December 31, 2015

7 Technology Resolutions For a Better 2016

It's 2016 and there's a feeling of hope and renewal in the air. That can mean only one thing: It's time for some New Year's resolutions. What did you vow to change this year? Are you going to learn a new skill? Pay off your credit card debt? Lose 40 pounds? Whatever your plans are, don't forget to throw in a few resolutions that involve the technology in your life. The best part of tech resolutions is they're fairly easy to keep and can improve your life almost right away. We've got seven suggestions below on how to make technology central to your plans for an awesome 2016.

Immutable Layers, Not (Just) Infrastructure

Immutable infrastructure is an effective application delivery workflow, but the deployment process is slow and resources are often underutilized. Building images and creating new hosts on every application update leads to a deploy process that can take 10 minutes or more. If there’s only one service per host, it usually does not use all the available CPU, memory, and disc resources on the host. If only 20% of resources are used, then the remaining 80% is wasted expense. Schedulers like Nomad, Mesos, and Kubernetes allow organizations to split applications and infrastructure into separate immutable layers, which speeds up deployment times and increases resource density, while still maintaining the benefits of immutable infrastructure. 

Software Licensing Audits: Is Your Company Prepared?

Violating license agreements can be expensive. Six defendants recently pled guilty in a software piracy case worth more than $100 million. While it wasn't an enterprise company left holding the bag, the outcome illustrates the consequences. In enterprise settings, most noncompliance is unintentional, which usually means the company did a poor job of managing its software licenses. If a company does not go to court, at minimum it will likely have to "true up," which means pay any licensing fees owed for software overuse. That can easily mean six or seven figures in large organizations. Licensees may also be subject to fines and penalties outlined in the license agreement. If the matter goes to litigation, the causes of action usually include breach of contract and copyright infringement, whether or not the noncompliance was willful or negligent.

How will blockchain technology transform financial services?

Bitcoin’s open source blockchain, described as a “permissionless” system, means it is decentralised and open to anyone. UBS and Microsoft are both working with blockchain start-up Ethereum, which runs a similar open source technology, and allows for the smart contracts that can execute trades automatically. But many in banking, wary of losing their grip over operations or of upsetting regulators, see the future in closed, or permissioned-only, networks. Almost two dozen of the world’s largest banks, including JPMorgan, UBS and Barclays, have thrown their weight behind R3 CEV, a start-up venture, to set up a private blockchain open only to invited participants who between them maintain and run the network. It forms part of an effort to build an industry-wide platform to standardise use of the technology.

Waterfall-to-Agile transition: Five tips from Bose

Bose adopted Agile development in 2003, after having become frustrated with the Waterfall methodology. CIO Rob Ramrath said Bose had trouble with Waterfall's "unknown unknowns," or ambiguity inherent in the process. He said the company "made a decision to burn the ships," and move to Agile development, which, he said, provides a structured way to avoid ambiguity in the development process and to pull business customers into the development process. Here are five recommendations that came out of the panel for a Waterfall-to-Agile transition:

Metatheory and enterprise-architecture

By contrast, a metatheory provides a consistent description of the context-space itself – the parameters and trade-offs underlying that context-space, much as above. As a theory-of-theory, a metatheory provides a frame in which to identify where each type of theory would work well – and where it wouldn’t. Hence on complexity, for example, Roger Sessions argues that we should aim to eliminate all complexity; John Seddon argues instead that we should aim to embrace complexity, and that trying to eliminate it only makes things worse. Which of them is right? If we were looking for a single consistent theory, one of them surely must be wrong? But actually they’re both right - in the right types of context. Equally, both of them are wrong – for the wrong type of context. To use a well-worn architects’ expression, “It depends“…

Microsoft outlines its cloud and server integration roadmap for 2016

Microsoft is planning to make generally available its tenth release of BizTalk Server in the fourth quarter of 2016. Before that, in Q2 of next year, Microsoft will release a Community Technology Preview of BizTalk Server 2016, followed by a beta of that product in Q3.BizTalk Server 2016 will align with Windows Server 2016 (due out in Q3 next year), SQL 2016, Office 2016 and the latest version of Visual Studio. The latest BizTalk release will support SQL 2016's AlwaysOn Availability Groups both on-premises, as well as hosted on Azure. Microsoft plans to tighten the integration between BizTalk Server and various application programming interface connectors, such as the ones to and Office 365, to enhance hybrid on-prem/cloud scenarios.

Hybrid Cloud – Taming the Digital Dragon

Often the somewhat rigid structures and processes of IT departments, such as fixed employment or procurement via RFP, aren’t the most innovation-encouraging activities. This means CIOs can easily source their functional requirements, such as delivery and support of a SAP system, but they struggle to engage personnel who can devise innovative new ways in which it might be used to extend a successful digital strategy. That’s a much more rare skill set and is often concentrated in small startup businesses, where domain experts seek to exploit their considerable assets of knowledge areas. They in turn urgently need reference clients and problem statements to build their business around, and so very dynamic fusion can be achieved with regards to shared goals of digital innovation.

An Evaluation Guide to Application Lifecycle Management Software Solutions

Application Lifecycle Management tools can help improve software quality, cut costs, shorten time to market, and enhance collaboration by clearly outlining workflows, and helping you stay on top of your artifacts and processes throughout the lifecycle. What's more, advanced integrated ALM solutions also offer simple ways to export reports, greatly facilitating compliance audits in the above-mentioned safety-critical industries. Right, so there's a solution (or at least significant help) available for some of the most pressing difficulties you're facing. Should you just run to the store, grab an ALM platform off the shelf, and sit back to watch the extra money flowing in? Well, here's the thing: Application Lifecycle Management software come in all shapes and sizes, and finding the one that perfectly suits your processes can be problematic.

The Tech That Will Change Your Life in 2016

Voice-operated electronics are poised for a quantum leap in accuracy and intelligence in 2016. Talking offers a more natural way to interact with devices that need complex input but aren’t exactly keyboard-friendly, such as TVs, sound systems and household electronics. Voice arrived in a big way in 2015 when Microsoft’s Cortana virtual assistant came to Windows 10, while Siri and Google Now turned up in cars and TVs. This year, expect voice control on more computers and an even wider range of gadgets, including the CogniToys Dino, a toy that uses IBM’s Watson to help answer questions, and Jibo, a talking family robot.

Quote for the day:

"Be a leader to be remembered, make people feel good about themselves and increase their belief in their own abilities" -- Gordon Tredgold

December 30, 2015

Healthcare IT: Hot Trends For 2016, Part 1

Several technology trends are converging to give patients advantages, such as improved sources of knowledge and fast, improved medical service. "In 2016, the debate will heighten as to whether patients -- or health consumers -- will be asked to do more or less to manage their health," said Dr. Stephen S. Tang, president of the University Science Center in Philadelphia. "The more information the health consumer has, the more analytics and control he or she may want." We'll each have more opportunity to monitor our health and wellbeing through apps and products that take diagnostics and treatments out of the physician's office and into the home, Tang said. Tang sees this as a positive: Providers and research institutions will take on the burden of inventing better solutions, rather than giving already-busy people a new set of responsibilities, he says.

