Daily Tech Digest - May 31, 2017

Cisco and IBM announce historic cybersecurity partnership

While the relationship brings technology collaboration and integration to Cisco and IBM customers, it also brings two armies of cyber experts. The tech giants are two of the top 10 cybersecurity startup acquirers. With 40 security acquisitions under their collective belts, Cisco and IBM have snapped up some of the top information security talent along the way. IBM Security alone employs more than 8,000 people globally. One of the core issues impacting security teams is the proliferation of security tools that do not communicate or integrate, according to the press release that announced the new partnership. A recent Cisco survey of 3,000 chief security officers found that 65 percent of their organizations use between six and 50 different security products. Managing such complexity challenges over-stretched security teams and can lead to potential gaps in security.

Florida is Now Courting Hyperscale Data Centers

Data centers developed in rural areas burdened with agricultural tax exemptions can help grow a commercial real estate tax base to boost local budgets. These data centers do not require significant investments in local schools, roads, and parks in return for the entitlement to develop. They also have state-of-the-art security and fire suppression systems which help limit the impact on fire and police resources. The Florida legislature and governor have now taken a crucial step to make the Sunshine State more competitive. However, it isn’t a silver bullet. Notably, the Florida legislature removed economic incentives from Enterprise Florida, which only received $16 million in funding in this latest budget. Florida still has challenges to overcome in attracting massive data centers that could benefit from the new legislation, including: frequent lightning storms, hurricanes, and a harsh climate which requires robust HVAC systems to deal with sensible (heat) and latent (humidity) loads.

Hackers upgrading malware to 64-bit code to evade detection

“The high prevalence of these worms in the threat landscape is unsurprising, as all of them infect files which in turn infect more files, and cause this type of malware to spread quickly and widely,” said the report. “To combat this threat, cyber-security teams must gain a deep understanding of 64-bit systems, and the different mechanisms attackers can leverage to attack them,” said Propper. Bogdan Botezatu, senior e-threat analyst at Bitdefender, told SC Media UK that for specific attacks, 64-bit malware is required to be compatible with the operating system version targeted. These extremely niched families of malware include rootkit drivers (which must be compiled specifically for the target platform), process injectors (including some banker Trojans) and some file infectors (viruses) even if viruses are close to going extinct these days.

OS Instrumentation Framework: osquery

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. SQL tables are implemented via a simple plugin and extensions API.. ... Management can be simple and flexible. The osquery daemon uses a configuration input plugin and logging output plugin. By default both use a filesystem path. Read using osqueryd for an overview of configuration. osquery can be controllable in real time through community-supported management services. These complimentary services and open source projects are documented in our configuration guide. And writing your own configuration input and results output is supported and encouraged.

eBook: Enterprise Architecture in Practice

The author gives a good account of enterprise architecture in practice but makes some other points and raises some fundamental issues related to the practice of enterprise architecture as it exists today:
Enterprise Architecture is a strategic skill that transcends companies, and industries i.e. the fundamental principles apply across the board; and Enterprise Architecture is much more than a tool for "business IT alignment" or being only about IT - it concerns the entire enterprise and its restriction to IT has limited its value.  Toward that end, the ebook discusses: How to setup the enterprise architecture practice or capability in the enterprise; What "work" or "activity" does an enterprise architecture practice/department do and what business benefit does that produce?

Why mobile apps management trumps a traditional BYOD strategy

"We've started to see civil cases take shape," Silva said. "New York State is an example that comes to mind. Someone was a contractor; they signed away their rights on the dotted line. They ended their contract and left. The device got wiped and the last photos of a dead relative were destroyed. It found its way into a court room. That's had a chilling effect on this." In addition, in countries such as France and Germany, there are greater protections for an employee's personal electronic devices that make it even harder to implement tough BYOD policies, Silva added. "We've gotten a lot of questions from enterprises about how can they can manage this without locking down the whole device," Silva said. The majority of smartphones used in the workplace now are personally owned devices.

Why Microsoft's ARM-based Windows 10 laptops still have a lot to prove

The new machines will compete alongside Intel-based models in a sector Microsoft calls "always connected" PCs. These are Windows 10 machines intended to bring some of the best features of smartphones to laptops: an all-day battery life and fast, constant LTE cellular connection. "It's all around this idea that a PC should be connected, just like a smartphone," said McGuire. On current Windows 10 PCs, standby mode means the machine is shutdown but Qualcomm promises greater things from standby on the new computers. "With these systems, you're truly connected and you will be syncing data, Cortana will be available and it give you truly instant on," he said. During a demonstration at Computex in Taipei on Wednesday, Qualcomm showed off a Windows 10 ARM development system running on the Snapdragon 835.

Four Vectors Changing The Security Software Landscape: Gartner

The security software market is currently experiencing rapid transformation mainly because of four key developments, according to Gartner. The use of advanced analytics, expanded ecosystems, adoption of software as a service (SaaS) and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments. "The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how risk and security functions deliver value in an organization," said Deborah Kish, principal research analyst at Gartner. "At the same time, the threat landscape and rise in the number of high-impact security incidents are also creating demand for security technologies and innovations that deliver greater effectiveness."

Why employees hate virtual collaboration and what to do about it

Despite the constant influx of new tools, most workplace communication still occurs through face-to-face conversations, phone calls, and email. Admittedly, some newer options have gained traction. For example, 61% of survey respondents reported using work instant messaging daily, and 53% said they participate in virtual meetings more than once a week. However, these media simply replicate the private, one-on-one and small-group conversations enabled by previous technologies while doing little to bring new voices into mix, increase traceability, and facilitate knowledge reuse. To improve the efficiency and quality of workplace collaboration, employees need to transition at least some of the interactions taking place privately in meetings, phone calls, and email to open forums such as communities of practice, enterprise social networks, and collaboration spaces.

Hackers Hide Cyberattacks in Social Media Posts

“Most people don’t think twice when they are posting on social media. They don’t think about people using the information against them maliciously,” Mr. Kaplan said. “They also don’t assume people on their network might be attackers.” According to a 2016 report by Verizon, roughly 30 percent of spear phishing emails are opened by their targets. But research published by the cybersecurity firm ZeroFOX showed that 66 percent of spear phishing messages sent through social media sites were opened by their intended victims. In the Defense Department attack, for example, 7,000 employees took the first step toward being compromised by clicking on a link, said Evan Blair, a co-founder of ZeroFOX. “The attacks are so much more successful because they use your personal timeline and the content you engaged with to target the message to you,” Mr. Blair said.

