Daily Tech Digest - September 21, 2018

FinTech abstract / virtual world of dollars, pounds, euros, bitcoins, etc.
The EU’s revised Payment Services Directive (PSD2) includes Regulatory Technical Standards on strong customer authentication and secure communication. These are key to achieving PSD2’s objective of enhancing consumer protection, promoting innovation, and improving the security of payment services across the European Union. Fintechs, banks, and other financial services firms have spent considerable time, effort, and resources in preparing to comply with the strong customer authentication and secure communication requirements, which go into effect on September 14, 2019.  These requirements, coupled with the modernization of the U.S. financial system through open banking, will enable fintechs, banks, and other financial services firms doing business in the U.S. to leverage some of the processes and technologies being deployed in Europe. This will expedite the Treasury’s vision.  Echoing the aforementioned associations, it is imperative that consumers’ personally identifiable information, including financial data, be protected. Of course, saying it is one thing; implementing it is another.

Employers turn to wearable technology to help staff manage work-life balance

Cozens believes technology could play a major role in helping staff keep a work-life balance. “Potentially, it could be used to support different learning styles and to track and encourage positive behaviours. This could provide datastreams we can learn from, too,” she says. Fieldfisher is contacted “all the time” by providers wanting to demonstrate well-being apps and wearable devices, and is keeping a close eye on developments. The firm has started with a learning and development programme, called I-Plus, to address the health and well-being of everyone across the firm. “We want our people to embrace the ‘oxygen-mask principle’,” says Cozens. “On a flight, you are always reminded that if the cabin pressure falls, oxygen masks will be provided, and you should attend to your own needs first and then help others.”

DevOps security takes on the dark side of digital transformation

Regulated businesses often cite auditors as the main reason for the gatekeeper approach to production application deployments, because they often don't understand DevOps and the changes IT pros want to make. However, legislators, policymakers, and the regulatory and risk management industries are increasingly aware of the market disruption risk tied to IT security, and public policy in the last year reflects a better grasp of cybersecurity. The European Union's General Data Protection Regulation, for example, specifies a goal to ensure customer digital privacy, rather than a technical method to attain that goal. In the U.S., the Office of the Comptroller of the Currency has started to regulate fintech companies, even if those companies don't qualify as banks under the OCC's traditional purview. The fintech industry has fought this regulation, but some IT security experts believe government policies will drive DevOps security best practices.

Pentagon CIOs struggle with legacy tech, security. Sound familiar?

aerial view of pentagon government security dv1282020
"Modernization" may be the watch word, but so large an enterprise, and one that is still so rooted in legacy systems, is not a quick ship to turn, Wennergren notes. The continued reliance on aging technology is another symptom of the Pentagon's condition that will likely resonate with CIOs of smaller shops. "DoD, like many other federal agencies and some private sector firms, is still spending the preponderance of its money on maintaining an aging set of legacy infrastructure systems — 80 percent or more — and that is not a recipe for success in the long term," Wennergren says. "These thousands of legacy systems are eating our lunch in terms of money, and we need to look at them and decide what do we want to retire, what do we want to replace, and what might we want to refresh." "You're falling behind," he adds. "Not only does it cost too much to maintain that old stuff, but it also makes it harder to implement new technologies and it creates huge sets of cyber vulnerabilities. So there is a push across DoD to address this IT modernization issue."

Major life insurer says all customers can opt-in to wear health trackers

Image: Fitbit
John Hancock, one of the oldest and largest North American life insurers, will stop underwriting traditional life insurance and instead sell only interactive policies that track fitness and health data through wearable devices and smartphones, the company said on Wednesday. The move by the 156-year-old insurer, owned by Canada's Manulife Financial Corp, marks a major shift for the company, which unveiled its first interactive life insurance policy in 2015. It is now applying the model across all of its life coverage. Interactive life insurance, pioneered by John Hancock's partner the Vitality Group, is already well-established in South Africa and Britain and is becoming more widespread in the United States. Policyholders score premium discounts for hitting exercise targets tracked on wearable devices such as a Fitbit or Apple Watch and get gift cards for retail stores and other perks by logging their workouts and healthy food purchases in an app.

Who’s shopping where? The power of geospatial analytics in omnichannel retail

Unfortunately, retailers often make the wrong decisions about which stores to close, thus inadvertently hurting their business further. They also overlook valuable opportunities to expand their market presence and unlock growth. The main reason is that they’re using outdated metrics: many retailers continue to use a combination of trend analysis and “four-wall economics” to assess store performance—that is, they’re still primarily taking into account the sales and profits that the store generates within its four walls, without considering its impact on other channels. This assessment then affects other decisions, including the store’s payroll, labor coverage, and sometimes inventory selection. However, consumers today shop across channels: they might visit stores to look at products and then eventually buy them online, or they might research a product online and then buy it in a store. In this environment, the traditional four-wall metrics are, at best, incomplete indicators of a store’s potential.

Security priorities are shifting in response to increased cybersecurity complexity

security priorities
The primary driver cited for the elevation of the CISO is the increasing difficulty of protecting enterprise data. Nearly 80 percent of the 413 enterprise security professionals surveyed cited the expanded volume and sophistication of malware as the main reason it is becoming is harder to protect vital information. According to the report, multiple security researchers indicate that 80–90 percent of malware attacks target a single device and 50–60 percent of malicious web domains are active for one hour or less. These trends speak to the rise of targeted attacks designed to penetrate the network of a single organization. Targeted attacks act as small needles in a large haystack, making cybersecurity practices increasingly difficult. The second most frequently cited reason for the increase in cybersecurity difficulty is the increase in the number of company IT initiatives. Digital business projects, cloud and third-party infrastructure, and the IoT make security substantially more challenging.

5 biggest cybersecurity challenges at smaller organizations

In the past, security was thought of as an IT afterthought at many SMBs. Consequently, these organizations purchased security products on an ad-hoc basis with no central strategy, while cybersecurity responsibilities were often delegated to an interested IT employee who was simply told to do his or her best without disrupting the business. Employee training was often either neglected or guided by regulatory compliance requirements and little else. Given that the ESG research reveals that two-thirds of SMBs have experienced at least one security incident over the past two years, it’s high time to abandon this laissez-faire attitude. This means creating a cybersecurity strategy that aligns with the business mission, formalizing processes, investing in skills development, and getting executive management onboard.  Like it or not, strong security has become a required utility — the cost of doing business. If you must do something (such as cybersecurity) to achieve business success, you may as well do it well.

