Daily Tech Digest - January 05, 2017

Wellcome Trust Sanger Institute Launches Science-as-a-Service

The Sanger Institute wanted to base its Science-as-a-Service offering on open standards and open source technologies, including OpenStack as a private and hybrid cloud infrastructure. The Institute also wanted a partner to help support this infrastructure and one that had experience in building large-scale deployments on a tight timeline, as it wanted this service launch to coincide with the opening of its new research facility. To help address all of these needs, the Sanger Institute turned to Red Hat, the world’s leading provider of open source solutions and one of the largest contributors to the OpenStack project. Built on Red Hat OpenStack Platform, the Institute’s service catalog offers internal users and Wellcome Genome Campus tenants with options of gold, silver and bronze service levels, each offering a different mix of services and applications to help meet unique scientific needs.

Build a data center shutdown procedure to prepare for the worst

Every data center shutdown procedure is a prelude to an eventual restart, so proper preparation is key to ensure successful restarts once an outage period has passed. Create a comprehensive -- or at least current -- documentation set that captures each system's volume, operating system and application configurations, paying special attention to anything that could potentially or unexpectedly change during a reboot. There are countless tools to create this documentation and most modern configuration management and enforcement tools can capture and report system states. Don't forget to capture or record the configuration of any networking equipment or storage arrays. During preparation, also identify and understand the myriad of different dependencies within your data center. Documenting dependencies allows IT staff to reboot systems, services and applications in their proper order to avoid disruption and lost startup time.

A Vendor's Security Reality: Comply Or Good-Bye

This development has prompted government contractors to pursue FISMA compliance or risk exclusion from the federal vendor community. Enforcement of FISMA's third-party standard is being performed primarily through the procurement process, with all prospective vendors required to attest to adherence with rigorous data security controls when responding to a solicitation. The specific language within contract awards mandates that vendors submit evidence of FISMA compliance in the form of monthly, quarterly, and annual deliverables. Accordingly, if your company is doing business with a government agency, you will be required to provide detailed and ongoing evidence of compliance. Additionally, agencies are increasingly deploying audit teams to perform on-site verification of a vendor's control environment.

What is 'Enterprise Ethereum'? Details Emerge on Secret Blockchain Project

So far, the reason for the secrecy appears to be concerns about the competition coming from other sectors of the blockchain industry. But, there's reason to be skeptical about this possible reasoning for the group's launch. Former IBM blockchain developer Henning Diedrich, who left the company last year to work on his own smart contract language, contends that ethereum's software is already suitable for private blockchains that he tested at IBM. However, he noted that the relatively nascent state of enterprise products like Hyperledger and R3CEV's Corda platform may be forcing enterprise interest in a more robust offering from ethereum, a comparatively more tested alternative. Though Diedrich argued that ethereum developers still have room to improve the product, he remains skeptical that a large-scale ethereum consortium is even necessary.

The difference between the Traditional CIO and the Transformational CIO

At the risk of being over-inclusive, every enterprise will need to take the digital transformation journey. Technology is playing a more central role to every enterprise. Put a different way, technology is quickly becoming the strategic weapon for every enterprise. Think of companies that have disrupted different industries. In most cases, technology was central to their ability to disrupt their industry. As part of that journey, every enterprise will need to rely more on a transformational CIO. However, that transition does not happen overnight. Recall that it is not just the CIO that must transition (read: Transforming IT Requires a Three-Legged Race). Transformation, much like culture changes, is a journey. There is no specific end-point or finish line. One could ask, how does a CIO make the transition. For each CIO, the journey is incredibly personal and transformational in their own way.

The Basics of Web Application Security

Before jumping into the nuts and bolts of input and output, it's worth mentioning one of the most crucial underlying principles of security: trust. We have to ask ourselves: do we trust the integrity of request coming in from the user’s browser? (hint: we don’t). Do we trust that upstream services have done the work to make our data clean and safe? (hint: nope). Do we trust the connection between the user’s browser and our application cannot be tampered? (hint: not completely...). Do we trust that the services and data stores we depend on? (hint: we might...) Of course, like security, trust is not binary, and we need to assess our risk tolerance, the criticality of our data, and how much we need to invest to feel comfortable with how we have managed our risk. In order to do that in a disciplined way, we probably need to go through threat and risk modeling processes, but that’s a complicated topic to be addressed in another article.

Why 2017 Will Prove 'Blockchain' Was a Bad Idea

Nobody has really figured out what this DLT chimera is about or which problem it should solve. (Yet, we have been told it could reduce banks' infrastructural costs by $20bn). Even the European Securities Market Authorities (ESMA) wonders about its applicability. The ESMA consultation paper issued in June posed many sensible specific questions: unfortunately most of the answers received were generic rhetoric exercises. Adding insult to injury, even when it comes to derivatives trading and clearing (where ESMA is confident DLT cannot be applied), unfunded claims about interest rate swaps as smart contracts on DLT obfuscate the debate. Last but not least, no DLT proposal has really delved into how to implement cash-on-the-ledger for effective delivery vs payment or, even more crucially, how to reach decentralized consensus.

Eight CIO goals and IT resolutions for 2017

Undoubtedly, all the trends of the digital economy will get a lot of play, and information technology will facilitate the continuation of businesses' transformation. We will see the expansion of the internet of things, smart automation, further increase the proportion of mobile and cloud solutions based on big data solutions, and wider use of deep learning technologies. Special focus will be put on robotics. The value of information security will be more and more enhanced. If we talk about software engineering, the market increasingly requires business expertise, in addition to pure design. Also, the development cycle will become shorter and shorter. Next year will truly be the year of the customer, with companies offering smart technology solutions to delight business users and consumers alike.

Business adoption plans for IoT, AI, VR, and beyond

When examining the adoption of various types of AI, the results show that about one in five organizations use intelligent digital assistants for work-related tasks while relatively fewer reported using machine learning (8 percent) or business analytics with AI (8 percent). Still, more organizations are planning to adopt AI technology over the next five years, with nearly half intending to adopt intelligent assistants, 60 percent planning to adopt machine learning, and 72 percent looking to deploy business analytics with AI. ... "IT professionals are rightly concerned with the practicality of integrating emerging technology in the workplace, particularly when it comes to VR and 3D printing," said Peter Tsai, IT analyst at Spiceworks. "Many organizations are struggling to find viable use cases for VR and 3D printers that will justify the costs."

Data Breaches Through Wearables Put Target Squarely on IoT in 2017

Mike Kelly, CTO of Blue Medora, says, more connected devices will create more data, which has to be securely shared, stored, managed and analyzed. ... Those organizations that can most effectively monitor their database layer to optimize peak performance and resolve bottlenecks will be in a better position to exploit the opportunities the IoT will bring, he says. Lucas Moody, CISO at Palo Alto Networks, says security has to be baked into the IoT devices – not be an afterthought. The bloom of IoT devices has security practitioners in the hot seat, with industry analysts suggesting a possible surge up to 20 billion devices by 2020. “Given the recent upward trend in both frequency and intensity of DDoS attacks of late, 2017 will introduce an entirely new challenge that security teams will need to contend with; how do we secure devices, many of which are by design dumb and, for that matter, cheap?,” he says.

Quote for the day:

"GreatBosses model & demand aligned values & performance DAILY." -- S. Chris Edmonds