Daily Tech Digest - April 06, 2017

How to apply DevOps practices to legacy IT

“The same DevOps principles still apply to those people who manage legacy software stacks, so the team that writes software also has operational duties,” says Dean. “Part of our DevOps transformation has been to support teams that may not have had access to the technical environments needed to deploy their software and let them operate in a DevOps fashion.” In some cases, this means adding operational staff to the team directly, such as embedding into the development team the application engineers or system engineers who previously worked in operations supporting the legacy systems. “We really changed their mission from an operations role to a site reliability engineer role or a DevOps engineer role, where their mission is to help the team take control and ownership of their own software,” says Dean.


How Banks and Fintech Companies Can Benefit From Each Other

Rather than view the new technology offered by today’s fintech startups as a total disruption of the banking industry, it might be useful to see it as a way to fine-tune the successes that banks already have. Banks still own the bulk of customer relationships, both personal and business. What they don’t often own, however, is the best technology for the best customer service. It’s not that they haven’t wanted to have it—spending on compliance technology had to come first—but by partnering with fintech companies they can get the lending technology they need for their most important business segments quickly and easily. They can serve small businesses in a much more cost-effective way. Fintech startups can also help banks to better mine customer data and, in doing so, perhaps expand their boundaries way beyond the area of payment and consumer credit.


Scammers Phishing for financial credentials on Twitter

Attacks like these are the risk that's attached to conducting support on social media. The best defense is awareness, and knowing who you're interacting with. For banks like Nationwide and NatWest, their support channels are all verified accounts, and they'll only discuss the basics online, often via direct message. If you have to obtain support via social media, you should only work with those verified accounts. Anyone asking for sensitive information via public channels (even verified accounts) should be treated as suspect, especially if they're directing you to follow links on free hosting services. If you do accidentally click a link, ensure that the URL is the one you're supposed to be on, and that it's using SSL. If you've logged in via a fake website, contact your bank and change your password.


Engaging millennials in the workplace: instant gratification is not enough

For the millennial employee, job hopping may, in the short term, lead to new opportunities, increases in pay and better titles, but these transitions cannot infinitely keep up with a need for regular progress. As millennials move into mid-level management roles and senior individual contributor positions, they must balance longer periods between levels while finding intrinsic means to remain motivated and engaged towards achieving substantial goals required to eventually move up into even greater responsibility. Setting realistic goals and ensuring these goals are aligned across upper management and direct reports is one of the leading factors in upwards mobility in the workplace. Yet many employees in this demographic struggle with setting goals and making progress towards them.


High-tech startups need a different type of banking

The high-tech ecosystem consists mostly of start-ups founded by young individuals who crave personal, direct and around-the-clock contact with their financial adviser. This builds a close relationship where the banker is intimately acquainted with the business, its characteristics and its managers. ... To deliver an adapted service, the banker has to be in a position to provide overseas banking services, facilitate the execution of complex digital banking transactions and to offer solutions typical for the investor environment of the high-tech world, like venture capitalists. Banks must provide a carefully tailored package of financial services for each stage in the start-up's lifecycle. A high-tech bank must also support its customers throughout the company’s development, advising them on how to safeguard investor funds and make optimal use of money received.


Walking Through the European Minefield of Cyber-Threats

Managing cyber-security in Europe sometimes feels like walking through a minefield, where you have to calculate the risks with each step in order to make it safely. Between EU and / or local regulations, the ambition to keep the organization secure by all means, and the business demands to be dynamic and agile, it is easy to spot the CISO in a board meeting – look for the person who looks the most frustrated. There is a correlation between a growing number of unhappy CISOs and security events. A lot has been discussed concerning the evolution of cyber-attack tools into mature, powerful and sophisticated programs, and the growing resources companies have to invest in technology, labor, compliance and skill. We at Radware went ahead to get a closer look at the concerns and experiences of European companies.


McAfee report reveals five challenges to cyber threat intelligence

McAfee counted 197 publicly-disclosed security incidents in Q4 and 974 publicly-disclosed security incidents in 2016. Security incidents are events that compromise the integrity, confidentiality or availability of information assets. Some, but not all, of these incidents are breaches. Breaches are incidents that result in the confirmed disclosure of data. According to the report, the public sector experienced the greatest number of incidents by far, but McAfee believes this may be the result of stricter requirements for reporting incidents, as well as an increase in attacks related to the US election process, mostly voter database incidents and defacing of election websites.


The reality of hacking….or a new hacking reality?

A cyber-physical system is closely coupled with, but is not synonymous with, the Internet of Things (IoT). IoT devices are typically the controllers of the cyber-physical domain. They use one or multiple connective technologies (e.g. cellular or Bluetooth) and are governed by service providers or user applications on a mobile device. For instance, the iPhone application provided by your vehicle manufacturer enables you to unlock your car or start the engine remotely. The Amazon Echo smart speaker app that controls your home lighting is another good example. What is common to these examples is that they allow us, as end users, to wirelessly manipulate physical functions. Our control over these systems is terminated at the IoT controller. The IoT controllers communicate with physical objects using two key elements – sensors and actuators.


Microsoft reveals what data Windows 10 collects from you

Opting for the “full” telemetry level, according to Microsoft, will allow the company to “use diagnostic data to improve Windows 10 for everyone and deliver more personalized experiences for you where you choose to let us do so.” The actual data collected under “full” is broken down into the following nine categories: common data; product and service usage data; software setup and inventory data; content consumption data; browsing, search and query data; inking, typing, and speech utterance data; and licensing and purchase data. If you go back and look at “basic” level, it is noted that “every event generated includes common data, which collects device data.” You should look at some of the common data. There is an entire section devoted to obtaining users’ privacy settings before and after upgrading to Creators Update.


Prevent Or Detect? What To Do About Vulnerabilities

In order to build a strong security program, CISOs need to invest in the right balance of prevention, detection, and response, which means that they may want to leave some vulnerabilities that they can manage in order to focus more on detection. Jeff Williams, CTO and co-founder at Contrast Security, said, "Winkler is trying to make a distinction between protect, detect, and react. And of course, a responsible security strategy has all three." The question then is one of prioritization. Williams said, "Prioritizing detect and react over protect is offering candy to CISOs overwhelmed with their security challenge." If one were to use the analogy of home security, not trying to prevent a vulnerability, said Williams, "Is like saying, don’t worry about locking your doors and windows. Just wait for the alarm to go off and the police will protect you."



Quote for the day:


"Sometimes a pessimist is only an optimist with extra information." -- Idries Shah