The new developer role centers on open source technology

There are a number of ways developers can use these building blocks -- intelligent edge, massive compute at the core and open source -- to drive the digital era forward. An intelligent edge gives developers the ability to get sensory information and use it to generate interactions that can occur anywhere, at any time, in a very natural way. Along with the sheer computing power in the core of the network, this unlocks a whole set of new applications for developers to tackle. Open source is the special sauce that brings it all together. Gone are the days when open source was thought of as cute, but not quite ready for prime time. The Cloud Native Computing Foundation (CNCF) has done yeoman's work in building a community around and driving open source, cloud-native computing standards. Importantly, CNCF provides corporate users and vendors with forums in which they can make their concerns known. CNCF also helps produce a reliable roadmap for further development.

AI: The view from the Chief Data Science Office

As we've noted, you can't do AI projects without the data science. Not all data science projects require AI. For instance, if a customer segmentation model for a highly stable market, such as home heating oil deliveries, probably doesn't require a lot of machine learning if you have a neighborhood with a stable housing stock and demographics. But if you are trying to stay a step ahead of cyber attacks, machine learning or deep learning models may be necessary because of the constantly morphing threat. Another core assumption with AI is the central role, not only of models, but data. And because AI models are extremely hungry for data, errors in data set selection or data quality can readily snowball. If getting the data right is important for analytics, it's even righter for AI models. So should the impetus for AI start from the top down, or is it more effective for ideas to percolate up from the trenches? Given the makeup of the survey group, it wasn't surprising that in most cases, the inspiration for AI came from the C suite. But that doesn't mean that CEO mandates are the only way to go.

Quote for the day:

"Many have exchanged the touch of God for the applause of men" -- John Paul Warren

Daily Tech Digest - September 20, 2018

Smarter analytics for banks

Smarter analytics for banks
Banks currently concentrate most of their analytics use cases in sales management (for example, next product to buy, digital marketing, and transactional analytics), financial risk management (collections), and nonfinancial risks (cybersecurity and fraud detection). These are logical first choices, but banks also need an analytics road map for the entire organization to ensure transparency and clarity on their aspiration for advanced analytics. Before launching efforts on specific use cases, banks should identify those areas where analytics will do the most to enhance their value propositions, in line with their business strategies. Over time, banks should extend analytics to other functions and set their ambitions for how analytics will help the organization in the years ahead. Across industries, analytics leaders integrate analytics not only into a few crucial business units but also across all operations. This is true for analytics leaders among banks as well: more than half have introduced use cases to three or more functional areas.

The new face of Financial Services

With universal consumer adoption of digital communication, and technologies such as Blockchain removing the need for a trusted intermediary, the role of the financial institution is in flux. An example is Bitcoin, and similar technologies launched in recent years. These new currencies seem to herald the shape of things to come, but their levels of volatility hamper their development as reliable forms of payment or stores of value. The risk is that they are becoming nothing more than instruments of pure speculation. Barely a week goes by without a new crypto currency launching, but most disappear without trace leaving early adopters out of pocket and further tarnishing the perceived reliability of such means of exchange. A lack of transparency into the workings of the system exposes it to fraud and manipulation; and the very decentralisation that gives crypto currencies their advantage over traditional counterparts also signals a disadvantage, which is the anonymity of the counter-party in a transaction.

Credential stuffing attacks cause heartache for the financial sector

Often utilized by botnets, credential stuffing describes the use of stolen or leaked credentials in automatic injection attacks. Automated scripts hammer online services with credentials in the hopes of a password and username or email address being accepted as legitimate -- which, in turn, permits account hijacking and takeovers. One of the core problems in today's consumer and employee security practices is the use of password and email combinations for multiple online services. When a data breach occurs, such as the LinkedIn 2012 security incident in which 112 million credentials were exposed, the story doesn't end there. These credentials may end up online and public or for sale in the Dark Web. Massive data dumps full of stolen credentials can be found in the Web's underbelly, all of which can be added to batch scripts which will automatically attempt to login to services. ... If a financial account is compromised in such a way, this may lead to the theft of funds or stock portfolio tampering. If the account belongs to an employee of the organization, the damage could be deeper, with the compromise of internal banking systems.

Investing wisely in the healthcare IT ecosystem

Investing wisely in the healthcare IT ecosystem
Through technology, healthcare is becoming a different kind of industry, which is not lost on the technology provider market. Healthcare CIOs have much greater choices in technology solutions, but they need to be careful. The vendor community is willing to sell a whole range of tools, but some of these tools are more mature than others. There is likely to be a long shake out and adoption period for these technologies. CIOs in healthcare have to think through how to architect these solutions as a part of their ecosystems as opposed to buying 10-point solutions that solve narrowly defined needs.  The data architecture in a healthcare system is very complex, since data comes into the system from so many places — patients, referring physicians, payers. The future includes wearables, home monitoring and other sensors that are beyond the hospital and physician office. And data comes in so many forms — diagnostic test results can be images, paper, and lab results, structured and unstructured — all of which have to be brought into the record and integrated into a set of processes.

How Non-IT Employees Can Bridge the Security Skills Shortage

How Non-IT Employees Can Bridge the Security Skills Shortage
The security skills shortage can equally apply to dedicated IT professionals and to ordinary, non-IT employees. While the worries about the potentially 3.5 million unfilled cybersecurity jobs by 2021 are certainly pressing, even the most dedicated expert will need to work with other employees. Without some knowledge of cybersecurity best practices, your security team will be fighting an uphill battle. This adds additional stress and responsibilities to their workloads, possibly increasing the burnout rate. Instead, you need to get employees involved in bridging the security skills shortage. Your enterprise can start by building awareness of how their actions can influence your enterprise’s security posture. You can and should provide engaging, work-integrated training programs at regular intervals to instruct your employees on best practices. The security skills shortage is already a struggle. Don’t compound it by keeping your other employees in the dark.

