Daily Tech Digest - February 22, 2019

Cloud Washing: How to Spot It and How to Avoid It
Cloud washing occurs when software providers attach the “cloud” label to a program in an effort to rebrand or boost sales. These programs differ from cloud-native software, which are built specifically for the cloud. Cloud washed tools take advantage of companies who want to integrate cloud solutions into their infrastructure. As such, they should be avoided at all costs. Though cloud washing is a serious problem, it can be easy to find if you know what you’re looking for. We’ve put together some tips on how to tell if a program is cloud washed and what cloud-native tools actually look like. Companies cloud wash by claiming that legacy software (old or outdated software that continues to be supported) is cloud software. Whether it’s a ploy to attract uninformed customers or evidence of a lack of cloud understanding, marketers will attach the word “cloud” to their old programs to boost sales. This tends to happen with tools that connect to the Internet.

Why AI Transformation Is Digital Transformation, Fully Realized

We now know that data collected from one channel needs to inform efforts in every other channel and that technologies that were introduced as channel-specific tools now need to work across entire organizations — something even the marketing clouds have trouble with. Because of the way marketing technology has evolved, marketers are left managing very complicated tech stacks comprised of multiple technologies, stitched together to complete what should be seamless and interconnected marketing processes. It’s no wonder that even though companies have more technology at their disposal than at any other point in history, only 39% of executives today say they feel they have the digital capabilities they need to compete. As someone who has spent the last decade reimagining how to process, analyze and act on audience, channel and tactic data at scale, I believe the introduction of artificial intelligence (AI) will be the final tipping point for marketing’s digital transformation — despite challenges that remain. Here’s how.

How elite investors use artificial intelligence and machine learning to gain an edge

"The rise of machine learning will really make our industry unrecognizable in the future," said Anthony Cowell, head of asset management for KPMG in the Cayman Islands. His clients include some of the world's largest asset managers, hedge funds and private-equity firms. For instance, Citi Private Bank has deployed machine learning to help financial advisors answer a question they're frequently asked: What are other investors doing with their money? By using technology, the bank can anonymously share portfolio moves being made by clients all over the planet. "Traditionally that kind of information was sourced from your network. You might have had a few coffees or heard about it over a cocktail," Philip Watson, head of the global investment lab at Citi and chief innovation officer at Citi Private Bank, told CNN Business. "Now, we can share insight that is very valuable."
Citi also built a recommender engine that uses machine learning tools to advise clients.

Behind-the-scenes look at 5G Evolution

Back then we thought about higher bitrates, increased spectrum efficiency, etc. We also had a few ideas that we were not able to get into the LTE standard due to backward compatibility issues – the most key feature being what we call "lean carrier". We also put energy efficiency high on the requirement list. Most importantly, we saw a need for solutions that could support all kinds of communication needs, way beyond traditional services, for example, serving the forecast massive IoT market was one of our key requirements. And, in order to really stretch our design, we added support for critical machine type communication, which is now known as URLLC (ultra-reliable low latency communication). ... 5G will also be combined with edge computing and 3rd party applications running close to the devices. On the edge, AI will be able to learn and control most of our infrastructure in smart cities and smart manufacturing in factories. So the transformational impact of 5G will be enormous compared to the previous Gs.

4 Promising Use Cases Of Blockchain In Cybersecurity

Hackers often gain access to systems by exploiting weaknesses in edge devices. These include routers and switches. Now, other devices such as smart thermostats, doorbells, even security cameras are also vulnerable. Simply put, the rigorousness is often not applied when ensuring whether these IoT devices are secure. Blockchain technology can be used to protect systems, and devices from attacks. According to Joseph Pindar, co-founder of the Trusted IoT Alliance, blockchain can give those IoT devices enough “smarts” to make security decisions without relying on a central authority. For instance, devices can form a group consensus regarding the normal occurrences within a given network, and to lockdown any nodes that behave suspiciously. Blockchain technology can also protect all the data exchanges happening between IoT devices. It can be used to attain near real-time secure data transmissions and ensure timely communication between devices located thousands of miles apart.

