January 30, 2016

Cybersecurity report recommends test-hacking medical devices before and after release

White hat hackers are essentially the “good guys” of the industry. They are generally hackers or programmers that make their living through ethical means, specializing in computer and software security. They don’t always work with a particular company — sometimes they are the lone-wolf type. The important point is they don’t hack into systems or devices with the intent of causing harm. Instead, their goal is to find vulnerabilities and holes which may need to be patched in order to improve security. After finding a security flaw, they often provide the necessary documentation and aid to the system owner or admin to improve security.

Testing Tips For Today

Test scenarios aren't always one-way. They aren't always request-response. They aren't always server-pushed. Applications that employ WebSockets often contain a mix of communication patterns. To build your load test scenarios you'll want to record and playback WebSocket communications with your app to create realistic testing scenarios. You'll also need to handle messages pushed over WebSockets just like you would handle messages pushed using a traditional request-response, piggy-back architecture. Load test variables should include the time it takes to establish a WebSocket connection, as well as the time it takes to send a request over that connection. Finally don't forget to include tests for both text and binary data.

Great Little Inventions: Velcro

It is often said that one of the main qualities of geniuses is seeing what no one else sees. Undoubtedly, many people before De Mestral had walked through the countryside just to end up with spikes and thorns pinned to their clothes, yet for most people it was just a minor nuisance. In contrast, when in 1941 the Swiss engineer returned from a hunting trip through the mountain forests of Jura, he envisioned a solution where others could only see a problem. After plucking seeds from his clothes and from his dog’s hair, he came up with the idea of studying them under a microscope in order to understand how they managed to snag so stubbornly.

Finding Unexpected Allies Pt 1: Risk Management

Now, this seems like it’s too good to be true and the obvious question that most people will be asking is, “what’s the catch?” The catch that I’ve experienced is that you can’t simply email a bunch of business units in the bank and say “please list the business services you provide and the applications that support them”. The first problem with doing so is, what is an application? And what is a business service? Without a decent definition, the level of granularity that you might get, and the type of operation that gets identified, will be all over the map. You need to engage with each group to define concepts, so that you ensure some level of consistency.

The next 5 years: possible trends in business software

The growing popularity of platforms with big data capabilities means that more business software programs will likely emphasize real time data analysis in the future, also. This trend emerges in particular in the conduct of successful social media campaigns. The mining of consumer data now extends to a wide array of integrated social media platforms; coupled with sophisticated database technology platforms, this capacity enables companies to develop programs that respond more flexibly and in a far more tailored manner to individual customers. Eli Stutz in “The Future of BPM: 7 Predictions” argues that real time processes will give a fourth dimensional quality to some popular software programs used by businesses.

How healthcare systems can become digital-health leaders

High-quality, sustainable healthcare depends on IT-enabled services and a digital platform, but healthcare systems are still unclear on where to focus investment, what technologies provide the greatest benefits for patients and healthcare providers, and the return on investment. In 2014, we did considerable research into the economic value of digital technologies in healthcare and found that implementing technologies such as patient self-services, using digital channels rather than direct physician interaction, or patient self-management solutions can produce net economic benefits of 7 to 11 percent of total healthcare spending. Over this past year, our work on the ground has confirmed this original analysis.

Best practice advice for moving to the cloud

"For most organisations, moving to the cloud involves a shift in finances, because you're moving from a well-understood capital expenditure model to an operating cost-based model. That scares people sometimes." Hewertson says IT leaders must take time to explain that, while operational costs will rise, the long-term effects of depreciation will be lower as the business avoids a hit every few years when it needs to upgrade its infrastructure. To ensure everyone understands the potential risks and benefits, Hewertson has established a corporate risk board, which highlights the potential risks of the current operation at a formal level. Hewertson advises his CIO peers to use a similar approach to receive the broad support of senior executives and to help alleviate risk, particularly at an individual level.

The Neurologist Who Hacked His Brain—And Almost Lost His Mind

Kennedy called his invention the neurotrophic electrode. Soon after he came up with it, he quit his academic post at Georgia Tech and started up a biotech company called Neural Signals. In 1996, after years of animal testing, Neural Signals received approval from the FDA to implant Kennedy’s cone electrodes in human patients, as a possible lifeline for people who had no other way to move or speak. And in 1998, Kennedy and his medical collaborator, Emory University neurosurgeon Roy Bakay, took on the patient who would make them scientific celebrities.

IT governance: why does it matter?

With increasing regulatory requirements, both auditors and IT managers are adopting CobiT as the compliance framework for IT controls. The CobiT IT Process model has helped convey a view of IT that is understandable to business management, auditors and IT, while providing a basis for IT functions to be organised more effectively into a process structure with accountable process owners. The roles of IT and audit for IT governance are separate yet intertwined. IT professionals often have a poor understanding of what controls are and why they are needed. Audit can help with this by working together with IT, providing training that facilitates a change in the culture of the IT organisation and adopting a focus on controls.

Building Security In versus Building Security On

‘Building Security In’ means that security must be built into the developer culture. Developers should understand that security is now part of their job. This is accomplished by building security into their incentives, providing them the training they require, and showing them that security is a valued skill to the organization. There should be a well-defined software security group with equally well-defined policies and tools to measure efficacy. A common pushback from developers is that security can decrease productivity. There are tools that will in fact do the exact opposite, demonstrating an increase in productivity by as much as 15 percent. These tools live in the developer’s environment and scan code as it is being created.

Quote for the day:

"Winning means you're willing to go longer, work harder, and give more than anyone else." -- Vince Lombardi

January 29, 2016

Growing the IoT: Chaos vs. Curation

It’s already happening, since many of the consumer IoT offerings center on, well, a center. You install a "brain" that all of the intelligent elements in your home connect with and through. It makes decisions and also has the primary connection with the cloud. The individual devices aren't doing everything among and by themselves. And in commercial, industrial and governmental areas, it's fairly obvious that pure peer-to-peer device communications without any curation won’t cut it -- something, or someone, needs to act as curator to ensure that things are handled well and properly, rules are applied and rights are respected. The Napster vs. iTunes example parallels this perfectly, and we are facing similar issues with the IoT.

