Daily Tech Digest - June 09, 2017

Be wary of vendors touting superior data science

Intelligence is overhyped, potentially because of its sundry definitions across both the public and private sector. "At the end of the day, it's about intelligence. What data science is about is being able to leverage the huge amount of information we have, and to analyze it, enrich it, and make it actionable in a proactive instead of a reactive way," Peloquin said. ... In order to make informed decisions, CSOs should ask vendors questions like, Do you have a Phd data scientist on staff? Who leads your team? Where are they from? What is their background and experience? "They [CSOs] need to be smart enough to ask the vendor to ensure that their products are not just marketing speak. If they [the vendor] based all of their capabilities on the output of automated tools rather than experts in the field that can do targeted attacks, then I would argue that their solution is not as mature as they are claiming it to be," Peloquin said.


How Disruptive Innovation Can Finally Revolutionize Healthcare

While these high-level measurements are important for tracking performance, they distract from the understanding of the true causal mechanism of how industries become more affordable and accessible. Nearly a decade ago, The Innovator’s Prescription showed how disruption could transform healthcare. Yet unlike other industries, healthcare has been largely immune to the forces of disruptive innovation. Whereas new technologies, new competitors, and new business models have made products and services much more affordable and accessible in fields ranging from media, telecom, finance, and retail, the U.S. healthcare sector keeps getting costlier, and is now by far the world’s most expensive system per capita, about 2X higher than the U.K., Canada, and Australia, with chronic conditions such as diabetes and heart disease now accounting for more than 75% of total spending.


Security Implications of Permission Models in Smart-Home Application Frameworks

A software app or physical device is collectively referred to as an app in AllJoyn terminology. An app can expose interfaces that have members. For example, a lock can provide the control interface with the members lock and unlock. Apps can consume interfaces from other apps. For example, an auto-lock app will consume the door lock's control interface. AllJoyn standardizes some interface definitions for a select set of devices, such as lights and HVAC. Apps are security principals and are associated with an identity certificate signed by a certificate authority that all apps must trust. The AllJoyn security manager is a component that speaks the AllJoyn protocol and issues identity certificates to apps. An administrative user, such as a home or building owner, operates the security manager component.


Given the Inevitably of IoT Security Breaches, Are We Getting Ahead of Ourselves?

The threats extend all the way up to representative democratic systems of government, prospects that haven’t gone unnoticed by leading figures in commerce, industry and government. “My guess is we are reaching the high-water mark of computerization and connectivity and in a few years we are going to be deciding what to connect and what to disconnect and become more realistic about what can work,” the Pew researchers quote a speech given by Bruce Schneier at the Organization for Economic Cooperation and Development (OECD) in Cancun, Mexico in June 2016. “We are creating a society by which a totalitarian government can control everything. Right now it’s more power to the powerful. And we are living in a computerized world where attacks are easier to create than defenses against them,” Schneier was quoted.


Calm before the storm? Ransomware, botnet attacks predicted to surge

“After the initial shock of ransomware’s rapid growth and the popularity of its usage, threat actors have begun to settle in for the long-term deployment of this category of destructive malware tools,” the report authors wrote. “All indications point to a new wave of innovation in the distribution and tactics used for ransomware attacks in the future.” For Kurt Hagerman, CISO of security firm Armor, it’s clear “the healthcare industry is pretty behind the curve from a security standpoint.” Hagerman used the banking sector as an example of an industry that saw its weaknesses and moved toward security standards, enforcement and education. The impact over time has been less fraud. While the risk can never be eliminated, the total number of records stolen is going down.


Blockchain integration turns ERP into a collaboration platform

"It's a very hot topic right now," said Zulfikar Ramzan, CTO of RSA Security, a subsidiary of the Dell EMC Infrastructure Solutions Group. "We are definitely getting a lot of inbound inquiries around blockchain and its implication within enterprise environments. I think it's driven largely by the fact that when there's a new technology out there, to some degree people want to be buzzword compliant with the latest and greatest." Ramzan said his customers are asking about blockchain for audit logging and or verifiable logs, which is viewed as a reliable way of tracking what happened in an organization to satisfy regulatory auditors. Other RSA customers are interested in it for user authentication to ensure users are accessing the correct digital records at the right time.


Getting threat intelligence right

While threat intelligence feeds provide valuable information to help identify incidents quickly across an enterprise, they are generally based on known, observed information. Much of today’s threat intelligence is supplied as IOCs – essentially fingerprints of known attacks or attackers, says Kane Lightowler, managing director of Carbon Black in Asia Pacific and Japan. “IOCs may provide great value against previously observed attacks, but offer limited insights on new attacks and attack methodologies.” Sparkes agrees, noting that intelligence feeds require a “patient zero” – the first organisation or person to see the attack and record the IOCs before others can benefit from it. Lightowler says patterns of attack are more effective against both known and unknown threats because they focus on the actual behaviour and techniques of the attacker, rather than fingerprints.


Big data and relinquishing your right to privacy

At the heart of the privacy debate are the “unspoken” rules about what companies can do with our data. Even when we know that our activity and information and even our voices are being recorded and stored, what obligation does a company have to tell us every single example of how it can be used? As consumers, we might not mind if our listening preferences are used to advertise related goods or services, but do we have to agree to every possible use of information—both positive and negative—as an unavoidable part of data gathering? The bigger concern is why any company would think it’s OK to not inform its customers of the rights they’re signing away. After all, checking the box that you’ve read the full agreement has been called “the biggest lie on the internet.” It’s alarming to think that we have already adopted a cultural mindset that privacy is just something we sacrifice to make sure we have a ride to the airport, or to turn our lights on when we’re late getting home.


How to avoid a disastrous recovery

The ultimate goal of DR planning is to move “cold” data, complete copies of the data center frozen at a point in time, to the most cost effective location possible that provides for meaningful SLA recovery if/when necessary. These copies are then constantly updated to ensure any subsequent changes to the production environment are replicated to the DR environment. Before moving forward with DR planning, organizations must look at industry-specific regulations such as HIPAA or the Sarbanes-Oxley Act to determine the right hosting infrastructure for their data. For example, strict data sovereignty and security requirements prevent organizations from saving personal data to the cloud if that data leaves the country of residence at any time. After evaluating these requirements, it may be that the CIO will see that hybrid cloud makes the greatest financial and risk permissive option for that organization.


3 Keys To Keep Your Data Lake From Becoming A Data Swamp

Perez says one of the biggest mistakes organizations make is collecting too much data, simply because they can. Consider your smartphone. If you own one, chances are you've got hundreds or more pictures stored on it. "You end up with a billion pictures on your phone, and yet 99 percent of them are probably garbage that you would get rid of in a heartbeat," he says. "It's gotten so easy to take pictures with your phone, it's essentially free. And you probably think, 'One day I'll go and clean it up,' but of course no one ever does. You're collecting an enormous amount of information, but you have no way to work your way through it to use it effectively." When you inevitably want to show someone a particular photograph, finding it can require scrolling through an enormous volume of junk.



Quote for the day:


"Great things are done when men and mountains meet." -- William Blake