Daily Tech Digest - January 30, 2019

Cisco serves up flexible data-center options
Cisco has now extended ACI with ACI Anywhere to the cloud – specifically Amazon AWS and Microsoft Azure environments. The idea is that customers will have the flexibility to run and control applications anywhere they want across private or public clouds or at the edge and while maintaining consistent network policies across their entire domain. “There is nothing centered about data centers anymore,” said Roland Acra, senior vice president and general manager for Cisco’s Data Center Networking business. “IT teams have been forced to make a hard choice: stay with their on-premises data centers with a rich set of tools of their choice for automation or assurance or security; or move to the cloud, where a different set of capabilities can make consistent compliance a true challenge. ACI Anywhere removes that challenge and places workloads where it makes the most sense regardless of the platform or hypervisor.” ACI Anywhere would, for example, let policies configured through Cisco’s SDN APIC use native APIs offered by a public-cloud provider to orchestrate changes within both the private and public cloud environments, Cisco said.

Unconfigured IoT is a security risk, warns researcher

Many IoT devices work initially in an access point mode, so users can connect to the device using a smartphone to reconfigure it to become a client on the wireless network by entering the network security key, thereby making it much more secure. But businesses and consumers will often elect not to connect appliances to the internet, believing this is safer. ...  “This means that if the device remains unconfigured, it will remain in the default state, making it even more vulnerable than if it were connected to the internet and configured,” said Munro. “Although this opens up another set of vulnerabilities, organisations and consumers are becoming increasingly aware of these vulnerabilities and are therefore more likely to be aware of the risks and how to mitigate them.” But with an unconfigured device, attackers could use a war driving or access mapping attack, which would make it easy to compromise these devices, said Munro, because the attacker could identify a target wireless network using a geolocation site, such as wigle.net, that shows wireless access points in any given location and enables account holders to search its database for unconfigured IoT devices.

Serverless computing’s dark side: less portability for your apps

Serverless computing’s dark side: less portability for your apps
How that serverless development platforms calls into your serverless code can vary, and there is not uniformity between public clouds. Most developers who develop applications on serverless cloud-based systems couple their code tightly to a public cloud provider’s native APIs. That can make it hard, or unviable, to move the code to another platforms. The long and short of this that if you build an application on a cloud-native serverless system, it’s both difficult to move to another cloud provider, or back to on-premises. I don’t mean\ to pick on serverless systems; they are very handy. However, more and more I’m seeing enterprises that demand portability when picking cloud providers and application development and deployment platforms often opt for what’s fastest, cheapest, and easiest. Portability be dammed. Of course, containers are also growing by leaps and bounds, and one of the advantages of containers is portability. However, they take extra work, and they need to be built with a container architecture in mind to be effective.

Success or Burnout? Q&A on How Personal Agility Can Help

Personal Agility is a simple coaching framework; it is based on just six powerful questions, a weekly event for asking the questions, and an “information radiator” to help you understand and act upon the answers. You can do it yourself without needing agreement or permission from anyone else! The key question “What really matters?” provides guidance for deciding how to spend your time. The next question, “What did you accomplish last week?” helps you understand where you are and to feel good about yourself and what you’ve done! The next questions help you to figure out what is (or is not) important to do this week. “What could you do?” looks at possibilities; “Of those things, which are important or urgent?” helps you to identify the essentials; finally, “Which ones do you want to get done this week?” helps you set a course with realistic objectives, so you can make steady progress to achieve bigger goals. Finally “Who can help?” is a classic coaching question that helps you get unstuck.

IT leaders must address integration to support business ecosystem

The survey found that almost half (48%) of organisations want to modernise their IT in order to compete more effectively in today’s digital business landscape. Respondents said modernisation is key to consolidating disparate technologies, automating data transaction processes and gaining visibility into their critical data flows. However, the research found that modernisation is one of the enterprise’s biggest challenges. According to Cleo, while the surveyed IT decision-makers understand the limitations and high maintenance cost of legacy technologies, they also recognise the systems’ importance to day-to-day operations. In Cleo’s experience, a major part of digital transformation is balancing old and new technologies, which means integrating legacy systems with modern applications cost-effectively and without disruption. For this reason, enterprises must simultaneously maintain legacy systems while adopting newer cloud services and software-as-a-service (SaaS) solutions to engage in and support how business is done today, it said.

