Execs Think Cloud Needs More Than Conventional Security
Despite much wishful thinking to the contrary in the enterprise, security still remains top of the list of barriers that are stalling this move to the cloud, according to the survey. Sixty-six percent of respondents said security concerns are at the top of the barrier-to-adoption list, while 37 percent said they are concerned about the ability to meet compliance requirements when moving services and solutions to the cloud. And though customer data will be moving to the public cloud, that doesn’t mean there isn’t trepidation surrounding this transition, with 50 percent of respondents noting they are “very concerned” about security of data in the public cloud, and another 34 percent “somewhat concerned.”
PCI DSS publishes updates to standards
Key changes include: The addition of a new “Core Module” section that applies to all POI device types and addresses the configuration and maintenance procedures relevant to the security of POI devices.; The addition of testing requirements to reflect that PTS evaluation laboratories will begin validating vendor documentation of vendor policies and procedures for compliance with the device management security requirements. These pertain to device management during manufacture and up until initial key loading or deployment, where other PCI requirements such as PIN security and P2PE provide coverage.
Mobility and Flexibility Working with Cloud
Cloud computing is constantly changing the working environment in enterprises. Integrating new facets to a work environment, the increasing use of technology has unified the office space with dynamic factors such as globalization, collaborations and inception of new possibilities to improve the overall workplace. The employees are constantly adapting to the new work patterns and operation modes. ... Thus, geographical barriers to workplace have being made limited with the advent of the cloud structure. One may work from home with a complete flexibility of timing and association with the business. Virtual office and virtual teams have become an emerging trend in the modern work culture.
Schneider Electric Targets Edge Computing With New Micro Data Center Portfolio
Completely engineered to order, micro data center infrastructure solutions include the physical enclosure, UPS, PDU, cooling, software, environmental monitoring and security all tested, assembled and packaged at a Schneider Electric facility and then shipped together. ... “We are already seeing the emergence of edge applications in retail and industrial applications, and we believe the need for edge computing will only grow as the Internet of Things expands into commercial applications,” said Johnson. Micro data centers are not new, however Schneider has created a standardized, repeatable framework, said David Cappuccio
How Office 365 balances IT control with user satisfaction
Exchange administrators were surprised to discover that the Outlook app was caching Exchange credentials and a month of email messages, contact details, calendar appointments and possibly attachments in the cloud (originally on AWS servers, and although Microsoft promised to shift that to Azure and Office 365 with regional data centres during 2015, it also indicated that the cloud structure was a strategic part of the Outlook architecture they plan to continue). It needs that information to deliver push notifications for new messages, and for features like easy unsubscribe and the “focused inbox” that highlights messages.
Inside Amazon’s Warehouse, Human-Robot Symbiosis
At the center of the warehouse is a storage space containing square shelves packed with countless products from Amazon’s inventory. In previous generations of its fulfillment center, Amazon’s workers would have roamed these shelves searching for the products needed to fulfill each new order. Now the shelves themselves glide quickly across the floor carried atop robots about the size and shape of footstools. In a carefully choreographed dance, these robots either rearrange the shelves in neatly packed rows, or bring them over to human workers, who stack them with new products or retrieve goods for packaging.
Teradata Chief Analytics Officer Bill Franks Talks Analytics and Angry Birds
There are a couple of things. First, there has been tremendous expansion in the breadth and depth of Teradata’s offerings. These reflect the massive changes in demand from the marketplace. I don’t think most people realize how diversified our product and services portfolio is today, especially if they haven’t taken a look at us in a couple of years. We also continue to make a shift toward focusing on solving business problems as opposed to providing technology. Our consulting services have grown immensely over the years as a result and we now routinely work with business people as well as IT.
IPv6 security vulnerability pokes holes in VPN providers' claims
"A common misconception is that the word 'private' in the VPN initialism is related to the end-user's privacy, rather than to the interconnection of private networks," says the authors in the paper's introduction. "In reality, privacy and anonymity are features hard to get, requiring a careful mix of technologies and best practices that directly address a well-defined adversarial/threat model." ... IPv6 leakage seemed to concern the researchers the most. "The vulnerability is driven by the fact that, whereas all VPN clients manipulate the IPv4 routing table, they tend to ignore the IPv6 routing table," explains the researchers. "No rules are added to redirect IPv6 traffic into the tunnel. This can result in all IPv6 traffic bypassing the VPN's virtual interface."
Lessons Learned Adopting Microservices at Gilt, Hailo and nearForm
Microservices as an architecture value availability over consistency. They keep your site, mobile app or service up and running. There will be errors in some percentage of the data. You get to tune that percentage by increasing capacity, but you never get away from it completely. If your business can tolerate errors, then microservices are for you. Obviously, there are systems that need to be 100% accurate. And the best way to achieve this is with large scale (and expensive) monoliths, both in terms of software, and hardware. Financial, medical, and real-time systems are obvious examples. But there are large amounts of software that is pointlessly slow and expensive to build simply because we aren’t paying attention to business realities.
Keys Under Doormats: Mandating insecurity
Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.
Quote for the day:
“It is not a question of ‘Will I make a difference?’ Rather, it’s ‘What difference will I make?” -- Kouzes/Posner.