Quote for the day:

"You will face your greatest opposition when you are closest to your biggest miracle." -- Shannon L. Alder

Daily Tech Digest - May 30, 2017

8 Most Overlooked Security Threats

There's always a new security threat to worry about, whether it's from the latest breach headline or a cyberattack on your business. It's almost impossible to keep track of every factor putting an organization at risk. There is no avoiding the reality that cybercrime, or cyber espionage, will hit. Attackers are employing methods across the spectrum to deliver malware and steal credentials, from old vectors like malvertising, to new ones like appliances connected to the Internet of Things. Every security expert has a different perspective on which threats should be top of mind, and which ones businesses aren't paying enough attention to. Here a few security pros weigh in on the threats they thing are flying under the enterprise security radar.

Being a ‘Digital Bank’ Goes Beyond a Pretty App

Becoming a digital bank can transform a traditional banking organization from being a reactive product provider to being a proactive financial advisor. By developing a digital stack that operates in real-time, with the contextual engagement and the interests of the customer placed at the forefront, financial organizations can combine home grown services with those offered by outside organizations. By definition, digital banks will be more agile and instantly responsive, increasing revenue opportunities and decreasing costs. According to the Temenos report, Digital Banking, “A digital bank offers customers contextualized, seamless experiences that transform the customer journey. And becoming a digital bank means delivering a compelling and relevant customer experience through an open, integrated and flexible architecture.” In short, Temenos believes a digital banking solution provides:

11 Interesting Examples of How to Use Chatbots

Millions of people already get it. They're using chatbots to contact retailers, get recommendations, complete purchases, and much more. Adoption of chatbots is increasing. People are discovering the benefits of chatbots. All of this is good news for entrepreneurs and businesses because pretty much any website or app can be turned into a bot. Now is the perfect time to hop on the bandwagon. Even I've jumped on the bandwagon with my new startup. ... Many consumers know they want to buy some shoes, but might not have a particular item in mind. You can use chatbots to offer product suggestions based on what they want (color, style, brand, etc.) It's not just shoes. You can replace "shoes" with any other item. It could be clothes, groceries, flowers, a book, or a movie. Basically, any product you can think of. For example, tell H&M's Kik chatbot about a piece of clothing you have and they'll build an outfit for you.

'Proof of value' -- not proof of concept -- key to RPA technology

“RPA is a transformational tool, not a desktop macro builder. Look for pain points within the organization and identify what needs to change. This isn’t just a cost play; rather, it has to do with mitigating the challenges of growing in a linear fashion by increasing the number of full-time employees. For some, it is about improving speed and quality to differentiate in the market. Others are attracted by the insight and analytics that come from consolidating all transactional data into one database for real-time visibility.” ... “The next step is to analyze the business and map processes at keystroke level. To do so, use experts in RPA, as it is important to drill into the areas where configuration will be complex. Standard operating procedures, training materials and system manuals will be great inputs, but not enough by themselves.”

Philipp Jovanovic on NORX, IoT Security and Blockchain

Although the situation seems to be grim, there is hope nonetheless. Just to give an example: a while ago IKEA released its Trådfri smart lighting platform which apparently has a fairly decent security architecture. At a first glance it might come as a surprise that of all companies, it is IKEA that points the way of the importance to invest in good security design for IoT products. On a second thought, however, IKEA's decision becomes easily comprehensible: by not squeezing the last bit of revenue out of their IoT product, IKEA reduces the risk of their devices being hacked on a large scale which could force the company to do a costly product recall and might damage its image substantially. Thanks to this decision, the world is likely spared from experiencing a Trådfri-botnet with a gazillion IoT light bulbs against which the Mirai-botnet would be a bad joke.

10 best practices for master data management

Unfortunately, a common mistake that some organizations make is to treat MDM as a technical issue. While this approach helps an organization quick start its MDM initiative, it leaves most critical problems unattended, and dilutes the overall benefits of the MDM program. A technology-driven approach decreases business confidence in MDM, making it difficult to sustain the solution, thus causing the premature death of the global MDM program. However, a technical solution well integrated with business processes, along with a strong governance program, is the right way to start an MDM program. A business driven approach can ensure the success of MDM program and enable a path for further expansion.

Is DDoS Protection Right For You?

What is the actual cost to your business during a DDoS attack? Is it services deferred or services diverted? That is, are you in a market position where people will come back later to avail of the services? Or will they simply go elsewhere? If you’re in the former position, the “cost” of a DDoS attack is significantly lower than that of the latter case. Be wary of the “reputational harm” hype. It is hard to quantify. Take some time to understand what it means to you. For instance, if you’re a gaming site and you’re hit by DDoS attacks, it could mean the end of your business. If you’re a niche site that caters to ham radio operators in Austria, perhaps not so much. Be cautious of vendors who say the correct answer is to expand your DDoS protection services. That may not be the right answer. Determined attackers clearly have the ability to point more IoT devices at you than most reasonable DDoS protection services can handle.

Securing IoT Devices Requires a Change in Thinking

For the present, and for many years to come, detection and mitigation will remain essential, but they are costly. The more attack surfaces a device has, the more expensive it is to manage. Operating systems such as Windows and Linux offer a large attack surface to the opposition because their function is to be as flexible as possible. As a result, even the Linux kernel contains 15.9 million lines of code (v3.6). Almost all of it is written in C or C++ and, thus, is vulnerable to buffer overrun attacks. We are currently at the point of maximum IoT vulnerability. Five years ago, most embedded systems controllers were built around 8- or 16-bit CPUs, which rarely offered more than a few thousand bytes of RAM. Systems had to be simple, as programmers were forced to make every byte count. Today, a 32-bit CPU with a couple of gigabytes of memory costs only a few pennies more.

Internet of Things: Complexity breeds risk

First, not all organizations have the capability to fully test IoT devices. The onus is on the manufacturer to keep them secure. With devices having highly customized firmware, updates are difficult and often tied to the firmware. Therefore, service level agreements on security patching have to undergo strict scrutiny before committing your organizations to these devices. If the manufacturer abandons you, you have lost your investment. Second, this also means that there is a need to treat IoT devices the same way we treat personal devices in the enterprise: with caution and away from corporate networks. Deployment of IoT devices necessitate that they are segmented from the corporate network. Additionally, manufacturers need to talk about implementing security by design to all IoT devices as well as the creation of security standards against which we can measure IoT devices.

How CISCO Combats Fast-Maturing Cybercrime Networks

We will see others adapting and modifying the technique to bring new threats. That’s really part of what I think has changed in doing cybersecurity. Five to 10 years ago, we had people wanting to make a statement and disrupting services. We had hobbyist doing things to see what they could do, and we had nation state actors. Today, while they still exist, I think most organizations can defend from the hobbyist and many of the people wanting to make a statement. It’s very hard to protect yourself from a nation state as an individual company. The cybercrime network has matured and developed very quickly. Much like normal companies that are figuring out how to deliver their services at scale using web technologies, the cybercriminals around the world are doing the same thing, and they’ve built a supply chain that’s very effective.

