloud itself resides outside corporate premises. The cloud-based system naturally communicates across network boundaries. At times, though, cloud-based systems may falter for internal communications, especially if the network or IT is highly restrictive. If this is the case, an on-premises approach is probably a better option. But, with on-premises networks, external communications can be challenging. In general, internal communications can work better with UC services, whether it's a UCaaS platform or on premises. UC is designed, developed and deployed to handle internal communications.

Quote for the day:

"He that is overcautious will accomplish little." -- Friedrich Schiller

Daily Tech Digest - August 20, 2017

How to Prepare for the Next Cloud Outage

Preparing for a cloud service outage isn't much different than getting ready for any system failure, according to HyTrust's Krishnan. No matter the nature of the network, there will always be three pinch points, or "vectors of control," that managers need to master. The first is scope, which is the number of objects each admin or script is authorized to act upon at a particular time. Using the Microsoft outage as an example, a deployment task's scope would limit the number of containers it could operate on at one time. The second control vector is privilege, which controls what type of action an admin or script (task) can take on an object. An example of a privilege restriction would be a task that is allowed to launch a container but not to destroy one. 

A former Marine cyber warrior explains how hackers will transform the face of modern combat

Cyber warfare is already used for such things as disabling air defense systems, but these attacks will grow dramatically in range and capability in the coming years. Thanks to the rise of Internet of Things technologies, which are now being adapted into everything from dams and power grids to commercial trucks, US cyber warfare teams will have an abundance of targets at their disposal.  It’s not hard to imagine future scenarios in which US forces use cyber warfare tactics to sabotage power plants, telecommunications infrastructure and other critical facilities, either through coordinated remote attacks or on-site Special Forces teams with embedded cyber warriors. We’ve already seen this to some extent with Stuxnet, Flame and other malware which were designed to disrupt the nuclear capabilities of adversarial states.

Merging big data and AI is the next step

Businesses can now process massive volumes of data which was not possible before due to technical limitations. Previously, they had to buy powerful and expensive hardware and software. The widespread availability of data is the most important paradigm shift that has fostered a culture of innovation in the industry. The availability of massive datasets has corresponded with remarkable breakthroughs in machine learning, mainly due to the emergence of better, more sophisticated AI algorithms. ... Previously, chatbots had trouble identifying certain phrases or regional accents, dialects or nuances. In fact, most chatbots get stumped by the simplest of words and expressions, such as mistaking “Queue” for “Q” and so on. With the union of big data and AI however, we can see new breakthroughs in the way virtual agents can self-learn.

Artificial intelligence is coming to medicine — don’t be afraid

Artificial intelligence (AI) is bringing us to the precipice of an enormous societal shift. We are collectively worrying about what it will mean for people. As a doctor, I’m naturally drawn to thinking about AI’s impact on the practice of medicine. I’ve decided to welcome the coming revolution, believing that it offers a wonderful opportunity for increases in productivity that will transform health care to benefit everyone. Groundbreaking AI models have bested humans in complex reasoning games, like the recent victory of Google’s AlphaGo AI over the human Go champ. What does that mean for medicine? To date, most AI solutions have solved minor human issues — playing a game or helping order a box of detergent. The innovations need to matter more. The true breakthroughs and potential of AI lie in real advancements in human productivity.

How Do You Get Data into Your Company DNA?

How Do You Get Data into Your Company DNA? 5 Strategies for Spreading Data Management Best Practices Throughout Your Organization It would be nice if sound data management required nothing more than hiring great data scientists or having the right data tools. Unfortunately, it’s more complicated than that. Sure, having data experts on your team and a great data management toolset in your organization’s portfolio of IT resources forms the foundation for leveraging value from your data. But making the very most of your data requires help from everyone in your organization. That doesn’t mean every employee needs to get a stats Ph.D. It does, however, require you to implement some organization-wide policies and cultural values in order to brick smart data practices into your entire organization.

Gartner Predicts Information Security Spending To Reach $93 Billion In 2018

The Gartner report suggests that security services will continue to be the fastest growing segment – especially IT outsourcing, consulting and implementation services. However, hardware support services will see growth slowing, due to the adoption of virtual appliances, public cloud and software as a service (SaaS) editions of security solutions, which reduces the need for attached hardware support overall. ... “If you look at the continuous and almost unstoppable acceleration in breaches, I think these estimates are vastly underestimated. If you take a look at the aggregate losses due to data breaches in the last five years and project those forward, the growth rate would be at least an order of magnitude above what the spend estimates are to stop these breaches. ...”

How to make agile work for the C-suite

At the enterprise level, think of all of your corporate initiatives as a backlog just like how software developers think of future product features as a backlog. See your leadership team as employing an agile software-development framework that prioritizes the backlog based on importance, then tackles each task in sequence until they’re all completed. Reprioritize your enterprise backlog when new initiatives are added and supplement the traditional annual strategic-planning cycle with real-time, issue-based planning, so resources can be allocated more dynamically. Continuous planning can ensure that resources are being directed toward evolving priorities and away from initiatives that have grown less important.