What's Next? 2016 Priorities For High-Performing CIOs

In the new year, many CIOs may find themselves at a critical juncture. They can either build themselves into successful business leaders or they can risk being relegated to second tier “care and maintenance” roles in which they will provide technology support for the strategies and goals of others. Based upon hundreds of conversations we’ve had with CIOs over the past 12 months, it is clear which path high-performing IT leaders will take in 2016. We predict CIOs will take the following steps, among others, to distinguish themselves as strategists and decision makers as they proceed down the leadership path:

EU May Be Aiming to Block U.S. Tech Companies, Schumer Says

Negotiators from the U.S. and the European Union are racing to meet a Jan. 31 deadline to find a replacement for the Safe Harbor agreement that permits user data from companies like Facebook Inc. to be transferred to the U.S. The Safe Harbor pact was struck down last year by the EU’s highest court. "I am worried that the Europeans are using -- that their real motivation is to keep our companies out because they’re so superior to the European companies," Schumer, the likely successor to Senate Democratic Leader Harry Reid, said in an interview Wednesday. His comments come ahead of a Thursday meeting of the Senate Judiciary Committee, where Schumer has a seat. The panel is scheduled to address a bill, H.R. 1428, that would grant European citizens the same data privacy protections as U.S. citizens.

Address IoT security risks before it is too late, urges report

“In the next few years our lives will be surrounded by devices connected to the internet that will digitalise every step we take, convert our daily activities into information, distribute any interaction throughout the network and interact with us according to this information. “Never before has what we do in our physical lives been closer to the digital world. It is precisely the blurring of the line between the digital world and the real world that represents the changes introduced by the IoT. “The future of IoT is unwritten, but only through collaboration and insight can we achieve a secure foundation.” The report was developed by Telef√≥nica’s cyber security and IoT divisions in association with a range of partner organisations operating in the field of cyber security.

A Reference Architecture for the Internet of Things

In the IoT world we don’t only define the goal on the user level (i.e. by application), but things themselves can work towards certain goals without actively including the user. In the end the devices still serve the user but they act autonomously in the background – which is exactly the idea of ubiquitous computing. In order to get a better picture of the term “context” we will first introduce our context model and then jump into the introduction of our reference architecture. Context defines the state of an environment (usually the user’s environment) in a certain place at a certain time. The context model usually distinguishes between context elements and context situation. Context elements define specific context, usually on the device level.

Building a solid cloud governance model for 2016

A final consideration when building a cloud governance model is compliance. This is closely coupled with information security, but there are additional considerations. In particular, watch for details regarding users' responsibility when using a cloud service that is in compliance with a particular regulation. For example, AWS cloud services are PCI compliant, but users of those services must contract with PCI auditors to complete other requirements. Similarly, several, but not all, AWS services are suitable for use with protected healthcare data under the Health Insurance Portability and Accountability Act regulations. Governance strategies should prevent the use of noncompliant services, and ensure compliant services are not used in noncompliant ways.

The need for cyber security skills in Australia balloons

“Yes, they are hard to find, and if you go to an industry and bring a security expert from there, those people have been aligned in a particular areas and are focused on that area only. The best source is the big four management consultant organisations because they invest in people, technology and the soft skills set.” It’s not just end-user enterprises looking for security skills, either. The federal government is ramping up its cyber know-how with agencies such as the Australian Security Intelligence Organisation (ASIO) and ASIS hiring, according to Acheson, and the vendor community is looking for skills too. Like corporate Australia generally, vendors are looking for a blend of abilities.

How To Protect Security Product Investments

The larger the enterprise, the more likely it is that it has many, many security tools. Staff might not learn, use, or update any number of these, perhaps either because there is something off-putting about the technology (some kind of complexity, for example) or because it is one more task on top of an already overwhelming pile. When these tools stay connected and running on the network in a misconfigured, outdated fashion, they become vulnerabilities for attacker entry and liabilities for the enterprise. Security products can come with native remote access capabilities. When enterprises use such products and leave remote access open with default or easily guessed credentials, this turns a security advantage the enterprise should leverage into a security vulnerability.

One crucial exercise for a healthy business

Many organizations, such as technology firms, that have been in this industry for years have the capacity and vision to adjust to financial downturns -- meaning strategic plans and budgets are modified periodically. Depending on their customer base or their global reach, businesses have to assure investors that they can meet market and consumer expectations. ... Conducting effective planning routinely includes an operational budget and a scorecard that aligns with the long-term business plan. With this data in hand, leadership should also have a documented analysis of the business strengths, weaknesses, opportunities and threats that govern how well the company is functioning.

Teach your team to embrace change and create an Agile mindset

Leaders must remember that people are emotionally attached to the way they work -- it is a large part of their lives -- and if they have a lot of experience in the "old" way of doing things, they will be even more emotionally attached to it. Therefore, cognitive arguments with a collection of facts about Agile, or any new idea, aren't necessarily persuasive. What is more persuasive is finding ways to help people care about those facts -- by having conversations that uncover how people are truly feeling about the new idea. Be ready -- these feelings may not necessarily be rational -- but this will allow the leader to truly address what is standing in the way of making Agile, or any new idea, happen.

Quote for the day:

"Be brave. Take risks. Nothing can substitute experience." -- Paulo Coelho

January 28, 2016

Oracle is Planning to Kill The Java Browser Plug-in

"Oracle does not plan to provide additional browser-specific plugins as such plugins would require application developers to write browser-specific applets for each browser they wish to support," the company said in a white paper that outlines migration options for developers. "Moreover, without a cross-browser API, Oracle would only be able to offer a subset of the required functionality, different from one browser to the next, impacting both application developers and users." The main alternative proposed by the company is to switch from Java Applets to Java Web Start applications. This type of application can be launched from the Web without the need for a browser plug-in.

Local Governments Need Governance and Training Amid IT Security Risks

Government agencies approach risk management in different ways, and some may have more mature approaches than others. Additionally, governments need to deal with the fact that residents increasingly expect “24/7 access to government information and services, on mobile devices, without regard for how government develops, manages and pays for that access and those services.” The report says that local governments need to become “technologically proficient” in order to “identify, assess and manage technology risks.” There are four different ways that local governments can achieve this goal, the report notes.

As Cloud Services Mature, Three Key Lessons Learned

As for the integration challenge, 61% indicated that it remains a major pain. In fact, a quarter of the respondents said that at least one cloud application project was abandoned due to the inability to link enterprise data to the cloud applications. While I expect that proportion to decline over time, due to improved tools and smarter implementation teams, it will remain a challenge. An important corollary to the need to integrate external cloud apps to internal on premises data is the fact that we now have a two-way challenge. The rise of XaaS means that many organizations now have valuable data in the cloud that needs to be accessed by their on-premises systems.