Data Center Technology Startups to Watch in 2016

You won’t find hot SDN, cluster management, flash, or application container startups on this list. We specifically chose to narrow it down to companies we feel are addressing some of the biggest pain points in data center design and management. This isn’t meant to be an exhaustive list, but the startups listed here are trying to solve big problems in interesting, innovative ways. Feel free to suggest other companies that should be on this list by submitting comments below or on our social media channels: Twitter, Facebook, LinkedIn,Google+.

Effective Strategies for Data Leakage Detection

The central strategy and key resource involved in data leakage detection is pretty much the same, regardless of the amount of data or files involved: effective management of metadata. Many organizations don’t realize the real value of metadata, especially when it incorporates both conceptual metadata (the kind that comes from people’s heads and is therefore subjective) and logical metadata (the kind gathered with technology tools, which is very black-and-white and objective). If you haven’t acquired both types and resolved any discrepancies, you will not be able to interpret everything needed to manage a given data asset more effectively — because you are looking at only a “half truth.”

Five Cybersecurity Trends to Watch in 2016

To no one’s surprise, cybersecurity continued to be a key area of concern and struggle among organizations of all sizes in 2015. However, buried amongst the constant news cycle of new attacks and sophisticated breaches is the fact that more business leaders are understanding the importance of cybersecurity and its potential impact on the organization. Whether it’s a small operation within a niche industry or a major global corporation, everyone is at risk. As we prepare to ring in 2016, we have taken time to reflect on lessons learned in the past year and how these trends and major news stories in cybersecurity will affect the year ahead. Here are five things we’ll be watching for in 2016

NFV: Not Ready for Prime Time but Working on It

While real work began in 2015 on NFV MANO, our in-house analyst Scott Raynovich made the argument that the MANO model that was set up by the European Telecommunications Standards Institute (ETSI) has served its useful purpose. He says real-world NFV management is quickly morphing beyond the constraints of the ETSI diagram. ... Sure enough, at SDN & OpenFlow Congress in Germany in October, Axel Clauberg said the cloud VPN service Deutsche Telekom (DT) launched in March “was difficult.” The VPN service is based on OpenStack. Also at the OpenFlow conference, OpenStack came under fire for lagging behind the needs of NFV deployments. If OpenStack can’t do the job, other alternatives could emerge, ranging from proprietary technology to another open source group, such as OPNFV, filling the void.

Towards an Agile Software Architecture

An important aspect of agile software architecture is when it has to start. Opposed to the waterfall model where we have well-defined phases, in the agile world there is no certain point that people agree to be the starting one. One typical approach is to introduce sprint #0 – a special sprint where the development environment is configured and some fundamental decisions are made. A common pitfall with this approach though, is people tend to prolong it as they always find things that are “almost ready”. “One more week and we can start the regular sprints” is often heard. In many cases you find yourself already working on the system, without even having the user stories, because “it will be really cool to have that helper feature implemented in advance”. In such situations you should beforehand agree on an end date for sprint #0 – this could be the duration of a regular sprint or something close to it.

6 Strategic Projects Any Business Can Implement in 2016

As 2016 begins, now is the time for businesses (regardless of industry, size, product or service offering, or location) to take stock of all resources and initiatives, and plan strategy-centric projects to implement in the New Year. There are many projects any business can implement that, if executed successfully, can create fresh opportunities or drastically reduce the chance of costly missed opportunities. Projects are often pursued for the purpose of generating revenues, creating growth opportunities, seeking innovation or even increasing brand awareness, but it can be easy to get caught up in just day-to-day operations without recognizing the actual cost of missing some more basic projects.

Reader Forum: IoT and the automotive industry

As these commercial fleet vehicles solutions increasingly began to share information bi-directionally via the Internet, they have become a part of the Internet of Things. Today, the “connected car” is rapidly transforming the consumer automotive experience as manufacturers compete to provide a wide array of factory- and dealer-installed IoT options. These consumer-oriented IoT applications range from practical to entertaining. Audi, BMW and Mercedes demonstrated automated vehicles that assist with parking and lane changing at last year’s Consumer Electronics Show. AT&T partnered with Uber to enable passengers to watch college football games from tablets in the backseat. Signing up with General Motors, Audi and Ford, AT&T is aiming to hook up cars with Internet access to stream videos and games onto passengers’ mobile devices.

Why Information Governance Initiatives Matter

“The volume and rate of growth of data do not bring the greatest challenges to information integrity across healthcare. The tougher challenges to information integrity, availability and security require information governance.” Further discussions emphasized the various aspects and value of trusted information, including safe use of IT and interoperability. While many organizations are still in the beginning phase of implementing an IG program, a recent survey by Cohasset Associates revealed that 44 percent of respondents have established IG oversight bodies, 44 percent have seen modest to significant progress, 38 percent have included IG in their organization’s strategic goals, and 36 percent have designated senior executive sponsors.

Enterprise startups: Open source may be your only hope

The reason is that open source communities can be bigger than any particular startup or company. And, if you're going to have a real chance at solving a crazy complicated enterprise IT problem, you must bring an army. This is why mega-banks, retailers, etc. buy from mega IT vendors. It's not that they believe an IBM knows more than random Startup X. Instead, they opt to buy from a large enterprise software vendor because they're big enough to understand the problem, and to have the resources (and longevity) to tackle it. This isn't to suggest there's not room to disrupt enterprise IT. There is. Just ask Amazon Web Services. But, even cloud and open source aren't enough. AWS is hitting its stride in part because it increasingly looks and acts like the legacy vendors it's displacing. CIOs trust its scale.

Quote for the day:

"Some men see things as they are and ask why. Others dream things that never were and ask why not." -- George Bernard Shaw

December 29, 2015

Building an Agile Team: What Does DevOps Mean to You?

You don’t need to be a superhero. What you need to do is be smart enough to automate your job and progress through to make things repeatable and better. That’s really what DevOps has become. We’ve finally bridged the gap of development dropping operations with complete trash and saying, “Deal with it. It’s your problem now.” And then not taking responsibility when there are bugs and errors, and people are getting up at 2am to recycle services, and all that happens. ... Now in a big corporate environment, where you need to put line items on everything, DevOps became something that was easy to sell. They could say that they need these DevOps engineers and that there have been studies about DevOps, so now big corporations can buy into it. But big corporations do what big corporations do, so every single person needs a line item and a number.

Internet-connected homes open the door to hackers

When computers hold the reins, criminals can grab control in unexpected ways. That connected coffee maker in the office -- it wouldn't be much of a stretch for a hacker to put it into a continuous loop and brew coffee throughout the weekend, flooding the office, Mohan said. Mohan's company monitors lighting systems in large commercial buildings to help his customers improve energy efficiency. Enlighted also makes sure intruders don't take control of the lighting. "If I turned them on and off 10 times per second on Sunday, none of the fixtures would work on Monday," Mohan said. Mayhem could hit at home, too. Tech-savvy thieves could look at the settings of your connected thermostat, lighting and security system to figure out you're away on vacation. Can you say burgle?

