Daily Tech Digest - August 18, 2018

Cloud ERP isn’t a handshake deal – it’s a value extraction challenge

Chained business handshake © Andrey Popov - Fotolia.com
“Modern ERP” has the potential to change that, but I believe customers, partners, and vendors must go all-out to get there – long after go-live is over, and the handshakes and smiles are in the rearview. Virtually all the cloud ERP use cases I’ve conducted are small to midmarket. That doesn’t mean these benefits can’t extend to large enterprise, but we should acknowledge that the problem of cleansing and integrating data to achieve a single source of the truth is much tougher as companies get bigger. As for the obvious/looming question: “Can you do this with on-premise ERP?” Yes, I believe you can. “Cloud” in this case is really just a placeholder for something wonky, like: “standardized and easily upgradeable ERP systems on a platform you can easily extend and integrate via open standards.” In other words, “modern” is more about data accessibility and, yes, scalability than where the software lives. However, custom coding the heck out of on-premise systems looms as a catastrophic temptation.


Office 365 outage: Sign-in issues blight users across Europe and the US


Pete Banham, cyber resilience expert at Microsoft-focused email management company Mimecast, said enterprises need to ensure resilience is built into their Office 365 deployments to ensure their businesses can keep operating during downtime incidents. “IT teams and frustrated users struggled to remain productive [on Thursday] as they were unable to log in and use Office 365 services,” he said. “Due to operational dependency on the Microsoft environment, businesses are putting themselves at risk of being affected by commonplace outages such as this. “Anyone outsourcing a critical communication service like cloud or hosted email must consider a cyber-resilience strategy that assures the ability to recover and continue with business as usual.” Apart from fielding queries about yesterday’s outage, the Microsoft Office 365 Twitter account was also having to respond to questions about a recurring subscription activation issue that Mac users of the software have been encountering for a few weeks.


Women in Tech 2018: What the Statistics Tell Us


PwC recently looked at the role of women in tech in the UK. In STEM fields, women accounted for only 15 percent of employees. More distressingly, there are few signs that this number will rise without extra action, as only 15.8 percent of undergraduates in STEM fields are women. Leadership examples can be key toward encouraging more participation among women, yet only five percent of leadership positions in STEM fields are held by women. In PwC’s report “The Female Millennial — The New Era of Talent,” researchers found that young women want to work with employers with a strong history of inclusion, diversity, and equality. Many women see the low number of women in tech and choose to enter other fields. The PwC reports highlights the problems these disparities create for UK companies. Two-thirds of CEOs in the UK claim to have difficulty hiring people with digital skills, a numbers that significantly exceeds the 43 percent of CEOs who claimed the same in the US and the 24 percent of CEOs in China.


How the Boston Children’s Hospital Is Innovating on Top of an Open Cloud


“The open cloud model is really advantageous for companies to innovate at the infrastructure level, but even to manage it,” says Krieger, who has seen services like those of Boston Children’s Hospital’s radiology programs built on top of it. “There’s a huge cost in running experiments. When you’re a not-for-profit university, it’s even greater, with a huge capital investment to start anything on a cloud at sufficient scale.” Krieger contends that it’s always cheaper for universities — at least in the United States — to purchase their own equipment than to rent servers on the private cloud. But he said that “In the end the success will only come from something like the open cloud, if industry participates in it.” Krieger says only an aggregate of all these universities could inject the necessary capital investment to start out a cloud at sufficient scale to allow for experimentation on top of it. Plus, he says that universities have a long history of standing up large-scale computational infrastructure long before today’s public clouds.


Should Staff Ever Use Personal Devices to Access Patient Data?

Should Staff Ever Use Personal Devices to Access Patient Data?
HIPAA violation or not, is it ever a good idea to allow healthcare employees to use their personal smartphones to access patient records? What about during a crisis situation? "These are really tricky issues," says privacy attorney Kirk Nahra of the law firm Wiley Rein. "You have to think about two paths on these questions - how is this situation [involving employee smartphone access to patient records] handled normally, and what - if anything - can be done differently in an emergency situation? Both questions essentially involve thorough thinking as part of an overall risk assessment process." Companies of all kinds - in healthcare and otherwise - have to figure out how to manage the fact that data can be transmitted to mobile devices, whether personal or employer based, Nahra says. "What a company allows and what it does not allow - and how it 'prevents' what it doesn't allow - is a critical component of any risk assessment today." Companies have to develop a strategy that balances appropriate risks as well as business needs, the attorney adds.