How IT became business problem solvers at Level 3 Communications

It’s important that we as an IT organization understand that entire journey, since unlike any other organization at Level 3, we are involved from quote to cash. Each step in the journey may be unique, but the reality is that they all build upon each other. In IT, we see the steel thread and the levers we can use to improve the experience. There used to be a time in IT when we would say to our business partners: “Don’t tell us the how; tell us the what.” We are beyond that now; we don’t wait for the “what.” Our job is to bring the “what” to our business partners. For example, members of my team were looking at how the business was processing orders. They found a way to aggregate multiple orders, which made the process much simpler. They came up with that themselves, and brought it to the operations group, where the solution was well received.

Australia Aims to Regulate Bitcoin Exchanges

When we speak about casinos and betting in Australia, it is important to note that the country is now in the process of changing its gambling regulation regulation. The results of the amended regulation have already been felt, quite a few gambling companies have exited the market and more are expected to stop operating in the country within the coming weeks. Consequently, more severe regulations in the bitcoin space will assist Australian officials in keeping the industry compliant. Next to this, it is a common knowledge that the bitcoin is a main currency for various illegal activities: ransoms, drug deals, weapons and more. Once the exchanges get regulated, illegal transactions will not be as frequent, at least on the territory of Australia. However, the above use cases are not the main rationale behind regulating the bitcoin exchanges in Australia.

Q&A on the Book Stupidity Paradox

Many organisations encourage people to think of themselves as inspirational leaders. But this often alienates their followers and means they ignore the nuts and bolts of getting a task done. The second is an attachment to branding. We witnessed military organisations which were more keen on running rebranding exercises than running military exercises. The third driver of functional stupidity is mindless imitation. Often large organisations copy others for no better reason than they want to up with the latest fashion. This leads firms to implement new initiatives which are inappropriate for them. The fourth is pointless policies and procedures which are thoughtlessly followed. Many professionals spend more time ticking off boxes than actually doing their job.

Quote for the day:

"If you want people to to think, give them intent, not instruction." -- David Marque

Daily Tech Digest - August 19, 2017

Oracle doesn't want Java EE any more

Oracle plans to explore its desire to offload Java EE with the open source community, licensees, and candidate foundations. Although Oracle has not named possible candidates, the Apache Software Foundation and the Eclipse Foundation are likely possibilities. Oracle has already donated the OpenOffice productivity suite and the NetBeans IDE to Apache, and the Hudson integration server to Eclipse. Like Java, all three technologies—OpenOffice, NetBeans, and Hudson—were acquired in Oracle’s 2010 acquisition of Sun Microsystems. Eclipse is ready to take on Java EE if chosen. “We believe that moving Java EE to a vendor-neutral open source foundation would be great for both the platform and the community,” said Eclipse Executive Director Mike Milinkovich. “If asked to so, the Eclipse Foundation would be pleased to serve as the host organization.”

Next step in the content evolution

A recent ASG-commissioned technology adoption profile study, “Today’s Enterprise Content Demands a Modern Approach” by Forrester Consulting found 95% were using more than one system to manage enterprise content, including 31% using five or more systems. This leads to disjointed information and difficult access. Lack of flexibility is therefore one clear shortcoming of existing approaches to ECM. Organisations want to invest in systems and technology that allow them to grow and adapt to changing markets but traditional ECM often hinders their progress. Further, 82% of respondents reported an increase in unstructured data in the form of business content, like office documents, presentations, spreadsheets, and rich media. They are also managing transactional content from outside the organisation. Traditional ECM systems struggle to cope with this level of growth due to another key shortcoming – their inability to scale.

How Blockchain Technology Is 'Disrupting' The Art Economy As We Know It

The technology that supports Bitcoin and other cryptocurrencies and is now being used to decentralize other industries as well. Given that the blockchain is a distributed ledger and completely secure and transparent, users are able to be connected to each other without the centralized hub of a corporation. Simply put, management has been replaced by machines. In this new decentralized world, art has been one of the first and greatest use cases. Artists who otherwise would have been forced to use a large-scale centralized company to distribute their work are now able to distribute work in a decentralized way, and to receive rewards for their creations without profit-skimming corporate structures in place. And, are there entities seeking to disrupt matters, although whether they can succeed in their endeavours is another matter.

How a data cache can solve your JavaScript performance problems

Service workers can be unpredictable. They can generate their own responses, and their response mechanism is not baked into the browser. "There are no caching semantics baked into service workers, unless the developer adds them in," Weiss said. If a service worker is not able to create a response, it uses the fetch API to look further up the stack. At the network layer, the application then checks the HTTP cache, which uses very strict caching semantics. HTTP cache is also persistent, which allows it to save resources to disk for later use. However, it is considerably slower than MemoryCache, which operates at RAM speeds. If data is not found in HTTP cache, the browser makes one last check for the Push Cache available as part of HTTP/2. But this is more complicated, since different browsers have different rules for managing Push Cache.