The Basics of Web Application Security

Security is a cross-functional concern a bit like Performance. And a bit unlike Performance. Like Performance, our business owners often know they need Security, but aren’t always sure how to quantify it. Unlike Performance, they often don’t know “secure enough” when they see it. So how can a developer work in a world of vague security requirements and unknown threats? Advocating for defining those requirements and identifying those threats is a worthy exercise, but one that takes time and therefore money. Much of the time developers will operate in absence of specific security requirements and while their organization grapples with finding ways to introduce security concerns into the requirements intake processes, they will still build systems and write code.

Hadoop and Big Data: The Top 6 Questions Answered

You will certainly need some folks with Hadoop skills, database/data management skills, system admin skills, programing skills and analytics skills. Currently, the market isn’t oversaturated with Hadoop admins that possess all of these skills along with several deployments and a few years of management experience under their belts ... As for the data scientist, they’re great if you can find one (and afford him/her). You’re talking about someone who gets statistics, algorithms, coding, data and database technologies and the underlying business logic. In many cases, companies are leveraging the skills of multiple individuals already on staff as opposed to hiring a dedicated data scientist.

Unikernels – The shiny new object in the cloud

Unikernels take the concept of minimalistic operating systems to the next level. It is a specialized OS which is compiled exclusively for the program that runs on it. So, a developer can create an extremely compact executable that not only has his code but even the operating system. Unikernels are single-user, single-process, single-purpose, specialized operating systems that strip away unwanted functionality at the compile time resulting in a stand-alone, self-contained unit. The new unit of deployment contains the entire software stack of system libraries, language runtime, and application, compiled into a single bootable VM image that runs directly on a standard hypervisor.

13 Frameworks For Mastering Machine Learning

Over the past year, machine learning has gone mainstream in an unprecedented way. The trend isn't fueled by cheap cloud environments and ever more powerful GPU hardware alone; it’s also the explosion of frameworks now available for machine learning. All are open source, but even more important is how they are being designed to abstract away the hardest parts of machine learning, and make its techniques available to a broad class of developers. Here’s a baker's dozen machine learning frameworks, either freshly minted or newly revised within the past year.

The clearest sign yet that Microsoft is cool again

Despite a booming R&D budget, the research done within Microsoft's labs rarely got productized, as I've written before. Or, as Ahmad Abdulkader, an engineer on Facebook's applied machine learning team, and formerly of Microsoft and Google, told Bloomberg, "Microsoft totally separated its research arm from the rest of the company and almost made it optional to contribute to the rest of the company. Google took the exact opposite approach." This sometimes left Microsoft scrambling to catch up with innovations released elsewhere. Under CEO Satya Nadella, Microsoft's R&D team is actively engaging with product teams to ensure all those R&D billions contribute to tens of billions in sales. But, this isn't the clearest sign of Microsoft's rebirth.

Bimodal IT Strategies and Their Impact on Data Governance

Unfortunately, this dual infrastructure approach rests on several false premises. The first is that startup DevOps teams are all using open source software, and that this is what enables agile application development. The reality is far different. Most startup DevOps teams use a lot of paid software and services out of necessity because they don’t have the time or resources to customize and tie together a bunch of open source applications to meet their IT infrastructure needs. If they did spend the time building this infrastructure themselves they would never get their businesses off the ground. Drawing on scores of on staff engineers and deep pockets, only the biggest of the big tech companies are building IT infrastructures that are based on open source and their own custom-built software.

Managers’ 3 Mental Blocks to Strategic Planning

The typical solution is to spend a lot of the corporate strategy team’s time and money on streamlining the strategic planning process and clarifying the accompanying instructions. This does make a difference, but strategists will be much more likely to help managers consider the long-term – and so help the firm make good long-term decisions – if they spend less time on planning process and more on counteracting executives’ operational mindsets. CEB data show that this is six times more successful in terms of improving long-term thinking during the strategic planning process.

Quote for the day:

"Whenever an individual or a business decides that success has been attained, progress stops." -- Thomas J. Watson

January 27, 2016

Cyberwarfare in 2016: The Virtual Battle for Your Information

Regardless of how closely the treaty is followed by either country, it’s clear to the world that this is a unique issue that deserves special attention. Your main concern shouldn’t be corporate espionage as such; attacks on corporations are your biggest danger should cyberconflict arise in any capacity. Chances are that you or an immediate family member works for one. In the rare event that isn’t the case, you absolutely trust your personal data to one or do regular business with one so they have your financial information. Cyberconflict between any organizations large enough can result in corporations being caught in the crossfire.

Windows 10 at six months: Ready for primetime?

One of the most controversial design features in Windows 10 is its new update model, which removes the ability of consumers to control which updates get installed. Businesses have more knobs and levers, thanks to the November 2015 addition of Windows Update for Business, but those tools are made for IT pros and are either invisible or frighteningly complex for less sophisticated users. Still, this is a vision of where the future of computing has to be, and there really is no pain-free path. Asking users, even technically sophisticated ones, to make individual trust decisions over dozens of updates per month is ludicrous. The result, historically, is predictable: many users succumb to information overload or bad advice by disabling updates completely.

The real reason Microsoft open sourced .NET

.NET itself is changing, as the recent name change for the open source version (from .NET Core 5 and ASP.NET 5 to .NET Core 1.0 and ASP.NET Core 1.0), underlines. .NET Core doesn’t cover as much as the full .NET 4.6 framework. The same goes for ASP.NET 4.6 and 5 (which has the Web API but not SignalR, VB or F# support yet). The newer versions don’t completely replace the current versions, although they’ll get the missing pieces in the future. They’re also built in a new way, with faster releases and more emphasis on moving forward than on avoiding breaking changes. That’s the same shift you’re seeing across Microsoft. Over the last decade, building Azure has taught the company a lot about the advantages of microservices for what would otherwise be large, monolithic applications.

