Daily Tech Digest - September 29, 2017

10 Critical Security Skills Every IT Team Needs

As hackers become more sophisticated, and attacks more frequent, it’s no longer a matter of if your organization becomes a target, but when. That reality has forced many organizations to reassess how they address security efforts, and how best to allocate scarce resources toward mitigating the damage as quickly as possible. Here, having the right mix of security skills on board is key. “For a lot of our clients, they’re starting to realize that while they certainly want to hope for the best, they absolutely have to prepare for the worst,” says Stephen Zafarino, senior director of recruiting for IT recruiting and staffing firm Mondo. “Earlier this year, with the Chase and Home Depot breach, with the ransomware attacks on Britain’s NHS top-of-mind, everyone’s trying to figure out how to fortify defenses,” Zafarino says.


Why Data Governance Is Foundational for Data-Driven Success

Analytics governance ensures that all digital assets and activities that generate insights and information using analytics methods actually enable smarter business activities. Policies related to information relevance, security, visualization, data literacy, analytics model calibration and lifecycle management are key areas of focus. Data governance is focussed on the data building blocks. Effective data governance brings together diverse groups and departments to enable the data-driven capabilities needed to achieve success. Data governance defines accountabilities, policies and responsibilities needed to ensure that data sets are managed as true corporate assets. This implies that governed data sets are identified, described, cataloged, secured and provisioned to support all appropriate analytics and information use cases required to enable the analytics methods.


It’s hangover time for enterprise cloud computing

We’re in the hangover stage of cloud computing, with IT pros comparing their giddy expectations with the reality on the ground. What I find most interesting about the 451 Research study is that enterprises see the value of the cloud, and are willing pay more for services that meet their expectations. But the cloud technology providers aren’t meeting those expectations, particularly around customer service.  This expectation gap has a historical cause: Enterprises are accustomed to large enterprise vendors with account executives who provide a “single throat to choke.” But cloud technology providers just began to answer their phones a few years ago, so this customer service stuff is still new to them. I’m also not surprised by the frustrations around cloud migration.


Perspective on Architectural Fitness of Microservices

Domain-Driven Design (DDD) is the latest methodology available to software professionals for designing a piece of software that matches the mental model of a problem domain. In other words, Domain Driven Design advocates modeling based on the practical use cases of the actual business. In its simplest form, DDD consists of decomposing a business domain into smaller functional chunks, possibly at either the business function or business process level, so that the complexity of both a business and problem domain can be better apprehended and resolved through technology. To this effect, figure 2 illustrates how the elements of the earlier business architecture meta-model collaborate to form two business domains. Because of the many documented implementation failures of Service Oriented architecture (SOA).


Why E-waste Should be at the Forefront of a Company’s Cybersecurity Plan


Some electronic devices, such as mobile devices, computers, and other items with storage ability can store valuable information that may be accessed by unauthorized individuals during the end of life process. That may pose a real cyber-security threat if such confidential information is stumbled upon by a cybercriminal. ... The fear of having their security breached via e-waste that is not properly handled has led to the increasing concern about potential exposure to cyber-security among electronics users. Of course, that makes everybody a victim. We all use one electronic product or another, whether at home or in the office. Therefore, we are always apprehensive of losing vital information such as credit card details, social security numbers, or other confidential and sensitive information to cyber-attacks.


Google Cloud IoT Core hits public beta, offers management for millions of devices

One of the biggest new features is the ability to bring your own certificate. Users can now bring their own device key Certificate Authority (CA), and Google Cloud IoT Core will verify the key in the authentication process. According to the release, this "enables device manufacturers to provision their devices offline in bulk with their CA-issued certificate, and then register the CA certificates and the device public keys with Cloud IoT Core." While the service will continue to support the MQTT protocol, it will also now support HTTP connections as well. By doing so, the release said, it will make it easier to inject data into GCP at scale. Additionally, the release noted, the service will now feature logical device representation for use cases where a business might need to retrieve the last state of a particular IoT device.


How Your Company Can Close The Cybersecurity Skills Gap

"Looking at the other areas within your organization, you probably can... leverage some of that talent and create a rotation program, into a cyber team for three to six months," Worley said. “[Put] them with the right talent to help them, just like you would with an intern.” She said creating your own talent pools isn’t just useful to close the skills gap, it can can be extremely useful for when a crisis happens. While no one wants to hear that a crisis is a good thing, Worley said the Equifax and SEC breaches do "raise the awareness of employees, because they've not been touched by this thing. It's another thing when ... your identity may be at risk. It become very personal at that point. Maybe we now have an opportunity to have that dialogue.” Another additional area Worley said companies can help improve their cyber security gap, seems like a simple one: make sure all employees know the best security practices.



Most companies operate within the descriptive and diagnostic stages, using basic data warehousing and BI approaches to get quick views on what HAS happened. Predictive analytics is when organizations project what WILL happen … graduating from rearview mirror to human intervention combined with the automation of repetitive patterns through the application of predictive machine learning (ML) models. So why are most companies not further along the analytics progression? Frankly, most enterprises are drowning in an abundance of data types and sources - many of which contradict each other as data size and ingestion rates are also on different levels. Moreover, many organizations are not taking advantage of new technologies that can unlock and manipulate data.


Cyber Attacks Demand a New Approach to Education

First and foremost is the need for a better educated cyber workforce. More needs to be done to lay a foundation of technical literacy through STEM (science, technology, engineering and math) education. Strengthening the quality of STEM education is vital, and the effort must go beyond simply meeting benchmarks such as proficiency on standardized tests. A more holistic approach to STEM should explore the practical relationships between these disciplines and daily life, thus nourishing in the next generation a technical curiosity that begins in early childhood and spans long careers. Such an approach will ensure that innovation and adaptability become second nature in our approach to cyber technology.


When disasters strike, edge computing must kick in

When disasters strike, edge computing networks must kick in
We've seen how mobile network operators (MNO) are taking advantage of edge computing themselves. It’s used to reduce latency. Those phone companies are increasingly using local computing boxes (often inside their many buildings, left over from the days of copper-requiring phone switches, and on their towers) to store and process data rather than centralizing it. “This ability will give a huge advantage to first responders,” Georgia tech says of its idea. The team of researchers published a paper (pdf) where they describe their “fog-enabled social sensing services” API. In the paper, the researchers describe how docker-friendly fog nodes connect or relay the distributed social sensors — the smartphone-carrying civilians, in other words — to hardened routers that can perform edge data processing and be pinged locally



Quote for the day:


"When we have belief the hard work follows naturally." -- Gordon Tredgold