Demystifying AI, Machine Learning and Deep Learning

Deep learning is the name for multilayered neural networks, which are networks composed of several “hidden layers” of nodes between the input and output. There are many variations of neural networks, which you can learn more about on this neural network cheat sheet. Improved algorithms, GPUs and massively parallel processing (MPP), have given rise to networks with thousands of layers. Each node takes input data and a weight and outputs a confidence score to the nodes in the next layer, until the output layer is reached where the error of the score is calculated. With backpropagation inside of a process called gradient descent, the errors are sent back through the network again and the weights are adjusted improving the model. This process is repeated thousands of times, adjusting a model’s weights in response to the error it produces, until the error can’t be reduced any more.

Pentagon eyes bitcoin blockchain technology as cybersecurity shield

The key to blockchain’s security: Any changes made to the database are immediately sent to all users to create a secure, established record. With copies of the data in all users’ hands — even if some users are hacked — the overall database remains safe. This tamper-proof, decentralized feature has made blockchain increasingly popular beyond its original function supporting the bitcoin digital transactions. Many cutting-edge finance firms, for instance, have used blockchain to expedite processes and cut costs without compromising security. In Estonia, home of the video phone pioneer Skype, officials have reported using blockchain to track national health records. In Russia, experiments are underway to integrate blockchain into the general payment economy.

Tech breakthroughs megatrend

Collectively, those driving factors are forcing big questions to the surface - questions that C-suite executives themselves are asking. To help provide answers, we tracked more than 150 discrete technologies, and have developed a methodology to identify the most pertinent of those technologies;  ... The specific technologies most impactful to a company can - and likely will - vary, of course, but when we analysed for technologies with the most cross-industry and global impact over the coming years, eight technologies emerged. They are at varying degrees of maturity; some have been around for years but are finally hitting their stride, while others are maturing rapidly. None will be surprising to CEOs; they are regular subjects of often breathless coverage in popular newspaper coverage.

Hacker claims to have decrypted Apple's Secure Enclave

"Apple's job is to make [SEP] as secure as possible," xerub said. "It's a continuous process ... there's no actual point at which you can say 'right now it's 100% secure.'" Decrypting the SEP's firmware is huge for both security analysts and hackers. It could be possible, though xerub says it's very hard, to watch the SEP do its work and reverse engineer its process, gain access to passwords and fingerprint data, and go even further toward rendering any security relying on the SEP completely ineffective. "Decrypting the firmware itself does not equate to decrypting user data," xerub said. There's a lot of additional work that would need to go into exploiting decrypted firmware—in short it's probably not going to have a massive impact. An Apple spokesperson, who wished to remain unidentified, stated that the release of the SEP key doesn't directly compromise customer data.

Businesses need to talk about the cloud

Performance issues are a commonly cited bugbear following a cloud migration – with research finding organisations experience a problem at least once every five days. If the application in question is business critical, this could be at serious detriment to the organisation. From high network latency to application processing delays – poor cloud performance costs businesses both time and money, and greatly affects the end-user experience. But for many organisations, simply understanding where a performance issue occurs in the first place, is a challenge. In the ‘old days’ of on-premise IT infrastructure, life was simpler. Organisations could, for example, quickly identify a misbehaving server in their data centre and initiate a fix. Today, the picture is not that straightforward, particularly with the increased uptake of public cloud services, because ‘your’ server is now in someone else’s data centre.

All ‘things’ connected, the ‘I’ in the IoT – a closer look. Part three

Which technology or network type will prevail in the future is (very) hard to predict. In fact, there’s no real reason why they should be mutual exclusive, they don’t have to be. The fact that LTE networks have such a broad range globally and that they can also be used to provide NB-IOT and LTE-M networks with relative ease could oppose a threat to LPWAN networks. Especially when companies like Verizon and AT&T are the ones pushing the technology. Though the same can be said for LoRa as well, companies such as IBM and Cisco are showing immense interest, as are CSP’s like Swisscom and KPN. On the other hand, with the LTE/cellular companies focussing on the high-end market, so to speak, and the LPWAN providers focussing on the lower to mid-market range, mainly in the form of sensor based data transport, there could be room for both.

Quote for the day:

"The desire of knowledge, like the thirst for riches, increases ever with the acquisition of it." -- Laurence Sterne

Daily Tech Digest - August 18, 2017

An inside look at the Oracle container management strategy

One of the things about containers is making sure that you only put into a container, particularly in production, the bits that you need to run your application. And so one of the open source tools we announced, called Smith, helps you build a container with only the bits that you need for your application to run so you reduce that surface area. From a security perspective, you also reduce potential vulnerabilities, because there's not a whole bunch of stuff in that container that you need to patch. So, that's an example of what we're doing there to really help folks build containers very tightly, reduce that surface area and operationalize them in production.