Retailers are “in store” for dramatic changes, thanks to the IoT

The Internet of Things (IoT) will disrupt all industries, but there’s little doubt that retail will be one of the most disrupted. More so than companies in other industries, retailers are increasingly coming in direct contact with consumers that fully embrace digital transformation in their lives, including IoT-related technology and innovation. Retailers that want to be innovative and stay current with the latest technologies need to embrace the IoT and embed it into their operations not only to impact front- and back-office process efficiencies, but also to earn the loyalty of the next-generation consumer. Leading retailers are already developing strategies and plans to leverage IoT-related technologies.

Here's one of the most interesting predictions for the future of bitcoin

"A cryptocurrency market will have exchanges, it will have brokers, it will have speculators, it will have payment networks," he says. "The features of blockchain as a market are institutional adoption, integration with existing business processes, IT planning and budgeting, evaluating technology replacement." In other words, the two products are pitching at different audiences - one to consumers and currency speculators, the other to corporate IT departments. The crucial element in understanding all this is that while bitcoin's blockchain is the best known, it's not the only one. Blockchain is shorthand for the complex cryptography-based software underpinning the network. It regulates transactions and records who owns which bitcoins. It's faster, cheaper, and quicker than traditional payment methods.

Getting my Raspberry Pi Zero kitted out

The BCM43143 wi-fi adapter integrated in this unit is a low-power and low-CPU load device, so it really is an excellent companion for the Raspberry Pi Zero. If you then plug a combined wireless keyboard and mouse USB receiver into one of the ports of the Broadcom hub, you have solved your three basic needs - keyboard, mouse and network connection - and youstill have a free USB port. This is great stuff. ... The next thing I got for the Zero was a mini-HDMI video cable, so that I could get rid of the slightly clunky mini-to-full HDMI adapter. This is nowhere near as big of a deal as the wi-fi adapter was, and if you already have an HDMI cable that you could use with the adapter that is included with the Zero from most sources, then you probably want to spare yourself the expense of this cable.

Mobile Payments - More Secure Than Conventional Payments?

Mobile devices are often used to conduct online credit or debit card transactions where the consumer provides actual card numbers to the merchant. However, this is not a new topic and readers should refer to other sources to understand the risk and best practices related to traditional online transactions. Also, the security of online money transfer services between individuals is outside the scope of this article. So, despite the recent survey results, are mobile payments really less secure than using credit cards or cash? While cash has the advantage of seeming anonymous, there is little recourse if something goes wrong with a purchase and no automatic tracking of transactions. Given today’s ubiquitous video surveillance and affordable facial recognition technology, the perceived anonymity probably does not match reality in most cases.

The future of mobility

There are two profoundly different visions of the future of mobility. Fundamental differences center around whether today’s system of private ownership of driver-controlled vehicles remains relatively unchanged or whether we eventually migrate to a driverless system of predominantly shared mobility. There is also a critical difference about the pathway forward. The “insider” view believes that today’s system can progress in an orderly, linear fashion, in which the current industry assets and fundamental structure remain essentially intact. The “disrupter” view envisions a tipping-point approach to a very different future, one that offers great promise and potential societal benefits

CES 2016 will be full of wearables, but would you really wear them?

Wearables weren't always the obvious choice when people wanted to make a fashion statement with personal tech. For almost a decade, that honor has gone to the smartphone, whose metal bodies and glass screens have been the epitome of cool for almost a decade. But that's begun to change. Take the iPhone, which was the apex of tech fashion for years but has perhaps become too commonplace. And now that Google's Android mobile software has gotten good enough to be a decent Apple alternative, other phone makers are getting fashionable too. Whatever the reason, phones are everywhere, and now that they look roughly the same, they can't be the fashion symbol they once were. "You're starting to see the phone become the thing that's buried somewhere on you," said Raskin.

Test Run - Introduction to Spark for .NET Developers

Spark is an open source computing framework for Big Data, and it’s becoming increasingly popular, especially in machine learning scenarios. In this article I’ll describe how to install Spark on a machine running a Windows OS, and explain basic Spark functionality from a .NET developer’s point of view. ... The Scala interpreter has a built-in Spark context object named sc, which is used to access Spark functionality. The textFile function loads the contents of a text file into a Spark data structure called a resilient distributed dataset (RDD). RDDs are the primary programming abstraction used in Spark. You can think of an RDD as somewhat similar to a .NET collection stored in RAM across several machines.

Can AI Solve Information Overload?

Of course, we are already seeing how this works with business intelligence dashboards like the one from Domo. It’s not technically AI, but the dashboards help us make better decisions because we can parse the data easier. We see a visual representation of quarterly sales or software uptime and can then react appropriately. Eventually, dashboards will include AI components that make automated decisions based on the collected data.  “These solutions don't have to be orders of magnitude better than us at what they do to be useful,” says Stowe Boyd, a managing director for research at Gigaom. “In fact, a tool that does something no better than me but frees me from doing it – like a concierge bot that would make flight and hotel arrangements for me – would be worth a great deal.”

Quote for the day:

"A pessimist is somebody who complains about the noise when opportunity knocks." -- Oscar Wilde

December 28, 2015

The Most Innovative And Damaging Hacks of 2015

Not a week went by in 2015 without a major data breach, significant attack campaign, or serious vulnerability report. Many of the incidents were the result of disabled security controls, implementation errors, or other basic security mistakes, highlighting how far organizations have to go in nailing down IT security basics. ... But looking beyond the garden-variety attacks and vulnerabilities lends great insight into the future of malicious activity and how to defend against it. And 2015 had its share of intriguing invasions, each of which highlighted the modified techniques that lead to new forms of breaches or pinpoint areas in need of new defenses. The past year saw cyber criminals adopting innovative approaches and state-sponsored actors becoming bolder.

Google’s Quantum Dream Machine

Google and quantum computing are a match made in algorithmic heaven. The company is often said to be defined by an insatiable hunger for data. But Google has a more pressing strategic addiction: to technology that extracts information from data, and even creates intelligence from it. The company was founded to commercialize an algorithm for ranking Web pages, and it built its financial foundations with systems that sell and target ads. More recently, Google has invested heavily in the development of AI software that can learn to understand language or images, perform basic reasoning, or steer a car through traffic—all things that remain tricky for conventional computers but should be a breeze for quantum ones. “Machine learning is a core, transformative way by which we’re rethinking how we’re doing everything,” Google’s CEO, Sundar Pichai, recently informed investors.

Big banks battle startups with new apps and services

Startups enjoy three kinds of advantages over more established firms, according to Benjamin Ensor, another analyst at Forrester. “Firstly, they are not regulated. Secondly, [startups] do not have legacy systems that can make it difficult to do new things fast. They are also not constrained by legacy thinking that can sometimes hamper big, hierarchical established firms. Thirdly, startups have often been quicker to embrace new technologies,” Ensor says. Yet tech wizardry alone isn’t enough to help the established players. Instead, CIOs need to work hand-in-hand with CMOs who are developing solutions that “transform the customer experience” while also driving revenue growth, says Forrester’s Condon. That said, established firms such as CBW Bank, Stearns Bank, Barclays and TD AmeriTrade claim to be coming out with new and more astute financial services.

