Daily Tech Digest - June 01, 2017

What is Digital Transformation?

To make this Digital Transformation definition clear and actionable, we also need to define “digital capabilities,” which we’ll define as: Digital capabilities are: electronic, scientific, data-driven, quantified, instrumented, measured, mathematic, calculated and/or automated. While it’s very useful to have a definition, how about we highlight the value of digital transformation by illustrating the difference between a traditional organization and one that has been digitally transformed? So let’s consider a hypothetical case study comparing two companies in the Grocery industry – a traditional Grocer and a “Digitally Transformed” Grocer – to see what the differences might look like.


What Went Wrong In British Airways Data Center in May 2017?

Combining all the different sources shown later in this post, a fairly accurate reconstruction of what went wrong can be provided. The issue BA suffered is very similar to the total failure Delta Airlines experienced in August 2016.  ... Most likely BA is using Rotary diesel UPS systems (aka Dynamic UPS) . Contrary to static UPS which uses batteries, a dynamic UPS uses kinetic to store energy. This is guessing but Dutch Hitec (Former Holec) could be the supplier. In normal operation, power is feed thorugh the green line. For maintenance and redundancy, the auto by-pass can be used. This black circuit feeds IT equipment directly from utility power. What likely happened is a failure in a component of the green line. The flywheel can typically supply only 8 to 10 seconds of backup. It is unknown if the UPS had batteries for temporary power.


Taming the Open Source Beast With an Effective Application Security Testing Program

Forrester specifically recommended the following: “Insert a software composition analysis (SCA) tool as early in the SDLC as possible and continue to scan applications, including older applications with inconsistent or long release cycles, to ferret out newly discovered vulnerabilities.” The best way to do this is to integrate open source discovery directly into the application security testing that you are already doing — making it an essential part of your DevOps strategy. IBM has made this process easy and transparent. With introduction of IBM Application Security Open Source Analyzer, part of IBM Application Security on Cloud, identifying open source components occurs automatically during static application security testing (SAST). These components are matched against a list of known vulnerabilities and results are returned.


SMB Security: Don’t Leave the Smaller Companies Behind

Most organizations prioritize risk, identify gaps, and then proceed to identify the people, process, and technology required to mitigate that risk and fill those gaps. This approach is most certainly a sound and methodical one, but it is one that demands a large amount of resources. For a security organization with 50, 100, or 200 staff members and an annual budget in the 10s of millions of dollars, this approach to risk mitigation is an obvious choice. But what are smaller organizations to do? For example, consider the typical mid-market organization. Their security team might consist of one, two, or perhaps five staff members. Their security budget may be a few million dollars, depending on their size, industry sector, and geographical location. Unfortunately, these organizations often find themselves left behind by the security community and without access to trusted circles that could help them make progress.


Securing Your Enterprise’s Expansion into the Cloud

In addition to scalability and segmentation, your underlying security infrastructure should offer automatic awareness of dynamic changes in the cloud environment to provide seamless protection. It’s not enough to detect bad traffic or block malware using discrete security devices. Security should be integrated into security information and event management (SIEM) and other analytics in private and public clouds, providing the ability to orchestrate changes to security policy/posture automatically in response to incidents and events. Individual elements need to work together as an integrated security system with true visibility and control. With these very complex, diverse environments, it becomes increasingly difficult for a human to make decisions intelligently, taking all the variables into consideration, and quickly enough to keep up with threats. Automating security is the goal.


‘Lone Wolf’ Criminal Hacker Gets Doxed Thanks To Series Of Dumb Mistakes

There's probably a lot of hackers just like him out there, but Symantec decided to expose him because it was a strange case. Igor is good enough to use custom-made malware, but also careless enough to make almost no effort to protect his real identity, DiMaggio argued. To hide his tracks in his more recent attacks, Igor has used covert channels such as randomly generated domains to communicate with his malware. But in 2013, when he uploaded an early version of the same malware to Virus Total, an online repository where anyone can upload files to check whether they are detected by antivirus companies, he used a regular domain, according to Symantec. That was one of his key mistakes. The other one was that throughout his years-long hacking career, Igor has used his real name—or at least a consistent persona or alias—to register domains


IBM’s Watson is really good at creating cancer treatment plans

Watson for Oncology is a cognitive computing system trained by physicians at Memorial Sloan Kettering. It's able to take a patient's medical records, extract pertinent information about their health, and come up with a personalized treatment plan. Watson can also suggest which treatments should not be pursued and provides relevant studies to back up its proposals. All in all, it's meant to help clinicians navigate each patient's case with the help of the latest available research. Watson's healthcare successes aren't new, but these additional findings make it that much more useful for doctors. Further, while Watson is already being used all around the world, it's adding nine new hospitals to its client list, including medical groups in Australia, Mexico, Brazil and throughout southeast Asia. However, financial and functional issues have postponed a planned launch at the University of Texas' MD Anderson Cancer Center.


A New Internal Threat to Your Environment? ‘Checkbox Security’

A checkbox security approach breaks down in this scenario – there are simply too many variables outside the scope of compliance-focused toolsets to ensure the security of your environment. A checkbox security approach that relies on your compliance policies is, simply put, vulnerable. Being compliant does not mean your environment is secure; and conversely, just because your environment is secure does not mean it’s compliant. Governance automation can go a long way in satisfying compliance requirements while also enforcing security policies to protect against internal and external threats. In a virtual or cloud-based (public, private or hybrid) environment with constantly shifting and distributed resources and possibly shared services, automated governance tooling is indispensable for implementing a comprehensive risk strategy at scale, no matter the size of your organization.


CIOs Key To Bridging The IT/OT Devide

"The intersection of IT and OT changes the relative importance of IT management disciplines for the IT organizations concerned. CIOs and other IT leaders need to evaluate and realign their roles and relationships to maximize the value of converging IT and OT," Gartner's Kristian Streenstrup, research vice president and Gartner fellow, said at the time. "CIOs have a great opportunity to lead their enterprises in exploiting information flows from digital technologies. By playing this role, they can better enable decisions that optimize business processes and performance." That still holds true six years later, Jouret believes, though the struggle to realize that opportunity remains.  Jouret’s perspective is unique. He spent the early part of his career as Cisco's IT director for Europe, Middle East and Africa (EMEA), with a turn as CTO of Emerging Technologies at Cisco and CTO for Nokia before landing his current role as CDO at ABB Group about nine months ago.


Cyber security employee shortage barrier to effective threat detection

“Tools and training cannot be a one-time investment, and conversely, require constant attention to keep cybersecurity threat detection tools up to date, patched, and working in an integrated fashion—on top of constantly retooling and training to keep pace with the increasing frequency, sophistication, and diversity of global threats. Your security operations strategy must be underpinned by teams that are equipped with the latest tools, threat intelligence, security content, training, time, and budget to stay ahead of new security threats.” he added. A security operations centre (SOC) consists of a highly skilled team, that continuously monitors and improves an organisation’s security posture whilst preventing, detecting, analysing and responding to cyber security incidents. 81% of respondents agree that the most valuable SOC capabilities are rapid identification and remediation of attacks, while 74% feel that 24×7 threat intelligence monitoring and analysis was an extremely important capability.



Quote for the day:


"Leaders must always question the status quo, be aware of the ever-changing environment and be willing to act decisively." -- Mike Finley