Cisco outlook shows Robbins turnaround hasn’t spurred growth

Cloud CompetitionRobbins is working to restore the kind of growth that made Cisco one of the world’s largest companies. The networking-gear maker hasn’t reported an annual revenue gain of more than 10 percent since 2010. His effort to fire up sales are being hampered by a shift to computing in the cloud -- in remote data centers that provide services over the internet. Owners of such facilities like Amazon.com Inc.’s Amazon Web Services, are increasingly building their own hardware and replacing traditional suppliers of servers, storage and networking. ... “One of the key things that we needed to do was get some energy in our core markets,” Robbins said. That started with the offering of new switch products in June. “You’re going to see more and more of that innovation coming from us.”

It's official: Supercomputing is now ho-hum (thanks, cloud)

Cycle's Friedman also pointed to this growing democratization of supercomputing. "Cloud is bringing [high performance computing, HPC] into a broader world. We see a broader use of the techniques and technologies of HPC to help people use computation to predict rather than simply report. Historically, most analytic computation has been focused on validating and reporting what we already know: capturing transactions, reporting on activities, validating designs, checking our math. Classic examples include all of the accounting type workloads, human resource systems, inventory management, etc. With the availability of HPC-like (large compute, network, and storage capacity) environments easily accessible by anyone, more and more groups are using data and simulation to predict future events, outcomes, or reactions."

G Suite updates boost version control and collaboration in Google Docs, Sheets, Slides

Speaking of versions, users will also now be able to preview "clean versions" of documents. This option strips out the suggested edits and comments to give a clearer picture of what the final product will look like. To enact this feature, click Tools > Review suggested edits > Preview accept all OR Preview reject all, the post said. With these latest updates, users can now accept or reject all editing suggestions at once when working in Docs. This is helpful if there are commas or simple punctuation suggestions that a user believes should be accepted. Click Tools > Review suggested edits > Accept all or Reject all to make this happen. Editing suggestions can also be made in a document from an Android or iOS mobile device as well, the post said.

How Business Should Prepare For The Future Security Threat Landscape

Our whole value proposition around security really is in four different areas, prevent, protect, detect, and external partnership. What is really, really important and closer to my heart is the external partnerships. Our goal is to not just sell you a secure device or offering. That's not our main intention. Our intention is about the true partnership, as well. You're not only getting a secure device and offering, but you're getting a continuous partnership. One of the issues [in our industry] sometimes is it's one and done. We've won this sale, we won this customer, now we're done, and we can move onto the next one. That's not the model that we have here. We continue our partnership. We have solidified a partnership with McAfee. When you buy a Xerox device or buy into one of our offerings, we're bringing that partnership with us.

The 360 degree approach to cyber security

Even though technology has progressed, the way companies need to handle security today is fundamentally different from the approach they took 5 years ago. And there are many reasons for this. But two trends in particular are driving the new conception of cyber security for businesses. First, the increasing digitalization of processes and businesses is happening at an unprecedented pace. So a cyber security incident isn’t just something that causes extra hours in a company’s IT department. Today, IT often powers business engines along the whole value chain, and a single incident can bring operations to a grinding halt, and even threaten the existence of a company. Secondly, the threats are growing, both in number and sophistication. 2014 was the 8thyear in a row that the amount of detected malware doubled, resulting in an average of 81 attacks per minute.

Find My Device: How Android's security service can manage your missing phone

Android's native Find My Device system can precisely pinpoint any Android device — phone, tablet, even Android TV box (if you somehow manage to misplace one of those?!). It'll show you the device's exact location on an interactive map and give you tools to remotely ring it, lock it or wipe it entirely and send all of its data to the digital beyond. Find My Device has actually been a part of Android since 2013 — originally under the name "Android Device Manager," which stuck around until Google's broad Android security rebranding earlier this year — but it's always been a bit buried and easy to overlook. So take a few minutes now to learn the ins and outs of how it works and what it takes for your devices to be discoverable.

Is Your Small Business Ready to Defend Against a Data Breach?

"Small business information security is at a pivotal point in time. Between evolving outsider and insider threats, as well as changes to state and federal regulations, when it comes to disclosing breaches, small business leaders must take the time to remain vigilant about their information security needs," says Kevin Pollack, Shred-it Senior Vice President. "As work ramps up in the fall, it is a prime opportunity for small businesses to engage with employees about security and review their physical and digital risk. Business leaders should also take the time to implement cost effective preventative measures to protect confidential data." To help SBOs strengthen their information security protocols and mitigate the risk of fraud, Shred-it has identified five strategies for avoiding data breaches and reputational damage:

What is devops? Transforming software development

Devops is one of the key trends in software development to emerge recently. But the term is often not fully understood. An amalgamation of “development” and “operations,” “devops” describes the organizational structure, practices, and culture needed to enable rapid agile development and scalable, reliable operations. Devops is about the culture, collaborative practices, and automation that aligns development and operations teams so they have a single mindset on improving customer experiences, responding faster to business needs, and ensuring that innovation is balanced with security and operational needs. For development teams, that usually means standardizing platforms, following an agile development process, and participating in operationally driven initiatives.

What makes application delivery in China so hard?