Quote for the day:

"Most people live with pleasant illusions, but leaders must deal with hard realities." -- Orrin Woodward

Daily Tech Digest - May 29, 2017

Google will soon find you a job as the tech giant refines its mastery over AI

Not to be confused with reaching and including people at grassroots level, here we are talking about Google being inclusive of first world citizens and Apple fans. The most compelling use case of AI to make an average users' life better is through Google Assistant. The chatty, natural language assistant that aims to help us in real world was launched during io16 for Google Home and subsequently introduced for Pixel phones, it is now available for iPhone. On both Android and iPhone, Google Assistant will now work in French, German, Brazilian Portuguese and Japanese. And coming soon are Italian, Spanish and Korean But that's not all. Google just opened the Assistant SDK for developers and OEM of any apps and electronic appliances to be Google Assistant compatible.

Cybersecurity RoI: Still a Tough Sell

At some point, panelists agreed, cyber insurance providers will get better at estimating the value of breaches. But that component of the industry is still in its infancy compared to decades covering property and vehicles. “They just don't have the data yet,” Stanley said. The reality, said Jim Cupps, senior director at Liberty Mutual, is that there is a long way to go. “I don’t think interactions between boards and CISOs have become a value proposition,” he said. That, Porter said, will require more education. “Cybersecurity is viewed as the CISO’s problem,” he said. “But ultimately it’s an enterprise problem. My job is to educate them about that.” Stanley agreed that is, “a difficult task, but it is getting better. Boards are learning. They need to know, and as it becomes more of a regulatory issue, they want to know,” he said. “Wise CISOs can educate the board and then get the budget they need to do the job.”

How Google’s cloud is ushering in a new era of SQL databases

The market for these new flavors of databases is still emerging. ... A handful of other newer companies offer NewSQL databases, including NuoDB, H-Store, Clusterix, VoltDB, MemSQL and others. Amazon Web Services offers Amazon Aurora, which supports MySQL and PostreSQL, which some consider NewSQL. One of the advantages of NewSQL databases is they support applications that run on traditional SQL databases, such as Oracle’s line of databases. Aslett and Pavlo point out, however that workloads running on those traditional databases are typically core applications that enterprises may be more reluctant to move to new databases unless there is a strong need to do so. NoSQL databases, on the other hand, excel at scalability and are typically used in new applications revolving around social, mobile and Internet of Things applications.

4 of the biggest IT project stressors and how to fix them

Take ample time to understand exactly what technologies or other tools are needed to help you to do your job better. Identify any time and cost savings or how it will improve the quality of any deliverables. If you don't know this answer, it's almost impossible to get management to approve it. Be prepared to outline how any expenditure is an investment in the future of an IT project. Companies seldom want to spend money on technologies or resources unless they can see a fairly quick recapture of costs or justify it through an ongoing need. This becomes particularly important for smaller companies with limited funds or larger organizations that have already invested large capital into existing technologies.

Why Cloud Security Needs Visibility-As-A-Service?

Public clouds need to handle hyperscale deployments, resource pooling, and continuous configuration changes based on demand, which brings unique challenges to ensuring visibility, security, and compliance. In February of this year, we surveyed over 220 senior IT staff at enterprise organizations on their cloud security concerns, and 76% of respondents were ‘very concerned’ or ‘concerned’ about security in their cloud environment. The top security concern with cloud adoption was ‘loss of control over network data’  and being able to achieve full visibility across their networks. The limitation is in traditional visibility architectures. They cannot deliver the agility and insight required to ensure proper operation and security of cloud workloads. On-premises solutions depend on physical hardware, taps, and the fact that the organization’s network deployment is unlikely to grow or shrink dramatically overnight.

How Can CIOs Take Control of App Sprawl?

From an IT perspective, this results in higher costs, more time required to administer systems, security and regulatory challenges, and, in the end, diminished productivity. "It's not unusual for an organization to wind up spending double, triple or even four times as much as necessary because people are using applications that already exist within the enterprise," Evolutionary IT's Guarino reports. "Too often, departments and employees make independent decisions outside the scope of IT. Many of these applications also introduce regulatory compliance and security concerns." Mobile apps add to the challenge. It's not uncommon for different divisions, groups and departments to develop mobile apps separately, or to offer different consumer-facing mobile apps for different customer segments. Such a scattershot approach can confuse users, diffuse an enterprise strategy, and lead to highly inefficient and often redundant development practices.

No-code/low-code project management best practices

When an engineering team begins work on a new feature, a set of guidelines is followed to ensure that all product changes have been made safely, and to the standard set forth by the organization. No-code/low-code products are no different. Things like quality assurance, version management, and efficiency should all be addressed and managed continuously. No-code/low-code or not, one of the most important parts of product development is establishing documented, repeatable processes that the whole team can follow. This can be doubly important when working with non-development staff who might have less experience with the product development lifecycle. Working directly with the product development team will help non-technical staff build effective applications and services in a timely and efficient manner.

Here's how MobiKwik hopes to survive the death of mobile wallets

“MobiKwik’s opportunity might lie in its relatively focused and cautious approach in building a payments business,” says Shubhankar Bhattacharya, venture partner at Kae Capital. “While Paytm has chosen to enter the banking space, MobiKwik might benefit from adding complements to its core offering, while staying true to its identity as a payments solution.” ... Doesn’t the new business model look similar to that of a slew of fintech startups that are already into lending and other financial services? Singh says there are enough differentiations. Take, for instance, the decision not to convert into a marketplace, where one can get a comparison of different kinds of financial products and lending rates. While there are different models in the fintech ecosystem, what would help MobiKwik is forging a stronger relationship with the customer, he adds.

Caught In The Breach - What To Do First

James Lugabihl, director, execution assurance at ADP, agreed that the key to limiting the damage of a breach is, “how quickly can you respond and stop it.” He said it is also crucial not to react without complete information. “It’s almost like a disaster scenario you see on the news,” he said. “It takes a lot of patience not to react too quickly. A lot of my information may be incomplete, and it’s important to get everybody staged. It isn’t a sprint, it’s a marathon. You need time to recognize data so you’re not reacting to information that’s incomplete.” With the right information, he said, it is possible to “track and eradicate” malicious intruders, plus see what their intentions were. Both panelists said legal notification requirements can vary by country, or even by state, and if it is not a mandate, notifying law enforcement is something they will sometimes try to avoid.

Calculating the Operations Cost of Software You Haven't Developed

We need to move to a model where projects request different budgets for different phases of their lifecycle, experiment vs exploit etc. Using microservices and the approach I discuss allows teams to use empirical data to estimate the operations costs for this budget. The "Sunk cost fallacy" does exist and can be more complicated that just misunderstanding. There needs to be a no blame culture so people are happy to raise "sunk cost" issues without recrimination, otherwise politics will prevent them for being surfaced. ... Although the approach is called DevOps, I feel if anything it is finally aligning the goals of the business with IT. Maybe it should be called BusIt! You honestly can't say that either organisational or technological change is more important than the other.