Innovation Risk & Return: Horizons, Uncertainty and the Teddy Bear Principle

The 3 Horizons approach can be used to manage different areas of future business concurrently, albeit with different managerial approaches given the different requirements and characteristics. It can give a view of how innovation and other business-building activity such as M&A could extend a company’s reach into new sectors. It can provide a time horizon to business growth in new and existing areas. It can give a perspective on the potential for new technology platforms and new markets ... Horizon 1 is where most managers feel comfortable. It’s where the highest degree of apparent certainty exists and, intuitively, the lowest risk. It has the highest proportion of incremental projects and rarely presents a “bet the business” option. Horizon 2 has higher corporate uncertainty, and Horizon 3 presents high corporate and industry uncertainty.

The World's Smartest Cities What IoT And Smart Governments Will Mean For You

"A smart city is a city that uses digital technologies or information and communication technologies—connected via an intelligent network—to address challenges within city communities and across vertical industries. These challenges may include parking, traffic, transportation, street lighting, water and waste management, safety and security, even the delivery of education and healthcare. A smart city relies on technological solutions that enhance its existing process to better support and optimize the delivery of urban services, to reduce resource consumption and contain costs, and to provide the means and the opportunities to engage actively and effectively with its citizens, with its visitors and with its businesses."

Mobile internet is now just the internet

First of all, the internet is finally reaching some kind of maturity – at least in the sense that it is a truly global, ubiquitous communications system – and therefore a stable foundation on which all kinds of new things can be run. Secondly, the smartphone will the key to everything for the foreseeable future. And finally, the emerging new tech-world order is a duopoly, consisting of Apple – with its product-design flair and mastery of marketing and supply-chain management – running a high-end, incredibly profitable, tightly controlled ecosystem made up of both hardware and software; and Google, with unchallenged mastery of search, a dominant (though not total) grip on Android, and huge investments in robotics, cloud services and AI controlling the mass market.

Digital leaders at DHL, CVS defend against, exploit digital disruption

Increasingly, DHL is turning to technology to build relationships with package recipients. In Germany, DHL is piloting an unusual partnership with Amazon and Audi that would enable DHL to deliver packages to the trunks of Audi customers. "It's something … that might not be recommended for countries with high security issues because you might find the package, but not the car," Ciano joked. "It's on the high end, the extreme of innovation." ... talent management isn't simply about recruitment; retention is also important, Tilzer said. Rather than lose skilled, in-demand talent to new opportunities outside the company, Tilzer said it's important to figure out how to create similar opportunities within CVS, a strategy that seems to be gaining momentum these days.

AngularJS in Action - An Interview With Lukas Ruebbelke

The first step when approaching performance in any application is to optimize the user experience. The next step is to apply tried and true architectural principles like composing your application with fine-grained, single responsibility units of code. There are still some tricks that you can do to get that extra bit of performance out of your application if you need it. If you are binding to a collection of complex objects, I will sometimes transform those objects into a shallower version of itself that only contains just the properties I need to display. One way data binding is another great optimization if you are not going to need to redraw the view. Manually adding pagination to a large list of items also helps. Anything you can do to reduce the number and complexity of the items you are binding to on the page is going to help.

The Next Wave of Cybercrime Will Come Through Your Smart TV

Smart TVs are essentially computers, with USB ports, operating systems and networking capabilities no different than smartphones. But unlike computers and mobile devices, smart TVs often don't require any authentication. "Basically with these TVs, if you are in the same room, you're always going to be treated like you're the owner of the TV," said Craig Young, a computer security researcher with Tripwire. ... Smart TVs don't run antivirus software, and it's questionable whether that would be a practical solution to stopping cyberattacks. While antivirus software could work, it also could degrade performance, and the question becomes "whether running security software on the TV is going to mean your Netflix is going to become choppy," Young said.

RESTful Considered Harmful

RESTful web service does not natively support many enterprise-grade features of APIs like batching requests, paging, sorting, searching and many others. There are competing suggestions, like query parameters, request headers, etc. I remember an hour long discussion about flexible searching API we had some time ago. ... RESTful web services are CRUD-oriented, rather than business- or transaction-oriented. Countless times we had to carefully map business terms into simple create/update/delete actions. World isn't that simple and not everything can be simply described in create or update sentences. And even if it can, often RESTful endpoints are awfully awkward and artificial.

Quote for the day:

"No amount of source-level verification or scrutiny will protect you from using untrusted code." -- Ken Thompson

December 27, 2015

10 Breakthrough Technologies of 2015: Where Are They Now?

The roads would be safer if nearby vehicles automatically shared details of their speed, direction, and other information over wireless links. This year Mercedes-Benz confirmed that its version of that technology will appear in 2017 E-Class models going on sale next year, and General Motors was reported to be putting car-to-car communication in the 2017 Cadillac CTS sedan. ... Alphabet continued testing its giant helium balloons intended to widen Internet access in 2015. In October the company signed an agreement with the government of Indonesia to give the technology its biggest test yet. In 2016 cellular networks serving the country’s 250 million people will begin to integrate the balloons into their networks, acting as extra cellular towers floating in the stratosphere.

Banks of the future are already here

The future is already here. One can pay subway fares by putting a smartphone with an NFC chip and banking application at the entry gate. No doubt, in a couple of years one will be able to do the same without a smartphone just by virtue of linking a credit card NFC tag to the NFC ring. To withdraw money from an ATM, one won’t need a bank card – it will suffice to log into online banking using a smartphone, then scan a QR-code and get access to the cash withdrawal menu. Skinner predicts that a new economy will be based on chips and online payments with a share of cash not exceeding 30 percent. However, even the most advanced governments have not succeeded to completely eradicate cash payments: e.g. in Sweden, the volume of non-cash payments has reached only 70 percent.

Five Principles for Leading an AgileCulture

Spotify is familiar with the downside of success. Following substantial growth a few years ago, its engineering team expanded and started to lose their nimble touch. Some companies might approach this problem from a process standpoint, but Spotify leadership seized the opportunity to re-orchestrate to an agile culture. Flash forward to today, and Spotify’s agile culture has made it easier for the company to go to market with ideas more quickly than ever before. That culture also paved the way toward success in a key area for digital business: attracting and retaining talented people. Organizations like Spotify and online retailer Zappos are among the growing tide that recognize that to compete in today’s digital age, agile is no longer optional.

2016 Could See Google Challenge WhatsApp With Chat Bots

The service will be similar to, a SIRI-like app that you can hold a basic conversation with about local restaurant recommendations, according to the Journal. Another comparable example is Facebook M, a virtual assistant service similar to Siri that runs on Facebook Messenger Powered by both artificial intelligence and a team of human beings, its being trialled by beta testers in the Bay Area, California and can book travel, find products or suggest a good gift. You can ask M to order Star Wars tickets, draw you a picture, even write you a song. In such cases it can be hard to distinguish if you’re chatting with a bot or a human.

