Tech Bytes - Daily Digest: October 28, 2016
Businesses shouldn't let security scares put them off IoT, Align intelligence UX & data to power exceptional customer moments, Focus your agile retrospectives on the learnings, IoT growing faster than the ability to defend it, The limits of encryption, Using smart city technology to power local economic development and more.
Often, the hardware involved has more in common with a PC than with a cheap and cheerful consumer device, such as Dell’s Edge Gateway products, for example. The upshot of this is that they can be managed by the IT department using similar admin tools to the rest of the IT infrastructure, and also support many of the same security and monitoring tools. This is not to say that enterprises should be complacent about security, but that there other things that should be of greater concern than worries about an IoT deployment introducing new security vulnerabilities to the corporate network. If anything, last week’s attack should have been a wake-up call to how exposed businesses might become if they rely heavily on internet-based services such as those delivered from public clouds.
Today, our most advanced applications are intelligent. Look no further than IBM Watson or Salesforce Einstein A.I. Bluewolf's recent The State of Salesforce Report showed that over half of companies surveyed described their most essential applications as at least somewhat intelligent already, able to anticipate and either take or suggest the next action. Increasing investments in intelligent applications is one key element to driving business results, but that alone is not enough. Companies must also invest in their employee and customer experience, and focus on translating their overwhelming collections of data into intuitive, automated employee experiences that, in turn, can power incredible customer moments.
Agile Retrospectives are the cornerstones of any inspect and adapt cycle. Even though teams should not limit their learning to Agile Retrospectives, they are quite commonly the place where most of the learning happens. This is because they are a common place for data mining, whereby the team collects information about what happened during the sprint and is able to identify challenges. As a result of all of the learning that takes place during these sessions, teams arrange new ways of working in order to avoid default thinking patterns. During the last week when I worked with a Scrum Master and helped her with the Agile Retrospective, I realized something interesting. If we focus on the learning instead of the outcome, Agile Retrospectives will always be successful.
The compromised IoT devices all appear to be built using the Swiss Army knife of Embedded Linux, BusyBox, and as such might not be readily patchable. Most of these IoT devices are webcams, smart DVRs, and home routers, but they are just the tip of the 1.2 million device iceberg that is the Mirai Botnet. To put this number in perspective the current active duty strength of the US Armed Forces is nearly the same number, 1.28 million. Image all of our active duty military sitting at keyboards running programs to attack a single website, that’s the power that “Anna_Senpai” the single person behind Mirai wields. Now by contrast Mirai isn’t the largest BOTnet we’ve ever seen, others like Conficker or Cutwall were larger, but this is the first one built entirely of IoT devices.
The IoT is expanding faster than device makers’ interest in cybersecurity. In a report released Monday by the National Cyber Security Alliance and ESET, only half of the 15,527 consumers surveyed said that concerns about the cybersecurity of an IoT device have discouraged them from buying one. Slightly more than half of those surveyed said they own up to three devices—in addition to their computers and smartphones—that connect to their home routers, with another 22 percent having between four and 10 additional connected devices. Yet 43 percent of respondents reported either not having changed their default router passwords or not being sure if they had. Also, some devices’ passwords are difficult to change and others have permanent passwords coded in.
It’s a simple point that many people haven’t grasped. Encryption can protect the contents of an email message, but it can’t hide who sent the message and who received it. That can be valuable information. Say that law enforcement officials are interested in a particular encrypted email that a suspect sent. If it can learn from the suspect’s carrier who the recipient was, it might be able to seize that person’s phone and read the message free of encryption. No muss and no fuss. As for meta-data, it can show times, dates and even location. So, despite Apple proudly declaring that it protects its customers’ data no matter what, it is still giving the government a lot of information “thousands of times every month.”
"The challenges these IT decision makers face each day are truly daunting," said Sabrina Horn, managing partner and technology practice lead at Finn Partners, in a prepared statement. "From aging technology infrastructures, to cybersecurity threats, to the need to keep up with the latest innovations, it's no wonder we received a lot of scary, uncertain opinions about what lies ahead. But these findings also highlight the need for technology providers to better communicate the business outcomes they deliver, making it a little less uncertain for everyone." Finn Partners surveyed 511 US-based IT decision-makers between Sept. 6 and Sept. 13, 2016. Respondents to the survey identified themselves as senior employees with decision-making influence in one or more of the following areas:
Fundamentally, smart cities use technology and process innovation to improve the quality of life for all stakeholders within a community. One could make the case that thanks to broad adoption of SmartPhone technology and broadband wireless, most cities are already ‘smart.’ However, so far, it is the private sector that is leading. City management is responding rather than proactively initiating a coherent strategy for harnessing smart technology in a way that improves quality of life for residents and visitors. It is an incredibly exciting time as a number of social, cultural, geo-political and technological factors are converging to drive a tremendous amount of innovation in this space.
The problem is not with AI but with humans who may misuse or abuse the technology. We’ve already seen the situation where AI has given the NSA and others the power to monitor and analyse our communications. You could say this invades our privacy and violation of the Constitution or you could say it protects us from terrorists. It’s up to us to decide how to use that power. Another ethical issue we should be thinking about is how computational biology is using AI to create designer babies, AI techniques are helping create tools to make this happen. Who wouldn’t opt to have a perfect, healthy child but if you eliminate naturally occurring diversity, what might the consequences be?
There are two main ways that ISPs could contribute to IoT security. The first is by blocking or filtering malicious traffic driven by malware in known patterns. For example, some ISPs use a standard called BCP38 to reduce spoofing, the process used by attackers to transmit network packets with fake sender addresses. Protecting against spoofing can negate many of the strategies that allow for assaults like the one on Dyn, but it’s taken years to get the majority of ISPs to adopt the standard—and some still don’t because of the cost of installing and maintaining the filters. The second thing ISPs could do is notify customers—whether big corporate clients or individuals—if a device on their network is sending or receiving malicious traffic.
Quote for the day:
"Great thoughts speak only to the thoughtful mind, but great actions speak to all mankind." -- Theodore Roosevelt