How to Estimate Software Projects in A Test-Driven Development Environment

A good project manager intentionally limits the amount of information available to participants for discussion. The less information is provided, the lower the chance of an error. If we look back at the above description, what’s in it for us in it? First, it helps us define the user. In our case, it’s a registered user who has previously placed an order on the website. Second, the required functionality should have time and data limitations. Third and very importantly, the action that the user performs is atomic. Sequences or non-linear sequences of actions indicated in the description of the functionality are the roads straight to hell. And for all the participants involved, not just for the customer! Subjectively speaking, the ideal user stories imply that the user needs a minute or less to become aware of how to perform this or that action. In this case, by “aware” we mean that a user has already performed the same or very similar action in a different application.

Japan's IoT Security Strategy: Break Into Devices

Japan's IoT Security Strategy: Break Into Devices
Identifying potentially vulnerable IoT devices that face the internet can be accomplished using search engines such as Shodan, which allow for search queries based on certain parameters. Once a device has been found, taking it to the next level - attempting to log into the device - is generally a criminal offense in most countries. That presumably is the case in Japan as well and the reason why the law had to be modified to make it legal for the survey (see: Could a Defensive Hack Fix the Internet of Things?). With the law changed and permission to proceed, it should be easier to identify vulnerable devices. The larger problem is trying to resolve the vulnerabilities. Fixing vulnerabilities that lead to large botnets has been vexing. A decade ago, attackers commandeered large networks of desktop computers via browser and operating system vulnerabilities. Law enforcement agencies and private companies found success in shutting down the command-and-control servers for those botnets. But it left the problem of cleaning up infected devices, which usually involved the owners of those devices installing security patches.

CEOs and software

Neither software leaders nor CIOs can catapult their software organizations into the digital era without the right CEO support. CEO actions, or lack thereof, can stymie progress toward the software capability that digital business demands. Why? Software success depends on factors that only CEOs control. CEO control starts with funding for software initiatives — buy, build, and everything in between, plus modernization of outdated software. We track software leaders’ views on the top 10 barriers to improved software delivery (see Figure 1), with the barriers owned by CEOs highlighted in red. ... Software Delivery Speed Is Stuck“Things are moving so fast in our market,” said the CEO of a professional services firm. “I live in terror of being left behind.” Speed of software delivery is a leading indicator of health and vitality in a software-delivery organization and a signal that a software team’s digital transformation is underway. During the past five years, developers have made almost no progress in their ability to deliver software quickly

How traffic scrubbing can guard against DDoS attacks

A growing number of enterprises are investing in DDoS solutions, especially cloud-based DDoS mitigation services, with a shift away from a service-provider-centric market. A DDoS attack is one of the most complex threats that businesses can face. The goal of the individual hacker, organised criminals or state actors is to overwhelm a company’s network, website or network component, such as a router. To begin with, organisations have to determine whether a spike in traffic is legitimate or is an attack. “Without a solid understanding of baselines and historic traffic trends, organisations are unlikely to detect an attack until it is too late,” said Sherrel Roche, senior market analyst at IDC’s Asia-Pacific business and IT services research group. Landbank, the largest government-owned bank in the Philippines, has taken the step of implementing F5’s BIG-IP local traffic manager to understand its application traffic and performance better, as well as to gain full visibility into customer data as it enters and leaves an application. This enables the security team to inspect, manage and report fraudulent transactions as soon they are spotted.

DevOps Adoption Practices

Many organizations start with an environment that is full of variables: different processes, different environments, different tools, and several permutations of configurations and data. All this makes automation hard and reduces your ability to learn as each variable could be the cause of the problem. The first step is to look at all those variables and see what you can remove. Can you align the patch levels across environments? Can you deploy the same version of the application across environments? Some variables can only be removed later on, but understanding what all the variable pieces are and doing a clean-up first will make later efforts easier. ... Someone once told me: "You cannot automate what you cannot document." After all, automation is a form of documentation of a process. What is even more important is that automating a bad process just creates more problems. I also think that writing down a solution forces you to think it through in a way that verbal communication or just starting to write code does not.

Quote for the day:

"A leadership disposition guides you to take the path of most resistance and turn it into the path of least resistance." -- Dov Seidman

No comments:

Post a Comment