Daily Tech Digest - May 24, 2017

Identity, authentication and authorisation becoming risk-led

A risk-led approach means organisations can automatically adjust the number of authentication factors required between one and seven, depending on the context and in line with best practice guidelines. In addition to continuous identity assurance and user authentication their way, RSA is also addressing organisations’ need to secure legacy applications. “By putting SecurID on a unified platform, businesses can access cloud applications and on-premise applications in the same place with the convenience of a single sign-on, but without using [the dangerous approach of] synchronising identities in the cloud,” said Darisi. “We provide a 360-degree view of an individual’s identity through our portal – of the person’s role, location and devices - but we do not merge the identity stores,” he said.


How to fix the broken coding interview

Mimicking the real job of a coder in an interview is enormously difficult, however, particularly when it comes to achieving context. Even in a relatively new codebase it can take months for a programmer to gain sufficient context to be able to contribute at a decent pace. In the past employers have tried to cater for this in their own interview process by having candidates work with a much smaller sample codebase. But companies like Hired have learned even a few hundred lines of code across a handful of files can be overwhelming for a one-hour session. As a result, it is necessary to keep the tasks quite simple, meaning good candidates didn’t have the chance to properly shine. One way to overcome this is taking that same concept of a smaller codebase but sending it to candidates ahead of time.


New Tool Tallies Your Big Data Debt

As the big data era emerged, new technologies were created to support modern data structures and to deliver to the always-connected user," he added. "These newer systems have an important role in building modern applications, however they produce data that is fundamentally incompatible with existing analytical infrastructures including data warehouses, ETL, BI and data science systems like R and Python. As a result, many organizations are collecting significant data debt." Dremio's new Big Data Debt Calculator is intended to help organizations get their arms around this unplanned debt. Dremio says it gives recommendations for minimizing debt, strategies for paying it down and ensuring it remains within acceptable bounds.


How banks can learn the lessons of BlackBerry

With regulation forcing banks to open up their technology to FinTech firms, startups and other financial service providers, consumers are becoming less reliant on providers of traditional financial services. The idea that one institution will manage all financial services for one customer will no longer be the most viable or the expected model. Open banking creates a new relationship between banks and customers. It requires banks to adopt a customer centric and data centric view on how they do business. In this emerging model, data and services become valuable commodities. To extract value, banks must have the appropriate core-technology and infrastructure in place. It requires a good API governance structure that must include: standards, management policies, data access and statistics, and development processes.


Multi-cloud is a messy reality, but there's hope

While each of the clouds is a solid choice for machine learning, for example, Google generally gets the nod as the frontrunner. Many enterprises will turn to Google for machine learning, AWS for Lambda, Microsoft Azure to modernize their legacy applications, and so on. Such cloud differentiation makes the likelihood of multi-cloud management ever harder. As cloud luminary Bernard Golden told me, "While it appears attractive to use a management tool that encapsulates the individual cloud providers and provides a single management framework, since it promises to reduce costs by amortizing training and employee costs across a greater breadth of applications, in practice it typically means using a lowest-common denominator application management approach, which often forfeits use of functionality that resides within a provider's IaaS/PaaS offerings."


In Search of an Rx for Enterprise Security Fatigue

The security fatigue phenomenon affects consumers and enterprises alike. According to the National Institute of Standards and Technology (NIST), security fatigue is also causing consumers to make poor security decisions, such as reusing the same password across all online accounts. But what enterprises can glean from this report is NIST's suggestions to combat security fatigue, including limiting the number of security decisions that users need to make; making it simple for users to choose the right security action; and designing for consistent decision making whenever possible. But up until a few years ago, many enterprise networks in Fortune 500 companies didn't have the ability to identify a compromised network or subnet in a timely manner. Now, the sheer amount of security measures used to detect a network compromise can create this fatigue. Without knowing what to pay attention to, identifying an inside threat is like trying to find a needle in a haystack.


Why Ansible Has Become The Debops Darling For Software Automation

One reason it has gained momentum since being acquired by Red Hat may have been the acquisition itself, according to Paul Delory, a research director at Gartner. "We definitely have seen a bump in interest since the acquisition by Red Hat, because it now has more credibility in the enterprise," he says. Part of the reason for this is that there was a perception in the software development and devops community that Ansible's support offering was not as good as that of Puppet or Chef. But under Red Hat's ownership this support gap has been closed, he says. "Support is important to enterprises, and the quality of support available is of critical importance," he adds. But there's more to Ansible's popularity than the availability of decent support options, vital though those options are to enterprise customers.


The Rise Of Toxic Data

Data growth raced ahead while information security fell behind, and the collateral damage is making headlines. Data breaches like those that happened to Sony, Mossack Fonseca, the U.S. Office of Personnel Management (OPM) and the Democratic National Committee (DNC) are practically daily occurrences. Instead of increasing revenues or furthering goals, stolen files and emails disrupt and subvert plans. If an organization stores valuable data (and most store more than they realize), someone will try to steal it. Your next breach may be perpetrated by someone who has never heard of you; ransomware, a form of file extortion, is now a $1 billion business. Worldwide cybersecurity spending is expected to exceed $1 trillion over the next five years, according to Cybersecurity Ventures. So why do organizations still have so many breaches?


Google raises heat on Microsoft with new Chrome bundle for enterprises

"Every couple of years, Google makes noise about Chrome in the enterprise," said Gary Schare, president of Browsium, a maker of browser management tools. Schare was formerly the head of project management for Microsoft's Internet Explorer (IE). "This looks like Google is trying to make Chrome a better citizen in the enterprise." Schare applauded the group policy templates, noting that because Microsoft's own browsers, IE as well as Windows 10's Edge, have traditionally been the best equipped for enterprise management, any help from Google on Chrome would be welcome. The LSB add-on has long been available from the Chrome Web Store, Google's authorized mart for browser extensions. Once configured by company IT administrators, LSB will automatically open IE11 when links clicked within Chrome lead to websites, web services or web apps requiring, for example, an ActiveX control or Java, neither of which Google's browser supports.


With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

Despite what people generally think, there are surprisingly few regulations that force companies to take reasonable steps to protect their data. Even in areas such as healthcare, regulations like the Health Insurance Portability and Accountability Act lack clarity and are insufficiently enforced. In 2016, more than 27.3 million patient records were breached, but despite this, the Office for Civil Rights (the healthcare security and privacy regulator) settled alleged HIPAA violations with only 12 healthcare organizations. Outside of areas like healthcare, finance, government, etc., most federal security enforcement has defaulted to the Federal Trade Commission, which uses an arcane statute of the Federal Trade Commission Act that prohibits unfair or deceptive practices in the marketplace. This means that only the most egregious violations are penalized, leaving implementation of effective cybersecurity to the discretion of most business leaders.



Quote for the day:


“The electric light bulb did not come from the continuous improvement of candles.” -- Oren Hariri