Daily Tech Digest - July 16, 2019

Best tools for single sign-on (SSO)

login credential - user name, password - administrative controls - access control - single sign-on
Interestingly, most SSO products also cost about $8 per user per month but will require more IT manpower to implement. (Ping’s solution offers a lot of bang for the $3 per month price point, however.) Let’s talk a bit about using MFA, because it is an important motivation behind going the SSO route. The idea of using MFA used to be mostly for the ultra-paranoid. Now MFA is the minimum for enterprise security, especially considering the number and increasing sophistication of spear-phishing attacks. Sadly, the deployment of MFA is far from universal: a recent survey from Symantec (Adapting to the New Realities of Cloud Threats) found that two-thirds of the respondents still don’t deploy any MFA tools to protect their cloud infrastructures. Certainly, having SSO can help ease the pain and move toward broader MFA acceptance. Besides MFA, there is another reason to up your authentication game: the need for adaptive or risk-based authentication. This means changing your perspective from issuing your users an “all-day access pass” when they begin work by logging into their laptops.

Trump’s hostile view of Bitcoin and crypto could chill industry

bitcoin behind bars > cryptocurrency ban or restriction
Trump tweeted Facebook Libra's "virtual currency" will have little standing or dependability. "If Facebook and other companies want to become a bank, they must seek a new Banking Charter and become subject to all Banking Regulations, just like other Banks, both National," Trump wrote. Those comments came one day after he criticized both Facebook and Twitter for what he called bias against his supporters. Like other cryptocurrencies backed by fiat currency, Facebook's digital money would be purchased through a typical financial network and then stored in the Calibra digital wallet application for making purchases via ads on the social media platform. A user could also do the same thing through Facebook's most popular communication platforms: WhatsApp and Messenger. Facebook did not respond to questions by Computerworld about whether the president's comments would affect its plans to issue a cryptocurrency. Avivah Litan, a vice president of research at Gartner, said while it's "very difficult" to analyze Trump's intentions from his tweets, "it sounds to me like he is gearing up to clamp down on cryptocurrency adoption by Americans.

How to deal with cloud complexity

How to deal with cloud complexity
Many popular approaches that deal with architectural complexity tell you to practice architectural discipline so your systems won’t be complex in the first place. The assumption is that you build and migrate cloud systems in short, disconnected sprints with little regard for standard platforms such as storage, compute, security, and governance. Most migrations and net-new developments are done in silos without considering architectural commonality that would drive less complexity. More complexity becomes inevitable. Although many are surprised when they experience complexity, it’s not always bad. In most cases, we see excessive heterogeneity because those who pick different cloud services make best of breed a high priority. Complexity is the natural result. A good rule of thumb is to look at cloud operations or cloudops. If you’re staying on budget, and there are few or no outages and no breaches, then it’s likely that your complexity is under control. Revisit these metrics every quarter or so. If all continues to be well, you’re fine. You are one of the lucky few who deal with a less complex cloud implementation—for now.

Single Sign-Ons To Accelerate Growth Of Digital Identity: Study

Single sign-ons to accelerate growth of digital identity: Study - CIO&Leader
Wide varieties of countries have recently planned, or are planning, to bring digital identity to many citizens. It will have an effect on the kinds of digital identity security available to consumers, as many of these initiatives are intended to bring identity verification to those who have never had official identification before. That being the case, these schemes need to be accessible to those with low levels of digital access, and are likely to be SIM-based, rather than relying on an online presence as such. These initiatives will also be more likely to have a physical card than other forms of digital identity. This impacts a range of use cases and allows a more consistent application of identity verification than in the case of identities that do not connect to a physical asset. This is frequently because the core documentation on which the foundation of the identity is built contains a photograph as the core verification method. Other methods (such as fingerprint sensors) require additional infrastructure and do not eliminate the chance of presenting false data at the point of on-boarding.

How Suse is taking open source deeper into the enterprise

What a company like Suse is doing is to help enterprises such as banks, healthcare providers and retail companies match what they’re trying to do with what’s available in the open source world. We select the projects and make sure they can work together with enterprise IT infrastructure, and are stable, secure and supported over time. We’ve started doing that with Linux, OpenStack, Cloud Foundry and Kubernetes. Now, you mentioned Asia. The challenges I mentioned are common to everybody, but what we see in Asia, like in Europe, is that Asia is not a single, homogeneous market. Different countries are in different stages of adopting open source. I spend quite a lot of time in Japan, China, Hong Kong, Singapore, all of which are very different markets. Typically in Japan, enterprises are more conservative so we have a lot of customers like banks that are running Linux on mainframes. Singapore is more innovative, so we see OpenStack being used by the public sector and manufacturing companies.

