Daily Tech Digest - May 13, 2018

Routing Innovations for the Cloud Era

Modern cloud grade routing architectures improve network economics by increasing network utilization and service availability. They offer end-to-end entropy friendly traffic load balancing - from multi-homed service edges to much simpler ECMP friendly SPRING and IP fabric cores. Traffic load balancing across all available paths improves network utilization and simplifies network capacity planning by easy scale out, without requiring traffic re-engineering. Additionally, multi-pathing architectures improve service availability and reduce failure domains since traffic can reroute to alternate path within milliseconds of a failure. Even better, multi-pathing architectures improve capital efficiency and network economics by allowing operators to run their networks ‘hotter,’ without compromising service SLAs. ... Ultimately, the great advantage of cloud grade networking is architectural simplicity that improves service agility and efficiency. With Juniper, deploying IP fabrics, EVPN, SPRING, RIFT and the Northstar Controller complement current network operations and architectures, and provide a graceful network transformation to modern, cloud era architectures.

Where Bank of America uses AI, and where its worries lie

“There's a chance AI models will be biased,” said Caroline Arnold, BofA's head of enterprise technology (which includes HR tech). “You might say, who's going to be successful at this company? An AI engine could find that people who golf are going to be successful at the company. On the other hand, using those same techniques can remove bias if you have the model ignore some of these things that are indicators of different groups but go on to the meat of the profile of the person and understand it in a deeper way.” Arnold believes an AI engine can never be the final say in who gets hired. Mehul Patel, CEO of Hired, a technology company whose software uses AI to match people to jobs, agreed that AI and humans have biases. “The good news about AI is, you can fix the bias,” he said. “We will boost underrepresented groups. The trouble with humans is they can't unwire their bias easily. Human bias far outweighs algorithmic bias. That's because we humans make quick decisions on people that aren't founded on what you're looking for in the job.”

Can blockchain technology live up to the hype? Barclays analysts say no

“It is high time to end the hype. Bitcoin is a slow, energy-inefficient dinosaur that will never be able to process transactions as quickly or inexpensively as an Excel spreadsheet,” wrote Nouriel Roubini, economist and cryptocurrency skeptic, in a recent Project Syndicate column he co-wrote called “The Blockchain Pipe Dream.” Of course, the advocates of blockchain are as ardently optimistic about what the technology can do, comparing blockchain with the early days of the internet. “It’s easy to compare blockchain with the internet due to the surrounding attention and the amount of money being poured into the respective spaces, but this only gives me more confidence that the technology will prevail long term,” said James Tabor, CEO of Media Protocol in an email to MarketWatch. “In the same vein as the internet made the flow of communication seamless and information readily available, blockchains can dismantle the centralized powers that have caused so much pain across all industries,” Tabor said.

Three elements drive interest in regulatory tech

According to a Juniper Research report, spending on regtech will grow by an average of 48% per annum over the next five years, rising from $10.6 billion in 2017 to $76.3 billion in 2022, as banks and financial services firms seek to avoid costly regulatory fines. Brennan Wright, head of marketing at identity verification and compliance company ThisIsMe, says the current staffing component dedicated to regulatory compliance within financial services organisations will fall to 1% to 2% by 2025, as new regtechs are introduced. "Technologies such as risk data aggregation and reporting tools, fraud detection tools and client onboarding systems will continue to empower compliance teams in the short term and will eventually replace many back-office positions; especially those mundane and admin-intensive roles. "The theme of change will favour legal and compliance teams that are technically savvy, have the necessary creative foresight and an ability to leverage the rapid innovation necessary to keep costs down, systems running smoothly and regulation in check," Wright points out.

The Law of Blockchain: Beyond Government Control?

In the case of blockchain, it’s still early days and Blockchain and the Law reflects that. It contains little in the way of case law (blockchain disputes are only now coming before judges), and the authors, Primavera De Filippi and Aaron Wright, spend considerable time explaining just how blockchains work. Namely, they emphasize how blockchain software creates permanent ledgers that are distributed across multiple computers and are mostly beyond the reach of central authorities. The upshot is what the authors call “lex cryptographica” or a system of rules where autonomous, decentralized code — rather than legislators or judges — determine the outcome of given interactions and disputes. This has the potential to bring dramatic changes in fields like corporate and insurance law. For instance, a blockchain can distribute dividends to shareholders according to pre-coded smart contracts. Or, in the event of an earthquake, an insurer’s blockchain can consult a third-party server (known as an “oracle” in blockchain parlance) to obtain seismic information and arrange payouts.