False positive reduction in credit card fraud detection

MIT researchers have employed a new machine-learning technique to substantially reduce false positives in fraud-detecting technologies. Image: Chelsea Turner
The backbone of the model consists of creatively stacked “primitives,” simple functions that take two inputs and give an output. For example, calculating an average of two numbers is one primitive. That can be combined with a primitive that looks at the time stamp of two transactions to get an average time between transactions. Stacking another primitive that calculates the distance between two addresses from those transactions gives an average time between two purchases at two specific locations. Another primitive could determine if the purchase was made on a weekday or weekend, and so on. Veeramachaneni said, “Once we have those primitives, there is no stopping us for stacking them … and you start to see these interesting variables you didn’t think of before. If you dig deep into the algorithm, primitives are the secret sauce.” “One important feature that the model generates, is calculating the distance between those two locations and whether they happened in person or remotely.

Meet the women who are making sure blockchain is inclusive

The way Indilo sees it, it’s similar to the promise of the internet where everyone with access had the chance to be a participant. However, that democratization wasn’t totally realized as areas with limited access prohibited participation and the growth of large tech companies. The data created on the internet is a “huge asset essentially owned by few companies use for their own benefit,” she says. “We don’t even understand why they are doing certain things, and in many cases they hugely undermine privacy.” But blockchain can deliver on that promise. Simply being able to send and receive money in a secure, transparent way has huge implications for both the banked and unbanked populations of the world. And it’s not just about money, Indilo contends. Opu Labs is a skincare web application built on the blockchain. It allows users to scan their faces and get analysis on skin conditions. Not only is this very personal information secure and unable to be tampered with, Indilo points out that people are getting paid to get something valuable.

What’s the Secret to Success as a Data Scientist?

What’s the Secret to Success as a Data Scientist?
In essence, data scientists are tasked with making discoveries out of large quantities of data. They’re explorers who interpret the world around them. “At ease in the digital realm, they are able to bring structure to large quantities of formless data and make analysis possible,” Thomas H. Davenport writes for Harvard Business Review. “They identify rich data sources, join them with other, potentially incomplete data sources, and clean the resulting set. In a competitive landscape where challenges keep changing and data never stop flowing, data scientists help decision makers shift from ad hoc analysis to an ongoing conversation with data.” By 2020, IBM is predicting that demand for data scientists will increase by 28 percent. More than half of these jobs (59 percent) will be in the finance, insurance, professional services, and IT industries. Within two years, there will be an estimated 2.7 million data professional jobs in the United States alone. The average annual pay for advertised data scientist jobs is currently somewhere around $105,000.

Your biggest cyber security threat is inside your organisation

It shouldn’t come as a surprise that staff awareness training can be difficult. That doesn’t mean you can’t put in place an effective training regime; you just need to understand the problems and find a solution. The way you do this will depend on the resources at your disposal. One of the most common solutions, particularly for organisations that are short on time, is to get help from a third party. This takes the hassle out of staff awareness training, freeing you from the worries of creating a course from scratch, making sure it’s delivered in a way that everyone will understand and checking that all the necessary information is included. You can make the process even easier by using our Information Security Staff Awareness E-Learning Course. Because it’s an online course, your employees can study at a time and place that’s convenient for them. All you need to do is send a notification to your employees, and then check that everybody’s completed the course.

Artificial Intelligence, Ratings, and the Small Print

Relying on either the wisdom of crowds or the wisdom of computers, however, might not be enough. Acquisti, who is part of the Carnegie Mellon team, believes that the onus shouldn’t be on consumers to continually track the way their data is used. “We cannot expect, or pretend, individuals to be constantly aware of and engaged with all the myriad of ways tools and services continuously collect and track their information,” he wrote in an email. “The effort needed to consciously manage such unending flows of data would be nearly superhuman.” Instead, because privacy management is a societal issue that requires societal solutions, Acquisti argues that it is necessary to set clear privacy standards that companies can adhere to. “If, as a society, we were to set a goal of handling the issue of privacy better, then a combination of smart regulation and technology would be needed,” he noted. Smart regulation should encourage technologies that allow organizations to collect and use consumer data while doing more to protect privacy.

Quote for the day:

"There comes a time when you have to choose between turning the page and closing the book." -- Unknown

Daily Tech Digest - September 19, 2018

AI and robotics will create almost 60 million more jobs than they destroy

A robotic arm at an industrial manufacturing factory. 
Developments in automation technologies and artificial intelligence could see 75 million jobs displaced, according to the WEF report "The Future of Jobs 2018." However, another 133 million new roles may emerge as companies shake up their division of labor between humans and machines, translating to 58 million net new jobs being created by 2022, it said. At the same time, there would be "significant shifts" in the quality, location and format of new roles, according to the WEF report, which suggested that full-time, permanent employment may potentially fall. Some companies could choose to use temporary workers, freelancers and specialist contractors, while others may automate many of the tasks. New skill sets for employees will be needed as labor between machines and humans continue to evolve, the report pointed out. Machines are expected to perform about 42 percent of all current tasks in the workplace by 2022, compared to only 29 percent now, according to firms surveyed by WEF. Humans are expected to work an average of 58 percent of task hours by 2022, up from the current task hours of 71 percent.

The Digital Boardroom: Industrial Boards Are Looking for More Tech-Savvy Directors

It is not enough to be fluent in Industry 4.0; directors have to be able to connect technology to the business in meaningful and tangible ways that will boost shareholder performance. If they are to be seen as respected contributors to the board, directors need to help educate other directors on the implications of technology and bring the leadership skills and business knowledge to advance the broader board’s understanding of the issues at play for the business. Without this broader business perspective, they may lack the influence with other directors and limit their effectiveness in board-level debates about strategy and capital spending. In addition, having a quantifiable way to measure digital transformation and its connection to financial outcomes will be key to their success. Ideas that were too futuristic ten years ago are now a reality, thanks to digital transformation. For example, who knew cars could drive themselves or drones could deliver packages.

All your Windows 10 devices, managed by Microsoft

The complexity of managing previous versions of Windows has meant that handing over PC management to managed service providers and outsourced IT was rarely economic. Microsoft is betting that its new versions of Windows and Office — as well as its cloud analysis and management tools — make it cost effective to take over desktops at scale, whether that management is done by Microsoft; OEMs such as Dell and HP, which already offer on-demand device replacement; or partners such as Avanade/Accenture and Computacenter. Microsoft has “tens of customers” for MMD in the UK and US, including large, regulated organizations like Lloyds Banking Group as well as SMBs like Seattle Reign. Karagounis says the MMD baseline caters for large regulated companies but “we give the smaller organizations a choice with things they don’t want to light up because they’re too heavy-duty.” The program will expand to Canada, Australia and New Zealand in early 2019 and other geographies later in the year.

