Daily Tech Digest - April 13, 2018

What is hybrid cloud really, and what's the best strategy?

cloud computing business services
“Hybrid cloud is a cloud computing environment that uses a mix of private cloud and public cloud services with orchestration between the platforms allowing data and applications to be shared between them,” says Ritu Jyoti, research director on IDC's enterprise storage, server and infrastructure software team. An enterprise might be testing an app on public cloud or private cloud and running actual production on a different cloud, Jyoti says. “Or they’re running backup and recovery on public cloud but actual production on private cloud. Or they’re running the actual production application on a hosted private cloud but moving data on public cloud to run some analytics on top of it. There’s a separation of use case, but it’s essentially for the same workload.”  Some 56 percent of organizations surveyed by IDC use private cloud and public cloud for the same workload today, and another 8 percent say they use one type of cloud for production and another type for testing, development, backup or analytics – which is also considered a hybrid-cloud strategy.



How to mess up your agile transformation in seven easy (mis)steps

How to mess up your agile transformation in seven easy (mis)steps
Agile principles have been one of the key drivers of Silicon Valley’s ability to innovate, learn, and adapt rapidly. Agile started as a set of principles for software development to write and release code iteratively without waiting for months (or years) to release functionality. The term “agile” has now expanded to many facets of solution development with the same underlying principles—develop iteratively, release frequently, focus on the customer, and collaborate through a cross-functional team—always prioritizing test-and-learn methods over detailed planning. Beyond solution development, we are designing and implementing enterprise-wide operating models based on these principles. While many traditional heavyweights have embarked on agile transformations, most have faced real challenges in achieving their desired objectives. Based on our experience across numerous transformations, we see the following as common missteps on an agile journey.


Rely on the DevOps methodology to avoid disaster


First, organizations must help development teams understand how application changes affect both operations and customers. They should begin to see they have a vested interest in the success of the entire process. DevOps is not about ops controlling dev, but about both groups taking a stake in the entire process. This won't be easy, but solid communication from management and incentives based on overall success -- as opposed to development-specific incentives or goals tied to speed -- help all teams focus on the needs of the business and customer. All this sounds ideal on paper, but people don't always buy in, or they quickly revert to old ways. It will be up to management to avoid simply handing down a DevOps mandate and then walking away. The DevOps process must be reinforced at every turn as a positive method for both the company and the people on the ground making it happen. Everyone needs to take ownership. Any DevOps journey will experience peaks and valleys, but, if you stick through failures, the benefits can yield impressive results.


How are Robo-Advisors Changing the Finance Industry?


They aim to make the investment process more straightforward and affordable. Indeed, one of their signature features is that they plug a gap for those who are unable to meet the minimum investment balance threshold for traditional advisors, which tends to be upwards of $200,000 if not more. In contrast, robo-advisors can apply a professional service to a portfolio valued for as little as $5,000 — and often even less. And the associated management fees are also substantially lower. Firms generally charge under 1.0% of assets per year, while some like WiseBanyan don’t even charge an expense ratio. The UK Treasury and Financial Conduct Authority call this gap the “advice gap”. In the words of Treasury Committee member Mark Garnier, “As we move into an increasingly digital age, it is inevitable that the traditional financial advisor will be available in a robotic form. This is not a bad thing as it will make standardised advice available to everyone cheaply.” This explains why robos are proving especially popular among the younger, less affluent and less experienced investment crowd at present.


Take a Business-Centric Approach to IT


While it is true that we do have certain procedures for data and systems we know is critical to the company’s business, I think we tend not to review those as often as we probably should. So, it stands to reason that if you want to view the business’ digital assets in a way that reflects the various levels of criticality, then you should conduct some type of review of these assets to understand the value each hold for the company. In short, this is a Business Impact Analysis. What does it mean to the company when X service or application is unavailable? What does it cost when it is unavailable for an hour, two hours, three hours or more? If those questions cannot be answered, then it starts to become very difficult to truly prioritize during a recovery and more importantly, the frequency of the protection schedule based on those answers. When you embark on this journey, you may quickly find that some of the questions you are about to ask of the business unit manager(s) may be more difficult for them to answer than it is for you to ask. I call this the “Storm before the Calm”, and it was the title of my consulting document I used to train my clients on how to conduct a BIA.