Wear your world

If you’re one of those who constantly complain about clothes bought online not fitting right, technology is here to help. LikeAGlove makes leggings that measure the shape of the wearer and provide the details in an accompanying app, which helps users filter out clothes that would not fit right. Workout freaks get to invest in shorts that track running statistics and Radiate makes T-shirts that glow to display the muscle groups that you just used in that last set. Scientists are also working on clothing that can maintain temperature according to the ambient conditions, using everything from pockets of liquid and air to studying how squids modify the wavelengths of light they reflect.

Service-oriented business: Maritz transforms IT culture

Learning was a key part of the Maritz IT overhaul. Paubel said Maritz's IT personnel received training on soft skills, sales and marketing. That process began at the highest level within IT. "We trained the management first," Paubel said, noting that the objective was to help the top IT managers understand what the new IT organization would look like. ... As the cultural shift continued, the Maritz IT group changed its values. The department reworked the management templates that define how employees earn merit increases and promotions. Employees are no longer rated on how many projects they complete, or how many tickets they close, but on how customers perceive them.

Microsoft Open Sources Deep Learning, AI Toolkit On GitHub

Microsoft attributes the surge in interest to the growing number of researchers running machine learning algorithms supported by deep neural networks -- systems modelled on the processes in human brain. Microsoft says that many researchers believe such systems can enhance artificial intelligence applications. The rapid improvements over the past few years in the speech recognition capabilities of applications like Apple's Siri and Google Translate, and in the image recognition capabilities of Google Photos, suggest that belief is well-founded. As mobile and Internet-connected devices proliferate, AI can be expected to become even more important as a way to facilitate function without traditional keyboard-based interaction.

Creating Your Enterprise Cloud Connectivity Strategy

The goal is to create optimal business agility, where the business can adjust or scale according to market demand. Enterprise cloud connectivity uses a variety of secure (and fast) connection protocols to allow organizations to integrate with network, storage, compute, and even user environments. The biggest difference has been the ease of creating these connections and how they can help transform a business. In the past, these connections were made manually and required a lot of administration. Today, major providers are offering easier ways to integrate with their cloud resources.

Microservices in the Real World

Self-Contained Systems (SCS) describe an architectural approach to build software systems, e.g. to split monoliths into multiple functionally separated, yet largely autonomous web applications. The key point is that an SCS should be responsible for its own UI as well as its own data store. The system’s boundaries exhibit a vertical split along what in Domain Driven Design (DDD) is called “bounded contexts”. The integration of each SCS into the overall application happens in most cases within the browser via links and transclusion. These systems don’t share a common UI code nor common business logic. Each system may be maintained by a separate team using their very own preferred technologies.

Major Telcos Join Facebook's Open Hardware Push

It's also about innovating faster. Gagan Puranik, director of SDN/NFV architecture planning at Verizon, said the OCP's collaborative model should help Verizon get new technologies into production more quickly, including future advances like 5G. He expects Verizon to buy equipment from "a mix of traditional and non-traditional" suppliers, he said. Facebook has already developed a pair of powerful OCP switches for cloud and enterprise use, and the new telco equipment could add to the pressure on traditional vendors. Those companies aren't standing still. Nokia, which just bought Alcatel-Lucent, was among the new OCP members announced on Wednesday, and says it will incorporate OCP designs into future telco products.

The Mindful Board

Mindfulness in the boardroom refers to the capacity of a group of people to think in a deep way together. In assessing a current challenge, the mindful board looks to the past, present, and future. Deliberations encompass the impact of a decision not only on the enterprise, but on industry, society, and the planet. And the board considers how the decision will play out in both the short term and the very long term. Mindful boards intentionally look out at the world through multiple windows — technology, politics, sociology, environment, and economics. To leverage the power of using multiple windows, members of the mindful board hone their individual capabilities while practicing three interdependent disciplines as a governing body: leadership by the group, expanded consciousness, and fearless engagement.

Quote for the day:

"Technology has the shelf life of a banana." -- Scott McNealy

January 26, 2016

Is Persistent Storage Good For Containers?

Despite this conventional wisdom, there persists (pun intended) a desire to bring persistent storage to containers. The reasons for this varies. In some cases, an application needs data to persist and its performance requirements can not be met through backends like objects stores or network file systems; typically, this is a SQL database like MySQL or Postgres that isn’t designed to scale out in the way a NoSQL database might. In other cases, a company that is moving to containers and cloud-native apps may have a desire to leverage existing technology when possible, such as a storage array.

Save the ransom: How being prepared and proactive foils the plot

Having good solid, working backups is one of the most important choices that one can make. Maintaining more than one backup plan both offline and offsite, is crucial. Always check backups and test-restore on a regular basis—valid, working backups are part and parcel of the proactive process. Since ransomware targets and encrypts visible files—including mapped network drives and network shares—utilizing an offline backup strategy ensures that your organization will not come to a grinding halt or have to cough up any bitcoins. Remember to always physically disconnect the hardware backup device from the network, after the backup is complete.

The Ten Commandments of Microservices

With the emergence of containers, the unit of deployment gradually started to shift from away from the VM models. Linux container technologies, such as LXC, Docker, runC and rkt, make it possible to run multiple containers within the same VM, allowing DevOps to package each app component or app module in a dedicated container. Each container has everything—from the OS to the runtime, framework and code—the component needs to run as a standalone unit. The composition of these containers can logically form an application. The focus of an application becomes orchestrating multiple containers to achieve the desired output.

Spear Phishing: Real Life Examples

A spear phishing case that involved the RSA security unit of data-storage giant EMC Corp shows how even a company known for security in the cyber realm can be target and victim of an attack. In 2011, RSA was attacked using a Flash object embedded in an Excel (.XLS) file that was attached to an e-mail with the subject line “2011 Recruitment Plan”. Small groups of employees were targeted, and the e-mail was filtered and landed in the users’ junk mail folder. Unfortunately, all it takes is for one person to fall victim of the scam. As explained by the RSA FraudAction Research Labs, regardless of the state-of-the-art perimeter and end-point security controls, security procedures and high-end technology used by a company,

Employee Off-Boarding: How to Keep your Data Safe During Employee Turnover

Companies should make it clear that all data on device is the property of the organization. We ran through some of the specifics behind remote wipe features in this blog, but as a refresher here’s more insight: Employees should have signed a policy disclosing that when e-mail is configured on a personal smartphone, tablet or computer, that if they leave without notice and take their devices, that the company will remote-wipe the device. This means that the employee will not only lose the e-mails on that device, but also all of their personal data on that device. You should encourage employees to be forthcoming about leaving your organization to avoid this issue and present personal devices to be wiped by your IT department without losing their personal data.