Traffic traversing between China and the global market is controlled by what’s referred to as the Great Firewall of China, a system of filters and content inspection deployed via Chinese ISPs to control what content is available to users. Behind the Great Firewall is a combination of legislative and technological actions taken by the Chinese government to regulate the internet domestically. Domestic and foreign internet companies are required to cooperate with these efforts under Chinese corporate statutes. ... Commonly, traffic transiting the Great Firewall experiences congestion as it traverses the “choke point” of the Firewall, resulting in severe packet loss and additional latency, poor throughput, and other degradation. Of course, that’s the best case for traffic transiting the Firewall — for content that doesn’t run afoul of the government’s filters

Quote for the day:

"In the end, we will remember not the words of our enemies, but the silence of our friends." -- Martin Luther King, Jr.

Daily Tech Digest - August 17, 2017

Machine Learning: More Than Just Algorithms

If machine learning is relegated to playing a supporting role, this means that it won’t be algorithms that companies must master. Rather, algorithms will be procured for sure, as part of broader solutions. And, if done well, the actual algorithms will be analogous to source code—important but ideally obfuscated if the solution is functioning as desired. Of course, algorithms are not what drives the eventual solution behaviour. The models that the algorithms produce will be the means by which generalised rules become contextualised and so enable more effective behaviour patterns. In fact, in a networking environment, if the goal of machine learning is to automate workflows as part of adaptive or predictive operations, generalised algorithms are simply building blocks.

Driving Architectural Simplicity - The Value, Challenge, and Practice of Simple Solutions

There are several key benefits to designing and maintaining a simple architecture. First, simple architectures are easier to communicate. Communication includes both documentation and comprehension. A simple architecture can be documented with a smaller model and fewer drawings/annotations which would lead to improved comprehension by stakeholders. Comprehension is critical for shared understanding, which some define as the architecture (from Martin’s Fowler’s seminal Who Needs an Architect?). A shared understanding is critical to maintaining alignment across teams and team members, and ensuring an efficient implementation. Second, simple architectures are often easier to implement. 

How Ray makes continuous learning accessible and easy to scale

Ray is something we've been building that's motivated by our own research in machine learning and reinforcement learning. If you look at what researchers who are interested in reinforcement learning are doing, they're largely ignoring the existing systems out there and building their own custom frameworks or custom systems for every new application that they work on. ... For reinforcement learning, you need to be able to share data very efficiently, without copying it between multiple processes on the same machine, you need to be able to avoid expensive serialization and deserialization, and you need to be able to create a task and get the result back in milliseconds instead of hundreds of milliseconds. So, there are a lot of little details that come up.

How Upgrading Your Digital Mindset Offers Big Benefits

There can be many obstacles to digital transformation, from a lack of leadership to an absence of change management expertise, as the SAP/Oxford study noted. But buy-in amongst conservative medical professionals was critical at the largest heart hospital in Latin America, according to Guilherme Rabello.  “We had to convince them that ... the technology was not dragging them out of their main service, but assisting them to provide even better care to their patients,” Rabello said at SAP Leonardo Live. “So we engaged with all of them upfront, and we showed them why we were doing [what we were doing].” InCor’s uptake of SAP Leonardo was quick, especially for younger medical professionals who are comfortable in digital environment, according to Rabello.

Powerful backdoor found in software used by >100 banks and energy cos.

The module performs a quick exchange with the controlling DNS server and provides basic target information (domain and user name, system date, network configuration) to the server. The C&C DNS server in return sends back the decryption key for the next stage of the code, effectively activating the backdoor. The data exchanged between the module and the C&C is encrypted with a proprietary algorithm and then encoded as readable Latin characters. Each packet also contains an encrypted "magic" DWORD value "52 4F 4F 44" ('DOOR' if read as a little-endian value). Our analysis indicates the embedded code acts as a modular backdoor platform. It can download and execute arbitrary code provided from the C&C server, as well as maintain a virtual file system (VFS) inside the registry.

Building the Future of Finance

When you look at the process of building and deploying an AI model, it’s actually a very interesting world, because if you start off trying to build and trying to create and craft machine learning models – AI models – you need an enormous amount of data to create, craft, test, validate, calibrate, etc. But then in reality, you need a much smaller world or universe of data to run it on a daily basis. So from a bank’s perspective, you need to have an enormously elastic, cost controlled, efficient environment to mine for calibration, for creation purposes, for you to be able to create these models. Then when the rubber hits the road, you can have a much smaller, more dynamic, more discreet universe of data. So you can have these running, but for creation purposes you need the terabytes and petabytes; you don’t have to have that on a daily basis

Mitigating security risks posed by emerging tech: Expert advice

"If something brand new came to market tomorrow that could substantially improve the business, we have policies and protocols in place to evaluate it so we can set it up right away. We can move quickly to assess and determine whether it would work well with a minimal security risk or maximum security risk, and we can make recommendations based on that to move forward," Patria said. For Patria, it's about having layers of protection that can be used to counter the known security risks of an emerging tech as well as any potential threats that haven't yet been identified. Take, for example, the college's approach to the security risks associated with the internet of things (IoT), as it adds more and more devices to the school's IT infrastructure.