Everything you need to know about Apple's GDPR privacy upgrade

Apple, iOS, macOS, iPhone, privacy, GDPR, AI, data analytics
Effectively this means Apple’s products are private by design, which should open up interesting opportunities for the company in future. These aren’t the only privacy enhancements we can look forward from Apple as it prepares for GDPR rules to become mandatory in May. The company has said it plans to update its Apple ID management page with a way to let users download a copy of all the data they have stored with the company. The company will allow users to download data across individual apps, which means data concerning your music playback choices or which news stories you’ve been reading will be as easy to download as information about the contents of your Contacts or Calendar apps.  That’s the equivalent of the data Facebook allows its users to download about themselves, though Apple’s pre-existing commitment to privacy means we don’t expect too many unpleasant surprises – though I will be paying particular attention to Location data logs when I check my records. Apple also intends making it much easier for its customers to control their data.


How to Create a Meeting-Smart Work Culture

How to Create a Meeting-Smart Work Culture
It's common for companies to have standing meetings for status updates and team bonding, and it's even more common for people to put off inconvenient discussions by suggesting, "Let's schedule a meeting to talk about it next week" or "Why don't we call a meeting to figure out next steps?" While their intentions are noble, their results wreak silent havoc. That $37 billion that's lost each year to U.S. businesses could be spent on furthering their visions. Instead, that money is sunk in meetings that drain team members' energy, lower morale, lead to bad ideas, and waste time -- all of which hurts a business. And the pain is more severe when you consider that 50 percent of high-level managers' time is spent in meetings. That means that your most valuable -- and expensive -- team members are wasting the most time. ... Training your team to treat meetings as time- and money-intensive endeavors will result in better outcomes for everyone. The first step to declaring war is to assess where your business currently stands on meetings. How many of each type of meeting are you having?


New cloud threats as attackers embrace the power of cloud


Data shows a rise in the number of attackers that consume public cloud services to host command-and-control servers for IoT botnets and ransomware. In January, the Spamhaus Project, a nonprofit based in Geneva, released its 2017 Botnet Threat Report. Researchers at Spamhaus Malware Labs identified more than 9,500 botnet command-and-control servers on 1,122 different networks. Botnet controllers, according to Spamhaus' block listings, increased 32% in 2017, and that data does not include controllers hosted on the dark web, where servers can't be identified. "What stands out in 2017 is the dramatic increase of botnet controllers hosted at cloud providers," the researchers stated. Large botnet operators are cloud threats, deploying botnet controllers in public clouds such as Amazon Web Services and Google Cloud Platform (Compute Engine) using fraudulent signups. "While some of the cloud providers managed to deal with the increase of fraudulent signups, others are obviously still struggling with the problem," researchers said.


One in five serverless apps has a critical security vulnerability

One in five serverless apps has a critical security vulnerability
According to the audit of more than 1,000 apps by Israeli security firm PureSec, most vulnerabilities and weaknesses were caused by copying and pasting insecure sample code into real-world projects, poor development practices, and lack of serverless education. This is the kind of bad behavior you really don’t expect to see from professional developers. Additionally, the company found 6 percent of the projects had application secrets, such as API keys or credentials, posted in their publicly accessible code repositories. PureSec looked at apps written in a variety of popular languages — Java, Python, Go, and NodeJS — and found all of them were within a few percentage points, around 20 percent each. The exception was Microsoft’s .Net, where the group found 42.9 percent of serverless apps had some kind of vulnerability. Perhaps not surprisingly, this news comes as PureSec announced a product to secure serverless applications. It has launched a beta version of its PureSec SSRE platform for AWS Lambda, which can defend against application layer attacks 


AI is a great example of a technology that, when applied to cybersecurity, can smartly advance IT efficiency and security, particularly for those enterprises that are constrained by time and resources. There are clear advantages for companies that choose to utilize AI in their cybersecurity efforts, as I discussed in a previous Forbes article. But what we have not fully considered is how this type of technology innovation may introduce new areas of exposure that hackers can use to their advantage. The more we innovate in cybersecurity, the more fuel to the proverbial fire we may be providing to cybercriminals. Consider this: While it may be incredibly easy for a hacker to use social engineering to trick someone into clicking on a link or giving up their login credentials, it is just as easy, if not easier for a hacker to use AI to their advantage. A recent study found that when deploying a phishing scheme against humans, it was not the hacker who had the higher click-through rate but actually the artificial hacker who succeeded more often in converting those malicious click-throughs into successful phishing attacks.



Quote for the day:


"A happy life consists not in the absence, but in the mastery of hardships." -- Helen Keller