This Windows file may be secretly hoarding your passwords and emails

Since the Windows Search Indexer service powers the system-wide Windows Search functionality, this means data from all text-based files found on a computer, such as emails or Office documents, is gathered inside the WaitList.dat file. This doesn't include only metadata, but the actual document's text. "The user doesn't even have to open the file/email, so long as there is a copy of the file on disk, and the file's format is supported by the Microsoft Search Indexer service," Skeggs told ZDNet. "On my PC, and in my many test cases, WaitList.dat contained a text extract of every document or email file on the system, even if the source file had since been deleted," the researcher added. Furthermore, Skeggs says WaitList.dat can be used to recover text from deleted documents. "If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file," he says. This provides crucial forensic evidence for analysts like Skeggs that a file and its content had once existed on a PC.

3 first steps to explore blockchain in the enterprise

Blockchain and digital assets can take a while to fully understand and you really need to be willing to read, listen and experiment. When tackling any complex topic, I begin with reviewing and discussing the topic with credible sources I really trust. We expanded several of our existing collaboration relationships with forward-thinkers, such as the Ideo CoLab and the Institute for the Future, and we joined working groups across industry and academia, with organisations including Harvard University, University College London, the MIT Media Lab and IC3. We paired this outside knowledge with our own analysis. We also conduct user research with Fidelity clients and customers to gain an understanding of their interest and activity in this area, which has helped inform our pilots. ... When we started to explore the possibilities for capital markets, we started with the obvious pain points – specifically, money movement, transactions and payments. This really caught my interest as there was a lot of speculation about the day-to-day usefulness of digital assets.

AI for Crime Prevention and Detection – Current Applications

AI for Crime Prevention and Detection - 5 Current Applications
Companies and cities all over world are experimenting with using artificial intelligence to reduce and prevent crime, and to more quickly respond to crimes in progress. The ideas behind many of these projects is that crimes are relatively predictable; it just requires being able to sort through a massive volume of data to find patterns that are useful to law enforcement. This kind of data analysis was technologically impossible a few decades ago, but the hope is that recent developments in machine learning are up to the task. There is good reason why companies and government are both interested in trying to use AI in this manner. As of 2010, the United States spent over $80 billion a year on incarations at the state, local, and federal levels. Estimates put the United States’ total spending on law enforcement at over $100 billion a year. Law enforcement and prisons make up a substantial percentage of local government budgets. Direct government spending is only a small fraction of how crime economically impacts cities and individuals.

Blockchain And Token Asset “Phenomena” Still Raging

Citing a report from PWC, as relayed by a recent Bloomberg article, the host went on to note that although 86% of the respondents in a 600-firm survey have begun tinkering with blockchain, that 54% of the aforementioned figure claimed that deploying systems based on this nascent technology “wasn’t justified.” Explaining why this is the case, Mcnamara noted that while blockchain is evidently a viable technology, firms are finding it difficult to deploy blockchain-based commercial solutions in a manner that will become profitable over time. The PWC executive then drew attention to the fact that there are still trust issues between firms and decentralized technologies, which ironically enough are arguably the most secure systems out there, so what’s not to trust? Lastly, Mcnamara brought up the perpetually controversial topic of regulation, adding that firms are wary that governments, specifically US’ regulatory bodies, will eventually lash out at this budding industry. ...”

DevOps security takes on the dark side of digital transformation

DevOps security is the only viable approach as digital assets become crucial to the enterprise bottom line, Pullen said. Ideally, IT employees should access enterprise production environments only with developers' version-controlled code, checked in to an automated delivery system -- a setup that limits internal security threats, he said. The DevOps practice of small, iterative changes to modular infrastructure also reduces the attack surface of IT systems for outside threats. However, DevOps proponents are mistaken to emphasize the gatekeeper mentality that relies on human approvals or manual work to deploy production application changes, Pullen said. "Automated changes to production scares IT folks, but version control should be the gatekeeper," he said. "Version-control systems are fully auditable, reproducible and traceable." 

Ajey Gore on Small Teams Making a Big Difference and Effective Outsourcing

There is a fundamental difference in how you look at “outsourcing”. The old school way of looking at this was to outsource for a pure labor arbitrage reason. It was implied cheaper to get work done in India. For us, it’s exactly the opposite. It’s significantly more expensive to set shop in India, but we’re in it for the talent. There is also the added benefit of India being in the top 5 countries with the largest English speaking population. Quality of talent has always been the main focus for us and there is no dearth of the type of talent we’re looking for in India. The quality of talent outweighs the higher price point because we believe in the long run the talent will prove to be more valuable than the savings. In Indonesia, especially with tech-focused companies, I feel the trend of ‘outsourcing to India’ will start to grow slowly as more companies will start to understand the value of experienced and talented developers and their contribution to the long-term goals of a company.

IBM launches tools to detect AI fairness, bias and open sources some code

Strategically, IBM's move makes sense. IBM is hoping to provide Watson AI, but also manage AI and machine learning deployments overall. It's just a matter of time before AI Management becomes an acronym among technology vendors. IBM said it is planning to provide explanations that show how factors were weighted, confidence in recommendations, accuracy, performance, fairness and lineage of AI systems. There is little transparency in the models being sold, inherent bias, or fine print. IBM Research recently proposed an effort to add the equivalent of a UL rating to AI services. IBM said it will also offer services for enterprises looking to better manage AI and avoid black box thinking. Big Blue's research unit recently penned a white paper outlining its take on AI bias and how to prevent it. IBM's Institute for Business Value found that 82 percent of enterprises are considering AI deployments, but 60 percent fear liability issues.

