Daily Tech Digest - September 30, 2017

Securing Applications: Why ECC and PFS Matter

Many of us are familiar with Secure Hypertext Transfer Protocol (HTTPS) that uses a cryptographic protocol commonly referred to as Transport Layer Security (TLS) to secure our communication on the Internet. In simple terms, there are two keys, one available to everyone via a certificate, called a public key and the other available to the recipient of the communication, called a private key. When you want to send encrypted communication to someone, you use the receiver’s public key to secure that communication channel. ... The benefit of securing our communication to prevent snooping of sensitive data is obvious; however, encrypting the communication has its downside – it’s computationally expensive and requires a lot of CPU processing to enable, plus encrypted communication may be used in malicious ways to send proprietary information

DNSSEC key signing key rollover: Are you ready?

“There may be multiple reasons why operators do not have the new key installed in their systems: some may not have their resolver software properly configured and a recently discovered issue in one widely used resolver program appears to not be automatically updating the key as it should, for reasons that are still being explored,” ICANN says. It could also be an awareness issue—that enough operators were not aware of the deployment process. “ICANN is on schedule to begin using the private portion [for signing domains] shortly,” Vixie says. The most challenging part of this multistep, multi-year process was overseeing the plan’s development, seeking broad review and approval, and obtaining approvals from multiple internet governance organizations to execute the plan, Vixie says.

Finally, a Driverless Car with Some Common Sense

A lack of commonsense knowledge has certainly caused some problems for autonomous driving systems. An accident involving a Tesla driving in semi-autonomous mode in Florida last year, for instance, occurred when the car’s sensors were temporarily confused as a truck crossed the highway. A human driver would have likely quickly and safely figured out what was going on. Zhao and Debbie Yu, one of his cofounders, show a clip of an accident involving a Tesla in China, in which the car drove straight into a street-cleaning truck. “The system is trained on Israel or Europe, and they don’t have this kind of truck,” Zhao says. “It’s only based on detection; it doesn’t really understand what’s going on,” he says. iSee is built on efforts to understand how humans make sense of the world, and to design machines that mimic this.

Banking on machine learning

Machine learning refers to the use of mathematical and statistical models to teach machines about new phenomena. It involves ingesting raw information in large datasets, understanding patterns and correlations and drawing inferences. While this may seem similar to how humans learn, machine learning algorithms ‘learn’ at much faster speeds with the ability to adapt from mistakes and course-correct. Needless to say, there are numerous applications of ML in any banking field that requires repetitive work, high-accuracy tasks or even informed decision-making. Take data security, which is a key concern for banks. Deep Instinct, a cyber security company that leverages deep learning for enterprise security, states that new malware often contains code that is similar to previous versions.

The business case for digital supply networks in life sciences

Unlike traditional supply chains, which are linear and siloed, digital supply networks are dynamic, interconnected systems that can more readily incorporate ecosystem partners and evolve over time. This shift from linear, sequential supply chain operations to an interconnected, open system of supply operations could lay the foundation for how life sciences companies compete in the future. Digital supply networks in life sciences can address challenges with optimal management of inventories, reliability, and visibility of products moving across the supply chain, or operations efficiencies and product yields. In view of the forces affecting life sciences—pricing pressures, the emergence of value-based and personalized medicine, and the expectations of customers and regulators—creating a life sciences digital supply network can be a logical new opportunity to deliver value.

6 ways to make sure AI creates jobs for all and not the few

Whenever I talk to people about the potential impact of artificial intelligence (AI) and robotics, it’s clear there is a lot of anxiety surrounding these developments. And no wonder: these technologies already have a huge impact on the world of work, from AI-powered algorithms that recommend optimal routes to maximize Lyft and Uber drivers’ earnings; to machine learning systems that help optimize lists of customer leads so salespeople can be more effective. We’re on the verge of tremendous transformations to work. Millions of jobs will be affected and the nature of work itself may change profoundly. We have an obligation to shape this future — the good news is that we can. It’s easier to see the jobs that will disappear than to imagine the jobs that will be created in the future but are as yet unknown.

Free ebook: Data Science with Microsoft SQL Server 2016

SQL Server 2016 was built for this new world, and to help businesses get ahead of today’s disruptions. It supports hybrid transactional/analytical processing, advanced analytics and machine learning, mobile BI, data integration, always encrypted query processing capabilities and in-memory transactions with persistence. It integrates advanced analytics into the database, providing revolutionary capabilities to build intelligent, high performance transactional applications. Imagine a core enterprise application built with a database such as SQL Server. What if you could embed intelligence, i.e. advanced analytics algorithms plus data transformations, within the database itself, to make every transaction intelligent in real time? That’s now possible for the first time with R and machine learning built into SQL Server 2016.

Cloud Computing Security: Provider & Consumer Responsibilities

The first step Cloud Service Providers take, is to secure the Data Center where they host their IT hardware for the Cloud. This is to secure the DC against unauthorized access, interference, theft, fires, floods and so on. The Data Center is also secured to ensure redundancy in essential supplies (Example power backup, Air conditioner) to minimize the possibility of service disruption. In most cases, Provider’s offer Cloud applications from ‘world-class’ data centers. The Cloud Provider ensures that their Infrastructure and the Services comply with Critical Protection Laws such as data protection laws, Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), Criminal Justice Information Services(CJIS) , the Sarbanes-Oxley Act, the Federal Information Security Management Act of 2002 (FISMA) and so on.

Want to be a better security leader? Embrace your red team

Successful business leaders understand the power of disruption as a pathway to anticipating unstated future customer needs. The concept of disruption as a force for innovation is powerful in the field of cybersecurity and often pushes business leaders to problem solve in new or unexpected ways. Proactively simulating attacks on your own organization is an excellent example.  With now-broad acceptance that attackers will get in and that compromise is expected, there are distinct advantages to being “productively paranoid.” Security leaders who are productively paranoid fully embrace the idea that the best way to play defense is to start playing offense. This doesn’t mean companies should “attack back,” but they need to understand the mindset and pathways attackers take to infiltrate organizations.

The digital workplace: 8 steps to greater agility, productivity

What is the digital workplace? It is a business strategy aimed at boosting employee engagement and agility through consumerization of the work environment, Rozwell says. Think of your one-size-fits-all-users ERP or expense management applications and imagine the opposite user experience. Your digital workplace should help individuals and teams work more productively without compromising operations. It should include computers, mobile devices and productivity and collaboration applications that are web-based and synch in real time. Such tools should, for example, mimic the ease of use of Uber and Airbnb and the social aspects of Facebook and Instagram. IBM, for one, has undertaken a massive transformation of its workplace to lure new tech talent.

Quote for the day:

"The most effective debugging tool is still careful thought, coupled with judiciously placed print statements." -- Brian Kernighan