Daily Tech Digest August 23, 2019

Don’t worry about shadow IT. Shadow IoT is much worse

fight shadow
So far so good. But this reasoning emphatically does not carry over to the emerging practice of shadow IoT, which has become a growing concern in the last year or so. Basically, we are talking about when people in your organization add internet-connected devices (or worse, entire IoT networks!) without IT’s knowledge. Those renegades are likely seeking the same speed and flexibility that drove shadow IT, but they are taking a far bigger risk for a much smaller reward. Shadow IoT takes shadow IT to another level, with the potential for many more devices as well as new types of devices and use cases, not to mention the addition of wholly new networks and technologies. According to a 2018 report from 802 Secure, “IoT introduces new operating systems, protocols and wireless frequencies. Companies that rely on legacysecurity technologies are blind to this rampant IoT threat. Organizations need to broaden their view into these invisible devices and networks to identify rogue IoT devices on the network, visibility into shadow-IoT networks, and detection of nearby threats such as drones and spy cameras.”

GraphQL: Evolution of Modern Age Database Management System

Consider we have an API that is consumed by a responsive web application. Depending upon the device where the app has opened, the data displayed on the screen will vary, some fields may be hidden on smaller screen devices and all the fields may be shown on devices with a larger screen. The following infographic explains various pain points, pertaining to manage data returned when using REST: With GraphQL, it’s just a matter of querying the fields that are required depending upon the device. The front end is in control of the data it requests, and the same principles can be utilized for any GraphQL API. With GraphQL, we can easily aggregate data from different sources and serve it up to the users under a single umbrella rather than making multiple REST calls from the front end or back end. We can expose a legacy system through a unified API. As mentioned above, every GraphQL API is composed of types, schema and resolvers. In order to create an API, we require to create a GraphQL server in some language. As you know by now, GraphQL is a language in its own and has a specification, the specification must be implemented in a programming language to be utilized.

Cybercriminals Leveraging Evasion And Anti-Analysis Techniques To Avoid Detection

Cybercriminals leveraging evasion and anti-analysis techniques to avoid detection: Study - CIO&Leader
Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection. For example, a spam campaign demonstrates how adversaries are using and tweaking these techniques against defenders. The campaign involves the use of a phishing email with an attachment that turned out to be a weaponized Excel document with a malicious macro. The macro has attributes designed to disable security tools, execute commands arbitrarily, cause memory problems, and ensure that it only runs on Japanese systems. One property that it looks for in particular, an Excel Date variable, seems to be undocumented. Another example involves a variant of the Dridex banking trojan which changes the names and hashes of files each time the victim logs in, making it difficult to spot the malware on infected host systems. The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defenses and behavior-based threat detection.

Security pros reiterate warning against encryption backdoors

“We know that encryption backdoors dramatically increase security risks for every kind of sensitive data, and that includes all types of data that affects our national security. The IT security community overwhelmingly agrees that encryption backdoors would have a disastrous impact on the integrity of our elections and on our digital economy as a whole.” Opponents of encryption backdoors have said repeatedly that government-mandated weaknesses in encryption systems put the privacy and security of everyone at risk the same backdoors can be exploited by hackers. The survey also shows that 70% of the Black Hat USA respondents believe countries with government-mandated encryption backdoors are at an economic disadvantage in the global marketplace, while 84% would never knowingly use a device or program from a company that agreed to install a backdoor. Bocek added: “On a consumer level, people want technology that prioritises the security and privacy of their personal data. ...”

For Sale on Cybercrime Markets: Real 'Digital Fingerprints'

The marketplace says it too has listings from vetted vendors selling "bot logs with fingerprints" for PayPal, Pornhub and Facebook accounts; U.S. and Canadian bank accounts; cryptocurrency hot and cold wallets; and AirBnB accounts. "All the logs we provide come with full fingerprint data," an advertisement for the site boasts. "This means exactly that. We provide all the cookie & browsing history in each log to ensure you have success with all your operations. Once you load the cookies onto your selected browser you will become the identical user from the log you have just purchased from us. This ensures a much higher success rate and anonymity for your business needs. We provide you with a free browser where you can just upload your purchased log and use it with simplicity." Registration for Richlogs costs $50, payable via bitcoin or monero, after which the site says a user will receive $100 in site credit. Log data starts at $1 per record.vThe site also says that it can give users real-time access to hacked PCs so they can use them to remotely emulate victims via a SOCKS5 proxy.