Quote for the day:

"Success is finding satisfaction in giving a little more than you take." -- Christopher Reeve

Daily Tech Digest - May 28, 2017

Biometrics: Authentication Silver Bullet or Skeleton Key?

"We do need to understand how we're going to use them and what the problems are," he says. "We need to mitigate against those problems, the same as we'd do with any other system." Biometric systems become stronger in context, and that's where big data can help. Location data or knowing a pattern of when someone uses biometric authentication can help the systems make a better judgment on whether to open access. "You need to make sure the biometric system you are using isn't a single factor because it's essentially useless," Jamieson says. "It needs to be coupled with something else." That risk can be judged according to the situation. In some cases, a partial fingerprint alone may be fine. But for other transactions with higher risks, the authentication can be escalated, requiring or calling on other information.

A Roadmap to the Programmable World

Today's development methods, languages, and tools-or at least those that are in widespread use-are poorly suited to the emergence of millions of programmable things in our surroundings. We highlight issues and technical challenges that deserve deeper study beyond those IoT topics that receive the most attention today. Because this article is forwardlooking, our roadmap is somewhat subjective. Our viewpoints stem from our own projects and collaborations in the IoT domain2-5, as well as from our experience predicting and partaking in mobile and web computing's evolution over the past 20 years. For instance, the emergence of virtual machines in mobile phones in the late 1990s wasn't a dramatic technical achievement per se. However, it opened up mobile phones for the vast masses of developers, creating today's multibillion-dollar mobile-app industry. 

How Women Will Disrupt Cybersecurity

The element of emotional connection in facilitating a strong security culture will be key going forward as organizations shift their focus from technologies to internal employees in an effort to combat the massive amounts of breaches taking place on a daily basis. And as highlighted in the Harvard Business Review, “the higher up you go in an organization, the less important your technical skills become and the more your interpersonal skills matter”. So what is the solution for creating the norm of emotional connectedness in the workplace and enhancing the security culture? ... With the research clearly demonstrating that emotional connection is essential in fostering a strong security culture, and women outperforming men in the measurement of emotional intelligence, we can conclude that the creation of more strategic security communication roles in leadership positions will enhance organizational security culture, create a platform for women to excel in the space

We Still Know Very Little About How AI Thinks

It is important to understand how these systems work, as they are already being applied to industries including medicine, cars, finance, and recruitment: areas that have fundamental impacts on our lives. To give this massive power to something we don’t understand could be a foolhardy exercise in trust. This is, of course, providing that the AI is honest, and does not suffer from the lapses in truth and perception that humans do. At the heart of the problem with trying to understand the machines is a tension. If we could predict them perfectly, it would rob AI of the autonomous intelligence that characterizes it. We must remember that we don’t know how humans make these decisions either; consciousness remains a mystery, and the world remains an interesting place because of it.

How chatbots can settle an insurance claim in 3 seconds

As chatbots become more commonplace, they are making their way into behind-the-scenes claims processes as well. Tableau’s prototype chat software, Eviza, has a voice interface so users can drill into its signature data visualizations simply by asking questions out loud. Clara Analytics offers askClara, a chatbot the company bills as a “24/7 personal assistant to the claims handler.” Like customer-facing chatbots, it can answer routine questions about a given set of claims. Insurance companies are sitting on a trove of the one thing AI requires to be successful — data. And AI technologies like machine learning have the ability to make that data actionable. Machine learning can look at data in a number of different ways. It can rank information, putting what it thinks you are looking for at the top of a list; classify information like images; make recommendations; and associate something with a numerical value. 

Are data lakes the answer to privacy regulations, competition in healthcare?

“Arguably, for the first time, we finally have the deep, rich, clinical data that we’ve needed to do analytics with, [and] big data processing power, the Internet of Things and all of the rich sources of new data that we can learn new things about how to treat patients better. And then the final component is … the financial incentives are finally aligned,” Cramer stated. What he finds most exciting about all the changes is by having the ability to analyze data it enables organizations and practitioners to measure the quality and outcomes of their work by removing inefficiencies that were prevalent in the past and providing value. With all the conversations over the years on theCUBE, when it comes to digital transformation there is a pattern emerging, according to Furrier: how to run an organization, how to take care of the users and giving the customer or patient a great experience.

Information Architecture. Basics for Designers.

Information architecture aims at organizing content so that users would easily adjust to the functionality of the product and could find everything they need without big effort. The content structure depends on various factors. First of all, IA experts consider the specifics of the target audience needs because IA puts user satisfaction as a priority. Also, the structure depends on the type of the product and the offers companies have. For example, if we compare a retail website and a blog, we’ll see two absolutely different structures both efficient for accomplishing certain objectives. Information architecture has become the fundamental study in many spheres including design and software development.

Five DevOps principles to apply to enterprise architecture

At the most basic level, DevOps means that software developers and IT operations engineers (also known as system administrators) work together on software production. By facilitating collaboration between the programmers who write software and the administrators who manage it in production, implementing strong DevOps principles eliminates communication barriers that could lead to software design mishaps, bugs going unnoticed until they are too costly to fix and other software delivery issues. An important practice that DevOps promotes is continuous delivery of software. Under the continuous delivery model, small changes to a software program are designed, written, tested and placed into production at a constant pace. For continuous delivery to work, however, all members of the organization who play a role in software production need to be in constant communication.

MeitY Requires Government Departments to Have a CISO

Some security experts, however, say there aren't enough qualified officials to take over the role of CISO in each department. "A senior person in government doesn't necessarily guarantee the right skills required for a CISO," says J Prasanna, director at the Cyber Security & Privacy Foundation Pte Ltd. "At the senior level, you may have someone who commands respect, but he should also understand security process." Given the criticality of the role, government departments should consider hiring outside experts to serve as CISO, rather than selecting someone already on the staff, as MeitY is requiring, says Sivakumar Krishnan, former head of IT at M Power Microfinance. Shashidhar adds that each department "should appoint industry experts and empower them as CISOs in the short term. ..."

Introducing Socks Shop: A Cloud Native Reference Application

This project began as a small demo application for DockerCon to show off some new services developed by Weave Works. As a company which focuses on building products and tooling for microservice and container based applications, they needed an actual application on which to demo their services. In two weeks, we built an “aggressively microserviced” application, throwing in a variety of technologies, programming languages, and datastores. After its initial run, we saw benefits in keeping the project alive. It turned out to be quite useful, both as a testbed for container and microservice focused tools, as well as reference application for what a Cloud Native system should look like. Over the course of the next few months, we worked to convert this demo application to be production ready.

Quote for the day:

"The minute you settle for less than you deserve, you get even less than you settled for." -- Maureen Dowd

Daily Tech Digest - May 27, 2017

Who owns the data from the IoT?