Diana Larsen on Agile Fluency Model

Maybe the most surprising thing that’s being added in terms of larger chunks is complex adaptive systems. One of the things that this model has taught back to us is how it actually reflects the foundations, the conditions, the underpinnings of complex adaptive systems–teams as complex adaptive systems. We’re adding information about how complex adaptive systems work when they are teams and when they manifest as a team. What you can look for to help that system flourish. More of that kind of understanding and material, that’s just fascinating to me. We had a tiny bit of that in the first edition. We’re going to have quite a bit more in the second. And we’ll have a couple of new stories. That will be fun.

The CISO's Role in Fighting Extortion

To mitigate risks to corporate data, organizations need to use network segmentation to "ensure that sensitive data is only available within the network to the parts of the network that actually need to be able to access that data," Miller says. They also should use air-gapping to help ensure that sensitive data is not accessible from the public Internet. "Of course there are many other steps that organizations can take to secure sensitive databases and other information as well. ... One of the hopeful measures that companies can take is ensuring that any employee who has a public-facing role and could be contacted by an extortionist is aware of what to do."

Testing the test: How reliable are risk model backtesting results?

This blog reveals that the distributional nature of the profit and loss (P&L) distribution being modelled can have a significant impact upon the previously known factors driving Type-II errors. ... Risk models are not expected to produce reliable and robust risk estimates 100% of the time. Indeed when specifying a model, users build-in expectations around its accuracy often defined by the number of breaches it produces (i.e. occasions whereby the P&L of a portfolio is greater than that predicted by the model). The Kupiec-POF test therefore attempts to assess model performance by comparing the amount of breaches a user would expect a model to produce with the actual amount it does.

Alleviate data wrangling pain points with visualization tools

"The tool presents a visual representation of the data," said Alon Bartur, Trifacta's principle product manager. "It makes certain assumptions concerning the structuring of this data, and the user sees these assumptions by indicators that assess what the likely quality level is of each piece of data. Users know immediately from the indicators whether the data that they are seeing is of high quality or whether it is questionable and might require additional investigation. The user interface is designed for point and click interactions and the system gives the users suggestions of how to organize data reports, as well as certain data transforms that the user can run and what the likely outcomes of these transforms are."

Does Anyone Really Want the govt Deciding Encryption Policy?

What is the best way to keep everyone safe from the various bad guys out there? In one limited sense, this shares an argument from the U.S. gun debates. Is it safer for an individual to have a gun or is it more likely that the bad guy would simply take that gun and use it against the citizen? In the encryption argument, the question is whether it's safer to let the government have full access or will that just make it easier for the bad guys to steal that full access?  Framed in that "which truly makes us safer" perspective, I think there are good arguments on both sides. But if that technology-oriented question is going to be answered by any individual, I'm somehow more comfortable with the Tim Cooks making that call than some politician. At least Tim Cook is honest about his motivation

Quote for the day:

"You have to think anyway, so why not think big?" -- Donald Trump

January 25, 2016

When Virtual Reality Meets Education

In what may turn out to be an immersive education game changer, Google launched its Pioneer Expeditions in September 2015. Under this program, thousands of schools around the world are getting — for one day — a kit containing everything a teacher needs to take their class on a virtual trip: Asus smartphones, a tablet for the teacher to direct the tour, a router that allows Expeditions to run without an Internet connection, a library of 100+ virtual trips ... This global distribution of VR content and access will undoubtedly influence a pedagogical shift as these new technologies allow a literature teacher in Chicago to “take” her students to Verona to look at the setting for Shakespeare’s Romeo and Juliet, or a teacher in the Bronx to “bring” her Ancient Civilizations class to the ancient Mayan ruins at Chichen Itza.

John D McGonagle: Welcome to a world of Internet of Things

In the future, a consumer will want their rights to extend to their machines, but traditional analysis of contractual offer and acceptance, and the existence of binding contracts, will become complicated where machines are automatically interacting. After all, it may not always be obvious or implied that a machine has authority to act on its owner’s behalf. Taking a more strategic view, IoT will undoubtedly lead to the proliferation of valuable technology. However, serious questions still remain. How will it be protected? Will it be patentable? IoT devices will also require cloud computing power to collect, store, analyse, search and deliver vast amounts of data.

Configuration as a Service

This is where Configuration as a service comes in – the ability to change the behavior of our software systems on the fly without the need to make code changes. Recently the squad I work in released Skyscanner’s first iteration of Configuration as a Service. Our main motivation behind the system was to enable anyone in the business to safely make changes to our production systems while having the changes backed by A/B tests and associated metrics & reporting. Another motivation was that the system allows us to gracefully bypass a service which is experiencing an unexpected problem. Having this flexibility means we can continue deliver the core experience which people come to Skyscanner for even if something goes wrong behind the scenes.

4 essentials to creating a world-class threat intelligence program

"Aim small, miss small" according to Gundert, applies equally well to threat intelligence — a subject that produces an immense amount of data. He explains, "True success in threat intelligence is predicated on constraining intelligence efforts to specific business objectives, which removes the large surface area and leaves only a challenging sliver of value to pursue." ... Besides using threat vendors as sources, in-house data gathering capabilities are important sources of company-specific information and a way to verify vendors. Gundert adds, "For example, building an internal Web crawler that analyzes the web page code of the business's top 5,000 daily web destinations may provide insight into drive-by attacks."

From Monolith to Multilith at ticketea

Three years ago ticketea was basically a monolith, an all-in-one solution that was designed this way due to some constraints and advantages at that time. Basic constraints were size of the team and money, and some of the advantages were reduced time to market for new features, deployments were easy, the infrastructure necessary to run all this was small and cheap and most members of the team at the time had a full picture of the platform. We basically had an API and a frontend web application, which is better than having all in one single web application. Having a separate API was already a big head start. In the beginning of 2013, we had to create a business intelligence solution that fit our needs and thus we created Odin, which was more like a Satellite to this monolith.