Thales to sell nCipher to Entrust Datacard

This deal with Entrust Datacard is expected to close during the second quarter of 2019, subject to the successful completion of the acquisition of Gemalto by Thales and the approval of Entrust as a suitable purchaser by the European Commission, US Department of Justice, Australian Competition and Consumer Commission, and New Zealand Commerce Commission. Thales said the deal will enable nCipher Security, which has more than 300 employees and reported more than €100m in revenues in 2018, to “continue to deliver innovative solutions and services and strengthen its market leadership”. It added that Entrust Datacard is a global leader in public key infrastructure (PKI) solutions and services, and the primary use case for GP HSMs in protecting infrastructure private keys such as root and issuing certification authorities keys. “This makes Entrust Datacard the ideal organisation for Thales to divest this business, ensuring its leadership position in the GP HSMs market and providing trust, integrity and control to business-critical applications,” the company said.

How AI can help to prevent the spread of disinformation

Disinformation has spawned a new sub-industry within journalism, with fact checkers working around the clock to analyse politicians’ speeches, articles from other publications and news reports, and government statistics among much else. But the sheer volume of disinformation, together with its ability to multiply and mutate like a virus on a variety of social platforms, means that thorough fact-checking is only possible on a tiny proportion of disputed articles. While technology has provided the seedbed and distribution for disinformation, it also offers a solution to the issue. Artificial intelligence in particular offers powerful tools in the fight against disinformation, working on multiple levels to identify dubious content. These techniques are broadly split between content-based and response-based identification. The former works much like a human fact checker, by matching the content of an article with trusted sources of information to highlight errors or outright lies.

10 Principles for Modernizing Your Company’s Technology

Use cross-functional teams to plan and design this modernization effort. Functional experts from areas such as IT, strategy, R&D, customer interaction, and operations can all work together in an agile “sandbox” environment to design the changes around a set of coordinated specifications. In this early stage, and throughout the initiative, you thus link leading-edge knowledge of the changing technology with deep, day-to-day awareness of the desired results. As you bring these teams together, you will establish a shared frame of reference — a common language to describe the features you want and the capabilities you are building. This also will help engage new stakeholders as they join in the effort. A major transportation company revamped its online system this way, improving the integration between the website that handled passenger bookings and the back-office functions that, among other things, routed travel. In its intensive sandbox sessions, the company set up temporary cross-functional working groups, which became known as “tribes.”

Cisco warns on HyperFlex security vulnerabilities

3 patch training update software band aid laptop with virus binary
“An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process,” Cisco wrote in its Security Advisory. Cisco says that the vulnerability is due to insufficient input validation in Cisco HyperFlex software releases prior to 3.5. Such input can impact the control flow or data flow of a program and cause a number of resource control problems. Cisco has released a software update to address this vulnerability and said that there are no other workarounds to address this exposure. The second vulnerability – rated 8.1 on Cisco's scale – is a snafu in the hxterm service of Cisco HyperFlex Software that could let an attacker connect to the service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster in Cisco HyperFlex software releases prior to 3.5, according to the security advisory.

How and why the data privacy mandate is expanding

A battle is also brewing in the US over state and federal privacy laws. Several states have passed laws aimed at data privacy and ethical use. The most prominent and restrictive of these is the California Consumer Privacy Act of 2018 -set to take effect in 2020 and billed to be the toughest data privacy law in the country (incorporating many GDPR-like restrictions). Many companies have lobbied against this and other state bills, pushing for less restrictive measures and asking that a uniform federal law supersede all state legislation. To this end, both the US Chamber of Commerce and the Internet Association, which represents companies like Amazon, Facebook, Google, and Twitter, have released their own recommendations for a federal bill. The Data Care Act introduced by a group of US senators, a competing congressional bill, The Information Transparency and Personal Data Control Act, and the White House recommendations round out the plethora of proposals.

Quote for the day:

"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy." -- Martin Luther King, Jr.