Despite much wishful thinking to the contrary in the enterprise, security still remains top of the list of barriers that are stalling this move to the cloud, according to the survey. Sixty-six percent of respondents said security concerns are at the top of the barrier-to-adoption list, while 37 percent said they are concerned about the ability to meet compliance requirements when moving services and solutions to the cloud. And though customer data will be moving to the public cloud, that doesn’t mean there isn’t trepidation surrounding this transition, with 50 percent of respondents noting they are “very concerned” about security of data in the public cloud, and another 34 percent “somewhat concerned.”
PCI DSS publishes updates to standards
Key changes include: The addition of a new “Core Module” section that applies to all POI device types and addresses the configuration and maintenance procedures relevant to the security of POI devices.; The addition of testing requirements to reflect that PTS evaluation laboratories will begin validating vendor documentation of vendor policies and procedures for compliance with the device management security requirements. These pertain to device management during manufacture and up until initial key loading or deployment, where other PCI requirements such as PIN security and P2PE provide coverage.
Mobility and Flexibility Working with Cloud
Cloud computing is constantly changing the working environment in enterprises. Integrating new facets to a work environment, the increasing use of technology has unified the office space with dynamic factors such as globalization, collaborations and inception of new possibilities to improve the overall workplace. The employees are constantly adapting to the new work patterns and operation modes. ... Thus, geographical barriers to workplace have being made limited with the advent of the cloud structure. One may work from home with a complete flexibility of timing and association with the business. Virtual office and virtual teams have become an emerging trend in the modern work culture.
Schneider Electric Targets Edge Computing With New Micro Data Center Portfolio
Completely engineered to order, micro data center infrastructure solutions include the physical enclosure, UPS, PDU, cooling, software, environmental monitoring and security all tested, assembled and packaged at a Schneider Electric facility and then shipped together. ... “We are already seeing the emergence of edge applications in retail and industrial applications, and we believe the need for edge computing will only grow as the Internet of Things expands into commercial applications,” said Johnson. Micro data centers are not new, however Schneider has created a standardized, repeatable framework, said David Cappuccio
How Office 365 balances IT control with user satisfaction
Exchange administrators were surprised to discover that the Outlook app was caching Exchange credentials and a month of email messages, contact details, calendar appointments and possibly attachments in the cloud (originally on AWS servers, and although Microsoft promised to shift that to Azure and Office 365 with regional data centres during 2015, it also indicated that the cloud structure was a strategic part of the Outlook architecture they plan to continue). It needs that information to deliver push notifications for new messages, and for features like easy unsubscribe and the “focused inbox” that highlights messages.
Inside Amazon’s Warehouse, Human-Robot Symbiosis
At the center of the warehouse is a storage space containing square shelves packed with countless products from Amazon’s inventory. In previous generations of its fulfillment center, Amazon’s workers would have roamed these shelves searching for the products needed to fulfill each new order. Now the shelves themselves glide quickly across the floor carried atop robots about the size and shape of footstools. In a carefully choreographed dance, these robots either rearrange the shelves in neatly packed rows, or bring them over to human workers, who stack them with new products or retrieve goods for packaging.
Teradata Chief Analytics Officer Bill Franks Talks Analytics and Angry Birds
There are a couple of things. First, there has been tremendous expansion in the breadth and depth of Teradata’s offerings. These reflect the massive changes in demand from the marketplace. I don’t think most people realize how diversified our product and services portfolio is today, especially if they haven’t taken a look at us in a couple of years. We also continue to make a shift toward focusing on solving business problems as opposed to providing technology. Our consulting services have grown immensely over the years as a result and we now routinely work with business people as well as IT.
IPv6 security vulnerability pokes holes in VPN providers' claims
"A common misconception is that the word 'private' in the VPN initialism is related to the end-user's privacy, rather than to the interconnection of private networks," says the authors in the paper's introduction. "In reality, privacy and anonymity are features hard to get, requiring a careful mix of technologies and best practices that directly address a well-defined adversarial/threat model." ... IPv6 leakage seemed to concern the researchers the most. "The vulnerability is driven by the fact that, whereas all VPN clients manipulate the IPv4 routing table, they tend to ignore the IPv6 routing table," explains the researchers. "No rules are added to redirect IPv6 traffic into the tunnel. This can result in all IPv6 traffic bypassing the VPN's virtual interface."
Lessons Learned Adopting Microservices at Gilt, Hailo and nearForm
Microservices as an architecture value availability over consistency. They keep your site, mobile app or service up and running. There will be errors in some percentage of the data. You get to tune that percentage by increasing capacity, but you never get away from it completely. If your business can tolerate errors, then microservices are for you. Obviously, there are systems that need to be 100% accurate. And the best way to achieve this is with large scale (and expensive) monoliths, both in terms of software, and hardware. Financial, medical, and real-time systems are obvious examples. But there are large amounts of software that is pointlessly slow and expensive to build simply because we aren’t paying attention to business realities.
Keys Under Doormats: Mandating insecurity
Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.
Quote for the day:
“It is not a question of ‘Will I make a difference?’ Rather, it’s ‘What difference will I make?” -- Kouzes/Posner.
No comments:
Post a Comment