Quote for the day:

"Never stir up litigation. A worse man can scarcely be found than one who does this." -- Abraham Lincoln

Daily Tech Digest - September - 18, 2018

Note to CIOs: It’s time to change the network
The network is something that not enough CIOs pay attention to. It’s often the IT resource that’s last on the priority list with the majority of focus given to applications.  That might have been fine 20 years ago when most applications and data lived on the user’s computers. Also, IT had extremely tight control of the endpoints and applications so user experience was easy to manage. Since then, the world has blown up (at least from an IT perspective) with applications moving to the cloud and being procured by lines of business and workers bringing their own endpoints in. What was once a tightly controlled, end to end ecosystem, is now totally chaotic. Because we live in this highly interconnected world, the network plays an important role in how applications perform, which has a direct result on every businesses top and bottom line. With SD-WANs, there are numerous decisions to be made, such as should broadband be used? If so, where? Should services remain on premises or be moved to the cloud?Should traffic be routed directly to the cloud from a branch or be routed to the company headquarter? Each time an option is provided, it adds to the complexity of deployment.

Break Through Your Learning Blockers

One of the most important leadership skills you can develop is the capacity to objectively diagnose your counterproductive preferences and tendencies — especially the ones that insulate you from the learning that helps you stay relevant. Pay attention to the people you work with and you’ll quickly notice which ones are habitually prone to slow down their learning — or block it altogether. They’re the ones who go through the motions at meetings, failing to find relevant and interesting things to learn and contribute. They remain content with what they already know, avoiding reading or exploring new subjects. ... If you are honest with yourself, you gain a higher perspective, one that allows you to observe your actions and see how they create real patterns (instead of the patterns you wish would exist). To make sure you aren’t hindering your own learning agility with a few bad habits, take an honest look at how these three common blockers may apply to you. Then you can apply the suggestions for pushing past them.

Overhauling the 3 Pillars of Security Operations

Many security operation centers are already at the breaking point with growing backlogs of investigations and reactive triage. An often-quoted statistic is that less than 10% of investigations are completed in a typical security operation. Cloud and modern application transitions multiply the threat surface many times over, generating staggering volumes of data that need to be rapidly assimilated for insights. Further, cross-enterprise collaboration is requiring new models of distributed knowledge transfer because investigation workflows need to be shared across both security and operations. Industry hype suggests artificial intelligence, machine learning, and improved automation will rapidly replace humans in every workflow in the next few years, but the reality is that there will be a long transition in which optimizing human and machine collaboration is essential to scale the defense. Although much can be automated, human context is still essential in many security workflows.

Artificial intelligence: The king of disruptors

AI has been around for decades. The science isn’t new. So why all the hubbub now? The answer is convergence. Computing power is up, while computing costs are down. In the early 1960's, for example, a gigaflop cost approximately $153 billion in today’s money. But now, a gigaflop of computing power costs about 3 cents. Plus, the increasing popularity of GPUs provide affordable, energy-efficient computational speed on top of it. Add to that affordable data storage. Storing a gigabyte of data in the 1960's cost more than $1 billion by today’s standards. Now a gigabyte of storage costs around 2 cents. That’s good news because the advent of the Internet of Things and streaming data means we’re rapidly heading into the land of zettabytes. That massive amount of data can lead to building deep neural networks to train and retrain algorithms, essential for data-hungry AI.  Decades ago, we fantasized about making AI part of everyday life, but we couldn’t afford the technology underpinning it. Now we can. Let the disruption begin.

The Digital Transformation of the Construction Industry

Moving the communication of the design intent to onsite construction has been an issue since the time of the Egyptian Pyramids. For thousands of years, the design intent was communicated in the form of a 2-dimensional document (a sketch in the sand or papyrus, an artist’s sketch on paper, blueprints). Today’s projects use a 3-dimensional tool called BIM, to communicate design intent in a form of data. This allows all stakeholders on a construction project to share and pass along work performed in a disciplined and organized manner, providing fewer mistakes and increasing profits. ... The VR/AR/MR solutions that are being used by the Sub-Contractors in the United States are breathtaking. Mostly being utilized and educated by the Sub-Trade Unions, VR/AR/MR technologies are enabling the fabrication, construction, and delivery of numerous trades work without the use of traditional tools (no blueprints, no measuring tape, no levels) and in most instances, with less workers in up to 40% less time.

Hire the Right Machine Learning Talent

Image: Pixabay
"We end up training people to make more microwaves," Kozyrkov said. "Then when you hire them into your kitchen, they end up wanting to build you a microwave. But there's already warehouses upon warehouses of microwave appliances already there." What you need is someone to innovate with new recipes. What you need is someone to apply the technology that has already been built. What you need is someone who knows how to use machine learning to achieve business outcomes. Google is trying to change this with a new approach, according to Kozyrkov"We have started training our personnel in applied data science and applied machine learning, and we are calling that decision intelligence engineering," she said. "This is about taking all those applied machine learning principles and augmenting them with insights on how to make this useful for this business. It focuses on using data to solve business problems," Kozyrkov said. A very public example of how Google has applied machine learning is in cooling its own data centers.

Will There Be Enough Power With 100 Billion Connected Things?

Now that cyberattacks are not necessarily human bad actors, but machine learning algorithms, it's a necessary knowing glance we must cast to the dark side. Where there is light, there is also dark, and I think it naive of us to only want to discuss the rose colored glasses version of the future. I am a realist. I like to prepare in advance for what can happen, and anyone involved in cybersecurity will tell you that it's never a question of "if" but rather, "when." Wouldn't you like to know what your energy and utilities companies have in-mind to make it much more complicated for a human or artificially intelligent bad actor to hack the grid? You knew I couldn't post a blog post on LinkedIn without talking about Artificial Intelligence, right? Impossible. I'm keen to learn, absorb, and enter into the discussions around our future with AI, machine learning, the Internet of Things, (IoT), and of course, my favorite, e-mobility. As I am typing this I just drove my Tesla Model X from Denver, Colorado to Boston...the infrastructure Tesla has set-up for us here in the United States is unbelievably incredible.

This Chilling Attacks Lets Hackers Steal Data From Almost Any Laptop

As long your laptop is set to go to sleep when you close the lid or after a certain amount of idle time, it's likely vulnerable. Here's how their attack plays out. Instead of sticking the entire laptop into the icebox, F-Secure used a more selective chilling process. The laptop's bottom cover was removed and the system's RAM was rapidly cooled using a can of compressed air. Not simply by blasting it with air, mind you -- by turning it upside down and directing the liquid fluorocarbons inside at the chip. Once the chip has been sufficiently cooled phase two of the attack can begin. A specialized (but fairly common) device allows them to manipulate the system's non-volatile memory. Once the tool does its thing, the attacker instructs the computer to boot to a USB flash drive. Any data that was stored in memory as the computer went to sleep can now be accessed. In this case, the hacker is able to dump a "secret password." After the hacker in the video logs in to the laptop the very same password is shown inside a WordPad document as proof the attack worked.