Daily Tech Digest - February 21, 2019

Data Mining — What, Why, How?

Data mining sits at the intersection of statistics (analysis of numerical data) and artificial intelligence / machine learning (Software and systems that perceive and learn like humans based on algorithms) and databases. Translating these into technical skills leads to requiring competency in Python, R, and SQL among others. In my opinion, a successful data miner should also have a business context/knowledge and other so called soft skills (team, business acumen, communication etc.) in addition to the above mentioned technical skills. Why? Remember that data mining is a tool with the sole purpose of achieving a business objective by accelerating the predictive capabilities. A pure technical skill will not accomplish that objective without some business context. The following article from KDNuggets proves my point that data mining job advertisements mentioned the following terms very frequently: team skills, business acumen, analytics among others. The same article also has SQL, Python and R at the top of the list as technical skills.

Two Sides of a Coin: Blockchain, Ethics and Human Rights

What does it mean to say that a technology is evil? Given Krugman’s arguments, it’s easy to see what he meant: bitcoin is used exclusively for acts which are morally bad; hence, bitcoin is itself evil. As an ethical argument, this is willfully ignorant; you don’t need a Nobel Prize to find examples of blockchain being used for social good. But, interestingly, the underlying thought pattern – that bitcoin is evil because it brings about bad consequences– is an example of a legitimate moral theory known as consequentialism. If Krugman was arguing along consequentialist lines, his error lies in disregarding bitcoin’s positive aspects and in the failure to make the assumption of this ethical framework explicit.  Intrigued, we started searching the academic databases for ethical frameworks applied to blockchain, but found nothing. Yet we kept finding controversies surrounding certain blockchain use cases which relied implicitly on the ethical frameworks that philosophers have developed over thousands of years.

Zuckerberg Eyeing Blockchain For Facebook Login And Data Sharing

In the interview, Zuckerberg said that authentication was a use of blockchain that he is potentially interested in. However, he caveated it by saying: “I haven’t found a way for this to work.” He added: “You basically take your information, you store it on some decentralized system, and you have the choice of whether to log in in different places, and you’re not going through an intermediary.” “There’s a lot of things that I think would be quite attractive about that. For developers, one of the things that is really troubling about working with our system, or Google’s system for that matter, or having to deliver services through Apple’s App Store is that you don’t want to have an intermediary between serving the people who are using your service and you.” “Where someone can just say 'hey, we as a developer have to follow your policy and if we don’t, then you can cut off access to the people we are serving'. That’s kind of a difficult and troubling position to be in.”

Power over Wi-Fi: The end of IoT sensor batteries?

Power over Wi-Fi: The end of IoT sensor batteries?
The researchers believe that harvesting 150 microwatts of power (the power level of a typical Wi-Fi signal) with one of the rectennas could produce around 40 microwatts of electricity—enough to power a chip. Scaling the system to a vehicle, data center hall, or similar-sized setup, which they say is possible in part because their MoS2 material is thin and flexible, would conceivably generate commensurate power. The researchers also say the non-rigid, battery-free system is better than others’ attempts at rectennas because they capture “daily” signals such as “Wi-Fi, Bluetooth, cellular LTE, and many others," says Xu Zhang, of collaborator Carnegie Mellon University, in the article. The other Radio Frequency-to-power converters, which are thick and non-flexible, aren’t wideband enough, the groups say. Of course, radio waves already power some chips. RFID tags are an example. But those solutions are limited in their power and, therefore, range and bandwidth, which is why the search is on for something better.

UK committed to working with EU cyber security partners

Within the cyber security sphere, Martin said it was “objectively true” that nearly all the functions of the NCSC fall outside the scope of EU competence. “It follows that our enhanced cooperation with European partners, and the EU as a whole, in cyber security over recent years is not automatically affected by the UK’s changing relationship with the EU,” he said. “Pretty much everything we do now to help European partners, and what you do to help us, on cyber security can, should, and I am confident will, continue beyond 29 March.” In the past, said Martin, the UK has shared classified and other threat data with EU member states and institutions and played a role in the development of European thinking in areas such as standards and incident response.