It turns out that data by itself is not protectable under the American intellectual property regime; however, data title rights are similar to the rights afforded by a copyright. Data title includes a bundle of usage rights that allow the titleholder to copy, distribute and create derivative works. Data within a database is like the words and images that compose a copyrighted book. The usage rights and title to the book are separable. The author of the novel retains title to the words and pictures that comprise the novel. The author also owns the ability to authorize a publisher to publish books and distribute them. However, he or she does not control each reader's usage rights of the content once they are accessed by readers. Similarly, an entity that holds title to data or a database holds the associated data ownership rights. If the data set is copied and transmitted elsewhere, the author relinquishes the usage rights.

Russian researchers develop 'quantum-safe' blockchain

Current solutions are not entirely secure as they will eventually be broken as hacking algorithms advance. For example, post-quantum cryptography organizes digital signatures in a unique way that makes it more complex to hack them. However, they are still vulnerable to the development of new algorithms and it is only a matter of time until someone creates a way to hack them. The quantum-safe blockchain developed by the Russian Quantum Center secures the blockchain by combining quantum key distribution (QKD) with post-quantum cryptography so that it is essentially un-hackable. The technology creates special blocks which are signed by quantum keys rather than the traditional digital signatures. These quantum keys are generated by a QKD network, which guarantees the privacy of the key using the laws of physics.

5 lessons from IoT leaders creating sustainable, smart cities

Infrastructure, Acosta said, "is what cities do. Cities need to start with their infrastructure to make sure they're ready to create alternative energy paths." The role of city officials, she said, is "making sure that their communities are prepared for this crazy scary new world we are entering. You have to create safe ways for them to be actually be able to engage. Not only by saving money, but we have to create a world where they are 'prosumers' not just consumers. If we can create a world where energy is created by an individual and sold on the market, which we're doing in California by creating the CCA's [Community Choice Aggregation], which are competitors to our incumbent utilities, we believe we can accelerate that world." Jain said there are three essential components to the infrastructure of a city that can survive throughout the centuries, and that is having the ability to provide emergency services, essential services and entertainment.

Fintech's decentralized nature challenges regulators as industry transforms banking

Banks' responses to fintech have not been uniform, however, in terms of how much investment they were willing to make and the level of integration they want between the new digital activities and their traditional operations. Some banks have adopted a "low integration" strategy, that is, an arms-length approach where they rely on contracting with fintech companies or investing in them. Others have taken a bolder "high integration" approach through partnership arrangements –- such as the small-business lending deal between JPMorgan Chase and OnDeck -- and integrating new technologies into their loan-application and decision-making processes. Less common among banks are those that choose to develop their own systems. This typically involves a more significant investment to automate underwriting processes, synchronize bank proprietary account data with new algorithms, and create a more customer-friendly design.

Machine Learning Techniques for Predictive Maintenance

Predictive maintenance avoids both the extremes and maximizes the use of its resources. Predictive maintenance will detect the anomalies and failure patterns and provide early warnings. These warnings can enable efficient maintenance of those components. In this article we will explore how we can build a machine learning model to do predictive maintenance. The next section discusses machine learning techniques, while the following discusses a NASA data set that we will use as an example. Sections four and five discuss how to train the machine learning model. The Section “Running the Model with WSO2 CEP” covers how to use the model with real world data streams. To do predictive maintenance, first we add sensors to the system that will monitor and collect data about its operations. Data for predictive maintenance is time series data.

The Importance of Project Closeout and Review in Project Management.

The most direct reason that Project Closeout phase is neglected is lack of resources, time and budget. Even though most of project-based organizations have a review process formally planned, most of the times “given the pressure of work, project team member found themselves being assigned to new projects as soon as a current project is completed” (Newell, 2004). Moreover, the senior management often considers the cost of project closeout unnecessary. Sowards (2005) implies this added cost as an effort “in planning, holding and documenting effective post project reviews”. He draws a parallel between reviews and investments because both require a start-up expenditure but they can also pay dividends in the future. Human nature avoids accountability for serious defects. Therefore, members of project teams and especially the project manager who has the overall responsibility, will unsurprisingly avoid such a critique of their work if they can.

Why we need to create AI that thinks in ways that we can’t even imagine

Humans have no real definition of our own intelligence, in part because we didn’t need one. But one thing we’ve learned is that, even with the most powerful minds, one mind cannot do all mindful things perfectly well. A particular species of mind will be better in certain dimensions, but at a cost of lesser abilities in other dimensions. In the same way, the smartness that guides a self-driving truck will be a different species than the one that evaluates mortgages. The superbrain that predicts the weather accurately will be in a completely different kingdom of mind from the intelligence woven into your clothes. In my list I include only those kinds of minds that we might consider superior to us, and I’ve omitted the thousands of species of mild machine smartness, like the brains in a calculator, that will cognify the bulk of the Internet of Things.

A Data Engineer's Guide To Non-Traditional Data Storages

For data engineers, the most important aspects of data storages are how they index, shard, and aggregate data. To compare these technologies, we’ll examine how they index, shard, and aggregate data. Each data indexing strategy improves certain queries while hindering others. Knowing which queries are used most often can influence which data store to adopt. Sharding, a methodology by which databases divide its data into chunks, determines how the infrastructure will grow as more data is ingested. Choosing one that matches our growth plan and budget is critical. Finally, these technologies each aggregate its data very differently. When we are dealing with gigabytes and terabytes of data, the wrong aggregation strategy can limit the types and performances of reports we can generate. As data engineers, we must consider all three aspects when evaluating different data storages.

Descriptive Statistics Key Terms, Explained

Statistics, though a central set of tools for data science, are often overlooked in favor of more solidly technical skills like programming. Even machine learning learning algorithms, with their reliance on mathematical concepts such as algebra and calculus -- not to mention statistics! -- are often treated at a higher level than is required to appreciate the underlying math, leading, perhaps, to "data scientists" who lack a fundamental understanding of one of the key aspects of their profession. This post won't resolve the discrepancy between knowing and not knowing the absolute basics of statistics. However, if you are unable to fully understand the basic descriptive statistics terminology included herein, you are definitely lacking foundational knowledge that is needed to build a whole series of much more robust and useful professional concepts on top of.

