Tech Bytes - Daily Digest: November 01, 2016
Devops engineer skills needed for continous deployment, Digital radically disrupts HR, Microservices governance requires standards security & scrutiny, Why don't all businesses have a good continuity strategy, Red Hat EMEA chief sees opportunities in shifting markets and more.
Most users know the basics of computer privacy and safety when using the internet, including running HTTPS and two-factor authentication whenever possible, and checking haveibeenpwned.com to verify whether their email addresses or user names and passwords have been compromised by a known attack. But these days, computer users should go well beyond tightening their social media account settings. The security elite run a variety of programs, tools, and specialized hardware to ensure their privacy and security is as strong as it can be. Here, we take a look at this set of tools, beginning with those that provide the broadest security coverage down to each specific application for a particular purpose. Use any, or all, of these tools to protect your privacy and have the best computer security possible.
Speed and fluidity are the hallmarks of a DevOps culture -- code is always changing, and it takes sound collaboration and version management skills to assemble the correct components and craft a release that runs. DevOps engineers work with tools such as Git, Perforce and Apache Subversion for version and revision control. To better deploy this ever-changing code, many DevOps engineers embrace configuration management, which is almost always automated to accelerate the pace of new version releases. Many DevOps engineers are experts with tools such as Puppet, Chef and Vagrant. DevOps engineers don't just shepherd code through development; they also provide the bridge needed to facilitate those new releases on the operations side
Technology advances are enabling HR to put the “human” back into human resources, and helping give people management back to the people. This could include involving employees and managers in high-impact talent processes—including recruiting, hiring, succession planning, learning and shaping career paths. ... Just as digital changed marketing by enabling customization of products and messages, digital is similarly transforming HR. Digital can now be used to push out customized offerings, including learning and job opportunities, targeted, personalized messages, or personalized information based on an analysis of an individual’s social media digital trail and artificial intelligence that predict what an individual needs and values based on their unique employee segment.
Data is now creating opportunities for business growth and profit like never before. In the last decade, the emergence of advanced data technologies and superior analytics tools has made it possible for business operators to reap numerous benefits from their data assets, yet for most they’ve only just scratched the surface of data’s potential. Data Science is allowing enterprise’s to successfully leverage that potential like never before. A particular McKinsey report published in 2013 predicted that the global business community would feel the pinch of an acute shortage of Data Science professionals for the next decade, specifically a shortage of “1.5 million analysts” skilled at deriving competitive intelligence from the vast amounts of static and dynamic (real-time) data.
"It is important to look at governance holistically as not only microservices management during runtime, but also as an inculcation of best behavior within domain teams during design and development," Kohli said. While the first part can be addressed through APIs, best practices can be more difficult since they deal with the human element. Things like posting microservices on a collaboration hub and encouraging merit-based reuse with reviews and ratings can help, he said. Ultimately, the popularity of microservices will require standards, which will likely stem from collaboration between companies in the cloud computing space. Until then, products do exist to help shore up security issues and ensure that the microservices are flexible enough to meet the needs of the company.
What is troubling about this is that smaller firms have a much harder time recovering from attack. Breach requires cleanup, forensics, notification of employees, customers, clients, causes costly damage to brand, may diminish goodwill, and can result in direct financial loss. A smaller firm can have a very hard time recovering. In fact, according to surveys by the National Cyber Security Alliance, approximately 60% of small businesses that fall victim to a cybercrime each year go out of business six months after an attack. Digital life is unfair. The big guys like Target, Home Depot, eBay all recovered from massive cyber attacks with no noticeable impact on share price a year after their attacks. But mid-sized businesses may well be driven to bankruptcy.
Most businesses are familiar with the idea of data backup, but a proper disaster recovery strategy goes beyond data. Businesses often have data backed up, but don’t consider the systems that rely on that data. What use is data if a disaster renders the IT infrastructure inaccessible? While data backup is essential, it serves little purpose when all of your applications and systems are out of commission. Disaster recovery is usually a manual process, in which IT teams are on-call and recovery time is dependent upon how quickly they can restore service. A more effective continuity strategy takes the full implications of downtime into account. Downtime means a hit to the bottom line. It means employees getting paid to wait for crucial systems to come back online. It means your customers going elsewhere.
Typically, point-of-sale malware works by reading payment data the moment the card is swiped through the retail checkout machine. It does this by scraping the RAM memory of the point-of-sale terminal, where the payment data can be unencrypted. "The malware techniques are evolving all the time," Rice said. Criminals also understand that retailers are continually updating their point-of-sale machines for pricing or inventory reasons. "So they (the hackers) are using a variety of vulnerabilities to insert the malware into the system," he added. However, businesses are far less vulnerable to any data breach if they move to end-to-end encryption, according to Rice. That means encrypting the customer's data throughout the entire payment process, including the moment the credit card is swiped.
The privacy features of Zcash could make it harder for the currency to win support from regulators and bankers. Investigators have used Bitcoin’s ledger, known as the blockchain, to track down some people selling drugs for Bitcoins on black market websites. Such websites have proliferated since the first popular black market site, the Silk Road, was taken down in late 2013. Since the demise of the Silk Road, mainstream financial institutions have shown significant interest in virtual currencies and particularly in the blockchain technology, which provides a new decentralized way to keep financial records and to power transactions of all sorts. Major central bankshave recently been talking about using the technology for their own currencies.
OpenShift is key here and Knoblich nominates it as “becoming the hottest product for Red Hat, not necessarily for revenue but in terms of interest, proofs of concept and net new customers. Here, Knoblich sees Linux becoming the common denominator underlying physical servers, virtual servers, private clouds and public clouds. There is a different buying audience for OpenShift where DevOps is at the heart of activity and it is one that the company is quite comfortable. A related opportunity lies in JBoss middleware where Knoblich says some firms are swapping out BEA WebLogic for JBoss. In telecoms Red Hat is helping carriers virtualise their networks having created a unit that is focused purely on telco, and banking is another market where restructuring of the sector will lead to a requirement for agility.
Quote for the day:
"The basic story is that we have been gradually losing our privacy in a whole bunch of ways that people don't appreciate." -- Matthew Green