5 reasons why IoT needs data analytics

Businesses will need to use analytics to generate insights because, with the Internet of Things, the stakes have never been higher. Analytics has already been used in industries like retail and finance, but the Internet of Things promises to broaden its scope into other areas such as healthcare. ... Wearable devices are able to collect and send patient data to doctors in real-time and RFID sensors are helping provide greater confidence in the pharmaceutical supply chain. With more data becoming available all the time, medical IoT devices combined with analytics tools could be used in the future to not only identify health issues, but ultimately cure them.

Why Cloud Computing Will Shake Up Security

Traditionally, switching products have relied on elaborate routing protocols and network encapsulations to make sure that, for example, Rack A doesn’t talk to Rack B, but can talk to Rack C. It gets way more complicated in the jumble known as network management. But in cloud computing, the network management mess goes away. For example, Security Groups, the network controls Amazon uses that are defined up front and deployed automatically. This is a huge time saver because you no longer have to set up network access control policies and the need for software switches is greatly reduced.

Choose the right PaaS for developing cloud applications

The key factor in choosing the right PaaS type for developing cloud applications is understanding the project at hand, said Dave McCrory, CTO at Basho Technologies, maker of the Riak open source database. No one PaaS type fits all circumstances, and that may necessitate keeping several in a developer's toolkit simultaneously. "There are a large number of distinct PaaS types, because application development scenarios differ," McCrory said. Concurring with Hurwitz, he said one is the SaaS style, typified in the way that Force is tied to Salesforce. Heroku, he said, is different in that, "you upload everything you want to run, and put the apps online. It isn't bound to Salesforce as tightly as Force."

Healthcare IT's battle to keep sensitive data safe

Unlike the financial sector, security awareness in healthcare is lagging. Also unlike the financial sector—and much to the chagrin of the industry—hacked medical records command a premium on the black market because health data is far more permanent. Healthcare organizations are facing a cybersecurity crisis. ... Beyond patient data, pharmaceutical research information is a highly attractive target for cyberespionage. It takes an average of 12 years to research a drug and get it approved, typically costing the research company $359 million. Competing companies, often sponsored by nation-states, can be motivated to cut costs and time through the act of cybertheft.

The Imperative for Ethical Standards in Analytics

Other research and publications have also pointedly raised concerns and risks regarding the perils associated with breaches or questionable use of data. These concerns have risen all the way to the White House, where at a recent conference DJ Patil, the White House chief data scientist, emphasized, "My ask is that every training course, every curriculum, every MOOC, every college class, every professional degree, every program at a company has a data ethics curriculum that is intrinsic – not some bolt on, but intrinsic – to the training of every data scientist, every computer scientist, every data engineer, every data operations person."

Quote for the day:

"Technology made large populations possible; large populations now make technology indispensable." -- Joseph Wood Krutch

January 24, 2016

Thinking Outside-In: How APIs Fulfill the Original Promise of SOA

Outside of the pure technology reasons, APIs have gained traction due to the inherent focus on simple, practical deployment. This, in turn, made it easier for technology leaders to convince their bosses that it was worth the investment, simply because it was easy to deliver tangible results very quickly. The API deployment model, that is, where and how APIs are deployed, executed, and accessed by consumers, is often referred to as “microservices” – decomposing the business workflow into a set of extremely fine grained services, each of which only does one thing and does it well. A microservice is typically not bigger than 100-1000 lines of code, outside of which it is time to split it into two separate services.

Artificial Intelligence is Closer -- and Less Awesome -- than Most Realize

“AI is making the biggest advances in things like speech recognition, computer vision problems and processing millions of images very fast,” Baveja said. “A lot of it’s driven by much faster processing, much cheaper processing and having much more data.” Within a year, the team hopes to have an early version of the tool that students can use to receive a customized list of classes they should take based on their unique circumstances. Human advisers will remain essential, Baveja said, but humans suffer from constraints such as limited time and availability. And while human advisers are good at recognizing contextual information like a student’s emotional state, even the most experienced adviser doesn’t have in mind a statistical overview of all student and class data enriched by concomitant patterns and trends.

AI, Machine Learning Rising In The Enterprise

Facebook AI Research (FAIR), which had already released to open source its deep-learning modules for the open source development environment Torch in Jan. 2015, last month announced another move. This time Facebook said it would release its server hardware design that's been optimized for machine learning to open source. Facebook has submitted the GPU-based system design materials to the Open Compute Project. The company said that the system is designed for greater energy and heat efficiency, as well as ease of maintenance. Digital tech giants such as Facebook, Google, and Amazon that have large data center operations have long designed their own hardware rather than use the designs from others, such as HP Enterprise and Dell. So, why the big wave of open source releases for machine learning-related development by these big companies?

Cloud app security: How not to fail

Developers often have a knee-jerk response and encrypt everything everywhere. While that sounds like the safest route, there are trade-offs you should consider first. For instance, if you implement encryption in flight, you'll have to encrypt and decrypt data before you place it on the network for remote consumption, and before any of your applications can consume it. That requires processing time and imposes a performance penalty that, in the cloud, can add up to a major cost. Make sure you have clear requirements for encryption in flight and that the level of risk and potential loss, calculated in dollars, is worth the cost of using encryption in flight. Encryption at rest is the most practical to apply, because you're ensuring that the data can't be read as it sits on a cloud-based storage system.

What 2015 Taught Me About The London Tech Scene

Add the very obvious talent shortage, and you have a recipe for spiraling costs. If I learned one thing in 2015, it was that surrounding myself with good people who want to work hard is paramount, yet I ended up contracting outside the U.K. based on recommendations. If there’s one reason London is awash with so many one- and two-man bands, it’s that the cost of finding and hiring a team is so high. Sure, you can go to Lithuania or Pakistan or Timbuktu and find someone who can get the job done, but that’s no replacement for in-house talent — and without a good team, you’re basically nowhere. The government’s plan to loosen up visa requirements for suitably qualified candidates should help in the short and medium term, but only a greater emphasis on training will sort out the problem in the long term.

Businesses need to place higher priority on cyber security

For too long have smaller companies adopted the attitude that they are too small or too low value to be targeted, and for too long has cyber-security taken a back seat. As this research shows, the outsourced approach is increasingly a viable alternative to the "go at it alone" status quo. It opens the door to a world of experienced MSPs, the best of which offer comprehensive, lightweight security solutions that are affordable, easy-to-install and provide real-time protection against modern threats. These small businesses are often targeted by advanced and persistent threats because of their partnerships with bigger fish. Without addressing these security capabilities SMBs will find it increasingly difficult to work with larger enterprises.