What organizations can do to mitigate threats to data management

Adding granular encryption with BYOK (Bring Your Own Key) is an effective weapon in breach prevention. If even an administrator or engineer who manages data in an organization cannot read that data, a hacker will be stopped cold – he may be effective in stealing the data, but not in using it for his own gain. Threats to cybersecurity are considerable and are becoming worse with the proliferation of big data and its use in AI. Good practices raise awareness of cybersecurity risks and help organizations create robust, reliable and fast disaster recovery plans (DRPs) in advance. And, organizations can gain by using AI to monitor systems, detect vulnerabilities, and bridge those vulnerabilities, turning AI into a strategic asset. Many organization's cloud data environments lack the technology for the effective automation of data privacy compliance, and they find it challenging to meet the requirements of the most stringent regulation for data protection, GDPR.

How to recruit top tech talent: Do's and don'ts

Dice Editor Nate Swanner said they were surprised that remote work rated so highly on the list and added that "tech pros can see through the pizazz: A flashy job title, dedicated parking spot and a fresh MacBook Pro won't cumulatively overcome great health benefits or remote work." Research firm Gartner has found that things may not be so simple, though: Benefits like healthcare may be highly desired, but they're also basic expectations for job seekers. "Instead, candidates want to know which benefits set the organization apart," Gartner said, noting that educational benefits, well-being initiatives, and innovative perks are far more likely to attract top talent. Giving credence to Gartner's argument is its research on the types of benefits mentioned in a job posting v. how much time that posting remains up. Mentions of medical care, employee well-being, and work-life balance had zero impact on how long a posting goes unfilled, while dental/vision coverage, financial benefits, family programs, and disability/life insurance all significantly reduced the amount of time it took to fill a job.

Move over HR: Why tech is taking charge of company culture

The key lesson, says Lewis, is that the broader organisation sees the plus-points that a new way of working brings and then demands similar benefits. "In the same way that it happened in the IT industry in terms of Scrum and Agile, I think people have started to realise that smaller, cross-functional teams can add value in other areas of the business," he says. Lewis, therefore, posits a change in perception, one that holds non-IT executives are recognising that digital chiefs have broad expertise that can help change the business for the better. Board members who call on their CIOs for advice on people and processes find new ways to overcome the cultural challenges associated to transformation. That view resonates with Brad Dowden, interim CIO and director at Intercor Transformations. He says the experience digital leaders have of running transformation programmes definitely leaves them well-placed to advise the rest of the organisation — including HR chiefs — about the best ways to pursue successful culture change initiatives.

Breaking the chains: How FUD is holding the cyber sector hostage

The biggest cyber danger for companies is not the CFO getting hacked by Chinese wizard-class hackers using an offensive AI-driven quantum virus via blockchain – it’s someone from the accounts team, clicking on that phishing email link because he did his mandatory corporate security training seven months ago and has forgotten to double-check the URL. It could also be someone from the development team facing a tight deadline and nabbing some code from GitHub, without having the time to really read through it and find that remote shell buried in line 2,361. Suppliers can hype and sensationalise the capabilities of their products, and the scale of the threat, but ultimately all they are doing is damaging customers’ trust – the trust that is vital for a company to know that its cyber security strategy is based on a proportional and relevant response to the threats it faces as an organisation.

Using Contract Testing for Applications With Microservices

What makes contract testing awesome is that it does this in a way which really fits well into a microservice workflow, said Groeneweg. The most important thing is that it decouples the test between the service who’s using the API (consumer) and the API itself (provider). This allows you to bring them both to production without needing the other. It’s especially useful when they are maintained by different teams because it enabled them to be autonomous in testing and releasing.
Groeneweg stated that contract testing is a way of reducing the risk of integration bugs. Also, contract testing is a lot faster than other ways of integration testing. That’s important as it allows you to decrease lead time and kill waste which is caused by slow feedback from tests, he said. As the consumer defines the contract, contract testing also leads to better interfaces and APIs that are actually used.