Enterprises Have Extremely High Hopes For Blockchain Technology

Many of the surveyed executives are counting on blockchain to deliver competitive advantage -- along with developing a platform approach to innovation. As the study's authors put it: "Blockchains aren’t just new; they’re likely to radically change how organizations operate, generate revenues and respond to customers, partners and competitors alike. The new business models that result can evolve in unexpected ways." As anyone who has delved into such adventures knows, creating new platform business models is not for the faint of heart. In this survey, six in 10 executives admit they aren’t yet ready to build blockchain platforms that connect customers and partners across an ecosystem. The IBM authors suggest the new modes of disruptive thinking that can help realize the value of blockchain:

Quote for the day:

"Management is about arranging and telling. Leadership is about nurturing and enhancing." -- Tom Peters

Daily Tech Digest - May 26, 2017

How quantum computing increases cybersecurity risks

We already see rapidly increasing numbers of data breaches as more connected devices make more attack surfaces available. As companies and governments work continually to protect against cybersecurity attacks through advances in technology, the advent of quantum computing could create a free for all for cybercriminals. But there is a solution in the form of quantum-safe cryptography. The key will be updating quantum-vulnerable solutions in time, and that means understanding now which systems will be affected by quantum risk and planning a migration to potential quantum-safe security solutions that includes appropriate testing and piloting. The transition can begin with hybrid solutions that allow for agile cryptography implementations designed to augment the classical cryptography we use today.

HTML5: Where The Core Web Technology Is Headed

So will there ever be an HTML6? Jaffe suggests that web payments might justify such a whole-number revision, to provide a consistent way of doing payments on the web. “If we were going to linearly call something HTML6, this might be it.” Although buying through the web is not new, the increased dominance of mobile web usage is causing people to abandon shopping carts because of the complexity—and may require a different approach baked into HTML itself. The W3C has a working group to explore this very issue. W3C also is working on Web Components, a framework to identify reusable website components, and Service Workers, to make it easier to run multiple functions inside a browser, featuring offline capabilities. Maybe they’ll justify a name change to HTML6.

The WannaCry scramble

WannaCry could have been much more devastating than it was — and it was very disruptive, affecting hospitals and other health services in disproportionate numbers — if not for a “kill switch” that the malware author included in the code. There are various schools of thought as to why this kill switch existed, but the consensus is that the author wanted a way to stop the malware from propagating. The method was to register an obscure web domain. As long as the domain didn’t resolve to anything, the malware would continue to propagate and infect vulnerable devices. But a security researcher discovered the kill switch and registered the domain, which stopped the malware. In the end, something like 200,000 devices (that we know of) were impacted.

Ignoring software updates? You’re making one of five basic security mistakes

Forget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won’t be targeted and citizens think much the same (i.e. it won’t happen to me). This complacency is misguided, as everyone is a target and a potential victim. Accordingly, this attitude can often result in poor security habits, with individuals and organizations treating, for example, password and Wi-Fi security not as seriously as they should. This is despite the fact that good cybersecurity can be achieved relatively easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.

The Business Of Apps, Security, And Consumer Expectations

There is a need to implement more automation around application security. This translates to embedding of security capabilities into the application code itself—referred to as Runtime Application Self-Protection (RASP). While a promising area of security technology, RASP solutions are emerging technologies as their effectiveness and impact on application performance are yet to be fully understood. On the other hand, the Web Application Firewall (WAF) remains a purpose-built application security tool. The more advanced WAFs leverage automation capabilities to improve security and streamline operations. WAFs are preferable because they offer automated policy generation, a feature that analyzes the protected application, generates granular protection rules and applies security policies.

New cyberattack rule looms over federal contractors

“We are finding that a lot of companies are not aware of this requirement and face losing their government contracts,” said Tamara Wamsley, a strategist with Fastlane. “This issue could impact the success of many local companies, could result in lost jobs. This is a big deal.” “It’s not just for R&D (research and development firms),” Gillen said. “It’s for janitors, it’s for accountants.” “Anyone who has information classified by the government that needs to be protected,” said Shawn Walker, co-founder and vice president of Miamisburg-based Secure Cyber Defense LLC. Today, the rule affects only Department of Defense contractors. But Gillen said it will “almost certainly” expand to impact every federal contractor and sub-contractors, Gillen said. The rule is essentially a list of 110 requirements with which contractors must comply.

Secure IoT networks, not the devices

To protect IoT deployments, Cisco recommends that customers isolate the devices on network segments. Traditional segmentation using VLANS can become complicated at an IoT-deployment scale though, Cisco says. Cisco’s TrustSec platform that includes network segmentation capabilities. “The logical move is to segment these devices to put them out of attackers’ reach,” Cisco says. “If devices are compromised, organizations can prevent them from being used as pivot points to move through the network, and to activate incident response processes to protect the business.” IoT Threat Defense can detect anomalies in network traffic, block certain traffic and identify infected hosts. Cisco is targeting initial use cases in the medical, power utilities and automated manufacturing industries.

King Chrome: Microsoft's Browsers Sidelined On Its Own OS

IE retains a sizable share -- Smith called it "a significant presence" -- largely because it's still required in most companies. "There are a lot of [enterprise] applications that only work in IE, because [those apps] use plug-ins," Smith said, ticking off examples like Adobe Flash, Java and Microsoft's own Silverlight. "Anything that requires an ActiveX control needs IE." Many businesses have adopted the two-prong strategy that Gartner and others began recommending years ago: Keep a "legacy" browser to handle older sites, services and web apps, but offer another for everything else. That approach lets employees access the old, but does not punish them with a creaky, sub-standard browser for general-purpose surfing. Under such a model, Internet Explorer has played, and continues to play, the legacy role.

How to Build a Better IoT Framework

A starting point is to understand that business and IT leaders must work in new, more collaborative ways to identify where value exists. IT must support the endeavor with an agile, flexible IT infrastructure that, among other things, taps clouds, mobility, APIs, artificial intelligence (AI), real-time connectivity and advanced analytics. Accenture's McNeil says that it's important to identify potential use cases before diving into an initiative. These often revolve around financial impact and cost drivers, but they may also touch on business opportunities and remapping processes, workflows and customer interactions to unlock untapped and previously hidden value. New and different thinking is paramount. "Oftentimes, it's really about experimenting with sensors and data inputs to see what makes sense for the business," McNeil explains.

Are Unit Tests Part of Your Team’s Performance Reviews?

Unit testing achieves several important business objectives: quality improvement, ability to test legacy code, developers stay up-to-date with the latest and greatest methodologies, and yes, good unit testing even increases developer motivation. Writing good unit tests that won't break on every single code change is not difficult and can be achieved easily by following a few simple practices: A unit test should not be dependent on environmental settings, other tests, order of execution or specific order of running. Running the same unit test 1000 times should return the same result. Using global state such as static variables, external data (i.e. registry, database) or environment settings may cause "leaks" between tests. The order of the test run should not affect the test result, and so make sure to properly initialize and clean each global state between test runs or avoid using it completely.