How I Created A $350 Million Software Company Knowing Nothing About Software

It struck me that if I could build cheaper call center software, I could make my own softwarecompany — and have revenge on The Smirker. The stars must have been aligning for me because shortly thereafter, my college roommate, who I nicknamed “The Fro” (I give nicknames to everyone for whom I have a deep affection), called to tell me (brag) that the call center software startup he worked for had been acquired by Cisco. He hadn’t made much as a late-stage employee, he admitted, but he had a taste for what could be, and encouraged me to fly to Boston to discuss creating our own startup. “After all,” he said, “you’re good at selling shit.”

10 routes to IT job security

One of the quickest ways to irrelevancy in IT is to get behind the curve. That curve grows steeper with every passing year and the moment you get lost in the wash of progress, you are finished. Make sure you are always learning about the latest trends, keep yourself updated on security issues, ensure that you're up to date on everything new and shiny in the business. Take classes and/or workshops, and read, read, read. ... Yes, Sheldon Cooper can pull it off, but he's a fictional character surrounded by forgiving friends. In the world of business, you won't find many people that forgiving. So do not be a know-it-all. Even if you do know it all, don't show it all.

Collaborative Overload

Any effort to increase your organization’s collaborative efficiency should start with an understanding of the existing supply and demand. Employee surveys, electronic communications tracking, and internal systems such as 360-degree feedback and CRM programs can provide valuable data on the volume, type, origin, and destination of requests, as can more in-depth network analyses and tools. For example, monitors calendars and provides daily and weekly reports to both individual employees and managers about time spent in meetings versus on solo work. The idea is to identify the people most at risk for collaborative overload.

Bitcoin is Entering the Age of Practicality

The blockchain, at its core, is a database. It may be the Liam Neeson of databases, but still it's a database. This new age of practicality must be filled with companies solving real problems – problems that could not be solved before the gift Satoshi left for us (before returning to his alternate dimension). We as an industry must be able to look into every industry and every discipline and see what challenges a distributed, immutable ledger can really solve. We have debated on Reddit and other forums about what can be. But the new age must be filled with companies that not only see what can be, but build what should be. We have to embrace people from all disciplines and lend a ear to what struggles they have. We have to then be creative enough to innovate through cross-discipline association.

Debunking the biggest myths about artificial intelligence

These are real worries with immediate importance to how we use, and are used by, the current and plausible future of AI technology. If a doctor uses Watson (or Siri or Google Now or Cortana) as part of what proves to be a misdiagnosis, who or what is ethically responsible for the consequences? And might we one day face the issues of sentient machines demanding rights? The good news is that these worries are being taken seriously. Trying to define ethics, even between humans, is notoriously difficult. Society’s generally accepted ground rules are codified in a practical way by law and the legal system—and it’s here that practical answers to AI ethics are being developed.

Big Data Helps Alleviate Aviation Risk Management Problems

Probably one of the most important areas of aviation risk management to obtain immediate benefits from the utilization of Big Data will concern enhanced customer loyalty and offer programs. The ability to track responses to customer service surveys in real time now enables many airlines to enhance their advertising efforts in a way that tailors the benefits of specific offers to individual customers. For instance, by mining charter flight databases and merging information with customer files, some airlines may discover ways to offer attractive discounts to people who fly frequently to specific, remote locations. This type of tailored marketing would have proven impossible during previous eras. Today, it represents a popular new trend.

Quote for the day:

"A leader is a person you will follow to a place you would not go by yourself." -- Joel Barker

December 26, 2015

 Juniper VPN backdoor: buggy code with a dose of shady NSA crypto

The fallout from this report prompted NIST to retire Dual_EC_DRBG from its recommendations and to advise users to transition to other random number generators. After the NIST advisory, Juniper admitted that ScreenOS used the Dual_EC_DRBG, but claimed that it did so "in a way that should not be vulnerable to the possible issue that has been brought to light." Instead of using the P and Q constants recommended by NIST, which are supposed to be points on an elliptic curve, ScreenOS uses "self-generated basis points." Furthermore, the output of Dual_EC is then used as input for another random number generator called FIPS/ANSI X.9.31 that's then used in ScreenOS cryptographic operations, the company said at the time.

Change is Coming, and It’s IT-Fueled

We all know that BYOD stands for “bring your own device,” but within 10 years I believe we’ll know that acronym by its new meaning: “bring your owndata center.” But don’t take my word for it; by 2016, Gartner predicts that 30 percent of BYOD strategies will leverage personal applications and data for enterprise purposes. What that means is that the line between personal and enterprise data usage will blur. Now we see an unmistakable trend emerging – millennials are redefining not only when and where they work, but also how they get their work done. This is no passing phase, either. It will present an ongoing challenge for IT device makers and service providers – not to mention CIOs trying to formulate a coherent BYOD strategy – for years to come.

Interview With Stitch Fix's Brad Klingenberg

It is usually better if you are not the first to evangelize the use of data. That said, data scientists will be most successful if they put themselves in situations where they have value to offer a business. Not all problems that are statistically interesting are important to a business. If you can deliver insights, products or predictions that have the potential to help the business then people will usually listen. Of course this is most effective when the data scientist clearly articulates the problem they are solving and what its impact will be. The perceived importance of data science is also a critical aspect of choosing where to work – you should ask yourself if the company values what you will be working on and whether data science can really make it better. If this is the case then things will be much easier.

Can virtual reality transform the data visualization market?

Interestingly, a number of startups disrupting the big data virtual reality markets are gaming studios. And that is because gaming studios have had the extensive experience and the unique ability to analyze and visualize tonnes of data. It is high time the remainder of the scientific community and other industries leverage that expertise. But there is doubt if these startups are best placed to lead any mass adoption movement for virtual reality. An important factor to consider is that virtual reality startups are mostly project driven based and lack the mind-set to create products with industry wide applications. Another challenge highlighted by the skeptics is that there isn’t great content for virtual reality yet. Maybe true, maybe not. Undoubtedly, creating and telling a data story in an immersive environment is a mammoth challenge.

What the Blockchain Means for Economic Prosperity

This technology platform is open and programmable. As such, it holds the potential for unleashing countless new applications and as-yet-unrealized capabilities that have the potential to transform everything in the next 25 years. At its core, the blockchain is a global database – an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions, but virtually everything of value and importance to humankind: birth and death certificates, marriage licenses, deeds and titles of ownership, educational degrees, financial accounts, medical procedures, insurance claims, votes, transactions between smart objects and anything else that can be expressed in code. This ledger represents the truth because mass collaboration constantly reconciles it.

Investing In Artificial Intelligence

Consider the digitally connected lifestyles we lead today. The devices some of us interact with on a daily basis are able to track our movements, vital signs, exercise, sleep and even reproductive health. We’re disconnected for fewer hours of the day than we’re online, and I think we’re less apprehensive to storing various data types in the cloud (where they can be accessed, with consent, by third-parties). Sure, the news might paint a different story, but the fact is that we’re still using the web and its wealth of products. On a population level, therefore, we have the chance to interrogate data sets that have never before existed. From these, we could glean insights into how nature and nurture influence the genesis and development of disease. That’s huge.