Connect the Dots: IoT Security Risks in an Increasingly Connected World

A woman using a digital tablet to control a smart home system: IoT
For organizations deploying IoT technology, it’s crucial to establish an incident response team to remediate vulnerabilities and disclose data breaches to the public. All devices should be capable of receiving remote updates to minimize the potential for threat actors to exploit outlying weaknesses to steal data. In addition, security leaders must invest in reliable data protection and storage solutions to protect users’ privacy and sensitive enterprise assets. This is especially critical given the increasing need to align with data privacy laws, many of which impose steep fines for noncompliance. Because some regulations afford users the right to demand the erasure of their personal information, this capability must be built into all IoT devices that collect user data. Organizations must also establish policies to define how data is collected, consumed and retained in the IT environment. To ensure the ongoing integrity of IoT deployments, security teams should conduct regular gap analyses to monitor the data generated by connected devices. This analysis should include both flow- and packet-based anomaly detection.

Making The Case For Hybrid Cloud

Enterprises have a complicated relationship with the cloud. Infrastructure-as-a-service (IaaS) offerings from public-cloud providers offer appealing alternatives to acquiring and provisioning on-premises hardware. And line-of-business organizations love being able to subscribe to software-as-a-service (SaaS) offerings that bypass IT altogether. But application development and deployment teams—the people the company charges with leading the digital transformation—have to work harder to gain the benefits cloud computing promises. And clouds add new facets to IT environments already struggling under the weight of too much of a good thing. But now, hybrid clouds—private, on-premises clouds linked to public clouds with data and applications shared among them—promise to take the enterprise’s love affair with cloud computing to a new level. Descriptions of the cloud’s role in enterprise computing vary widely with who’s doing the describing. Public-cloud providers see almost all enterprise workloads moving to, yes, public clouds. To enable that transition, they’ve shored up their offerings with heightened security features. They offer service-level agreements covering availability and performance.

Connecting Enterprise IT Models to Institutional Missions and Goals

There is no doubt that replacing an ERP system requires a significant up-front investment. We needed a way to assess the cost of continuing operations with our existing ERP system against the cost of implementation and support for a replacement. To build these cost and value estimates, we worked closely with many IT teams including application support, infrastructure, data management, and client services to build a return on investment (ROI) model. In addition to licensing and maintenance costs, we looked at ongoing on-premises costs to support infrastructure, backups, and disaster recovery. We included the costs of satellite systems, such as the staff, faculty, and student portal, that we had developed over the years to improve the user experience. Finally, we factored in the cost to rewrite custom-developed modules if we stayed on the existing system. We ended up with a financial model that evaluated the 10-year costs of staying with our current ERP system against costs incurred in the implementation and support of a replacement.

Open Reference Architecture for Security and Privacy Documentation

Privacy is getting more and more important. New technologies make our lives better but put our freedom and privacy under pressure. Terrorist and (cyber) criminals can be more easily detected by analyzing large amounts of data. Also ‘diseases’ can be better cured using more data of more people. Currently great improvements come at a large price: Big data analytics systems are going over your user data and user data traces (e.g. mouse movements in web pages, location data) multiple times a day. Companies know better what you need, think and eat tomorrow than you. Your location is continuously being tracked, due to all the communication devices you use. Using public transport cannot be done anonymously anymore while cars are full of track and tracing technology. When privacy is designed first just as security we should have less concern on security and privacy hacks. Also if more IT designs are open and published under an open license chances of mistakes in architecture and design will be less. Partly due to pressure of openness but also since more experts can contribute to lower security and privacy risks concerned with public or private systems.

The Multiplier Effect of Collaboration for Security Operations

Today, state, local and federal agencies are much better equipped to collaborate and coordinate response with real-time situational awareness and actionable situational intelligence.  We’re experiencing a similar evolution in the world of cybersecurity. For years, we’ve relied on a defense-in-depth approach to security where each team uses different point products from different vendors to protect valuable digital assets and systems. The problem is that these disparate technologies don’t interoperate, and each has its own intelligence, making it extremely difficult for tools and teams to share intelligence, collaborate and coordinate response. When security teams are dispersed all over the world, the challenge is even greater. This is where a threat intelligence platform comes into play. It can serve as the glue to integrate these disparate technologies. Automatically exporting and distributing key intelligence across the many different layers of your defense-in-depth architecture, it offers your different security teams access, as part of their workflow, to the threat intelligence they need to improve security posture and reduce the window of exposure and breach.

Quote for the day:

"You can't save time. You can only spend it, but you can spend it wisely or foolishly." -- Benjamin Hoff