Open-source spyware makes it on the Google Play Store

Google Play and Apple App Store
"The malicious functionality in AhMyth is not hidden, protected, or obfuscated," said Lukáš Štefanko, malware researcher at ESET, who conducted the investigation into the malicious app. "For this reason, it is trivial to identify the Radio Balouch app - and other derivatives - as malicious and classify them as belonging to the AhMyth family." "Nothing special was used to bypass either Google's IP or postpone the malicious function. I think it wasn't detected because users first had to set up the app - set the language, allow permissions, go through a couple of 'next' buttons, for an app overview and only then would the malicious code be launched," he told ZDNet. Štefanko said ESET spotted two instances of the malware being uploaded on the Play Store, one on July 2, and the second on July 13. Both were removed within a day, but only after they contacted the Play Store staff. While the two apps never managed to get more than 100 installs, the problem here was the fact that they ended up on the Play Store using nothing more than unobfuscated open-source code.

How IT departments can upskill in the new economy

Working in the gig economy works both for small businesses and startups, and large enterprises and public sector organisations. Yorkshire Water is one of the businesses mentioned in the TopCoders report. The water utility firm opened up 12 months of its data through the Leeds Open Data Institute to crowd-source the discovery of new trends or patterns. According to Yorkshire Water, it received a number of interesting submissions, such as an app proposal to use artificial intelligence (AI) to automate the recognition of leak noise, and a Fitbit-like device for monitoring water usage in household water pipes. New research has found that crowd-sourcing ideas for the smart use of public sector data offers a huge economic benefit. In July, the European Union (EU) reported that the total direct economic value of the data held in the public sector is expected to increase from a baseline of €52bn in 2018 to €194bn in 2030. Yorkshire Water recently sponsored a hackathon, in which software development teams were invited to take part in a competition focused on ideas for using open data to create a county-wide data dashboard for Yorkshire.

How to protect yourself and your organization against digital identity fraud

Continuously monitor digital identity markets. Monitoring these markets can help you identify compromised identities early so you can more diligently monitor traffic and/or enhance the verification methods for user logins. "Organizations can use services of threat intelligence companies such as IntSights to monitor their assets on markets such as Richlogs and Genesis," Ariel Ainhoren, head of research for IntSights, told TechRepublic. "Getting to them is not too complicated, and with decent protection measures such as a VPN, it is not too risky as well. But most small-medium organizations won't have the time to invest in monitoring these markets and the other dark web activity. They will usually notice that something is wrong only after threat actors will make use of these identities. This is what makes digital identity fraud and these markets so dangerous." Enable two-factor authentication. Asking for a second (or even third) variable to authenticate your users makes it more difficult for hackers to access your accounts. You might adopt a form of mobile verification or ask security questions that only the user would know.

Cloud Security: Mess It Up and It's on You

The majority of incidents are the result of errors and misconfigurations by cloud service providers' clients, Heiser says. That's due in part to how fundamental security practices of the past don't apply to cloud computing models. Take Capital One, a financial services company that's been one of the most aggressive in that vertical in embracing the cloud. A Seattle woman, Paige A. Thompson, is accused of taking advantage of a misconfigured firewall to gain access to more than 100 million credit card applications going back to 2003. She allegedly gained access credentials for a role with expansive permissions, including the area where the credit card applications were stored. AWS, Capital One's service provider, has indicated the problem wasn't on its side. "Security in the cloud is your responsibility, whether or not your cloud service provider makes it easy for you," Heiser says. "Cloud service providers do a great job of drawing the line between their responsibility and your responsibility. And so far, AWS has done a great job of always blaming their customers. So be forewarned."

Three Tips for Laying the Groundwork for Machine Learning

Image: NicoElNino - stock.adobe.com
Despite on-premise IT infrastructure’s ability to host many open-source frameworks to create ML solutions, many organizations still lack the power and scalability to support them. If an organization is evaluating ML for a project, hyperscale cloud might be a good option to consider, since it offers consumption-based access to graphics processing unit (GPU) compute, which can dramatically accelerate the process of training a deep learning algorithm. Once the requirement moves from batch analysis to real time, the flow of relevant data must keep pace with ML algorithms working in near real-time. Ensuring that workloads are supported throughout a project’s lifecycle and organizations have the ability to experiment with ML capabilities is essential, and cloud elasticity can be used to address that. It has never been easier for organizations to expand into the cloud, as the big three public cloud providers -- AWS, Google and Amazon -- all fight for ML business. Despite this, organizations still lag behind in exploiting the elastic scalability of the cloud to derive value from their organization’s data with ML.