Why banks didn’t ‘rip and replace’ their mainframes

Why banks didn’t ‘rip and replace’ their mainframes
The hidden costs and iffy returns were what kept the stability-focused financial institutions loyal to the mainframe, which offers something no other server has: immense processing speed coupled with the ability to encrypt data from end to end, making the mainframe the superhero workhorse for finance. The processing speed of the mainframe means it can detect real-time banking irregularities before the hackers realize they’ve been spotted. The mainframe also contains layers of security, depending on the location of the data, to eliminate a data thief from being able to access personal financial information in one cache. All these benefits — encryption and security for data at rest and in transit, processing speed for crunching up to 12 billion worldwide banking transactions per day, processing power to enable analytics of enterprise-wide data, and even eliminating platform-dependent skills to develop modern applications — prove that the mainframe still remains at the hub of our financial industry’s network.

Why Cybercrime Remains Impossible to Eradicate

Cybercrime continues to be cheap and easy, especially when compared to its real-world analogs. "Effectively, criminals are simply swapping conventional crime for cybercrime," University of Surrey computer science professor Alan Woodward told me back in 2016. "Why walk into a bank with a sawed-off shotgun when you can phish for money?" These dynamics haven't changed; the tools at criminals' fingertips have become easier to procure and use. Levashov, for example, admitted to using bulletproof hosting services as part of his attacks. Such services charge a premium for hosting while promising to look the other way, for example, when said services might be used to store exfiltrated personally identifiable information or payment card details from malware victims. ... Part of the problem with stopping cybercrime is that it tends to be transnational. In addition, law enforcement experts say many cybercrime gangs continue to operate from within Russia or its former Soviet satellites, including Ukraine, with which extradition treaties are complicated or nonexistent

Quote for the day:

"Leadership happens at every level of the organization and no one can shirk from this responsibility." -- Jerry Junkins

Daily Tech Digest - September 17, 2018

jbl link 300 passive radiator
Oval shaped and available in black or white, the Link 300 has a wrap-around textured mesh grill masking a front-mounted 0.8 inch tweeter and a 3.5-inch woofer, with a large passive radiator in back that’s crucial to that JBL sound signature. The ever-ready Google Assistant wants users to control almost everything by voice. Still, this speaker’s hard plastic and rubbery-surfaced top offers press-deep (not thermal contact) volume and pause/play buttons, as well as the obligatory microphone mute button to tap if you fear Big Brother is listening. Also note the Bluetooth pairing button and a centered home button. Pressing the latter lets you abbreviate a voice command to eliminate the tedium of saying “Hey Google” before calling out a radio station, artist, or action request for news, weather, jokes, movie times, recipes, light switching, door locking, and hundreds of other commands. Although there are just two far-field microphones fitted on the top of the Link 300, they did a good job of hearing my requests, even from across the room.

Cutting through the blockchain hype

“Now, that is very attractive to smaller firms because they have a chance to come together to beat the bigger companies,” he said. “But not so much for the market leaders, without which the blockchain ecosystem won’t spin up fast enough.” Sprenger also touched on the security of blockchain systems that are deemed secure as far as the immutability of information is concerned. However, he said that notion would not apply to data privacy and access management. Citing AdNovum’s Car Dossier project, which uses blockchain as a technological basis to create trust and drive value within the used and second-hand car industry in Switzerland, Sprenger said details such as the location of a car that had been involved in an accident could be captured on a blockchain. “So you have location information and you know who owns the car at a certain point in time – that’s very sensitive information, at least in Switzerland,” he said.

Cloud complexity management is the next big thing

Cloud complexity management is the next big thing
The growing cloud computing complexity was recently documented by the Wall Street Journal that cites a survey of 46 CIOs by KeyBanc Capital Markets. It found that 32 percent said they plan to use multiple vendors to create internal private cloud systems, while 27 percent planned hybrid cloud arrangements. ... Traditional thinking is that cloud computing will replace hardware and software systems, so things will be simpler. You’ll just have to spend a few days moving workloads and data using processes so easy that the applications and data almost migrate themselves. But it turns out to be a complex migration process with many new choices to make and new technology to use. Where you once had five security systems, you now have 20. Where you had three directories, you now have seven. Why? It turns out you cannot just shut down the old stuff, so the hardware, software, and supporting systems remain. At the same time, you are standing up cloud-based systems that used a whole new set of skills and technology. Thus the complexity.

Smart building and IoT technology are highly fragmented

traffic on a city street at sunset surrounded by binary code / smart cars / smart city
One vendor of automation software for, say, elevators might use a much different data format than the manufacturer of a given building’s HVAC systems, making it difficult to integrate these two critical systems into the same framework. Part of what makes the problem of standardization at the building level so difficult is that most systems currently being used for digital facilities administration were originally designed to perform a wide range of functions. For example, the Green Building XML schema, or gbXML, was created to be a standard format for sharing CAD-based information between different building blueprints, but it’s now in use as a tool for live analysis of energy usage in smart buildings, for example. The centralization of these myriad systems is, nevertheless, underway at the National Institute of Standards and Technology. The “IoT-Enabled Smart City Framework,” or IES-City Framework, that NIST is working on with groups in other countries, is largely a conceptual one at this point, but highlights several potential concrete use cases for more unified standards down the line.

Google remotely alters battery settings on some Android 9 Pie devices

If you are using a beta version of Android, the user license agreement gives Google the right to modify system settings for testing purposes, by way of an update sent "over the air" to your device. However, remotely modifying the system settings of devices running the retail version of Android, without informing the user about what's going on, is a new precedent. Under ordinary circumstances, a user can instruct their Android Pie device to start saving battery juice when it reaches 75 percent capacity. This is supposed to be the highest threshold at which power saving can be enabled. Google's unexpected experiment, however, raised this to 99 percent and turned the feature on without notifying the user. When Android Pie's Battery Saver function gets triggered, several strong measures are enforced to reduce drain: Location Services are disabled if the device is locked, apps no longer refresh with new data in the background, and some notifications won't even show up.