Accelerating Change in Data Analytics

The daily lives that are being impacted most by these changes are those of the people responsible for running data centers and delivering those analytics services. The role of IT professional has switched from a proactive annual planning set of responsibilities, to a reactive “how do I find compute and storage resources really quickly” list of requirements. It’s impossible to predict capacity needs, and speed is required to respond to opportunities and risks as they happen. In addition, the ability to leverage other resources on the cloud to ease the risk of predicting capacity improperly has resulted in a whole host of governance challenges. This huge amount of change has even lead to some referring to 2015 as “one of the most radically disruptive and transformative periods in IT industry history.”

Data Scientists: The Myth and the Reality

The data scientist of 2016 has been described as “part analyst, part artist.” She combines an analytical mind with the ability to interpret data to spot trends in business that are otherwise unseen. This skill requires an innate sense of creativity and thinking outside of the box. A solid foundation in math, analytics, computer science, and applications, as well as computer programming, are some of the skills needed to succeed in a career in data science. The all-star hybrid data scientist jobs that are often advertised online are something to take with a pinch of salt. As with most careers in tech, it is not likely that you have had extensive experience in all areas that are required on the job spec. A recent article on the topic states that it is important to look beyond the definition of the “unicorn” data scientist.

Three Reasons You're Underestimating The Impact Of Digital On Business

The digitally-enabled platform economy is often cited as the greatest opportunity for growth, but one that is off limits to companies outside Silicon Valley. It is true that ‘born digital’ companies dominate platform business models today, offering new value by bringing millions of consumers and service providers together. They can act fast because their model doesn’t rely on owning assets or producing goods. However, we now see classic manufacturing companies exploiting the value of data and digital platforms to build similar ecosystems of partners and customers on top of their asset heavy business models. In healthcare, engineering, even agricultural equipment, long established brands are embracing digital disruption by creating entirely new services and streams of revenue.

Are health hackers the new cyber security threat?

The market is flooded with stolen credit card details, he said, so “healthcare records attract the premium now”. Investigators do not believe information from the Anthem breach has been sold on black markets. However, other hackers have targeted victims of the Anthem attack with fake emails that appear to be from Anthem or offer credit protection. Those emails aim to steal data that could be sold to criminals, people familiar with the case say. Anthem plans to spend $130m over two years to better protect its networks from breaches. The company has assured regulators that it has strengthened its system, taking steps such as changing administrator passwords every 10 hours and hiring 55 cyber security experts.

Quote for the day:

"MindfulLeaders cultivate the ability to think clearly & to focus on the most important opportunities" -- @Bill_George

January 20, 2016

Semantic Data Technology and Innovations in Client Lifecycle Management

Ontologies can be used to support the KYC/AML in the following areas: a) Ontology based information extraction – used to extract relevant information from unstructured documents (for example monitoring a website to detect people who are involved in money laundering) b) Ontology based information discovery through inference – Detect money laundering schemes or establish connections of people with organizations that are on criminal watch lists c) Ontology based compliance rule verification d) Seamless integration of external and internal data – for example, data integration between internal watch lists between businesses.

Internet of Things in 2016: 6 Stats Everyone Should Know

The Internet of Things, which connects cars, homes, wearables, and everyday objects to the cloud, is a hot tech topic these days. Chipmakers such as Qualcomm andIntel are expanding into the space to diversify away from their core chip businesses. Smartphone makers such as Samsung and Apple  are entering the wearables and smart home markets to expand their mobile ecosystems. Yet according to Accenture, around 87% of mainstream consumers still don't understand what the IoT market is. Therefore, let's take a moment and review six key statistics that everyone should know about the Internet of Things.

JavaScript’s Creator Is Building A Browser For The Ad-Blocked Future

“At Brave, we’re building a solution designed to avert war and give users the fair deal they deserve for coming to the Web to browse and contribute,” Eich wrote. And an interview, he told me, “We’re doing something bigger than an ad blocker.” At a basic level, Brave is, yes, a browser that blocks ads, as well as a variety of data collection technologies, such as analytics scripts and impression-tracking pixels — as Eich put it, “We clear the whole swimming pool of algae.” But there are some important nuances here. For one thing, Eich said Brave won’t block all ads, because native, trackerless ads that only use the publisher’s own data will appear to the browser as normal content, and won’t be blocked.

8 Cheat Sheet Sites To Ace Tech Job Interviews

"You should do anything you can that's legal to prepare for an interview. That includes looking at these sites, talking to people you know who work at the company or used to work there and talking to recruiters who help the company find people," said Jon Holman, founder of the executive recruiting firm The Holman Group. ... Holman stressed, "You especially don't want to assume that the statements on the blog are true or current. Companies aren't stupid. If they know that a blogger has posted their "standard" questions ... (the) questions will get changed. And if you're flummoxed in the interview because you didn't think more broadly than the list of questions on the blog, well, you don't deserve the job."

DevOps: Tear Down the Wall!

“You build it, you run it” is one of the key principles of DevOps. The premise is based on the reluctance of a developer to pass defects downstream if there is a chance they’ll get paged later that night to fix a self-induced production incident. As developers embrace codifying resilient operational considerations into their delivery pipeline, they’ll begin to appreciate the heavy-lifting required to ensure their environments are well-managed and secure. ... Just as Development is inclusive of a myriad of interconnected disciplines and functions, Operations is also an overloaded term. The subtle complexities of infrastructure, network, and security need to be considered carefully before you remove “The Last Few Bricks”.

How to manage integrated testing for CI, CD and DevOps

With time, the need for getting quickly to the market has enforced test automation to be included in the early stages of a development process. More and more organisations are realising the importance of writing test code or scripts similar to that of writing development codes. ... An Integrated Test Management framework equipped with multi-tool integration capabilities can support continuous integration, automated triggering of build, automated testing and results reporting, ensuring continuous delivery, and rapid deployment practices - the roadmap to achieve DevOps.

Democratizing Big Data value

“Almost every company nowadays is growing so rapidly with the type of data they have,” adds Saso. “It doesn’t matter if you’re an architecture firm, a marketing company, or a large enterprise getting information from all your smaller remote sites—everyone is compiling data to [generate] better business decisions or create a system that makes their products run faster.” There are now many options available to people just starting out with using larger data set analytics. Online providers, for example, can scale up a database in a matter of minutes. “It’s much more approachable,” says Saso. “There are many different flavors and formats to start with, and people are realizing that.”