Quote for the day:

"The final test of a leader is that he leaves behind him in other men, the conviction and the will to carry on." -- Walter Lippmann

Daily Tech Digest - August 22, 2019

Fake VPN Website Delivers Banking Trojan

Fake VPN Website Delivers Banking Trojan
Reseachers at the Russian security firm Doctor Web say the banking Trojan, which they call Win32.Bolik.2, is a modified version of the original Win32.Bolik.1 Trojan and is being spread by the same unknown hacker group. "The Win32.Bolik.2 Trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus," the researchers write. "Using this malware, hackers can perform web injections, traffic intercepts, key-logging and steal information from different bank client systems." The new campaign, which started on Aug. 8, is targeting mainly English-speaking victims by using a cloned website of NordVPN that prompts its visitors to download a program for a particular type of VPN software that contains the Trojan, Doctor Web reports. To make the fake website seem authentic, the fraudsters use a valid Secure Sockets Layer certificate that ensures a secure connection between a web server and a browser. Another campaign in April using the same Trojan spread via the legitimate website for a video editing software package.

Big Switch targets shadow IT, hybrid cloud growth with fortified software family

data center / server racks / connections
Big Switch’s flagship BCF software lets customers manage physical switches as a single fabric that includes security, automation, orchestration and analytics. BCF can run on a variety of certified switches from Dell EMC, HPE and others. In addition, BCF Controller natively supports integration with various Cloud Management Platforms such as VMware (vSphere, NSX Manager, vSAN) and OpenStack. BCF also supports container orchestrators such as Kubernetes, all via a single interface.  “We believe that traditional networking is complicated but that networking in the cloud is easier using technology such as VPCs, and what we are doing is bringing cloud-networking principles to on-prem and the data center,” said Prashant Gandhi, chief product officer for Big Switch. With BCF for AWS customers can discover, determine configurations and troubleshoot all VPCs and workloads configured in AWS, Gandhi said. “One of the benefits to BCF for AWS is that many customers deploying workloads in clouds don’t know everything that’s being run or shared in the cloud – we can discover those shadow IT networks and help IT get a handle on them,” Gandhi said.

The Design Thinking Process: Five Stages to Solving Business Problems

5 Stages in the Design Thinking Process
There are lots of ways to harness ideas and solve problems. Design thinking is one means to foster and refine creative problem-solving. While it doesn’t suggest ignoring your data, design thinking is, at its core, human-centered. It encourages organizations to focus on the people they’re creating for in hopes of producing better products, services and internal processes. ... The best way to put design thinking into use in your organization is by creating a strategic planning approach that takes ideas from assessment to analysis to delivery. By employing an iterative approach with a thorough assessment and a feedback loop, everyone in your organization will feel more empowered and engaged. The reality of business today is that nearly every business problem is going to have a technological solution. It will fall to the IT organization to take the ideas that come out of your design thinking and figure out how to deliver them as solutions at scale and speed. This is where enterprise architecture comes into play. Evaluating, planning and deploying a business solution will require visibility. How will these solutions impact users? Can they be supported by the existing IT infrastructure? How do they fit into the business ecosystem?

A new look at the Cybersecurity Skills Market

The survey found that most businesses used hardware and software regarded as obsolete by suppliers. Few had any full-time in-house IT support staff and most had received no professional training. More-over none of the publicly funded training programmes in the TEC portfolio were felt to be relevant to their needs. Those wanting skilled staff were happy to train their own, provided the TEC would help them identify recruits with the necessary aptitude and attitude. They would also have liked the TEC to create a list of reputable local organisations providing relevant modular short courses. The results were so far out of line with “accepted wisdom” that the implications, beyond the synopsis headline “The users have taken over the system”, were ignored. My draft report and recommendations were never published. ... Almost none will know the training their staff might need. Few will know how to find a reputable supplier of security services who can met their needs at affordable cost.

Can organizations embrace the digital native mindset?

It is not the lack of ideas but a dearth of inspiration for most of the traditional companies in our country that keeps them from taking the digital route. Despite huge sums being invested in research and development, most of the organizations remain unwitnessed to the endless possibilities that digital intervention can bring to their businesses. Although, they seed research practices and incubators point towards this direction, conventional practices prevent these companies from taking the unexplored route. In a recent McKinsey survey, many respondents said that parent companies had hindered the development of their start-ups and limited entrepreneurs’ freedom to make decisions. Scaling up the individual businesses under one umbrella becomes a challenge for many large conglomerates. The transformation needs to start at an operational level with constant awareness to all the stakeholders involved about the change in practices. The key is to include digital intervention in organizational planning to establish the idea across all levels. Later, the plan should be measured against the outcome to promote digitization in good faith.