Quote for the day:

"The key to successful leadership today is influence, not authority." -- Ken Blanchard

Daily Tech Digest - February 20, 2019

Excessive Permissions are Your #1 Cloud Threat

IT administrators and hackers now have identical access to publicly-hosted workloads, using standard connection methods, protocols, and public APIs. As a result, the whole world becomes your insider threat. Workload security, therefore, is defined by the people who can access those workloads, and the permissions they have. ... One of the primary reasons for migrating to the cloud is speeding up time-to-market and business processes. As a result, cloud environments make it very easy to spin up new resources and grant wide-ranging permissions, and very difficult to keep track on who has them, and what permissions they actually use. All too frequently, there is a gap between granted permissions and used permissions. In other words, many users have too many permissions, which they never use. Such permissions are frequently exploited by hackers, who take advantage of unnecessary permissions for malicious purposes. As a result, cloud workloads are vulnerable to data breaches, service violation (i.e., completely taking over cloud resources), and resource exploitation.

The most advanced hacking groups are getting more ambitious

Groups like Chafer, DragonFly, Gallmaker and others are all conducting highly-targeted hacking campaigns as they look to gather intelligence against businesses they think hold valuable information. Once attackers might have needed the latest zero-days to gain access to gain entry into corporate networks, but now it's spear-phishing emails laced with malicious contents which are most likely provide attackers with the initial entry they need. And because these espionage groups are so proficient at what they do, they have well tried-and-tested means of conducting activity once they're inside a network. "It's like they have steps which they go through which they know are effective to get into networks, then for lateral movement across networks to get what they want," Orla Cox, director of Symentec's security response unit told ZDNet.

Why blockchain may be blockchain’s best cybersecurity option

Chains of binary data.
Developers should take the initiative to build their own decentralized security applications for anti-phishing, anti-malware, intrusion detection and distributed VPNs to deploy on the global blockchain. The bottom line is that it’s not enough to just trust blockchain’s security because of more transparency than other technological data security and privacy methods. Developers, miners and even enterprises need to look at the entire digital ecosystem when considering security, as every single point provides savvy hackers a weak link to exploit. As blockchain investment continues to skyrocket and the crypto markets continue to diversify – even with the recent slowdown – we will see more unique and sophisticated examples of cyber criminals penetrating blockchain’s security veneer. That’s the paradoxical ratio of technology: for as many positive innovations that tech creates, there almost is an equal amount of sinister “innovations” to match. This is most certainly true regarding blockchain. The key is to keep discussing threats to blockchain to inspire those securing it.

How Estonia became an e-government powerhouse

Estonia is among the elite group of countries in the highest echelons of the UN's E-Government Development Index (EDGI), with its citizens and public servants able to access a wide range of services online using secure digital IDs, including making payments, accessing full health records, and internet voting. Estonia has been building out its e-government since the mid-90s, not long after declaring independence from the Soviet Union. The program continues to make headlines with bold new digital initiatives, such as its e-residency program, which gives anyone living anywhere in the world the ability to receive a government-issued digital ID and full access to Estonia's public e-services. Today, 99% of the public services are available online 24/7, 30% of Estonians use i-Voting, and the country estimates the reduced bureaucracy has saved 800 years of working time.

The 11 biggest issues IT faces today

The 12 biggest issues IT faces today
“Security professionals must be extra vigilant with detection and training against these threats,” says John Samuel, CIO at CGS. “This year, companies will need to introduce AI-based protection systems to be able to contain any such attacks introduced by this next-gen tech.” Grinnell says AI wasn’t a factor in the most notable attacks of the last year, but he expects that to change. “I believe 2019 will bring the first of many AI-driven attacks on U.S. companies, critical infrastructure and government agencies,” he says. “Let’s hope I’m wrong.” Forward-thinking organizations are now implementing privacy by design in their products, but making sure those efforts meet GDPR standards is an ongoing concern. Google, for example, just saw a record fine by French regulators over how the company collects data. “U.S. businesses will need to consider a GDPR-type policy to protect citizens even before any regulations are enacted,” Samuel says. “Ultimately, there must be international guidelines to ensure customer privacy and protection on a global scale to allow for easier compliance.”