Understanding the role of governance in data lakes and warehouses

Having data well organized and consistently aggregated allows for the creation of performance and operational metrics – reporting that drives business and allows leaders to make informed decisions. Inclusion of both historical and current information organized in a consistent manner within the data warehouse increases the quality of the viewed data, thus increasing decision-making quality. ... Although they are different, the key to successful data lakes and data warehouses with useful, quality data, is the same – governance. Data governance allows for the understanding of not only what is stored where and its source, but the relative quality of the data and being able to ascertain it consistently. Aside from clarity and structure, governance also allows control. With such control, the organization knows how the data is being used and whether or not it’s meeting its intended purpose. Say the data has been manipulated to meet a set of determined requirements, without data governance, someone else could come along and pull the data – not knowing it had been previously employed – thus resulting in an inaccurate data analysis.

Cybersecurity: Is your boss leaving your organisation vulnerable to hackers?

CEOs and other senior board-level executives are exposing their organisations to cyberattacks and hackers because of a lack of awareness around cybersecurity, a new study has warned. Research by cybersecurity company RedSeal surveyed hundreds of senior IT and security professionals and found that many of these personnel believe there's a disconnect between the CEO and the information security team, which could be putting organisations at risk. ... "CEOs have wide access to their organisation's network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets," he added. However, despite some having fears around security at the very top of the organisation, on the whole, businesses appear to be taking cybersecurity seriously. Two thirds of businesses say their cyber-incident response plan is well defined and well tested – either via real breaches, or simulation tests. Three quarters of firms also report they have cyber insurance, suggesting there's an awareness around preparing for the aftermath of an incident, should one occur.

To pay or not pay a hacker’s ransomware demand? It comes down to cyber hygiene

CSO  >  ransomware / security threat
According to the FBI and most cybersecurity experts, no one should ever pay ransomware attackers. Giving in to the attackers’ demands only rewards them for their malicious deeds and breeds more attacks, they say. “The FBI encourages victims to not pay a hacker’s extortion demands,” the FBI says in an email to CSO. “The payment of extortion demands encourages continued criminal activity, leads to other victimizations, and can be used to facilitate additional serious crimes.” Jim Trainor, who formerly led the Cyber Division at FBI Headquarters and is now a senior vice president in the Cyber Solutions Group at risk management and insurance brokerage firm Aon, agrees. Trainor, who spent a fair amount of time dealing with ransomware attacks while he was in the Bureau, said his position has not changed. “I would recommend that people not pay the ransom. It’s extremely problematic,” he tells CSO. He conceded that making the determination to pay or not pay the attackers is ultimately a business decision, one that almost always hinges on whether the victim has access to adequate backups.

Government must ‘stop choosing ignorance’ around data

“The National Data Strategy must go beyond public services. Government’s role is broader than the delivery of public services; it can help shape how data is used across the whole of society through interventions such as research funding, procurement rules, regulatory activities and legislation,” the letter stated. “The strategy must recognise this and describe how government will make data work for everyone in the UK,” it added. However, the strategy “must deliver transformative, rather than incremental, change”, the letter stated, adding that the national data plan must be a long-term endeavour for government, with a vision for at least the next decade along with practical steps to turn any future vision into reality. Such ambitions may be unfulfilled if there is a lack of sustained strategic leadership on data, the letter warned. This is an issue that had been previously outlined in a recent report by the National Audit Office (NAO). Echoing the NAO’s concerns, the organisations stated the government must “get leadership from the very top if it is to get a grip on data”.

How digital and marketing executives are taking charge of digital transformation

Brahin says the key to success has been the marketing team's hybrid approach to digital transformation at UBS. Content is at the heart of this approach, where a centralised marketing organisation is helping line-of-business functions to transform the online experiences of clients. "Everything that concerns content delivery into the website and marketing channels is through a single approach, while business units still have control of their products and services. We partner with them to deliver marketing content into their service areas," she says. "It's an approach that has allowed us to create a solid foundation with a powerful content-delivery hub, where we can pump content to individual areas from a single hub. That's worked pretty well for us." The firm has analysed website analytics and used this insight to help deliver "modern, mobile experiences". McBain says the focus recently has been around optimisation and extending its content across new channels, including a recently launched website for the main brand.

Quote for the day:

"Strategy is not really a solo sport, even if you're the CEO." -- Max McKeown

No comments:

Post a Comment