Daily Tech Digest - March 14, 2017

The Industrial Revolution of Application Security

Before the industrial revolution, there were several barriers to innovation and advancement. There is certainly a corollary to the current state of application security. The first barrier is the vast landscape of tools and point solutions, which all tend to be vertically focused on specific areas and capabilities. This presents a serious challenge of scaling out both human capital (security engineers) and complete coverage of code repositories and application catalogs effectively. Another barrier is that the security team is typically not integrated into the software development life cycle. This leads to the security team having to be the gatekeeper to application update delivery, or acting as police after the delivery. These two barriers often lead to the creation of a contentious relationship between the DevOps and security operations (SecOps) teams, instead of the collaborative, sharing culture that is inherent to DevOps.


How Blockchain will Change the Future of Financial Service Sector?

Fintech and startup hipsters are already experimenting and successfully cracking the blockchain code, while banks are jumping on the game too as their core business model is continuously being disrupted. We can see collaboration forming between hipsters and suits, where thirty banks, tech giants and other organisations are getting behind Ethereum (a decentralised computing network based on digital currency) forming Enterprise Ethereum Alliance. Big business giants such as Accenture, Banco Santander, BNY Mellon, Intel, JP Morgan, Microsoft, BBVA, BP, Credit Suisse, Fubon Financial, ING, Thomson Reuters, UBS, BNP Paribas, Cisco are uniting to build business-ready versions of the software behind Ethereum.


Strategic IT Infrastructure in 2017

Contrary to popular belief, the public cloud has not swallowed the majority of workloads and applications with only 20 percent of workloads today in the public cloud. And according to IDC, growth is expected to slow after 2017 as businesses begin to pull back from experimentation and optimize storage strategies. Multiple factors will contribute to the slowdown, including concerns over vendor lock-in, security, accessibility and cost. In my view, public and private clouds will co-exist in the long term, and most data centers will be a mix of public cloud and private cloud. While the public cloud can often offer more cost-effective elasticity, experimentation, archival, and disaster recovery, private cloud will excel for more predictable, performance-critical workloads as well as when there are security concerns with using proprietary algorithms or data in the public cloud.


Are there IT jobs in cloud capacity management?

A role is evolving in the IT space for cloud capacity management, wherein an IT professional steers the high-level cloud strategy of the business, said Kurt Marko, technology analyst at MarkoInsights. Another option is to gain skills on a specific public cloud platform for a cloud operations engineer job. Cloud capacity management jobs require an ability to choose cloud consumption strategies and set allocations, then calculate actual use and reconcile the numbers. In contrast, a cloud operations engineer will execute cloud migrations, scale resources up and down, deploy patches and updates and complete related tasks. Businesses refer to these jobs as cloud consumption, procurement or capacity manager positions. Adding cloud capacity planning to the overall IT mission is worth it, especially when companies unknowingly misuse resources. "Cloud makes it very easy for people to spend a lot of money without realizing it," Marko said


Mirai is the hydra of IoT security: too many heads to cut off

Hackers are still modifying the Mirai source code to infect new devices. On Monday, security research group Malware Must Die said it found evidence that Chinese hackers were repurposing Mirai to infect a batch of IoT products, in this case from a Taiwanese vendor. “This could have a huge impact,” the research group said in a direct message over Twitter. “Chinese hackers who used to make DDoS Linux malware are starting to adapt the Mirai source code.” The Chinese hackers appear to have modified the malicious coding to exploit a known vulnerability in products from Avtech, a maker of DVRs and internet cameras. The new strain of Mirai takes advantage of a web scripting bug in the products, triggering them to visit a URL that downloads the hackers’ malware.


Your brain is unique – here’s how it could be used as the ultimate security password

The brain biometric template could even be updated for a different mental activity should there be a security breach on the stored template (unlike a fingerprint biometric which remains for life and cannot be replaced once compromised). Brainprints can also be used to generate passwords that can replace conventional alphanumeric passwords or PINs in ATM machines to withdraw cash. For example, rather than keying in the PIN, one would connect earphones and be shown a series of PIN numbers on the ATM screen. Brain patterns would change when the correct PIN number showed up – activating the transaction. By doing so, one does not have to worry about others looking over the shoulder to steal the PIN. Moreover, under coerced situations, brainprints will not work due to the stress – making them even more fraud resistant.


Continuous Authentication: Why It's Getting Attention & What You Need To Know

A shift to continuous authentication is inevitable, but it’s really in the early days of development, says Mark Diodati, research vice president at Gartner. “The technology is compelling because it solves a lot of security and usability issues,” Diodati says. “Typical authentication today might be a password at the front door to authenticate someone, but over time the security of the session decays.” Whereas confidence of authentication is quite high at the beginning of the process, a variety of events can take place that weaken security, Diodati says. For example, a user might walk away from his desktop computer briefly and someone else takes over the session, or malware infecting the system can take over as well. “The longer the duration of the session the more likely there is to be decay in authentication,” Diodati says.


10 tips for securing microservice architecture

As with every element of technology, there are security risks with microservices as well as best practices for appropriate usage. At face value, it would seem the microservices "molecules within an atom" concept bodes well for security since you might expect application vulnerabilities to be sandboxed off behind virtual walls, so to speak. However, vulnerabilities still can and do exist and even if only one microservice can be compromised - the account access microservice in the ecommerce application example - that still represents a risk. After all, if burglars can only break into one room of your house and manage to infiltrate the living room, your flat screen television still ends up on eBay. In addition, the plethora of diverse microservices can also increase complexity and make security harder to achieve, especially if different developers and methods are in use across the application.


Revolutionising the cyber-security skills gap with ‘ethical hacking’

Another business-oriented method of closing the skills gap is for organisations to make the path to employment within the security space a far more enticing one. Incentivised programmes will go a long way towards creating awareness and inspiring students, and in guiding them in selecting courses and graduate programmes which are relevant and useful. Ultimately, for students to engage with the practical realities of cyber security, company graduate programmes, internships and bursaries are vital. Organisations can use this investment to ensure students study the right subjects, gain the right insights and make the right choices to enter this area of work. This level of investment into upcoming talent ensures long-term development of the skills pool, going a long way towards mitigating the current crisis.


AMD busts Ryzen performance myths, clearing Windows 10 from blame

“Based on our findings, AMD believes that the Windows 10 thread scheduler is operating properly for ‘Zen,’ and we do not presently believe there is an issue with the scheduler adversely utilizing the logical and physical configurations of the architecture.” Why this matters: Ryzen’s confusing benchmarks have fueled this hot debate. In many multi-threaded tasks, it performs like a bat out of hell and easily matches Intel CPUs that cost twice as much. But when it comes to gaming at standard resolutions of 1080p or at low-quality settings, the performance can lag behind Intel’s newest 7th-gen Kaby Lake CPU, as well as its Broadwell-E chip. Our own tests have shown that at higher resolutions and and higher game settings, the average gamer is unlikely to ever see the difference. And yet the debate rages on.



Quote for the day:


"A coach is someone who can give correction without causing resentment." -- John Wooden