How to become a cybersecurity RSO

secure system / network security policy management
Given that cybersecurity is regulated, what practices can we adopt from the experiences of HRO’s regarding compliance and regulation? The distinction between goal focused regulation and error-focused regulation is an important concept. Most compliance regimes focus on the former; i.e. meeting control objectives. However, organizations may benefit from enhancing their internal error-detection capabilities. Another applicable point relates to extended organizations. In many cases managing the regulatory and reliability implications of the organization’s supply chain may be the biggest risk faced by the organization. Managing for security has recently become a science. CISO’s now present to the board and know not to be the department of “no” and to support business initiatives. But HRO’s and RSO’s have been managing to high reliability for decades. The “three lenses” view of organizations leads to three parallel paths toward building a cybersecurity HRO. If you fail to see through all three lenses, you will likely not achieve your goals.

Simulation software: protecting your organisation during a sustained period of cyber war

Simulation software: protecting your organisation during a sustained period of cyber war image
We’re in the midst of a cyber war that threatens every single business and the vast majority of individuals. Simulation software may provide a solution, but first, the problem. The problem is not going way, but is in fact, getting worse — technology, an increasing presence in everyone’s lives, connects the operations of pretty much everything. And so, cyber attacks are more pervasive than ever before — the majority own a smartphone. In the cyber war, malicious cyber attacks are increasing in prevalence and sophistication, and the targets chosen are continually widespread. “Businesses, from national infrastructure and network carriers through to businesses of all sectors and sizes are in the sights of cybercriminals,” confirms Martin Rudd, CTO, Telesoft Technologies. “Think of the nationwide damage that would happen if the organisations powering this critical national infrastructure were to suffer a targeted cyber attack. These organisations generate and store colossal amounts of personal data, making them extremely valuable to cyber criminals — but also, thanks to their gargantuan size, difficult to breach.

Creating a culture of learning

Many managers still rise in organizations because they are good at process optimization, driving out waste and inefficiency, and managing for scale. But when you become CEO, your priorities change. You discover more complex issues that can’t be solved through process optimization. Suddenly you spend your time thinking about why the things that ought to be getting better aren’t getting better, and why they may be getting worse. For example, many CEOs are trying to improve diversity in their organizations, and to create less hostile environments. Yet no matter how hard they try to shift the rules — “Let’s set targets, hold people accountable, and engineer our way toward a more diverse workforce” — they’re not succeeding. Workplace behaviors still sometimes get toxic, even though nobody wants them to. To understand why this happens, you have to think in less linear ways. For example, instead of trying to lock everyone into one diversity-and-inclusion process, what if you let employees choose their approach, and talked about that choice openly? You need to develop a culture of learning if you want to be innovative.

Even fintech startups battling to meet cyber security challenges

The research into fintechs shows that eight main websites and 64 subdomains have at least one publicly disclosed and exploitable security vulnerability of a medium or high risk, compared with seven in the banking sector. The most common website vulnerabilities are cross-site scripting (XSS), sensitive sata exposure, and security misconfiguration, despite all of them featuring in the Owasp top 10 application vulnerabilities, which are well-known and have well-established mitigation methods. All of the mobile applications tested contained at least one security vulnerability of a medium risk, while 97% have at least two medium or high-risk vulnerabilities. The tests show that 56% of mobile app backends have serious misconfigurations or privacy issues related to SSL/TLS configuration and insufficient web server security hardening. The report reveals that 62% of the fintechs’ main websites failed payment card industry data security standard (PCI DSS) compliance test.

Moscow's blockchain voting system cracked a month before election

The French academic was able to test Moscow's upcoming blockchain-based voting system because officials published its source code on GitHub in July, and asked security researchers to take their best shots. Following Gaudry's discovery, the Moscow Department of Information Technology promised to fix the reported issue -- the use of a weak private key. "We absolutely agree that 256x3 private key length is not secure enough," a spokesperson said in an online response. "This implementation was used only in a trial period. In few days the key's length will be changed to 1024." Gaudry, who discovered that Moscow officials modified the ElGamal encryption scheme to use three weaker private keys instead of one, couldn't explain why the IT department chose this route. "This is a mystery," the French researcher said. "The only possible explanation we can think of is that the designers thought this would compensate for the too small key sizes of the primes involved. But 3 primes of 256 bits are really not the same as one prime of 768 bits." 

