Daily Tech Digest - January 11, 2017

The Bright Side of Smart-Home Silly Season

The Internet of Things is one of the gadget industry's brightest hopes in a world that's saturated with smartphones. Sensors are cheap, and digital giants such as Amazon and Google are aggressively pushing their voice-command technology. The resulting hype, however, spawns inventions that should only exist in the corny worlds of science fiction. At this point, the IoT market isn't well-quantified. Intel says there were 15 billion connected IoT devices in the world in 2015 -- a number the chipmaker predicts will increase to 200 billion by 2020. Gartner, the tech consultancy, counted fewer than 5 billion devices in 2015 and predicted fewer than 21 billion by 2020. There's a good reason for the gap: No one can predict which objects consumers and businesses will want to connect to the internet. 

IBM Watson, FDA to explore blockchain for secure patient data exchange

Transactions are recorded as blocks of data to be added to the chain; each block contains a unique cryptographic hash that is used to track that block as well as others in the associated chain. Data within the blocks cannot be modified and the chains are secure by design. Electronic medical records (EMRs) carry a mass of data, including demographics, treatment and genomic information, and act as repositories for biomedical research. But because data in EMRs is the most highly sensitive, there has been little progress in sharing information for research and clinical use, such as aiding in physician decision making. ... "Transformative healthcare solutions are possible when healthcare researchers and providers have access to a 360-degree view of patient data. Today, patients have little access to their health data and cannot easily share with researchers or providers," IBM said.

Rethink on bank cybersecurity rules might only follow major bank breach, says expert

In an interview with Out-Law.com, professor Richard Benham, chairman of the National Cyber Management Centre, expanded on earlier comments he provided to the BBC. He reiterated his view that there will be a run on a bank in 2017 as a result of customers losing confidence in the security of their funds following a cyber attack, and said more formal regulation of cybersecurity is needed in UK banking. Benham said that, despite the existence of Bank of England guidance, the banking industry is currently "effectively unregulated on cybersecurity". There is a lack of "mandated standards", he said, and that these should be put in place. "At the moment there is a tendency to leave banks to manage their own security," Benham said.

Top obstacles and benefits of security framework adoption

“Cybersecurity frameworks are a good way for IT security professionals to create a solid baseline for measuring security effectiveness and to meet compliance requirements, but it can be a challenge to do this without the tools, talent and support from executive leadership,” said Cris Thomas, strategist, Tenable Network Security. “Having the proper tools and intuitive reporting features in place not only improves overall cybersecurity, but also can help organizations eliminate some of the staffing and budget problems by automating the implementation and integration of their security frameworks.” Despite reported obstacles, respondents who have adopted security frameworks see clear benefits, including compliance with contractual obligations (47 percent), achieving measurable security improvements (43 percent) ...

Will you be safe with an always-connected Internet of Things?

Products that can be controlled remotely via mobile devices are rapidly expanding, and include applications such as controlling heating systems, monitoring CCTV systems, door locking, and the control of home lighting and appliances. These smart devices improve our quality of life and give us additional control and security in our homes, but the benefits also come with potential threats from unseen attackers on the web. Another key reason for heightened security fears is due to the number of modern vehicles becoming increasingly connected. As we move towards more intelligent autonomous vehicles, cars are essentially becoming cloud-connected IoT devices with the associated risks of malicious attacks, potentially endangering the lives of drivers and passengers.

Three States Join Others To Expand PI Definition To Include Usernames Or Email Addresses

Under European and many other international data privacy laws, PI includes any information that identifies an individual or from which an individual can be identified when aggregated with other information. This will include usernames and email addresses where the individual's actual name is included within the username or email address. Under the forthcoming General Data Protection Regulation (GDPR), which comes into force in May 2018, if a US organization targets European consumers for goods or services, it will be subject to the GDPR when it processes the PI of such European consumers—whether or not the organization is based in the European Union. The requirements under the GDPR include providing information to the individuals about how their PI will be used, disclosed, and transferred, as well as requirements to obtain consent for the processing and transfer of such data to the US.

Researchers: Brace for a Major Cloud Provider Compromise

Even as data is moving to the cloud, many countries are focusing inward rather than on open-border and free-trade strategies. This includes recent advances in tax-policy, where previous approaches to multi-national corporate governance have come under the microscope of the world’s treasurers. Further initiatives are expanding in the internet realms, with new operating system initiatives being pursued to remove dependency upon foreign software, and foreign hosted SaaS offerings being excluded from other countries such as the Russian LinkedIn Ban. Additionally, multiple governments are enhancing their surveillance initiatives, such as the Russian government’s requirement to hold all cryptography keys to decrypt internet traffic. “We believe this will continue resulting in an increasingly balkanized and separated internet,” Shelmire said.

Security fatigue—or how I learned to overcome laziness and use a password manager

You’re not alone. Security fatigue is a bug the majority of us have. A NIST study recently reported that most people don’t do the right thing when it comes to cybersecurity because they are too lazy, too hurried, or not convinced that they are a target for cybercrime. The study summed up a problem we all know is true. Comb through the stories about security fatigue, and you’ll find many figures citing the prevalence of the problem—91 percent of people in the NIST study report using passwords across sites, for example. And even as surrounded by security-conscious folks as I am, I’ve yet to meet one person who claimed they never, ever succumb to the disease. ... It was time for me to quit saying “Use a unique password for every site!” and not doing it. I needed to overcome laziness (and hypocrisy) and start using a password manager. Boy, has it been hard!

Time to get smarter about public Wi-Fi and personal data

91% of Wi-Fi users do not believe public Wi-Fi is secure, yet 89% of Wi-Fi users choose to use it anyway. This shows that, while more Wi-Fi users are aware of the risks, an increasing number of users connect anyway. Wi-Fi needs to have the security and performance to sustain the many different activities and applications employees are engaging in and with daily. 83% of Wi-Fi users are accessing their email, whether it’s for work or personal reasons and 43% are accessing work/ job specific information. 42% of Wi-Fi users are shopping and 18% are logging into banking applications on public Wi-Fi. These two activities specifically expose more personal information to potential intruders. No matter what application users are accessing, personal and business critical data is exposed to potential threats.

Measuring the Performance of Enterprise Architecture

How much business value does the enterprise architecture function generate? This KPI can be decomposed in many ways: How much value do we generate because we have the necessary business insight through well integrated systems and clean, properly governed data? What is the value of speed, due to our solutions being built with agility in mind? What is the value of a clean, well-managed technology portfolio? What is the value of critical business capabilities relying on high quality technology components? How much is the worth of solutions that are simple, intuitive, and a pleasure for our users? What is the value of technology based innovation? Well, we haven’t figured out the way to measure the business value of enterprise architecture yet, but one thing is for sure, if we wish to get there, it has to be a joint business-IT undertaking. I would love to hear from you if you have good ideas or solutions.

Quote for the day:

"Some men see things as they are and ask why. Others dream things that never were and ask why not." -- George Bernard Shaw