Getting Ready for IoT’s Big Data Challenges with Couchbase Mobile

Couchbase Mobile handles security in 5 areas: For User Authentication we support pluggable authentication. Out of the box we have support for popular public login providers like Facebook or you can write your own custom provider; For Data Read/Write Access there are fine-grained policy tools that allow controlling data access for individual users and roles; Data Transport on the Wire, for data in motion, is over TLS; Data Storage on Device, for data at rest on device, uses the device’s built in File System Encryption and additionally data-level encryption; and Data Storage in the Cloud, for data at rest in the cloud, you can configure Couchbase Server to use File System Encryption.

Analytics Investments Often Depend on How the CIO Views Their Legacy

What was interesting was that we discovered as we delved deeper into the data that there are three very distinct patterns of how CIOs deliver value to their organization. The patterns were “trusted operator”, “change instigator” and “business co-creator”. There is no right or wrong pattern. It is just dependent on the need of the business at that time. Cloud was a really big one for trusted operators. They viewed that as a way for them to think about and engage with internal business stakeholders and drive either some of the cost efficiencies or reliability, or whatever security issues were important to them. Cloud was important, but not as important or digital or analytics or business intelligence. But cloud seemed to be resonating really well with the trusted operators.

The trouble with being SMART

Respect for expertise, not centralized authority, coordinates open source communities that create great technologies. Innovative companies give employees off-the-clock time and free resources, and benefit from their tinkering. Such environments thrive due to decentralized action. SMART goals cannot add to, and inevitably subtract from, these structures. Second, companies no longer compete individually but as members of networks: Apple couldn’t create the iPhone, or Airbus the A350 aircraft, without collaborating with outsiders. Complexity, uncertainty, and ambiguity are unavoidably present therein since network members are geographically dispersed, and have varying strategies, processes and cultures. These enable problems and opportunities to regularly propagate with blinding speed.

Quote for the day:

"Talent hits a target no one else can hit; Genius hits a target no one else can see." -- Arthur Schopenhauer

January 17, 2016

Enterprises may eye supercomputing

Barry Bolding, chief strategy officer at Cray, said large companies are increasingly utilizing scientific computing and workloads that are consistent are often more cost effective on-premise. The cloud provides an HPC option for smaller and midsized companies. "There are a lot of great uses for the cloud and it's more flexible," explained Bolding. "But when you have continuous work the cloud can be more expensive because there's so much volume. You can't afford to do spot pricing all the time and have to reserve instances at a premium. If you're doing weather forecasting 7 days a week, 24 hours a day and 365 days a year on-prem is less expensive." Instead, Bolding said high-end Cray systems are more complementary to the cloud, which is used for bursting.

Hadoop, Open Source Adoption and Growth to Accelerate in 2016

A look at the technology environment today will show that the tables have totally turned. Even in large, conservative organizations, we see the desire for open-source software over even the tried-and-true commercial, closed-source options. After emerging from their bubble, organizations have begun objectively questioning whether licensing and suppor costs are providing true ROI. They are becoming increasingly concerned about vendor lock and see the strategic limitations of the inability to fix bugs or enhance these commercial fferings. If companies want to change something in an open-source project, or accelerate a bug fix, they now have the opportunity simply to do it themselves.

The second digital revolution: A cloud of clouds

For years, CIOs have struggled to avoid duplicating IT services, or creating silos of data that cannot be shared. A potential downside of a shift to the cloud, especially when you have business units autonomously introducing cloud solutions, is that it might perpetuate that same problem of isolated services and information. The CIO ends up with a patchwork of cloud solutions, over which he or she has little control. One emerging solution is for the CIO to combine all the organisation’s cloud services into a single cloud — a cloud of clouds — that can be managed and secured centrally. With such a strategy, the CIO has more visibility and control, and is better able to identify risky services, tighten up security and ensure a fair allocation of corporate resources.

Presenting a Roadmap for Digital Transformation at NRF 2016

Life in the Digital Vortex is challenging—especially for retailers. In an environment where averaged across industries four of the top 10 incumbents will be displaced by digital disruption in the next five years, retail ranks as the third most vulnerable out of 12. Retailers are also being squeezed between online-only retailers and traditional competitors that are further along with their digital transformations. But with the threat also comes opportunity. Cisco’s most recent Digital Value at Stake research highlights specific digital use cases that industries can implement now to drive new sources of value. According to the research, six industries—manufacturing, financial services, retail, service provider, healthcare, and oil and gas—will account for 71 percent of the total private sector Digital Value at Stake over the next decade.

5 reasons most outsourcing projects fail

Outsourcing is an integral part of today’s work culture. Companies across a wide range of sizes and industries are choosing to outsource some or all of their software development. As David Berry, CIO of Daymon says, outsourcing is no longer about saving money, but primarily about flexibility and getting to scale.While outsourcing has many benefits, it also brings some operational challenges. To get a better sense of the roadblocks that could derail an outsourced project, I interviewed people who take responsibility for outsourcing software projects - CIOs.

10 things the tech world should leave behind

Like many of you, I saw Star Wars this past month and thought, "Man, it's good to be back among the lightsabers, Tie fighters, droids, and of course, the Millennium Falcon!" It didn't feel anachronistic to return to the Star Warsuniverse, even though it had the same elements as when I was six years old. Some old-school technology (both on and off the big screen) will always remain fun and interesting. But other technological elements have worn out their welcome and need a swift kick to the curb. This article looks at 10 examples. Now, this list is subjective and I can't promise all these things are headed for the dustbin of history.

2016 and Beyond: Technologies and Trends that Will Change the Future of IT

The race to connect the unconnected will continue as well, whether we speak about connecting the next 4 billion people, introducing more wearables, creating body implants or enabling the Internet of Things (IoT), where billions of sensors are changing the way we live our lives. In the coming year, we will continue to march toward IoT with more than 11.5 billion mobile-ready devices and connections – 4 billion more than there were in 2014. As in years past, we’ve leaned on the Cisco Technology Radar to spot the next innovations that could benefit our customers, challenge the status quo of existing product portfolios or even address technology gaps.

Quote for the day:

"The task of leadership is not to put greatness into humanity, but to elicit it, for the greatness is already there." -- John Buchan