Quote for the day:

"A leadership disposition guides you to take the path of most resistance and turn it into the path of least resistance." -- Dov Seidman

Daily Tech Digest - August 21, 2019

Handing Over the (Digital) Keys: Should You Trust a Smart Lock?

Inherent security flaws that lead to hacks aren’t the only avenue third parties can use to eye your data. Sometimes, it hits a little closer to home. If you have access to the app that controls a smart lock, you can probably see someone leaves and enters for the day, which can be beneficial in knowing your significant other made it home safely. But it could also inform someone of your whereabouts. Technically, if you don’t own the lock, the owner might be able to see your information, too “If a lock is connected to the internet, then there is always the danger that it could be hacked,” Ray Walsh, digital privacy expert for ProPrivacy.com, said in an email to Reviews.com. “Of course, an internet-connected smart lock may be able to feed its owner additional information – such as an alert when someone unlocks it. This data certainly has its merits, but may only be so useful in the end,” Walsh said. For example, although the privacy policy has since changed, Gizmodo found that smart lock company Latch stated GPS information could be stored and shared with owners and any subsequent owners in an archived link from May 8th.

Don’t get woken up for something a computer can do for you; computers will do it better anyway. The best thing to come our way in terms of automation is all the cloud tooling and approaches we now have. Whether you love serverless or containers, both give you a scale of automation that we previously would have to hand roll. Kubernetes monitors the health checks of your services and restarts on demand; it will also move your services when "compute" becomes unavailable. Serverless will retry requests and hook in seamlessly to your cloud provider’s alerting system. These platforms have come a long way, but they are still only as good as the applications we write. We need to code with an understanding of how they will be run, and how they can be automatically recovered. ... There are also techniques for dealing with situations when an outage is greater than one service, or if the scale of the outage is not yet known. One such technique is to have your platform running in more than one region, so if you see issues in one region, then you can failover to another region.

In July, Reuters reported that as part of an effort to combat money laundering, Japan’s government is “leading a global push” to set up for cryptocurrency exchanges a system like SWIFT, the international messaging protocol that banks use for bank-to-bank payments. Last week, a report from Nikkei suggested that 15 governments are planning to create a system for collecting and sharing personal data on cryptocurrency users.  But several people familiar with the FATF-led international discussions around cryptocurrency regulation told MIT Technology Review that these reports don’t have it quite right. There doesn’t appear to be a government-led global cryptocurrency surveillance system in the works—at least not yet. And it’s likely that whatever does eventually emerge won’t look much like SWIFT. Exchanges are still early in the process of figuring out what systems and technologies to use to securely handle sensitive data, Spiro says, and how to do it in a way that complies with a range of local privacy rules. “There are a lot of balls in the air,” he says.

Security concerns blocking UK digital transformation

“Protection and prevention are still paramount yet, to stay ahead of these evolving trends, organisations need to start thinking differently about cyber security. Business leaders need to make the leap from seeing cyber security as only a protective measure, to it also being a strategic value driver,” he said. The report also shows that across many organisations, chief information officers (CIOs) and wider board member views around cyber security are not yet aligned. Business leaders such as the CEO, CFO and COO tend to be less confident about their organisation’s cyber security than those with direct responsibility for IT and technology such as the CIO and chief information security officer (CISO). In addition, technology leaders are more likely to believe it is important for competitive advantage to have a cyber-secure brand (82%), compared with only 68% of business leaders.

Use of Facial Recognition Stirs Controversy

Use of Facial Recognition Stirs Controversy
Over the past several years, the use of facial recognition - along with other technologies such as machine learning, artificial intelligence and big data - has stoked global invasion of privacy fears. In the U.S., the American Civil Liberties Union has taken aim at Amazon's Rekognition product, which uses a number of technologies to enable its users to rapidly run searches against facial databases. The ACLU's Nicole Ozer last year called for guarding against supercharged surveillance before it's used to track protesters, target immigrants and spy on entire neighborhoods. More recently, city officials in San Francisco and Oakland have banned police from using facial recognition technology. The debate over facial recognition technology has also been addressed by several U.S. presidential candidates. On Monday, Democratic hopeful Bernie Sanders became the first presidential candidate to call for a ban on the use of facial recognition by law enforcement. This is one part of a larger criminal justice reform package that the Vermont senator's campaign calls "Justice and Safety for All."