This Is Why Digital Currencies Need A Self-Regulating Organization

Did you know that participants within an industry may create a self-regulating body that self-governs and polices themselves? The SEC is not a government agency, rather they are a self-regulating body that was created by the member exchanges to protect and educate the public about securities. Similar agencies exist around the world providing the same service to their own citizens as the SEC does in the United States. We, the Crypto Community (the Community), have a right to do this for ourselves and do it globally. We have a right to define this new industry we created and govern that industry to protect and serve individuals and/or organizations that participate in all things crypto. ... We can be regulated OR we can regulate ourselves, and the only thing to decide this fate is whether we choose to organize and take action.

Automated Journey Testing with Cascade

You could divide the codebase into several codebases and have different teams work on each. In concurrent programming terms, we have removed the single exclusion lock in favour of multiple locks. We suffer less contention, developers are waiting less. We have solved one problem but we have introduced another. We now have different deliverables, whether they are microservices, or libraries, which are tested independently. The deliverables share a contract. Our tests have lost sight of the global picture. We are no longer certain that these components interact with each other since they are independent systems now with an independent set of tests. Our tests are now less inclusive, less exhaustive, and ultimately of less use to the product owner and user as an Acceptance Test.

How to Avoid the 6 Most Common Audit Failures

Since everything you do in security should be based on risk, a complete risk assessment is a must. But, what is a good risk assessment? Some people confuse a list of failure scenarios with a risk assessment. Stating that a DDoS attack could cripple your organization is not a risk statement, it is a statement of impact. Risk statements must include probabilities of occurrence of the threat such as: “It is highly likely in the next year that we will experience a DDoS attack that cripples our Internet services.” Conversely, the chance of a threat occurring alone is not a risk statement. Receiving lots of password guessing attacks against your SSH services is not a risk. However, if you say “there is a high likelihood of an SSH attack succeeding with an attacker gaining access to confidential data,” that is an actionable risk statement.

Quote for the day:

"Integrity is the soul of leadership! Trust is the engine of leadership!" -- Amine A. Ayad

Daily Tech Digest - August 16, 2017

The merging of enterprise and consumer identities means it’s time for a universal identity

An Identity Broker is a system that can support Bring-Your-Own-Identity (BYOI) schemes by taking a user’s existing identity and allowing them to authenticate to unaffiliated websites using that identity. With identity brokering, a single user account can be linked to identities from different identity sources. This is done using protocols such as SAML 2.0 or Open ID connect specifically set up for a brokering scenario. In the future, we may see an increasing number of identity providers that not only support isolated enterprise identities, but rather providers that increasingly support numerous external identities, such as social media accounts, healthcare smart cards, commercially acquired identities, as well as identities created with off-the shelf wearables that are embedded with smart card chips.

Is the smart home predestined for a mass-market win?

Looking at wider trends in home automation, particularly in architecture and interior design, the question begs to be asked: Are designers and solution experts trained to focus as intently on security and privacy as they are in making the home connected? Once a home’s ‘infrastructure’ is exposed to the internet or becomes wireless-enabled, it becomes susceptible to cyberattacks locally, and globally. For example, it’s not out of the realm of possibility that a criminal could access a smart home’s data, or even open garage doors, locks and other devices without ever physically touching the property. The design phase is where smart home products receive their security DNA, so it’s important not only to ensure devices are able to defend against known security vulnerabilities, but also easily accommodate future over-the-air fixes.

Forget Tough Passwords: New Guidelines Make It Simple

"We focus on the cognitive side of this, which is what tools can users use to remember these things?" Grassi says. "So if you can picture it in your head, and no one else could, that's a good password." While these rules may seem suspiciously easy, Grassi says these guidelines help users create longer passwords that are harder for hackers to break. And he says the computer security industry in both the public and private sectors has received these new rules positively. "It works because we are creating longer passwords that cryptographically are harder to break than the shorter ones, even with all those special character requirements," Grassi says. "We are really bad at random passwords, so the longer the better." Previously, security experts recommended the use of password manager apps to ensure users' accounts were protected.

10 Artificial Intelligence (AI) Technologies that will rule 2018

Artificial Intelligence is changing the way we think of technology. It is radically changing the various aspects of our daily life. Companies are now significantly making investments in AI to boost their future businesses. According to a Narrative Science report, just 38% percent of the companies surveys used artificial intelligence in 2016—but by 2018, this percentage will increase to 62%. Another study performed by Forrester Research predicted an increase of 300% in investment in AI this year (2017), compared to last year. IDC estimated that the AI market will grow from $8 billion in 2016 to more than $47 billion in 2020. “Artificial Intelligence” today includes a variety of technologies and tools, some time-tested, others relatively new.