Ghosts in the Machine

The near pervasiveness of social technology has delivered death back into our daily interactions. With the exception of our friends and closest kin, we typically encounter news of deaths through social media. The same feed that informs us about sports scores and plot twists on ‘‘Empire’’ also tells us, without any ceremony, that a life has come to an end. This could be a blurring of a sacred line, the conflation of the profound with something profane. But this flattening has a benefit: We can no longer avert our eyes from tragedy. We have seen how people used social media to ensure that Americans did not ignore the deaths of people like Freddie Gray, Walter Scott and Sandra Bland, amplifying them into a rallying cry for justice. The mass shootings in Paris and San Bernardino felt, somehow, closer to our lives because they played out on our screens and in our browsers.

Fresh Insights From Clayton Christensen On Disruptive Innovation

We’ve recently had an important insight about how the trajectories of technological improvement are different in different industries. In some industries the trajectory of technological improvement is very steep, like the disk drive industry where every eight years some firm was getting eliminated. In others, the trajectory of improvement is gentler, like in discount retailing. And finally in others, the trajectory is flat, as it was historically in higher education prior to online learning. This has important implications for disruption. When it’s flat, disruption doesn’t occur. New technology and business models can bring significant change to an industry where disruption hasn’t yet occurred, as Airbnb is bringing to the hotel industry.

Challenges for Data Driven Organization

Need for data capture and analysis have brought organizations to a point where it is important to merge and use various data systems and mart to harness the complete value of that data. So, new techniques and technologies need to be employed to achieve this goal. Organizations need to develop the basic infrastructure and capability to support data capture, data integration, data analysis and reporting. This also implies that you need to invest in new technology, upgrade legacy systems and do change management to train personnel. There is also a need for new technologies that can help satisfy the need for data maneuvering and consumption in an easier fashion.

IT Governance in a Digitally Disrupted World

Corporate history is littered with examples of companies that failed to see the significance of new technologies,or were too slow to act upon them. The digital disruption impacting on all sectors of the economyrequires organizations to embrace and leverage technologies more quickly than in the past, and with imagination. New business models are emerging that present opportunities and threats to established models. The rate and magnitude of technological change is both exciting and challenging and requires organizations to be more agile, flexible and creative. Globalization, increased competition, and heightened user expectations present organizations with significant challenges in continuing to be successful and remain relevant.

Quote for the day:

"Every time you have to speak, you are auditioning for leadership." -- James Humes

December 25, 2015

Using Advanced Analytics to Sniff Out Spoofing

So far, the fight has yielded little. More than five years after the Dodd-Frank Act made spoofing a crime, the Commodity Futures Trading Commission sued just three traders for spoofing in 2015. And while the number of enforcement cases on CME Group Inc., which owns futures markets including the Chicago Board of Trade, doubled this year from 2014, there were only 16. But tips keep arriving, and officials expect more cases next year. That’s ratcheted up expectations from market participants, who can see that spoofing cops finally have the will to take on wrongdoers and, with emerging technology, will have better tools to detect them. “It’s taken the regulators and market participants who are blowing the whistle several years to know what to look for,” said Kevin McPartland, head of research for market structure and technology at Greenwich Associates in Stamford, Connecticut.

Google joins Mozilla, Microsoft in pushing for early SHA-1 crypto cutoff

"In line with Microsoft Edge and Mozilla Firefox, the target date for this step is January 1, 2017, but we are considering moving it earlier to July 1, 2016 in light of ongoing research," Google Chrome team members Lucas Garron and David Benjamin said Friday in a blog post. "We therefore urge sites to replace any remaining SHA-1 certificates as soon as possible." Until then, starting with Chrome version 48, which is expected to land early next year, the browser will display errors if the certificates served by websites have SHA-1 signatures and were issued after Jan. 1, 2016. That's because public certificate authorities (CAs) are not supposed to issue new SHA-1-signed certificate after that date.

5 favorite open source Django packages

Django is built around the concept of reusable apps: self-contained packages that provide re-usable features. You can build your site by composing these reusable apps, together with your own site-specific code. There's a rich and varied ecosystem of reusable apps available for your use—PyPI lists more than 8,000 Django apps—but how do you know which ones are best? ... We also recommend you check out Django Packages, a directory of reusable Django apps. Django Packages organizes Django apps into "grids" that allow you to compare similar packages and chose between them. You can see which features are offered by each package, as well as usage statistics.

How Do I Become a Data Scientist? / Data Science Aspects

What is out of the question is, that the theoretical language of data analysis is mathematics and the practical language is, at least for another few decades, programming in whatever dialect (programming language) and the execution platform is computers and the subject of analysis is data in whatever form and wherever and however it might be produced or coming from. This is independent of whether you might assign the processing of a matrix to mathematics, programming or statistics and, with this, we should be able to avoid the problems of the Venn diagram approach. It depends on your point of view. The theoretical or abstract description of problems and their solution is mathematics, the practical side

Banks crunch big data for better service

The sources of information that banks use look set to rise. They are keen on acquiring travel data from bus and phone companies to ascertain travel patterns and where peak traffic occurs, said Mr Bill Padfield, chief executive of Dimension Data Asia Pacific, an IT solutions and services company. "Most countries link the bus pass to their identity card, so (bus companies) actually understand who's getting on and off the buses, when they're getting on and off the buses, what age they are and what sex they are." Such information can help banks assess where they should set up branches and when they will need the most staff, added Mr Padfield. Getting the data is one thing, analysing it is another, given the technical challenges.

The three-point big data analytics action plan

Data modeling gives us the ability to decide how various elements of data relate to each other and how the heart of the data will behave inside our chosen database. Put simply, data modeling is the classification, documentation and formalization of procedures and events involved within the software in hand. Potentially hugely complex as an overall task, data modeling tools help capture and translate multifaceted system designs into representations of data that are more easily comprehended. For a retail firm approaching its first major implementation of big data analytics, the ability to model the data form allows the business function to specify and describe all the myriad components of the business into data.

Why So Many Organizations Struggle With Data Management

Organizations are generally pretty good at profiling and to some degree diagnostics of why something happened. What drove an operational cost up or down, or what happened in terms of customer acquisition over the last five years. Where there is a lot of room for improvement still is diagnosing and really understanding the underlying drivers. If costs are up, why? Understanding the five variables that are most correlated and then saying, we’ve actually built models to prove a cause and effect relationship. Once you have that then you can say, alright I know there is cause and effect, I can deploy a team differently in this way to reduce cost or I can cut headcount here to reduce cost. I think there is room for a lot of improvement there.

Weired Science: 10 Strange Tech Stories From 2015

These are the light and fizzy reports of dumb criminals and animal hijinks that regularly pop up on news sites, broadcasts, and social media. Interestingly, many straight-up articles about science and technology research end up in the weird news section. Because the world of high tech moves so fast, these items surface for a couple of days, raise a few eyebrows, then recede under the relentless waves of information overload. In fact, these technology stories flash and fade so quickly that we often don't appreciate how genuinely bananas they are, nor do we ponder their larger implications. Here we take a look at 10 of the weirder tech stories of 2015, including updates on self-replicating machines, bacteria-powered sportswear, and time-traveling computers.

