Tech Bytes - Daily Digest: November 02, 2016
The biggest cyber security threat is right under our noses, Will digital economy create a developer shortage, What big data is doing for shipping on a global scale, Defending against insider data breaches, Bitcoin isn't anonymous enough to be a currency and more.
Technology is advancing at a rate where the convergence of progress in multiple areas is finally making it possible to detect malicious insiders. The cost of storing data continues to go down. The processing capabilities of servers to sift through data keeps marching forward. And advances in machine learning—artificial intelligence—makes it possible to make sense of the data in meaningful ways. It is this confluence of massive secure scalable computing at a low cost, combined with exponential algorithm advances, that has made a breakthrough AI cybersecurity solution like Cognetyx possible. Take one of the toughest scenarios as an example. Let’s say an employee of a hospital for whatever reason decides to steal patient data. Maybe they hold a grudge against their boss. Perhaps they are going to sell the data.
The global public cloud market will top $146 billion in 2017, up from just $87 billion in 2015 and is growing at a 22 percent compound annual growth rate. The lion’s share of this growth will come from Amazon.com, Microsoft, Google and IBM, which have emerged as "mega-cloud providers,” Bartoletti says. They are opening new data centers and making concessions, such as Microsoft’s agreement to have T-Systems manage its cloud in Germany to meet data localization requirements. But the big players won’t be able to service every unique request, which means smaller regional players will see an uptick in adoption in 2017. Bartoletti recommends: "Keep you options open and don't be afraid to use multiple providers."
According to Sam Ramji, CEO of the Cloud Foundry Foundation, the companies that don't see a gap are not those furthest behind the effort to move into the digital economy. They are the ones that have been functioning as part of it for several years (companies such as Amazon, eBay, Google, Apple, and Netflix) and are attracting talent because of their position in the economy. The gap shows up more clearly in companies that are still dominated by their legacy systems, he noted. He said his impression that this might be the case was confirmed when Netflix made some of its internal code for managing AWS cloud operationsavailable as open source. When he asked Netflix officials why they released home-grown code, they explained that it would make knowledge of what they were doing more widespread.
Another important way that the use of Big Data can help optimize the shipping process on a global scale is to provide the information necessary to help shipping companies better manage multi-stop routing, which is a nightmare for any industry, and the shipping industry is no different. The use of Big Data will allow shipping companies to use a mathematical approach to determine where shipping containers should be placed on the ship. By using data to effectively place containers where they can be reached at the proper time, the entire process can be streamlined to run more effectively and efficiently — not only making the company more productive, but also saving the shipping company money.
With continuous development and DevOps integration, the DevOps models or recipes associated with each ALM phase have to be designed following the ALM processes. Then it can be codified in DevOps language -- declarative or imperative, as appropriate. When development changes are made to an application, component or service, the changes not only have to be tested in terms of application functionality, security and compliance, but also in how they impact the integration between ALM and DevOps. The tight coupling of development, ALM and DevOps demanded by continuous delivery has changed DevOps already. The two most popular tools, the imperative Chef and declarative Puppet, have both evolved to support modular declarations of resources.
Internal data breaches have the potential to damage reputation and incur significant financial loss – not only for law firms but clients too. As highlighted by the Panama Papers, the impact of an insider cannot be underestimated. An anonymous source from within Panamanian law firm Mossack Fonseca was able to leak an unprecedented 11.5 million documents over the course of a year, with consequences that reverberated across the globe. Of course, this is an extreme example, but it does serve to highlight the danger posed by an insider who can go undetected for long periods of time. While there is no silver bullet, there are steps that every law firm can take to reduce the risk of internal data leakage – and these aren’t constrained to the IT department.
On the surface, privacy-preserving cryptocurrencies seem designed precisely to undermine such controls. Monero mixes multiple transactions together so that a source cannot be directly linked to a destination. Zcash creates shielded transactions where everything is hidden except for a string of data that proves the transaction is valid . Bitcoin also plans to add some of these features in the near future. As bad as it looks, though, developers aren’t creating anonymous payment systems because they want to help criminals evade the law. They're doing it because that’s the only way a decentralized currency can work. If, say, users have to evaluate the acceptability of each bitcoin based on its transaction history, then one coin can be worth more than another and the currency loses its reason for existence.
“One self-help mechanism would be for a ‘good’ hacker to write a virus that finds insecure devices and simply disables them. This would remove insecure devices from the pool of computers that could be used as bots,” Eli Dourado, technology policy director at the Mercatus Center, told TheDCNF. “It would be inconvenient to consumers whose devices suddenly stopped working, but that inconvenience may be necessary to prevent more serious attacks in the future.” There are also security network services available, like Cloudfare and Akamai, but they can be expensive, said Ryan Hagemann, technology and civil liberties policy analyst at the Niskanen Center. “As with any decision, a company or individual will need to assess whether the benefits of employing such a service outweigh the costs.”
Before you rush out to buy an expensive Wi-Fi router with MIMO, you should know that to utilize that speedy wireless your Wi-Fi devices must also support the tech. Unfortunately, the majority of today's Wi-Fi devices, including smartphones and tablets, only support one or two spatial streams, and they won't be able to take full advantage of Wi-Fi routers with more streams. The same thing applies to MU-MIMO routers, because only a handful of mobile devices available today support the tech. In some cases, it may make sense to buy a more affordable Wi-Fi router that delivers optimal performance with your existing devices, and then later opt for a more advanced router when you upgrade your mobile devices to phones, tablet or computers that support MIMO.
Within the next year, Cisco will launch a program to certify IoT devices as compatible with its network-based software. Among other things, the software should be able to automatically authorize these devices on a “white-list” basis, allowing only endpoints that are safe instead of trying to find and block those that are not. Devices themselves will play a role here, telling the network what kinds of things they should be able to do, such as only connecting to the home server for the service it provides. This approach might help to prevent devastating events like the recent Mirai botnet attack that employed thousands of insecure internet-connected cameras. But the IoT onboarding and management capabilities go beyond security to include automation of other tasks like network configuration that administrators would otherwise have to do.
Quote for the day:
"The aim of education should be to teach the child to think, not what to think." -- Indira Gandhi