Software Quality Is a Competitive Differentiator

The digital world is creating intriguing challenges related to software quality. These extend beyond the sheer volume of code that’s required to run systems. For instance, UI/UX has emerged front stage center — particularly as apps have proliferated. Maturing technologies, such as augmented reality and virtual reality, have introduced new challenges. The takeaway? It's no longer acceptable to view UI/UX testing as a traditional, commoditized function — a quality experience is paramount. There are other challenges, too. As the IoT matures and grows, there's a need for innovation in testing. The variety and number of edge devices is exploding, and all of this introduces enormous QA challenges. Ensuring that software performs adequately and meets user requirements is critical. The need for service level agreements between service providers and consumers has never been more important. Artificial intelligence changes the testing landscape as well. It can take over some human roles.


The Consumerization of Enterprise Architecture: Everyone’s an Architect!

In the longer term, we are seeing a more profound shift in the role of architecture: positioning enterprise architecture not as a high-level, top-down operating discipline, but as the connective fabric between different types of change. Within the enterprise, this means that everyone will have a role in the development and evolution of the architecture in some way. Essentially, everyone becomes an architect!  Of course that doesn’t mean that every employee should go on a TOGAF course. Rather, you should provide everyone with the instruments that let them see what the options and effects of local or global changes might be and act accordingly. All these changes can then align with the shared enterprise vision and work together in concert, ranging from the result of a local process improvement or the priority of some agile user story to the impact of a merger or the effect of new regulatory requirements on your business model.


What Harry Potter Teaches us about Constant Vigilance and Insider Threats


“Constant vigilance” is sage advice for businesses too. With the threat of malicious insiders, undetected attackers moving around a network and other risks to mitigate, there is no “one-and-done” solution in security. Industry research such as the 2018 Verizon Data Breach Investigations Report (DBIR) helps the collective community keep an eye on trends and glean insights from lessons learned to get ahead of potential vulnerabilities before they become problems. A few key trends identified in the report caught my eye. While the report indicates that 78 percent of people didn’t click on a single phishing link all year (which is promising news), phishing and pretexting remain popular attack methods. Attackers only need one employee to click a link and open the door for the attacker to enter. Once an attacker has stolen credentials, they can manoeuvre within the network, escalating levels of privilege until they have the access they need to wreak the havoc they intend. The report’s emphasis on education—making sure that employees are trained to identify and report social attacks such as phishing—is one important line of defence. Knowing what to look for is half the battle.


Why Your Approach to Cybersecurity Needs to Be Proactive Rather Than Reactive

Why Your Approach to Cybersecurity Needs to Be Proactive Rather Than Reactive
One of the major challenges facing businesses is the increasing sophistication of hackers. Ever-evolving hacking tactics and techniques, as well as more readily available hacking tools, has made it possible for cyber criminals to circumvent traditional defenses such as firewalls and anti-virus software. This leads to a further problem where attacks are becoming harder to detect. In fact, it is common for businesses to be breached without even knowing it. According to the Ponemon Institute, it takes an average of 191 days for a business to detect that it has been hacked. To counteract these problems, it is important to gain visibility of what activity is happening across networks and endpoints in order to be able to detect malicious activity in its infancy before it spreads. You need to assume that your business will be breached at some point and have appropriate monitoring controls and procedures in place to mitigate the risks.


Security architecture for the mobile ad hoc networks

Security in mobile ad hoc networks (MANETs) has been an actively researched topic for the several years. As opposed to wired networks, MANETs have dynamic topology, limited resources, limited bandwidth and are usually deployed in emergency scenarios outside, where landscape plays important role. MANETs are susceptible to insider and outsider attacks and bring new security challenges which were not present in the wired networks. The most important difference is that every node in MANET acts as a router and routes traffic throughout the network. Compromising one node can hugely affect network performance. In this paper, we present our security architecture for MANETs which secures important aspects of the network. We bring trust model into the network and nodes are secured by different mechanisms tailored specifically for the use in distributed environment.



Quote for the day:


"The key to being a good manager is keeping the people who hate me away from those who are still undecided." -- Casey Stengel