Google’s DeepMind made an AI that can imagine the future

The researchers argue that giving AI imagination is crucial for dealing with real-world environments, where it’s helpful to test a few possible outcomes of actions ‘in your head’ to predict which one is best. Recently, DeepMind’s founder Demis Hassabis wrote a paper published in Neuron about how the development of general-purpose AI is dependent on understanding and encoding human abilities like imagination, curiosity, and memory into AI. With these papers, his company seems to be making headway in at least one of those areas. ... Of course the type of imagination described in these papers is nowhere near what humans are capable of, but it does show that AIs can and benefit from being able to efficiently imagine different scenarios before acting.

CodeFights offers a unique tool for developer recruiting

Sloyan described CodeFights as like Angry Birds, but for coding. A developer can choose a world -- that can be a language like Python or a concept like graphing -- and then pick a location in that world to begin. Each task solved is a coding problem, and they get more complicated at each step. Johnston said it was all fun, but it was also very much like the kinds of problems you might be asked to solve during a developer recruiting interview. And it’s competitive. "You can compete with real people and race to see who can code up a solution," he explained. "Or you can compete against company bots, which is much more difficult. I competed against two of the company bots, and I beat them."

Cost of insider threats vs. investment in proactive education and technology

The strength of an investment is normally measured by the certainty and size of return it will provide. The proposals with the most profitability potential usually win; which is what makes cybersecurity proposals such a hard-won investment. When pitching for an investment almost every department will emphasize the urgency of their need for funds, and often they can prove profitability. However, in security an investment does not provide more revenue normally, but it does provide savings during the inevitable cyber attack. In the security discipline we usually call this loss prevention, while in business this falls under the category of opportunity cost. When executives talk about opportunity cost, they are attempting to measure the value of one investment option against another one.

Google Chrome under attack: Have you used one of these hijacked extensions?

The main intent of the attack on Chrome extension developers is to divert Chrome users to affiliate programs and switch out legitimate ads with malicious ones, ultimately to generate money for the attacker through referrals. The attackers have also been gathering credentials of users of Cloudflare, an availability service for website operators, which probably could be used in future attacks. The hijacked extensions were coded mostly to substitute banner ads on adult websites, but also a range of other sites, and to steal traffic from legitimate ad networks. "In many cases, victims were presented with fake JavaScript alerts prompting them to repair their PC, then redirecting them to affiliate programs from which the threat actors could profit," notes Kafeine.

Social cybersecurity: Influence people, make friends and keep them safe

The basic idea behind this is that we're looking at how to change people's awareness, knowledge and motivation to be secure. The work is grounded in a discipline known as social psychology. This discipline looks at how people influence one another. ... We use a technique known as social proof, which is people tend to do what everyone around them is doing. One of the common pranks fraternities will do from time to time is to have a few fraternity members point up at the sky, and if you look at the number of passers-by who also look up, it's actually very high. It's a simple mechanism that most people aren't aware of, but it's very common. Another example is, let's say you just got off a plane, which way do you go? Do you turn left or right? The simple heuristic is to follow where everyone else is going, and you will probably be going in the right direction.

Scottish Parliament hit by “brute force” cyber attack

Chief executive of Holyrood, Sir Paul Grice relayed the confirmation of the attack in a message to MSPs and staff with parliamentary email addresses. Grice said “robust cyber security measures” identified the attack early, and systems “remain fully operational”. This early identification can be attributed, in part, to the major the cyber attacks that have plagued organisations in recent months, namely the number of Scottish NHS boards affected in May. Parliamentary corporate body member David Stewart told MSPs in June that as a result of this clearly escalating threat, an independent review of “cyber security maturity” had been carried out, and had “offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks”.

Quote for the day:

"The value of having numbers - data - is that they aren't subject to someone else's interpretation." -- Emily Oster

Daily Tech Digest - August 15, 2017

Let’s Corrupt a Database Together, Part 3: Detecting Corruption

In theory, you keep them all the way back to your last clean CHECKDB. In practice, you’ll need to keep them longer than that. If you do CHECKDB every 7 days, and you delete log files older than 7 days, then when CHECKDB fails, a human being probably won’t disable the log-deletion job fast enough to keep the log backups online. In that scenario, 10-14 days of log backups might be a better choice – especially if there’s only one DBA, and everyone else just leaves the alert emails for the DBA to handle when they get back from vacation. You could run CHECKDB more often, or on a restored copy of production. It kills me when I see people doing index rebuilds every night, but CHECKDB only once a week.

Building technology with a social purpose

“We want people to be wearing devices in a nonintrusive way, that keeps their dignity, and allows them to get a good level of care from their family or care provider. “They must not feel they have a 'big brother' or have someone watching them all the time, but they can get help when they need it,” he says. “We needed wearables that are smart enough as a standalone device,” says Feijo. “It is a mobile phone on your wrist. It does not depend on a mobile phone to call.” Jupl is a Kiwi company, co-founded by Sir Ray Avery and Allan Brannigan, that provides technology to connect people wearing medical devices, carers and healthcare professionals to assist in daily care management. The company’s cloud-based platform, the Virtual Biometric Network, coordinates hardware and software to create a unique and interactive experience, which gives everyone access to key features and tools.