Key steps to ensure data protection amidst the growth of mobile apps

It's likely you already have conventional security measures in place to monitor your organization's network, devices and users. That may or may not extend to mobile users entering your system, and if it doesn't, you'll need to look for mobile solutions specifically. This is where a diagnosis of your mobile framework will come in handy. What kind of policies do you have in place to protect your network and users? Are employees forbidden to download and install applications from third-party mobile app stores, for example? Have you instead decided to issue enterprise-exclusive devices and restrict business-related activities to said platforms only? Additionally, consider what can be done to protect the network from users tapping in. For instance, you might look at separate network access between customers and employees. You might also deploy a joint security monitoring and firewall system that can be used to identify, track and block access to various users based on activity.

Cyber security: A work in progress

Whether it is the lack of skills to deal with increasing threats or the fact that many users still fall for scams and click on malicious links or open suspicious documents, one thing has been constant over the past three years. When asked what the biggest problem is – people, process or technology – the results leave little room for ambiguity as to where the challenge lies, with 82% saying that cyber security is a people problem – consistent with the responses of the previous two years. So, what can we conclude from three years of IISP surveys? The ongoing problem that security teams are trying to solve is clear. New attacks continue to emerge and new vulnerabilities are discovered and patched. Data volumes and technology reliance continue to increase and the burden often falls to a team with roughly the same headcount and budget as the year before.

Europe Catches GDPR Breach Notification Fever

Europe Catches GDPR Breach Notification Fever
After notifying authorities, many organizations that have suffered a data breach will be instructed to notify victims, or else choose to do so on their own. Because consumers are already seeing a sharp rise in breach notifications, some have voiced concern that it could lead to "breach fatigue" and perhaps a sense of helplessness at their lack of power to control the fate of their data. "There is an argument that we risk people suffering data breach notification fatigue," says Honan, who is also a cybersecurity adviser to Europol, the EU's law enforcement intelligence agency. "However, I would argue that people are better off knowing that their data is at risk so they can take appropriate action to protect themselves. We should also be aware that breach notifications serve to provide not just the individuals affected by the breach details of what happened but also should be used by other organizations to learn from. If we are more aware of the root causes of breaches in other organizations, we can use that information to better secure our own systems."

What is multi-access edge computing, and how has it evolved?

edge computing
Multi-access edge computing (MEC) is a network architecture that supports compute and storage capacity at the network edge, rather than in a central data center or cloud location. MEC enables rapid and flexible deployment of new applications, and it offers significantly lower latency -- and better performance -- for local applications and data, compared with centralized data center resources. Prototypical MEC applications require ultrafast response times and high availability, and they derive security benefits from localized data flows. MEC provides the intelligence for taking real-time actions and the ability to perform complex data analytics. Applications suited to MEC capabilities include virtual reality, self-driving cars and business-critical IoT applications, all of which require real-time response. Any application that generates a large amount of data can benefit from MEC, as edge computing can make immediate decisions and only transmit aggregate data to central cloud infrastructure, thus significantly reducing network bandwidth requirements.

Hackers wage a new Cold War

The cyber Cold War isn’t just a matter for military and intelligence personnel to ponder. It can easily affect the life of any business. Personal financial information can be stolen and sold for profit by a crime ring, or used to finance a terrorist attack. A company’s intellectual property can be targeted by an industrial rival, or its systems sabotaged, or its stock price manipulated by a fake Twitter account, or its reputation and business relationships ruined through leaks and hoaxes. Citizens can be disenfranchised by hacked voting systems that render polling places inoperable or change recorded votes. Cities can be imperiled by attacks on the electrical power grid, or on the systems controlling large dams, or even on the connected cars and smart homes that fill their streets and neighborhoods. What can you do about it? In our interconnected world, the lines between espionage, war, and business can be all too blurry. If you run a business, work with sensitive data, or work in cybersecurity, you’re already considered fair game—and so are your customers.

Quote for the day:

"Management is efficiency in climbing the ladder of success; leadership determines whether the ladder is leaning against the right wall." -- Stephen Covey

Daily Tech Digest - September 16, 2018

For a digital transformation to be successful, organizations need to have a digital strategy connected with the organization general strategic objectives. This implies that the transformation process should be pervasive through the whole organization, it is no longer and IT or automatization issue. Implies having new digital products and services, a new and more innovative business model, a more complex channel strategy, an aggressive digital marketing and developing the right capabilities to offer customers a good digital experience. All of this of course needs to be supported by technology capabilities and platforms. This can only be achieved if the whole organizational landscape is described and understood. An ‘architectural landscape’ essentially represents the different components of the business – including business processes and information technology resources – making it possible to modify existing operating models in order to harness new technological trends in an efficient and timely manner.

Leveraging Segmentation to Secure IoT

The biggest challenge facing most organizations is simply identifying and tracking all IoT devices connected to the network. Network Access Control allows organizations to authenticate and classify IoT devices securely. Real-time discovery and classification of devices at the point of access allows IT teams to build risk profiles and automatically assign IoT devices to appropriate device groups, along with associated policies. ... Once the network has identified IoT devices, IT teams then need to establish IoT attack surface controls. Segmenting IoT devices and related communications into policy-based groups and secured network zones allow the network to automatically grant and enforce baseline privileges for specific IoT device profiles. While inventory management tools can track these devices, and behavioral analytics can monitor their behavior, Internal Segmentation Firewalls (ISFW) need to be applied to enable organizations to not only quickly and dynamically establish and control network segments but also inspect applications and other traffic that need to cross segmentation boundaries.

CDOs are a crucial hire for any organisation looking to unlock the value of their data. Companies sit on a mountain of data, including marketing and sales, finance, HR and operations and to store, process, analyse and use this data effectively requires a specific set of skills. They have a broad role, encompassing parts of other c-suite roles. But some companies mistake it with the chief information officer (CIO). However, whereas the CIO deals with the technology, infrastructure and software/data engineering of a company, the CDO should be more commercially minded. As Pete Williams, former analytics head at M&S explains: “The CIO can have responsibility to ingest data. But for a CDO, we are talking about a level of commercial awareness that needs to come from the business.” They look at how data can be used by a business to gain a competitive and commercial edge. CDOs are more important than ever, especially now the General Data Protection Regulation (GDPR) has become a business-as-usual requirement. Indeed, the hefty fine for infringing GDPR has helped to elevate data governance to board-level status.