Quote for the day:

"Success. It's got enemies. You can be successful and have enemies or you can be unsuccessful and have friends." -- Dominic, American Gangster

Daily Tech Digest - May 25, 2017

Split Tunnel SMTP Exploit Bypasses Email Security Gateways

The so-called Split Tunnel SMTP Exploit works against pretty much any email encryption device—virtual, hosted or in-house—that accepts inbound SMTP and there's very little anyone can do to stop it, according to the company. Attackers can use the exploit to inject any payload that supports MIME encoding including ransomware, macro viruses and password protected ZIP files. The exploit, says Vikas Singla, CEO of Securolytics, takes advantage of the fact that an email encryption appliance has a publicly accessible IP address and is able to receive and transfer emails. Such devices are typically deployed beyond the enterprise firewall and are often used in conjunction with an email security gateway. Singla says that during an engagement at a healthcare customer site Securolytics discovered an attacker could completely bypass the email security gateway by connecting directly to the encryption appliance.

Big Data versus money laundering: Machine learning, applications and regulation in finance

ML is efficient, but opaque: "It works, and it works well, but we do not exactly understand why or how." Although that has been said on deep learning, it applies more broadly for ML as well, and coming from experts in the field it is not something to be dismissed lightly. This may raise some philosophical questions, mostly having to do with the increasing feeling of being sidelined and not being able to keep up with technology, but there are also some very practical implications. As Mathew notes, whatever anti-MLA approach taken, getting results is not enough. It must also comply with a number of guidelines, ensuring for example there are no discriminations against certain groups of the population. The issue of algorithmic transparency is becoming increasingly understood and widely discussed, and there are many examples in which opaque algorithms embody all sorts of bias.

10 ways to protect your Windows computers against ransomware

With the recent WannaCry ransomware infection affecting users on an international scale, the stakes are extremely high for those who rely on technology to protect their data at all costs. This is especially true of critical systems, such as those that provide life-saving care in hospitals, infrastructure used to manage utilities, and information systems used in government services. .... Consideration must also be given to complying with any regulations that may exist specific to your industry. With that said, safeguards are merely that. The risk associated with malware infections is always present, as risk can't be eliminated. But applying multiple security applications as a layered solution provides comprehensive protection on several fronts to minimize the threat of a potential outbreak in accordance with best practices.

The Importance of Teaching Students About Cyber Security

As for teens and pre-teens, it may be a good idea to show them some real examples of Internet sharing gone wrong. Teens like to share what they are doing, who they are with, what they're wearing and many more aspects of their lives on social media. But they usually don't realize that what they post can be viewed by anyone – their teachers, their principal, their families. Even if their accounts are private, kids talk, and word gets around to the adults. And there are ways for strangers to hack right into their accounts and see those posts they thought were private. Even deleting a post is not as sound as it may seem, because once something goes up on the Internet, there are ways to dig it back up even if it's been deleted. Teens need to know that this can greatly affect their reputation now, and in the long run when it comes to getting into college and applying for jobs.

IT still needs the tried-and-true on-premises data center

As regions such as Africa and Asia focus on new data centers, more established data center regions such as the United States are seeing stagnation in new data center builds and more interest in colocation facilities. Over half of enterprise respondents to IDC's annual survey use colocation services. "At this point, a lot of the nonearly adopters are testing the waters of the colocation market," Quinn said. Among the other half of respondents, there's still a lot of uncertainty around colocation adoption. IT leaders still ask a variety of questions, said Quinn: How do we engage colocation providers? Which workloads should we migrate? And how secure is this going to be? Colocation providers must help customers answer these questions prior to the initial engagement, which can be a bit of a handholding process.

WannaCry Ransomware Cyberattack Raises Legal Issues

The firm can consider what specific steps can be taken to avoid or mitigate potential civil actions, including private rights of action or class actions regarding a cyber incident. Many states allow for a private right of action to be filed in order to recover damages. On cybersecurity matters, there has been substantial activity involving class actions. Engaging experienced counsel early after the cyber incident may help the firm recognize potential litigation, and counsel can recommend steps to anticipate and mitigate costly legal actions. Another important question involves whether and when to contact law enforcement. Federal authorities recommend that law enforcement be contacted when ransomware occurs.[6] The facts of each case must be carefully considered by the firm. Law enforcement will likely want to obtain relevant data about the cyber incident that is properly authenticated under chain of custody protocols.

Here's How Windows 10's Rapid Release Works & Looks

Pilot, Microsoft says, is the state of an upgrade's first four months, when enterprises should install it only in small-sized pilot programs. (Consumers running Windows 10 Home are always fed from the Pilot channel, and so are roped into testing the earliest versions.) After about four months, Microsoft -- in discussion, it claims, with software developers, hardware partners and customers -- declares an upgrade as fit for wider business deployment and thus flags it as Broad. In one example, Microsoft suggested multiple deployment "rings," or groups in an enterprise, with across-the-board upgrades beginning as soon as the Broad release was available. For 1709, that would be about four months after the September 2017 launch, or in January 2018. A second group, recommended Microsoft, would begin the upgrade process two weeks later. Your company might postpone that further or break the business into more than two Broad groups.

Understanding the benefits and threats when building an IoT strategy

By having critical infrastructure components, IoT is a potential target for national and industrial espionage, as well as denial of service and other types of attacks. Another major area of concern is privacy with the personal information that will potentially reside within networks, Big Data and the cloud is also a potential target for cyber attacks. IoT is still a technology in development, and that must me taken in consideration when evaluating its security needs and requirement. Many devices are connected to the Internet and sending data and information to the Cloud, and that will definitely increase. With the advent of contextual data sharing and autonomous machine actions, IoT will become the allocation of a virtual presence to a physical object, and these virtual presences will begin to interact and exchange contextual information.

82% of Databases Left Unencrypted in Public Cloud

The problem isn't in cloud providers failing to secure data centers, but in organizations failing to secure applications, content, systems, networks, and users that use the cloud infrastructure. "That is where people are not aware, or not investing the right resources," he continues. Researchers found of the 82% of databases left unencrypted in the public cloud, 31% were accepting inbound connection requests from the internet. More than half (51%) of network traffic in the public cloud is still on the default web port (port 80) for receiving unencrypted traffic. Nearly all (93%) public cloud resources have no outbound firewall rule, says Badhwar. "You need to have control at the network, configuration, and user layers so it's hard for someone to get in, and harder for them to take your data out," Badhwar emphasizes

Identity management the new 'perimeter' for hospital cybersecurity

“Ten or 12 years ago, we looked at what it would have taken to buy an identity platform, and it would have taken six or seven different commercial software packages to cobble together a sufficient platform,” Houston said. “Had we done that, we would have replaced all of them by today, either because they no longer would be on the market or because they would be out of date.” Houston added that the most important capabilities of an identity management platform, whether proprietary like UPMC’s or purchased from a vendor, include the ability to understand who your users are and ultimately run analytics on their activities.  “We link into our human resources system, our physician credentialing system, we know when people come into our employment, when they change positions, when they leave,” Houston said. “Who they are, where they report to, where they are in the organization, we have a lot of understanding of who these people are.