3 self-improvement techniques to carry through the New Year

The major problem with New Year's resolutions is that they're often unrealistic objectives, without the supporting changes in habit and support structures. Rather than adding lose some weight or work out more to your list of resolutions, here are some suggestions for new habits that will help make you a more effective person, in and outside the office. One aspect to long-term change that I've found interesting is the effectiveness of tricks to instill a habit. Put your running shoes and workout clothes next to the bed in the evening and you're more likely to put them on in the morning. If you struggle to respond to your alarm clock, put one far away from the bed. Rather than relying on willpower, rely on the nuances of your own nature to help instill some of the techniques below. There's no problem with cheating when the game is self-improvement.

Spoofing Went Mainstream in 2015

Nobody knows how widespread spoofing is. The CFTC in Washington receives complaints every week, Aitan Goelman, the agency’s head of enforcement, said earlier this year.  The frequency ebbs and flows, according to several industry executives who would only discuss the matter anonymously. It increased earlier this year before calming down, they said. ... Spoofing is difficult to prove. When prosecutors sent traders to prison and punished financial firms for colluding in the international currency market and manipulating one of the world’s benchmark interest rates, they combed through phone records, e-mail and Internet chats. When it comes to spoofing, investigators must also sift through reams of trading data.

Quote for the day:

"The time is always right to do what is right." -- Martin Luther King Jr.

December 24, 2015

Privacy Protects Bothersome People

For many people, privacy is a fundamental right - they see no reason why a government should be meddling in my affairs without a more specific reason than a blanket search for possible terrorism. But even if you don't share a desire to preserve some privacy from government agents, you should still be concerned about citizens' privacy. This is because it isn't about me, or my friend. The value of privacy to us isn't primarily about our privacy but about those who play a more active role in the operation of a democratic system of government. Such activity often involves bothering people who have power, and those with power are likely to use their power to suppress the bothersome. But without all that bothering, democracy withers.

Information security -- don't let the apparent complexity intimidate you

Think of your security perimeter like you would the fence around your yard, the idea being to keep the bad guys out. Almost since the inception of modern information security, the firewall has been the fence of the security perimeter. The perimeter and the firewall have been a topic of much debate in the last couple of years, with many industry experts claiming that the perimeter no longer matters. With smartphones, VPN connections, etc, opening holes in what used to have a single point of entry, some feel it is a wasted effort. In my opinion, and after much experience in the trenches of business information security, you need a good firewall, period. You need a strong product, and it needs to be configured properly (and not just taken out of the box and plugged in). True, a firewall is not perfect, and not as good protection as it was at one time, but it remains your first line of defense.

How fake users are impacting business … and your wallet

Schorr of Bomgar says that stopping fake users from getting into a company's system isn't necessarily that difficult. It's just a matter of priorities.  "I don't think hackers are that good," he says. They're looking to jump over the lowest hurdle, and making them take one more step to creating an account can push them towards another company that who bother to set up the hurdle on the track.  "They bump up against something and they pull back," he says. "They keep going until they find something or someone or somewhere they can get in." That could be through your low-security barriers, or through a third-party vendor who's in your space and doesn't pay as much attention to security as you do. Securing your fences and theirs, he says, is crucial.

How The Robot Revolution is Going to Change How We See, Feel and Talk

The swallowable robot is only one scenario that researchers in Bristol in the west of England are working to make a reality, as part of research that seeks to use bots to enhance, rather than replace, people. ... "There are lots of areas where robots could help humans do things," said Pipe. "That's really one of the big new areas. So as opposed to replacing humans, helping humans will be a large area for growth." Pipe talks about "human-robot teams" working together. "We're not saying the robot suddenly becomes a simulacrum of a human being—it's still a robot doing the dumb things and being instructed by a human being—but it may be able to do more useful and skillful things than robots have been used to do so far."

Use AutoScaling to Dampen DDoS Effects

The easiest approach to take when trying to prevent a service interruption is to absorb the attack. There are other more complicated and costly approaches such as deploying advanced and/or application firewalls, and in some cases that’s the approach needed. However, there’s a relatively lower-cost and effective solution to absorb DDoS attacks: AutoScaling. Most of the time, a publicly-available site’s traffic will be directed by an ELB. The underlying compute instances that make up the ELB are managed by AWS directly, and are built to scale horizontally and vertically without intervention or advance planning. Meaning, as traffic to your site increases, so scales the ELB. ELBs also only direct TCP traffic. This means that attack types that use protocols other than TCP will not reach your underlying applications.

Hiring, Budget Concerns Top Of Mind For IT Leaders In 2016

The 2016 Annual IT Forecast from IT staffing firm TEKsystems released earlier this month shows a mixed bag of good news and bad news for IT leaders, including CIOs, vice presidents, directors, and hiring managers. The good news: They feel fairly confident that they can meet business needs, and they're looking to add talent to their organizations. The bad news: They're losing more control of tech spending, and they're worried about meeting the challenges of new projects. TEKsystems, which has released its forecast for the past four years, surveys IT leaders on major topics affecting their departments and their role as leaders. This year, the company polled more than 500 IT leaders in the US and Canada in multiple industries at companies ranging in size from less than $50 million to more than $10 billion in annual revenue.

DevOps – the need for speed

Automation is crucial for many DevOps practices and helps you move faster without sacrificing stability or security. You can eliminate manual and siloed processes and move to an automated and collaborative way of working as well as setting yourself up for future innovation and growth. If engineering teams can make vital changes to applications more quickly and cost-effectively, business will become more receptive to the market needs. For example, if a product team needs to roll out a new feature, the necessary infrastructure will be deployed on demand, and will always conform to the security and configuration specifications required.

The Top Three Online Security Menaces You Should Worry About in 2016

People will continue to be ill-prepared because the caution and vigilance—verging on paranoia—that are required to be safe online are not in most folks' nature. "We are conditioned to be social, to collaborate," says Geoff Webb, a VP at security firm Micro Focus, which specializes in preventing security breaches. "These are all good things . . . but they are absolutely, ruthlessly, and vigorously exploited by attackers." Governments and marketers can exploit too, he warns. We asked Olson, Webb, and Ondřej Vlček, COO of antivirus maker Avast, what new or growing dangers the public should watch out for in 2016. Three rose to the top: attacks on smartphones, ransomware that holds data or devices hostage, and leaks from new connected gadgets like TVs and home automation systems.

IT outsourcing year in review: Grading our 2015 predictions

“The renegotiations have been driven in part by re-solutioning to bring in new technologies, retrofitting to add digital technologies, restructuring to adopt outcome or output based pricing, reconciling the contract to changing realities, and re-sourcing components of the services to specialized providers.” This behavior, however, was more stop-gap than strategy, says Bill Huber, managing director with outsourcing consultancy Alsbridge. “The market has shifted dramatically, and re-competes have demonstrated the potential to unlock significantly greater value at this juncture than can usually be achieved by a straight renegotiation, whether or not the renegotiation includes re-scoping.”