Cloud computing is consolidating, raising the risk of customer lock-in

For customers, consolidation so far has been more of a problem than a blessing, Forrester said. In contrast to the common perception that cloud services enable ease of switching, the analysts asserted that the risk of lock-in is actually greater in the cloud. Buyers of on-premises software have more options than cloud buyers to resist captivity. “For example, they can skip upgrades or turn to third-party maintenance providers to cut fees in half,” the report said. “Clients of SaaS vendors don’t have these options; if they stop paying the vendor, they lose access to the apps.” As dominant cloud vendors consolidate their market share, some are likely to increase prices, reduce research and development investments and generally cut back on innovation. They’ll also make it more difficult for customers to migrate data to other services.

Data lake implementation: Data security, privacy a top priority

One of the challenges is that we are currently running the project on limited hardware. We can elevate the project to a production-ready stage only after it gets to a certain stage. I don't report into the IT group, but IT generally runs the Progress infrastructure. We don't have the buy-in from Progress yet, because we have to prove it works first. We prefer to move into the cloud, but we have sensitive PII data of customers and while CIOs and CMOs share data, they have to work together to ensure that the right governance, data privacy and security are in place. ... With data lake implementation, I don't want to say you just dump a bunch of data into a data lake and see what happens, but that's kind of what we did. Knowing what I know now, we would have taken some measures to address things like the infrastructure

The new Data Protection Bill will reduce Brexit uncertainty – if it’s implemented smartly

More positively, companies who comply with the new rules will also be able to reap the rewards by build trust and improving their customer relationships, thereby giving themselves significant opportunity for growth. How organisations approach these regulations will have an enormous effect on company performance and customer experience. For instance, better data protection and well executed consumer control will be major differentiating factors and can become a competitive advantage. ... For consumers, the immediate effect will be increased assurances from service providers that they have control about who and what has access to their data. However, having more control of personal data could easily prove confusing for many people.

IT's 9 biggest security threats

IT security pros have to contend with an increasing number of loose confederations of individuals dedicated to political activism, like the infamous Anonymous group. Politically motivated hackers have existed since hacking was first born. The big change is that more of it is being done in the open, and society is acknowledging it as an accepted form of political activism. Political hacking groups often communicate, anonymously or not, in open forums announcing their targets and hacking tools ahead of time. They gather more members, take their grievances to the media to drum up public support, and act astonished if they get arrested for their illegal deeds. Their intent is to embarrass and bring negative media attention to the victim as much as possible, whether that includes hacking customer information, committing distributed denial of service (DDoS) attacks

Conversational Finance: The Impact of Chatbots, AI and Machine Learning

Chatbots are essentially pieces of software that simulate human, natural language conversations and can respond to and act upon queries and commands from users. The advantage these systems have over a real conversation with a human is that they are able to extract and analyse a user’s needs and intent and ultimately return the information a user has requested or perform actions for them faster, at any time of day or night and at significantly lower cost than a human counterpart.  The benefits of this type of technology are clear with many people choosing to apply and research investments or loans through these types of systems rather than spending the extra time and potentially cash on a human broker that may not necessarily have the best deals available.

5 Innovation Keys for the Future of Work

Innovating just to innovate doesn't do any good--real innovation always has the end user in mind and creates something that will meet their needs and address their pain points. However, many people aren't aware of or can't vocalize what they really want in a product. The best innovators see how customers really interact with products and services to find pain points and create the product of their dreams. At Xerox, this happens by bringing in groups of end users so innovators can see how they work with the product and tapping into ethnographic experts for a different approach to customer dreams and pain points. True innovation understands what customers need and pushes beyond what they hear to provide the best possible solution.

TD Ameritrade accelerates innovation with agile, design thinking

It's hard to find a hotter technology in financial services than roboadvisors. Launched last fall, TD Ameritrade's Essential Portfolios roboadvisor enables long-term investors to choose an investment plan for crucial financial goals, including retirement, college or home purchases. Using the app from computers or smartphones, clients can dial up or scale back their contributions and view a graphical projection of their investments over time. TD Ameritrade will eventually allow clients to aggregate non TD Ameritrade accounts. "It's becoming a digital financial cockpit for our self-directed, long-term investors," Sankaran says. Many industry watchers eye roboadvisors with suspicion, as they are ostensibly replacements for financial planners at a time automation is viewed as a threat to jobs.

Legacy technology – an enabler to digital transformation, not a barrier

While the definition of ‘legacy’ will vary between (and within) organisations, this finding confirms my experience that this is a consistent issue across a wide range of sectors and size of organisation. Many IT departments face the issue that their organisation has grown over time, building a complex dependency of operational, organisational and technological legacies. Many elements of the organisation are highly dependent on these legacies for their day-to-day business. As such these legacy elements are regarded as intractable barriers blocking the road to digital transformation, deemed ‘to risky’, or assumed unable to be included in the journey. Legacy is not a barrier born in ‘yesterday’s world’. It is the reason an organisation is where it is now and often holds a great deal of future value for the organisation.

Quote for the day:

I would rather have questions that can't be answered than answers that can't be questioned." -- Prof. Richard Feynman