Extreme Programming in Agile – A Practical Guide for Project Managers

extreme programming aquarium example
The XP lifecycle can be explained concerning the Weekly Cycle and Quarterly Cycle. To begin with, the customer defines the set of stories. The team estimates the size of each story, which along with relative benefit as estimated by the customer, indicate the relative value used to prioritize the stories. In case, some stories cannot be estimated by the team due to unclear technical considerations involved, they can introduce a Spike. Spikes are referred to as short, time frames for research and may occur before regular iterations start or along with ongoing iterations. Next comes the release plan: The release plan covers the stories that will be delivered in a particular quarter or release. At this point, the weekly cycles begin. The start of each weekly cycle involves the team and the customer meeting up to decide the set of stories to be realized that week. Those stories are then broken into tasks to be completed within that week. The weekends with a review of the progress to date between the team and the customer. This leads to the decision if the project should continue or if sufficient value has been delivered.

Breakthroughs bring a quantum Internet closer

3 nodes and wires servers hardware
The TUM quantum-electronics breakthrough is just one announced in the last few weeks. Scientists at Osaka University say they’ve figured a way to get information that’s encoded in a laser-beam to translate to a spin state of an electron in a quantum dot. They explain, in their release, that they solve an issue where entangled states can be extremely fragile, in other words, petering out and not lasting for the required length of transmission. Roughly, they explain that their invention allows electron spins in distant, terminus computers to interact better with the quantum-data-carrying light signals. “The achievement represents a major step towards a ‘quantum internet,’ the university says. “There are those who think all computers, and other electronics, will eventually be run on light and forms of photons, and that we will see a shift to all-light,” I wrote earlier this year. That movement is not slowing. Unrelated to the aforementioned quantum-based light developments, we’re also seeing a light-based thrust that can be used in regular electronics too. Engineers may soon be designing with small photon diodes that would allow light to flow in one direction only, says Stanford University in a press release.

Automated machine learning or AutoML explained

Automated machine learning or AutoML explained
Automated machine learning, or AutoML, aims to reduce or eliminate the need for skilled data scientists to build machine learning and deep learning models. Instead, an AutoML system allows you to provide the labeled training data as input and receive an optimized model as output. There are several ways of going about this. One approach is for the software to simply train every kind of model on the data and pick the one that works best. A refinement of this would be for it to build one or more ensemble models that combine the other models, which sometimes (but not always) gives better results. A second technique is to optimize the hyperparameters of the best model or models to train an even better model. Feature engineering is a valuable addition to any model training. One way of de-skilling deep learning is to use transfer learning, essentially customizing a well-trained general model for specific data. Transfer learning is sometimes called custom machine learning, and sometimes called AutoML (mostly by Google). Rather than starting from scratch when training models from your data, Google Cloud AutoMLimplements automatic deep transfer learning and neural architecture search for language pair translation, natural language classification, and image classification.

Considerations for choosing enterprise mobility tools

One option is to use an open source enterprise mobility management (EMM) platform. If the organization is willing to invest in the resources, open source EMM offers the flexibility to customize and extend the source code to match specific needs. IT pros should be aware of challenges that can come with maintaining their own open source EMM, such as hidden costs of deployment and lack of support. A few options for open source EMM include WSO2 Enterprise Mobility Manager or Teclib's Flyve MDM. WSO2's offering includes enterprise mobility tools such as mobile application management and mobile identity management. It also includes open source support for IoT devices, such as enrollment and application management, through IoT Server. Organizations looking for more established enterprise mobility tools can look to UEM platforms including Citrix Workspace, VMware Workspace One, IBM MaaS360, BlackBerry Unified Endpoint Manager, MobileIron UEM or Microsoft Enterprise Mobility + Security, which includes Intune.

The Future Enterprise Architect

Archie II understands the needs of decision makers throughout the organization including the need to provide timely, if not on-demand, decision support based on solid information and analysis. Archie II also understands that he must not only support the decision making processes in the organization, but also to enable those decisions by providing guidance. Archie II is proactive and is often ready with answers before questions arrive. Archie II uses or adapts existing architectures, and/or creates new architectural patterns and models to support analysis he performs in order to make recommendations needed as value chains or value streams progress. Archie II collects just enough information, resulting in just enough architecture, to support the decisions at hand that match the cadence of the business. Yet Archie II is continuously listening, evolving and analyzing his models of the enterprise as new information becomes available. He proactively connects with those necessary, when necessary. His calls are always returned as he has the reputation of “when Archie II speaks, we need to listen!”

Quote for the day:

"Your greatest area of leadership often comes out of your greatest area of pain and weakness." -- Wayde Goodall