Smartphones are completing the broadband revolution

Most revealing of all, among "hard to reach" consumers -- those who have never had a home broadband connection -- only a quarter cite price as their biggest barrier. According to the Pew findings, just 25 percent of nonadopters are interested in someday subscribing to broadband service, while 70 percent say they're not interested, at any price. The real holdup to broader home adoption, in other words, has little to do with its cost. What then? Earlier Pew studies, including one in 2013, found instead that two-thirds of nonadopters cited relevance or usability as their main reason not to use the Internet at all. It's not clear how dominant those obstacles remain. Unfortunately, the 2015 survey did not use the same methodology as earlier Pew studies, which asked non-Internet users to list their reasons in an open-ended question.

Quote for the day:

"Be a leader to be remembered, make people feel good about themselves and increase their belief in their own abilities" -- @GordonTredgold

December 23, 2015

2015: A Cloud Security Wake Up Call

Some interesting areas to watch include security information and event management (SIEM), which integrates security information management (SIM) and security event management (SEM). to provide real-time analysis of security alerts generated by network hardware and applications. Some SIEM leaders working on integrating SIEM with cloud security include Hytrust, IBM, Intel Security, and Splunk. An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. IDS leaders include Cisco (Sourcefire), IBM, Intel Security, and HP.

Innovation and the visionary CIO

Companies eyeing technology trends see massive opportunities and potential threats, with technology-led innovation as a competitive weapon that has two, very sharp, edges. This level of innovation doesn't arise from tactical decisions taken at the business unit level. It requires the kind of core assessment of technology, opportunity, and impact that only a centrally positioned role, such as the CIO, can deliver. While IT has long been responsible for "keeping the lights on," the best CIOs also look for ways to accelerate business growth, providing guidance and guard rails for the CEO and board. ... Keeping IT strategy headed in the right direction while avoiding investments in too many technological dead-ends requires a single vision of what is necessary and possible. Only the CIO can provide that vision.

Getting mobile device management right: Four key steps

One of the benefits of an MDM program is the ability to understand how employees are using their mobile devices. Routing the flow of information back to the IT department and help desk from the start can improve performance down the line. For example, an understanding of which devices and models are popular enables your help desk to train more accurately, resulting in better assistance with future troubleshooting issues. Another useful strategy is to share application inventory information with your support departments to ensure that corporate apps deploy properly. Sharing information with human resources about which users are active on which platforms helps their department appropriately update credential provisions when employees enter and leave the system.

Could the Internet of Things spark a data security epidemic?

What separates smart systems from "dumb" systems? IoT-enabled devices collect huge amounts of personal information, which can be retained and used to extrapolate users’ behavioral patterns and preferences. By doing so, businesses can then use these insights to automate and improve the overall user experience. This information is extremely valuable for businesses and consumers alike. However, it’s important to think about what happens to that data after you are done using the devices. In addition to acquisition and implementation, be sure to consider end-of-use or end-of-life scenarios too. In these cases, there needs to be a core feature and functionality in smart refrigerators, smart thermostats, smart TVs and all other connected products that fully wipes all data clean and can then show verifiable proof that no residual data could ever be recovered.

EU finally agrees draft of Europe-wide data privacy law

According to a recent European Parliament press release, however, the end may at last be in sight. The European Council and European Parliament have now reached a “strong compromise” on a draft of the GDPR. “It is now up to [EU] member states to give the green light to the agreement.” MEP Jan Philipp Albrecht, the European Parliament’s chief negotiator for the GDPR, said that “negotiations hopefully have cleared the way for a final agreement”. “In future,” he added, “firms breaching EU data protection rules could be fined as much as 4% of annual turnover – for global internet companies in particular, this could amount to billions. In addition, companies will also have to appoint a data protection officer if they process sensitive data on a large scale or collect information on many consumers”.

Poor security decisions expose payment terminals to mass fraud

Payment terminals require a secret key to authenticate with payment processors over the Poseidon protocol. However, like with ZVT, payment terminal manufacturers implemented the same authentication key across all of their terminals, SRLabs found. This error can be abused to steal money from merchant accounts. While most transactions add money to such accounts in exchange for goods or services, there are a few that can cost merchants money, for example transaction refunds or top-up vouchers like those used to recharge prepaid SIM cards. In the worst case scenario, attackers could hijack terminals and use them to issue refunds to bank accounts under their control from thousands of merchants by simply iterating through terminal IDs, which are usually assigned incrementally.

Amazon's 'Virtual CPU'? You Figure It Out

Amazon uses what it calls "EC2 Compute Units" or ECUs, as a measure of virtual CPU power. It defines one ECU as the equivalent of a 2007 Intel Xeon or AMD Opteron CPU running at 1 GHz to 1.2 GHz. That's a historical standard, since it dates back to the CPUs with which Amazon Web Services built its first infrastructure as a service in 2006 and 2007. (The Amazon ECU is also referred to as a 2006 Xeon running at 1.7 GHz. Amazon treats the two as equivalent.)  The value of Amazon's ECU approach is that it sets a value for what constitutes a CPU for a basic workload in the service. ECU's were not the simplest approach to describing a virtual CPU, but they at least had a definition attached to them. Operations managers and those responsible for calculating server pricing could use that measure for comparison shopping.

Cybersecurity in the digital age for the smart grid

Cybersecurity strategists must keep pace with – indeed, anticipate - the feverish pace of digital technology development. Each layer of the IP stack on which these technologies function offers hackers potential attack vectors into the emerging Smart Grid. Chip-laden computer boards integrated into a grid component – a transformer, a recloser, a circuit breaker – a represents a potential pathway into which hackers can gain entry to gather sensitive information or disrupt grid operations. Compliance with NERC and FERC regulations should be considered only a starting point toward true system security. In the ever-evolving digital age, regulations always lag behind rapid technology advancement and intensifying intruder strategies. Every power plant and interconnect now needs a brain trust which includes a lawyer, an insurance expert and a cybersecurity team.

Expect Data Breaches, Awareness to Increase in 2016

There is a lot of mystery wrapped up in security, given the sophisticated attacks launched by nation states and cyber criminals; however, many times the solution is simple and involves fundamental security principles like good passwords and encryption for sensitive data. Arguably every year should be the year of encryption, but we have seen enough avoidable damage from a lack of encryption (see TalkTalk shares tank 11% on fears that customer compensation bill could wipe out profits and “I am surprised….no encryption has been used”) this year that those responsible will start to insist upon encryption being a fundamental part of the overall storage/security strategy. The end of US/EU Safe Harbor will also help push encryption as part of a data privacy mechanism.

Updated Mobile Malware Targets Android

"Mobile devices are the new front for cybercrime - the earlier a bank acts, the sooner criminals find other targets," says Al Pascual, director of fraud and security at Javelin Strategy & Research. "To manage this growing threat, bankers should apply a holistic approach, including account-holder education on mobile security best practices, biometric authentication in the mobile app, and strong back-end account security, such as behavior metrics, device fingerprinting and transaction analysis." But banks' efforts are being subverted in part by many Android device manufacturers failing to keep their customers' devices updated with the latest operating system updates and security patches. According to research conducted by G Data in October, for example, few Android devices today are secure.

Quote for the day:

"Opportunity always involves some risk. You can?t steal second base & keep your foot on first!" -- Joseph Heller