Daily Tech Digest - December 15, 2017

Digital Disruption: 10 Ways To Survive & Thrive

Digital disruption: 10 ways to survive and thrive
Some CEOs are embarking on vision quests to help navigate digital disruption, which is marked by a shift in profitability from one prevailing business model to another. Puthiyamadam, who leads the PwC's digital services practice and oversees its experience center, recalls one recent conversation with a CEO client who attended a "digital bootcamp" in Europe. The CEO was told he must join Twitter and that his business would be disrupted in two years. Puthiyamadam quickly assured the CEO that the threats weren’t so imminent. Indeed, he regularly cautions clients against acting rashly because the wrong bets, from service ideation to technology choices, can set a business back years. "Don't believe you need to act frantically and in panic mode because your business is going to get completely overwhelmed," Puthiyamadam tells CIO.com.

DevOps in the public sector: Assessing the challenges and the benefits

“The public sector is often saddled with a significant burden of legacy systems which must be maintained and, where possible, modernised,” says Jason Rolles, CEO of software development monitoring software supplier BlueOptima. This means making use of open source development tools, such as Git and Jenkins, but also having the right IT environment to reap the benefits of these DevOps tools. It is inevitable that legacy systems will slow down a DevOps approach which is meant to bring an organisation both flexibility and speed. This shift away from incumbent providers and legacy infrastructure is to do with finance too. But, without the budget needed to move away from legacy technologies, recruiting DevOps personnel gets even harder, and this becomes a vicious cycle that encourages departments to remain the same.

5 tips for better NGINX security that any admin can handle

NGINX continues to rise in popularity. According to the October, 2017 Netcraft stats, it has nearly caught up with Apache—meaning more and more people are making use of this lightweight, lightning fast web server. That also means more and more NGINX deployments need to be secured. To that end, there are so many possibilities. If you're new to NGINX, you will want to make sure to deploy the server in such a way that your foundation is safe. I will walk through five ways to gain better security over NGINX that won't put your skills or resolve to too much of a test. ... It is possible to limit the rate NGINX will accept incoming requests. For example, say you want to limit the acceptance of incoming requests to the /wp-admin section. To achieve this, we are going to use the limit_req_zone directory and configure a shared memory zone named one and limit it to 30 requests per minute.

Cloud computing: Getting bigger but more complicated too

The location of the company offering a cloud service is something that has come under particular scrutiny recently. For example, the UK government's National Cyber Security Centre (NCSC) warned about the use of some cloud-based antivirus products from Russian companies, but also warned more broadly about the use of cloud services within the government supply chain. "The country of origin matters. It isn't everything, and nor is it a simple matter of flags -- there are Western companies who have non-Western contributors to their supply chain, including from hostile states. But in the national security space there are some obvious risks around foreign ownership," NCSC CEO Ciaran Martin wrote in a letter to civil service chiefs. The NCSC noted that government departments might not even be aware they are using cloud-based services: "It's easy to overlook the nature of these cloud interactions, and the security implications. 

Employers And Employees Need To Step Up On Cybersecurity

Even with the clear need for IT and network security experts, kununu found that job security ranked lowest for employees. Due to management changes or layoffs and the lack of a clear plan in place, internal organization was at an all-time low. This was leading to bad morale and disaffected employees can always be equated with company security vulnerability Within the reviews, employees even shared that their companies were not up to par in terms of the technology and were using antiquated kit, offering hackers a free pass into companies’ most sensitive data. Based in Vienna and leading the European market, kununu launched in the US last year in a joint venture with Monster and has already collected more than half a million reviews on its website. Its reviews are broken down into 18 key dimensions of workplace satisfaction to provide job seekers with workplace insights that matter in order to to make sound work-life decisions

Could blockchains rattle ECM?

Blockchains are distributed, crowd-validated ledgers which use internet-connected computers and open source software all over the world to verify transactions. One of their major benefits in financial transactions is their immunity to tampering, thanks to the built-in consensus mechanism. In theory, this could also make blockchain a secure, verifiable and permanent solution for exchanges of any kind – for managing records, for instance. Sweden’s land registry authority is currently exploring blockchains’ potential as a mechanism for recording property deals. In this context, the blockchain would confirm and save each step in the contract process between buyers and sellers, while making each deal’s information transparent to all parties such as banks and local governments. But how far could this go, and what does it mean for ECM as we know it? To assess the potential and any limitations we must consider what sets blockchains’ approach apart.

Figure 1
Enterprises that wish to deliver disruptive innovation must understand their own strategy and objectives, their current operational environment and challenges, and their external environment. They can begin by identifying opportunity areas and key markets. Once a consensus is reached, they can identify priority market segments. This may lead to redefining market segments and segmentation criteria. At this point, they should analyze the industry structure—segment clients, suppliers, potential new entrants, substitution products—and then identify what makes each player powerful, using strategic tools. For example, “The Five Competitive Forces That Shape Strategy”9 shows that suppliers boasting strong concentration, high switching costs, genuine differentiation, unique intellectual property (IP) and strong value for clients will command higher prices than industry incumbents. 

20 Ways To Rekindle Your Passion For IT

20 ways to rekindle your passion for IT
In March 2017, Zucker left the financial services firm and launched a new career providing training and advisory services in project management, agile development and leadership. "The change has been wonderful," he declares. "I'm working harder than before, but I'm passionate and enthusiastic about what I am doing." Zucker is hardly the only IT leader to watch his early enthusiasm spill into a drain of frustration, boredom and ennui. A 2016 Stress and Pride survey, sponsored by IT talent management and solutions company TEK Systems, found that a sizeable number of senior-level IT professionals are dissatisfied with their jobs. In fact, 24 percent of respondents stated that while they were proud they had chosen IT as a career, they were not proud of their current role, assignments and responsibilities. Worse yet, a discouraging 16 percent agreed that if they had to do it all over again, they wouldn't go into IT.

An Effective Cyber Hygiene Program Can Save A Business

Most small businesses have overarching cybersecurity plans that establish antivirus programs, firewalls, and other defenses to thwart cyberattacks. However, rarely do these plans consider individual behavior, which is why more than half of all cyberattacks aim for American small businesses. In addition to these cybersecurity measures, businesses need to consider cyber hygiene. Cyber hygiene, also called security hygiene, is general behavior that keeps individuals safe from cyberattack. Unlike cybersecurity, which pertains to an organization’s largescale efforts, hygiene consists of an individual’s responsibilities and actions. For example, an IT department might build and monitor firewalls and intrusion detection systems, but if individual employees fail to generate strong passwords, install software updates, or run regular malware scans, then a business remains insecure.

BlueBorne Attack Highlights Flaws in Linux, IoT Security

Researchers at IoT security firm Armis earlier this year discovered Blueborne, a new group of airborne attacks. The vulnerabilities let attackers take full control of any device running Linux, or OS derived from Linux, putting the majority of IoT devices at risk of exposure. The researchers discussed and demonstrated their latest findings at Black Hat Europe 2017, held last week in London. Vulnerabilities in the Bluetooth stack have been overlooked for the past decade, they explained. Bluetooth, often perceived as peripheral, could benefit attackers if they successfully break into a high-privilege device. As the researchers demonstrated, one compromised product can spread its attack over the air to other devices within Bluetooth range. "These attacks don't require any user interaction or any authentication," said Armis head researcher Ben Seri in their presentation.

Quote for the day:

"The most common way people give up their power is by thinking they don't have any." -- Alice Walker