Setting expectations and preparing for a new breed of cyberattacks

Lateral movement is a method used by cyberattackers to move through a network, as they search for the essential data that is the eventual target of the breach. Continuing to hide in plain sight, cybercriminals are leveraging non-malware / fileless attack methods to do this, which is the biggest indicator that attackers aren’t just focused on one component of an organization, but are seeking additional targets as they infiltrate the network. In order for today’s organizations to prepare for these threats to security, they first need to solve the problem of visibility. True endpoint visibility should allow you to “turn back the clock” and see exactly what happened on the endpoint at a specific date. To understand how significant this capability is, we found that an organization with 10,000 endpoints is estimated to see more than 660 attempted cyberattacks per day.

Can work allocation algorithms play fair?

Allocating work by algorithm is not an inherently bad idea, according to James Farrar, chair of United Private Hire Drivers, a branch of the Independent Workers Union of Great Britain, who has co-led legal action against Uber for drivers’ rights. Many drivers working for conventional minicab companies pay a fee for the privilege (Uber takes a percentage, typically 20-25%), only to see controllers giving the best jobs to their friends, ordering them to collect their takeaway food and even demanding bribes. “People didn’t just walk away from those operators, they ran to Uber,” Farrar says. But the company’s algorithms create their own problems. Uber tells prospective drivers that “there’s no office and no boss”, adding that “with Uber, you’re in charge”. Farrar says this is not reflected in the ways the company’s algorithms allocate jobs and influence driver behaviour.

Unactioned data subject access requests could lead to legal action

A Talend report published in September 2018 found that only 30% of organisations are able to fulfil DSARs within the GDPR’s 30-day deadline. This shows how difficult it is to maintain an effective DSAR process. Requests have increased substantially since the GDPR took effect, while the deadline to respond has decreased and the amount of information that must be provided has increased. It’s no surprise, therefore, that many organisations are looking for help. The GDPR DSAR Support Service, provided by our sister company GRCI Law, is a perfect example of how you can simplify the process. GRCI Law’s experienced data privacy lawyers and DPOs (data protection officers) will manage the process on your behalf to ensure that requests are completed in accordance with the GDPR’s requirements.

How managed network services are evolving to simplify the global WAN

How managed network services are evolving to simplify the global WAN
The first step toward evolving the managed network services market was network function virtualization (NFV). “When the service providers were facing the need to streamline their operation, move faster, respond faster, they took an approach of virtualizing appliances,” says Yovel. “Think about all the different network functions that used to be in the old network—next-generation firewalls, various orchestration solutions, VPN solutions, and so on. They virtualized all these boxes, but that didn't change the core dynamic of the network itself. Each function coming from different vendors still had its own management interface, plus its own scaling and sizing environment. The fact the appliance was virtualized didn’t change that. They still had the same problem with the centralized architecture as in the past.” Consider the example of virtualizing a firewall. Mobile users still need to connect over the internet over long distances to some firewall in some location to get the security they need. The fact that the firewall is virtualized doesn’t change that dynamic.

Microservices With CQRS and Event Sourcing

Microservices are independent, modular services that have their own layered architecture. When microservices share the same database, the data model among the services can follow relationships among the tables associated with the microservices. ... A shared database is not recommended in a microservices-based approach, because, if there is a change in one data model, then other services are also impacted. As part of microservices best practices, each microservice should have its own database. ... The limitation of this approach is that transaction management cannot be properly handled. If customer data is deleted, the corresponding order also has to be deleted for that customer. Though this can be achieved with workarounds, like calling a delete service in the Order service, atomicity is not achievable in a straight forward way. This needs to be handled with customization.

Quote for the day:

"The world_s greatest achievers have been those who have always stayed focussed on their goals and have been consistent in their efforts." -- Roopleen