Daily Tech Digest - August 10, 2017

Securing Asia’s data centers against physical threats

“Security is not thought about much while the infrastructure is built. Security only happens after they have completed the infrastructure,” he said, noting that power and cooling are the components that initially gets the lion’s share of the attention and budget in most data centers. Cheong is hardly alone in his assessment. In our earlier report, a panel of experts speaking at the DCD Summit held at Interpol World last month agreed that security is implemented almost as an afterthought in many data centers. And it doesn’t help that IT managers don’t typically think as much of physical security for their colocation infrastructure. “IT managers are usually focused on cybersecurity more than physical security. In their minds, physical security is not in their [job] scope,” he said.


Samsung unveils 1Tb V-NAND chip for commercial SSDs

Samsung Electronics has developed a 1 terabit (Tb) V-NAND chip that will be used for commercial products launching next year, the company announced. The South Korean tech giant will stack 16Tb dies for a single V-NAND package with memory capacity of 2 terabytes (TB), it said at the Flash Memory Summit in San Francisco. Use of the packages will significantly increase the memory capacities of solid-state drives (SDD), it said. Samsung also announced Next Generation Small Form Factor (NGSFF) SSD to replace the current M.2 SSD standard. The firm is sampling a 16TB NGSFF SSD. It measures 30.5mm x 110mm x 4.38mm, allowing four times the memory capacity of a 1U chassis that uses M.2, or NGFF. This will allow datacenteres to utilize space better and hyper-scale, it said.


Hackers Target Your Mobile Bank App; You Can Fight Back

Banks are developing methods to secure mobile devices and financial apps, but the best line of defense for online security is still with the consumer, Johnson says. Mobile device users should create screen lock passwords that are hard to guess, he says. That way, if the device is lost or stolen, there’s less of a chance a criminal, or any curious person who comes across the device, can access banking apps. In addition, be wary of conducting transactions over public Wi-Fi. If you’re not on a home network, consider switching to your cellular network to conduct mobile banking transactions, such as depositing checks and making account transfers. It’s also important to monitor your accounts regularly and immediately report any suspicious activity. It helps the cybersecurity department of your bank or credit union stay on top of the latest breaches, and you can protect yourself against liability for financial losses.


SMBs Practice Better IoT Security Than Large Enterprises Do

According to F5 Labs' new report on botnets, not only was there a dramatic three-digit rise in botnet activity in the first half of the year, but most of that movement happened in the first two months. It has been much quieter since then, and F5 believes attackers may have completed their reconnaissance of vulnerable IoT devices and are now the process of potentially building massive botnets. "We are seeing just the tip of the iceberg" for IoT botnets, says Sara Boddy, ... Approximately two years ago, telnet brute-force attacks were rather uncommon, she says. But with the rising popularity of IoT devices, which typically use the telnet protocol and Port 23 to allow remote administration of the device, Boddy says she expects to see a wide swath of IoT devices hijacked into botnet armies by way of the telnet protocol.


5 secrets of highly effective IoT strategies

“It is critical to have well-defined leadership driving the initiative,” says Scott Sandler, technology manager of cloud computing at Rockwell Automation, a provider of industrial automation technology. “This could be a chief IoT officer or other position who has the appropriate authority to drive the needed change in the organization,” Sandler says. “This leader also becomes critical in setting the strategy and ensuring that even as technology changes — as it does so fast in this space — you stay true to your strategy.” Rockwell in 2011 began an IoT effort as an extension of its existing business. Its IoT initiative enables the company’s customers to connect their industrial equipment and systems to the cloud so they can better analyze operational data and enhance decision support for operational technology and IT users.


DeSalvo: Healthcare data remains ‘very highly blocked’

Despite the widespread adoption of electronic health records, the integration of healthcare data remains a critical challenge for the industry, according to DeSalvo, who contends that unlocking data through tools like open application programming interfaces (APIs) remains an important piece of the interoperability puzzle. ... “I’ve been pleased to see that Don Rucker and the team have continued on the pathway of work we were doing around freeing data by requiring APIs and really putting the patient front and center,” notes DeSalvo. Rucker has touted the value of open APIs in helping to solve the problem of HIT interoperability. “You look at Silicon Valley, you look at modern computing,” he told reporters last month, “it’s all about APIs.”


Google Maps: 5 expert tips you should be using

There’s nothing worse than being on the road and having no idea where to pull off for that much-needed rest stop. Fortunately, Google Maps lets you plan your route in increments. For instance, if you’re dying to try out that vegan fast food joint on the way up to Mendocino County, you can add it as a stop along your route. From the Google Maps app, tap the menu option in the upper-right corner of the app and select “Add Stop.” The app will add another line for you to search for a locale. After you’ve located it, you can adjust where it falls on your route timeline by tapping the entry and dragging as necessary. After you’ve planned out your route, tap Done, then tap the same menu button to add a shortcut to your home screen. It’s a good idea to do this in case the Maps app crashes, or you’re planning out routes ahead of time and need to save your progress.


New in Windows security: Automatically log off suspicious users

The new feature in Cloud App Security (CAS), a security service launched in August 2016, collaborates with Azure Active Directory (AAD), another subscription service, to automatically bump off users behaving unusually and shut down accounts suspected of having been hijacked. CAS is built, at least in part, on technology Microsoft acquired in 2015 when it bought the Israeli cloud security vendor Adallom for $250 million. "When a suspicious activity is identified in Cloud App Security portal, you can now initiate an auto-remediation action[,] logging off these users and requiring users to sign in again to Office 365 as well as all apps accessed through Azure Active Directory," according to an unsigned post to a Microsoft blog today.


3 open source projects that make Kubernetes easier

Clearly, Kubernetes is an elegant solution to an important problem. Kubernetes allows us to run containerized applications at scale without drowning in the details of balancing loads, networking containers, ensuring high availability for apps, or managing updates or rollbacks. So much complexity is hidden safely away.  But using Kubernetes is not without its challenges. Getting up and running with Kubernetes takes some work, and many of the management and maintenance tasks around Kubernetes are downright thorny.  As active as Kubernetes development is, we can’t expect the main project to solve every problem immediately. Fortunately, the community around Kubernetes is finding solutions to those problems that, for one reason or another, the Kubernetes team hasn’t zeroed in on.


Scaleable Agility for Critical Systems

Agile practices have evolved over the past thirty years at a steady pace. Microsoft invented most practices in the early nineties. Driven by the fast growing complexity in their Windows and Office suites, Microsoft very early advanced concepts such as continuous build, feature-driven teams, and a close connect of business needs with requirements and architecture flexibility. A key milestone was the Internet Explorer which was fully re-developed in the late nineties to allow for flexible and scaleable evolution. These practices later found their way to the early agile frameworks. The initial agile manifesto which based on this experiences of Microsoft, IBM and others primarily collected practices and added the label “agile”.



Quote for the day:


"Just because you can get away with command and control, doesn't mean it's working." -- @LeadershipNow