Quote for the day:

"Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it." -- Edsger W. Dijkstra

Daily Tech Digest - May 24, 2017

Identity, authentication and authorisation becoming risk-led

A risk-led approach means organisations can automatically adjust the number of authentication factors required between one and seven, depending on the context and in line with best practice guidelines. In addition to continuous identity assurance and user authentication their way, RSA is also addressing organisations’ need to secure legacy applications. “By putting SecurID on a unified platform, businesses can access cloud applications and on-premise applications in the same place with the convenience of a single sign-on, but without using [the dangerous approach of] synchronising identities in the cloud,” said Darisi. “We provide a 360-degree view of an individual’s identity through our portal – of the person’s role, location and devices - but we do not merge the identity stores,” he said.

How to fix the broken coding interview

Mimicking the real job of a coder in an interview is enormously difficult, however, particularly when it comes to achieving context. Even in a relatively new codebase it can take months for a programmer to gain sufficient context to be able to contribute at a decent pace. In the past employers have tried to cater for this in their own interview process by having candidates work with a much smaller sample codebase. But companies like Hired have learned even a few hundred lines of code across a handful of files can be overwhelming for a one-hour session. As a result, it is necessary to keep the tasks quite simple, meaning good candidates didn’t have the chance to properly shine. One way to overcome this is taking that same concept of a smaller codebase but sending it to candidates ahead of time.

New Tool Tallies Your Big Data Debt

As the big data era emerged, new technologies were created to support modern data structures and to deliver to the always-connected user," he added. "These newer systems have an important role in building modern applications, however they produce data that is fundamentally incompatible with existing analytical infrastructures including data warehouses, ETL, BI and data science systems like R and Python. As a result, many organizations are collecting significant data debt." Dremio's new Big Data Debt Calculator is intended to help organizations get their arms around this unplanned debt. Dremio says it gives recommendations for minimizing debt, strategies for paying it down and ensuring it remains within acceptable bounds.

How banks can learn the lessons of BlackBerry

With regulation forcing banks to open up their technology to FinTech firms, startups and other financial service providers, consumers are becoming less reliant on providers of traditional financial services. The idea that one institution will manage all financial services for one customer will no longer be the most viable or the expected model. Open banking creates a new relationship between banks and customers. It requires banks to adopt a customer centric and data centric view on how they do business. In this emerging model, data and services become valuable commodities. To extract value, banks must have the appropriate core-technology and infrastructure in place. It requires a good API governance structure that must include: standards, management policies, data access and statistics, and development processes.

Multi-cloud is a messy reality, but there's hope

While each of the clouds is a solid choice for machine learning, for example, Google generally gets the nod as the frontrunner. Many enterprises will turn to Google for machine learning, AWS for Lambda, Microsoft Azure to modernize their legacy applications, and so on. Such cloud differentiation makes the likelihood of multi-cloud management ever harder. As cloud luminary Bernard Golden told me, "While it appears attractive to use a management tool that encapsulates the individual cloud providers and provides a single management framework, since it promises to reduce costs by amortizing training and employee costs across a greater breadth of applications, in practice it typically means using a lowest-common denominator application management approach, which often forfeits use of functionality that resides within a provider's IaaS/PaaS offerings."

In Search of an Rx for Enterprise Security Fatigue

The security fatigue phenomenon affects consumers and enterprises alike. According to the National Institute of Standards and Technology (NIST), security fatigue is also causing consumers to make poor security decisions, such as reusing the same password across all online accounts. But what enterprises can glean from this report is NIST's suggestions to combat security fatigue, including limiting the number of security decisions that users need to make; making it simple for users to choose the right security action; and designing for consistent decision making whenever possible. But up until a few years ago, many enterprise networks in Fortune 500 companies didn't have the ability to identify a compromised network or subnet in a timely manner. Now, the sheer amount of security measures used to detect a network compromise can create this fatigue. Without knowing what to pay attention to, identifying an inside threat is like trying to find a needle in a haystack.

Why Ansible Has Become The Debops Darling For Software Automation

One reason it has gained momentum since being acquired by Red Hat may have been the acquisition itself, according to Paul Delory, a research director at Gartner. "We definitely have seen a bump in interest since the acquisition by Red Hat, because it now has more credibility in the enterprise," he says. Part of the reason for this is that there was a perception in the software development and devops community that Ansible's support offering was not as good as that of Puppet or Chef. But under Red Hat's ownership this support gap has been closed, he says. "Support is important to enterprises, and the quality of support available is of critical importance," he adds. But there's more to Ansible's popularity than the availability of decent support options, vital though those options are to enterprise customers.

The Rise Of Toxic Data

Data growth raced ahead while information security fell behind, and the collateral damage is making headlines. Data breaches like those that happened to Sony, Mossack Fonseca, the U.S. Office of Personnel Management (OPM) and the Democratic National Committee (DNC) are practically daily occurrences. Instead of increasing revenues or furthering goals, stolen files and emails disrupt and subvert plans. If an organization stores valuable data (and most store more than they realize), someone will try to steal it. Your next breach may be perpetrated by someone who has never heard of you; ransomware, a form of file extortion, is now a $1 billion business. Worldwide cybersecurity spending is expected to exceed $1 trillion over the next five years, according to Cybersecurity Ventures. So why do organizations still have so many breaches?

Google raises heat on Microsoft with new Chrome bundle for enterprises

"Every couple of years, Google makes noise about Chrome in the enterprise," said Gary Schare, president of Browsium, a maker of browser management tools. Schare was formerly the head of project management for Microsoft's Internet Explorer (IE). "This looks like Google is trying to make Chrome a better citizen in the enterprise." Schare applauded the group policy templates, noting that because Microsoft's own browsers, IE as well as Windows 10's Edge, have traditionally been the best equipped for enterprise management, any help from Google on Chrome would be welcome. The LSB add-on has long been available from the Chrome Web Store, Google's authorized mart for browser extensions. Once configured by company IT administrators, LSB will automatically open IE11 when links clicked within Chrome lead to websites, web services or web apps requiring, for example, an ActiveX control or Java, neither of which Google's browser supports.

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

Despite what people generally think, there are surprisingly few regulations that force companies to take reasonable steps to protect their data. Even in areas such as healthcare, regulations like the Health Insurance Portability and Accountability Act lack clarity and are insufficiently enforced. In 2016, more than 27.3 million patient records were breached, but despite this, the Office for Civil Rights (the healthcare security and privacy regulator) settled alleged HIPAA violations with only 12 healthcare organizations. Outside of areas like healthcare, finance, government, etc., most federal security enforcement has defaulted to the Federal Trade Commission, which uses an arcane statute of the Federal Trade Commission Act that prohibits unfair or deceptive practices in the marketplace. This means that only the most egregious violations are penalized, leaving implementation of effective cybersecurity to the discretion of most business leaders.

Quote for the day:

“The electric light bulb did not come from the continuous improvement of candles.” -- Oren Hariri