The Future of Networking Is 5G: Businesses Must Prepare Now

Between now and 2020, a few things must still happen: The industry must complete the entire set of 5G standards. Even though most of the radio standards are defined, we have about another year of work on the core network standards. Expect to see both established service providers and startups, even some large enterprises, roll out localized wireless 5G networks over the next year. They will use slight modifications of the 4G core but take advantage of the current patchwork of 5G radio spectrum. Network trials and proof-of-concept applications will represent the bulk of those efforts. The real 5G core, with full network-slicing capability, will start to show up in large-scale production networks around 2020. Understanding 5G and its implications should be high on your company’s priority list. How will setting up a private 5G network slice improve your company’s critical applications, services and security processes? Could new network services open up revenue-generating opportunities?

The Smart City Trailblazers

The Smart City Trailblazers TechNative
Could smart canals ever become a reality? If so, Amsterdam is likely to lead the charge. As an early investor in smart technology, Amsterdam first hired a chief technology officer back in 2004, at a time before some of the foundational concepts of smart cities had terms we would recognize today. As with many smart cities, Amsterdam has long focused on transportation, and the use of satellite navigation technology and other sensor-derived data has provided a more pedestrian-friendly cityscape. The success of these transportation improvements is clear. The city had to update their traffic information in 2016, as the previous data, gathered in 2011, was already obsolete: In that time, the number of cars dropped by 25 percent, and the number of more efficient scooters rose by 100 percent. Amsterdam’s unified approach toward smart technology better enables it to combine both private and public efforts, leading to a cohesive approach that’s already paying off.

Safe Artificial Intelligence Requires Cultural Intelligence

Building machines that can perform any cognitive task means figuring out how to build AI that can not only learn about things like the biology of tomatoes but also about our highly variable and changing systems of norms about things like what we do with tomatoes. Humans live lives populated by a multitude of norms, from how we eat, dress and speak to how we share information, treat one another and pursue our goals. For AI to be truly powerful will require machines to comprehend that norms can vary tremendously from group to group, making them seem unnecessary, yet it can be critical to follow them in a given community. Tomatoes in fruit salads may seem odd to the Brits for whom Kington was writing, but they are perfectly fine if you are cooking for Koreans or a member of the culinary avant-garde. And while it may seem minor, serving them the wrong way to a particular guest can cause confusion, disgust, even anger. ... Norms concern things not only as apparently minor as what foods to combine but also things that communities consider tremendously consequential: who can marry whom, how children are to be treated, who is entitled to hold power, how businesses make and price their goods and services, when and how criticism can be shared publicly.

Bitcoin Blockchain Technology Implementation In India Not An Easy Task

There will be a complete transformation which will cost a fortune in the complete makeover along with a dedicated time. In addition to this, recruiting blockchain experts and data scientists is definitely much costlier as compared to hiring software developers. The biggest applications of blockchain rely on public frameworks such as Bitcoin and Ethereum. All the parties can make transactions within the same network that is monitored. But the entire process is expensive and needs a lot of investment to keep it under operation. For a government projects or any public blockchain-based applications, the role of cost bearer in terms of network maintenance and the validation of transactions is still not clear. Despite all the issues, there is a significant rise in the number of blockchain developer requirement in the market. It is even alleged that cryptocurrency and blockchain jobs are gradually more appealing to job seekers from more conventional sectors especially in Asia.

Onelink: IoT Smoke Alarm Now Alexa-Enabled

First Alarm Onelink IoT Smart Smoke Detector App Notification Alexa Enabled Night Light Home Office
Onelink Safe & Sound is not your ordinary smoke alarm. It is a smart IoT alarm that could detect smoke and carbon monoxide in your home or office. Powered by First Alert’s technology for smoke and carbon monoxide detection, it has an 85-decibel alarm, and it also sends notifications to your mobile phone if the device detects any smoke or carbon monoxide within the premise. It also has a built-in Alexa voice service which allows you to access all the features found on Amazon Echo. You can use voice commands on Onelink Safe & Sound to play your favorite music, audiobooks, control smart devices, and even have it read the news. Also known as an electrochemical gas sensor is a gas detector that measures the density of a target gas by oxidizing or decreasing the target gas at an electrode and measuring the resulting current. To get your very own Onelink Safe & Sound Smoke and CO alarm, check out their product page on Amazon for easy ordering. The device can currently be bought for $241.53. There are also bundles that tie in Amazon Echo devices, in case you’re looking to buy one.

Building the Pillars of Data Modeling and Enterprise Architecture

Enterprise Architecture
Ruff said, “ER/Studio doesn’t do the Data Governance for you,” but Data Governance can’t be done without an Enterprise Architecture solution like ER/Studio as a foundation, “because if you’re not managing your data at the low level, you can’t manage it at a higher level,” she said. Having a complete model of the data gives business users access to that global vision they need and a thorough understanding of the value of that data. “It’s extremely important that every single thing that an organization does has a data representation and a process representation,” in the model, “because it’s really through the modeling that we are able to improve our business processes, improve our data quality, and everything else,” said Huizenga. ... The consequences of non-compliance can be great, so it’s vital to fully understand how regulations affect business practices. “You will need to verify that the safeguards you have in place are indeed sufficient, rather than just assuming they meet the requirements.” Compliance is an active process and it’s imperative that companies implement the appropriate protections proactively.

Transforming The Transformative: The CMO's Role In Leading Digital Transformation

As a CMO, it’s important to remember that technology alone won’t ensure your company’s DX is a success. When Forrester identified the capabilities most vital to DX success, just four out of the top 10 are technology-based.  To accelerate digital transformation and drive revenue growth, CMOs must develop and redesign organizational capabilities like strategy, culture, change management, digital experiences, innovation management and customer journey mapping. Reshaping your culture to be customer-centric is essential in order to support continuous innovation and drive effective change throughout the organization. Unsurprisingly, data and analytics capabilities are most critical among technologies that drive digital transformation success. Modern marketers are data-driven, and in an age where customer experience is the ultimate factor that can make or break a brand, CMOs often rely on customer datawhen strategizing how to meet and exceed high customer expectations.

Quote for the day:

"Great leaders don't need to act tough. Their confidence and humility serve to underscore their toughness." -- @SimonSinek